work-agent 0.1.0

package/app/api/audit/route.ts

@@ -0,0 +1,30 @@
+/**
+ * 审计日志 API - GET
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuditLogs } from '@/lib/db';
+
+/**
+ * GET /api/audit - 获取审计日志
+ */
+export async function GET(request: NextRequest) {
+	try {
+		const { searchParams } = new URL(request.url);
+		const filters = {
+			userId: searchParams.get('userId') ?? undefined,
+			ticketId: searchParams.get('ticketId') ?? undefined,
+			sessionId: searchParams.get('sessionId') ?? undefined,
+			limit: searchParams.get('limit') ? parseInt(searchParams.get('limit')!) : undefined,
+		};
+
+		const logs = await getAuditLogs(filters);
+
+		return NextResponse.json({ logs });
+	} catch (error) {
+		return NextResponse.json(
+			{ error: error instanceof Error ? error.message : '获取审计日志失败' },
+			{ status: 500 },
+		);
+	}
+}

package/app/api/auth/feishu/callback/route.ts

@@ -0,0 +1,72 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getFeishuAccessToken, getFeishuUserInfo } from '@/lib/feishu-auth';
+import { 
+	getUserByFeishuUnionId, 
+	createUser, 
+	updateUserFeishuInfo, 
+	updateUserLogin,
+	getBuiltinSkills,
+	installUserSkill,
+	getUserSkills 
+} from '@/lib/db';
+
+const BASE_URL = process.env.FEISHU_REDIRECT_URI?.replace('/api/auth/feishu/callback', '') || 
+                 process.env.NEXT_PUBLIC_BASE_URL || 
+                 'http://work-agent.agent-platform.dev.aimstek.cn';
+
+export async function GET(request: NextRequest) {
+	try {
+		const { searchParams } = new URL(request.url);
+		const code = searchParams.get('code');
+		const error = searchParams.get('error');
+
+		if (error) {
+			return NextResponse.redirect(new URL(`/login?error=feishu_auth_failed`, BASE_URL));
+		}
+
+		if (!code) {
+			return NextResponse.redirect(new URL('/login?error=no_code', BASE_URL));
+		}
+
+		const tokenData = await getFeishuAccessToken(code);
+		const userInfo = await getFeishuUserInfo(tokenData.access_token);
+
+		let user = getUserByFeishuUnionId(userInfo.union_id);
+
+		if (!user) {
+			const newUser = createUser(userInfo.union_id, 'guest');
+			
+			const builtinSkills = getBuiltinSkills().filter(s => s.enabled);
+			const userSkills = getUserSkills(newUser.id);
+			for (const skill of builtinSkills) {
+				const alreadyInstalled = userSkills.some(s => s.skillName === skill.skillName);
+				if (!alreadyInstalled) {
+					installUserSkill(newUser.id, skill.skillName, 'builtin');
+				}
+			}
+			user = newUser;
+		}
+
+		updateUserFeishuInfo(user.id, {
+			unionId: userInfo.union_id,
+			openId: userInfo.open_id,
+			avatar: userInfo.avatar_url || userInfo.avatar_thumb,
+			displayName: userInfo.name,
+		});
+
+		updateUserLogin(user.id);
+
+		const loginUrl = new URL('/login', BASE_URL);
+		loginUrl.searchParams.set('feishu_login', 'true');
+		loginUrl.searchParams.set('userId', user.id);
+		loginUrl.searchParams.set('username', userInfo.name);
+		loginUrl.searchParams.set('role', user.role);
+
+		const response = NextResponse.redirect(loginUrl);
+
+		return response;
+	} catch (error) {
+		console.error('飞书登录回调失败:', error);
+		return NextResponse.redirect(new URL('/login?error=feishu_login_failed', BASE_URL));
+	}
+}

package/app/api/auth/feishu/login/route.ts

@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getFeishuLoginUrl } from '@/lib/feishu-auth';
+
+export async function GET(request: NextRequest) {
+	try {
+		const state = crypto.randomUUID();
+		const loginUrl = getFeishuLoginUrl(state);
+		
+		return NextResponse.json({ url: loginUrl });
+	} catch (error) {
+		console.error('飞书登录失败:', error);
+		return NextResponse.json(
+			{ error: '生成飞书登录链接失败' },
+			{ status: 500 }
+		);
+	}
+}

package/app/api/auth/feishu/sso/route.ts

@@ -0,0 +1,78 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getFeishuAccessToken, getFeishuUserInfo } from '@/lib/feishu-auth';
+import { 
+	getUserByFeishuUnionId, 
+	createUser, 
+	updateUserFeishuInfo, 
+	updateUserLogin,
+	getBuiltinSkills,
+	installUserSkill,
+	getUserSkills 
+} from '@/lib/db';
+
+export async function POST(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { code } = body;
+
+		if (!code) {
+			return NextResponse.json(
+				{ error: '缺少授权码' },
+				{ status: 400 }
+			);
+		}
+
+		const tokenData = await getFeishuAccessToken(code);
+		const userInfo = await getFeishuUserInfo(tokenData.access_token);
+
+		let user = getUserByFeishuUnionId(userInfo.union_id);
+
+		if (!user) {
+			const newUser = createUser(userInfo.union_id, 'guest');
+			
+			const builtinSkills = getBuiltinSkills().filter(s => s.enabled);
+			const userSkills = getUserSkills(newUser.id);
+			for (const skill of builtinSkills) {
+				const alreadyInstalled = userSkills.some(s => s.skillName === skill.skillName);
+				if (!alreadyInstalled) {
+					installUserSkill(newUser.id, skill.skillName, 'builtin');
+				}
+			}
+			user = newUser;
+		}
+
+		updateUserFeishuInfo(user.id, {
+			unionId: userInfo.union_id,
+			openId: userInfo.open_id,
+			avatar: userInfo.avatar_url || userInfo.avatar_thumb,
+			displayName: userInfo.name,
+		});
+
+		updateUserLogin(user.id);
+
+		const response = NextResponse.json({
+			user: {
+				id: user.id,
+				username: user.username,
+				role: user.role,
+				displayName: userInfo.name,
+				avatar: userInfo.avatar_url || userInfo.avatar_thumb,
+			}
+		});
+
+		response.cookies.set('userId', user.id, {
+			httpOnly: true,
+			secure: process.env.NODE_ENV === 'production',
+			sameSite: 'lax',
+			maxAge: 60 * 60 * 24 * 7,
+		});
+
+		return response;
+	} catch (error) {
+		console.error('飞书免登录失败:', error);
+		return NextResponse.json(
+			{ error: '飞书登录失败' },
+			{ status: 500 }
+		);
+	}
+}

package/app/api/auth/login/route.ts

@@ -0,0 +1,85 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { createUser, getUserByUsername, getUserById, updateUserLogin, updateUserRole, getBuiltinSkills, installUserSkill, getUserSkills } from '@/lib/db';
+
+const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || 'admin123';
+
+export async function POST(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { username, password, mode } = body;
+
+		if (!username || typeof username !== 'string' || username.trim().length === 0) {
+			return NextResponse.json(
+				{ error: '用户名不能为空' },
+				{ status: 400 }
+			);
+		}
+
+		const trimmedUsername = username.trim().toLowerCase();
+
+		if (mode === 'admin') {
+			if (!password) {
+				return NextResponse.json(
+					{ error: '请输入管理员密码' },
+					{ status: 400 }
+				);
+			}
+
+			if (password !== ADMIN_PASSWORD) {
+				return NextResponse.json(
+					{ error: '管理员密码错误' },
+					{ status: 401 }
+				);
+			}
+
+			let user = getUserByUsername(trimmedUsername);
+			if (!user) {
+				user = createUser(trimmedUsername, 'admin');
+			} else if (user.role !== 'admin') {
+				updateUserRole(user.id, 'admin');
+				user = getUserById(user.id);
+			}
+			updateUserLogin(user!.id);
+
+			return NextResponse.json({
+				user: {
+					id: user!.id,
+					username: user!.username,
+					role: user!.role,
+				}
+			});
+		}
+
+		let user = getUserByUsername(trimmedUsername);
+		if (!user) {
+			user = createUser(trimmedUsername, 'guest');
+			
+			const builtinSkills = getBuiltinSkills().filter(s => s.enabled);
+			const userSkills = getUserSkills(user.id);
+			for (const skill of builtinSkills) {
+				const alreadyInstalled = userSkills.some(s => s.skillName === skill.skillName);
+				if (!alreadyInstalled) {
+					installUserSkill(user.id, skill.skillName, 'builtin');
+				}
+			}
+		} else if (user.role === 'admin') {
+			updateUserRole(user.id, 'guest');
+			user = getUserById(user.id);
+		}
+		updateUserLogin(user!.id);
+
+		return NextResponse.json({
+			user: {
+				id: user!.id,
+				username: user!.username,
+				role: user!.role,
+			}
+		});
+	} catch (error) {
+		console.error('Login failed:', error);
+		return NextResponse.json(
+			{ error: '登录失败' },
+			{ status: 500 }
+		);
+	}
+}

package/app/api/auth/oauth/route.ts

@@ -0,0 +1,168 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getUserByUsername, createUser, updateUserLogin } from '@/lib/db';
+
+const FEISHU_APP_ID = process.env.FEISHU_APP_ID;
+const FEISHU_APP_SECRET = process.env.FEISHU_APP_SECRET;
+
+const GITHUB_CLIENT_ID = process.env.GITHUB_CLIENT_ID;
+const GITHUB_CLIENT_SECRET = process.env.GITHUB_CLIENT_SECRET;
+
+/**
+ * 飞书 OAuth 登录
+ */
+export async function POST(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { code, provider } = body;
+
+		if (!provider || !code) {
+			return NextResponse.json(
+				{ error: '缺少必要参数: provider, code' },
+				{ status: 400 }
+			);
+		}
+
+		let userId: string;
+		let username: string;
+		let email: string = '';
+
+		if (provider === 'feishu') {
+			if (!FEISHU_APP_ID || !FEISHU_APP_SECRET) {
+				return NextResponse.json(
+					{ error: '飞书登录未配置' },
+					{ status: 500 }
+				);
+			}
+
+			// 使用 code 换取用户信息
+			const tokenResponse = await fetch('https://open.feishu.cn/open-apis/authen/v1/access_token', {
+				method: 'POST',
+				headers: { 'Content-Type': 'application/json' },
+				body: JSON.stringify({
+					grant_type: 'authorization_code',
+					client_id: FEISHU_APP_ID,
+					client_secret: FEISHU_APP_SECRET,
+					code,
+				}),
+			});
+
+			const tokenData = await tokenResponse.json();
+			if (tokenData.code !== 0) {
+				return NextResponse.json(
+					{ error: '飞书授权失败' },
+					{ status: 400 }
+				);
+			}
+
+			const accessToken = tokenData.access_token;
+
+			// 获取用户信息
+			const userResponse = await fetch('https://open.feishu.cn/open-apis/authen/v1/user_info', {
+				headers: { Authorization: `Bearer ${accessToken}` },
+			});
+
+			const userData = await userResponse.json();
+			if (userData.code !== 0) {
+				return NextResponse.json(
+					{ error: '获取飞书用户信息失败' },
+					{ status: 400 }
+				);
+			}
+
+			userId = `feishu-${userData.data.user_id}`;
+			username = userData.data.name || userData.data.nick_name || '飞书用户';
+			email = userData.data.email || '';
+		} else if (provider === 'github') {
+			if (!GITHUB_CLIENT_ID || !GITHUB_CLIENT_SECRET) {
+				return NextResponse.json(
+					{ error: 'GitHub登录未配置' },
+					{ status: 500 }
+				);
+			}
+
+			// 使用 code 换取 access_token
+			const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json',
+					Accept: 'application/json',
+				},
+				body: JSON.stringify({
+					client_id: GITHUB_CLIENT_ID,
+					client_secret: GITHUB_CLIENT_SECRET,
+					code,
+				}),
+			});
+
+			const tokenData = await tokenResponse.json();
+			if (!tokenData.access_token) {
+				return NextResponse.json(
+					{ error: 'GitHub授权失败' },
+					{ status: 400 }
+				);
+			}
+
+			// 获取用户信息
+			const userResponse = await fetch('https://api.github.com/user', {
+				headers: { Authorization: `Bearer ${tokenData.access_token}` },
+			});
+
+			const userData = await userResponse.json();
+			userId = `github-${userData.id}`;
+			username = userData.login || 'GitHub用户';
+			email = userData.email || '';
+		} else {
+			return NextResponse.json(
+				{ error: '不支持的登录提供商' },
+				{ status: 400 }
+			);
+		}
+
+		// 查找或创建用户
+		let user = getUserByUsername(username);
+		if (!user) {
+			user = createUser(username);
+		} else {
+			updateUserLogin(user.id);
+		}
+
+		return NextResponse.json({
+			user: {
+				id: user.id,
+				username: user.username,
+				email,
+				provider,
+			}
+		});
+	} catch (error) {
+		console.error('OAuth login failed:', error);
+		return NextResponse.json(
+			{ error: '登录失败' },
+			{ status: 500 }
+		);
+	}
+}
+
+/**
+ * 获取OAuth登录URL（用于前端跳转）
+ */
+export async function GET(request: NextRequest) {
+	const provider = request.nextUrl.searchParams.get('provider');
+
+	if (provider === 'feishu') {
+		const redirectUri = process.env.FEISHU_REDIRECT_URI || 'http://localhost:3000/api/auth/callback/feishu';
+		const url = `https://open.feishu.cn/open-apis/authen/v1/authorize?app_id=${FEISHU_APP_ID}&redirect_uri=${encodeURIComponent(redirectUri)}`;
+		return NextResponse.json({ url });
+	}
+
+	if (provider === 'github') {
+		const redirectUri = process.env.GITHUB_REDIRECT_URI || 'http://localhost:3000/api/auth/callback/github';
+		const url = `https://github.com/login/oauth/authorize?client_id=${GITHUB_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=read:user`;
+		return NextResponse.json({ url });
+	}
+
+	return NextResponse.json(
+		{ error: '不支持的登录提供商' },
+		{ status: 400 }
+	);
+}

package/app/api/config/providers/route.ts

@@ -0,0 +1,105 @@
+/**
+ * Configuration Providers API
+ *
+ * Manages AI provider configurations.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import {
+	loadModelsConfig,
+	saveModelsConfig,
+	upsertProvider,
+	deleteProvider,
+	validateProvider,
+	getAvailableProviders,
+	ModelsConfig,
+} from '@/lib/pi-config';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * GET /api/config/providers - List all providers
+ */
+export async function GET() {
+	try {
+		const providers = getAvailableProviders();
+		return NextResponse.json({ providers });
+	} catch (error) {
+		console.error('[config/providers] Error:', error);
+		return NextResponse.json(
+			{ error: 'Failed to load providers' },
+			{ status: 500 }
+		);
+	}
+}
+
+/**
+ * POST /api/config/providers - Add or update a provider
+ */
+export async function POST(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { id, ...provider } = body;
+
+		if (!id) {
+			return NextResponse.json(
+				{ error: 'Provider ID is required' },
+				{ status: 400 }
+			);
+		}
+
+		// Validate provider config
+		const validation = validateProvider(provider);
+		if (!validation.valid) {
+			return NextResponse.json(
+				{ error: 'Invalid provider config', details: validation.errors },
+				{ status: 400 }
+			);
+		}
+
+		// Save provider
+		const config = upsertProvider(id, provider);
+
+		return NextResponse.json({
+			success: true,
+			providers: getAvailableProviders(),
+		});
+	} catch (error) {
+		console.error('[config/providers] Error saving:', error);
+		return NextResponse.json(
+			{ error: error instanceof Error ? error.message : 'Failed to save provider' },
+			{ status: 500 }
+		);
+	}
+}
+
+/**
+ * DELETE /api/config/providers - Delete a provider
+ */
+export async function DELETE(request: NextRequest) {
+	try {
+		const { searchParams } = new URL(request.url);
+		const id = searchParams.get('id');
+
+		if (!id) {
+			return NextResponse.json(
+				{ error: 'Provider ID is required' },
+				{ status: 400 }
+			);
+		}
+
+		const config = deleteProvider(id);
+
+		return NextResponse.json({
+			success: true,
+			providers: getAvailableProviders(),
+		});
+	} catch (error) {
+		console.error('[config/providers] Error deleting:', error);
+		return NextResponse.json(
+			{ error: 'Failed to delete provider' },
+			{ status: 500 }
+		);
+	}
+}

package/app/api/config/route.ts

@@ -0,0 +1,115 @@
+/**
+ * Configuration API - GET/PUT
+ *
+ * Manages PI Agent model provider configuration.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import {
+	getAvailableProviders,
+	getDefaultProvider,
+	getProviderById,
+	loadModelsConfig,
+	saveModelsConfig,
+	upsertProvider,
+	deleteProvider,
+	validateProvider,
+} from '@/lib/pi-config';
+
+/**
+ * GET /api/config - Get current configuration
+ */
+export async function GET(request: NextRequest) {
+	try {
+		const providers = getAvailableProviders();
+		const defaultProvider = getDefaultProvider();
+		const rawConfig = loadModelsConfig();
+
+		return NextResponse.json({
+			providers,
+			defaultProvider: defaultProvider?.id || null,
+			rawConfig,
+		});
+	} catch (error) {
+		return NextResponse.json(
+			{ error: error instanceof Error ? error.message : 'Failed to load configuration' },
+			{ status: 500 },
+		);
+	}
+}
+
+/**
+ * PUT /api/config - Update configuration
+ */
+export async function PUT(request: NextRequest) {
+	try {
+		const body = await request.json();
+		const { action, provider, providerId } = body;
+
+		switch (action) {
+			case 'add':
+			case 'update': {
+				// Validate provider data
+				const validation = validateProvider(provider);
+				if (!validation.valid) {
+					return NextResponse.json(
+						{ error: 'Invalid provider configuration', errors: validation.errors },
+						{ status: 400 },
+					);
+				}
+
+				// Provider ID is required
+				const id = providerId || provider.id;
+				if (!id) {
+					return NextResponse.json(
+						{ error: 'providerId is required' },
+						{ status: 400 },
+					);
+				}
+
+				// Save provider
+				const config = upsertProvider(id, provider);
+
+				return NextResponse.json({
+					success: true,
+					message: `Provider "${id}" ${action === 'add' ? 'added' : 'updated'}`,
+					config,
+				});
+			}
+
+			case 'delete': {
+				if (!providerId) {
+					return NextResponse.json(
+						{ error: 'providerId is required for delete action' },
+						{ status: 400 },
+					);
+				}
+
+				const config = deleteProvider(providerId);
+				if (!config) {
+					return NextResponse.json(
+						{ error: `Provider "${providerId}" not found` },
+						{ status: 404 },
+					);
+				}
+
+				return NextResponse.json({
+					success: true,
+					message: `Provider "${providerId}" deleted`,
+					config,
+				});
+			}
+
+			default:
+				return NextResponse.json(
+					{ error: `Unknown action: ${action}` },
+					{ status: 400 },
+				);
+		}
+	} catch (error) {
+		return NextResponse.json(
+			{ error: error instanceof Error ? error.message : 'Failed to update configuration' },
+			{ status: 500 },
+		);
+	}
+}