后台/会话三诉求:子会话(一台设备一会话)+ 离线消息队列 + 被登出推送 + 后台唤醒层

- Req 1 子会话(iOS 多进程在用户视角=一台设备一会话,内部多条独立刷新逻辑会话):brokerclient 加 MintParams.Sub + SessionInfo.Sub + RevokeDeviceSessions(user,meta) 级联;device-session sub!="" 挂在主 device_id 之下、走 tier=clipboard 且不建第二个 device 行;handleSessionsList 按 meta 归并、隐藏 sub!=""(但保留“仅控件会话存活”的设备,不简单丢弃);revokeDevice 改走 meta 级联(移除设备连带吊控件子会话)。iOS provisionWidgetSessionIfNeeded 改用主 device_id + sub="widget"(弃用独立 dev_widget),控件令牌仍隔离持有、独立刷新——不碰引擎主会话,#7 隔离不变。蓝本 auth/docs/子会话方案.md(cdrop 提案 + Broker 评审接受 + cdrop 确认 6 点:用 sub、R1 cdrop 归并、scope 复用 tier=clipboard、级联 DELETE …?meta=)。
- Req 2a 离线消息队列:新增 pending_messages 表(0001_init + sqlc 查询);message.go 收件设备离线即入队(无论是否配推送都入队,恒 202),修“离线消息只随推送横幅一闪、不入收件列表”;GET /api/messages/pending 取即删(DELETE..RETURNING,单次投递);web hub.ts onOpen 每次 SSE 连接 / 重连即拉取补收、逐条 addMessage(全端受益,iOS 经桥推原生 + 累积未读);复用 login-request reaper 清 TTL。
- Req 3 被登出推送:push 加 KindSessionRevoked + 本地化文案,apns/web 双通道;revokeDevice 加 notifyRevoked 参(跨端 revoke=true、自登出=false),跨端移除时推送告知被踢设备;iOS AppDelegate 收 session:revoked 即清 Keychain 主会话 + 控件会话、发 .cdropSessionRevoked,前台经 AppRoot 即时回登录页、关闭态下次启动即登出。
- #6 后台唤醒层:apns apsEnvelope 加 content-available:1(服务端有消息时既弹可点横幅又短暂后台唤醒);iOS DeviceItem 加 Codable、presence 快照持久化(冷启即时显示设备列表,缓解“长时间重连”观感,SSE 一连即整组替换自校正);控件会话回前台补铸(scenePhase active)+ content-available 唤醒时刷新隔离的控件会话(剪贴板保活,绝不碰引擎主会话以免 #7 回归)。
- 测试:qr_test mock broker 加 sub 幂等键 + 级联吊销端点;bootstrap_test 期望表集加 pending_messages。
This commit is contained in:
2026-06-27 17:42:53 +08:00
parent 1b94df1604
commit a2cad11224
23 changed files with 790 additions and 105 deletions
+77 -14
View File
@@ -2,16 +2,25 @@ package httpapi
import (
"context"
"crypto/rand"
"encoding/hex"
"encoding/json"
"errors"
"log/slog"
"net/http"
"sort"
"time"
"commilitia.net/cdrop/internal/db"
"commilitia.net/cdrop/internal/hub"
"commilitia.net/cdrop/internal/jwtauth"
"commilitia.net/cdrop/internal/push"
)
// pendingMessageTTL bounds how long an offline message waits in the queue before the
// reaper drops it. A day matches the push TTL — past that the message is stale anyway.
const pendingMessageTTL = 24 * 60 * 60
// 4 KB caps DoS-via-paste; longer payloads should use file transfer instead.
const maxMessageBytes = 4 * 1024
@@ -79,26 +88,80 @@ func (s *Server) handleMessage(w http.ResponseWriter, r *http.Request) {
},
})
if !delivered {
// Peer's page is closed (no live SSE). The message has no DB row, so the
// only delivery left is a push notification (Web Push or APNs) carrying
// the text itself. If any push channel is enabled and may have a
// subscription, send and report 202; otherwise the message is truly gone.
// 收件设备页面 / app 关闭(无活 SSE):把消息入离线队列,待其唤醒 / 回前台经
// GET /api/messages/pending 取走入库并累积未读——无论是否配推送都入队,故消息不再「只随
// 推送横幅一闪而过、不入收件列表」。同时发推送唤醒(横幅即时可见)。返回 202(已受理、离线投递)。
sentAt := time.Now().Unix()
if err := s.queries.InsertPendingMessage(r.Context(), db.InsertPendingMessageParams{
ID: newMessageID(),
UserID: claims.UserID,
ToDevice: req.To,
FromDevice: from,
Text: req.Text,
SentAt: sentAt,
CreatedAt: sentAt,
ExpiresAt: sentAt + pendingMessageTTL,
}); err != nil {
slog.Error("queue offline message failed", "err", err, "user", claims.UserID, "to", req.To)
}
n := push.Notification{
Type: push.KindMessage,
Params: map[string]string{"sender": from, "text": req.Text},
}
if s.push.Enabled() || s.apns.Enabled() {
if s.push.Enabled() {
go s.push.Notify(context.Background(), claims.UserID, req.To, n)
}
if s.apns.Enabled() {
go s.apns.Notify(context.Background(), claims.UserID, req.To, n)
}
w.WriteHeader(http.StatusAccepted)
return
if s.push.Enabled() {
go s.push.Notify(context.Background(), claims.UserID, req.To, n)
}
writeJSON(w, http.StatusGone, map[string]string{"error": "peer offline"})
if s.apns.Enabled() {
go s.apns.Notify(context.Background(), claims.UserID, req.To, n)
}
w.WriteHeader(http.StatusAccepted)
return
}
w.WriteHeader(http.StatusNoContent)
}
// newMessageID returns a random opaque id for a queued message so the client can dedup it
// against the live SSE path (which assigns its own ids).
func newMessageID() string {
var b [16]byte
if _, err := rand.Read(b[:]); err != nil {
// crypto/rand only fails if the OS RNG is broken; panicking is correct.
panic("crypto/rand: " + err.Error())
}
return hex.EncodeToString(b[:])
}
type pendingMessageWire struct {
ID string `json:"id"`
From string `json:"from"`
Text string `json:"text"`
SentAt int64 `json:"sent_at"`
}
// handlePendingMessages delivers (once) the messages queued for this device while it was
// offline, then deletes them (DELETE...RETURNING — at-most-once). The device polls this on wake
// / foreground, saves them locally, and accrues unread. Returns [] when none. Guests included
// (messaging is allowed for guest sessions). A device with no managed name gets [].
func (s *Server) handlePendingMessages(w http.ResponseWriter, r *http.Request) {
claims, _ := jwtauth.ClaimsFromContext(r.Context())
device, _ := jwtauth.DeviceNameFromContext(r.Context())
if device == "" {
writeJSON(w, http.StatusOK, []pendingMessageWire{})
return
}
rows, err := s.queries.PopPendingMessages(r.Context(), db.PopPendingMessagesParams{
UserID: claims.UserID,
ToDevice: device,
})
if err != nil {
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "db"})
return
}
// DELETE...RETURNING order is unspecified; present oldest-first for natural chat order.
sort.Slice(rows, func(i, j int) bool { return rows[i].SentAt < rows[j].SentAt })
out := make([]pendingMessageWire, 0, len(rows))
for _, m := range rows {
out = append(out, pendingMessageWire{ID: m.ID, From: m.FromDevice, Text: m.Text, SentAt: m.SentAt})
}
writeJSON(w, http.StatusOK, out)
}