imbytecat/fullstack-starter
1
1
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: imbytecat:f3ea0f07893c09f06e68d2a39e3a8b3c396a0c4c
Branches Tags
imbytecat:main imbytecat:ux imbytecat:backup/legacy imbytecat:backup/ux
...
compare: imbytecat:ux
Branches Tags
imbytecat:main imbytecat:ux imbytecat:backup/legacy imbytecat:backup/ux

134 Commits
f3ea0f0789 ... ux

Author SHA1 Message Date
imbytecat
250eba6927 fix(server): 首页文档入口改为 api docs 2026-03-19 16:24:57 +08:00
imbytecat
0f344b5847 refactor(server): crypto 流程改用验证后的 licenceId 2026-03-19 16:16:53 +08:00
imbytecat
403eec3e12 feat(server): 配置接口接入 licence 验签 2026-03-19 16:16:42 +08:00
imbytecat
84c935d4bd refactor(server): 规范化 licence 持久化结构 2026-03-19 16:16:29 +08:00
imbytecat
e5fed81db5 feat(server): 新增 signed licence 校验工具 2026-03-19 16:16:18 +08:00
imbytecat
e3e3caed6a feat(crypto): 新增 RSA 验签工具 2026-03-19 16:16:07 +08:00
imbytecat
b5490085bd chore(deps): bump dependencies to latest versions 2026-03-16 15:09:01 +08:00
imbytecat
713ee5b79f docs(server): update encryptSummary example summary structure 2026-03-10 16:58:28 +08:00
imbytecat
d7d6b06e35 fix(server): simplify report tag and hide platformPublicKey in config output 2026-03-10 16:35:00 +08:00
imbytecat
1997655875 feat(server): persist platform public key and enrich OpenAPI docs 2026-03-10 16:20:49 +08:00
imbytecat
9a2bd5c43a fix(server): 使用 lossless-json 无损处理 summary.json Long 精度 2026-03-10 16:10:25 +08:00
imbytecat
42bc8605b4 docs: 添加摘要+ZIP 加密测试控制器参考 2026-03-10 15:09:11 +08:00
imbytecat
04ff718f47 docs: 移除旧版工具箱端授权对接指南文档 2026-03-10 15:08:36 +08:00
imbytecat
da82403f7f refactor(server): signAndPackReport 对齐 Kotlin 参考实现的摘要与签名结构 2026-03-10 15:08:12 +08:00
imbytecat
4a5dd437fa fix(server): setPgpPrivateKey 接口增加私钥格式校验 2026-03-10 15:07:31 +08:00
imbytecat
1945417f28 feat(crypto): 新增 validatePgpPrivateKey 校验函数 2026-03-10 15:07:07 +08:00
imbytecat
8be32bf15b refactor(server): extract ZIP security checks into reusable safe-zip module 2026-03-06 16:51:33 +08:00
imbytecat
1110edc974 docs: remove outdated UX API docs (superseded by OpenAPI /api/docs) 2026-03-06 16:41:15 +08:00
imbytecat
a5fd9c1833 fix(crypto): replace deprecated .passthrough() with .loose() (Zod 4) 2026-03-06 16:40:46 +08:00
imbytecat
3d27f8ccfa refactor(crypto): use Zod safeParse for summary.json validation instead of manual checks 2026-03-06 16:39:38 +08:00
imbytecat
4d64cfb93d docs: 添加管理平台标准加密算法 Kotlin 参考实现 2026-03-06 15:34:04 +08:00
imbytecat
2651ec0835 fix(crypto): 修复 RSA-OAEP 加密与 Java SunJCE 的 MGF1 哈希不兼容问题 
Node.js publicEncrypt({ oaepHash }) 会将 OAEP hash 和 MGF1 hash
绑定为同一算法,而 Java OAEPWithSHA-256AndMGF1Padding 默认使用
SHA-256(OAEP) + SHA-1(MGF1)。改用 node-forge 独立配置两个哈希,
确保密文可被管理平台正确解密。
 2026-03-06 15:33:07 +08:00
imbytecat
122dead202 refactor(server): 简化 signAndPackReport 接口,PGP 私钥本地存储、summary.json 从 ZIP 提取 
- DB schema 新增 pgpPrivateKey 字段
- 新增 config.setPgpPrivateKey 接口,私钥与设备绑定
- signAndPackReport 只需传 rawZip,signingContext 自动从 summary.json 派生
- configOutput 新增 hasPgpPrivateKey 字段
- 抽取 requireIdentity 减少重复校验代码
 2026-03-06 14:55:12 +08:00
imbytecat
ec41a4cfc7 docs(contract): 为所有 API 的 input/output 添加 OpenAPI examples,便于厂商测试 2026-03-06 14:37:50 +08:00
imbytecat
86754f73c1 docs(contract): 优化 API summary/description,对齐工具箱端对接指南文档 2026-03-06 14:30:09 +08:00
imbytecat
9296ab31e4 fix(server): 每次启动重新计算设备特征码,环境变化时自动更新 2026-03-06 11:28:14 +08:00
imbytecat
72d1727eb6 refactor(server): 设备特征码直接使用完整 SHA-256,移除 FP- 前缀和截断 2026-03-06 11:23:52 +08:00
imbytecat
aabd60e619 refactor(server): 使用 systeminformation 替代手动采集生成设备特征码 
硬件级 SMBIOS 标识(uuid/serial/model/manufacturer)跨平台稳定,
不再依赖 Linux 独有的 machine-id 和易变的 OS release/内存/MAC 地址。
 2026-03-06 11:16:17 +08:00
imbytecat
cdb3298f6d refactor(db): 删除去业务化后残留的 device/task 表定义 2026-03-06 10:39:09 +08:00
imbytecat
060ddd8e12 docs: 更新 UX 本地身份配置流程与对接说明 2026-03-06 10:02:56 +08:00
imbytecat
b50d2eaf10 refactor(server): 重构为本地身份配置 + 底层 crypto 能力接口 2026-03-06 10:02:26 +08:00
imbytecat
46e2c94faf fix(db): 修正 drizzle-kit 在 Bun SQLite 下的配置与脚本 2026-03-05 16:59:25 +08:00
imbytecat
b1062a5aed refactor(api): signAndPackReport 直接返回签名 ZIP 文件 2026-03-05 16:58:59 +08:00
imbytecat
b193759e90 docs: 新增第三方 OpenAPI 对接指南 2026-03-05 16:44:01 +08:00
imbytecat
eb941c06c0 docs(api): 补全 OpenAPI 元数据与字段描述 2026-03-05 16:43:53 +08:00
imbytecat
eb2f6554b2 docs: 更新 signAndPackReport 为 multipart 文件上传说明 2026-03-05 16:32:49 +08:00
imbytecat
58d57fa148 refactor(server): 使用 multipart File 替代报告 ZIP 的 base64 上传 2026-03-05 16:32:41 +08:00
imbytecat
509860bba8 docs: 补充 UX 集成模式与授权对接说明 2026-03-05 16:24:21 +08:00
imbytecat
4e7c4e1aa5 feat(server): 实现设备授权与报告 ZIP 签名打包接口 2026-03-05 16:24:10 +08:00
imbytecat
8261409d7d refactor(server): 切换 SQLite 并重建设备/任务表结构 2026-03-05 16:23:30 +08:00
imbytecat
d2eb98d612 feat: 新增共享加密包并引入 ZIP/PGP 依赖 2026-03-05 16:23:13 +08:00
imbytecat
9d8a38a4c4 fix: 修正 ORPC handler 语义、加固 Electron 安全、优化构建与运行时配置 
- todo.router: create 错误码 NOT_FOUND → INTERNAL_SERVER_ERROR,remove 增加存在性检查
- __root: devtools 仅在 DEV 环境渲染
- Electron: 添加 will-navigate 导航拦截、显式安全 webPreferences、deny-all 权限请求
- sidecar: 空 catch 块补充意图注释,新增 lastResolvedUrl getter
- todo.contract: 硬编码 omit 改用 generatedFieldKeys
- router: QueryClient 添加 staleTime/retry 默认值
- turbo: build 任务精细化 inputs 提升缓存命中率
- fields: id() 改为模块私有
 2026-03-05 14:06:43 +08:00
imbytecat
cd7448c3b3 docs: 统一使用 bun run <script> 避免与 Bun 内置子命令冲突 
bun build 会调用 Bun 内置 bundler 而非 package.json script,
将所有文档中的 bun <script> 改为 bun run <script> 以避免歧义。
bun test 保留不变(直接使用 Bun 内置 test runner)。
 2026-03-05 12:57:26 +08:00
imbytecat
58d7a453b6 style: 将 biome lineWidth 从默认 80 调整为 120 2026-03-05 12:28:18 +08:00
imbytecat
afc3b66efa refactor: 移除根 package.json 中冗余的 --filter 参数 
Turbo 会自动只在定义了对应 script 的包上执行任务,无需手动指定 filter。
 2026-03-05 12:08:48 +08:00
imbytecat
3c97e9c3eb refactor: 移除根 turbo.json 中冗余的 compile/dist 任务定义 
子包 turbo.json(extends root)已各自定义了完整配置,
根级重复注册无实际作用。
 2026-03-05 12:06:11 +08:00
imbytecat
58620b4d4b feat: 补充 root compile/dist 脚本,通过 Turbo filter 委托到对应 app 2026-03-05 11:56:49 +08:00
imbytecat
04b8dedb3e fix: 修正 middleware 导入路径、清理 catalog 冗余项、同步文档 2026-03-05 11:22:49 +08:00
imbytecat
02bdfffe79 refactor(client): 合并 orpc.ts 和 query-client.ts 为单文件,遵循 ORPC 官方模式 2026-03-05 11:05:53 +08:00
imbytecat
0cd8b57d24 refactor: 优化项目结构 — 修复拼写、提取共享 interceptor、扁平化 db 目录、清理空包 2026-03-05 10:58:55 +08:00
imbytecat
0438b52c93 refactor(db): 移除 drizzle() 多余的 schema 参数,RQBv2 只需 relations 2026-03-05 10:37:47 +08:00
imbytecat
fd9478d64e docs: 同步 AGENTS.md 至 Drizzle v1 beta 并添加开发原则 
- 所有 AGENTS.md 新增「开发原则」:不向后兼容、改代码必须同步文档、前向迁移
- 根 AGENTS.md: 更新 Database 段落为 Drizzle v1 beta + postgres-js + RQBv2
- server AGENTS.md: 更新 tech stack、目录结构、ORPC 示例、数据库段落
  - drizzle-zod → drizzle-orm/zod
  - bun-sql → postgres-js
  - RQBv1 回调 → RQBv2 对象语法
  - 新增 relations.ts 和 DB instance 示例
- desktop AGENTS.md: 添加开发原则和文档同步规则
 2026-03-05 10:21:31 +08:00
imbytecat
73614204f7 chore(deps): 升级 Drizzle ORM 到 1.0 beta 并迁移至 RQBv2 
- drizzle-orm/drizzle-kit 从 0.45.1/0.31.9 升级到 1.0.0-beta.15
- 移除独立的 drizzle-zod 包,改用 drizzle-orm/zod 内置导入
- DB driver 从 bun-sql 切换到 postgres-js
- 新增 defineRelations 入口 (RQBv2)
- 查询语法迁移到 RQBv2 对象风格 orderBy
 2026-03-05 10:17:10 +08:00
imbytecat
61e7a1b621 chore(deps): 升级依赖并同步 VSCode 配置 2026-03-05 10:00:13 +08:00
imbytecat
5ccde0a121 fix(server): 避免 SSR 导入 *.client 模块导致构建失败 2026-02-26 12:09:45 +08:00
imbytecat
0553347bfe chore(deps): 升级 TanStack Start 与构建相关依赖 2026-02-26 12:09:37 +08:00
imbytecat
52af81b079 ci(gitea): 移除 Gitea Actions 工作流 2026-02-17 18:30:38 +08:00
imbytecat
527c1d1020 ci(gitea): 将 dist 工作流重命名为 release 并上传 AppImage 产物
All checks were successful
Release / release (push) Successful in 52s
Details
2026-02-17 18:21:54 +08:00
imbytecat
4ed961760a ci(gitea): 升级 mise action 并补充版本输出
All checks were successful
Build Dist / dist (push) Successful in 1m5s
Details
2026-02-17 18:00:32 +08:00
imbytecat
c54b7d27a6 ci(gitea): 新增 mise + turbo dist 构建工作流
Some checks failed
Build Dist / dist (push) Has been cancelled
Details
2026-02-17 17:52:28 +08:00
imbytecat
d478b94c13 chore(server): 切换 Bun 运行链路并同步升级核心依赖 2026-02-17 17:43:07 +08:00
imbytecat
908b369732 fix(server): 使用 SubmitEventHandler 消除 React 19 弃用告警 2026-02-16 05:30:44 +08:00
imbytecat
51724a7936 feat(desktop): 调整启动页 logo 与加载动画视觉 2026-02-16 05:18:27 +08:00
imbytecat
93a2519012 feat(desktop): 迁移启动页到 React 并接入 Motion 动画 2026-02-16 05:10:15 +08:00
imbytecat
5edab0ba1d feat(desktop): 恢复启动加载页并在服务就绪后切换 2026-02-16 04:28:37 +08:00
imbytecat
a451e08209 fix(server): 移除重复的 NODE_ENV 环境变量声明 2026-02-16 04:09:14 +08:00
imbytecat
e76a03d0f4 feat(desktop): 拆分 sidecar 管理并接入健康检查路由 2026-02-16 04:06:41 +08:00
imbytecat
aa1e2c81c6 chore: remove unused fingerprint utility and stale deps 2026-02-16 03:03:33 +08:00
imbytecat
7e2621ae37 chore(build): 调整脚本顺序并移除多余空行 2026-02-16 00:05:22 +08:00
imbytecat
94a9122f34 feat(build): 统一编译命令并默认启用双架构 2026-02-15 23:48:37 +08:00
imbytecat
275c8e4795 docs(agents): 同步多架构构建与打包命令说明 2026-02-15 23:32:32 +08:00
imbytecat
8245abe217 feat(build): 支持桌面端多架构打包矩阵 2026-02-15 23:26:00 +08:00
imbytecat
627e6f9dd3 chore: bump dependency catalog and lockfile versions 2026-02-15 22:01:03 +08:00
imbytecat
e59e085217 chore(vscode): remove unused extension recommendations 2026-02-15 21:51:36 +08:00
imbytecat
cd9826ded3 chore(desktop): tweak electron-vite dev watch and remove redundant --config flags 2026-02-09 04:19:53 +08:00
imbytecat
2efc57d9ee feat(desktop): show native error dialogs on startup failures 
Replace silent console.error + app.quit() with dialog.showErrorBox()
so users actually see why the app failed to start instead of it just
disappearing. Covers server spawn errors, timeout, port allocation
failure, mid-session server crashes, and window creation failures.
 2026-02-09 03:35:24 +08:00
imbytecat
1f5940438a fix(desktop): use array format for win target in electron-builder config 2026-02-09 03:16:48 +08:00
imbytecat
0bab6372ac chore(desktop): reorganize electron-builder config and refine packaging targets 2026-02-09 03:15:01 +08:00
imbytecat
5f0c9d33cb chore 2026-02-09 02:58:43 +08:00
imbytecat
73982939a8 chore(desktop): add app icon and track resources directory 2026-02-09 02:51:56 +08:00
imbytecat
10c2d61523 fix(desktop): use CJS for preload script to fix sandbox loading error 2026-02-09 02:17:57 +08:00
imbytecat
18ce05854a feat(server): add NODE_ENV to shared env schema 2026-02-09 01:59:45 +08:00
imbytecat
7eccef5d8f chore(desktop): remove redundant config fields for KISS 2026-02-09 01:41:34 +08:00
imbytecat
41667cb33b refactor(desktop): simplify main process logic and improve naming 
- Remove logLifecycle wrapper, inline the conditional logging
- Remove redundant shouldAbortWindowLoad check before final loadURL
- Rename getServerUrl to resolveServerUrl to reflect side effects
- Add .catch on createWindow to prevent silent async failures
 2026-02-09 01:27:29 +08:00
imbytecat
00c944e1b5 refactor(desktop): 精简主进程启动与退出逻辑并减少打包态日志噪音 2026-02-09 01:13:08 +08:00
imbytecat
f9edfd0058 fix(desktop): guard shutdown race and kill sidecar process tree 2026-02-09 00:57:30 +08:00
imbytecat
9aea89e16d fix(desktop): force app exit on windows window close 2026-02-09 00:40:01 +08:00
imbytecat
26b74b25f2 fix(desktop): use stdio ignore for sidecar to prevent process hang on quit 
Piped stdio handles kept the event loop alive on Windows after killing
the sidecar process, preventing the Electron app from exiting.
 2026-02-09 00:23:05 +08:00
imbytecat
ccf220fc29 fix(desktop): ensure sidecar process stops on app shutdown 2026-02-08 23:59:54 +08:00
imbytecat
a585069cdc refactor: rename compile:mac/win to compile:darwin/windows to match Bun target names 2026-02-08 23:39:30 +08:00
imbytecat
b149cc5dc0 refactor: decentralize turbo task config — move compile/dist to workspace turbo.json 
Sink package-specific tasks from root turbo.json into workspace configs:
- compile/compile:* → apps/server/turbo.json (only server compiles binaries)
- dist/dist:* → apps/desktop/turbo.json (only desktop distributes)
- Cross-package deps (desktop→server#compile) owned by desktop config
- Desktop dist scripts no longer bypass Turbo by calling bun run build

Root turbo.json reduced from 16 to 4 generic lifecycle tasks.
 2026-02-08 23:26:24 +08:00
imbytecat
9f38636d76 refactor(server): use Bun.Build.CompileTarget and derive host target instead of manual map 2026-02-08 22:47:39 +08:00
imbytecat
63906ec09b refactor(server): use util.parseArgs for declarative CLI arg parsing in compile.ts 2026-02-08 22:38:49 +08:00
imbytecat
8c4e4ad150 refactor(server): use type guard to eliminate as Target casts in compile.ts 2026-02-08 22:33:02 +08:00
imbytecat
e171db8196 refactor: simplify compile.ts to single-target and add per-platform compile scripts 
- Rewrite compile.ts from 112 to 66 lines: single target with auto-detect host, remove multi-target batch logic
- Add compile:linux/mac/win scripts to server, root, and turbo configs
- Wire desktop dist:* to depend on matching server compile:* (avoid unnecessary cross-platform compilation)
- Update AGENTS.md docs across root, server, and desktop
 2026-02-08 22:25:30 +08:00
imbytecat
dac6bb1643 refactor: 统一打包命令为 dist 体系,build 仅编译不打包 
- build:linux/mac/win → dist/dist:linux/dist:mac/dist:win
- Turbo 任务依赖:desktop#dist:* → server#compile → server#build
- 根目录 bun dist 一条命令完成完整打包流水线
- 更新 AGENTS.md 文档同步命令变更
 2026-02-08 20:48:58 +08:00
imbytecat
8c0ea632d7 style(desktop): 规范 package.json 字段排序 2026-02-08 20:31:17 +08:00
imbytecat
db23ee42fc chore: 更新 lockfile 依赖版本 2026-02-08 20:26:16 +08:00
imbytecat
0784546e50 fix(desktop): 修复 artifactName 路径错误并移除 deb 构建目标 
scoped package name 中的 / 导致 ${name} 作为路径出错,改用 ${productName};
移除 deb target(fpm 依赖不可用);补充 package.json 元信息字段
 2026-02-08 20:03:47 +08:00
imbytecat
2fe3e15659 refactor: 重命名 build.ts → compile.ts,统一脚本与文件命名 
- compile 脚本调用 compile.ts,消除与 build 的歧义
- desktop turbo.json 添加 build outputs 缓存配置
 2026-02-08 19:46:04 +08:00
imbytecat
ed02993350 style(desktop): loading 页面改为白色轻盈主题 2026-02-08 19:40:20 +08:00
imbytecat
e4e5ff2211 chore: 移除 useSortedClasses 规则,等待 nursery 毕业后再启用 2026-02-08 19:19:18 +08:00
imbytecat
d69a573a33 feat: 为 desktop/server 添加 Tailwind CSS 支持和 Biome 集成 
- desktop renderer 接入 @tailwindcss/vite,loading 页面改用 Tailwind 类
- 两个 app 添加 biome.json 继承配置:tailwindDirectives + useSortedClasses
 2026-02-08 19:17:53 +08:00
imbytecat
6cc1bc6834 refactor(desktop): 用类型收窄替代 as AddressInfo 断言 2026-02-08 19:03:13 +08:00
imbytecat
894fd17d1a fix(desktop): 动态分配 sidecar 端口替代硬编码,避免端口冲突 
使用 net.createServer().listen(0) 探测可用端口,通过 PORT 环境变量
传递给 sidecar binary(VS Code language server 同款模式)
 2026-02-08 18:38:45 +08:00
imbytecat
888f20fdab fix(desktop): 加载 loading 页面作为启动屏,配置平台级 extraResources 对接交叉编译 
- main process 启动时先加载 renderer/index.html 显示 spinner
- electron-builder 按平台引用 server/out/ 下对应架构的 sidecar binary
- 移除 mise.toml 中无关的 rust 工具配置
 2026-02-08 18:21:40 +08:00
imbytecat
7318600e20 refactor(desktop): 替换 WebUI 为 Electron + electron-vite 桌面壳方案 
- 使用 electron-vite 构建 main/preload,electron-builder 打包分发
- main process: dev 模式直连 localhost:3000,生产模式 spawn sidecar binary
- 添加 loading 页面,server 就绪前显示加载动画
- 更新 catalog 依赖: electron, electron-vite, electron-builder
- 移除 @webui-dev/bun-webui 依赖
 2026-02-08 18:16:13 +08:00
imbytecat
e8e473b357 refactor(desktop): 替换 Electrobun 为 WebUI 作为桌面窗口方案 
Electrobun 太不稳定,改用 webui-dev/webui(轻量 C 库,~300KB)通过
系统浏览器或 WebView 提供桌面窗口。已验证 bun:ffi 加载和
bun build --compile 均正常工作。

- 移除 electrobun 依赖和配置
- 添加 @webui-dev/bun-webui 依赖
- 重写桌面入口为 WebUI 窗口方案
- 移除 Conveyor 打包工具(mise.toml)
 2026-02-08 04:15:34 +08:00
imbytecat
41d97ca312 refactor(deps): 将 @hydraulic/conveyor 从 bun 依赖迁移到 mise 全局工具 2026-02-08 03:21:38 +08:00
imbytecat
cfe7de2a70 chore(deps): 添加 @hydraulic/conveyor 依赖到 desktop 应用 2026-02-08 03:11:43 +08:00
imbytecat
b87de26e17 chore(deps): 升级 TanStack devtools 和 vite-tsconfig-paths 依赖版本 2026-02-08 02:41:22 +08:00
imbytecat
b8d38872ad refactor(desktop): 优化 Electrobun 构建配置 
- 从 package.json 动态读取版本号替代硬编码
- 启用所有平台的 CEF 捆绑
- 将构建目标从配置文件移至 CLI 参数
- 启用 asar 打包并为 dev 脚本添加 --env=dev 标志
 2026-02-08 02:38:37 +08:00
imbytecat
7450c685d3 chore: 移除已完成的 electrobun 生产模式计划文档 2026-02-08 00:40:43 +08:00
imbytecat
2048f73155 refactor(server): 按照官方推荐顺序重排 Vite 插件并清理冗余配置 2026-02-07 22:13:16 +08:00
imbytecat
70b5d27493 chore(desktop): 添加 win-x64 构建目标 2026-02-07 21:04:39 +08:00
imbytecat
5d5d3a51f6 chore(desktop): 禁用 mac 和 win 平台的 CEF 捆绑 2026-02-07 20:57:58 +08:00
imbytecat
3306e18395 refactor(desktop): 使用预分配端口替代 stdout 解析获取服务器端口 2026-02-07 19:32:56 +08:00
imbytecat
14bcdb33af chore(deps): 升级 TanStack 路由和 Start 依赖版本 2026-02-07 19:11:28 +08:00
imbytecat
cc81d95178 chore(desktop): 升级 electrobun 至 1.12.0-beta.1 2026-02-07 19:10:33 +08:00
imbytecat
55d45e6a49 docs(desktop): 更新 AGENTS.md 文档与开发计划以反映最新实现 2026-02-07 18:49:50 +08:00
imbytecat
b7a6a793a3 feat(desktop): 实现生产模式下的内嵌服务器子进程支持 2026-02-07 18:49:41 +08:00
imbytecat
6b12745e50 chore(desktop): 更新应用名称、标识符和版本号 2026-02-07 17:46:00 +08:00
imbytecat
989d8973f5 chore(desktop): 简化构建和开发脚本 2026-02-07 17:16:32 +08:00
imbytecat
41e79449ce docs: 更新 AGENTS.md 适配 Electrobun 替代 Tauri 2026-02-07 17:00:52 +08:00
imbytecat
4bbb0c4a16 refactor(server): simplify build script, remove Effect dependency 2026-02-07 16:44:56 +08:00
imbytecat
2b3026cf69 chore(turbo): simplify and optimize monorepo configuration 2026-02-07 16:35:30 +08:00
imbytecat
adb14cff77 chore: 重构 Turbo 构建配置并强化 Bun 专用说明 
将应用特定的构建输出配置下沉至各自 turbo.json,根级 build 任务添加拓扑依赖;AGENTS.md 统一添加 Bun 专用运行时警告;桌面端启用 Linux CEF 渲染器。
 2026-02-07 16:14:55 +08:00
imbytecat
44ca7a0f5e chore: 扩展 Turbo build 任务的输出目录配置 2026-02-07 07:06:55 +08:00
imbytecat
59b4edc2d2 chore(desktop): 降级 electrobun 至 0.8.0 稳定版 2026-02-07 06:59:19 +08:00
imbytecat
9d0e9a6aac chore(desktop): 添加 .gitignore 和多平台构建脚本 2026-02-07 06:29:08 +08:00
imbytecat
f758fd5947 chore: 更新 bun.lock 锁文件 2026-02-07 06:15:52 +08:00
imbytecat
26f9421130 chore: 统一 Node/TypeScript 配置并修复桌面端类型环境 2026-02-07 05:53:38 +08:00
imbytecat
29969550ed refactor(desktop): 从 Tauri 迁移到 Electrobun 
- 移除 Tauri v2 代码 (src-tauri/, copy.ts)
- 添加 Electrobun 配置和入口 (electrobun.config.ts, src/bun/index.ts)
- 更新 package.json 使用 catalog 管理 electrobun 依赖
- 移除 server 中的 @tauri-apps/api 依赖
- 更新 AGENTS.md 文档
 2026-02-07 05:04:53 +08:00
imbytecat
9aa3b46ee5 chore(desktop): 更新 Cargo 依赖 2026-02-07 03:45:08 +08:00
114 changed files with 4136 additions and 7563 deletions
Expand all files Collapse all files

5
.gitignore vendored
View File

@@ -9,6 +9,11 @@
# Bun build # Bun build
*.bun-build *.bun-build
# SQLite database files
*.db
*.db-wal
*.db-shm
# Turborepo # Turborepo
.turbo/ .turbo/

5
.vscode/extensions.json vendored
View File

@@ -2,11 +2,8 @@
"recommendations": [ "recommendations": [
"biomejs.biome", "biomejs.biome",
"hverlin.mise-vscode", "hverlin.mise-vscode",
"mikestead.dotenv",
"oven.bun-vscode", "oven.bun-vscode",
"redhat.vscode-yaml", "redhat.vscode-yaml",
"rust-lang.rust-analyzer", "tamasfe.even-better-toml"
"tamasfe.even-better-toml",
"tauri-apps.tauri-vscode"
] ]
} }

43
.vscode/settings.json vendored
View File

@@ -1,49 +1,42 @@
{ {
// Disable the default formatter & linter, use biome instead
"prettier.enable": false,
"eslint.enable": false,
// Auto fix
"editor.codeActionsOnSave": {
"source.fixAll.biome": "explicit",
"source.organizeImports.biome": "explicit"
},
"editor.defaultFormatter": "biomejs.biome",
"editor.formatOnSave": true,
"[javascript]": { "[javascript]": {
"editor.defaultFormatter": "biomejs.biome" "editor.defaultFormatter": "biomejs.biome"
}, },
"[javascriptreact]": { "[javascriptreact]": {
"editor.defaultFormatter": "biomejs.biome" "editor.defaultFormatter": "biomejs.biome"
}, },
"[typescript]": {
"editor.defaultFormatter": "biomejs.biome"
},
"[typescriptreact]": {
"editor.defaultFormatter": "biomejs.biome"
},
"[json]": { "[json]": {
"editor.defaultFormatter": "biomejs.biome" "editor.defaultFormatter": "biomejs.biome"
}, },
"[jsonc]": { "[jsonc]": {
"editor.defaultFormatter": "biomejs.biome" "editor.defaultFormatter": "biomejs.biome"
}, },
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml"
},
"[toml]": { "[toml]": {
"editor.defaultFormatter": "tamasfe.even-better-toml" "editor.defaultFormatter": "tamasfe.even-better-toml"
}, },
"[typescript]": {
"editor.defaultFormatter": "biomejs.biome"
},
"[typescriptreact]": {
"editor.defaultFormatter": "biomejs.biome"
},
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml"
},
"editor.codeActionsOnSave": {
"source.fixAll.biome": "explicit",
"source.organizeImports.biome": "explicit"
},
"editor.defaultFormatter": "biomejs.biome",
"editor.formatOnSave": true,
"files.associations": { "files.associations": {
".env": "dotenv", ".env": "dotenv",
".env.*": "dotenv", ".env.*": "dotenv",
"**/tsconfig.json": "jsonc",
"**/tsconfig.*.json": "jsonc",
"**/biome.json": "jsonc", "**/biome.json": "jsonc",
"**/opencode.json": "jsonc" "**/opencode.json": "jsonc",
"**/tsconfig.*.json": "jsonc",
"**/tsconfig.json": "jsonc"
}, },
// TanStack Router
"files.readonlyInclude": { "files.readonlyInclude": {
"**/routeTree.gen.ts": true "**/routeTree.gen.ts": true
}, },

177
AGENTS.md
View File

@@ -4,46 +4,71 @@ Guidelines for AI agents working in this Bun monorepo.
## Project Overview ## Project Overview
> **This project uses [Bun](https://bun.sh) exclusively as both the JavaScript runtime and package manager. Do NOT use Node.js / npm / yarn / pnpm. All commands start with `bun` — use `bun install` for dependencies and `bun run <script>` for scripts. Always prefer `bun run <script>` over `bun <script>` to avoid conflicts with Bun built-in subcommands (e.g. `bun build` invokes Bun's bundler, NOT your package.json script). Never use `npm`, `npx`, or `node`.**
- **Monorepo**: Bun workspaces + Turborepo orchestration - **Monorepo**: Bun workspaces + Turborepo orchestration
- **Runtime**: Bun (see `mise.toml` for version) - **Runtime**: Bun (see `mise.toml` for version)**NOT Node.js**
- **Package Manager**: Bun — **NOT npm / yarn / pnpm**
- **Apps**: - **Apps**:
- `apps/server` - TanStack Start fullstack web app (see `apps/server/AGENTS.md`) - `apps/server` - TanStack Start fullstack web app (see `apps/server/AGENTS.md`)
- `apps/desktop` - Tauri v2 desktop shell, loads server via sidecar (see `apps/desktop/AGENTS.md`) - `apps/desktop` - Electron desktop shell, sidecar server pattern (see `apps/desktop/AGENTS.md`)
- **Packages**: `packages/utils`, `packages/tsconfig` (shared configs) - **Packages**: `packages/tsconfig` (shared TS configs)
## Build / Lint / Test Commands ## Build / Lint / Test Commands
### Root Commands (via Turbo) ### Root Commands (via Turbo)
```bash ```bash
bun dev # Start all apps in dev mode bun run dev # Start all apps in dev mode
bun build # Build all apps bun run build # Build all apps
bun fix # Lint + format (Biome auto-fix) bun run compile # Compile server to standalone binary (current platform)
bun typecheck # TypeScript check across monorepo bun run compile:darwin # Compile server for macOS (arm64 + x64)
bun run compile:linux # Compile server for Linux (x64 + arm64)
bun run compile:windows # Compile server for Windows x64
bun run dist # Package desktop distributable (current platform)
bun run dist:linux # Package desktop for Linux (x64 + arm64)
bun run dist:mac # Package desktop for macOS (arm64 + x64)
bun run dist:win # Package desktop for Windows x64
bun run fix # Lint + format (Biome auto-fix)
bun run typecheck # TypeScript check across monorepo
``` ```
### Server App (`apps/server`) ### Server App (`apps/server`)
```bash ```bash
bun dev # Vite dev server (localhost:3000) bun run dev # Vite dev server (localhost:3000)
bun build # Production build .output/ bun run build # Production build -> .output/
bun fix # Biome auto-fix bun run compile # Compile to standalone binary (current platform)
bun typecheck # TypeScript check bun run compile:darwin # Compile for macOS (arm64 + x64)
bun run compile:darwin:arm64 # Compile for macOS arm64
bun run compile:darwin:x64 # Compile for macOS x64
bun run compile:linux # Compile for Linux (x64 + arm64)
bun run compile:linux:arm64 # Compile for Linux arm64
bun run compile:linux:x64 # Compile for Linux x64
bun run compile:windows # Compile for Windows (default: x64)
bun run compile:windows:x64 # Compile for Windows x64
bun run fix # Biome auto-fix
bun run typecheck # TypeScript check
# Database (Drizzle) # Database (Drizzle)
bun db:generate # Generate migrations from schema bun run db:generate # Generate migrations from schema
bun db:migrate # Run migrations bun run db:migrate # Run migrations
bun db:push # Push schema (dev only) bun run db:push # Push schema (dev only)
bun db:studio # Open Drizzle Studio bun run db:studio # Open Drizzle Studio
``` ```
### Desktop App (`apps/desktop`) ### Desktop App (`apps/desktop`)
```bash ```bash
bun dev # Copy sidecar + start Tauri dev bun run dev # electron-vite dev mode (requires server dev running)
bun build # Copy sidecar + build installer bun run build # electron-vite build (main + preload)
bun run dist # Build + package for current platform
# Rust (from apps/desktop/src-tauri/) bun run dist:linux # Build + package for Linux (x64 + arm64)
cargo check # Compile check bun run dist:linux:x64 # Build + package for Linux x64
cargo clippy # Linter bun run dist:linux:arm64 # Build + package for Linux arm64
cargo fmt # Formatter bun run dist:mac # Build + package for macOS (arm64 + x64)
bun run dist:mac:arm64 # Build + package for macOS arm64
bun run dist:mac:x64 # Build + package for macOS x64
bun run dist:win # Build + package for Windows x64
bun run fix # Biome auto-fix
bun run typecheck # TypeScript check
``` ```
### Testing ### Testing
@@ -51,23 +76,17 @@ No test framework configured yet. When adding tests:
```bash ```bash
bun test path/to/test.ts # Run single test file bun test path/to/test.ts # Run single test file
bun test -t "pattern" # Run tests matching pattern bun test -t "pattern" # Run tests matching pattern
cargo test test_name -- --nocapture # Rust single test with output
``` ```
## Code Style (TypeScript) ## Code Style (TypeScript)
### Formatting (Biome) ### Formatting (Biome)
- **Indent**: 2 spaces - **Indent**: 2 spaces | **Line endings**: LF
- **Line endings**: LF - **Quotes**: Single `'` | **Semicolons**: Omit (ASI)
- **Quotes**: Single `'`
- **Semicolons**: Omit (ASI)
- **Arrow parentheses**: Always `(x) => x` - **Arrow parentheses**: Always `(x) => x`
### Imports ### Imports
Biome auto-organizes. Order: Biome auto-organizes. Order: 1) External packages → 2) Internal `@/*` aliases → 3) Type imports (`import type { ... }`)
1. External packages
2. Internal `@/*` aliases
3. Type imports (`import type { ... }`)
```typescript ```typescript
import { createFileRoute } from '@tanstack/react-router' import { createFileRoute } from '@tanstack/react-router'
@@ -77,10 +96,7 @@ import type { ReactNode } from 'react'
``` ```
### TypeScript Strictness ### TypeScript Strictness
- `strict: true` - `strict: true`, `noUncheckedIndexedAccess: true`, `noImplicitOverride: true`, `verbatimModuleSyntax: true`
- `noUncheckedIndexedAccess: true` - array/object access returns `T | undefined`
- `noImplicitOverride: true`
- `verbatimModuleSyntax: true`
- Use `@/*` path aliases (maps to `src/*`) - Use `@/*` path aliases (maps to `src/*`)
### Naming Conventions ### Naming Conventions
@@ -94,41 +110,25 @@ import type { ReactNode } from 'react'
| Types/Interfaces | PascalCase | `UserProfile` | | Types/Interfaces | PascalCase | `UserProfile` |
### React Patterns ### React Patterns
```typescript - Components: arrow functions (enforced by Biome)
// Components: arrow functions (enforced by Biome) - Routes: TanStack Router file conventions (`export const Route = createFileRoute(...)`)
const MyComponent = ({ title }: { title: string }) => { - Data fetching: `useSuspenseQuery(orpc.feature.list.queryOptions())`
return <div>{title}</div> - Let React Compiler handle memoization (no manual `useMemo`/`useCallback`)
}
// Routes: TanStack Router file conventions
export const Route = createFileRoute('/')({
component: Home,
})
// Data fetching: TanStack Query
const { data } = useSuspenseQuery(orpc.todo.list.queryOptions())
```
### Error Handling ### Error Handling
- Use `try-catch` for async operations - Use `try-catch` for async operations; throw descriptive errors
- Throw descriptive errors
- ORPC: Use `ORPCError` with proper codes (`NOT_FOUND`, `INPUT_VALIDATION_FAILED`) - ORPC: Use `ORPCError` with proper codes (`NOT_FOUND`, `INPUT_VALIDATION_FAILED`)
- Never use empty catch blocks - Never use empty catch blocks
## Code Style (Rust - Tauri) ## Database (Drizzle ORM v1 beta + postgres-js)
- **Indent**: 4 spaces - **ORM**: Drizzle ORM `1.0.0-beta` (RQBv2)
- **Naming**: snake_case (functions), PascalCase (types), SCREAMING_SNAKE (consts) - **Driver**: `drizzle-orm/postgres-js` (NOT `bun-sql`)
- Use `expect("中文消息")` over `unwrap()` - **Validation**: `drizzle-orm/zod` (built-in, NOT separate `drizzle-zod` package)
- Async: `tokio` runtime, `tauri::async_runtime::spawn` - **Relations**: Defined via `defineRelations()` in `src/server/db/relations.ts` (contains schema info, so `drizzle()` only needs `{ relations }`)
- Run `cargo fmt` and `cargo clippy` before commit - **Query style**: RQBv2 object syntax (`orderBy: { createdAt: 'desc' }`, `where: { id: 1 }`)
## Database (Drizzle ORM)
```typescript ```typescript
import { pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core'
import { sql } from 'drizzle-orm'
export const myTable = pgTable('my_table', { export const myTable = pgTable('my_table', {
id: uuid().primaryKey().default(sql`uuidv7()`), id: uuid().primaryKey().default(sql`uuidv7()`),
name: text().notNull(), name: text().notNull(),
@@ -140,31 +140,47 @@ export const myTable = pgTable('my_table', {
## Environment Variables ## Environment Variables
- Use `@t3-oss/env-core` with Zod validation in `src/env.ts` - Use `@t3-oss/env-core` with Zod validation in `src/env.ts`
- Server vars: no prefix - Server vars: no prefix | Client vars: `VITE_` prefix required
- Client vars: `VITE_` prefix required
- Never commit `.env` files - Never commit `.env` files
## Dependency Management
- All versions centralized in root `package.json` `catalog` field
- Workspace packages use `"catalog:"` — never hardcode versions
- Internal packages use `"workspace:*"` references
## Development Principles
> **These principles apply to ALL code changes. Agents MUST follow them on every task.**
1. **No backward compatibility** — This project is in rapid iteration. Always use the latest API and patterns. Never keep deprecated code paths or old API fallbacks "just in case".
2. **Always sync documentation** — When code changes, immediately update all related documentation (`AGENTS.md`, `README.md`, inline code examples). Code and docs must never drift apart. This includes updating code snippets in docs when imports, APIs, or patterns change.
3. **Forward-only migration** — When upgrading dependencies, fully adopt the new API. Don't mix old and new patterns in the same codebase.
## Critical Rules ## Critical Rules
**DO:** **DO:**
- Run `bun fix` before committing - Run `bun run fix` before committing
- Use `@/*` path aliases (not relative imports) - Use `@/*` path aliases (not relative imports)
- Let React Compiler handle memoization (no manual `useMemo`/`useCallback`)
- Include `createdAt`/`updatedAt` on all tables - Include `createdAt`/`updatedAt` on all tables
- Use `catalog:` for dependency versions
- Update `AGENTS.md` and other docs whenever code patterns change
**DON'T:** **DON'T:**
- Use `npm`, `npx`, `node`, `yarn`, `pnpm` — always use `bun` / `bunx`
- Edit `src/routeTree.gen.ts` (auto-generated) - Edit `src/routeTree.gen.ts` (auto-generated)
- Use `as any`, `@ts-ignore`, `@ts-expect-error` - Use `as any`, `@ts-ignore`, `@ts-expect-error`
- Commit `.env` files - Commit `.env` files
- Use empty catch blocks `catch(e) {}` - Use empty catch blocks `catch(e) {}`
- Use `unwrap()` in Rust without `expect()` - Hardcode dependency versions in workspace packages
- Leave docs out of sync with code changes
## Git Workflow ## Git Workflow
1. Make changes following style guide 1. Make changes following style guide
2. `bun fix` - auto-format and lint 2. `bun run fix` - auto-format and lint
3. `bun typecheck` - verify types 3. `bun run typecheck` - verify types
4. `bun dev` - test locally 4. `bun run dev` - test locally
5. Commit with descriptive message 5. Commit with descriptive message
## Directory Structure ## Directory Structure
@@ -174,27 +190,30 @@ export const myTable = pgTable('my_table', {
├── apps/ ├── apps/
│ ├── server/ # TanStack Start fullstack app │ ├── server/ # TanStack Start fullstack app
│ │ ├── src/ │ │ ├── src/
│ │ │ ├── client/ # ORPC client, Query client │ │ │ ├── client/ # ORPC client + TanStack Query utils
│ │ │ ├── components/ │ │ │ ├── components/
│ │ │ ├── routes/ # File-based routing │ │ │ ├── routes/ # File-based routing
│ │ │ └── server/ # API layer + database │ │ │ └── server/ # API layer + database
│ │ │ ├── api/ # ORPC contracts, routers, middlewares │ │ │ ├── api/ # ORPC contracts, routers, middlewares
│ │ │ └── db/ # Drizzle schema │ │ │ └── db/ # Drizzle schema
│ │ └── AGENTS.md │ │ └── AGENTS.md
│ └── desktop/ # Tauri v2 shell (no frontend src) │ └── desktop/ # Electron desktop shell
│ ├── src-tauri/ # Rust Tauri code │ ├── src/
│ │ ├── src/ # Rust source │ │ ├── main/
│ │ └── binaries/ # Sidecar binaries │ │ └── index.ts # Main process entry
│ │ └── preload/
│ │ └── index.ts # Preload script
│ ├── electron.vite.config.ts
│ ├── electron-builder.yml # Packaging config
│ └── AGENTS.md │ └── AGENTS.md
├── packages/ ├── packages/
── tsconfig/ # Shared TS configs ── tsconfig/ # Shared TS configs
│ └── utils/ # Shared utilities
├── biome.json # Linting/formatting config ├── biome.json # Linting/formatting config
├── turbo.json # Turbo task orchestration ├── turbo.json # Turbo task orchestration
└── package.json # Workspace root └── package.json # Workspace root + dependency catalog
``` ```
## See Also ## See Also
- `apps/server/AGENTS.md` - Detailed TanStack Start / ORPC patterns - `apps/server/AGENTS.md` - Detailed TanStack Start / ORPC patterns
- `apps/desktop/AGENTS.md` - Rust / Tauri development guide - `apps/desktop/AGENTS.md` - Electron desktop development guide

27
apps/desktop/.gitignore vendored
View File

@@ -1,24 +1,3 @@
# Logs # electron-vite build output
logs out/
*.log dist/
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
node_modules
dist
dist-ssr
*.local
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?

200
apps/desktop/AGENTS.md
View File

@@ -1,171 +1,95 @@
# AGENTS.md - Desktop App Guidelines # AGENTS.md - Desktop App Guidelines
Tauri v2 desktop shell - a lightweight wrapper that loads the server app via sidecar. Thin Electron shell hosting the fullstack server app.
## Tech Stack
> **⚠️ This project uses Bun as the package manager. Runtime is Electron (Node.js). Always use `bun run <script>` (not `bun <script>`) to avoid conflicts with Bun built-in subcommands. Never use `npm`, `npx`, `yarn`, or `pnpm`.**
- **Type**: Electron desktop shell
- **Design**: Server-driven desktop (thin native window hosting web app)
- **Runtime**: Electron (Main/Renderer) + Sidecar server binary (Bun-compiled)
- **Build Tool**: electron-vite (Vite-based, handles main + preload builds)
- **Packager**: electron-builder (installers, signing, auto-update)
- **Orchestration**: Turborepo
## Architecture ## Architecture
- **Type**: Tauri v2 desktop application (shell only) - **Server-driven design**: The desktop app is a "thin" native shell. It does not contain UI or business logic; it opens a BrowserWindow pointing to the `apps/server` TanStack Start application.
- **Design**: Tauri provides native desktop APIs; all web logic handled by sidecar - **Dev mode**: Opens a BrowserWindow pointing to `localhost:3000`. Requires `apps/server` to be running separately (Turbo handles this).
- **Sidecar**: The compiled server binary runs as a child process - **Production mode**: Spawns a compiled server binary (from `resources/`) as a sidecar process, waits for readiness, then loads its URL.
- **Dev mode**: Connects to `localhost:3000` (requires server dev running)
- **Prod mode**: Automatically starts sidecar binary
**This app has NO frontend src** - it loads the server app entirely.
## Commands ## Commands
```bash ```bash
# Development (from apps/desktop/) bun run dev # electron-vite dev (requires server dev running)
bun dev # Copy sidecar + start Tauri dev bun run build # electron-vite build (main + preload)
bun run dist # Build + package for current platform
# Build bun run dist:linux # Build + package for Linux (x64 + arm64)
bun build # Copy sidecar + build Tauri installer bun run dist:linux:x64 # Build + package for Linux x64
bun run dist:linux:arm64 # Build + package for Linux arm64
# Rust Commands (from src-tauri/) bun run dist:mac # Build + package for macOS (arm64 + x64)
cargo check # Compile check bun run dist:mac:arm64 # Build + package for macOS arm64
cargo clippy # Linter bun run dist:mac:x64 # Build + package for macOS x64
cargo fmt # Formatter bun run dist:win # Build + package for Windows x64
cargo test # Run tests bun run fix # Biome auto-fix
cargo test test_name -- --nocapture # Single test with output bun run typecheck # TypeScript check
``` ```
## Directory Structure ## Directory Structure
``` ```
apps/desktop/ .
├── src-tauri/ # Rust Tauri code ├── src/
│ ├── src/ │ ├── main/
│ │ ── main.rs # Entry point (calls lib::run) │ │ ── index.ts # Main process (server lifecycle + BrowserWindow)
│ ├── lib.rs # Core app logic (plugins, commands, state) └── preload/
── commands/ ── index.ts # Preload script (security isolation)
└── mod.rs # Native desktop commands ├── resources/ # Sidecar binaries (gitignored, copied from server build)
└── sidecar.rs # Sidecar process management ├── out/ # electron-vite build output (gitignored)
│ ├── binaries/ # Sidecar binaries (copied from server build) ├── electron.vite.config.ts
│ ├── capabilities/ # Tauri v2 permission config ├── electron-builder.yml # Packaging configuration
│ ├── icons/ # App icons
│ ├── Cargo.toml # Rust dependencies
│ └── tauri.conf.json # Tauri configuration
├── copy.ts # Script to copy server binary to binaries/
├── package.json ├── package.json
── tsconfig.json ── turbo.json
└── AGENTS.md
``` ```
## Development Workflow ## Development Workflow
1. **Start server dev first**: `cd ../server && bun dev` 1. **Start server**: `bun run dev` in `apps/server` (or use root `bun run dev` via Turbo).
2. **Start Tauri**: `bun dev` (from apps/desktop/) 2. **Start desktop**: `bun run dev` in `apps/desktop`.
3. Tauri connects to localhost:3000 with HMR support 3. **Connection**: Main process polls `localhost:3000` until responsive, then opens BrowserWindow.
## Rust Code Style ## Production Build Workflow
### Formatting From monorepo root, run `bun run dist` to execute the full pipeline automatically (via Turbo task dependencies):
- **Indent**: 4 spaces
- **Line width**: 100 chars
- Run `cargo fmt` before commit
### Naming 1. **Build server**: `apps/server``vite build``.output/`
| Type | Convention | Example | 2. **Compile server**: `apps/server``bun compile.ts --target ...``out/server-{os}-{arch}`
|------|------------|---------| 3. **Package desktop**: `apps/desktop``electron-vite build` + `electron-builder` → distributable
| Functions/variables | snake_case | `find_available_port` |
| Types/structs/enums | PascalCase | `SidecarProcess` |
| Constants | SCREAMING_SNAKE | `DEFAULT_PORT` |
### Imports The `electron-builder.yml` `extraResources` config reads binaries directly from `../server/out/`, no manual copy needed.
```rust
// Order: std → external crates → internal modules (separated by blank lines)
use std::sync::Mutex;
use tauri::Manager; To build for a specific platform explicitly, use `bun run dist:linux` / `bun run dist:mac` / `bun run dist:win` in `apps/desktop`.
use tauri_plugin_shell::ShellExt; For single-arch output, use `bun run dist:linux:x64`, `bun run dist:linux:arm64`, `bun run dist:mac:x64`, or `bun run dist:mac:arm64`.
use crate::sidecar::SidecarProcess; ## Development Principles
```
### Error Handling > **These principles apply to ALL code changes. Agents MUST follow them on every task.**
```rust
// Use expect() with Chinese error messages
let sidecar = app_handle
.shell()
.sidecar("server")
.expect("无法找到 server sidecar");
// Log with emoji for clear feedback 1. **No backward compatibility** — This project is in rapid iteration. Always use the latest API and patterns. Never keep deprecated code paths or old API fallbacks.
println!("✓ Sidecar 启动成功!"); 2. **Always sync documentation** — When code changes, immediately update all related documentation (`AGENTS.md`, `README.md`, inline code examples). Code and docs must never drift apart.
eprintln!("✗ Sidecar 启动失败"); 3. **Forward-only migration** — When upgrading dependencies, fully adopt the new API. Don't mix old and new patterns.
```
### Async Code
```rust
// Use Tauri's async runtime for spawning
tauri::async_runtime::spawn(async move {
let port = find_available_port(3000).await;
// ...
});
```
## Tauri Patterns
### Command Definition
```rust
#[tauri::command]
fn greet(name: &str) -> String {
format!("Hello, {}!", name)
}
// Register in Builder
.invoke_handler(tauri::generate_handler![commands::greet])
```
### State Management
```rust
struct SidecarProcess(Mutex<Option<CommandChild>>);
// Register state
app.manage(SidecarProcess(Mutex::new(None)));
// Access state
if let Some(state) = app_handle.try_state::<SidecarProcess>() {
*state.0.lock().unwrap() = Some(child);
}
```
### Sidecar Lifecycle
```rust
// Start sidecar with environment
let sidecar = app_handle
.shell()
.sidecar("server")
.expect("无法找到 server sidecar")
.env("PORT", port.to_string());
// Cleanup on exit
match event {
tauri::RunEvent::ExitRequested { .. } | tauri::RunEvent::Exit => {
if let Some(child) = process.take() {
let _ = child.kill();
}
}
_ => {}
}
```
## Critical Rules ## Critical Rules
**DO:** **DO:**
- Run `cargo fmt` and `cargo clippy` before commit - Use arrow functions for all utility functions.
- Use `expect("中文消息")` instead of `unwrap()` - Keep the desktop app as a thin shell — no UI or business logic.
- Always cleanup sidecar on app exit - Use `catalog:` for all dependency versions in `package.json`.
- Declare sidecar in `tauri.conf.json``bundle.externalBin`
**DON'T:** **DON'T:**
- Edit `gen/schemas/` (auto-generated) - Use `npm`, `npx`, `yarn`, or `pnpm`. Use `bun` for package management.
- Use `unwrap()` in production code without context - Include UI components or business logic in the desktop app.
- Block the async runtime (use `spawn_blocking`) - Use `as any` or `@ts-ignore`.
- Leave docs out of sync with code changes.
## Pre-commit Checklist
- [ ] `cargo fmt` - formatting
- [ ] `cargo clippy` - linting
- [ ] `cargo check` - compiles
- [ ] `cargo test` - tests pass
- [ ] Tauri app starts and exits cleanly

9
apps/desktop/biome.json Normal file
View File

@@ -0,0 +1,9 @@
{
"$schema": "../../node_modules/@biomejs/biome/configuration_schema.json",
"extends": "//",
"css": {
"parser": {
"tailwindDirectives": true
}
}
}

BIN
apps/desktop/build/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

470
apps/desktop/copy.ts
View File

@@ -1,470 +0,0 @@
import * as path from 'node:path'
import { Schema } from '@effect/schema'
import { $ } from 'bun'
import { Console, Context, Data, Effect, Layer } from 'effect'
// ============================================================================
// Domain Models & Schema
// ============================================================================
/**
* Bun 构建目标后缀
*/
const BunTargetSuffixSchema = Schema.Literal(
'windows-x64',
'darwin-arm64',
'darwin-x64',
'linux-x64',
'linux-arm64',
)
/**
* Tauri sidecar 目标三元组
*/
const TauriTargetSchema = Schema.Literal(
'x86_64-pc-windows-msvc',
'aarch64-apple-darwin',
'x86_64-apple-darwin',
'x86_64-unknown-linux-gnu',
'aarch64-unknown-linux-gnu',
)
/**
* 目标映射配置
*/
const TargetMappingSchema = Schema.Struct({
bunSuffix: BunTargetSuffixSchema,
tauriTarget: TauriTargetSchema,
})
type TargetMapping = Schema.Schema.Type<typeof TargetMappingSchema>
/**
* 复制配置
*/
const CopyConfigSchema = Schema.Struct({
sourceDir: Schema.String.pipe(Schema.nonEmptyString()),
targetDir: Schema.String.pipe(Schema.nonEmptyString()),
baseName: Schema.String.pipe(Schema.nonEmptyString()),
mappings: Schema.Array(TargetMappingSchema).pipe(Schema.minItems(1)),
})
type CopyConfig = Schema.Schema.Type<typeof CopyConfigSchema>
/**
* 复制结果
*/
const CopyResultSchema = Schema.Struct({
bunSuffix: BunTargetSuffixSchema,
tauriTarget: TauriTargetSchema,
sourceFile: Schema.String,
targetFile: Schema.String,
success: Schema.Boolean,
})
type CopyResult = Schema.Schema.Type<typeof CopyResultSchema>
// ============================================================================
// Error Models
// ============================================================================
class ConfigError extends Data.TaggedError('ConfigError')<{
readonly message: string
readonly cause: unknown
}> {}
class FileSystemError extends Data.TaggedError('FileSystemError')<{
readonly operation: string
readonly path: string
readonly cause: unknown
}> {}
class CopyError extends Data.TaggedError('CopyError')<{
readonly source: string
readonly target: string
readonly cause: unknown
}> {}
// ============================================================================
// Services
// ============================================================================
/**
* 配置服务
*/
class CopyConfigService extends Context.Tag('CopyConfigService')<
CopyConfigService,
CopyConfig
>() {
/**
* 从原始数据创建并验证配置
*/
static fromRaw = (raw: unknown) =>
Effect.gen(function* () {
const decoded = yield* Schema.decodeUnknown(CopyConfigSchema)(raw)
return decoded
}).pipe(
Effect.catchAll((error) =>
Effect.fail(
new ConfigError({
message: '配置验证失败',
cause: error,
}),
),
),
)
/**
* 默认配置 Layer
*/
static readonly Live = Layer.effect(
CopyConfigService,
CopyConfigService.fromRaw({
sourceDir: path.join(__dirname, '..', 'server', 'out'),
targetDir: path.join(__dirname, 'src-tauri', 'binaries'),
baseName: 'server',
mappings: [
{
bunSuffix: 'windows-x64',
tauriTarget: 'x86_64-pc-windows-msvc',
},
{
bunSuffix: 'darwin-arm64',
tauriTarget: 'aarch64-apple-darwin',
},
{
bunSuffix: 'darwin-x64',
tauriTarget: 'x86_64-apple-darwin',
},
{
bunSuffix: 'linux-x64',
tauriTarget: 'x86_64-unknown-linux-gnu',
},
{
bunSuffix: 'linux-arm64',
tauriTarget: 'aarch64-unknown-linux-gnu',
},
],
} satisfies CopyConfig),
)
}
/**
* 文件系统服务
*/
class FileSystemService extends Context.Tag('FileSystemService')<
FileSystemService,
{
readonly ensureDir: (dir: string) => Effect.Effect<void, FileSystemError>
readonly fileExists: (
filePath: string,
) => Effect.Effect<boolean, FileSystemError>
readonly dirExists: (
dirPath: string,
) => Effect.Effect<boolean, FileSystemError>
readonly copyFile: (
source: string,
target: string,
) => Effect.Effect<void, CopyError>
}
>() {
static readonly Live = Layer.succeed(FileSystemService, {
ensureDir: (dir: string) =>
Effect.tryPromise({
try: async () => {
await $`mkdir -p ${dir}`
},
catch: (cause: unknown) =>
new FileSystemError({
operation: 'ensureDir',
path: dir,
cause,
}),
}),
fileExists: (filePath: string) =>
Effect.tryPromise({
try: async () => {
const file = Bun.file(filePath)
return await file.exists()
},
catch: (cause: unknown) =>
new FileSystemError({
operation: 'fileExists',
path: filePath,
cause,
}),
}),
dirExists: (dirPath: string) =>
Effect.tryPromise({
try: async () => {
const { default: fs } = await import('node:fs/promises')
try {
const stat = await fs.stat(dirPath)
return stat.isDirectory()
} catch {
return false
}
},
catch: (cause: unknown) =>
new FileSystemError({
operation: 'dirExists',
path: dirPath,
cause,
}),
}),
copyFile: (source: string, target: string) =>
Effect.tryPromise({
try: async () => {
await $`cp ${source} ${target}`
},
catch: (cause: unknown) =>
new CopyError({
source,
target,
cause,
}),
}),
})
}
/**
* 复制服务
*/
class CopyService extends Context.Tag('CopyService')<
CopyService,
{
readonly copyBinary: (
config: CopyConfig,
mapping: TargetMapping,
) => Effect.Effect<CopyResult, CopyError | FileSystemError>
readonly copyAllBinaries: (
config: CopyConfig,
) => Effect.Effect<ReadonlyArray<CopyResult>, CopyError | FileSystemError>
}
>() {
static readonly Live = Layer.effect(
CopyService,
Effect.gen(function* () {
const fs = yield* FileSystemService
return {
copyBinary: (config: CopyConfig, mapping: TargetMapping) =>
Effect.gen(function* () {
const { sourceDir, targetDir, baseName } = config
const { bunSuffix, tauriTarget } = mapping
// 确定文件扩展名Windows 需要 .exe
const ext = tauriTarget.includes('windows') ? '.exe' : ''
// 构建源文件和目标文件路径
const sourceFile = path.join(
sourceDir,
`${baseName}-${bunSuffix}${ext}`,
)
const targetFile = path.join(
targetDir,
`${baseName}-${tauriTarget}${ext}`,
)
// 检查源文件是否存在
const exists = yield* fs.fileExists(sourceFile)
if (!exists) {
yield* Console.log(`⚠️ 跳过 ${bunSuffix}: 源文件不存在`)
return {
bunSuffix,
tauriTarget,
sourceFile,
targetFile,
success: false,
} satisfies CopyResult
}
// 复制文件
yield* fs.copyFile(sourceFile, targetFile)
yield* Console.log(`${bunSuffix}${tauriTarget}`)
yield* Console.log(` ${sourceFile}`)
yield* Console.log(`${targetFile}\n`)
return {
bunSuffix,
tauriTarget,
sourceFile,
targetFile,
success: true,
} satisfies CopyResult
}),
copyAllBinaries: (config: CopyConfig) =>
Effect.gen(function* () {
const effects = config.mappings.map((mapping) =>
Effect.gen(function* () {
const { sourceDir, targetDir, baseName } = config
const { bunSuffix, tauriTarget } = mapping
const ext = tauriTarget.includes('windows') ? '.exe' : ''
const sourceFile = path.join(
sourceDir,
`${baseName}-${bunSuffix}${ext}`,
)
const targetFile = path.join(
targetDir,
`${baseName}-${tauriTarget}${ext}`,
)
const exists = yield* fs.fileExists(sourceFile)
if (!exists) {
yield* Console.log(`⚠️ 跳过 ${bunSuffix}: 源文件不存在`)
return {
bunSuffix,
tauriTarget,
sourceFile,
targetFile,
success: false,
} satisfies CopyResult
}
yield* fs.copyFile(sourceFile, targetFile)
yield* Console.log(`${bunSuffix}${tauriTarget}`)
yield* Console.log(` ${sourceFile}`)
yield* Console.log(`${targetFile}\n`)
return {
bunSuffix,
tauriTarget,
sourceFile,
targetFile,
success: true,
} satisfies CopyResult
}),
)
return yield* Effect.all(effects, { concurrency: 'unbounded' })
}),
}
}),
)
}
/**
* 报告服务
*/
class ReporterService extends Context.Tag('ReporterService')<
ReporterService,
{
readonly printSummary: (
results: ReadonlyArray<CopyResult>,
) => Effect.Effect<void>
}
>() {
static readonly Live = Layer.succeed(ReporterService, {
printSummary: (results: ReadonlyArray<CopyResult>) =>
Effect.gen(function* () {
const successful = results.filter((r) => r.success)
const failed = results.filter((r) => !r.success)
yield* Console.log('\n📦 复制摘要:')
yield* Console.log(` ✅ 成功: ${successful.length}`)
yield* Console.log(` ⚠️ 跳过: ${failed.length}`)
if (successful.length > 0) {
yield* Console.log('\n成功复制的文件:')
for (const result of successful) {
yield* Console.log(
`${result.bunSuffix}${result.tauriTarget}`,
)
}
}
if (failed.length > 0) {
yield* Console.log('\n跳过的文件:')
for (const result of failed) {
yield* Console.log(`${result.bunSuffix} (源文件不存在)`)
}
}
}),
})
}
// ============================================================================
// Main Program
// ============================================================================
const program = Effect.gen(function* () {
const config = yield* CopyConfigService
const fs = yield* FileSystemService
const copier = yield* CopyService
const reporter = yield* ReporterService
yield* Console.log('📦 开始复制二进制文件到 Tauri sidecar 目录...\n')
// 1. 检查源目录
const sourceExists = yield* fs.dirExists(config.sourceDir)
if (!sourceExists) {
yield* Console.error(`❌ 源目录不存在: ${config.sourceDir}`)
yield* Console.log(
'💡 提示: 请先在 apps/server 中运行 bun run compile 构建服务器二进制文件',
)
return yield* Effect.fail(
new FileSystemError({
operation: 'checkSourceDir',
path: config.sourceDir,
cause: '源目录不存在',
}),
)
}
// 2. 创建目标目录
yield* fs.ensureDir(config.targetDir)
yield* Console.log(`✓ 目标目录: ${config.targetDir}\n`)
// 3. 并行复制所有二进制文件
const results = yield* copier.copyAllBinaries(config)
// 4. 输出摘要
yield* reporter.printSummary(results)
return results
})
// ============================================================================
// Layer Composition
// ============================================================================
const MainLayer = Layer.mergeAll(
CopyConfigService.Live,
FileSystemService.Live,
CopyService.Live.pipe(Layer.provide(FileSystemService.Live)),
ReporterService.Live,
)
// ============================================================================
// Runner
// ============================================================================
const runnable = program.pipe(
Effect.provide(MainLayer),
Effect.catchTags({
ConfigError: (error) =>
Console.error(`❌ 配置错误: ${error.message}`, error.cause),
FileSystemError: (error) =>
Console.error(
`❌ 文件系统错误 [${error.operation}]: ${error.path}`,
error.cause,
),
CopyError: (error) =>
Console.error(
`❌ 复制失败: ${error.source}${error.target}`,
error.cause,
),
}),
Effect.tapErrorCause((cause) => Console.error('❌ 未预期的错误:', cause)),
)
Effect.runPromise(runnable).catch(() => {
process.exit(1)
})

48
apps/desktop/electron-builder.yml Normal file
View File

@@ -0,0 +1,48 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/electron-userland/electron-builder/refs/heads/master/packages/app-builder-lib/scheme.json
appId: com.furtherverse.desktop
productName: Furtherverse
executableName: furtherverse
npmRebuild: false
asarUnpack:
- resources/**
files:
- "!**/.vscode/*"
- "!src/*"
- "!electron.vite.config.{js,ts,mjs,cjs}"
- "!{.env,.env.*,bun.lock}"
- "!{tsconfig.json,tsconfig.node.json}"
- "!{AGENTS.md,README.md,CHANGELOG.md}"
# macOS
mac:
target:
- dmg
category: public.app-category.productivity
extraResources:
- from: ../server/out/server-darwin-${arch}
to: server
dmg:
artifactName: ${productName}-${version}-${os}-${arch}.${ext}
# Windows
win:
target:
- portable
extraResources:
- from: ../server/out/server-windows-${arch}.exe
to: server.exe
portable:
artifactName: ${productName}-${version}-${os}-${arch}-Portable.${ext}
# Linux
linux:
target:
- AppImage
category: Utility
extraResources:
- from: ../server/out/server-linux-${arch}
to: server
appImage:
artifactName: ${productName}-${version}-${os}-${arch}.${ext}

11
apps/desktop/electron.vite.config.ts Normal file
View File

@@ -0,0 +1,11 @@
import tailwindcss from '@tailwindcss/vite'
import react from '@vitejs/plugin-react'
import { defineConfig } from 'electron-vite'
export default defineConfig({
main: {},
preload: {},
renderer: {
plugins: [react(), tailwindcss()],
},
})

36
apps/desktop/package.json
View File

@@ -2,18 +2,36 @@
"name": "@furtherverse/desktop", "name": "@furtherverse/desktop",
"version": "1.0.0", "version": "1.0.0",
"private": true, "private": true,
"type": "module", "main": "out/main/index.js",
"scripts": { "scripts": {
"build": "bun run copy && tauri build", "build": "electron-vite build",
"copy": "rm -rf binaries && bun --bun copy.ts", "dev": "electron-vite dev --watch",
"dev": "bun run copy && tauri dev" "dist": "electron-builder",
"dist:linux": "bun run dist:linux:x64 && bun run dist:linux:arm64",
"dist:linux:arm64": "electron-builder --linux --arm64",
"dist:linux:x64": "electron-builder --linux --x64",
"dist:mac": "bun run dist:mac:arm64 && bun run dist:mac:x64",
"dist:mac:arm64": "electron-builder --mac --arm64",
"dist:mac:x64": "electron-builder --mac --x64",
"dist:win": "electron-builder --win --x64",
"fix": "biome check --write",
"typecheck": "tsc -b"
},
"dependencies": {
"motion": "catalog:",
"react": "catalog:",
"react-dom": "catalog:",
"tree-kill": "catalog:"
}, },
"devDependencies": { "devDependencies": {
"@effect/schema": "catalog:",
"@furtherverse/tsconfig": "workspace:*", "@furtherverse/tsconfig": "workspace:*",
"@tauri-apps/cli": "catalog:", "@tailwindcss/vite": "catalog:",
"@types/bun": "catalog:", "@types/node": "catalog:",
"effect": "catalog:", "@vitejs/plugin-react": "catalog:",
"typescript": "catalog:" "electron": "catalog:",
"electron-builder": "catalog:",
"electron-vite": "catalog:",
"tailwindcss": "catalog:",
"vite": "catalog:"
} }
} }

0
apps/desktop/resources/.gitkeep Normal file
View File

10
apps/desktop/src-tauri/.gitignore vendored
View File

@@ -1,10 +0,0 @@
# Generated by Cargo
# will have compiled files and executables
/target/
# Generated by Tauri
# will have schema files for capabilities auto-completion
/gen/schemas
# Tauri Sidecar
binaries/

4773
apps/desktop/src-tauri/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

24
apps/desktop/src-tauri/Cargo.toml
View File

@@ -1,24 +0,0 @@
[package]
name = "server-desktop"
version = "0.1.0"
description = "A Tauri App"
authors = ["imbytecat"]
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[lib]
# The `_lib` suffix may seem redundant but it is necessary
# to make the lib name unique and wouldn't conflict with the bin name.
# This seems to be only an issue on Windows, see https://github.com/rust-lang/cargo/issues/8519
name = "server_desktop_lib"
crate-type = ["staticlib", "cdylib", "rlib"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
[dependencies]
tauri = { version = "2", features = [] }
tauri-plugin-shell = "2"
serde = { version = "1", features = ["derive"] }
tokio = { version = "1", features = ["net"] }

3
apps/desktop/src-tauri/build.rs
View File

@@ -1,3 +0,0 @@
fn main() {
tauri_build::build()
}

27
apps/desktop/src-tauri/capabilities/default.json
View File

@@ -1,27 +0,0 @@
{
"$schema": "../gen/schemas/desktop-schema.json",
"identifier": "default",
"description": "Capability for the main window",
"windows": ["main"],
"local": true,
"remote": {
"urls": [
"http://localhost:*",
"http://127.0.0.1:*",
"http{s}?://localhost(:\\d+)?/*"
]
},
"permissions": [
"core:default",
"core:window:allow-set-title",
{
"identifier": "shell:allow-execute",
"allow": [
{
"name": "binaries/app",
"sidecar": true
}
]
}
]
}

BIN
apps/desktop/src-tauri/icons/128x128.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.4 KiB

BIN
apps/desktop/src-tauri/icons/128x128@2x.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.8 KiB

BIN
apps/desktop/src-tauri/icons/32x32.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 974 B

BIN
apps/desktop/src-tauri/icons/Square107x107Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
apps/desktop/src-tauri/icons/Square142x142Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.8 KiB

BIN
apps/desktop/src-tauri/icons/Square150x150Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.9 KiB

BIN
apps/desktop/src-tauri/icons/Square284x284Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 7.6 KiB

BIN
apps/desktop/src-tauri/icons/Square30x30Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 903 B

BIN
apps/desktop/src-tauri/icons/Square310x310Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.4 KiB

BIN
apps/desktop/src-tauri/icons/Square44x44Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.3 KiB

BIN
apps/desktop/src-tauri/icons/Square71x71Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.0 KiB

BIN
apps/desktop/src-tauri/icons/Square89x89Logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.4 KiB

BIN
apps/desktop/src-tauri/icons/StoreLogo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.5 KiB

BIN
apps/desktop/src-tauri/icons/icon.icns
View File

Binary file not shown.

BIN
apps/desktop/src-tauri/icons/icon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 85 KiB

BIN
apps/desktop/src-tauri/icons/icon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 14 KiB

8
apps/desktop/src-tauri/src/commands/mod.rs
View File

@@ -1,8 +0,0 @@
// 原生桌面功能命令
// 未来可能包含: 文件对话框、系统通知、剪贴板等
// 示例命令 (可根据需要删除或替换)
#[tauri::command]
pub fn greet(name: &str) -> String {
format!("Hello, {}! You've been greeted from Rust!", name)
}

33
apps/desktop/src-tauri/src/lib.rs
View File

@@ -1,33 +0,0 @@
use tauri::Manager;
// 模块声明
mod commands;
mod sidecar;
use sidecar::SidecarProcess;
#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
tauri::Builder::default()
.plugin(tauri_plugin_shell::init())
.setup(|app| {
// 注册全局状态
app.manage(SidecarProcess(std::sync::Mutex::new(None)));
// 启动 Sidecar 进程
let app_handle = app.handle().clone();
sidecar::spawn_sidecar(app_handle);
Ok(())
})
.invoke_handler(tauri::generate_handler![commands::greet])
.build(tauri::generate_context!())
.expect("error while building tauri application")
.run(|app_handle, event| {
// 监听应用退出事件,清理 Sidecar 进程
if let tauri::RunEvent::Exit = event {
// 只在 Exit 事件时清理,避免重复执行
sidecar::cleanup_sidecar_process(app_handle);
}
});
}

6
apps/desktop/src-tauri/src/main.rs
View File

@@ -1,6 +0,0 @@
// Prevents additional console window on Windows in release, DO NOT REMOVE!!
#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
fn main() {
server_desktop_lib::run()
}

166
apps/desktop/src-tauri/src/sidecar.rs
View File

@@ -1,166 +0,0 @@
use std::sync::Mutex;
use std::time::Duration;
use tauri::Manager;
use tauri_plugin_shell::process::{CommandChild, CommandEvent};
use tauri_plugin_shell::ShellExt;
// ===== 配置常量 =====
/// Sidecar App 启动超时时间(秒)
const STARTUP_TIMEOUT_SECS: u64 = 5;
/// 默认起始端口
const DEFAULT_PORT: u16 = 3000;
/// 端口扫描范围(从起始端口开始扫描的端口数量)
const PORT_SCAN_RANGE: u16 = 100;
/// 窗口默认宽度
const DEFAULT_WINDOW_WIDTH: f64 = 1200.0;
/// 窗口默认高度
const DEFAULT_WINDOW_HEIGHT: f64 = 800.0;
/// 窗口标题
const WINDOW_TITLE: &str = "Tauri App";
// ===== 数据结构 =====
/// 全局状态:存储 Sidecar 进程句柄
pub struct SidecarProcess(pub Mutex<Option<CommandChild>>);
// 检查端口是否可用(未被占用)
async fn is_port_available(port: u16) -> bool {
tokio::net::TcpListener::bind(format!("127.0.0.1:{}", port))
.await
.is_ok()
}
// 查找可用端口
async fn find_available_port(start: u16) -> u16 {
for port in start..start + PORT_SCAN_RANGE {
if is_port_available(port).await {
return port;
}
}
start // 回退到起始端口
}
/// 启动 Sidecar 进程并创建主窗口
pub fn spawn_sidecar(app_handle: tauri::AppHandle) {
// 检测是否为开发模式
let is_dev = cfg!(debug_assertions);
if is_dev {
// 开发模式:直接创建窗口连接到 Vite 开发服务器
println!("🔧 开发模式");
match tauri::WebviewWindowBuilder::new(
&app_handle,
"main",
tauri::WebviewUrl::External("http://localhost:3000".parse().unwrap()),
)
.title(WINDOW_TITLE)
.inner_size(DEFAULT_WINDOW_WIDTH, DEFAULT_WINDOW_HEIGHT)
.center()
.build()
{
Ok(_) => println!("✓ 开发窗口创建成功"),
Err(e) => {
eprintln!("✗ 窗口创建失败: {}", e);
}
}
return;
}
// 生产模式:启动 sidecar 二进制
tauri::async_runtime::spawn(async move {
println!("🚀 生产模式");
// 查找可用端口
let port = find_available_port(DEFAULT_PORT).await;
println!("使用端口: {}", port);
// 启动 sidecar
let sidecar = app_handle
.shell()
.sidecar("server")
.expect("无法找到 app")
.env("PORT", port.to_string());
let (mut rx, child) = sidecar.spawn().expect("启动 sidecar 失败");
// 保存进程句柄到全局状态
if let Some(state) = app_handle.try_state::<SidecarProcess>() {
*state.0.lock().unwrap() = Some(child);
}
// 监听 stdout等待服务器就绪信号
let start_time = std::time::Instant::now();
let timeout = Duration::from_secs(STARTUP_TIMEOUT_SECS);
let mut app_ready = false;
while let Some(event) = rx.recv().await {
if let CommandEvent::Stdout(line) = event {
let output = String::from_utf8_lossy(&line);
println!("App: {}", output);
// 检测 App 启动成功的标志
if output.contains("Listening on:") || output.contains("localhost") {
app_ready = true;
println!("✓ App 启动成功!");
// 创建主窗口
let url = format!("http://localhost:{}", port);
tauri::WebviewWindowBuilder::new(
&app_handle,
"main",
tauri::WebviewUrl::External(url.parse().unwrap()),
)
.title(WINDOW_TITLE)
.inner_size(DEFAULT_WINDOW_WIDTH, DEFAULT_WINDOW_HEIGHT)
.center()
.build()
.expect("创建窗口失败");
break;
}
}
// 超时检查
if start_time.elapsed() > timeout {
eprintln!("✗ 启动超时: App 未能在 {} 秒内启动", STARTUP_TIMEOUT_SECS);
break;
}
}
if !app_ready {
eprintln!("✗ App 启动失败");
std::process::exit(1);
}
});
}
/// 清理 Sidecar 进程 (在应用退出时调用)
pub fn cleanup_sidecar_process(app_handle: &tauri::AppHandle) {
let is_dev = cfg!(debug_assertions);
if is_dev {
// 开发模式退出时发送异常信号exit 1让 Turbo 停止 Vite 服务器
println!("🔧 开发模式退出,终止所有依赖任务...");
std::process::exit(1);
}
// 生产模式:正常清理 sidecar 进程
println!("应用退出,正在清理 Sidecar 进程...");
if let Some(state) = app_handle.try_state::<SidecarProcess>() {
if let Ok(mut process) = state.0.lock() {
if let Some(child) = process.take() {
let _ = child.kill();
println!("✓ Sidecar 进程已终止");
}
}
}
}

25
apps/desktop/src-tauri/tauri.conf.json
View File

@@ -1,25 +0,0 @@
{
"$schema": "https://schema.tauri.app/config/2",
"productName": "server-desktop",
"version": "0.1.0",
"identifier": "com.imbytecat.server-desktop",
"app": {
"withGlobalTauri": true,
"windows": [],
"security": {
"csp": null
}
},
"bundle": {
"active": true,
"targets": "all",
"icon": [
"icons/32x32.png",
"icons/128x128.png",
"icons/128x128@2x.png",
"icons/icon.icns",
"icons/icon.ico"
],
"externalBin": ["binaries/server"]
}
}

198
apps/desktop/src/main/index.ts Normal file
View File

@@ -0,0 +1,198 @@
import { join } from 'node:path'
import { app, BrowserWindow, dialog, session, shell } from 'electron'
import { createSidecarRuntime } from './sidecar'
const DEV_SERVER_URL = 'http://localhost:3000'
const SAFE_EXTERNAL_PROTOCOLS = new Set(['https:', 'http:', 'mailto:'])
let mainWindow: BrowserWindow | null = null
let windowCreationPromise: Promise<void> | null = null
let isQuitting = false
const showErrorAndQuit = (title: string, detail: string) => {
if (isQuitting) {
return
}
dialog.showErrorBox(title, detail)
app.quit()
}
const sidecar = createSidecarRuntime({
devServerUrl: DEV_SERVER_URL,
isPackaged: app.isPackaged,
resourcesPath: process.resourcesPath,
isQuitting: () => isQuitting,
onUnexpectedStop: (detail) => {
showErrorAndQuit('Service Stopped', detail)
},
})
const toErrorMessage = (error: unknown): string => (error instanceof Error ? error.message : String(error))
const canOpenExternally = (url: string): boolean => {
try {
const parsed = new URL(url)
return SAFE_EXTERNAL_PROTOCOLS.has(parsed.protocol)
} catch {
return false
}
}
const loadSplash = async (windowRef: BrowserWindow) => {
if (process.env.ELECTRON_RENDERER_URL) {
await windowRef.loadURL(process.env.ELECTRON_RENDERER_URL)
return
}
await windowRef.loadFile(join(__dirname, '../renderer/index.html'))
}
const createWindow = async () => {
if (mainWindow && !mainWindow.isDestroyed()) {
mainWindow.focus()
return
}
const windowRef = new BrowserWindow({
width: 1200,
height: 800,
show: false,
webPreferences: {
preload: join(__dirname, '../preload/index.js'),
sandbox: true,
contextIsolation: true,
nodeIntegration: false,
},
})
mainWindow = windowRef
windowRef.webContents.setWindowOpenHandler(({ url }) => {
if (!canOpenExternally(url)) {
if (!app.isPackaged) {
console.warn(`Blocked external URL: ${url}`)
}
return { action: 'deny' }
}
void shell.openExternal(url)
return { action: 'deny' }
})
windowRef.webContents.on('will-navigate', (event, url) => {
const allowed = [DEV_SERVER_URL, sidecar.lastResolvedUrl].filter((v): v is string => v != null)
const isAllowed = allowed.some((origin) => url.startsWith(origin))
if (!isAllowed) {
event.preventDefault()
if (canOpenExternally(url)) {
void shell.openExternal(url)
} else if (!app.isPackaged) {
console.warn(`Blocked navigation to: ${url}`)
}
}
})
windowRef.on('closed', () => {
if (mainWindow === windowRef) {
mainWindow = null
}
})
try {
await loadSplash(windowRef)
} catch (error) {
if (mainWindow === windowRef) {
mainWindow = null
}
if (!windowRef.isDestroyed()) {
windowRef.destroy()
}
throw error
}
if (!windowRef.isDestroyed()) {
windowRef.show()
}
const targetUrl = await sidecar.resolveUrl()
if (isQuitting || windowRef.isDestroyed()) {
return
}
try {
await windowRef.loadURL(targetUrl)
} catch (error) {
if (mainWindow === windowRef) {
mainWindow = null
}
if (!windowRef.isDestroyed()) {
windowRef.destroy()
}
throw error
}
}
const ensureWindow = async () => {
if (windowCreationPromise) {
return windowCreationPromise
}
windowCreationPromise = createWindow().finally(() => {
windowCreationPromise = null
})
return windowCreationPromise
}
const beginQuit = () => {
isQuitting = true
sidecar.stop()
}
const handleWindowCreationError = (error: unknown, context: string) => {
console.error(`${context}:`, error)
showErrorAndQuit(
"App Couldn't Start",
app.isPackaged
? 'A required component failed to start. Please reinstall the app.'
: `${context}: ${toErrorMessage(error)}`,
)
}
app
.whenReady()
.then(() => {
session.defaultSession.setPermissionRequestHandler((_webContents, _permission, callback) => {
callback(false)
})
return ensureWindow()
})
.catch((error) => {
handleWindowCreationError(error, 'Failed to create window')
})
app.on('window-all-closed', () => {
if (process.platform !== 'darwin') {
app.quit()
}
})
app.on('activate', () => {
if (isQuitting || BrowserWindow.getAllWindows().length > 0) {
return
}
ensureWindow().catch((error) => {
handleWindowCreationError(error, 'Failed to re-create window')
})
})
app.on('before-quit', beginQuit)

256
apps/desktop/src/main/sidecar.ts Normal file
View File

@@ -0,0 +1,256 @@
import { type ChildProcess, spawn } from 'node:child_process'
import { existsSync } from 'node:fs'
import { createServer } from 'node:net'
import { join } from 'node:path'
import killProcessTree from 'tree-kill'
const SERVER_HOST = '127.0.0.1'
const SERVER_READY_TIMEOUT_MS = 10_000
const SERVER_REQUEST_TIMEOUT_MS = 1_500
const SERVER_POLL_INTERVAL_MS = 250
const SERVER_PROBE_PATHS = ['/api/health', '/']
type SidecarState = {
process: ChildProcess | null
startup: Promise<string> | null
url: string | null
}
type SidecarRuntimeOptions = {
devServerUrl: string
isPackaged: boolean
resourcesPath: string
isQuitting: () => boolean
onUnexpectedStop: (detail: string) => void
}
type SidecarRuntime = {
resolveUrl: () => Promise<string>
stop: () => void
lastResolvedUrl: string | null
}
const sleep = (ms: number): Promise<void> => new Promise((resolve) => setTimeout(resolve, ms))
const isProcessAlive = (processToCheck: ChildProcess | null): processToCheck is ChildProcess => {
if (!processToCheck || !processToCheck.pid) {
return false
}
return processToCheck.exitCode === null && !processToCheck.killed
}
const getAvailablePort = (): Promise<number> =>
new Promise((resolve, reject) => {
const server = createServer()
server.listen(0, () => {
const addr = server.address()
if (!addr || typeof addr === 'string') {
server.close()
reject(new Error('Failed to resolve port'))
return
}
server.close(() => resolve(addr.port))
})
server.on('error', reject)
})
const isServerReady = async (url: string): Promise<boolean> => {
for (const probePath of SERVER_PROBE_PATHS) {
try {
const probeUrl = new URL(probePath, `${url}/`)
const response = await fetch(probeUrl, {
method: 'GET',
cache: 'no-store',
signal: AbortSignal.timeout(SERVER_REQUEST_TIMEOUT_MS),
})
if (response.status < 500) {
if (probePath === '/api/health' && response.status === 404) {
continue
}
return true
}
} catch {
// Expected: probe request fails while server is still starting up
}
}
return false
}
const waitForServer = async (url: string, isQuitting: () => boolean, processRef?: ChildProcess): Promise<boolean> => {
const start = Date.now()
while (Date.now() - start < SERVER_READY_TIMEOUT_MS && !isQuitting()) {
if (processRef && processRef.exitCode !== null) {
return false
}
if (await isServerReady(url)) {
return true
}
await sleep(SERVER_POLL_INTERVAL_MS)
}
return false
}
const resolveBinaryPath = (resourcesPath: string): string => {
const binaryName = process.platform === 'win32' ? 'server.exe' : 'server'
return join(resourcesPath, binaryName)
}
const formatUnexpectedStopMessage = (
isPackaged: boolean,
code: number | null,
signal: NodeJS.Signals | null,
): string => {
if (isPackaged) {
return 'The background service stopped unexpectedly. Please restart the app.'
}
return `Server process exited unexpectedly (code ${code ?? 'unknown'}, signal ${signal ?? 'none'}).`
}
export const createSidecarRuntime = (options: SidecarRuntimeOptions): SidecarRuntime => {
const state: SidecarState = {
process: null,
startup: null,
url: null,
}
const resetState = (processRef?: ChildProcess) => {
if (processRef && state.process !== processRef) {
return
}
state.process = null
state.url = null
}
const stop = () => {
const runningServer = state.process
resetState()
if (!runningServer?.pid || runningServer.exitCode !== null) {
return
}
killProcessTree(runningServer.pid, 'SIGTERM', (error?: Error) => {
if (error) {
console.error('Failed to stop server process:', error)
}
})
}
const attachLifecycleHandlers = (processRef: ChildProcess) => {
processRef.on('error', (error) => {
if (state.process !== processRef) {
return
}
const hadReadyServer = state.url !== null
resetState(processRef)
if (!options.isQuitting() && hadReadyServer) {
options.onUnexpectedStop('The background service crashed unexpectedly. Please restart the app.')
return
}
console.error('Failed to start server process:', error)
})
processRef.on('exit', (code, signal) => {
if (state.process !== processRef) {
return
}
const hadReadyServer = state.url !== null
resetState(processRef)
if (!options.isQuitting() && hadReadyServer) {
options.onUnexpectedStop(formatUnexpectedStopMessage(options.isPackaged, code, signal))
}
})
}
const startPackagedServer = async (): Promise<string> => {
if (state.url && isProcessAlive(state.process)) {
return state.url
}
if (state.startup) {
return state.startup
}
state.startup = (async () => {
const binaryPath = resolveBinaryPath(options.resourcesPath)
if (!existsSync(binaryPath)) {
throw new Error(`Sidecar server binary is missing: ${binaryPath}`)
}
if (options.isQuitting()) {
throw new Error('Application is shutting down.')
}
const port = await getAvailablePort()
const nextServerUrl = `http://${SERVER_HOST}:${port}`
const processRef = spawn(binaryPath, [], {
env: {
...process.env,
HOST: SERVER_HOST,
PORT: String(port),
},
stdio: 'ignore',
windowsHide: true,
})
processRef.unref()
state.process = processRef
attachLifecycleHandlers(processRef)
const ready = await waitForServer(nextServerUrl, options.isQuitting, processRef)
if (ready && isProcessAlive(processRef)) {
state.url = nextServerUrl
return nextServerUrl
}
const failureReason =
processRef.exitCode !== null
? `The service exited early (code ${processRef.exitCode}).`
: `The service did not respond at ${nextServerUrl} within 10 seconds.`
stop()
throw new Error(failureReason)
})().finally(() => {
state.startup = null
})
return state.startup
}
const resolveUrl = async (): Promise<string> => {
if (options.isPackaged) {
return startPackagedServer()
}
const ready = await waitForServer(options.devServerUrl, options.isQuitting)
if (!ready) {
throw new Error('Dev server not responding. Run `bun dev` in apps/server first.')
}
state.url = options.devServerUrl
return options.devServerUrl
}
return {
resolveUrl,
stop,
get lastResolvedUrl() {
return state.url
},
}
}

1
apps/desktop/src/preload/index.ts Normal file
View File

@@ -0,0 +1 @@
export {}

BIN
apps/desktop/src/renderer/assets/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

33
apps/desktop/src/renderer/components/SplashApp.tsx Normal file
View File

@@ -0,0 +1,33 @@
import { motion } from 'motion/react'
import logoImage from '../assets/logo.png'
export const SplashApp = () => {
return (
<main className="m-0 flex h-screen w-screen cursor-default select-none items-center justify-center overflow-hidden bg-white font-sans antialiased">
<motion.section
animate={{ opacity: 1, y: 0 }}
className="flex flex-col items-center gap-8"
initial={{ opacity: 0, y: 4 }}
transition={{
duration: 1,
ease: [0.16, 1, 0.3, 1],
}}
>
<img alt="Logo" className="h-20 w-auto object-contain" draggable={false} src={logoImage} />
<div className="relative h-[4px] w-36 overflow-hidden rounded-full bg-zinc-100">
<motion.div
animate={{ x: '100%' }}
className="h-full w-full bg-zinc-800"
initial={{ x: '-100%' }}
transition={{
duration: 2,
ease: [0.4, 0, 0.2, 1],
repeat: Infinity,
}}
/>
</div>
</motion.section>
</main>
)
}

12
apps/desktop/src/renderer/index.html Normal file
View File

@@ -0,0 +1,12 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Furtherverse</title>
</head>
<body>
<div id="root"></div>
<script type="module" src="./main.tsx"></script>
</body>
</html>

11
apps/desktop/src/renderer/main.tsx Normal file
View File

@@ -0,0 +1,11 @@
import { StrictMode } from 'react'
import { createRoot } from 'react-dom/client'
import { SplashApp } from './components/SplashApp'
import './styles.css'
// biome-ignore lint/style/noNonNullAssertion: 一定存在
createRoot(document.getElementById('root')!).render(
<StrictMode>
<SplashApp />
</StrictMode>,
)

1
apps/desktop/src/renderer/styles.css Normal file
View File

@@ -0,0 +1 @@
@import "tailwindcss";

8
apps/desktop/tsconfig.app.json Normal file
View File

@@ -0,0 +1,8 @@
{
"extends": "@furtherverse/tsconfig/react.json",
"compilerOptions": {
"composite": true,
"types": ["vite/client"]
},
"include": ["src/renderer/**/*"]
}

11
apps/desktop/tsconfig.json
View File

@@ -1,4 +1,11 @@
{ {
"extends": "@furtherverse/tsconfig/bun.json", "files": [],
"exclude": ["node_modules", "src-tauri"] "references": [
{
"path": "./tsconfig.app.json"
},
{
"path": "./tsconfig.node.json"
}
]
} }

8
apps/desktop/tsconfig.node.json Normal file
View File

@@ -0,0 +1,8 @@
{
"extends": "@furtherverse/tsconfig/base.json",
"compilerOptions": {
"composite": true,
"types": ["node"]
},
"include": ["src/main/**/*", "src/preload/**/*", "electron.vite.config.ts"]
}

37
apps/desktop/turbo.json
View File

@@ -3,12 +3,39 @@
"extends": ["//"], "extends": ["//"],
"tasks": { "tasks": {
"build": { "build": {
"dependsOn": ["@furtherverse/server#compile"], "outputs": ["out/**"]
"outputs": ["src-tauri/target/release/**"]
}, },
"dev": { "dist": {
"dependsOn": ["@furtherverse/server#compile"], "dependsOn": ["build", "@furtherverse/server#compile"],
"with": ["@furtherverse/server#dev"] "outputs": ["dist/**"]
},
"dist:linux": {
"dependsOn": ["build", "@furtherverse/server#compile:linux:arm64", "@furtherverse/server#compile:linux:x64"],
"outputs": ["dist/**"]
},
"dist:linux:arm64": {
"dependsOn": ["build", "@furtherverse/server#compile:linux:arm64"],
"outputs": ["dist/**"]
},
"dist:linux:x64": {
"dependsOn": ["build", "@furtherverse/server#compile:linux:x64"],
"outputs": ["dist/**"]
},
"dist:mac": {
"dependsOn": ["build", "@furtherverse/server#compile:darwin:arm64", "@furtherverse/server#compile:darwin:x64"],
"outputs": ["dist/**"]
},
"dist:mac:arm64": {
"dependsOn": ["build", "@furtherverse/server#compile:darwin:arm64"],
"outputs": ["dist/**"]
},
"dist:mac:x64": {
"dependsOn": ["build", "@furtherverse/server#compile:darwin:x64"],
"outputs": ["dist/**"]
},
"dist:win": {
"dependsOn": ["build", "@furtherverse/server#compile:windows:x64"],
"outputs": ["dist/**"]
} }
} }
} }

2
apps/server/.env.example
View File

@@ -1 +1 @@
DATABASE_URL=postgres://postgres:postgres@localhost:5432/postgres DATABASE_PATH=data.db

122
apps/server/AGENTS.md
View File

@@ -4,11 +4,14 @@ TanStack Start fullstack web app with ORPC (contract-first RPC).
## Tech Stack ## Tech Stack
> **⚠️ This project uses Bun — NOT Node.js / npm. All commands use `bun`. Always use `bun run <script>` (not `bun <script>`) to avoid conflicts with Bun built-in subcommands. Never use `npm`, `npx`, or `node`.**
- **Framework**: TanStack Start (React 19 SSR, file-based routing) - **Framework**: TanStack Start (React 19 SSR, file-based routing)
- **Runtime**: Bun - **Runtime**: Bun**NOT Node.js**
- **Package Manager**: Bun — **NOT npm / yarn / pnpm**
- **Language**: TypeScript (strict mode) - **Language**: TypeScript (strict mode)
- **Styling**: Tailwind CSS v4 - **Styling**: Tailwind CSS v4
- **Database**: PostgreSQL + Drizzle ORM - **Database**: PostgreSQL + Drizzle ORM v1 beta (`drizzle-orm/postgres-js`, RQBv2)
- **State**: TanStack Query v5 - **State**: TanStack Query v5
- **RPC**: ORPC (contract-first, type-safe) - **RPC**: ORPC (contract-first, type-safe)
- **Build**: Vite + Nitro - **Build**: Vite + Nitro
@@ -17,25 +20,33 @@ TanStack Start fullstack web app with ORPC (contract-first RPC).
```bash ```bash
# Development # Development
bun dev # Vite dev server (localhost:3000) bun run dev # Vite dev server (localhost:3000)
bun db:studio # Drizzle Studio GUI bun run db:studio # Drizzle Studio GUI
# Build # Build
bun build # Production build → .output/ bun run build # Production build → .output/
bun compile # Compile to standalone binary bun run compile # Compile to standalone binary (current platform, depends on build)
bun run compile:darwin # Compile for macOS (arm64 + x64)
bun run compile:darwin:arm64 # Compile for macOS arm64
bun run compile:darwin:x64 # Compile for macOS x64
bun run compile:linux # Compile for Linux (x64 + arm64)
bun run compile:linux:arm64 # Compile for Linux arm64
bun run compile:linux:x64 # Compile for Linux x64
bun run compile:windows # Compile for Windows (default: x64)
bun run compile:windows:x64 # Compile for Windows x64
# Code Quality # Code Quality
bun fix # Biome auto-fix bun run fix # Biome auto-fix
bun typecheck # TypeScript check bun run typecheck # TypeScript check
# Database # Database
bun db:generate # Generate migrations from schema bun run db:generate # Generate migrations from schema
bun db:migrate # Run migrations bun run db:migrate # Run migrations
bun db:push # Push schema directly (dev only) bun run db:push # Push schema directly (dev only)
# Testing (not yet configured) # Testing (not yet configured)
bun test path/to/test.ts # Run single test bun test path/to/test.ts # Run single test
bun test -t "pattern" # Run tests matching pattern bun test -t "pattern" # Run tests matching pattern
``` ```
## Directory Structure ## Directory Structure
@@ -43,25 +54,29 @@ bun test -t "pattern" # Run tests matching pattern
``` ```
src/ src/
├── client/ # Client-side code ├── client/ # Client-side code
── orpc.client.ts # ORPC isomorphic client ── orpc.ts # ORPC client + TanStack Query utils (single entry point)
│ └── query-client.ts # TanStack Query client
├── components/ # React components ├── components/ # React components
├── routes/ # TanStack Router file routes ├── routes/ # TanStack Router file routes
│ ├── __root.tsx # Root layout │ ├── __root.tsx # Root layout
│ ├── index.tsx # Home page │ ├── index.tsx # Home page
│ └── api/ │ └── api/
── rpc.$.ts # ORPC HTTP endpoint ── $.ts # OpenAPI handler + Scalar docs
│ ├── health.ts # Health check endpoint
│ └── rpc.$.ts # ORPC RPC handler
├── server/ # Server-side code ├── server/ # Server-side code
│ ├── api/ # ORPC layer │ ├── api/ # ORPC layer
│ │ ├── contracts/ # Input/output schemas (Zod) │ │ ├── contracts/ # Input/output schemas (Zod)
│ │ ├── middlewares/ # Middleware (db provider, auth) │ │ ├── middlewares/ # Middleware (db provider, auth)
│ │ ├── routers/ # Handler implementations │ │ ├── routers/ # Handler implementations
│ │ ├── interceptors.ts # Shared error interceptors
│ │ ├── context.ts # Request context │ │ ├── context.ts # Request context
│ │ ├── server.ts # ORPC server instance │ │ ├── server.ts # ORPC server instance
│ │ └── types.ts # Type exports │ │ └── types.ts # Type exports
│ └── db/ │ └── db/
│ ├── schema/ # Drizzle table definitions │ ├── schema/ # Drizzle table definitions
── index.ts # Database instance ── fields.ts # Shared field builders (id, createdAt, updatedAt)
│ ├── relations.ts # Drizzle relations (defineRelations, RQBv2)
│ └── index.ts # Database instance (postgres-js driver)
├── env.ts # Environment variable validation ├── env.ts # Environment variable validation
├── router.tsx # Router configuration ├── router.tsx # Router configuration
├── routeTree.gen.ts # Auto-generated (DO NOT EDIT) ├── routeTree.gen.ts # Auto-generated (DO NOT EDIT)
@@ -73,7 +88,7 @@ src/
### 1. Define Contract (`src/server/api/contracts/feature.contract.ts`) ### 1. Define Contract (`src/server/api/contracts/feature.contract.ts`)
```typescript ```typescript
import { oc } from '@orpc/contract' import { oc } from '@orpc/contract'
import { createSelectSchema } from 'drizzle-zod' import { createSelectSchema } from 'drizzle-orm/zod'
import { z } from 'zod' import { z } from 'zod'
import { featureTable } from '@/server/db/schema' import { featureTable } from '@/server/db/schema'
@@ -90,7 +105,9 @@ import { db } from '../middlewares'
import { os } from '../server' import { os } from '../server'
export const list = os.feature.list.use(db).handler(async ({ context }) => { export const list = os.feature.list.use(db).handler(async ({ context }) => {
return await context.db.query.featureTable.findMany() return await context.db.query.featureTable.findMany({
orderBy: { createdAt: 'desc' },
})
}) })
``` ```
@@ -108,14 +125,20 @@ export const router = os.router({ feature })
### 4. Use in Components ### 4. Use in Components
```typescript ```typescript
import { useSuspenseQuery, useMutation } from '@tanstack/react-query' import { useSuspenseQuery, useMutation } from '@tanstack/react-query'
import { orpc } from '@/client/orpc.client' import { orpc } from '@/client/orpc'
const { data } = useSuspenseQuery(orpc.feature.list.queryOptions()) const { data } = useSuspenseQuery(orpc.feature.list.queryOptions())
const mutation = useMutation(orpc.feature.create.mutationOptions()) const mutation = useMutation(orpc.feature.create.mutationOptions())
``` ```
## Database Schema (Drizzle) ## Database (Drizzle ORM v1 beta)
- **Driver**: `drizzle-orm/postgres-js` (NOT `bun-sql`)
- **Validation**: `drizzle-orm/zod` (built-in, NOT separate `drizzle-zod` package)
- **Relations**: Defined via `defineRelations()` in `src/server/db/relations.ts`
- **Query**: RQBv2 — use `db.query.tableName.findMany()` with object-style `orderBy` and `where`
### Schema Definition
```typescript ```typescript
import { pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core' import { pgTable, text, timestamp, uuid } from 'drizzle-orm/pg-core'
import { sql } from 'drizzle-orm' import { sql } from 'drizzle-orm'
@@ -128,6 +151,43 @@ export const myTable = pgTable('my_table', {
}) })
``` ```
### Relations (RQBv2)
```typescript
// src/server/db/relations.ts
import { defineRelations } from 'drizzle-orm'
import * as schema from './schema'
export const relations = defineRelations(schema, (r) => ({
// Define relations here using r.one / r.many / r.through
}))
```
### DB Instance
```typescript
// src/server/db/index.ts
import { drizzle } from 'drizzle-orm/postgres-js'
import { relations } from '@/server/db/relations'
// In RQBv2, relations already contain schema info — no separate schema import needed
const db = drizzle({
connection: env.DATABASE_URL,
relations,
})
```
### RQBv2 Query Examples
```typescript
// Object-style orderBy (NOT callback style)
const todos = await db.query.todoTable.findMany({
orderBy: { createdAt: 'desc' },
})
// Object-style where
const todo = await db.query.todoTable.findFirst({
where: { id: someId },
})
```
## Code Style ## Code Style
### Formatting (Biome) ### Formatting (Biome)
@@ -186,16 +246,34 @@ export const env = createEnv({
}) })
``` ```
## Development Principles
> **These principles apply to ALL code changes. Agents MUST follow them on every task.**
1. **No backward compatibility** — This project is in rapid iteration. Always use the latest API and patterns. Never keep deprecated code paths or old API fallbacks.
2. **Always sync documentation** — When code changes, immediately update all related documentation (`AGENTS.md`, `README.md`, inline code examples). Code and docs must never drift apart.
3. **Forward-only migration** — When upgrading dependencies, fully adopt the new API. Don't mix old and new patterns.
## Critical Rules ## Critical Rules
**DO:** **DO:**
- Run `bun fix` before committing - Run `bun run fix` before committing
- Use `@/*` path aliases - Use `@/*` path aliases
- Include `createdAt`/`updatedAt` on all tables - Include `createdAt`/`updatedAt` on all tables
- Use `ORPCError` with proper codes - Use `ORPCError` with proper codes
- Use `drizzle-orm/zod` (NOT `drizzle-zod`) for schema validation
- Use RQBv2 object syntax for `orderBy` and `where`
- Update `AGENTS.md` and other docs whenever code patterns change
**DON'T:** **DON'T:**
- Use `npm`, `npx`, `node`, `yarn`, `pnpm` — always use `bun` / `bunx`
- Edit `src/routeTree.gen.ts` (auto-generated) - Edit `src/routeTree.gen.ts` (auto-generated)
- Use `as any`, `@ts-ignore`, `@ts-expect-error` - Use `as any`, `@ts-ignore`, `@ts-expect-error`
- Commit `.env` files - Commit `.env` files
- Use empty catch blocks - Use empty catch blocks
- Import from `drizzle-zod` (use `drizzle-orm/zod` instead)
- Use RQBv1 callback-style `orderBy` / old `relations()` API
- Use `drizzle-orm/bun-sql` driver (use `drizzle-orm/postgres-js`)
- Pass `schema` to `drizzle()` constructor (only `relations` is needed in RQBv2)
- Import `os` from `@orpc/server` in middleware — use `@/server/api/server` (the local typed instance)
- Leave docs out of sync with code changes

5
apps/server/biome.json
View File

@@ -3,5 +3,10 @@
"extends": "//", "extends": "//",
"files": { "files": {
"includes": ["**", "!**/routeTree.gen.ts"] "includes": ["**", "!**/routeTree.gen.ts"]
},
"css": {
"parser": {
"tailwindDirectives": true
}
} }
} }

289
apps/server/build.ts
View File

@@ -1,289 +0,0 @@
import { Schema } from '@effect/schema'
import { $ } from 'bun'
import { Console, Context, Data, Effect, Layer } from 'effect'
// ============================================================================
// Domain Models & Schema
// ============================================================================
const BunTargetSchema = Schema.Literal(
'bun-windows-x64',
'bun-darwin-arm64',
'bun-darwin-x64',
'bun-linux-x64',
'bun-linux-arm64',
)
/**
* 将 bun target 转换为文件后缀 (去掉 'bun-' 前缀)
*/
const getTargetSuffix = (target: BunTarget): string => {
return target.replace('bun-', '')
}
type BunTarget = Schema.Schema.Type<typeof BunTargetSchema>
const BuildConfigSchema = Schema.Struct({
entrypoint: Schema.String.pipe(Schema.nonEmptyString()),
outputDir: Schema.String.pipe(Schema.nonEmptyString()),
outfile: Schema.String.pipe(Schema.nonEmptyString()),
targets: Schema.Array(BunTargetSchema).pipe(Schema.minItems(1)),
})
type BuildConfig = Schema.Schema.Type<typeof BuildConfigSchema>
const BuildResultSchema = Schema.Struct({
target: BunTargetSchema,
outputs: Schema.Array(Schema.String),
})
type BuildResult = Schema.Schema.Type<typeof BuildResultSchema>
// ============================================================================
// Error Models (使用 Data.TaggedError)
// ============================================================================
class CleanError extends Data.TaggedError('CleanError')<{
readonly dir: string
readonly cause: unknown
}> {}
class BuildError extends Data.TaggedError('BuildError')<{
readonly target: BunTarget
readonly cause: unknown
}> {}
class ConfigError extends Data.TaggedError('ConfigError')<{
readonly message: string
readonly cause: unknown
}> {}
// ============================================================================
// Services
// ============================================================================
/**
* 配置服务
*/
class BuildConfigService extends Context.Tag('BuildConfigService')<
BuildConfigService,
BuildConfig
>() {
/**
* 从原始数据创建并验证配置
*/
static fromRaw = (raw: unknown) =>
Effect.gen(function* () {
const decoded = yield* Schema.decodeUnknown(BuildConfigSchema)(raw)
return decoded
}).pipe(
Effect.catchAll((error) =>
Effect.fail(
new ConfigError({
message: '配置验证失败',
cause: error,
}),
),
),
)
/**
* 默认配置 Layer
*/
static readonly Live = Layer.effect(
BuildConfigService,
BuildConfigService.fromRaw({
entrypoint: '.output/server/index.mjs',
outputDir: 'out',
outfile: 'server',
targets: ['bun-windows-x64', 'bun-darwin-arm64', 'bun-linux-x64'],
} satisfies BuildConfig),
)
}
/**
* 文件系统服务
*/
class FileSystemService extends Context.Tag('FileSystemService')<
FileSystemService,
{
readonly cleanDir: (dir: string) => Effect.Effect<void, CleanError>
}
>() {
static readonly Live = Layer.succeed(FileSystemService, {
cleanDir: (dir: string) =>
Effect.tryPromise({
try: async () => {
await $`rm -rf ${dir}`
},
catch: (cause: unknown) =>
new CleanError({
dir,
cause,
}),
}),
})
}
/**
* 构建服务
*/
class BuildService extends Context.Tag('BuildService')<
BuildService,
{
readonly buildForTarget: (
config: BuildConfig,
target: BunTarget,
) => Effect.Effect<BuildResult, BuildError>
readonly buildAll: (
config: BuildConfig,
) => Effect.Effect<ReadonlyArray<BuildResult>, BuildError>
}
>() {
static readonly Live = Layer.succeed(BuildService, {
buildForTarget: (config: BuildConfig, target: BunTarget) =>
Effect.gen(function* () {
yield* Console.log(`🔨 开始构建: ${target}`)
const output = yield* Effect.tryPromise({
try: () =>
Bun.build({
entrypoints: [config.entrypoint],
compile: {
outfile: `${config.outfile}-${getTargetSuffix(target)}`,
target: target,
},
outdir: config.outputDir,
}),
catch: (cause: unknown) =>
new BuildError({
target,
cause,
}),
})
const paths = output.outputs.map((item: { path: string }) => item.path)
return {
target,
outputs: paths,
} satisfies BuildResult
}),
buildAll: (config: BuildConfig) =>
Effect.gen(function* () {
const effects = config.targets.map((target) =>
Effect.gen(function* () {
yield* Console.log(`🔨 开始构建: ${target}`)
const output = yield* Effect.tryPromise({
try: () =>
Bun.build({
entrypoints: [config.entrypoint],
compile: {
outfile: `${config.outfile}-${getTargetSuffix(target)}`,
target: target,
},
outdir: config.outputDir,
}),
catch: (cause: unknown) =>
new BuildError({
target,
cause,
}),
})
const paths = output.outputs.map(
(item: { path: string }) => item.path,
)
return {
target,
outputs: paths,
} satisfies BuildResult
}),
)
return yield* Effect.all(effects, { concurrency: 'unbounded' })
}),
})
}
/**
* 报告服务
*/
class ReporterService extends Context.Tag('ReporterService')<
ReporterService,
{
readonly printSummary: (
results: ReadonlyArray<BuildResult>,
) => Effect.Effect<void>
}
>() {
static readonly Live = Layer.succeed(ReporterService, {
printSummary: (results: ReadonlyArray<BuildResult>) =>
Effect.gen(function* () {
yield* Console.log('\n📦 构建完成:')
for (const result of results) {
yield* Console.log(` ${result.target}:`)
for (const path of result.outputs) {
yield* Console.log(` - ${path}`)
}
}
}),
})
}
// ============================================================================
// Main Program
// ============================================================================
const program = Effect.gen(function* () {
const config = yield* BuildConfigService
const fs = yield* FileSystemService
const builder = yield* BuildService
const reporter = yield* ReporterService
// 1. 清理输出目录
yield* fs.cleanDir(config.outputDir)
yield* Console.log(`✓ 已清理输出目录: ${config.outputDir}`)
// 2. 并行构建所有目标
const results = yield* builder.buildAll(config)
// 3. 输出构建摘要
yield* reporter.printSummary(results)
return results
})
// ============================================================================
// Layer Composition
// ============================================================================
const MainLayer = Layer.mergeAll(
BuildConfigService.Live,
FileSystemService.Live,
BuildService.Live,
ReporterService.Live,
)
// ============================================================================
// Runner
// ============================================================================
const runnable = program.pipe(
Effect.provide(MainLayer),
Effect.catchTags({
CleanError: (error) =>
Console.error(`❌ 清理目录失败: ${error.dir}`, error.cause),
BuildError: (error) =>
Console.error(`❌ 构建失败 [${error.target}]:`, error.cause),
ConfigError: (error) =>
Console.error(`❌ 配置错误: ${error.message}`, error.cause),
}),
Effect.tapErrorCause((cause) => Console.error('❌ 未预期的错误:', cause)),
)
Effect.runPromise(runnable).catch(() => {
process.exit(1)
})

64
apps/server/compile.ts Normal file
View File

@@ -0,0 +1,64 @@
import { mkdir, rm } from 'node:fs/promises'
import { parseArgs } from 'node:util'
const ENTRYPOINT = '.output/server/index.mjs'
const OUTDIR = 'out'
const SUPPORTED_TARGETS: readonly Bun.Build.CompileTarget[] = [
'bun-windows-x64',
'bun-darwin-arm64',
'bun-darwin-x64',
'bun-linux-x64',
'bun-linux-arm64',
]
const isSupportedTarget = (value: string): value is Bun.Build.CompileTarget =>
(SUPPORTED_TARGETS as readonly string[]).includes(value)
const { values } = parseArgs({
options: { target: { type: 'string' } },
strict: true,
allowPositionals: false,
})
const resolveTarget = (): Bun.Build.CompileTarget => {
if (values.target !== undefined) {
if (!isSupportedTarget(values.target)) {
throw new Error(`Invalid target: ${values.target}\nAllowed: ${SUPPORTED_TARGETS.join(', ')}`)
}
return values.target
}
const os = process.platform === 'win32' ? 'windows' : process.platform
const candidate = `bun-${os}-${process.arch}`
if (!isSupportedTarget(candidate)) {
throw new Error(`Unsupported host: ${process.platform}-${process.arch}`)
}
return candidate
}
const main = async () => {
const target = resolveTarget()
const suffix = target.replace('bun-', '')
const outfile = `server-${suffix}`
await mkdir(OUTDIR, { recursive: true })
await Promise.all([rm(`${OUTDIR}/${outfile}`, { force: true }), rm(`${OUTDIR}/${outfile}.exe`, { force: true })])
const result = await Bun.build({
entrypoints: [ENTRYPOINT],
outdir: OUTDIR,
compile: { outfile, target },
})
if (!result.success) {
throw new Error(result.logs.map(String).join('\n'))
}
console.log(`${target}${OUTDIR}/${outfile}`)
}
main().catch((err) => {
console.error('❌', err instanceof Error ? err.message : err)
process.exit(1)
})

7
apps/server/drizzle.config.ts
View File

@@ -1,11 +1,12 @@
import { defineConfig } from 'drizzle-kit' import { defineConfig } from 'drizzle-kit'
import { env } from '@/env'
const databasePath = process.env.DATABASE_PATH ?? 'data.db'
export default defineConfig({ export default defineConfig({
out: './drizzle', out: './drizzle',
schema: './src/server/db/schema/index.ts', schema: './src/server/db/schema/index.ts',
dialect: 'postgresql', dialect: 'sqlite',
dbCredentials: { dbCredentials: {
url: env.DATABASE_URL, url: databasePath,
}, },
}) })

34
apps/server/package.json
View File

@@ -4,18 +4,26 @@
"private": true, "private": true,
"type": "module", "type": "module",
"scripts": { "scripts": {
"build": "vite build", "build": "bunx --bun vite build",
"compile": "bun build.ts", "compile": "bun compile.ts",
"db:generate": "drizzle-kit generate", "compile:darwin": "bun run compile:darwin:arm64 && bun run compile:darwin:x64",
"db:migrate": "drizzle-kit migrate", "compile:darwin:arm64": "bun compile.ts --target bun-darwin-arm64",
"db:push": "drizzle-kit push", "compile:darwin:x64": "bun compile.ts --target bun-darwin-x64",
"db:studio": "drizzle-kit studio", "compile:linux": "bun run compile:linux:x64 && bun run compile:linux:arm64",
"dev": "vite dev", "compile:linux:arm64": "bun compile.ts --target bun-linux-arm64",
"compile:linux:x64": "bun compile.ts --target bun-linux-x64",
"compile:windows": "bun run compile:windows:x64",
"compile:windows:x64": "bun compile.ts --target bun-windows-x64",
"db:generate": "bun --bun drizzle-kit generate",
"db:migrate": "bun --bun drizzle-kit migrate",
"db:push": "bun --bun drizzle-kit push",
"db:studio": "bun --bun drizzle-kit studio",
"dev": "bunx --bun vite dev",
"fix": "biome check --write", "fix": "biome check --write",
"typecheck": "tsc --noEmit" "typecheck": "tsc --noEmit"
}, },
"dependencies": { "dependencies": {
"@furtherverse/utils": "workspace:*", "@furtherverse/crypto": "workspace:*",
"@orpc/client": "catalog:", "@orpc/client": "catalog:",
"@orpc/contract": "catalog:", "@orpc/contract": "catalog:",
"@orpc/openapi": "catalog:", "@orpc/openapi": "catalog:",
@@ -27,18 +35,16 @@
"@tanstack/react-router": "catalog:", "@tanstack/react-router": "catalog:",
"@tanstack/react-router-ssr-query": "catalog:", "@tanstack/react-router-ssr-query": "catalog:",
"@tanstack/react-start": "catalog:", "@tanstack/react-start": "catalog:",
"@tauri-apps/api": "catalog:",
"drizzle-orm": "catalog:", "drizzle-orm": "catalog:",
"drizzle-zod": "catalog:", "jszip": "catalog:",
"postgres": "catalog:", "lossless-json": "catalog:",
"react": "catalog:", "react": "catalog:",
"react-dom": "catalog:", "react-dom": "catalog:",
"systeminformation": "catalog:",
"uuid": "catalog:", "uuid": "catalog:",
"zod": "catalog:" "zod": "catalog:"
}, },
"devDependencies": { "devDependencies": {
"@effect/platform": "catalog:",
"@effect/schema": "catalog:",
"@furtherverse/tsconfig": "workspace:*", "@furtherverse/tsconfig": "workspace:*",
"@tailwindcss/vite": "catalog:", "@tailwindcss/vite": "catalog:",
"@tanstack/devtools-vite": "catalog:", "@tanstack/devtools-vite": "catalog:",
@@ -49,10 +55,8 @@
"@vitejs/plugin-react": "catalog:", "@vitejs/plugin-react": "catalog:",
"babel-plugin-react-compiler": "catalog:", "babel-plugin-react-compiler": "catalog:",
"drizzle-kit": "catalog:", "drizzle-kit": "catalog:",
"effect": "catalog:",
"nitro": "catalog:", "nitro": "catalog:",
"tailwindcss": "catalog:", "tailwindcss": "catalog:",
"typescript": "catalog:",
"vite": "catalog:", "vite": "catalog:",
"vite-tsconfig-paths": "catalog:" "vite-tsconfig-paths": "catalog:"
} }

5
apps/server/src/client/orpc.client.ts → apps/server/src/client/orpc.ts
View File

@@ -1,6 +1,7 @@
import { createORPCClient } from '@orpc/client' import { createORPCClient } from '@orpc/client'
import { RPCLink } from '@orpc/client/fetch' import { RPCLink } from '@orpc/client/fetch'
import { createRouterClient } from '@orpc/server' import { createRouterClient } from '@orpc/server'
import { createTanstackQueryUtils } from '@orpc/tanstack-query'
import { createIsomorphicFn } from '@tanstack/react-start' import { createIsomorphicFn } from '@tanstack/react-start'
import { getRequestHeaders } from '@tanstack/react-start/server' import { getRequestHeaders } from '@tanstack/react-start/server'
import { router } from '@/server/api/routers' import { router } from '@/server/api/routers'
@@ -21,4 +22,6 @@ const getORPCClient = createIsomorphicFn()
return createORPCClient<RouterClient>(link) return createORPCClient<RouterClient>(link)
}) })
export const orpc: RouterClient = getORPCClient() const client: RouterClient = getORPCClient()
export const orpc = createTanstackQueryUtils(client)

30
apps/server/src/client/query-client.ts
View File

@@ -1,30 +0,0 @@
import { createTanstackQueryUtils } from '@orpc/tanstack-query'
import { orpc as orpcClient } from './orpc.client'
export const orpc = createTanstackQueryUtils(orpcClient, {
experimental_defaults: {
todo: {
create: {
mutationOptions: {
onSuccess: (_, __, ___, ctx) => {
ctx.client.invalidateQueries({ queryKey: orpc.todo.list.key() })
},
},
},
update: {
mutationOptions: {
onSuccess: (_, __, ___, ctx) => {
ctx.client.invalidateQueries({ queryKey: orpc.todo.list.key() })
},
},
},
remove: {
mutationOptions: {
onSuccess: (_, __, ___, ctx) => {
ctx.client.invalidateQueries({ queryKey: orpc.todo.list.key() })
},
},
},
},
},
})

0
apps/server/src/components/NotFount.tsx → apps/server/src/components/NotFound.tsx
View File

2
apps/server/src/env.ts
View File

@@ -3,7 +3,7 @@ import { z } from 'zod'
export const env = createEnv({ export const env = createEnv({
server: { server: {
DATABASE_URL: z.url(), DATABASE_PATH: z.string().min(1).default('data.db'),
}, },
clientPrefix: 'VITE_', clientPrefix: 'VITE_',
client: { client: {

24
apps/server/src/routeTree.gen.ts
View File

@@ -10,6 +10,7 @@
import { Route as rootRouteImport } from './routes/__root' import { Route as rootRouteImport } from './routes/__root'
import { Route as IndexRouteImport } from './routes/index' import { Route as IndexRouteImport } from './routes/index'
import { Route as ApiHealthRouteImport } from './routes/api/health'
import { Route as ApiSplatRouteImport } from './routes/api/$' import { Route as ApiSplatRouteImport } from './routes/api/$'
import { Route as ApiRpcSplatRouteImport } from './routes/api/rpc.$' import { Route as ApiRpcSplatRouteImport } from './routes/api/rpc.$'
@@ -18,6 +19,11 @@ const IndexRoute = IndexRouteImport.update({
path: '/', path: '/',
getParentRoute: () => rootRouteImport, getParentRoute: () => rootRouteImport,
} as any) } as any)
const ApiHealthRoute = ApiHealthRouteImport.update({
id: '/api/health',
path: '/api/health',
getParentRoute: () => rootRouteImport,
} as any)
const ApiSplatRoute = ApiSplatRouteImport.update({ const ApiSplatRoute = ApiSplatRouteImport.update({
id: '/api/$', id: '/api/$',
path: '/api/$', path: '/api/$',
@@ -32,30 +38,34 @@ const ApiRpcSplatRoute = ApiRpcSplatRouteImport.update({
export interface FileRoutesByFullPath { export interface FileRoutesByFullPath {
'/': typeof IndexRoute '/': typeof IndexRoute
'/api/$': typeof ApiSplatRoute '/api/$': typeof ApiSplatRoute
'/api/health': typeof ApiHealthRoute
'/api/rpc/$': typeof ApiRpcSplatRoute '/api/rpc/$': typeof ApiRpcSplatRoute
} }
export interface FileRoutesByTo { export interface FileRoutesByTo {
'/': typeof IndexRoute '/': typeof IndexRoute
'/api/$': typeof ApiSplatRoute '/api/$': typeof ApiSplatRoute
'/api/health': typeof ApiHealthRoute
'/api/rpc/$': typeof ApiRpcSplatRoute '/api/rpc/$': typeof ApiRpcSplatRoute
} }
export interface FileRoutesById { export interface FileRoutesById {
__root__: typeof rootRouteImport __root__: typeof rootRouteImport
'/': typeof IndexRoute '/': typeof IndexRoute
'/api/$': typeof ApiSplatRoute '/api/$': typeof ApiSplatRoute
'/api/health': typeof ApiHealthRoute
'/api/rpc/$': typeof ApiRpcSplatRoute '/api/rpc/$': typeof ApiRpcSplatRoute
} }
export interface FileRouteTypes { export interface FileRouteTypes {
fileRoutesByFullPath: FileRoutesByFullPath fileRoutesByFullPath: FileRoutesByFullPath
fullPaths: '/' | '/api/$' | '/api/rpc/$' fullPaths: '/' | '/api/$' | '/api/health' | '/api/rpc/$'
fileRoutesByTo: FileRoutesByTo fileRoutesByTo: FileRoutesByTo
to: '/' | '/api/$' | '/api/rpc/$' to: '/' | '/api/$' | '/api/health' | '/api/rpc/$'
id: '__root__' | '/' | '/api/$' | '/api/rpc/$' id: '__root__' | '/' | '/api/$' | '/api/health' | '/api/rpc/$'
fileRoutesById: FileRoutesById fileRoutesById: FileRoutesById
} }
export interface RootRouteChildren { export interface RootRouteChildren {
IndexRoute: typeof IndexRoute IndexRoute: typeof IndexRoute
ApiSplatRoute: typeof ApiSplatRoute ApiSplatRoute: typeof ApiSplatRoute
ApiHealthRoute: typeof ApiHealthRoute
ApiRpcSplatRoute: typeof ApiRpcSplatRoute ApiRpcSplatRoute: typeof ApiRpcSplatRoute
} }
@@ -68,6 +78,13 @@ declare module '@tanstack/react-router' {
preLoaderRoute: typeof IndexRouteImport preLoaderRoute: typeof IndexRouteImport
parentRoute: typeof rootRouteImport parentRoute: typeof rootRouteImport
} }
'/api/health': {
id: '/api/health'
path: '/api/health'
fullPath: '/api/health'
preLoaderRoute: typeof ApiHealthRouteImport
parentRoute: typeof rootRouteImport
}
'/api/$': { '/api/$': {
id: '/api/$' id: '/api/$'
path: '/api/$' path: '/api/$'
@@ -88,6 +105,7 @@ declare module '@tanstack/react-router' {
const rootRouteChildren: RootRouteChildren = { const rootRouteChildren: RootRouteChildren = {
IndexRoute: IndexRoute, IndexRoute: IndexRoute,
ApiSplatRoute: ApiSplatRoute, ApiSplatRoute: ApiSplatRoute,
ApiHealthRoute: ApiHealthRoute,
ApiRpcSplatRoute: ApiRpcSplatRoute, ApiRpcSplatRoute: ApiRpcSplatRoute,
} }
export const routeTree = rootRouteImport export const routeTree = rootRouteImport

9
apps/server/src/router.tsx
View File

@@ -5,7 +5,14 @@ import type { RouterContext } from './routes/__root'
import { routeTree } from './routeTree.gen' import { routeTree } from './routeTree.gen'
export const getRouter = () => { export const getRouter = () => {
const queryClient = new QueryClient() const queryClient = new QueryClient({
defaultOptions: {
queries: {
staleTime: 30 * 1000,
retry: 1,
},
},
})
const router = createRouter({ const router = createRouter({
routeTree, routeTree,

40
apps/server/src/routes/__root.tsx
View File

@@ -1,15 +1,11 @@
import { TanStackDevtools } from '@tanstack/react-devtools' import { TanStackDevtools } from '@tanstack/react-devtools'
import type { QueryClient } from '@tanstack/react-query' import type { QueryClient } from '@tanstack/react-query'
import { ReactQueryDevtoolsPanel } from '@tanstack/react-query-devtools' import { ReactQueryDevtoolsPanel } from '@tanstack/react-query-devtools'
import { import { createRootRouteWithContext, HeadContent, Scripts } from '@tanstack/react-router'
createRootRouteWithContext,
HeadContent,
Scripts,
} from '@tanstack/react-router'
import { TanStackRouterDevtoolsPanel } from '@tanstack/react-router-devtools' import { TanStackRouterDevtoolsPanel } from '@tanstack/react-router-devtools'
import type { ReactNode } from 'react' import type { ReactNode } from 'react'
import { ErrorComponent } from '@/components/Error' import { ErrorComponent } from '@/components/Error'
import { NotFoundComponent } from '@/components/NotFount' import { NotFoundComponent } from '@/components/NotFound'
import appCss from '@/styles.css?url' import appCss from '@/styles.css?url'
export interface RouterContext { export interface RouterContext {
@@ -50,21 +46,23 @@ function RootDocument({ children }: Readonly<{ children: ReactNode }>) {
</head> </head>
<body> <body>
{children} {children}
<TanStackDevtools {import.meta.env.DEV && (
config={{ <TanStackDevtools
position: 'bottom-right', config={{
}} position: 'bottom-right',
plugins={[ }}
{ plugins={[
name: 'TanStack Router', {
render: <TanStackRouterDevtoolsPanel />, name: 'TanStack Router',
}, render: <TanStackRouterDevtoolsPanel />,
{ },
name: 'TanStack Query', {
render: <ReactQueryDevtoolsPanel />, name: 'TanStack Query',
}, render: <ReactQueryDevtoolsPanel />,
]} },
/> ]}
/>
)}
<Scripts /> <Scripts />
</body> </body>
</html> </html>

52
apps/server/src/routes/api/$.ts
View File

@@ -1,10 +1,10 @@
import { OpenAPIHandler } from '@orpc/openapi/fetch' import { OpenAPIHandler } from '@orpc/openapi/fetch'
import { OpenAPIReferencePlugin } from '@orpc/openapi/plugins' import { OpenAPIReferencePlugin } from '@orpc/openapi/plugins'
import { ORPCError, onError, ValidationError } from '@orpc/server' import { onError } from '@orpc/server'
import { ZodToJsonSchemaConverter } from '@orpc/zod/zod4' import { ZodToJsonSchemaConverter } from '@orpc/zod/zod4'
import { createFileRoute } from '@tanstack/react-router' import { createFileRoute } from '@tanstack/react-router'
import { z } from 'zod'
import { name, version } from '@/../package.json' import { name, version } from '@/../package.json'
import { handleValidationError, logError } from '@/server/api/interceptors'
import { router } from '@/server/api/routers' import { router } from '@/server/api/routers'
const handler = new OpenAPIHandler(router, { const handler = new OpenAPIHandler(router, {
@@ -16,56 +16,16 @@ const handler = new OpenAPIHandler(router, {
info: { info: {
title: name, title: name,
version, version,
description:
'UX 授权服务 OpenAPI 文档。该服务用于工具箱侧本地身份初始化与密码学能力调用,覆盖设备授权密文生成、任务二维码解密、摘要信息加密、报告签名打包等流程。\n\n推荐调用顺序\n1) 写入平台公钥;\n2) 写入已签名 licence JSON\n3) 写入 OpenPGP 私钥;\n4) 读取本机身份状态进行前置校验;\n5) 执行加密/解密与签名接口。\n\n说明除文件下载接口外返回体均为 JSON字段示例已提供便于联调和 Mock。',
}, },
// components: {
// securitySchemes: {
// bearerAuth: {
// type: 'http',
// scheme: 'bearer',
// },
// },
// },
}, },
docsPath: '/docs', docsPath: '/docs',
specPath: '/spec.json', specPath: '/spec.json',
}), }),
], ],
interceptors: [ interceptors: [onError(logError)],
onError((error) => { clientInterceptors: [onError(handleValidationError)],
console.error(error)
}),
],
clientInterceptors: [
onError((error) => {
if (
error instanceof ORPCError &&
error.code === 'BAD_REQUEST' &&
error.cause instanceof ValidationError
) {
// If you only use Zod you can safely cast to ZodIssue[]
const zodError = new z.ZodError(
error.cause.issues as z.core.$ZodIssue[],
)
throw new ORPCError('INPUT_VALIDATION_FAILED', {
status: 422,
message: z.prettifyError(zodError),
data: z.flattenError(zodError),
cause: error.cause,
})
}
if (
error instanceof ORPCError &&
error.code === 'INTERNAL_SERVER_ERROR' &&
error.cause instanceof ValidationError
) {
throw new ORPCError('OUTPUT_VALIDATION_FAILED', {
cause: error.cause,
})
}
}),
],
}) })
export const Route = createFileRoute('/api/$')({ export const Route = createFileRoute('/api/$')({

27
apps/server/src/routes/api/health.ts Normal file
View File

@@ -0,0 +1,27 @@
import { createFileRoute } from '@tanstack/react-router'
import { name, version } from '@/../package.json'
const createHealthResponse = (): Response =>
Response.json(
{
status: 'ok',
service: name,
version,
timestamp: new Date().toISOString(),
},
{
status: 200,
headers: {
'cache-control': 'no-store',
},
},
)
export const Route = createFileRoute('/api/health')({
server: {
handlers: {
GET: async () => createHealthResponse(),
HEAD: async () => new Response(null, { status: 200 }),
},
},
})

42
apps/server/src/routes/api/rpc.$.ts
View File

@@ -1,46 +1,12 @@
import { ORPCError, onError, ValidationError } from '@orpc/server' import { onError } from '@orpc/server'
import { RPCHandler } from '@orpc/server/fetch' import { RPCHandler } from '@orpc/server/fetch'
import { createFileRoute } from '@tanstack/react-router' import { createFileRoute } from '@tanstack/react-router'
import { z } from 'zod' import { handleValidationError, logError } from '@/server/api/interceptors'
import { router } from '@/server/api/routers' import { router } from '@/server/api/routers'
const handler = new RPCHandler(router, { const handler = new RPCHandler(router, {
interceptors: [ interceptors: [onError(logError)],
onError((error) => { clientInterceptors: [onError(handleValidationError)],
console.error(error)
}),
],
clientInterceptors: [
onError((error) => {
if (
error instanceof ORPCError &&
error.code === 'BAD_REQUEST' &&
error.cause instanceof ValidationError
) {
// If you only use Zod you can safely cast to ZodIssue[]
const zodError = new z.ZodError(
error.cause.issues as z.core.$ZodIssue[],
)
throw new ORPCError('INPUT_VALIDATION_FAILED', {
status: 422,
message: z.prettifyError(zodError),
data: z.flattenError(zodError),
cause: error.cause,
})
}
if (
error instanceof ORPCError &&
error.code === 'INTERNAL_SERVER_ERROR' &&
error.cause instanceof ValidationError
) {
throw new ORPCError('OUTPUT_VALIDATION_FAILED', {
cause: error.cause,
})
}
}),
],
}) })
export const Route = createFileRoute('/api/rpc/$')({ export const Route = createFileRoute('/api/rpc/$')({

216
apps/server/src/routes/index.tsx
View File

@@ -1,214 +1,20 @@
import { useMutation, useSuspenseQuery } from '@tanstack/react-query'
import { createFileRoute } from '@tanstack/react-router' import { createFileRoute } from '@tanstack/react-router'
import { isTauri } from '@tauri-apps/api/core'
import { getCurrentWindow } from '@tauri-apps/api/window'
import type { ChangeEventHandler, FormEventHandler } from 'react'
import { useEffect, useState } from 'react'
import { orpc } from '@/client/query-client'
export const Route = createFileRoute('/')({ export const Route = createFileRoute('/')({
component: Todos, component: Home,
loader: async ({ context }) => {
await context.queryClient.ensureQueryData(orpc.todo.list.queryOptions())
},
}) })
function Todos() { function Home() {
const [newTodoTitle, setNewTodoTitle] = useState('')
const listQuery = useSuspenseQuery(orpc.todo.list.queryOptions())
const createMutation = useMutation(orpc.todo.create.mutationOptions())
const updateMutation = useMutation(orpc.todo.update.mutationOptions())
const deleteMutation = useMutation(orpc.todo.remove.mutationOptions())
useEffect(() => {
if (!isTauri()) return
getCurrentWindow().setTitle('待办事项')
}, [])
const handleCreateTodo: FormEventHandler<HTMLFormElement> = (e) => {
e.preventDefault()
if (newTodoTitle.trim()) {
createMutation.mutate({ title: newTodoTitle.trim() })
setNewTodoTitle('')
}
}
const handleInputChange: ChangeEventHandler<HTMLInputElement> = (e) => {
setNewTodoTitle(e.target.value)
}
const handleToggleTodo = (id: string, currentCompleted: boolean) => {
updateMutation.mutate({
id,
data: { completed: !currentCompleted },
})
}
const handleDeleteTodo = (id: string) => {
deleteMutation.mutate({ id })
}
const todos = listQuery.data
const completedCount = todos.filter((todo) => todo.completed).length
const totalCount = todos.length
const progress = totalCount > 0 ? (completedCount / totalCount) * 100 : 0
return ( return (
<div className="min-h-screen bg-slate-50 py-12 px-4 sm:px-6 font-sans"> <div className="min-h-screen bg-slate-50 flex items-center justify-center font-sans">
<div className="max-w-2xl mx-auto space-y-8"> <div className="text-center space-y-4">
{/* Header */} <h1 className="text-3xl font-bold text-slate-900 tracking-tight">UX Server</h1>
<div className="flex items-end justify-between"> <p className="text-slate-500">
<div> API Docs:&nbsp;
<h1 className="text-3xl font-bold text-slate-900 tracking-tight"> <a href="/api/docs" className="text-indigo-600 hover:text-indigo-700 underline">
/api/docs
</h1> </a>
<p className="text-slate-500 mt-1"></p> </p>
</div>
<div className="text-right">
<div className="text-2xl font-semibold text-slate-900">
{completedCount}
<span className="text-slate-400 text-lg">/{totalCount}</span>
</div>
<div className="text-xs font-medium text-slate-400 uppercase tracking-wider">
</div>
</div>
</div>
{/* Add Todo Form */}
<form onSubmit={handleCreateTodo} className="relative group z-10">
<div className="relative transform transition-all duration-200 focus-within:-translate-y-1">
<input
type="text"
value={newTodoTitle}
onChange={handleInputChange}
placeholder="添加新任务..."
className="w-full pl-6 pr-32 py-5 bg-white rounded-2xl shadow-[0_8px_30px_rgb(0,0,0,0.04)] border-0 ring-1 ring-slate-100 focus:ring-2 focus:ring-indigo-500/50 outline-none transition-all placeholder:text-slate-400 text-lg text-slate-700"
disabled={createMutation.isPending}
/>
<button
type="submit"
disabled={createMutation.isPending || !newTodoTitle.trim()}
className="absolute right-3 top-3 bottom-3 px-6 bg-indigo-600 hover:bg-indigo-700 text-white rounded-xl font-medium transition-all shadow-md shadow-indigo-200 disabled:opacity-50 disabled:shadow-none hover:shadow-lg hover:shadow-indigo-300 active:scale-95"
>
{createMutation.isPending ? '添加中' : '添加'}
</button>
</div>
</form>
{/* Progress Bar (Only visible when there are tasks) */}
{totalCount > 0 && (
<div className="h-1.5 w-full bg-slate-200 rounded-full overflow-hidden">
<div
className="h-full bg-indigo-500 transition-all duration-500 ease-out rounded-full"
style={{ width: `${progress}%` }}
/>
</div>
)}
{/* Todo List */}
<div className="space-y-3">
{todos.length === 0 ? (
<div className="py-20 text-center">
<div className="inline-flex items-center justify-center w-16 h-16 rounded-full bg-slate-100 mb-4">
<svg
className="w-8 h-8 text-slate-400"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
strokeWidth={1.5}
d="M12 6v6m0 0v6m0-6h6m-6 0H6"
/>
</svg>
</div>
<p className="text-slate-500 text-lg font-medium"></p>
<p className="text-slate-400 text-sm mt-1">
</p>
</div>
) : (
todos.map((todo) => (
<div
key={todo.id}
className={`group relative flex items-center p-4 bg-white rounded-xl border border-slate-100 shadow-sm transition-all duration-200 hover:shadow-md hover:border-slate-200 ${
todo.completed ? 'bg-slate-50/50' : ''
}`}
>
<button
type="button"
onClick={() => handleToggleTodo(todo.id, todo.completed)}
className={`flex-shrink-0 w-6 h-6 rounded-full border-2 transition-all duration-200 flex items-center justify-center mr-4 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 ${
todo.completed
? 'bg-indigo-500 border-indigo-500'
: 'border-slate-300 hover:border-indigo-500 bg-white'
}`}
>
{todo.completed && (
<svg
className="w-3.5 h-3.5 text-white"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
strokeWidth={3}
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
d="M5 13l4 4L19 7"
/>
</svg>
)}
</button>
<div className="flex-1 min-w-0">
<p
className={`text-lg transition-all duration-200 truncate ${
todo.completed
? 'text-slate-400 line-through decoration-slate-300 decoration-2'
: 'text-slate-700'
}`}
>
{todo.title}
</p>
</div>
<div className="flex items-center opacity-0 group-hover:opacity-100 transition-opacity duration-200 absolute right-4 pl-4 bg-gradient-to-l from-white via-white to-transparent sm:static sm:bg-none">
<span className="text-xs text-slate-400 mr-3 hidden sm:inline-block">
{new Date(todo.createdAt).toLocaleDateString('zh-CN')}
</span>
<button
type="button"
onClick={() => handleDeleteTodo(todo.id)}
className="p-2 text-slate-400 hover:text-red-500 hover:bg-red-50 rounded-lg transition-colors focus:outline-none"
title="删除"
>
<svg
className="w-5 h-5"
fill="none"
viewBox="0 0 24 24"
stroke="currentColor"
strokeWidth={1.5}
aria-hidden="true"
>
<path
strokeLinecap="round"
strokeLinejoin="round"
d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"
/>
</svg>
</button>
</div>
</div>
))
)}
</div>
</div> </div>
</div> </div>
) )

127
apps/server/src/server/api/contracts/config.contract.ts Normal file
View File

@@ -0,0 +1,127 @@
import { oc } from '@orpc/contract'
import { z } from 'zod'
import { licenceEnvelopeSchema } from '@/server/licence'
const licenceOutput = z
.object({
licenceId: z.string().describe('验签通过后的 licence 标识'),
expireTime: z.string().describe('授权到期日,格式为 YYYY-MM-DD'),
isExpired: z.boolean().describe('当前 licence 是否已过期(按 UTC 自然日计算)'),
})
.describe('当前已安装 licence 的验证后元数据')
const configOutput = z
.object({
licence: licenceOutput.nullable().describe('当前本地已验证 licence 的元数据,未设置时为 null'),
fingerprint: z.string().describe('UX 本机计算得到的设备特征码SHA-256'),
hasPlatformPublicKey: z.boolean().describe('是否已配置平台公钥'),
hasPgpPrivateKey: z.boolean().describe('是否已配置 OpenPGP 私钥'),
})
.describe('本地身份配置快照,用于判断设备授权初始化是否完成')
.meta({
examples: [
{
licence: {
licenceId: 'LIC-20260319-0025',
expireTime: '2027-03-19',
isExpired: false,
},
fingerprint: '9a3b7c1d2e4f5a6b8c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b',
hasPlatformPublicKey: true,
hasPgpPrivateKey: true,
},
{
licence: null,
fingerprint: '9a3b7c1d2e4f5a6b8c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b',
hasPlatformPublicKey: false,
hasPgpPrivateKey: false,
},
],
})
export const get = oc
.route({
method: 'POST',
path: '/config/get',
operationId: 'configGet',
summary: '读取本机身份配置',
description:
'查询 UX 当前本地身份配置状态。\n\n典型用途页面初始化时检测授权状态、验签前检查平台公钥、签名前检查私钥是否就绪。\n\n返回内容\n- licence当前已验证 licence 的元数据,未设置时为 null\n- fingerprint设备特征码本机自动计算\n- hasPlatformPublicKey是否已写入平台公钥\n- hasPgpPrivateKey是否已写入 OpenPGP 私钥。',
tags: ['Config'],
})
.input(z.object({}).describe('空请求体,仅触发读取当前配置'))
.output(configOutput)
export const setLicence = oc
.route({
method: 'POST',
path: '/config/set-licence',
operationId: 'configSetLicence',
summary: '写入本地 licence',
description:
'写入或更新本机持久化 licence。\n\n调用时机设备首次激活、授权码变更、授权修复。\n\n约束与行为\n- 接收 `.lic` 文件内容对应的 JSON 信封,而不是文件上传;\n- 使用已配置的平台公钥对 payload 原始字符串做 SHA256withRSA 验签;\n- 仅在验签通过且 expire_time 未过期时持久化;\n- fingerprint 由本机自动计算,不允许外部覆盖;\n- 成功后返回最新配置快照,便于前端立即刷新授权状态。',
tags: ['Config'],
})
.input(
licenceEnvelopeSchema.meta({
examples: [
{
payload: 'eyJsaWNlbmNlX2lkIjoiTElDLTIwMjYwMzE5LTAwMjUiLCJleHBpcmVfdGltZSI6IjIwMjctMDMtMTkifQ==',
signature:
'aLd+wwpz1W5AS0jgE/IstSNjCAQ5estQYIMqeLXRWMIsnKxjZpCvC8O5q/G5LEBBLJXnbTk8N6IMTUx295nf2HQYlXNtJkWiBeUXQ6/uzs0RbhCeRAWK2Hx4kSsmiEv4AHGLb4ozI2XekTc+40+ApJQYqaWbDu/NU99TmDm3/da1VkKpQxH60BhSQVwBtU67w9Vp3SpWm8y1faQ7ci5WDtJf1JZaS70kPXoGeA5018rPeMFlEzUp10yDlGW6RcrT7Dm+r7zFyrFznLK+evBEvTf9mMGWwZZP3q9vJtC/wFt1t5zNHdkb27cTwc9yyqGMWdelXQAQDnoisn2Jzi06KA==',
},
],
}),
)
.output(configOutput)
export const setPgpPrivateKey = oc
.route({
method: 'POST',
path: '/config/set-pgp-private-key',
operationId: 'configSetPgpPrivateKey',
summary: '写入本地 OpenPGP 私钥',
description:
'写入或更新本机持久化 OpenPGP 私钥ASCII armored。\n\n调用时机首次导入签名私钥、私钥轮换。\n\n约束与行为\n- 仅接收 ASCII armored 私钥文本;\n- 私钥保存在本地,后续报告签名接口会自动读取;\n- 成功后返回最新配置快照,可用于确认 hasPgpPrivateKey 状态。',
tags: ['Config'],
})
.input(
z
.object({
pgpPrivateKey: z.string().min(1).describe('OpenPGP 私钥ASCII armored 格式)'),
})
.meta({
examples: [
{
pgpPrivateKey: '-----BEGIN PGP PRIVATE KEY BLOCK-----\n\nxcMGBGd...\n-----END PGP PRIVATE KEY BLOCK-----',
},
],
}),
)
.output(configOutput)
export const setPlatformPublicKey = oc
.route({
method: 'POST',
path: '/config/set-platform-public-key',
operationId: 'configSetPlatformPublicKey',
summary: '写入本地平台公钥',
description:
'写入或更新本机持久化平台公钥Base64 编码 SPKI DER。\n\n调用时机设备授权初始化、平台公钥轮换。\n\n约束与行为\n- 仅接收可解析的平台 RSA 公钥文本;\n- 公钥保存在本地,设备授权密文接口和 licence 验签都会自动读取,无需每次传参;\n- 若平台公钥发生变化,已安装 licence 会被清空,需要重新安装已签名 licence\n- 成功后返回最新配置快照,可用于确认 hasPlatformPublicKey 状态。',
tags: ['Config'],
})
.input(
z
.object({
platformPublicKey: z.string().min(1).describe('平台公钥Base64 编码 SPKI DER'),
})
.meta({
examples: [
{
platformPublicKey:
'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB',
},
],
}),
)
.output(configOutput)

163
apps/server/src/server/api/contracts/crypto.contract.ts Normal file
View File

@@ -0,0 +1,163 @@
import { oc } from '@orpc/contract'
import { z } from 'zod'
export const encryptDeviceInfo = oc
.route({
method: 'POST',
path: '/crypto/encrypt-device-info',
operationId: 'encryptDeviceInfo',
summary: '生成设备授权二维码密文',
description:
'生成设备授权流程所需的二维码密文。\n\n处理流程\n- 读取本机已验证的 licenceId、fingerprint 与本地持久化的平台公钥;\n- 组装为授权载荷 JSON\n- 使用平台公钥执行 RSA-OAEP(SHA-256) 加密;\n- 返回 Base64 密文供前端生成二维码。\n\n适用场景设备授权申请、重新授权。\n\n前置条件需先调用 config.setPlatformPublicKey 写入平台公钥,并通过 config.setLicence 安装已签名 licence。',
tags: ['Crypto'],
})
.input(z.object({}).describe('空请求体。平台公钥由本地配置自动读取'))
.output(
z
.object({
encrypted: z.string().describe('Base64 密文(可直接用于设备授权二维码内容)'),
})
.describe('设备授权密文生成结果')
.meta({
examples: [
{
encrypted: 'dGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIFJTQS1PQUVQIGVuY3J5cHRlZCBkZXZpY2UgaW5mby4uLg==',
},
],
}),
)
export const decryptTask = oc
.route({
method: 'POST',
path: '/crypto/decrypt-task',
operationId: 'decryptTask',
summary: '解密任务二维码数据',
description:
'解密 App 下发的任务二维码密文。\n\n处理流程\n- 基于本机已验证的 licenceId + fingerprint 派生 AES-256-GCM 密钥;\n- 对二维码中的 Base64 密文进行解密;\n- 返回任务明文 JSON 字符串。\n\n适用场景扫码接收任务后解析任务详情。',
tags: ['Crypto'],
})
.input(
z
.object({
encryptedData: z.string().min(1).describe('Base64 编码的 AES-256-GCM 密文(来自任务二维码扫描结果)'),
})
.describe('任务二维码解密请求')
.meta({
examples: [
{
encryptedData: 'uWUcAmp6UQd0w3G3crdsd4613QCxGLoEgslgXJ4G2hQhpQdjtghtQjCBUZwB/JO+NRgH1vSTr8dqBJRq7Qh4nug==',
},
],
}),
)
.output(
z
.object({
decrypted: z.string().describe('解密后的任务信息 JSON 字符串(可进一步反序列化)'),
})
.describe('任务二维码解密结果')
.meta({
examples: [
{
decrypted:
'{"taskId":"TASK-20260115-4875","enterpriseId":"1173040813421105152","orgName":"超艺科技有限公司","inspectionId":"702286470691215417","inspectionPerson":"警务通","issuedAt":1734571234567}',
},
],
}),
)
export const encryptSummary = oc
.route({
method: 'POST',
path: '/crypto/encrypt-summary',
operationId: 'encryptSummary',
summary: '加密摘要信息',
description:
'加密检查摘要信息并产出二维码密文。\n\n处理流程\n- 使用已验证的 licenceId + fingerprint 结合 taskId(salt) 通过 HKDF-SHA256 派生密钥;\n- 使用 AES-256-GCM 加密摘要明文;\n- 返回 Base64 密文用于摘要二维码生成。\n\n适用场景任务执行后提交摘要信息。',
tags: ['Crypto'],
})
.input(
z
.object({
salt: z.string().min(1).describe('HKDF salt通常为 taskId需与任务上下文一致'),
plaintext: z.string().min(1).describe('待加密的摘要信息 JSON 明文字符串'),
})
.describe('摘要信息加密请求')
.meta({
examples: [
{
salt: 'TASK-20260115-4875',
plaintext:
'{"enterpriseId":"1173040813421105152","inspectionId":"702286470691215417","summary":{"orgId":"1","orgName":"超艺科技有限公司","checkId":"1","vcheckId":"1","task":{"startTime":"2022-01-01 00:00:00","endTime":"2022-01-01 00:00:00"},"asset":{"count":183},"weakPwd":{"count":5},"vul":{"emergency":13,"high":34,"medium":45,"low":12,"info":3}},"timestamp":1734571234567}',
},
],
}),
)
.output(
z
.object({
encrypted: z.string().describe('Base64 密文(用于摘要信息二维码内容)'),
})
.describe('摘要信息加密结果')
.meta({
examples: [
{
encrypted: 'uWUcAmp6UQd0w3G3crdsd4613QCxGLoEgslgXJ4G2hQhpQdjtghtQjCBUZwB/JO+NRgH1vSTr8dqBJRq7Qh4nug==',
},
],
}),
)
export const signAndPackReport = oc
.route({
method: 'POST',
path: '/crypto/sign-and-pack-report',
operationId: 'signAndPackReport',
summary: '签名并打包检查报告',
description:
'对原始报告执行设备签名与 OpenPGP 签名并重新打包。\n\n处理流程\n- 解析上传 ZIP 并提取 summary.json\n- 用已验证的 licenceId/fingerprint 计算 deviceSignature(HKDF + HMAC-SHA256) 并回写 summary.json\n- 生成 META-INF/manifest.json\n- 使用本地 OpenPGP 私钥生成 detached signature(`META-INF/signature.asc`)\n- 返回签名后 ZIP。\n\n适用场景检查结果归档、可追溯签名分发。',
tags: ['Report'],
spec: (current) => {
const multipartContent =
current.requestBody && !('$ref' in current.requestBody)
? (current.requestBody.content?.['multipart/form-data'] ?? current.requestBody.content?.['application/json'])
: undefined
return {
...current,
requestBody:
multipartContent && current.requestBody && !('$ref' in current.requestBody)
? {
...current.requestBody,
content: {
'multipart/form-data': multipartContent,
},
}
: current.requestBody,
}
},
})
.input(
z
.object({
rawZip: z
.file()
.mime(['application/zip', 'application/x-zip-compressed'])
.describe(
'原始报告 ZIP 文件(必须包含 summary.json以及 assets.json、vulnerabilities.json、weakPasswords.json、漏洞评估报告.html 等报告文件)',
),
outputFileName: z
.string()
.min(1)
.optional()
.describe('返回 ZIP 文件名(可选,默认 signed-report.zip')
.meta({ examples: ['signed-report.zip'] }),
})
.describe('报告签名与打包请求'),
)
.output(
z
.file()
.describe('签名后报告 ZIP 文件(二进制响应,包含 summary.json、META-INF/manifest.json、META-INF/signature.asc'),
)

6
apps/server/src/server/api/contracts/index.ts
View File

@@ -1,7 +1,9 @@
import * as todo from './todo.contract' import * as config from './config.contract'
import * as crypto from './crypto.contract'
export const contract = { export const contract = {
todo, config,
crypto,
} }
export type Contract = typeof contract export type Contract = typeof contract

43
apps/server/src/server/api/contracts/todo.contract.ts
View File

@@ -1,43 +0,0 @@
import { oc } from '@orpc/contract'
import {
createInsertSchema,
createSelectSchema,
createUpdateSchema,
} from 'drizzle-zod'
import { z } from 'zod'
import { todoTable } from '@/server/db/schema'
const selectSchema = createSelectSchema(todoTable)
const insertSchema = createInsertSchema(todoTable).omit({
id: true,
createdAt: true,
updatedAt: true,
})
const updateSchema = createUpdateSchema(todoTable).omit({
id: true,
createdAt: true,
updatedAt: true,
})
export const list = oc.input(z.void()).output(z.array(selectSchema))
export const create = oc.input(insertSchema).output(selectSchema)
export const update = oc
.input(
z.object({
id: z.uuid(),
data: updateSchema,
}),
)
.output(selectSchema)
export const remove = oc
.input(
z.object({
id: z.uuid(),
}),
)
.output(z.void())

26
apps/server/src/server/api/interceptors.ts Normal file
View File

@@ -0,0 +1,26 @@
import { ORPCError, ValidationError } from '@orpc/server'
import { z } from 'zod'
export const logError = (error: unknown) => {
console.error(error)
}
export const handleValidationError = (error: unknown) => {
if (error instanceof ORPCError && error.code === 'BAD_REQUEST' && error.cause instanceof ValidationError) {
// If you only use Zod you can safely cast to ZodIssue[] (per ORPC official docs)
const zodError = new z.ZodError(error.cause.issues as z.core.$ZodIssue[])
throw new ORPCError('INPUT_VALIDATION_FAILED', {
status: 422,
message: z.prettifyError(zodError),
data: z.flattenError(zodError),
cause: error.cause,
})
}
if (error instanceof ORPCError && error.code === 'INTERNAL_SERVER_ERROR' && error.cause instanceof ValidationError) {
throw new ORPCError('OUTPUT_VALIDATION_FAILED', {
cause: error.cause,
})
}
}

2
apps/server/src/server/api/middlewares/db.middleware.ts
View File

@@ -1,4 +1,4 @@
import { os } from '@orpc/server' import { os } from '@/server/api/server'
import { getDB } from '@/server/db' import { getDB } from '@/server/db'
export const db = os.middleware(async ({ context, next }) => { export const db = os.middleware(async ({ context, next }) => {

81
apps/server/src/server/api/routers/config.router.ts Normal file
View File

@@ -0,0 +1,81 @@
import { validatePgpPrivateKey, validateRsaPublicKey } from '@furtherverse/crypto'
import { ORPCError } from '@orpc/server'
import { isLicenceExpired, verifyAndDecodeLicenceEnvelope } from '@/server/licence'
import { ensureUxConfig, setUxLicence, setUxPgpPrivateKey, setUxPlatformPublicKey } from '@/server/ux-config'
import { db } from '../middlewares'
import { os } from '../server'
const toConfigOutput = (config: {
licenceId: string | null
licenceExpireTime: string | null
fingerprint: string
platformPublicKey: string | null
pgpPrivateKey: string | null
}) => ({
licence:
config.licenceId && config.licenceExpireTime
? {
licenceId: config.licenceId,
expireTime: config.licenceExpireTime,
isExpired: isLicenceExpired(config.licenceExpireTime),
}
: null,
fingerprint: config.fingerprint,
hasPlatformPublicKey: config.platformPublicKey != null,
hasPgpPrivateKey: config.pgpPrivateKey != null,
})
export const get = os.config.get.use(db).handler(async ({ context }) => {
const config = await ensureUxConfig(context.db)
return toConfigOutput(config)
})
export const setLicence = os.config.setLicence.use(db).handler(async ({ context, input }) => {
const currentConfig = await ensureUxConfig(context.db)
if (!currentConfig.platformPublicKey) {
throw new ORPCError('PRECONDITION_FAILED', {
message: 'Platform public key is not configured. Call config.setPlatformPublicKey first.',
})
}
const payload = verifyAndDecodeLicenceEnvelope(input, currentConfig.platformPublicKey)
if (isLicenceExpired(payload.expire_time)) {
throw new ORPCError('BAD_REQUEST', {
message: 'licence has expired',
})
}
const config = await setUxLicence(context.db, {
payload: input.payload,
signature: input.signature,
licenceId: payload.licence_id,
expireTime: payload.expire_time,
})
return toConfigOutput(config)
})
export const setPgpPrivateKey = os.config.setPgpPrivateKey.use(db).handler(async ({ context, input }) => {
await validatePgpPrivateKey(input.pgpPrivateKey).catch((error) => {
throw new ORPCError('BAD_REQUEST', {
message: `Invalid PGP private key: ${error instanceof Error ? error.message : 'unable to parse'}`,
})
})
const config = await setUxPgpPrivateKey(context.db, input.pgpPrivateKey)
return toConfigOutput(config)
})
export const setPlatformPublicKey = os.config.setPlatformPublicKey.use(db).handler(async ({ context, input }) => {
try {
validateRsaPublicKey(input.platformPublicKey)
} catch (error) {
throw new ORPCError('BAD_REQUEST', {
message: `Invalid platform public key: ${error instanceof Error ? error.message : 'unable to parse'}`,
})
}
const config = await setUxPlatformPublicKey(context.db, input.platformPublicKey)
return toConfigOutput(config)
})

219
apps/server/src/server/api/routers/crypto.router.ts Normal file
View File

@@ -0,0 +1,219 @@
import {
aesGcmDecrypt,
aesGcmEncrypt,
hkdfSha256,
hmacSha256Base64,
pgpSignDetached,
rsaOaepEncrypt,
sha256,
sha256Hex,
} from '@furtherverse/crypto'
import { ORPCError } from '@orpc/server'
import JSZip from 'jszip'
import {
isInteger,
isSafeNumber,
LosslessNumber,
parse as losslessParse,
stringify as losslessStringify,
} from 'lossless-json'
import { z } from 'zod'
import { isLicenceExpired } from '@/server/licence'
import { extractSafeZipFiles, ZipValidationError } from '@/server/safe-zip'
import { getUxConfig } from '@/server/ux-config'
import { db } from '../middlewares'
import { os } from '../server'
const safeNumberParser = (value: string): number | string => {
if (isSafeNumber(value)) return Number(value)
if (isInteger(value)) return value
return Number(value)
}
const toLosslessNumber = (value: string): LosslessNumber | string =>
value !== '' && /^-?\d+$/.test(value) ? new LosslessNumber(value) : value
const summaryPayloadSchema = z
.object({
taskId: z.string().min(1, 'summary.json must contain a non-empty taskId'),
checkId: z.union([z.string(), z.number()]).optional(),
inspectionId: z.union([z.string(), z.number()]).optional(),
orgId: z.union([z.string(), z.number()]).optional(),
enterpriseId: z.union([z.string(), z.number()]).optional(),
summary: z.string().optional(),
})
.loose()
const requireIdentity = async (dbInstance: Parameters<typeof getUxConfig>[0]) => {
const config = await getUxConfig(dbInstance)
if (!config || !config.licenceId || !config.licenceExpireTime) {
throw new ORPCError('PRECONDITION_FAILED', {
message: 'Local identity is not initialized. Call config.get and then config.setLicence first.',
})
}
if (isLicenceExpired(config.licenceExpireTime)) {
throw new ORPCError('PRECONDITION_FAILED', {
message: 'Local licence has expired. Install a new signed licence before calling crypto APIs.',
})
}
return config as typeof config & { licenceId: string; licenceExpireTime: string }
}
export const encryptDeviceInfo = os.crypto.encryptDeviceInfo.use(db).handler(async ({ context }) => {
const config = await requireIdentity(context.db)
if (!config.platformPublicKey) {
throw new ORPCError('PRECONDITION_FAILED', {
message: 'Platform public key is not configured. Call config.setPlatformPublicKey first.',
})
}
const deviceInfoJson = JSON.stringify({
licence: config.licenceId,
fingerprint: config.fingerprint,
})
const encrypted = rsaOaepEncrypt(deviceInfoJson, config.platformPublicKey)
return { encrypted }
})
export const decryptTask = os.crypto.decryptTask.use(db).handler(async ({ context, input }) => {
const config = await requireIdentity(context.db)
const key = sha256(config.licenceId + config.fingerprint)
const decrypted = aesGcmDecrypt(input.encryptedData, key)
return { decrypted }
})
export const encryptSummary = os.crypto.encryptSummary.use(db).handler(async ({ context, input }) => {
const config = await requireIdentity(context.db)
const ikm = config.licenceId + config.fingerprint
const aesKey = hkdfSha256(ikm, input.salt, 'inspection_report_encryption')
const encrypted = aesGcmEncrypt(input.plaintext, aesKey)
return { encrypted }
})
export const signAndPackReport = os.crypto.signAndPackReport.use(db).handler(async ({ context, input }) => {
const config = await requireIdentity(context.db)
if (!config.pgpPrivateKey) {
throw new ORPCError('PRECONDITION_FAILED', {
message: 'PGP private key is not configured. Call config.setPgpPrivateKey first.',
})
}
const rawZipBytes = Buffer.from(await input.rawZip.arrayBuffer())
const zipFiles = await extractSafeZipFiles(rawZipBytes).catch((error) => {
if (error instanceof ZipValidationError) {
throw new ORPCError('BAD_REQUEST', { message: error.message })
}
throw error
})
// Extract and validate summary.json from the ZIP
const summaryFile = zipFiles.find((f) => f.name === 'summary.json')
if (!summaryFile) {
throw new ORPCError('BAD_REQUEST', {
message: 'rawZip must contain a summary.json file',
})
}
let rawJson: unknown
try {
rawJson = losslessParse(Buffer.from(summaryFile.bytes).toString('utf-8'), undefined, safeNumberParser)
} catch {
throw new ORPCError('BAD_REQUEST', {
message: 'summary.json in the ZIP is not valid JSON',
})
}
const parsed = summaryPayloadSchema.safeParse(rawJson)
if (!parsed.success) {
throw new ORPCError('BAD_REQUEST', {
message: `Invalid summary.json: ${z.prettifyError(parsed.error)}`,
})
}
const summaryPayload = parsed.data
const checkId = String(summaryPayload.checkId ?? summaryPayload.inspectionId ?? '')
const orgId = summaryPayload.orgId ?? summaryPayload.enterpriseId ?? ''
// Helper: find file in ZIP and compute its SHA256 hash
const requireFileHash = (name: string): string => {
const file = zipFiles.find((f) => f.name === name)
if (!file) {
throw new ORPCError('BAD_REQUEST', { message: `rawZip must contain ${name}` })
}
return sha256Hex(Buffer.from(file.bytes))
}
// Compute SHA256 of each content file (fixed order, matching Kotlin reference)
const assetsSha256 = requireFileHash('assets.json')
const vulnerabilitiesSha256 = requireFileHash('vulnerabilities.json')
const weakPasswordsSha256 = requireFileHash('weakPasswords.json')
const reportHtmlSha256 = requireFileHash('漏洞评估报告.html')
// Compute device signature
// signPayload = taskId + inspectionId + assetsSha256 + vulnerabilitiesSha256 + weakPasswordsSha256 + reportHtmlSha256
// (plain concatenation, no separators, fixed order — matching Kotlin reference)
const ikm = config.licenceId + config.fingerprint
const signingKey = hkdfSha256(ikm, 'AUTH_V3_SALT', 'device_report_signature')
const signPayload = `${summaryPayload.taskId}${checkId}${assetsSha256}${vulnerabilitiesSha256}${weakPasswordsSha256}${reportHtmlSha256}`
const deviceSignature = hmacSha256Base64(signingKey, signPayload)
// Build final summary.json with flat structure (matching Kotlin reference)
const finalSummary = {
orgId: toLosslessNumber(String(orgId)),
checkId: toLosslessNumber(checkId),
taskId: summaryPayload.taskId,
licence: config.licenceId,
fingerprint: config.fingerprint,
deviceSignature,
summary: summaryPayload.summary ?? '',
}
const summaryJson = losslessStringify(finalSummary)
if (!summaryJson) {
throw new ORPCError('INTERNAL_SERVER_ERROR', {
message: 'Failed to serialize summary.json',
})
}
const summaryBytes = Buffer.from(summaryJson, 'utf-8')
// Build manifest.json (fixed file list, matching Kotlin reference)
const manifestFiles: Record<string, string> = {
'summary.json': sha256Hex(summaryBytes),
'assets.json': assetsSha256,
'vulnerabilities.json': vulnerabilitiesSha256,
'weakPasswords.json': weakPasswordsSha256,
'漏洞评估报告.html': reportHtmlSha256,
}
const manifestBytes = Buffer.from(JSON.stringify({ files: manifestFiles }, null, 2), 'utf-8')
const signatureAsc = await pgpSignDetached(manifestBytes, config.pgpPrivateKey)
// Pack signed ZIP
const signedZip = new JSZip()
signedZip.file('summary.json', summaryBytes)
for (const item of zipFiles) {
if (item.name !== 'summary.json') {
signedZip.file(item.name, item.bytes)
}
}
signedZip.file('META-INF/manifest.json', manifestBytes)
signedZip.file('META-INF/signature.asc', signatureAsc)
const signedZipBytes = await signedZip.generateAsync({
type: 'uint8array',
compression: 'DEFLATE',
compressionOptions: { level: 9 },
})
return new File([Buffer.from(signedZipBytes)], input.outputFileName ?? 'signed-report.zip', {
type: 'application/zip',
})
})

6
apps/server/src/server/api/routers/index.ts
View File

@@ -1,6 +1,8 @@
import { os } from '../server' import { os } from '../server'
import * as todo from './todo.router' import * as config from './config.router'
import * as crypto from './crypto.router'
export const router = os.router({ export const router = os.router({
todo, config,
crypto,
}) })

49
apps/server/src/server/api/routers/todo.router.ts
View File

@@ -1,49 +0,0 @@
import { ORPCError } from '@orpc/server'
import { eq } from 'drizzle-orm'
import { todoTable } from '@/server/db/schema'
import { db } from '../middlewares'
import { os } from '../server'
export const list = os.todo.list.use(db).handler(async ({ context }) => {
const todos = await context.db.query.todoTable.findMany({
orderBy: (todos, { desc }) => [desc(todos.createdAt)],
})
return todos
})
export const create = os.todo.create
.use(db)
.handler(async ({ context, input }) => {
const [newTodo] = await context.db
.insert(todoTable)
.values(input)
.returning()
if (!newTodo) {
throw new ORPCError('NOT_FOUND')
}
return newTodo
})
export const update = os.todo.update
.use(db)
.handler(async ({ context, input }) => {
const [updatedTodo] = await context.db
.update(todoTable)
.set(input.data)
.where(eq(todoTable.id, input.id))
.returning()
if (!updatedTodo) {
throw new ORPCError('NOT_FOUND')
}
return updatedTodo
})
export const remove = os.todo.remove
.use(db)
.handler(async ({ context, input }) => {
await context.db.delete(todoTable).where(eq(todoTable.id, input.id))
})

6
apps/server/src/server/api/types.ts
View File

@@ -1,8 +1,4 @@
import type { import type { ContractRouterClient, InferContractRouterInputs, InferContractRouterOutputs } from '@orpc/contract'
ContractRouterClient,
InferContractRouterInputs,
InferContractRouterOutputs,
} from '@orpc/contract'
import type { Contract } from './contracts' import type { Contract } from './contracts'
export type RouterClient = ContractRouterClient<Contract> export type RouterClient = ContractRouterClient<Contract>

36
apps/server/src/server/db/fields.ts Normal file
View File

@@ -0,0 +1,36 @@
import { integer, text } from 'drizzle-orm/sqlite-core'
import { v7 as uuidv7 } from 'uuid'
export const pk = (name = 'id') =>
text(name)
.primaryKey()
.$defaultFn(() => uuidv7())
export const createdAt = (name = 'created_at') =>
integer(name, { mode: 'timestamp_ms' })
.notNull()
.$defaultFn(() => new Date())
export const updatedAt = (name = 'updated_at') =>
integer(name, { mode: 'timestamp_ms' })
.notNull()
.$defaultFn(() => new Date())
.$onUpdateFn(() => new Date())
export const generatedFields = {
id: pk('id'),
createdAt: createdAt('created_at'),
updatedAt: updatedAt('updated_at'),
}
const createGeneratedFieldKeys = <T extends Record<string, unknown>>(fields: T): Record<keyof T, true> => {
return Object.keys(fields).reduce(
(acc, key) => {
acc[key as keyof T] = true
return acc
},
{} as Record<keyof T, true>,
)
}
export const generatedFieldKeys = createGeneratedFieldKeys(generatedFields)

19
apps/server/src/server/db/index.ts
View File

@@ -1,15 +1,14 @@
import { drizzle } from 'drizzle-orm/postgres-js' import { Database } from 'bun:sqlite'
import { drizzle } from 'drizzle-orm/bun-sqlite'
import { env } from '@/env' import { env } from '@/env'
import * as schema from '@/server/db/schema' import { relations } from '@/server/db/relations'
export const createDB = () => export const createDB = () => {
drizzle({ const sqlite = new Database(env.DATABASE_PATH)
connection: { sqlite.exec('PRAGMA journal_mode = WAL')
url: env.DATABASE_URL, sqlite.exec('PRAGMA foreign_keys = ON')
prepare: true, return drizzle({ client: sqlite, relations })
}, }
schema,
})
export type DB = ReturnType<typeof createDB> export type DB = ReturnType<typeof createDB>

4
apps/server/src/server/db/relations.ts Normal file
View File

@@ -0,0 +1,4 @@
import { defineRelations } from 'drizzle-orm'
import * as schema from './schema'
export const relations = defineRelations(schema, () => ({}))

2
apps/server/src/server/db/schema/index.ts
View File

@@ -1 +1 @@
export * from './todo' export * from './ux-config'

8
apps/server/src/server/db/schema/todo.ts
View File

@@ -1,8 +0,0 @@
import { boolean, pgTable, text } from 'drizzle-orm/pg-core'
import { generatedFields } from './utils/field'
export const todoTable = pgTable('todo', {
...generatedFields,
title: text('title').notNull(),
completed: boolean('completed').notNull().default(false),
})

58
apps/server/src/server/db/schema/utils/field.ts
View File

@@ -1,58 +0,0 @@
import { sql } from 'drizzle-orm'
import { timestamp, uuid } from 'drizzle-orm/pg-core'
import { v7 as uuidv7 } from 'uuid'
// id
export const id = (name: string) => uuid(name)
export const pk = (name: string, strategy?: 'native' | 'extension') => {
switch (strategy) {
// PG 18+
case 'native':
return id(name).primaryKey().default(sql`uuidv7()`)
// PG 13+ with extension
case 'extension':
return id(name).primaryKey().default(sql`uuid_generate_v7()`)
// Any PG version
default:
return id(name)
.primaryKey()
.$defaultFn(() => uuidv7())
}
}
// timestamp
export const createdAt = (name = 'created_at') =>
timestamp(name, { withTimezone: true }).notNull().defaultNow()
export const updatedAt = (name = 'updated_at') =>
timestamp(name, { withTimezone: true })
.notNull()
.defaultNow()
.$onUpdateFn(() => new Date())
// generated fields
export const generatedFields = {
id: pk('id'),
createdAt: createdAt('created_at'),
updatedAt: updatedAt('updated_at'),
}
// Helper to create omit keys from generatedFields
const createGeneratedFieldKeys = <T extends Record<string, unknown>>(
fields: T,
): Record<keyof T, true> => {
return Object.keys(fields).reduce(
(acc, key) => {
acc[key as keyof T] = true
return acc
},
{} as Record<keyof T, true>,
)
}
export const generatedFieldKeys = createGeneratedFieldKeys(generatedFields)

14
apps/server/src/server/db/schema/ux-config.ts Normal file
View File

@@ -0,0 +1,14 @@
import { sqliteTable, text } from 'drizzle-orm/sqlite-core'
import { generatedFields } from '../fields'
export const uxConfigTable = sqliteTable('ux_config', {
...generatedFields,
singletonKey: text('singleton_key').notNull().unique().default('default'),
licencePayload: text('licence_payload'),
licenceSignature: text('licence_signature'),
licenceId: text('licence_id'),
licenceExpireTime: text('licence_expire_time'),
fingerprint: text('fingerprint').notNull(),
platformPublicKey: text('platform_public_key'),
pgpPrivateKey: text('pgp_private_key'),
})

10
apps/server/src/server/device-fingerprint.ts Normal file
View File

@@ -0,0 +1,10 @@
import { sha256Hex } from '@furtherverse/crypto'
import { system } from 'systeminformation'
export const computeDeviceFingerprint = async (): Promise<string> => {
const { uuid, serial, model, manufacturer } = await system()
const source = [uuid, serial, model, manufacturer].join('|')
const hash = sha256Hex(source)
return hash
}

32
apps/server/src/server/licence.test.ts Normal file
View File

@@ -0,0 +1,32 @@
import { describe, expect, it } from 'bun:test'
import { constants, createSign, generateKeyPairSync } from 'node:crypto'
import { decodeLicencePayload, isLicenceExpired, verifyAndDecodeLicenceEnvelope } from './licence'
describe('licence helpers', () => {
it('verifies payload signatures and decodes payload JSON', () => {
const { privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: 2048 })
const payloadJson = JSON.stringify({ licence_id: 'LIC-20260319-0025', expire_time: '2027-03-19' })
const payload = Buffer.from(payloadJson, 'utf-8').toString('base64')
const signer = createSign('RSA-SHA256')
signer.update(Buffer.from(payload, 'utf-8'))
signer.end()
const signature = signer.sign({ key: privateKey, padding: constants.RSA_PKCS1_PADDING }).toString('base64')
const publicKeyBase64 = publicKey.export({ format: 'der', type: 'spki' }).toString('base64')
expect(verifyAndDecodeLicenceEnvelope({ payload, signature }, publicKeyBase64)).toEqual({
licence_id: 'LIC-20260319-0025',
expire_time: '2027-03-19',
})
})
it('treats expire_time as valid through the end of the UTC day', () => {
expect(isLicenceExpired('2027-03-19', new Date('2027-03-19T23:59:59.999Z'))).toBe(false)
expect(isLicenceExpired('2027-03-19', new Date('2027-03-20T00:00:00.000Z'))).toBe(true)
})
it('rejects malformed payloads', () => {
expect(() => decodeLicencePayload('not-base64')).toThrow('payload must be valid Base64')
})
})

94
apps/server/src/server/licence.ts Normal file
View File

@@ -0,0 +1,94 @@
import { rsaVerifySignature } from '@furtherverse/crypto'
import { z } from 'zod'
const BASE64_PATTERN = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/
const DATE_PATTERN = /^(\d{4})-(\d{2})-(\d{2})$/
export const licenceEnvelopeSchema = z.object({
payload: z.string().min(1).max(8192).describe('Base64 编码的 licence payload 原文'),
signature: z.string().min(1).max(8192).describe('对 payload 字符串 UTF-8 字节做 SHA256withRSA 后得到的 Base64 签名'),
})
export const licencePayloadSchema = z
.object({
licence_id: z.string().min(1).describe('验签通过后的 licence 标识'),
expire_time: z
.string()
.regex(DATE_PATTERN, 'expire_time must use YYYY-MM-DD')
.describe('授权到期日,格式为 YYYY-MM-DD按 UTC 自然日末尾失效)'),
})
.loose()
export type LicenceEnvelope = z.infer<typeof licenceEnvelopeSchema>
export type LicencePayload = z.infer<typeof licencePayloadSchema>
const decodeBase64 = (value: string, fieldName: string): Buffer => {
if (!BASE64_PATTERN.test(value)) {
throw new Error(`${fieldName} must be valid Base64`)
}
return Buffer.from(value, 'base64')
}
const parseUtcDate = (value: string): Date => {
const match = DATE_PATTERN.exec(value)
if (!match) {
throw new Error('expire_time must use YYYY-MM-DD')
}
const [, yearText, monthText, dayText] = match
const year = Number(yearText)
const month = Number(monthText)
const day = Number(dayText)
const parsed = new Date(Date.UTC(year, month - 1, day))
if (
Number.isNaN(parsed.getTime()) ||
parsed.getUTCFullYear() !== year ||
parsed.getUTCMonth() !== month - 1 ||
parsed.getUTCDate() !== day
) {
throw new Error('expire_time is not a valid calendar date')
}
return parsed
}
export const isLicenceExpired = (expireTime: string, now = new Date()): boolean => {
const expireDate = parseUtcDate(expireTime)
const expiresAt = Date.UTC(expireDate.getUTCFullYear(), expireDate.getUTCMonth(), expireDate.getUTCDate() + 1)
return now.getTime() >= expiresAt
}
export const decodeLicencePayload = (payloadBase64: string): LicencePayload => {
const decodedJson = decodeBase64(payloadBase64, 'payload').toString('utf-8')
let rawPayload: unknown
try {
rawPayload = JSON.parse(decodedJson)
} catch {
throw new Error('payload must decode to valid JSON')
}
const parsedPayload = licencePayloadSchema.safeParse(rawPayload)
if (!parsedPayload.success) {
throw new Error(z.prettifyError(parsedPayload.error))
}
return parsedPayload.data
}
export const verifyLicenceEnvelopeSignature = (envelope: LicenceEnvelope, publicKeyBase64: string): void => {
const signatureBytes = decodeBase64(envelope.signature, 'signature')
const isValid = rsaVerifySignature(Buffer.from(envelope.payload, 'utf-8'), signatureBytes, publicKeyBase64)
if (!isValid) {
throw new Error('licence signature is invalid')
}
}
export const verifyAndDecodeLicenceEnvelope = (envelope: LicenceEnvelope, publicKeyBase64: string): LicencePayload => {
verifyLicenceEnvelopeSignature(envelope, publicKeyBase64)
return decodeLicencePayload(envelope.payload)
}

96
apps/server/src/server/safe-zip.ts Normal file
View File

@@ -0,0 +1,96 @@
import type { JSZipObject } from 'jszip'
import JSZip from 'jszip'
export class ZipValidationError extends Error {
override name = 'ZipValidationError'
}
export interface ZipFileItem {
name: string
bytes: Uint8Array
}
export interface SafeZipOptions {
maxRawBytes?: number
maxEntries?: number
maxSingleFileBytes?: number
maxTotalUncompressedBytes?: number
}
const DEFAULTS = {
maxRawBytes: 50 * 1024 * 1024,
maxEntries: 64,
maxSingleFileBytes: 20 * 1024 * 1024,
maxTotalUncompressedBytes: 60 * 1024 * 1024,
} satisfies Required<SafeZipOptions>
const normalizePath = (name: string): string => name.replaceAll('\\', '/')
const isUnsafePath = (name: string): boolean => {
const normalized = normalizePath(name)
const segments = normalized.split('/')
return (
normalized.startsWith('/') ||
normalized.includes('\0') ||
segments.some((segment) => segment === '..' || segment.trim().length === 0)
)
}
export const extractSafeZipFiles = async (
rawBytes: Uint8Array | Buffer,
options?: SafeZipOptions,
): Promise<ZipFileItem[]> => {
const opts = { ...DEFAULTS, ...options }
if (rawBytes.byteLength === 0 || rawBytes.byteLength > opts.maxRawBytes) {
throw new ZipValidationError('ZIP is empty or exceeds max size limit')
}
const zip = await JSZip.loadAsync(rawBytes, { checkCRC32: true }).catch(() => {
throw new ZipValidationError('Not a valid ZIP file')
})
const entries = Object.values(zip.files) as JSZipObject[]
if (entries.length > opts.maxEntries) {
throw new ZipValidationError(`ZIP contains too many entries: ${entries.length}`)
}
let totalUncompressedBytes = 0
const files: ZipFileItem[] = []
const seen = new Set<string>()
for (const entry of entries) {
if (entry.dir) {
continue
}
if (isUnsafePath(entry.name)) {
throw new ZipValidationError(`ZIP contains unsafe entry path: ${entry.name}`)
}
const normalizedName = normalizePath(entry.name)
if (seen.has(normalizedName)) {
throw new ZipValidationError(`ZIP contains duplicate entry: ${normalizedName}`)
}
seen.add(normalizedName)
const content = await entry.async('uint8array')
if (content.byteLength > opts.maxSingleFileBytes) {
throw new ZipValidationError(`ZIP entry too large: ${normalizedName}`)
}
totalUncompressedBytes += content.byteLength
if (totalUncompressedBytes > opts.maxTotalUncompressedBytes) {
throw new ZipValidationError('ZIP total uncompressed content exceeds max size limit')
}
files.push({ name: normalizedName, bytes: content })
}
if (files.length === 0) {
throw new ZipValidationError('ZIP has no file entries')
}
return files
}

99
apps/server/src/server/ux-config.ts Normal file
View File

@@ -0,0 +1,99 @@
import { eq } from 'drizzle-orm'
import type { DB } from '@/server/db'
import { uxConfigTable } from '@/server/db/schema'
import { computeDeviceFingerprint } from './device-fingerprint'
const UX_CONFIG_KEY = 'default'
export const getUxConfig = async (db: DB) => {
return await db.query.uxConfigTable.findFirst({
where: { singletonKey: UX_CONFIG_KEY },
})
}
export const ensureUxConfig = async (db: DB) => {
const fingerprint = await computeDeviceFingerprint()
const existing = await getUxConfig(db)
if (existing) {
if (existing.fingerprint !== fingerprint) {
const rows = await db
.update(uxConfigTable)
.set({ fingerprint })
.where(eq(uxConfigTable.id, existing.id))
.returning()
return rows[0] as (typeof rows)[number]
}
return existing
}
const rows = await db
.insert(uxConfigTable)
.values({
singletonKey: UX_CONFIG_KEY,
fingerprint,
licencePayload: null,
licenceSignature: null,
licenceId: null,
licenceExpireTime: null,
})
.returning()
return rows[0] as (typeof rows)[number]
}
export const setUxLicence = async (
db: DB,
licence: {
payload: string
signature: string
licenceId: string
expireTime: string
},
) => {
const config = await ensureUxConfig(db)
const rows = await db
.update(uxConfigTable)
.set({
licencePayload: licence.payload,
licenceSignature: licence.signature,
licenceId: licence.licenceId,
licenceExpireTime: licence.expireTime,
})
.where(eq(uxConfigTable.id, config.id))
.returning()
return rows[0] as (typeof rows)[number]
}
export const setUxPgpPrivateKey = async (db: DB, pgpPrivateKey: string) => {
const config = await ensureUxConfig(db)
const rows = await db.update(uxConfigTable).set({ pgpPrivateKey }).where(eq(uxConfigTable.id, config.id)).returning()
return rows[0] as (typeof rows)[number]
}
export const setUxPlatformPublicKey = async (db: DB, platformPublicKey: string) => {
const config = await ensureUxConfig(db)
const shouldClearLicence = config.platformPublicKey !== platformPublicKey
const rows = await db
.update(uxConfigTable)
.set({
platformPublicKey,
...(shouldClearLicence
? {
licencePayload: null,
licenceSignature: null,
licenceId: null,
licenceExpireTime: null,
}
: {}),
})
.where(eq(uxConfigTable.id, config.id))
.returning()
return rows[0] as (typeof rows)[number]
}

37
apps/server/turbo.json
View File

@@ -2,9 +2,46 @@
"$schema": "../../node_modules/turbo/schema.json", "$schema": "../../node_modules/turbo/schema.json",
"extends": ["//"], "extends": ["//"],
"tasks": { "tasks": {
"build": {
"env": ["NODE_ENV", "VITE_*"],
"inputs": ["src/**", "public/**", "package.json", "tsconfig.json", "vite.config.ts"],
"outputs": [".output/**"]
},
"compile": { "compile": {
"dependsOn": ["build"], "dependsOn": ["build"],
"outputs": ["out/**"] "outputs": ["out/**"]
},
"compile:darwin": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:darwin:arm64": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:darwin:x64": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:linux": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:linux:arm64": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:linux:x64": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:windows": {
"dependsOn": ["build"],
"outputs": ["out/**"]
},
"compile:windows:x64": {
"dependsOn": ["build"],
"outputs": ["out/**"]
} }
} }
} }

13
apps/server/vite.config.ts
View File

@@ -10,24 +10,21 @@ export default defineConfig({
clearScreen: false, clearScreen: false,
plugins: [ plugins: [
tanstackDevtools(), tanstackDevtools(),
nitro({
preset: 'bun',
serveStatic: 'inline',
}),
tsconfigPaths(),
tailwindcss(), tailwindcss(),
tsconfigPaths(),
tanstackStart(), tanstackStart(),
react({ react({
babel: { babel: {
plugins: ['babel-plugin-react-compiler'], plugins: ['babel-plugin-react-compiler'],
}, },
}), }),
nitro({
preset: 'bun',
serveStatic: 'inline',
}),
], ],
server: { server: {
port: 3000, port: 3000,
strictPort: true, strictPort: true,
watch: {
ignored: ['**/src-tauri/**'],
},
}, },
}) })

3
biome.json
View File

@@ -11,7 +11,8 @@
"formatter": { "formatter": {
"enabled": true, "enabled": true,
"indentStyle": "space", "indentStyle": "space",
"lineEnding": "lf" "lineEnding": "lf",
"lineWidth": 120
}, },
"linter": { "linter": {
"enabled": true, "enabled": true,

1916
bun.lock
View File

File diff suppressed because it is too large Load Diff

432
docs/摘要+zip/EncryptionTestController.kt Normal file
View File

@@ -0,0 +1,432 @@
package top.tangyh.lamp.filing.controller.compress
import com.fasterxml.jackson.databind.ObjectMapper
import io.swagger.annotations.Api
import io.swagger.annotations.ApiOperation
import io.swagger.annotations.ApiParam
import org.springframework.validation.annotation.Validated
import org.springframework.web.bind.annotation.*
import top.tangyh.basic.annotation.log.WebLog
import top.tangyh.basic.base.R
import top.tangyh.lamp.filing.dto.management.UploadInspectionFileV2Request
import top.tangyh.lamp.filing.utils.AesGcmUtil
import top.tangyh.lamp.filing.utils.HkdfUtil
import top.tangyh.lamp.filing.utils.PgpSignatureUtil
import java.util.*
/**
* 加密测试工具类
*
* 用于生成加密后的 encrypted 数据,测试 uploadInspectionFileV2Encrypted 接口
*
* 使用说明:
* 1. 调用 /compression/test/generateEncrypted 接口
* 2. 传入 licence、fingerprint、taskId 和明文数据
* 3. 获取加密后的 Base64 字符串
* 4. 使用返回的 encrypted 数据测试 uploadInspectionFileV2Encrypted 接口
*/
@Validated
@RestController
@RequestMapping("/compression/test")
@Api(value = "EncryptionTest", tags = ["加密测试工具"])
class EncryptionTestController {
private val objectMapper = ObjectMapper()
companion object {
private const val DEFAULT_PGP_PRIVATE_KEY = """-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEaSZqXBYJKwYBBAHaRw8BAQdARzZ5JXreuTeTgMFwYcw0Ju7aCWmXuUMmQyff
5vmN8RQAAP4nli0R/MTNtgx9+g5ZPyAj8XSAnjHaW9u2UJQxYhMIYw8XtBZpdHRj
PGl0dGNAaXR0Yy5zaC5jbj6IkwQTFgoAOxYhBG8IkI1kmkNpEu8iuqWu91t6SEzN
BQJpJmpcAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEKWu91t6SEzN
dSQBAPM5llVG0X6SBa4YM90Iqyb2jWvlNjstoF8jjPVny1CiAP4hIOUvb686oSA0
OrS3AuICi7X/r+JnSo1Z7pngUA3VC5xdBGkmalwSCisGAQQBl1UBBQEBB0BouQlG
hIL0bq7EbaB55s+ygLVFOfhjFA8E4fwFBFJGVAMBCAcAAP98ZXRGgzld1XUa5ZGx
cTE+1qGZY4E4BVIeqkVxdg5tqA64iHgEGBYKACAWIQRvCJCNZJpDaRLvIrqlrvdb
ekhMzQUCaSZqXAIbDAAKCRClrvdbekhMzcaSAQDB/4pvDuc7SploQg1fBYobFm5P
vxguByr8I+PrYWKKOQEAnaeXT4ipi1nICXFiigztsIl2xTth3D77XG6pZUU/Zw8=
=/k1H
-----END PGP PRIVATE KEY BLOCK-----"""
private const val DEFAULT_PGP_PASSPHRASE = ""
}
/**
* 生成加密数据请求 DTO
*/
data class GenerateEncryptedRequest(
@ApiParam(value = "授权码", required = true)
val licence: String,
@ApiParam(value = "硬件指纹", required = true)
val fingerprint: String,
@ApiParam(value = "任务ID", required = true)
val taskId: String,
@ApiParam(value = "企业ID", required = true)
val enterpriseId: Long,
@ApiParam(value = "检查ID", required = true)
val inspectionId: Long,
@ApiParam(value = "摘要信息", required = true)
val summary: String
)
/**
* 生成加密数据响应 DTO
*/
data class GenerateEncryptedResponse(
val encrypted: String,
val requestBody: UploadInspectionFileV2Request,
val plaintext: String,
val keyDerivationInfo: KeyDerivationInfo
)
/**
* 密钥派生信息
*/
data class KeyDerivationInfo(
val ikm: String,
val salt: String,
val info: String,
val keyLength: Int,
val keyHex: String
)
/**
* 生成加密数据
*
* 模拟工具箱端的加密逻辑:
* 1. 使用 HKDF-SHA256 派生 AES 密钥
* - ikm = licence + fingerprint
* - salt = taskId
* - info = "inspection_report_encryption"
* - length = 32 bytes
*
* 2. 使用 AES-256-GCM 加密数据
* - 格式IV (12字节) + Ciphertext + Tag (16字节)
* - Base64 编码返回
*
* @param request 生成加密数据请求
* @return 加密后的数据和完整的请求体
*/
@ApiOperation(value = "生成加密数据", notes = "生成加密后的 encrypted 数据,用于测试 uploadInspectionFileV2Encrypted 接口")
@PostMapping("/generateEncrypted")
@WebLog(value = "'生成加密数据:'", request = false)
fun generateEncrypted(
@RequestBody request: GenerateEncryptedRequest
): R<GenerateEncryptedResponse> {
return try {
// 1. 组装明文数据JSON格式
val timestamp = System.currentTimeMillis()
val plaintextMap = mapOf(
"enterpriseId" to request.enterpriseId.toString(),
"inspectionId" to request.inspectionId.toString(),
"summary" to request.summary,
"timestamp" to timestamp
)
val plaintext = objectMapper.writeValueAsString(plaintextMap)
// 2. 使用 HKDF-SHA256 派生 AES 密钥
// ikm = licence + fingerprint
// salt = taskId工具箱从二维码获取平台从请求获取
// info = "inspection_report_encryption"(固定值)
// length = 32 bytes
val ikm = "${request.licence}${request.fingerprint}"
val salt = request.taskId.toString()
val info = "inspection_report_encryption"
val keyLength = 32
val aesKey = HkdfUtil.deriveKey(ikm, salt, info, keyLength)
// 3. 使用 AES-256-GCM 加密数据
val encrypted = AesGcmUtil.encrypt(plaintext, aesKey)
// 4. 组装完整的请求体appid 需要前端自己赋值)
val requestBody = UploadInspectionFileV2Request().apply {
this.appid = "test-appid" // 测试用的 appid实际使用时前端会赋值
this.taskId = request.taskId
this.encrypted = encrypted
}
// 5. 返回加密数据和密钥派生信息
val response = GenerateEncryptedResponse(
encrypted = encrypted,
requestBody = requestBody,
plaintext = plaintext,
keyDerivationInfo = KeyDerivationInfo(
ikm = ikm,
salt = salt,
info = info,
keyLength = keyLength,
keyHex = aesKey.joinToString("") { "%02x".format(it) }
)
)
R.success(response, "加密数据生成成功")
} catch (e: Exception) {
R.fail("生成加密数据失败: ${e.message}")
}
}
/**
* 快速生成测试数据(使用默认值)
*
* @return 加密后的数据和完整的请求体
*/
@ApiOperation(value = "快速生成测试数据", notes = "使用默认值快速生成加密数据,用于快速测试")
@GetMapping("/generateTestData")
@WebLog(value = "'快速生成测试数据:'", request = false)
fun generateTestData(): R<GenerateEncryptedResponse> {
return try {
// 使用默认测试数据
val request = GenerateEncryptedRequest(
licence = "TEST-LICENCE-001",
fingerprint = "TEST-FINGERPRINT-001",
taskId = "TASK-20260115-4875",
enterpriseId = 1173040813421105152L,
inspectionId = 702286470691215417L,
summary = "测试摘要信息"
)
generateEncrypted(request).data?.let {
R.success(it, "测试数据生成成功")
} ?: R.fail("生成测试数据失败")
} catch (e: Exception) {
R.fail("生成测试数据失败: ${e.message}")
}
}
/**
* 验证加密数据(解密测试)
*
* 用于验证生成的加密数据是否能正确解密
*
* @param encrypted 加密后的 Base64 字符串
* @param licence 授权码
* @param fingerprint 硬件指纹
* @param taskId 任务ID
* @return 解密后的明文数据
*/
@ApiOperation(value = "验证加密数据", notes = "解密加密数据,验证加密是否正确")
@PostMapping("/verifyEncrypted")
@WebLog(value = "'验证加密数据:'", request = false)
fun verifyEncrypted(
@ApiParam(value = "加密后的 Base64 字符串", required = true)
@RequestParam encrypted: String,
@ApiParam(value = "授权码", required = true)
@RequestParam licence: String,
@ApiParam(value = "硬件指纹", required = true)
@RequestParam fingerprint: String,
@ApiParam(value = "任务ID", required = true)
@RequestParam taskId: String
): R<Map<String, Any>> {
return try {
// 1. 使用相同的密钥派生规则派生密钥
val ikm = "$licence$fingerprint"
val salt = taskId.toString()
val info = "inspection_report_encryption"
val aesKey = HkdfUtil.deriveKey(ikm, salt, info, 32)
// 2. 解密数据
val decrypted = AesGcmUtil.decrypt(encrypted, aesKey)
// 3. 解析 JSON
@Suppress("UNCHECKED_CAST")
val dataMap = objectMapper.readValue(decrypted, Map::class.java) as Map<String, Any>
R.success(dataMap, "解密成功")
} catch (e: Exception) {
R.fail("解密失败: ${e.message}")
}
}
/**
* 生成加密报告 ZIP 文件请求 DTO
*/
data class GenerateEncryptedZipRequest(
@ApiParam(value = "授权码", required = true)
val licence: String,
@ApiParam(value = "硬件指纹", required = true)
val fingerprint: String,
@ApiParam(value = "任务ID", required = true)
val taskId: String,
@ApiParam(value = "企业ID", required = true)
val enterpriseId: Long,
@ApiParam(value = "检查ID", required = true)
val inspectionId: Long,
@ApiParam(value = "摘要信息", required = true)
val summary: String,
@ApiParam(value = "资产信息 JSON", required = true)
val assetsJson: String,
@ApiParam(value = "漏洞信息 JSON", required = true)
val vulnerabilitiesJson: String,
@ApiParam(value = "弱密码信息 JSON", required = true)
val weakPasswordsJson: String,
@ApiParam(value = "漏洞评估报告 HTML", required = true)
val reportHtml: String,
@ApiParam(value = "PGP 私钥(可选,不提供则跳过 PGP 签名)", required = false)
val pgpPrivateKey: String? = null,
@ApiParam(value = "PGP 私钥密码(可选)", required = false)
val pgpPassphrase: String? = null
)
/**
* 生成加密报告 ZIP 文件
*
* 按照文档《工具箱端-报告加密与签名生成指南.md》生成加密报告 ZIP 文件
*
* @param request 生成请求
* @return ZIP 文件(二进制流)
*/
@ApiOperation(value = "生成加密报告 ZIP", notes = "生成带设备签名的加密报告 ZIP 文件,可被 uploadInspectionFileV2 接口解密")
@PostMapping("/generateEncryptedZip")
@WebLog(value = "'生成加密报告 ZIP:'", request = false)
fun generateEncryptedZip(
@RequestBody request: GenerateEncryptedZipRequest,
response: javax.servlet.http.HttpServletResponse
) {
try {
// 1. 准备文件内容
val assetsContent = request.assetsJson.toByteArray(Charsets.UTF_8)
val vulnerabilitiesContent = request.vulnerabilitiesJson.toByteArray(Charsets.UTF_8)
val weakPasswordsContent = request.weakPasswordsJson.toByteArray(Charsets.UTF_8)
val reportHtmlContent = request.reportHtml.toByteArray(Charsets.UTF_8)
// 2. 生成设备签名
// 2.1 密钥派生
val ikm = "${request.licence}${request.fingerprint}"
val salt = "AUTH_V3_SALT"
val info = "device_report_signature"
val derivedKey = HkdfUtil.deriveKey(ikm, salt, info, 32)
// 2.2 计算文件 SHA256
fun sha256Hex(content: ByteArray): String {
val digest = java.security.MessageDigest.getInstance("SHA-256")
return digest.digest(content).joinToString("") { "%02x".format(it) }
}
val assetsSha256 = sha256Hex(assetsContent)
val vulnerabilitiesSha256 = sha256Hex(vulnerabilitiesContent)
val weakPasswordsSha256 = sha256Hex(weakPasswordsContent)
val reportHtmlSha256 = sha256Hex(reportHtmlContent)
// 2.3 组装签名数据(严格顺序)
val signPayload = buildString {
append(request.taskId)
append(request.inspectionId)
append(assetsSha256)
append(vulnerabilitiesSha256)
append(weakPasswordsSha256)
append(reportHtmlSha256)
}
// 2.4 计算 HMAC-SHA256
val mac = javax.crypto.Mac.getInstance("HmacSHA256")
val secretKey = javax.crypto.spec.SecretKeySpec(derivedKey, "HmacSHA256")
mac.init(secretKey)
val signatureBytes = mac.doFinal(signPayload.toByteArray(Charsets.UTF_8))
val deviceSignature = Base64.getEncoder().encodeToString(signatureBytes)
// 2.5 生成 summary.json
val summaryMap = mapOf(
"orgId" to request.enterpriseId,
"checkId" to request.inspectionId,
"taskId" to request.taskId,
"licence" to request.licence,
"fingerprint" to request.fingerprint,
"deviceSignature" to deviceSignature,
"summary" to request.summary
)
val summaryContent = objectMapper.writeValueAsString(summaryMap).toByteArray(Charsets.UTF_8)
// 3. 生成 manifest.json
val filesHashes = mapOf(
"summary.json" to sha256Hex(summaryContent),
"assets.json" to assetsSha256,
"vulnerabilities.json" to vulnerabilitiesSha256,
"weakPasswords.json" to weakPasswordsSha256,
"漏洞评估报告.html" to reportHtmlSha256
)
val manifest = mapOf("files" to filesHashes)
val manifestContent = objectMapper.writeValueAsString(manifest).toByteArray(Charsets.UTF_8)
// 4. 生成 signature.asc
val privateKey = request.pgpPrivateKey?.takeIf { it.isNotBlank() } ?: DEFAULT_PGP_PRIVATE_KEY
val passphrase = request.pgpPassphrase ?: DEFAULT_PGP_PASSPHRASE
val signatureAsc = try {
PgpSignatureUtil.generateDetachedSignature(
manifestContent,
privateKey,
passphrase
)
} catch (e: Exception) {
throw RuntimeException("生成 PGP 签名失败: ${e.message}", e)
}
// 5. 打包 ZIP 文件到内存
val baos = java.io.ByteArrayOutputStream()
java.util.zip.ZipOutputStream(baos).use { zipOut ->
zipOut.putNextEntry(java.util.zip.ZipEntry("summary.json"))
zipOut.write(summaryContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("assets.json"))
zipOut.write(assetsContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("vulnerabilities.json"))
zipOut.write(vulnerabilitiesContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("weakPasswords.json"))
zipOut.write(weakPasswordsContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("漏洞评估报告.html"))
zipOut.write(reportHtmlContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("META-INF/manifest.json"))
zipOut.write(manifestContent)
zipOut.closeEntry()
zipOut.putNextEntry(java.util.zip.ZipEntry("META-INF/signature.asc"))
zipOut.write(signatureAsc)
zipOut.closeEntry()
}
val zipBytes = baos.toByteArray()
// 6. 设置响应头并输出
response.contentType = "application/octet-stream"
response.setHeader("Content-Disposition", "attachment; filename=\"report_${request.taskId}.zip\"")
response.setHeader("Content-Length", zipBytes.size.toString())
response.outputStream.write(zipBytes)
response.outputStream.flush()
} catch (e: Exception) {
response.reset()
response.contentType = "application/json; charset=UTF-8"
response.writer.write("{\"code\": 500, \"msg\": \"生成 ZIP 文件失败: ${e.message}\"}")
}
}
}

3
mise.toml
View File

@@ -1,4 +1,3 @@
[tools] [tools]
node = "latest"
bun = "1" bun = "1"
rust = 'latest' node = "24"

82
package.json
View File

@@ -10,56 +10,64 @@
"scripts": { "scripts": {
"build": "turbo run build", "build": "turbo run build",
"compile": "turbo run compile", "compile": "turbo run compile",
"deploy": "turbo run deploy", "compile:darwin": "turbo run compile:darwin",
"compile:linux": "turbo run compile:linux",
"compile:windows": "turbo run compile:windows",
"dev": "turbo run dev", "dev": "turbo run dev",
"dist": "turbo run dist",
"dist:linux": "turbo run dist:linux",
"dist:mac": "turbo run dist:mac",
"dist:win": "turbo run dist:win",
"fix": "turbo run fix", "fix": "turbo run fix",
"typecheck": "turbo run typecheck" "typecheck": "turbo run typecheck"
}, },
"devDependencies": { "devDependencies": {
"@biomejs/biome": "^2.3.14", "@biomejs/biome": "^2.4.7",
"turbo": "^2.8.3" "turbo": "^2.8.17",
"typescript": "^5.9.3"
}, },
"catalog": { "catalog": {
"@biomejs/biome": "^2.3.11", "@orpc/client": "^1.13.7",
"@effect/platform": "^0.94.3", "@orpc/contract": "^1.13.7",
"@effect/schema": "^0.75.5", "@orpc/openapi": "^1.13.7",
"@orpc/client": "^1.13.4", "@orpc/server": "^1.13.7",
"@orpc/contract": "^1.13.4", "@orpc/tanstack-query": "^1.13.7",
"@orpc/openapi": "^1.13.4", "@orpc/zod": "^1.13.7",
"@orpc/server": "^1.13.4",
"@orpc/tanstack-query": "^1.13.4",
"@orpc/zod": "^1.13.4",
"@t3-oss/env-core": "^0.13.10", "@t3-oss/env-core": "^0.13.10",
"@tailwindcss/vite": "^4.1.18", "@tailwindcss/vite": "^4.2.1",
"@tanstack/devtools-vite": "^0.5.0", "@tanstack/devtools-vite": "^0.5.5",
"@tanstack/react-devtools": "^0.9.4", "@tanstack/react-devtools": "^0.9.13",
"@tanstack/react-query": "^5.90.20", "@tanstack/react-query": "^5.90.21",
"@tanstack/react-query-devtools": "^5.91.3", "@tanstack/react-query-devtools": "^5.91.3",
"@tanstack/react-router": "^1.158.1", "@tanstack/react-router": "^1.167.3",
"@tanstack/react-router-devtools": "^1.158.1", "@tanstack/react-router-devtools": "^1.166.9",
"@tanstack/react-router-ssr-query": "^1.158.1", "@tanstack/react-router-ssr-query": "^1.166.9",
"@tanstack/react-start": "^1.158.3", "@tanstack/react-start": "^1.166.14",
"@tauri-apps/api": "^2.10.1", "@types/bun": "^1.3.10",
"@tauri-apps/cli": "^2.10.0", "@types/node": "^24.12.0",
"@types/bun": "^1.3.8", "@vitejs/plugin-react": "^5.2.0",
"@vitejs/plugin-react": "^5.1.3",
"babel-plugin-react-compiler": "^1.0.0", "babel-plugin-react-compiler": "^1.0.0",
"drizzle-kit": "^0.31.8", "drizzle-kit": "1.0.0-beta.15-859cf75",
"drizzle-orm": "^0.45.1", "drizzle-orm": "1.0.0-beta.15-859cf75",
"drizzle-zod": "^0.8.3", "electron": "^34.0.0",
"effect": "^3.19.16", "electron-builder": "^26.8.1",
"nitro": "npm:nitro-nightly@3.0.1-20260206-171553-bc737c0c", "electron-vite": "^5.0.0",
"ohash": "^2.0.11", "jszip": "^3.10.1",
"postgres": "^3.4.8", "lossless-json": "^4.3.0",
"motion": "^12.36.0",
"nitro": "npm:nitro-nightly@3.0.1-20260315-195328-c31268c6",
"openpgp": "^6.0.1",
"react": "^19.2.4", "react": "^19.2.4",
"react-dom": "^19.2.4", "react-dom": "^19.2.4",
"tailwindcss": "^4.1.18", "tailwindcss": "^4.2.1",
"turbo": "^2.7.5", "tree-kill": "^1.2.2",
"typescript": "^5.9.3",
"uuid": "^13.0.0", "uuid": "^13.0.0",
"systeminformation": "^5.30.7", "vite": "^8.0.0",
"vite": "^8.0.0-beta.13", "vite-tsconfig-paths": "^6.1.1",
"vite-tsconfig-paths": "^6.0.5", "systeminformation": "^5.31.4",
"zod": "^4.3.6" "zod": "^4.3.6"
},
"overrides": {
"@types/node": "catalog:"
} }
} }

18
packages/crypto/package.json Normal file
View File

@@ -0,0 +1,18 @@
{
"name": "@furtherverse/crypto",
"version": "1.0.0",
"private": true,
"type": "module",
"exports": {
".": "./src/index.ts"
},
"dependencies": {
"node-forge": "^1.3.3",
"openpgp": "catalog:"
},
"devDependencies": {
"@furtherverse/tsconfig": "workspace:*",
"@types/bun": "catalog:",
"@types/node-forge": "^1.3.14"
}
}

Some files were not shown because too many files have changed in this diff Show More