most-box 0.2.1 → 0.2.2

package/server/src/http/nodeStatus.js

@@ -1,4 +1,5 @@
 import fs from 'node:fs'
+import os from 'node:os'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 import { DEFAULT_NODE_HOST } from '../node/config.js'
@@ -19,16 +20,49 @@ function readPackageJson() {
   }
 }
 
-export function getNetworkAddresses(appPort) {
-  return {
-    port: appPort,
-    addresses: [
-      { type: 'local', ip: 'localhost', label: '本机', iface: 'loopback' },
-    ],
+function isWildcardHost(host) {
+  return host === '0.0.0.0' || host === '::'
+}
+
+function isLoopbackHost(host) {
+  return ['localhost', '127.0.0.1', '::1', '[::1]'].includes(host)
+}
+
+export function getNetworkAddresses(appPort, appHost = DEFAULT_NODE_HOST) {
+  const addresses = [
+    { type: 'local', ip: 'localhost', label: '本机', iface: 'loopback' },
+  ]
+
+  if (isWildcardHost(appHost)) {
+    for (const [iface, entries = []] of Object.entries(os.networkInterfaces())) {
+      for (const entry of entries) {
+        if (entry.internal) continue
+        addresses.push({
+          type: entry.family === 'IPv6' ? 'ipv6' : 'lan',
+          ip: entry.address,
+          label: iface,
+          iface,
+        })
+      }
+    }
+  } else if (!isLoopbackHost(appHost)) {
+    addresses.push({
+      type: 'listen',
+      ip: appHost,
+      label: '监听地址',
+      iface: 'configured',
+    })
   }
+
+  return { port: appPort, addresses }
 }
 
-export async function buildNodeStatus(engine, configStore, appPort) {
+export async function buildNodeStatus(
+  engine,
+  configStore,
+  appPort,
+  appHost = DEFAULT_NODE_HOST
+) {
   const config = configStore.getNodeConfig()
   const { remoteInvites, ...publicConfig } = config
   const remoteInviteCount = remoteInvites.length
@@ -41,9 +75,9 @@ export async function buildNodeStatus(engine, configStore, appPort) {
     version: PACKAGE_JSON.version,
     uptimeSeconds: Math.floor(process.uptime()),
     nodeId: engine.getNodeId(),
-    host: DEFAULT_NODE_HOST,
+    host: appHost,
     port: appPort,
-    listen: getNetworkAddresses(appPort),
+    listen: getNetworkAddresses(appPort, appHost),
     dataPath: configStore.getDataPath(),
     config: {
       ...publicConfig,
@@ -149,6 +183,16 @@ export function buildOpenApiSpec(appPort) {
           responses: { 200: { description: 'User sync status' } },
         },
       },
+      '/api/user/profile': {
+        get: {
+          summary: 'Read authenticated synced profile metadata',
+          responses: { 200: { description: 'Synced profile' } },
+        },
+        put: {
+          summary: 'Update authenticated synced profile metadata',
+          responses: { 200: { description: 'Synced profile update result' } },
+        },
+      },
       '/api/files': {
         get: {
           summary: 'List published files for the authenticated local user',
@@ -192,6 +236,54 @@ export function buildOpenApiSpec(appPort) {
           responses: { 200: { description: 'File bytes' } },
         },
       },
+      '/api/channels': {
+        get: {
+          summary: 'List authenticated user channels',
+          responses: { 200: { description: 'Channel list' } },
+        },
+        post: {
+          summary: 'Create or join a P2P channel',
+          responses: { 200: { description: 'Channel metadata' } },
+        },
+        delete: {
+          summary: 'Leave a P2P channel',
+          responses: { 200: { description: 'Updated channel list' } },
+        },
+      },
+      '/api/channels/{name}/messages': {
+        get: {
+          summary: 'Read P2P channel messages',
+          responses: { 200: { description: 'Channel messages' } },
+        },
+        post: {
+          summary: 'Send a P2P channel message',
+          responses: { 200: { description: 'Created channel message' } },
+        },
+      },
+      '/api/channels/{name}/members': {
+        get: {
+          summary: 'List P2P channel members',
+          responses: { 200: { description: 'Channel members' } },
+        },
+      },
+      '/api/channels/{name}/peers': {
+        get: {
+          summary: 'List currently connected channel peers',
+          responses: { 200: { description: 'Channel peers' } },
+        },
+      },
+      '/api/channels/{name}/remark': {
+        put: {
+          summary: 'Set an authenticated user channel remark',
+          responses: { 200: { description: 'Updated channel remark' } },
+        },
+      },
+      '/api/channels/{name}/pin': {
+        put: {
+          summary: 'Pin or unpin a channel for the authenticated user',
+          responses: { 200: { description: 'Updated pin state' } },
+        },
+      },
     },
   }
 }

package/server/src/http/routePolicy.js

@@ -21,6 +21,8 @@ export function requiresUserAuth(path) {
     path === '/api/download/check' ||
     path === '/api/download' ||
     path === '/api/download/cancel' ||
+    path === '/api/p2p/pull' ||
+    path === '/api/user/profile' ||
     path === '/api/user/sync/start' ||
     path === '/api/user/sync/status' ||
     path === '/api/trash' ||

package/server/src/http/routes/channelRoutes.js

@@ -0,0 +1,163 @@
+import { normalizeAddress } from '../../utils/auth.js'
+import { badRequestOrAppError } from '../errors.js'
+
+export function registerChannelRoutes(app, { engine }) {
+  app.post('/api/channels', async c => {
+    const body = await c.req.json()
+    if (!body.name || !body.name.trim()) {
+      return c.json({ error: 'name is required' }, 400)
+    }
+    try {
+      const channelOptions = {
+        ownerAddress: c.get('userAddress'),
+        displayName: body.displayName,
+        discover: true,
+      }
+      if (Object.prototype.hasOwnProperty.call(body, 'avatar')) {
+        channelOptions.avatar = body.avatar
+      }
+      const result = await engine.createChannel(
+        body.name.trim(),
+        body.type || 'personal',
+        channelOptions
+      )
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  })
+
+  app.get('/api/channels', c => {
+    return c.json(
+      engine.listChannels({
+        ownerAddress: c.get('userAddress'),
+        type: c.req.query('type'),
+      })
+    )
+  })
+
+  const leaveChannelForRequest = async (c, channelIdentifier) => {
+    const name = String(channelIdentifier || '').trim()
+    if (!name) {
+      return c.json({ error: '频道标识不能为空' }, 400)
+    }
+    try {
+      const result = await engine.leaveChannel(name, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, channels: result })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  }
+
+  app.delete('/api/channels', async c => {
+    const body = await c.req.json().catch(() => ({}))
+    return leaveChannelForRequest(c, body.channelKey || body.name)
+  })
+
+  app.get('/api/channels/:name/messages', async c => {
+    const name = c.req.param('name')
+    const limit = parseInt(c.req.query('limit') || '100', 10)
+    const offset = parseInt(c.req.query('offset') || '0', 10)
+    try {
+      const messages = await engine.getChannelMessages(name, {
+        limit,
+        offset,
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json(messages)
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.get('/api/channels/:name/members', c => {
+    try {
+      return c.json(
+        engine.getChannelMembers(c.req.param('name'), {
+          ownerAddress: c.get('userAddress'),
+        })
+      )
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.post('/api/channels/:name/messages', async c => {
+    const name = c.req.param('name')
+    const body = await c.req.json()
+    if (!body.content || !body.content.trim()) {
+      return c.json({ error: 'content is required' }, 400)
+    }
+    if (!body.author || !body.authorName) {
+      return c.json({ error: 'author and authorName are required' }, 400)
+    }
+    if (!/^0x[a-fA-F0-9]{40}$/.test(body.author)) {
+      return c.json({ error: 'Invalid author format' }, 400)
+    }
+    if (normalizeAddress(body.author) !== c.get('userAddress')) {
+      return c.json({ error: 'message author must match logged-in user' }, 403)
+    }
+    if (body.authorName.length > 50) {
+      return c.json({ error: 'authorName too long' }, 400)
+    }
+    try {
+      const messageOptions = {
+        ownerAddress: c.get('userAddress'),
+        attachment: body.attachment,
+      }
+      if (Object.prototype.hasOwnProperty.call(body, 'avatar')) {
+        messageOptions.avatar = body.avatar
+      }
+      const message = await engine.sendMessage(
+        name,
+        body.content,
+        body.author,
+        body.authorName,
+        messageOptions
+      )
+      return c.json({ success: true, message })
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.get('/api/channels/:name/peers', c => {
+    try {
+      return c.json(
+        engine.getChannelPeers(c.req.param('name'), {
+          ownerAddress: c.get('userAddress'),
+        })
+      )
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.put('/api/channels/:name/remark', async c => {
+    const name = c.req.param('name')
+    const body = await c.req.json()
+    try {
+      const remark = engine.setChannelRemark(name, body.remark, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, remark })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  })
+
+  app.put('/api/channels/:name/pin', async c => {
+    const name = c.req.param('name')
+    const body = await c.req.json()
+    try {
+      const pinned = engine.setChannelPinned(name, Boolean(body.pinned), {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, pinned })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  })
+}

package/server/src/http/routes/fileRoutes.js

@@ -0,0 +1,345 @@
+import fs from 'node:fs'
+import { parseMostLink, validateCidString } from '../../core/cid.js'
+import { sanitizeFilename } from '../../utils/security.js'
+import { badRequestOrAppError, errorJson } from '../errors.js'
+import { validationErrorPayload } from '../routePolicy.js'
+import { parseMultipartBusboy } from '../uploads.js'
+import { getMimeType } from '../staticFiles.js'
+
+export function registerFileRoutes(app, { engine, configStore, wsBroadcast }) {
+  app.get('/api/files', c => {
+    return c.json(
+      engine.listPublishedFiles({ ownerAddress: c.get('userAddress') })
+    )
+  })
+
+  app.post('/api/publish', async c => {
+    const req = c.env.incoming
+    const result = await parseMultipartBusboy(
+      req,
+      configStore.getNodeConfig().maxFileSizeBytes
+    )
+
+    if (!result || !result.filename) {
+      return c.json({ error: 'No file provided' }, 400)
+    }
+
+    try {
+      const publishResult = await engine.publishFile(
+        result.filePath,
+        result.filename,
+        { ownerAddress: c.get('userAddress') }
+      )
+      return c.json({ success: true, ...publishResult })
+    } finally {
+      fs.unlink(result.filePath, () => {})
+    }
+  })
+
+  app.post('/api/download/check', async c => {
+    const body = await c.req.json()
+    if (!body.link) {
+      return c.json({ error: 'link is required' }, 400)
+    }
+
+    const parsed = parseMostLink(body.link)
+    if (parsed.errorCode) {
+      return c.json(
+        validationErrorPayload(parsed.errorCode, parsed.details),
+        400
+      )
+    }
+
+    const localAvailability = await engine.getLocalCidAvailability(body.link, {
+      ownerAddress: c.get('userAddress'),
+    })
+    if (localAvailability) {
+      return c.json({
+        success: true,
+        available: true,
+        cid: parsed.cid,
+        fileName: localAvailability.fileName,
+        size: Number(localAvailability.size) || null,
+        alreadyExists: true,
+      })
+    }
+
+    if (engine.hasDownloadNameConflict(parsed.fileName)) {
+      return c.json(
+        {
+          error: `已有同名文件: ${parsed.fileName}`,
+          code: 'CONFLICT',
+        },
+        409
+      )
+    }
+
+    try {
+      const timeout =
+        body.timeout === undefined ? undefined : Number(body.timeout)
+      const result = await engine.checkDownloadAvailability(body.link, {
+        ownerAddress: c.get('userAddress'),
+        timeout: Number.isFinite(timeout) && timeout > 0 ? timeout : undefined,
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return errorJson(c, err)
+    }
+  })
+
+  app.post('/api/download', async c => {
+    const body = await c.req.json()
+    if (!body.link) {
+      return c.json({ error: 'link is required' }, 400)
+    }
+
+    const taskId = `dl_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`
+
+    const parsed = parseMostLink(body.link)
+    if (parsed.errorCode) {
+      return c.json(
+        validationErrorPayload(parsed.errorCode, parsed.details),
+        400
+      )
+    }
+
+    const localAvailability = await engine.getLocalCidAvailability(body.link, {
+      ownerAddress: c.get('userAddress'),
+    })
+    if (localAvailability) {
+      console.log(`[MostBox] CID content already exists locally: ${parsed.cid}`)
+      try {
+        const result = await engine.downloadFile(body.link, taskId, {
+          ownerAddress: c.get('userAddress'),
+        })
+        return c.json({ success: true, ...result })
+      } catch (err) {
+        return errorJson(c, err)
+      }
+    }
+
+    if (engine.hasDownloadNameConflict(parsed.fileName)) {
+      return c.json(
+        {
+          error: `已有同名文件: ${parsed.fileName}`,
+          code: 'CONFLICT',
+        },
+        409
+      )
+    }
+
+    engine
+      .downloadFile(body.link, taskId, { ownerAddress: c.get('userAddress') })
+      .catch(err => {
+        if (err.message === 'Download cancelled') {
+          wsBroadcast('download:cancelled', { taskId })
+        } else {
+          wsBroadcast('download:error', { taskId, error: err.message })
+        }
+      })
+
+    return c.json({ success: true, taskId })
+  })
+
+  app.post('/api/download/cancel', async c => {
+    const body = await c.req.json()
+    if (!body.taskId) {
+      return c.json({ error: 'taskId is required' }, 400)
+    }
+    engine.cancelDownload(body.taskId)
+    return c.json({ success: true })
+  })
+
+  app.delete('/api/files/:cid', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    const result = await engine.deletePublishedFile(cid, {
+      ownerAddress: c.get('userAddress'),
+    })
+    return c.json(result)
+  })
+
+  app.post('/api/files/:cid/cache', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    try {
+      const body = await c.req.json().catch(() => ({}))
+      const timeout =
+        body.timeout === undefined ? undefined : Number(body.timeout)
+      const result = await engine.cacheFile(cid, {
+        ownerAddress: c.get('userAddress'),
+        timeout: Number.isFinite(timeout) && timeout > 0 ? timeout : undefined,
+        taskId: body.taskId,
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.post('/api/move', async c => {
+    const body = await c.req.json()
+    if (!body.cid || !body.newFileName) {
+      return c.json({ error: 'cid and newFileName are required' }, 400)
+    }
+    const cidValidation = validateCidString(body.cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    const cleanFileName = sanitizeFilename(body.newFileName)
+    if (
+      !cleanFileName ||
+      cleanFileName === 'unnamed' ||
+      body.newFileName.length > 255
+    ) {
+      return c.json({ error: 'Invalid filename' }, 400)
+    }
+    try {
+      const result = engine.moveFile(body.cid, cleanFileName, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+
+  app.get('/api/files/:cid/download', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+
+    const rangeHeader = c.req.header('range')
+
+    try {
+      if (rangeHeader) {
+        const rangeMatch = rangeHeader.match(/bytes=(\d+)-(\d*)/)
+        if (rangeMatch) {
+          const start = parseInt(rangeMatch[1], 10)
+          const end = rangeMatch[2] ? parseInt(rangeMatch[2], 10) : undefined
+          const offset = start
+          const limit = end !== undefined ? end - start + 1 : undefined
+
+          const result = await engine.readFileRaw(cid, {
+            offset,
+            limit,
+            public: true,
+          })
+          const contentType = getMimeType(result.fileName)
+
+          c.header('Content-Type', contentType)
+          c.header('Content-Length', String(result.buffer.length))
+          c.header(
+            'Content-Range',
+            `bytes ${offset}-${offset + result.buffer.length - 1}/${result.totalSize}`
+          )
+          c.header('Accept-Ranges', 'bytes')
+          c.status(206)
+          return c.body(result.buffer)
+        }
+      }
+
+      const result = await engine.readFileRaw(cid, {
+        public: true,
+      })
+      const contentType = getMimeType(result.fileName)
+      c.header('Content-Type', contentType)
+      c.header('Content-Length', String(result.totalSize))
+      c.header('Accept-Ranges', 'bytes')
+      c.header(
+        'Content-Disposition',
+        `inline; filename="${encodeURIComponent(result.fileName)}"`
+      )
+      return c.body(result.buffer)
+    } catch (err) {
+      if (err.message === 'File not found') {
+        return c.json({ error: err.message }, 404)
+      }
+      return c.json({ error: err.message }, 400)
+    }
+  })
+
+  app.get('/api/trash', c => {
+    return c.json(engine.listTrashFiles({ ownerAddress: c.get('userAddress') }))
+  })
+
+  app.post('/api/trash/:cid/restore', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    try {
+      const result = await engine.restoreTrashFile(cid, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, files: result })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  })
+
+  app.delete('/api/trash/:cid', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    const result = await engine.permanentDeleteTrashFile(cid, {
+      ownerAddress: c.get('userAddress'),
+    })
+    return c.json({ success: true, trashFiles: result })
+  })
+
+  app.delete('/api/trash', async c => {
+    const result = await engine.emptyTrash({
+      ownerAddress: c.get('userAddress'),
+    })
+    return c.json({ success: true, trashFiles: result })
+  })
+
+  app.post('/api/files/:cid/star', async c => {
+    const cid = c.req.param('cid')
+    const cidValidation = validateCidString(cid)
+    if (!cidValidation.valid) {
+      return c.json(validationErrorPayload(cidValidation.errorCode), 400)
+    }
+    try {
+      const result = engine.toggleStarred(cid, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return c.json({ error: err.message }, 400)
+    }
+  })
+
+  app.post('/api/folder/rename', async c => {
+    const body = await c.req.json()
+    if (!body.oldPath || !body.newPath) {
+      return c.json({ error: 'oldPath and newPath are required' }, 400)
+    }
+    if (body.oldPath.length > 500 || body.newPath.length > 500) {
+      return c.json({ error: 'Path too long' }, 400)
+    }
+    if (body.oldPath.includes('..') || body.newPath.includes('..')) {
+      return c.json({ error: 'Path traversal not allowed' }, 400)
+    }
+    try {
+      const result = engine.renameFolder(body.oldPath, body.newPath, {
+        ownerAddress: c.get('userAddress'),
+      })
+      return c.json({ success: true, ...result })
+    } catch (err) {
+      return badRequestOrAppError(c, err)
+    }
+  })
+}