a2cad11224
- Req 1 子会话(iOS 多进程在用户视角=一台设备一会话,内部多条独立刷新逻辑会话):brokerclient 加 MintParams.Sub + SessionInfo.Sub + RevokeDeviceSessions(user,meta) 级联;device-session sub!="" 挂在主 device_id 之下、走 tier=clipboard 且不建第二个 device 行;handleSessionsList 按 meta 归并、隐藏 sub!=""(但保留“仅控件会话存活”的设备,不简单丢弃);revokeDevice 改走 meta 级联(移除设备连带吊控件子会话)。iOS provisionWidgetSessionIfNeeded 改用主 device_id + sub="widget"(弃用独立 dev_widget),控件令牌仍隔离持有、独立刷新——不碰引擎主会话,#7 隔离不变。蓝本 auth/docs/子会话方案.md(cdrop 提案 + Broker 评审接受 + cdrop 确认 6 点:用 sub、R1 cdrop 归并、scope 复用 tier=clipboard、级联 DELETE …?meta=)。 - Req 2a 离线消息队列:新增 pending_messages 表(0001_init + sqlc 查询);message.go 收件设备离线即入队(无论是否配推送都入队,恒 202),修“离线消息只随推送横幅一闪、不入收件列表”;GET /api/messages/pending 取即删(DELETE..RETURNING,单次投递);web hub.ts onOpen 每次 SSE 连接 / 重连即拉取补收、逐条 addMessage(全端受益,iOS 经桥推原生 + 累积未读);复用 login-request reaper 清 TTL。 - Req 3 被登出推送:push 加 KindSessionRevoked + 本地化文案,apns/web 双通道;revokeDevice 加 notifyRevoked 参(跨端 revoke=true、自登出=false),跨端移除时推送告知被踢设备;iOS AppDelegate 收 session:revoked 即清 Keychain 主会话 + 控件会话、发 .cdropSessionRevoked,前台经 AppRoot 即时回登录页、关闭态下次启动即登出。 - #6 后台唤醒层:apns apsEnvelope 加 content-available:1(服务端有消息时既弹可点横幅又短暂后台唤醒);iOS DeviceItem 加 Codable、presence 快照持久化(冷启即时显示设备列表,缓解“长时间重连”观感,SSE 一连即整组替换自校正);控件会话回前台补铸(scenePhase active)+ content-available 唤醒时刷新隔离的控件会话(剪贴板保活,绝不碰引擎主会话以免 #7 回归)。 - 测试:qr_test mock broker 加 sub 幂等键 + 级联吊销端点;bootstrap_test 期望表集加 pending_messages。
116 lines
4.0 KiB
Go
116 lines
4.0 KiB
Go
package httpapi
|
|
|
|
import (
|
|
"encoding/json"
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"commilitia.net/cdrop/internal/db"
|
|
"commilitia.net/cdrop/internal/jwtauth"
|
|
)
|
|
|
|
type deviceItem struct {
|
|
DeviceID string `json:"device_id"`
|
|
Name string `json:"name"`
|
|
Type string `json:"type"`
|
|
Tier string `json:"tier"`
|
|
Online bool `json:"online"`
|
|
LastSeen int64 `json:"last_seen"`
|
|
}
|
|
|
|
// handleDevices returns the calling user's known devices with live online flags.
|
|
// Online = currently connected to /api/events; LastSeen = epoch from devices.last_seen.
|
|
func (s *Server) handleDevices(w http.ResponseWriter, r *http.Request) {
|
|
claims, _ := jwtauth.ClaimsFromContext(r.Context())
|
|
|
|
devs, err := s.queries.ListDevicesByUser(r.Context(), claims.UserID)
|
|
if err != nil {
|
|
slog.Error("list devices failed", "err", err, "user", claims.UserID)
|
|
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "db"})
|
|
return
|
|
}
|
|
|
|
out := make([]deviceItem, 0, len(devs))
|
|
for _, d := range devs {
|
|
out = append(out, deviceItem{
|
|
DeviceID: d.DeviceID,
|
|
Name: d.Name,
|
|
Type: d.Type,
|
|
Tier: d.Tier,
|
|
Online: s.hub.Online(claims.UserID, d.DeviceID),
|
|
LastSeen: d.LastSeen,
|
|
})
|
|
}
|
|
writeJSON(w, http.StatusOK, map[string]any{"devices": out})
|
|
}
|
|
|
|
// handleDeleteDevice removes a device: it revokes the device's broker session (so it
|
|
// can no longer refresh and dies within its short access TTL), then drops the local
|
|
// row, kicks its live SSE, and re-broadcasts presence. Identified by the stable
|
|
// device_id; the caller must own it. A full session is required (route-gated) — the
|
|
// old step-up requirement is gone, since a full-tier session is itself trusted.
|
|
func (s *Server) handleDeleteDevice(w http.ResponseWriter, r *http.Request) {
|
|
claims, _ := jwtauth.ClaimsFromContext(r.Context())
|
|
deviceID := chi.URLParam(r, "device_id")
|
|
if deviceID == "" {
|
|
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "missing device id"})
|
|
return
|
|
}
|
|
status, ok := s.revokeDevice(r, claims.UserID, deviceID, true)
|
|
if !ok {
|
|
writeJSON(w, status, map[string]string{"error": revokeErrorMsg(status)})
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
type renameDeviceReq struct {
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
// handleRenameDevice changes a device's human-readable name. The device's identity is
|
|
// device_id, so a rename never changes which session / row it is — fixing the old
|
|
// model where the name was the key and renaming meant losing the device. Full session.
|
|
func (s *Server) handleRenameDevice(w http.ResponseWriter, r *http.Request) {
|
|
claims, _ := jwtauth.ClaimsFromContext(r.Context())
|
|
deviceID := chi.URLParam(r, "device_id")
|
|
if deviceID == "" {
|
|
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "missing device id"})
|
|
return
|
|
}
|
|
var body renameDeviceReq
|
|
if err := json.NewDecoder(http.MaxBytesReader(w, r.Body, 4096)).Decode(&body); err != nil {
|
|
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid json"})
|
|
return
|
|
}
|
|
name := jwtauth.SanitizeDeviceName(body.Name)
|
|
if name == "" {
|
|
writeJSON(w, http.StatusBadRequest, map[string]string{"error": "empty device name"})
|
|
return
|
|
}
|
|
|
|
n, err := s.queries.RenameDevice(r.Context(), db.RenameDeviceParams{
|
|
Name: name,
|
|
DeviceID: deviceID,
|
|
UserID: claims.UserID,
|
|
})
|
|
if err != nil {
|
|
slog.Error("rename device failed", "err", err, "user", claims.UserID, "device", deviceID)
|
|
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "db"})
|
|
return
|
|
}
|
|
if n == 0 {
|
|
writeJSON(w, http.StatusNotFound, map[string]string{"error": "device not found"})
|
|
return
|
|
}
|
|
// Decouple: the broker session (token) is untouched — only the device's display name
|
|
// changes. Update the live hub entry's name (kept keyed by the stable device_id) and
|
|
// re-broadcast presence so every peer sees the new name at once, with no re-login, no
|
|
// session re-mint, and no duplicate device row.
|
|
s.hub.Rename(claims.UserID, deviceID, name)
|
|
s.hub.PublishPresence(r.Context(), claims.UserID)
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|