feat: bootstrap from Fabric monorepo

2026-05-13 07:06:02 +00:00
commit 03a3342d2a
40 changed files with 7210 additions and 0 deletions
--- a/src/nodes/nodes.controller.ts
+++ b/src/nodes/nodes.controller.ts
@@ -0,0 +1,196 @@
+import {
+  Body,
+  ConflictException,
+  Controller,
+  DefaultValuePipe,
+  ForbiddenException,
+  Get,
+  Headers,
+  HttpException,
+  NotFoundException,
+  Param,
+  ParseIntPipe,
+  Patch,
+  Post,
+  Query,
+} from '@nestjs/common';
+import { InjectRepository } from '@nestjs/typeorm';
+import { Repository } from 'typeorm';
+import { GuildNode } from '../entities/guild-node.entity';
+import { AuditService } from '../audit/audit.service';
+import { RegisterNodeDto } from './dto.register-node.dto';
+import { UpdateNodeStatusDto } from './dto.update-node-status.dto';
+import {
+  buildCanonical,
+  safeEqualHex,
+  signCanonical,
+  verifyRequestTime,
+} from '../common/hmac';
+import { FABRIC_PROTOCOL_VERSION, normalizeVersion } from '../common/version';
+
+@Controller('nodes')
+export class NodesController {
+  constructor(
+    @InjectRepository(GuildNode)
+    private readonly nodeRepo: Repository<GuildNode>,
+    private readonly audit: AuditService,
+  ) {}
+
+  @Post('register')
+  async register(
+    @Body() body: RegisterNodeDto,
+    @Headers('x-fabric-signature') signature?: string,
+    @Headers('x-fabric-timestamp') timestamp?: string,
+    @Headers('x-fabric-nonce') nonce?: string,
+    @Headers('x-fabric-version') fabricVersion?: string,
+  ) {
+    const requestedVersion = normalizeVersion(fabricVersion);
+    if (requestedVersion !== FABRIC_PROTOCOL_VERSION) {
+      throw new HttpException(
+        {
+          error: {
+            code: 'FABRIC_VERSION_NOT_SUPPORTED',
+            message: `unsupported protocol version: ${requestedVersion}`,
+            retryable: false,
+          },
+          supportedVersion: FABRIC_PROTOCOL_VERSION,
+        },
+        400,
+      );
+    }
+
+    const secret = process.env.CENTER_SHARED_SECRET as string;
+    if (!signature || !timestamp || !nonce || !verifyRequestTime(timestamp)) {
+      throw new ForbiddenException('invalid hmac headers');
+    }
+
+    const canonical = buildCanonical({
+      method: 'POST',
+      path: '/api/nodes/register',
+      timestamp,
+      nonce,
+      body: JSON.stringify(body),
+    });
+    const expected = signCanonical(secret, canonical);
+    if (!safeEqualHex(signature, expected)) {
+      throw new ForbiddenException('invalid shared secret');
+    }
+
+    const existedByNodeId = await this.nodeRepo.findOne({
+      where: { nodeId: body.nodeId },
+    });
+    if (existedByNodeId) {
+      throw new ConflictException('nodeId already exists');
+    }
+
+    const existedByEndpoint = await this.nodeRepo.findOne({
+      where: { endpoint: body.endpoint },
+    });
+    if (existedByEndpoint) {
+      throw new ConflictException('endpoint already exists');
+    }
+
+    const node = this.nodeRepo.create({
+      nodeId: body.nodeId,
+      name: body.name,
+      endpoint: body.endpoint,
+      status: 'active',
+    });
+    const saved = await this.nodeRepo.save(node);
+    await this.audit.write({
+      action: 'node.register',
+      targetType: 'node',
+      targetId: saved.nodeId,
+      detail: JSON.stringify({ endpoint: saved.endpoint }),
+    });
+
+    return {
+      status: 'accepted',
+      negotiatedVersion: FABRIC_PROTOCOL_VERSION,
+      node: {
+        id: saved.id,
+        nodeId: saved.nodeId,
+        name: saved.name,
+        endpoint: saved.endpoint,
+        status: saved.status,
+      },
+    };
+  }
+
+  @Post(':nodeId/heartbeat')
+  async heartbeat(@Param('nodeId') nodeId: string) {
+    const node = await this.nodeRepo.findOne({ where: { nodeId } });
+    if (!node) {
+      throw new NotFoundException('node not found');
+    }
+
+    node.lastHeartbeatAt = new Date();
+    if (node.status !== 'revoked') {
+      node.status = 'active';
+    }
+
+    const saved = await this.nodeRepo.save(node);
+    await this.audit.write({
+      action: 'node.heartbeat',
+      targetType: 'node',
+      targetId: saved.nodeId,
+      detail: JSON.stringify({ status: saved.status }),
+    });
+    return {
+      status: 'ok',
+      nodeId: saved.nodeId,
+      nodeStatus: saved.status,
+      lastHeartbeatAt: saved.lastHeartbeatAt,
+    };
+  }
+
+  @Patch(':nodeId/status')
+  async updateStatus(
+    @Param('nodeId') nodeId: string,
+    @Body() body: UpdateNodeStatusDto,
+  ) {
+    const node = await this.nodeRepo.findOne({ where: { nodeId } });
+    if (!node) {
+      throw new NotFoundException('node not found');
+    }
+
+    node.status = body.status;
+    const saved = await this.nodeRepo.save(node);
+    await this.audit.write({
+      action: 'node.status.update',
+      targetType: 'node',
+      targetId: saved.nodeId,
+      detail: JSON.stringify({ status: saved.status }),
+    });
+    return {
+      id: saved.id,
+      nodeId: saved.nodeId,
+      name: saved.name,
+      endpoint: saved.endpoint,
+      status: saved.status,
+    };
+  }
+
+  @Get()
+  async list(
+    @Query('page', new DefaultValuePipe(1), ParseIntPipe) page: number,
+    @Query('pageSize', new DefaultValuePipe(20), ParseIntPipe) pageSize: number,
+  ) {
+    const safePage = page < 1 ? 1 : page;
+    const safePageSize = pageSize < 1 ? 20 : Math.min(pageSize, 100);
+
+    const [items, total] = await this.nodeRepo.findAndCount({
+      order: { createdAt: 'DESC' },
+      skip: (safePage - 1) * safePageSize,
+      take: safePageSize,
+    });
+
+    return {
+      items,
+      page: safePage,
+      pageSize: safePageSize,
+      total,
+      totalPages: Math.max(1, Math.ceil(total / safePageSize)),
+    };
+  }
+}