44096069a7
- 发送端流式(R-iOS-4):新增 FileSource 抽象(web/src/features/transfer/source.ts),iOS 经 HTTP Range 惰性拉取(原生 WKURLSchemeHandler 认 Range 头 seek 回 206),整文件不进 WebView 内存;web/桌面经 fileSource 包装字节不变。p2p/relay/transfer 改吃 FileSource - 后台续传:iOS 26 BGContinuedProcessingTask(BackgroundTaskManager + AppDelegate 注册 + BGTaskSchedulerPermittedIdentifiers),引擎传输进度驱动系统进度 UI - APNs:后端 internal/apns(ES256 .p8 JWT + HTTP/2,仿 internal/push)+ push_subscriptions.platform 列 + POST /api/push/apns/register + transfer/message 未投递分支分流;原生 PushRegistry 授权 + 设备令牌经引擎桥 registerPush 上报;aps-environment + remote-notification 后台模式 - Share Extension:CDropShare appex 抓文件 → App Group 收件箱 → cdrop://share 深链唤主程序选设备发送(只交接、不跑引擎) - 控制中心剪贴板两控件:CDropWidgets widgetkit appex(ControlWidget + AppIntent + 纯原生 ClipboardClient REST);用专用 broker 设备会话(主程序经引擎 provisionWidgetSession 代铸独立 device_id 会话存 App Group,控件自刷不与引擎抢 refresh 轮换) - 真机分发预备:committed 签名改 ad-hoc 使模拟器 entitlement 生效;真机手动签名 scaffold(Signing.xcconfig 仅 device SDK 套 Manual + gitignore 的 Local.xcconfig 填 Team/profile)+ just ios-device / ios-devices 全 CLI 装机;包名改 net.commilitia.Commilitia-Drop(含 .share/.widgets,BG task 前缀同改);REALDEVICE.md 重写为门户 + CLI 装机手册 - I18n.swift 移 Shared/ 供三 target 共用;i18n 加 ios.bg/share/control.* 键 - ultracode 多 agent 审查修复(0 HIGH,2 MED + 7 LOW):分享 send 后留收件箱致重发→move 私有暂存;WidgetSession 锁屏文件保护→UntilFirstUserAuthentication;outgoing/安全作用域登出释放;控件 device_id 登出清理;并发控件 refresh CAS-before-clear;APNs 读 reason + prune bad token + bust 过期 JWT;APNSEnv 大小写归一;Share-ext completeRequest 挪进 open 回调
105 lines
3.5 KiB
Go
105 lines
3.5 KiB
Go
package httpapi
|
||
|
||
import (
|
||
"context"
|
||
"encoding/json"
|
||
"errors"
|
||
"net/http"
|
||
"time"
|
||
|
||
"commilitia.net/cdrop/internal/hub"
|
||
"commilitia.net/cdrop/internal/jwtauth"
|
||
"commilitia.net/cdrop/internal/push"
|
||
)
|
||
|
||
// 4 KB caps DoS-via-paste; longer payloads should use file transfer instead.
|
||
const maxMessageBytes = 4 * 1024
|
||
|
||
// maxMessageBodyBytes bounds the raw request body BEFORE decode (R5): the 4 KB
|
||
// limit above checks the decoded Go string, so on its own the whole body is
|
||
// still read into memory first. The wire form can be larger than the decoded
|
||
// text — JSON escaping inflates quotes/control chars (worst case ~6×) — so the
|
||
// body cap is the content cap with headroom, not equal to it, to avoid falsely
|
||
// rejecting a legitimate 4 KB message while still bounding memory per request.
|
||
const maxMessageBodyBytes = maxMessageBytes * 8
|
||
|
||
type messageReq struct {
|
||
To string `json:"to"`
|
||
Text string `json:"text"`
|
||
}
|
||
|
||
// handleMessage forwards a one-shot text payload to a peer device. Reuses the
|
||
// SSE Hub the same way /api/hub/signal does — no DB row, no transfer state
|
||
// machine. Receiver sees a `message` event; the frontend keeps it in memory
|
||
// only until the tab closes (per user spec).
|
||
//
|
||
// 204 if delivered live, 202 if the peer is offline but a Web Push was sent
|
||
// (the notification carries the text — the message itself is not persisted),
|
||
// 410 if offline with no push subscription, 413 if oversized.
|
||
func (s *Server) handleMessage(w http.ResponseWriter, r *http.Request) {
|
||
claims, _ := jwtauth.ClaimsFromContext(r.Context())
|
||
from, _ := jwtauth.DeviceNameFromContext(r.Context())
|
||
|
||
r.Body = http.MaxBytesReader(w, r.Body, maxMessageBodyBytes)
|
||
var req messageReq
|
||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||
var mbe *http.MaxBytesError
|
||
if errors.As(err, &mbe) {
|
||
writeJSON(w, http.StatusRequestEntityTooLarge,
|
||
map[string]string{"error": "message exceeds 4 KB"})
|
||
return
|
||
}
|
||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid json"})
|
||
return
|
||
}
|
||
if req.To == "" {
|
||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "missing 'to'"})
|
||
return
|
||
}
|
||
if req.Text == "" {
|
||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "empty text"})
|
||
return
|
||
}
|
||
if len(req.Text) > maxMessageBytes {
|
||
writeJSON(w, http.StatusRequestEntityTooLarge,
|
||
map[string]string{"error": "message exceeds 4 KB"})
|
||
return
|
||
}
|
||
if req.To == from {
|
||
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "cannot send to self"})
|
||
return
|
||
}
|
||
|
||
delivered := s.hub.SendTo(claims.UserID, req.To, hub.Event{
|
||
Type: "message",
|
||
Data: map[string]any{
|
||
"from": from,
|
||
"text": req.Text,
|
||
"sent_at": time.Now().Unix(),
|
||
},
|
||
})
|
||
if !delivered {
|
||
// Peer's page is closed (no live SSE). The message has no DB row, so the
|
||
// only delivery left is a push notification (Web Push or APNs) carrying
|
||
// the text itself. If any push channel is enabled and may have a
|
||
// subscription, send and report 202; otherwise the message is truly gone.
|
||
n := push.Notification{
|
||
Type: push.KindMessage,
|
||
Params: map[string]string{"sender": from, "text": req.Text},
|
||
}
|
||
if s.push.Enabled() || s.apns.Enabled() {
|
||
if s.push.Enabled() {
|
||
go s.push.Notify(context.Background(), claims.UserID, req.To, n)
|
||
}
|
||
if s.apns.Enabled() {
|
||
go s.apns.Notify(context.Background(), claims.UserID, req.To, n)
|
||
}
|
||
w.WriteHeader(http.StatusAccepted)
|
||
return
|
||
}
|
||
writeJSON(w, http.StatusGone, map[string]string{"error": "peer offline"})
|
||
return
|
||
}
|
||
w.WriteHeader(http.StatusNoContent)
|
||
}
|