/** * Chat sessions & messages (MongoDB). Auth: Bearer JWT (same as skills publish). * Session _id is client-generated string (e.g. nanoid) for stable IDs across local/cloud. */ const { ObjectId } = require('mongodb') const AGENT_ONLY_BLOCK_TYPES = new Set([ 'tool_use', 'tool_result', 'thinking', 'redacted_thinking', 'server_tool_use', 'web_search_tool_result' ]) function stripContentForUserView(contentStr) { if (typeof contentStr !== 'string') return contentStr try { const parsed = JSON.parse(contentStr) if (!Array.isArray(parsed)) return contentStr const filtered = parsed.filter((block) => { if (!block || typeof block !== 'object') return true const t = block.type if (AGENT_ONLY_BLOCK_TYPES.has(t)) return false return true }) if (filtered.length === parsed.length) return contentStr return JSON.stringify(filtered.length ? filtered : [{ type: 'text', text: '' }]) } catch { return contentStr } } function mapMessageDoc(doc, view) { const row = { id: doc._id, session_id: doc.session_id, role: doc.role, content: view === 'user' ? stripContentForUserView(doc.content) : doc.content, created_at: doc.created_at, usage: doc.usage ?? null, sort_order: doc.sort_order, model_id: doc.model_id ?? null, provider_id: doc.provider_id ?? null } return row } function registerChatRoutes(app, db, authRoutes) { const sessionsCol = db.collection('chat_sessions') const messagesCol = db.collection('chat_messages') const withAuth = (handler) => (req, res) => { authRoutes.verifyToken(req, res, () => handler(req, res)) } const userObjectId = (req) => new ObjectId(req.user.id) const assertModeAllowed = (req, res, mode) => { if (!mode) return true if (authRoutes.isModeAllowed(req.user, mode)) return true res.status(403).json({ success: false, error: `无权使用模式: ${mode}` }) return false } // --- Sessions --- app.get( '/api/chat/sessions', withAuth(async (req, res) => { try { const uid = userObjectId(req) const list = await sessionsCol.find({ user_id: uid }).sort({ updated_at: -1 }).toArray() const sessionIds = list.map((s) => s._id) let countMap = new Map() if (sessionIds.length > 0) { const counts = await messagesCol .aggregate([ { $match: { user_id: uid, session_id: { $in: sessionIds } } }, { $group: { _id: '$session_id', c: { $sum: 1 } } } ]) .toArray() countMap = new Map(counts.map((x) => [x._id, x.c])) } res.json({ success: true, sessions: list.map((s) => ({ id: s._id, title: s.title, icon: s.icon ?? null, mode: s.mode, created_at: s.created_at, updated_at: s.updated_at, project_id: s.project_id ?? null, working_folder: s.working_folder ?? null, ssh_connection_id: s.ssh_connection_id ?? null, pinned: !!s.pinned, plugin_id: s.plugin_id ?? null, provider_id: s.provider_id ?? null, model_id: s.model_id ?? null, message_count: countMap.get(s._id) ?? 0 })) }) } catch (err) { console.error('[Chat] list sessions:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.post( '/api/chat/sessions', withAuth(async (req, res) => { try { const uid = userObjectId(req) const b = req.body || {} const id = typeof b.id === 'string' && b.id ? b.id : null if (!id) { return res.status(400).json({ success: false, error: 'id required' }) } const now = Date.now() if (!assertModeAllowed(req, res, b.mode ?? 'chat')) return const doc = { _id: id, user_id: uid, title: b.title ?? 'New Conversation', icon: b.icon ?? null, mode: b.mode ?? 'chat', created_at: b.created_at ?? now, updated_at: b.updated_at ?? now, project_id: b.project_id ?? null, working_folder: b.working_folder ?? null, ssh_connection_id: b.ssh_connection_id ?? null, pinned: !!b.pinned, plugin_id: b.plugin_id ?? null, provider_id: b.provider_id ?? null, model_id: b.model_id ?? null } await sessionsCol.replaceOne({ _id: id, user_id: uid }, doc, { upsert: true }) res.json({ success: true, session: { id } }) } catch (err) { console.error('[Chat] create session:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.patch( '/api/chat/sessions/:id', withAuth(async (req, res) => { try { const uid = userObjectId(req) const id = req.params.id const patch = req.body || {} const allowed = [ 'title', 'icon', 'mode', 'updated_at', 'project_id', 'working_folder', 'ssh_connection_id', 'pinned', 'provider_id', 'model_id' ] const $set = {} for (const k of allowed) { if (patch[k] !== undefined) { if (k === 'pinned') $set.pinned = !!patch[k] else $set[k] = patch[k] } } if (patch.mode !== undefined && !assertModeAllowed(req, res, patch.mode)) return if (Object.keys($set).length === 0) { return res.json({ success: true }) } const r = await sessionsCol.updateOne({ _id: id, user_id: uid }, { $set }) if (r.matchedCount === 0) { return res.status(404).json({ success: false, error: 'Session not found' }) } res.json({ success: true }) } catch (err) { console.error('[Chat] patch session:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.delete( '/api/chat/sessions/:id', withAuth(async (req, res) => { try { const uid = userObjectId(req) const id = req.params.id await messagesCol.deleteMany({ session_id: id, user_id: uid }) const r = await sessionsCol.deleteOne({ _id: id, user_id: uid }) if (r.deletedCount === 0) { return res.status(404).json({ success: false, error: 'Session not found' }) } res.json({ success: true }) } catch (err) { console.error('[Chat] delete session:', err) res.status(500).json({ success: false, error: err.message }) } }) ) // --- Messages --- app.get( '/api/chat/sessions/:id/messages', withAuth(async (req, res) => { try { const uid = userObjectId(req) const sessionId = req.params.id const view = req.query.view === 'user' ? 'user' : 'full' const limit = Math.min(parseInt(req.query.limit, 10) || 200, 500) const offset = Math.max(parseInt(req.query.offset, 10) || 0, 0) const sess = await sessionsCol.findOne({ _id: sessionId, user_id: uid }) if (!sess) { return res.status(404).json({ success: false, error: 'Session not found' }) } const docs = await messagesCol .find({ session_id: sessionId, user_id: uid }) .sort({ sort_order: 1 }) .skip(offset) .limit(limit) .toArray() res.json({ success: true, messages: docs.map((d) => mapMessageDoc(d, view)) }) } catch (err) { console.error('[Chat] list messages:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.post( '/api/chat/sessions/:id/messages', withAuth(async (req, res) => { try { const uid = userObjectId(req) const sessionId = req.params.id const m = req.body || {} const sess = await sessionsCol.findOne({ _id: sessionId, user_id: uid }) if (!sess) { return res.status(404).json({ success: false, error: 'Session not found' }) } const id = typeof m.id === 'string' && m.id ? m.id : null if (!id) { return res.status(400).json({ success: false, error: 'message id required' }) } const doc = { _id: id, session_id: sessionId, user_id: uid, role: m.role, content: typeof m.content === 'string' ? m.content : JSON.stringify(m.content ?? ''), created_at: m.created_at ?? Date.now(), usage: m.usage ?? null, sort_order: m.sort_order ?? 0, model_id: m.model_id ?? null, provider_id: m.provider_id ?? null } await messagesCol.replaceOne( { _id: id, session_id: sessionId, user_id: uid }, doc, { upsert: true } ) await sessionsCol.updateOne( { _id: sessionId, user_id: uid }, { $set: { updated_at: Date.now() } } ) res.json({ success: true }) } catch (err) { console.error('[Chat] add message:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.patch( '/api/chat/messages/:messageId', withAuth(async (req, res) => { try { const uid = userObjectId(req) const messageId = req.params.messageId const patch = req.body || {} const $set = {} if (patch.content !== undefined) { $set.content = typeof patch.content === 'string' ? patch.content : JSON.stringify(patch.content) } if (patch.usage !== undefined) $set.usage = patch.usage if (Object.keys($set).length === 0) { return res.json({ success: true }) } const r = await messagesCol.updateOne({ _id: messageId, user_id: uid }, { $set }) if (r.matchedCount === 0) { return res.status(404).json({ success: false, error: 'Message not found' }) } res.json({ success: true }) } catch (err) { console.error('[Chat] patch message:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.delete( '/api/chat/sessions/:id/messages/from/:fromSort', withAuth(async (req, res) => { try { const uid = userObjectId(req) const sessionId = req.params.id const fromSort = parseInt(req.params.fromSort, 10) if (!Number.isFinite(fromSort)) { return res.status(400).json({ success: false, error: 'from_sort_order required' }) } await messagesCol.deleteMany({ session_id: sessionId, user_id: uid, sort_order: { $gte: fromSort } }) await sessionsCol.updateOne( { _id: sessionId, user_id: uid }, { $set: { updated_at: Date.now() } } ) res.json({ success: true }) } catch (err) { console.error('[Chat] truncate messages:', err) res.status(500).json({ success: false, error: err.message }) } }) ) app.delete( '/api/chat/sessions/:id/messages/all', withAuth(async (req, res) => { try { const uid = userObjectId(req) const sessionId = req.params.id await messagesCol.deleteMany({ session_id: sessionId, user_id: uid }) await sessionsCol.updateOne( { _id: sessionId, user_id: uid }, { $set: { updated_at: Date.now() } } ) res.json({ success: true }) } catch (err) { console.error('[Chat] clear messages:', err) res.status(500).json({ success: false, error: err.message }) } }) ) return { sessionsCol, messagesCol } } async function ensureChatIndexes(db) { const sessionsCol = db.collection('chat_sessions') const messagesCol = db.collection('chat_messages') await sessionsCol.createIndex({ user_id: 1, updated_at: -1 }) await messagesCol.createIndex({ session_id: 1, sort_order: 1 }) await messagesCol.createIndex({ user_id: 1, session_id: 1 }) } module.exports = { registerChatRoutes, ensureChatIndexes }