后台/会话三诉求:子会话(一台设备一会话)+ 离线消息队列 + 被登出推送 + 后台唤醒层
- Req 1 子会话(iOS 多进程在用户视角=一台设备一会话,内部多条独立刷新逻辑会话):brokerclient 加 MintParams.Sub + SessionInfo.Sub + RevokeDeviceSessions(user,meta) 级联;device-session sub!="" 挂在主 device_id 之下、走 tier=clipboard 且不建第二个 device 行;handleSessionsList 按 meta 归并、隐藏 sub!=""(但保留“仅控件会话存活”的设备,不简单丢弃);revokeDevice 改走 meta 级联(移除设备连带吊控件子会话)。iOS provisionWidgetSessionIfNeeded 改用主 device_id + sub="widget"(弃用独立 dev_widget),控件令牌仍隔离持有、独立刷新——不碰引擎主会话,#7 隔离不变。蓝本 auth/docs/子会话方案.md(cdrop 提案 + Broker 评审接受 + cdrop 确认 6 点:用 sub、R1 cdrop 归并、scope 复用 tier=clipboard、级联 DELETE …?meta=)。 - Req 2a 离线消息队列:新增 pending_messages 表(0001_init + sqlc 查询);message.go 收件设备离线即入队(无论是否配推送都入队,恒 202),修“离线消息只随推送横幅一闪、不入收件列表”;GET /api/messages/pending 取即删(DELETE..RETURNING,单次投递);web hub.ts onOpen 每次 SSE 连接 / 重连即拉取补收、逐条 addMessage(全端受益,iOS 经桥推原生 + 累积未读);复用 login-request reaper 清 TTL。 - Req 3 被登出推送:push 加 KindSessionRevoked + 本地化文案,apns/web 双通道;revokeDevice 加 notifyRevoked 参(跨端 revoke=true、自登出=false),跨端移除时推送告知被踢设备;iOS AppDelegate 收 session:revoked 即清 Keychain 主会话 + 控件会话、发 .cdropSessionRevoked,前台经 AppRoot 即时回登录页、关闭态下次启动即登出。 - #6 后台唤醒层:apns apsEnvelope 加 content-available:1(服务端有消息时既弹可点横幅又短暂后台唤醒);iOS DeviceItem 加 Codable、presence 快照持久化(冷启即时显示设备列表,缓解“长时间重连”观感,SSE 一连即整组替换自校正);控件会话回前台补铸(scenePhase active)+ content-available 唤醒时刷新隔离的控件会话(剪贴板保活,绝不碰引擎主会话以免 #7 回归)。 - 测试:qr_test mock broker 加 sub 幂等键 + 级联吊销端点;bootstrap_test 期望表集加 pending_messages。
This commit is contained in:
@@ -57,6 +57,11 @@ type MintParams struct {
|
||||
Sliding bool
|
||||
Label string
|
||||
Meta string
|
||||
// Sub is the intra-device session discriminator under one Meta (device): "" = the main
|
||||
// session, a non-empty value (e.g. "widget") a subordinate session that shares the device
|
||||
// identity but holds its own independently-refreshed tokens. The broker keys R2 idempotency
|
||||
// on (user, app, meta, sub), so a sub session coexists with the main instead of rotating it.
|
||||
Sub string
|
||||
}
|
||||
|
||||
// Session is a freshly minted delegated session. SID is the broker's session id —
|
||||
@@ -78,6 +83,7 @@ type mintReqWire struct {
|
||||
Sliding bool `json:"sliding,omitempty"`
|
||||
Label string `json:"label,omitempty"`
|
||||
Meta string `json:"meta,omitempty"`
|
||||
Sub string `json:"sub,omitempty"`
|
||||
}
|
||||
|
||||
type sessionWire struct {
|
||||
@@ -94,7 +100,7 @@ func (c *Client) MintSession(ctx context.Context, p MintParams) (Session, error)
|
||||
body := mintReqWire{
|
||||
UserID: p.UserID, App: c.app, Tier: p.Tier,
|
||||
AccessTTL: p.AccessTTL, RefreshTTL: p.RefreshTTL, Sliding: p.Sliding,
|
||||
Label: p.Label, Meta: p.Meta,
|
||||
Label: p.Label, Meta: p.Meta, Sub: p.Sub,
|
||||
}
|
||||
headers := map[string]string{"X-Internal-Key": c.internalKey}
|
||||
var out sessionWire
|
||||
@@ -123,6 +129,29 @@ func (c *Client) RevokeSession(ctx context.Context, sid string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
// RevokeDeviceSessions cascade-revokes every session under one device meta — the main session
|
||||
// and any subordinate (e.g. clipboard widget) sessions sharing that device
|
||||
// (DELETE /internal/sessions?user_id=&app=&meta=). cdrop calls this when removing a device or
|
||||
// logging it out, so no orphan sub-session survives to keep reading the clipboard. Returns the
|
||||
// count revoked; revoked:0 (nothing to revoke) is idempotent success, not an error.
|
||||
func (c *Client) RevokeDeviceSessions(ctx context.Context, userID, meta string) (int, error) {
|
||||
q := url.Values{"user_id": {userID}, "app": {c.app}, "meta": {meta}}
|
||||
headers := map[string]string{
|
||||
"X-Internal-Key": c.internalKey,
|
||||
"X-Broker-App": c.app,
|
||||
}
|
||||
var out struct {
|
||||
Revoked int `json:"revoked"`
|
||||
}
|
||||
// The cascade endpoint always returns 200 {revoked:N} (revoked:0 when nothing matched), never
|
||||
// 404 — so a 404 here means the endpoint is absent (a broker predating sub support) and must
|
||||
// surface as an error rather than masquerade as success and silently leak the session.
|
||||
if err := c.do(ctx, http.MethodDelete, "/internal/sessions?"+q.Encode(), headers, nil, http.StatusOK, &out); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return out.Revoked, nil
|
||||
}
|
||||
|
||||
// Refreshed is the result of rolling a session's access token. The broker rotates
|
||||
// the refresh credential, so the old one is now dead and the new one must be stored.
|
||||
type Refreshed struct {
|
||||
@@ -156,7 +185,8 @@ func (c *Client) RefreshSession(ctx context.Context, refresh string) (Refreshed,
|
||||
// (the session<->device join key). The broker returns only kind==machine sessions for this
|
||||
// app and never includes credentials.
|
||||
type SessionInfo struct {
|
||||
SID string
|
||||
SID string
|
||||
Sub string // intra-device discriminator: "" = main; non-empty = subordinate (cdrop hides it)
|
||||
Scope string
|
||||
Label string
|
||||
Meta string
|
||||
@@ -167,6 +197,7 @@ type SessionInfo struct {
|
||||
|
||||
type sessionInfoWire struct {
|
||||
ID string `json:"id"`
|
||||
Sub string `json:"sub"`
|
||||
Scope string `json:"scope"`
|
||||
Label string `json:"label"`
|
||||
Meta string `json:"meta"`
|
||||
@@ -192,7 +223,7 @@ func (c *Client) ListSessions(ctx context.Context, userID string) ([]SessionInfo
|
||||
sessions := make([]SessionInfo, 0, len(out.Sessions))
|
||||
for _, s := range out.Sessions {
|
||||
sessions = append(sessions, SessionInfo{
|
||||
SID: s.ID, Scope: s.Scope, Label: s.Label, Meta: s.Meta,
|
||||
SID: s.ID, Sub: s.Sub, Scope: s.Scope, Label: s.Label, Meta: s.Meta,
|
||||
CreatedAt: s.CreatedAt, LastUsedAt: s.LastUsedAt, ExpiresAt: s.ExpiresAt,
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user