nolo-cli 0.1.13 → 0.1.14

package/database/server/read.ts

@@ -0,0 +1,325 @@
+// 文件路径: packages/database/server/read.ts
+
+import serverDb, { ensureServerDbOpen } from "./db";
+import { DB_PREFIX, shareKey } from "database/keys";
+import { parseToken, verifyToken } from "auth/token";
+import { assertSessionTokenVersion } from "auth/sessionTokenVersion";
+import { isTombstoneRecord } from "database/tombstones";
+import { userActor } from "auth/actor";
+import { authorizeActorRecordAccess } from "./actorAccess";
+
+const isLevelNotFoundError = (error: any): boolean => {
+  const code = error?.code;
+  return (
+    error?.notFound === true ||
+    error?.name === "NotFoundError" ||
+    code === "LEVEL_NOT_FOUND" ||
+    code === "LEVEL_NOT_FOUND_ERROR"
+  );
+};
+
+const PROFILE_KEY_SUFFIX = "-profile";
+
+const isPublicProfileKey = (dbKey: string): boolean =>
+  dbKey.endsWith(PROFILE_KEY_SUFFIX) && dbKey.length > PROFILE_KEY_SUFFIX.length;
+
+const isPublicAgentKey = (dbKey: string): boolean =>
+  dbKey.startsWith("agent-pub-") || dbKey.startsWith("cybot-pub-");
+
+const getUserIdFromProfileKey = (dbKey: string): string =>
+  dbKey.slice(0, -PROFILE_KEY_SUFFIX.length);
+
+const getAuthorizedUserId = async (req: any): Promise<string | null> => {
+  const authHeader = req.headers?.get?.("authorization");
+  const token = typeof authHeader === "string" ? authHeader.split(" ")[1] : "";
+  if (!token) return null;
+
+  const parsed = parseToken(token);
+  const userId = parsed?.userId;
+  if (!userId || typeof userId !== "string") return null;
+
+  try {
+    const user = await serverDb.get(`${DB_PREFIX.USER}${userId}`);
+    if (!user?.publicKey || user?.isDisabled) return null;
+
+    const payload = verifyToken(token, user.publicKey);
+    assertSessionTokenVersion(payload, user);
+    if (!payload || payload.userId !== userId) return null;
+
+    const now = Date.now();
+    if (payload.exp != null) {
+      const expMs =
+        typeof payload.exp === "number"
+          ? payload.exp * 1000
+          : new Date(payload.exp).getTime();
+      if (Number.isFinite(expMs) && now > expMs) return null;
+    }
+    if (payload.nbf != null) {
+      const nbfMs =
+        typeof payload.nbf === "number"
+          ? payload.nbf * 1000
+          : new Date(payload.nbf).getTime();
+      if (Number.isFinite(nbfMs) && now < nbfMs) return null;
+    }
+
+    return userId;
+  } catch {
+    return null;
+  }
+};
+
+const purchaseRecordKey = (buyerId: string, shareToken: string) =>
+  `doc-purchase-${buyerId}-${shareToken}`;
+
+const extractShareTokenFromDbKey = (dbKey: string): string | null =>
+  dbKey.startsWith("share-") ? dbKey.slice("share-".length) : null;
+
+const isCommunityShare = (share: any): boolean =>
+  share?.meta?.visibility === "community";
+
+const isShareOwner = (share: any, userId: string | null): boolean =>
+  Boolean(userId && share?.meta?.authorId === userId);
+
+const isPaidShare = (share: any): boolean =>
+  typeof share?.meta?.price === "number" && share.meta.price > 0;
+
+const redactSharePayload = (share: any) => ({
+  ...share,
+  data: {},
+  meta: {
+    ...(share?.meta ?? {}),
+    previewLocked: true,
+    requiresPurchase: true,
+  },
+});
+
+const hasPurchasedShare = async (
+  userId: string | null,
+  shareToken: string | null
+): Promise<boolean> => {
+  if (!userId || !shareToken) return false;
+  try {
+    await serverDb.get(purchaseRecordKey(userId, shareToken));
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+const toPublicProfile = (profile: any, user: any) => ({
+  nickname:
+    typeof profile?.nickname === "string" && profile.nickname.trim()
+      ? profile.nickname
+      : typeof user?.username === "string"
+        ? user.username
+        : "",
+  username:
+    typeof user?.username === "string"
+      ? user.username
+      : typeof profile?.username === "string"
+        ? profile.username
+        : "",
+  avatar: typeof profile?.avatar === "string" ? profile.avatar : "",
+});
+
+const toPublicAgent = (agent: any) => {
+  const { apiKey, customProviderUrl, endpointKey, ...publicAgent } = agent ?? {};
+  return publicAgent;
+};
+
+const isAgentOwner = (agent: any, userId: string | null): boolean =>
+  Boolean(
+    userId &&
+      (agent?.ownerId === userId ||
+        agent?.userId === userId ||
+        agent?.tenantId === userId)
+  );
+export const handleReadSingle = async (req: any) => {
+  const corsHeaders = {
+    "Access-Control-Allow-Origin": "*",
+    "Content-Type": "application/json",
+  };
+
+  if (!req.params?.id) {
+    return new Response(JSON.stringify({ error: "need id" }), {
+      status: 400,
+      headers: corsHeaders,
+    });
+  }
+
+  const dbKey = req.params.id;
+  const isShareDataKey = dbKey.startsWith("share-") || shareKey.isShareKey(dbKey);
+
+  try {
+    // ⭐ 确保 LevelDB 已打开，避免 LEVEL_DATABASE_NOT_OPEN
+    await ensureServerDbOpen();
+
+    const authedUserId = await getAuthorizedUserId(req);
+    const isPublicAgentDataKey = isPublicAgentKey(dbKey);
+    // NOTE: `space.visibility = "public"` is currently a product/discovery signal for
+    // logged-in flows, but it does not automatically make raw `/api/v1/db/read/:id`
+    // anonymous-readable. Today only public profiles and community shares bypass auth
+    // here. If we later want guest-readable public spaces / skill pages, that needs an
+    // explicit allowlist rule in this handler instead of assuming space visibility is enough.
+    if (!authedUserId && !isPublicProfileKey(dbKey) && !isShareDataKey && !isPublicAgentDataKey) {
+      return new Response(
+        JSON.stringify({
+          error: "Unauthorized",
+          message: "Authentication required",
+        }),
+        { status: 401, headers: corsHeaders }
+      );
+    }
+
+    if (!authedUserId && isPublicProfileKey(dbKey)) {
+      const inviterId = getUserIdFromProfileKey(dbKey);
+
+      let profile: any = null;
+      try {
+        profile = await serverDb.get(dbKey);
+      } catch (error: any) {
+        if (!isLevelNotFoundError(error)) throw error;
+      }
+
+      let user: any = null;
+      try {
+        user = await serverDb.get(`${DB_PREFIX.USER}${inviterId}`);
+      } catch (error: any) {
+        if (!isLevelNotFoundError(error)) throw error;
+      }
+
+      if (user?.isDisabled) {
+        return new Response(
+          JSON.stringify({
+            error: "Not Found",
+            message: `Resource with id ${dbKey} not found`,
+          }),
+          { status: 404, headers: corsHeaders }
+        );
+      }
+
+      if (!profile && !user) {
+        return new Response(
+          JSON.stringify({
+            error: "Not Found",
+            message: `Resource with id ${dbKey} not found`,
+          }),
+          { status: 404, headers: corsHeaders }
+        );
+      }
+
+      return new Response(JSON.stringify(toPublicProfile(profile, user)), {
+        status: 200,
+        headers: corsHeaders,
+      });
+    }
+
+    const result = await serverDb.get(dbKey);
+    if (
+      result === null ||
+      typeof result === "undefined" ||
+      isTombstoneRecord(result)
+    ) {
+      return new Response(
+        JSON.stringify({
+          error: "Not Found",
+          message: `Resource with id ${dbKey} not found`,
+        }),
+        { status: 404, headers: corsHeaders }
+      );
+    }
+
+    if (!authedUserId && isPublicAgentDataKey && result?.isPublic !== true) {
+      return new Response(
+        JSON.stringify({
+          error: "Not Found",
+          message: `Resource with id ${dbKey} not found`,
+        }),
+        { status: 404, headers: corsHeaders }
+      );
+    }
+
+    if (isShareDataKey) {
+      const owner = isShareOwner(result, authedUserId);
+      if (!isCommunityShare(result) && !owner) {
+        return new Response(
+          JSON.stringify({
+            error: "Not Found",
+            message: `Resource with id ${dbKey} not found`,
+          }),
+          { status: 404, headers: corsHeaders }
+        );
+      }
+
+      if (isPaidShare(result) && !owner) {
+        const shareToken = extractShareTokenFromDbKey(dbKey);
+        const purchased = await hasPurchasedShare(authedUserId, shareToken);
+        if (!purchased) {
+          return new Response(JSON.stringify(redactSharePayload(result)), {
+            status: 200,
+            headers: corsHeaders,
+          });
+        }
+      }
+    }
+
+    if (!authedUserId && isPublicAgentDataKey) {
+      return new Response(JSON.stringify(toPublicAgent(result)), {
+        status: 200,
+        headers: corsHeaders,
+      });
+    }
+
+    if (!authedUserId && isShareDataKey && isCommunityShare(result)) {
+      return new Response(JSON.stringify({ ...result }), {
+        status: 200,
+        headers: corsHeaders,
+      });
+    }
+
+    const access = await authorizeActorRecordAccess({
+      action: "read",
+      actor: userActor(authedUserId),
+      dbKey,
+      record: result,
+    });
+    if (!access.allowed) {
+      return new Response(
+        JSON.stringify({
+          error: "Forbidden",
+          message: "You do not have access to this resource",
+        }),
+        { status: 403, headers: corsHeaders }
+      );
+    }
+
+    if (isPublicAgentDataKey && !isAgentOwner(result, authedUserId)) {
+      return new Response(JSON.stringify(toPublicAgent(result)), {
+        status: 200,
+        headers: corsHeaders,
+      });
+    }
+    return new Response(JSON.stringify({ ...result }), {
+      status: 200,
+      headers: corsHeaders,
+    });
+  } catch (error: any) {
+    if (isLevelNotFoundError(error)) {
+      return new Response(
+        JSON.stringify({
+          error: "Not Found",
+          message: `Resource with id ${dbKey} not found`,
+        }),
+        { status: 404, headers: corsHeaders }
+      );
+    }
+    console.error("Database fetch error:", error);
+    return new Response(
+      JSON.stringify({
+        error: "Internal Server Error",
+        message: "Failed to fetch data",
+      }),
+      { status: 500, headers: corsHeaders }
+    );
+  }
+};

package/database/server/resourceAccess.ts

@@ -0,0 +1,211 @@
+import { isSystemAdmin } from "core/init";
+import { shareKey } from "database/keys";
+import serverDb from "./db";
+import { resolveKeyOwnerId } from "./writeAuthority";
+
+export type AccessAction = "read" | "write" | "delete" | "manage";
+
+type AccessInput = {
+  action: AccessAction;
+  actionUserId?: string | null;
+  dbKey: string;
+  record?: any;
+};
+
+export type AccessResult = {
+  allowed: boolean;
+  reason?: string;
+  keyOwnerId?: string | null;
+  recordOwnerId?: string | null;
+  spaceId?: string | null;
+};
+
+const SPACE_PREFIX = "space-";
+const SPACE_MEMBER_PREFIX = "space-member-";
+
+const normalizeSpaceId = (spaceId?: unknown): string | null => {
+  if (typeof spaceId !== "string") return null;
+  const trimmed = spaceId.trim();
+  if (!trimmed) return null;
+  return trimmed.startsWith(SPACE_PREFIX)
+    ? trimmed.slice(SPACE_PREFIX.length)
+    : trimmed;
+};
+
+const isShareRecordKey = (dbKey: unknown): boolean => {
+  const value = String(dbKey || "");
+  return value.startsWith("share-") || shareKey.isShareKey(value);
+};
+
+const getRecordOwnerId = (record: any): string | null =>
+  (typeof record?.ownerId === "string" && record.ownerId) ||
+  (typeof record?.userId === "string" && record.userId) ||
+  (typeof record?.tenantId === "string" && record.tenantId) ||
+  (isShareRecordKey(record?.dbKey) && typeof record?.meta?.authorId === "string"
+    ? record.meta.authorId
+    : null) ||
+  null;
+
+const getSpaceIdFromRecord = (record: any): string | null =>
+  normalizeSpaceId(record?.spaceId);
+
+const getSpaceIdFromKey = (dbKey: string): string | null => {
+  if (!dbKey.startsWith(SPACE_PREFIX) || dbKey.startsWith(SPACE_MEMBER_PREFIX)) {
+    return null;
+  }
+  return normalizeSpaceId(dbKey);
+};
+
+const isAgentOwnedByUser = (agentKey: unknown, userId: string): boolean =>
+  typeof agentKey === "string" &&
+  Boolean(userId) &&
+  resolveKeyOwnerId(agentKey) === userId;
+
+const isPublicAgentRecord = (dbKey: string, record: any): boolean =>
+  (dbKey.startsWith("agent-pub-") || dbKey.startsWith("cybot-pub-")) &&
+  record?.isPublic === true;
+
+const isCommunityShareRecord = (dbKey: string, record: any): boolean =>
+  (dbKey.startsWith("share-") || shareKey.isShareKey(dbKey)) &&
+  record?.meta?.visibility === "community";
+
+const hasSpaceMembership = async (
+  userId: string,
+  spaceId: string | null
+): Promise<boolean> => {
+  const normalized = normalizeSpaceId(spaceId);
+  if (!userId || !normalized) return false;
+
+  try {
+    const membership = await serverDb.get(
+      `${SPACE_MEMBER_PREFIX}${userId}-${normalized}`
+    );
+    if (membership) return true;
+  } catch {
+    // Fall through to the space record. Some older data only has members[].
+  }
+
+  try {
+    const space = await serverDb.get(`${SPACE_PREFIX}${normalized}`);
+    return (
+      space?.ownerId === userId ||
+      (Array.isArray(space?.members) && space.members.includes(userId))
+    );
+  } catch {
+    return false;
+  }
+};
+
+const getContentKeyCandidates = (dbKey: string, record: any): string[] => {
+  const candidates = [
+    dbKey,
+    typeof record?.dbKey === "string" ? record.dbKey : "",
+    typeof record?.contentKey === "string" ? record.contentKey : "",
+    typeof record?.key === "string" ? record.key : "",
+  ].filter(Boolean);
+
+  return [...new Set(candidates)];
+};
+
+const isRecordLinkedFromMemberSpace = async (
+  userId: string,
+  dbKey: string,
+  record: any
+): Promise<string | null> => {
+  if (!userId || !dbKey) return null;
+
+  const contentKeys = getContentKeyCandidates(dbKey, record);
+  const prefix = `${SPACE_MEMBER_PREFIX}${userId}-`;
+
+  try {
+    for await (const [, membership] of serverDb.iterator({
+      gte: prefix,
+      lte: prefix + "\uffff",
+    })) {
+      const spaceId = normalizeSpaceId(membership?.spaceId);
+      if (!spaceId) continue;
+
+      try {
+        const space = await serverDb.get(`${SPACE_PREFIX}${spaceId}`);
+        const contents = space?.contents;
+        if (!contents || typeof contents !== "object") continue;
+
+        if (contentKeys.some((contentKey) => Boolean(contents[contentKey]))) {
+          return spaceId;
+        }
+      } catch {
+        // Ignore stale membership pointers.
+      }
+    }
+  } catch {
+    return null;
+  }
+
+  return null;
+};
+
+export async function authorizeRecordAccess({
+  action,
+  actionUserId,
+  dbKey,
+  record,
+}: AccessInput): Promise<AccessResult> {
+  if (!actionUserId) {
+    return { allowed: false, reason: "missing_actor" };
+  }
+
+  if (isSystemAdmin(actionUserId)) {
+    return { allowed: true };
+  }
+
+  if (action === "read") {
+    if (isPublicAgentRecord(dbKey, record)) return { allowed: true };
+    if (isCommunityShareRecord(dbKey, record)) return { allowed: true };
+  }
+
+  const keyOwnerId = resolveKeyOwnerId(dbKey);
+  const recordOwnerId = getRecordOwnerId({ ...record, dbKey });
+  const spaceId = getSpaceIdFromRecord(record) ?? getSpaceIdFromKey(dbKey);
+
+  if (keyOwnerId && recordOwnerId && keyOwnerId !== recordOwnerId) {
+    return {
+      allowed: false,
+      reason: "owner_mismatch",
+      keyOwnerId,
+      recordOwnerId,
+      spaceId,
+    };
+  }
+
+  if (keyOwnerId === actionUserId || recordOwnerId === actionUserId) {
+    return { allowed: true, keyOwnerId, recordOwnerId, spaceId };
+  }
+
+  if (
+    record?.ownerType === "agent" &&
+    isAgentOwnedByUser(recordOwnerId, actionUserId)
+  ) {
+    return { allowed: true, keyOwnerId, recordOwnerId, spaceId };
+  }
+
+  if (await hasSpaceMembership(actionUserId, spaceId)) {
+    return { allowed: true, keyOwnerId, recordOwnerId, spaceId };
+  }
+
+  const linkedSpaceId = await isRecordLinkedFromMemberSpace(
+    actionUserId,
+    dbKey,
+    record
+  );
+  if (linkedSpaceId) {
+    return { allowed: true, keyOwnerId, recordOwnerId, spaceId: linkedSpaceId };
+  }
+
+  return {
+    allowed: false,
+    reason: "not_owner_or_member",
+    keyOwnerId,
+    recordOwnerId,
+    spaceId,
+  };
+}

package/database/server/routes.ts

@@ -0,0 +1,110 @@
+import { API_ENDPOINTS } from "../config";
+import { handleQuery } from "./query";
+import { handleWrite } from "./write";
+import { handlePatch } from "./patch";
+import { maybeProxyDatabaseRequestToCore } from "./coreDataProxy";
+import { createPageServer } from "render/page/server/createPage";
+import { handleToken } from "auth/server/token";
+import { logger } from "auth/server/shared";
+
+export const databaseRequest = async (req, res, url) => {
+  const pathname = url.pathname;
+  const getIdFromPath = (prefix) => {
+    const start = pathname.indexOf(prefix) + prefix.length;
+    const end =
+      pathname.indexOf("/", start) !== -1
+        ? pathname.indexOf("/", start)
+        : undefined;
+    return pathname.slice(start, end);
+  };
+  if (pathname.startsWith(API_ENDPOINTS.DATABASE)) {
+    const operation = pathname
+      .substr(API_ENDPOINTS.DATABASE.length)
+      .split("/")[1];
+
+    switch (operation) {
+      case "write": {
+        const proxied = await maybeProxyDatabaseRequestToCore({
+          req,
+          pathname,
+          search: url.search,
+          coreBaseUrl: process.env.NOLO_SERVER_CORE_BASE_URL,
+        });
+        if (proxied) {
+          return proxied;
+        }
+        return handleWrite(req, res);
+      }
+      case "patch": {
+        const proxied = await maybeProxyDatabaseRequestToCore({
+          req,
+          pathname,
+          search: url.search,
+          coreBaseUrl: process.env.NOLO_SERVER_CORE_BASE_URL,
+        });
+        if (proxied) {
+          return proxied;
+        }
+        req.params = { id: getIdFromPath("/api/v1/db/patch/") };
+        return handlePatch(req, res);
+      }
+      case "query":
+        req.params = { userId: getIdFromPath("/api/v1/db/query/") };
+        return handleQuery(req, res);
+      case "page": {
+        // /api/v1/db/page/create
+        const subOperation = pathname.split("/")[5]; // page 后面的操作
+        if (subOperation === "create") {
+          try {
+            // 鉴权
+            const user = await handleToken(req, res);
+            const userId = user?.userId;
+            if (!userId) {
+              return res.status(401).json({
+                success: false,
+                message: "Unauthorized: userId not found",
+              });
+            }
+
+            const { title, content, slateData, spaceId, categoryId, tags } =
+              req.body || {};
+
+            const result = await createPageServer({
+              userId,
+              title,
+              content,
+              slateData,
+              spaceId,
+              categoryId,
+              tags,
+            });
+
+            logger.info({
+              event: "page_created",
+              userId,
+              dbKey: result.dbKey,
+              title: result.title,
+            });
+
+            return res.status(200).json(result);
+          } catch (error: any) {
+            logger.error({
+              event: "create_page_failed",
+              error: error.message,
+            });
+            return res.status(500).json({
+              success: false,
+              message: error.message || "Failed to create page",
+            });
+          }
+        }
+        return new Response("Unknown page operation", { status: 404 });
+      }
+      default:
+        return new Response(
+          JSON.stringify({ error: "Not Found", message: `Unknown database operation: ${operation}` }),
+          { status: 404, headers: { "Content-Type": "application/json" } }
+        );
+    }
+  }
+};

package/database/server/spaceMemberAuthority.ts

@@ -0,0 +1,67 @@
+import serverDb from "./db";
+
+const SPACE_MEMBER_PREFIX = "space-member-";
+const SPACE_PREFIX = "space-";
+
+export const parseSpaceMemberKey = (
+  dbKey: string
+): { memberUserId: string; spaceId: string } | null => {
+  if (typeof dbKey !== "string" || !dbKey.startsWith(SPACE_MEMBER_PREFIX)) {
+    return null;
+  }
+
+  const rest = dbKey.slice(SPACE_MEMBER_PREFIX.length);
+  const lastDash = rest.lastIndexOf("-");
+  if (lastDash <= 0 || lastDash === rest.length - 1) {
+    return null;
+  }
+
+  return {
+    memberUserId: rest.slice(0, lastDash),
+    spaceId: rest.slice(lastDash + 1),
+  };
+};
+
+const loadSpaceRecord = async (spaceId: string): Promise<any | null> => {
+  try {
+    return await serverDb.get(`${SPACE_PREFIX}${spaceId}`);
+  } catch {
+    return null;
+  }
+};
+
+export const canWriteSpaceMemberRecord = async ({
+  dbKey,
+  actionUserId,
+}: {
+  dbKey: string;
+  actionUserId?: string | null;
+}): Promise<boolean> => {
+  const parsed = parseSpaceMemberKey(dbKey);
+  if (!parsed || !actionUserId) {
+    return false;
+  }
+
+  const space = await loadSpaceRecord(parsed.spaceId);
+  return Array.isArray(space?.members) && space.members.includes(actionUserId);
+};
+
+export const canDeleteSpaceMemberRecord = async ({
+  dbKey,
+  actionUserId,
+}: {
+  dbKey: string;
+  actionUserId?: string | null;
+}): Promise<boolean> => {
+  const parsed = parseSpaceMemberKey(dbKey);
+  if (!parsed || !actionUserId) {
+    return false;
+  }
+
+  if (parsed.memberUserId === actionUserId) {
+    return true;
+  }
+
+  const space = await loadSpaceRecord(parsed.spaceId);
+  return typeof space?.ownerId === "string" && space.ownerId === actionUserId;
+};