feat(desktop): implement workspace foundation + desktop-client skeleton

Plan 0 (workspaces): add workspaces + workspace_memberships schema, extend
JWT/Actor/claims with primary_workspace_id, seed default workspace per tenant,
thread workspace_id through tenant monitoring quota.

Plan A (desktop skeleton): new Electron app (apps/desktop-client) with main/
preload/renderer, shared Vue component package (packages/ui-shared), and server
surface — desktop client registration + token rotation + heartbeat, SSE task
event stream, desktop accounts/tasks/content handlers, publish job endpoint,
and supporting repositories, services, sqlc queries, and migrations.

Hard cutover per plan: remove browser-extension monitoring callback endpoints,
stub legacy media API in admin-web, and delete monitoring_callback_handler.go.
This commit is contained in:
2026-04-19 14:18:20 +08:00
parent 98f9e95875
commit b16e9f0bd1
141 changed files with 21533 additions and 357 deletions
@@ -0,0 +1,272 @@
import { computed, readonly, shallowRef } from "vue";
import { createApiClient } from "@geo/http-client";
import type {
AuthTokens,
DesktopClientInfo,
DesktopClientRegisterRequest,
DesktopClientRegisterResponse,
DesktopRuntimeSessionSyncRequest,
LoginRequest,
LoginResponse,
RefreshResponse,
UserInfo,
} from "@geo/shared-types";
type SessionMode = "authenticated" | "preview";
interface DesktopSession {
mode: SessionMode;
accessToken: string | null;
refreshToken: string | null;
user: UserInfo | null;
clientToken: string | null;
clientTokenExpiresAt: number | null;
desktopClient: DesktopClientInfo | null;
}
const sessionStorageKey = "geo.desktop.session.v1";
const apiBaseURLStorageKey = "geo.desktop.api-base-url";
const session = shallowRef<DesktopSession | null>(readStoredSession());
const apiBaseURL = shallowRef(readStoredApiBaseURL());
const pending = shallowRef(false);
const error = shallowRef<string | null>(null);
function readStoredSession(): DesktopSession | null {
if (typeof window === "undefined") {
return null;
}
try {
const raw = window.localStorage.getItem(sessionStorageKey);
if (!raw) {
return null;
}
return JSON.parse(raw) as DesktopSession;
} catch {
return null;
}
}
function persistSession(next: DesktopSession | null): void {
session.value = next;
if (typeof window === "undefined") {
return;
}
if (!next) {
window.localStorage.removeItem(sessionStorageKey);
} else {
window.localStorage.setItem(sessionStorageKey, JSON.stringify(next));
}
void syncRuntimeSessionToMain(next);
}
function readStoredApiBaseURL(): string {
if (typeof window === "undefined") {
return "http://localhost:8080";
}
return window.localStorage.getItem(apiBaseURLStorageKey) ?? "http://localhost:8080";
}
function persistApiBaseURL(value: string): void {
const trimmed = value.trim() || "http://localhost:8080";
apiBaseURL.value = trimmed;
if (typeof window !== "undefined") {
window.localStorage.setItem(apiBaseURLStorageKey, trimmed);
}
void syncRuntimeSessionToMain();
}
function createPublicClient() {
return createApiClient({
baseURL: apiBaseURL.value,
timeoutMs: 15000,
});
}
function createAuthenticatedClient() {
return createApiClient({
baseURL: apiBaseURL.value,
timeoutMs: 15000,
auth: {
getAccessToken: () => session.value?.accessToken ?? null,
getRefreshToken: () => session.value?.refreshToken ?? null,
setTokens: (tokens: AuthTokens) => {
if (!session.value) {
return;
}
persistSession({
...session.value,
accessToken: tokens.accessToken,
refreshToken: tokens.refreshToken,
});
},
clearTokens: () => persistSession(null),
async refresh(refreshToken: string): Promise<AuthTokens> {
const next = await createPublicClient().post<RefreshResponse, { refresh_token: string }>(
"/api/auth/refresh",
{ refresh_token: refreshToken },
);
return {
accessToken: next.access_token,
refreshToken: next.refresh_token,
};
},
},
});
}
function registerPayload(): DesktopClientRegisterRequest {
return {
device_name: `Desktop ${navigator.platform || "unknown"}`,
os: navigator.platform || "unknown",
cpu_arch: "renderer-preview",
client_version: "0.1.0-dev",
channel: "dev",
};
}
function createPreviewUser(): UserInfo {
return {
id: 0,
email: "preview@geo-rankly.local",
name: "开发预览账号",
avatar_url: null,
tenant_id: 0,
primary_workspace_id: 0,
tenant_role: "owner",
permissions: ["desktop.preview"],
membership: null,
kol_profile: null,
};
}
function createPreviewClient(): DesktopClientInfo {
const now = new Date().toISOString();
return {
id: "preview-client",
tenant_id: 0,
workspace_id: 0,
user_id: 0,
device_name: `Preview ${navigator.platform || "Desktop"}`,
os: navigator.platform || "browser",
cpu_arch: "renderer-preview",
client_version: "0.1.0-preview",
channel: "dev",
created_at: now,
last_seen_at: now,
last_rotated_at: now,
revoked_at: null,
};
}
function buildRuntimeSessionPayload(next: DesktopSession | null): DesktopRuntimeSessionSyncRequest | null {
if (!next) {
return null;
}
return {
api_base_url: apiBaseURL.value,
mode: next.mode,
client_token: next.clientToken,
desktop_client: next.desktopClient,
};
}
async function syncRuntimeSessionToMain(next: DesktopSession | null = session.value): Promise<void> {
if (typeof window === "undefined") {
return;
}
if (!window.desktopBridge?.app?.syncRuntimeSession) {
return;
}
await window.desktopBridge.app.syncRuntimeSession(buildRuntimeSessionPayload(next));
}
async function login(payload: LoginRequest): Promise<void> {
pending.value = true;
error.value = null;
try {
const authData = await createPublicClient().post<LoginResponse, LoginRequest>(
"/api/auth/login",
payload,
);
persistSession({
mode: "authenticated",
accessToken: authData.access_token,
refreshToken: authData.refresh_token,
user: authData.user,
clientToken: null,
clientTokenExpiresAt: null,
desktopClient: null,
});
const registered = await createAuthenticatedClient().post<
DesktopClientRegisterResponse,
DesktopClientRegisterRequest
>("/api/desktop/clients/register", registerPayload());
persistSession({
mode: "authenticated",
accessToken: authData.access_token,
refreshToken: authData.refresh_token,
user: authData.user,
clientToken: registered.client_token,
clientTokenExpiresAt: registered.expires_at,
desktopClient: registered.client,
});
} catch (err) {
error.value = err instanceof Error ? err.message : "登录失败,请稍后重试";
persistSession(null);
throw err;
} finally {
pending.value = false;
}
}
function enterPreview(): void {
error.value = null;
persistSession({
mode: "preview",
accessToken: null,
refreshToken: null,
user: createPreviewUser(),
clientToken: "preview-client-token",
clientTokenExpiresAt: Date.now() + 7 * 24 * 60 * 60 * 1000,
desktopClient: createPreviewClient(),
});
}
function logout(): void {
error.value = null;
persistSession(null);
}
export function useDesktopSession() {
return {
session: readonly(session),
apiBaseURL: readonly(apiBaseURL),
pending: readonly(pending),
error: readonly(error),
isAuthenticated: computed(() => Boolean(session.value?.clientToken)),
isPreviewMode: computed(() => session.value?.mode === "preview"),
setApiBaseURL: persistApiBaseURL,
syncRuntimeSession: syncRuntimeSessionToMain,
login,
logout,
enterPreview,
};
}