nolo-cli 0.1.13 → 0.1.14

package/database/server/delete.ts

@@ -0,0 +1,499 @@
+// 文件: database/server/delete.ts
+
+import serverDb from "./db";
+import { DataType } from "create/types";
+import { deleteMessages } from "chat/messages/deleteMessages";
+import { deleteTable } from "database/table/deleteTable";
+import { isSystemAdmin, nolotusId } from "core/init";
+import { authenticateRequest } from "auth/utils";
+import { invalidatePublicAgentsCache } from "ai/agent/server/fetchPublicAgents";
+import {
+  createFavoriteKey,
+  createFavoriteStatsKey,
+  isAgentKey,
+  shareKey,
+} from "database/keys";
+import { buildTombstoneRecord, isTombstoneRecord } from "database/tombstones";
+import { canDeleteSpaceMemberRecord, parseSpaceMemberKey } from "./spaceMemberAuthority";
+import {
+  bootstrapReplicatedTable,
+  findActiveLiveShareByTable,
+  isLiveTableShareRecord,
+  patchShareMeta,
+  replicateSharedTableMutation,
+} from "../../share/server/tableReplication";
+
+type DeleteRequest = Request & {
+  // 视你的路由库而定，这里假定有 params.id
+  params: {
+    id: string;
+  };
+};
+
+const CORS_HEADERS: Record<string, string> = {
+  "Access-Control-Allow-Origin": "*",
+  "Content-Type": "application/json",
+};
+
+const normalizeOrigin = (value: unknown): string =>
+  typeof value === "string" && value.trim().length > 0
+    ? value.trim().replace(/\/+$/, "")
+    : "";
+
+const getRequestOrigin = (req: Request): string => {
+  try {
+    return normalizeOrigin(new URL(req.url).origin);
+  } catch {
+    return "";
+  }
+};
+
+const getForwardHeaders = (req: any): Record<string, string> => {
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+  };
+  const authHeader =
+    typeof req?.headers?.authorization === "string"
+      ? req.headers.authorization
+      : typeof req?.headers?.Authorization === "string"
+        ? req.headers.Authorization
+        : "";
+  if (authHeader) {
+    headers.Authorization = authHeader;
+  }
+  return headers;
+};
+
+const findLiveTableSharesByDbKey = async (tableDbKey: string) => {
+  const shares: any[] = [];
+  for await (const [dbKey, value] of serverDb.iterator({
+    gte: "share-",
+    lte: "share-\uffff",
+  })) {
+    if (
+      isLiveTableShareRecord(value, tableDbKey)
+    ) {
+      shares.push({
+        ...value,
+        dbKey,
+      });
+    }
+  }
+  return shares;
+};
+
+const propagateTableDeleteToReplicas = async (req: DeleteRequest, tableDbKey: string) => {
+  const currentOrigin = getRequestOrigin(req);
+  const shares = await findLiveTableSharesByDbKey(tableDbKey);
+  const forwardHeaders = getForwardHeaders(req);
+
+  for (const share of shares) {
+    const shareOrigin = normalizeOrigin(
+      share?.meta?.originServer ?? share?.data?.originServer
+    );
+    if (shareOrigin && shareOrigin !== currentOrigin) continue;
+
+    const replicaServers = Array.isArray(share?.meta?.replicaServers)
+      ? share.meta.replicaServers
+      : [];
+    for (const server of replicaServers) {
+      const normalizedServer = normalizeOrigin(server);
+      if (!normalizedServer || normalizedServer === currentOrigin) continue;
+      const response = await fetch(
+        `${normalizedServer}/api/v1/db/delete/${encodeURIComponent(tableDbKey)}?type=table`,
+        {
+          method: "DELETE",
+          headers: forwardHeaders,
+        }
+      );
+      if (!response.ok) {
+        const detail = await response.text();
+        throw new Error(
+          detail || `Replica table delete failed on ${normalizedServer}: HTTP ${response.status}`
+        );
+      }
+    }
+  }
+};
+
+/**
+ * 判断当前请求用户是否是「系统账号」并且在操作公共 cybot 资源。
+ *
+ * 约定：
+ * - 公共 cybot 资源 key 形如：cybot-pub-{cybotId}
+ * - 系统账号 id 为 nolotusId（来自 core/init）
+ */
+const canSystemUserDeletePublicCybot = (
+  dbKey: string,
+  actionUserId?: string
+): boolean => {
+  const PUBLIC_CYBOT_KEY_PREFIX = "cybot-pub-";
+
+  const isPublicCybotKey = dbKey.startsWith(PUBLIC_CYBOT_KEY_PREFIX);
+  const isSystemUser = actionUserId === nolotusId;
+
+  return isPublicCybotKey && isSystemUser;
+};
+
+const canSystemAdminDeleteCommunityShare = (
+  dbKey: string,
+  actionUserId: string | undefined,
+  data: any
+): boolean => {
+  if (!isSystemAdmin(actionUserId)) return false;
+  if (!shareKey.isShareKey(dbKey)) return false;
+  return data?.meta?.visibility === "community";
+};
+
+export const handleDelete = async (req: DeleteRequest) => {
+  try {
+    const authResult = await authenticateRequest(req);
+    const actionUserId = authResult instanceof Response ? undefined : authResult.userId;
+
+    const { id } = req.params;
+    const url = new URL(req.url);
+    const type = url.searchParams.get("type");
+
+    // 1. 删除消息的专用分支
+    if (type === "messages") {
+      try {
+        const result = await deleteMessages(serverDb, id);
+        return new Response(JSON.stringify(result), {
+          status: 200,
+          headers: CORS_HEADERS,
+        });
+      } catch (err: any) {
+        if (err.notFound) {
+          return new Response(JSON.stringify({ message: "Messages already deleted or dialog not found", processingIds: [] }), {
+            status: 200,
+            headers: CORS_HEADERS,
+          });
+        }
+        throw err;
+      }
+    }
+
+    // 1.5 删除整张表（meta + 所有行 + 所有索引）的专用分支
+    if (type === "table") {
+      // 先拿 meta 数据做权限校验
+      let meta;
+      try {
+        meta = await serverDb.get(id);
+      } catch (err: any) {
+        if (err.notFound) {
+          return new Response(JSON.stringify({ message: "Table already deleted", processingIds: [] }), {
+            status: 200,
+            headers: CORS_HEADERS,
+          });
+        }
+        throw err;
+      }
+
+      const ownerId = meta?.userId as string | undefined;
+      const ownerMissing = ownerId == null;
+      const isOwner = actionUserId != null && ownerId === actionUserId;
+
+      // 表删除只按 owner 规则来判断
+      if (!ownerMissing && !isOwner) {
+        return new Response(
+          JSON.stringify({
+            error: "Unauthorized action: You do not own this table",
+            ownerId,
+            actionUserId,
+            processingIds: [],
+          }),
+          {
+            status: 403,
+            headers: CORS_HEADERS,
+          }
+        );
+      }
+
+      await propagateTableDeleteToReplicas(req, id);
+
+      // 真正执行整表删除
+      const { processingIds } = await deleteTable(serverDb, id);
+
+      return new Response(
+        JSON.stringify({
+          message: "Table delete request processed",
+          processingIds,
+        }),
+        {
+          status: 200,
+          headers: CORS_HEADERS,
+        }
+      );
+    }
+
+    // 2. 删除通用数据（单 key 删除）
+    let data;
+    try {
+      data = await serverDb.get(id);
+    } catch (err: any) {
+      if (err.notFound) {
+        return new Response(
+          JSON.stringify({
+            message: "Success (Key not found, possibly already deleted)",
+            processingIds: [id],
+          }),
+          {
+            status: 200,
+            headers: CORS_HEADERS,
+          }
+        );
+      }
+      throw err;
+    }
+
+    const isShareRecord = shareKey.isShareKey(id);
+    const ownerId = (
+      data?.userId ??
+      (isShareRecord ? data?.meta?.authorId : undefined)
+    ) as string | undefined;
+    const ownerMissing = ownerId == null && !isShareRecord;
+    const isOwner = actionUserId != null && ownerId === actionUserId;
+    const canSystemUserDeletePublicCybotResource =
+      canSystemUserDeletePublicCybot(id, actionUserId);
+    const canSystemAdminDeleteCommunityShareResource =
+      canSystemAdminDeleteCommunityShare(id, actionUserId, data);
+    const canDeleteSpaceMemberResource =
+      parseSpaceMemberKey(id) !== null &&
+      (await canDeleteSpaceMemberRecord({
+        dbKey: id,
+        actionUserId,
+      }));
+    const shouldInvalidatePublicAgents =
+      id.startsWith("agent-pub-") || id.startsWith("cybot-pub-");
+
+    if (
+      ownerMissing ||
+      isOwner ||
+      canDeleteSpaceMemberResource ||
+      canSystemUserDeletePublicCybotResource ||
+      canSystemAdminDeleteCommunityShareResource
+    ) {
+      if (data) {
+        if (isTombstoneRecord(data)) {
+          return new Response(
+            JSON.stringify({
+              message: "Delete request processed",
+              processingIds: [id],
+            }),
+            {
+              status: 200,
+              headers: CORS_HEADERS,
+            }
+          );
+        }
+
+        // Share 记录 → 物理删除（主记录 + 所有索引键）；通用记录 → tombstone
+        if (isShareRecord) {
+          const indexes = shareKey.allIndexKeysFromShare(id, data);
+          const batch = serverDb.batch();
+          batch.del(id);
+          for (const ik of indexes) batch.del(ik);
+          await batch.write();
+        } else {
+          await serverDb.put(id, buildTombstoneRecord(data, new Date().toISOString()));
+        }
+
+        if (
+          data?.type === DataType.TABLE_ROW &&
+          typeof data?.tenantId === "string" &&
+          typeof data?.tableId === "string"
+        ) {
+          await replicateSharedTableMutation({
+            mutation: {
+              kind: "delete",
+              dbKey: id,
+              dataType: data.type,
+              tenantId: data.tenantId,
+              tableId: data.tableId,
+            },
+            originServer: getRequestOrigin(req),
+            replicaServers: [],
+            findActiveLiveShare: findActiveLiveShareByTable,
+            putMutationToReplica: async (server, mutation) => {
+              try {
+                const response = await fetch(
+                  `${server}/api/v1/db/delete/${encodeURIComponent(mutation.dbKey)}`,
+                  {
+                    method: "DELETE",
+                    headers: getForwardHeaders(req),
+                  }
+                );
+                return {
+                  ok: response.ok,
+                  status: response.status,
+                  detail: response.ok ? "" : await response.text(),
+                };
+              } catch (error: any) {
+                return {
+                  ok: false,
+                  detail: error?.message ?? "Replica row delete failed",
+                };
+              }
+            },
+            reconcileReplicaTable: async ({ shareDbKey, replicaServers }) => {
+              await bootstrapReplicatedTable({
+                shareDbKey,
+                shareRecord: {
+                  dbKey: shareDbKey,
+                  type: DataType.TABLE,
+                  data: {
+                    mode: "live",
+                    tableDbKey: `meta-${data.tenantId}-${data.tableId}`,
+                  },
+                  meta: {
+                    tableDbKey: `meta-${data.tenantId}-${data.tableId}`,
+                    replicaServers,
+                  },
+                },
+                tableDbKey: `meta-${data.tenantId}-${data.tableId}`,
+                tableOwnerId: data.tenantId,
+                originServer: getRequestOrigin(req),
+                replicaServers,
+                thunkApi: null,
+                putRecordToServer: async (server, dbKey, record) => {
+                  try {
+                    const response = await fetch(`${server}/api/v1/db/write/`, {
+                      method: "POST",
+                      headers: getForwardHeaders(req),
+                      body: JSON.stringify({
+                        data: record,
+                        customKey: dbKey,
+                        userId:
+                          record?.userId ?? record?.tenantId ?? actionUserId,
+                      }),
+                    });
+                    return {
+                      ok: response.ok,
+                      status: response.status,
+                      detail: response.ok ? "" : await response.text(),
+                    };
+                  } catch (error: any) {
+                    return {
+                      ok: false,
+                      detail: error?.message ?? "Replica reconcile request failed",
+                    };
+                  }
+                },
+                resetReplicaTable: async (server, tableDbKey) => {
+                  try {
+                    const response = await fetch(
+                      `${server}/api/v1/db/delete/${encodeURIComponent(tableDbKey)}?type=table`,
+                      {
+                        method: "DELETE",
+                        headers: getForwardHeaders(req),
+                      }
+                    );
+                    return {
+                      ok: response.ok,
+                      status: response.status,
+                      detail: response.ok ? "" : await response.text(),
+                    };
+                  } catch (error: any) {
+                    return {
+                      ok: false,
+                      detail: error?.message ?? "Replica table reset failed",
+                    };
+                  }
+                },
+                patchShareMeta,
+              });
+            },
+            patchShareMeta,
+          });
+        }
+
+        if (shouldInvalidatePublicAgents) {
+          invalidatePublicAgentsCache();
+        }
+
+        // 如果被删除的是 Agent，则级联清理所有的收藏关系及统计
+        if (isAgentKey(id)) {
+          const { start, end } = createFavoriteKey.userRangeOfAgentKey(id);
+          const batch = serverDb.batch();
+
+          for await (const [reverseKey] of serverDb.iterator({
+            gte: start,
+            lte: end,
+          })) {
+            if (!reverseKey.startsWith(start)) continue;
+
+            // reverseKey: fav-agent-key-by-agent-{agentKey}-{userId}
+            const userId = reverseKey.slice(start.length);
+            if (userId) {
+              const primaryKey = createFavoriteKey.agentByKey(userId, id);
+              batch.del(primaryKey);
+              batch.del(reverseKey);
+            }
+          }
+
+          // 清理收藏统计
+          batch.del(createFavoriteStatsKey.agentByKey(id));
+
+          await batch.write();
+        }
+
+        // 如果被删除的是 Dialog，则级联清理该对话下的所有消息
+        // Dialog Key 结构: dialog-{userId}-{dialogId} (3 parts)
+        const parts = id.split("-");
+        if (parts[0] === "dialog" && parts.length === 3) {
+          const dialogId = parts[2];
+          if (dialogId) {
+            console.log(`[Delete] Cascading messages for dialog: ${dialogId}`);
+            await deleteMessages(serverDb, dialogId);
+          }
+        }
+      }
+
+      return new Response(
+        JSON.stringify({
+          message: "Delete request processed",
+          processingIds: [id],
+        }),
+        {
+          status: 200,
+          headers: CORS_HEADERS,
+        }
+      );
+    }
+
+    // 3. 无权限
+    const forbiddenReason = !actionUserId
+      ? "Missing or invalid auth token (or public key not found on this server)"
+      : `User ${actionUserId} does not match owner ${ownerId}`;
+
+    console.warn(`[Delete 403] ${forbiddenReason} for key: ${id}`);
+
+    return new Response(
+      JSON.stringify({
+        error: "Unauthorized action",
+        message: forbiddenReason,
+        ownerId,
+        actionUserId,
+        processingIds: [],
+      }),
+      {
+        status: 403,
+        headers: CORS_HEADERS,
+      }
+    );
+  } catch (error) {
+    console.error("Delete handler error:", error);
+
+    return new Response(
+      JSON.stringify({
+        error: "Internal server error",
+        message: error instanceof Error ? error.message : String(error),
+        processingIds: [],
+      }),
+      {
+        status: 500,
+        headers: CORS_HEADERS,
+      }
+    );
+  }
+};