683da7a4c5
WIP checkpoint of the gitmost AI-chat backend (plan stages A + B1 + B3a). The agent acts under the requesting user's JWT (Docmost CASL enforces page access); the external service-account /mcp endpoint is untouched. LLM provider config (A2-A4): - integrations/crypto: AES-256-GCM SecretBoxService (key derived from APP_SECRET, per-record salt/iv; clear error on rotation instead of crashing). - ai_provider_credentials table/repo/types: encrypted API key stored outside workspace settings/baseFields, write-only (never returned by any endpoint). - integrations/ai: per-workspace AI SDK v6 provider driver (openai/gemini/ollama), admin-gated GET(masked)/PATCH(write-only key)/Test endpoints; settings.ai.provider holds non-secret config incl. systemPrompt. Removed unused AI_* env getters (DB is the single source of truth). Chat module (A1, A5-A8): - ai_chats/ai_chat_messages repos (workspace-scoped, soft-delete, tsv never selected). - core/ai-chat: CRUD + POST /ai-chat/stream (Fastify hijack + AI SDK v6 pipeUIMessageStreamToResponse, abort on disconnect, persist user/assistant msgs). - Agent loop: streamText + stepCountIs(8); read tools searchPages/getPage via a per-request DocmostClient over loopback REST under the user's minted access token. - Gate settings.ai.chat (+ 503 when provider unconfigured); buildSystemPrompt with a non-removable safety/anti-prompt-injection framework. Per-user rate limit. Per-user auth (B1): - @docmost/mcp DocmostClient gains an additive getToken variant (carry a user JWT, re-fetch on 401) and exports DocmostClient; the email/password service-account path (external /mcp, stdio) is unchanged. Agent-edit provenance backbone (B3a): - Migration: pages/page_history (last_updated_source, last_updated_ai_chat_id) and comments (created_source, ai_chat_id, resolved_source). - Signed actor/aiChatId claim in the collab token; onAuthenticate propagates it, onStoreDocument writes it with a sticky agent marker, saveHistory copies it. Migrations auto-run on boot (additive). Write tools, frontend, RAG and external MCP servers are not in this checkpoint. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
116 lines
3.6 KiB
TypeScript
116 lines
3.6 KiB
TypeScript
import { Extension, onAuthenticatePayload } from '@hocuspocus/server';
|
|
import {
|
|
Injectable,
|
|
Logger,
|
|
NotFoundException,
|
|
UnauthorizedException,
|
|
} from '@nestjs/common';
|
|
import { TokenService } from '../../core/auth/services/token.service';
|
|
import { UserRepo } from '@docmost/db/repos/user/user.repo';
|
|
import { PageRepo } from '@docmost/db/repos/page/page.repo';
|
|
import { SpaceMemberRepo } from '@docmost/db/repos/space/space-member.repo';
|
|
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
|
|
import { findHighestUserSpaceRole } from '@docmost/db/repos/space/utils';
|
|
import { SpaceRole } from '../../common/helpers/types/permission';
|
|
import { isUserDisabled } from '../../common/helpers';
|
|
import { getPageId } from '../collaboration.util';
|
|
import { JwtCollabPayload, JwtType } from '../../core/auth/dto/jwt-payload';
|
|
|
|
@Injectable()
|
|
export class AuthenticationExtension implements Extension {
|
|
private readonly logger = new Logger(AuthenticationExtension.name);
|
|
|
|
constructor(
|
|
private tokenService: TokenService,
|
|
private userRepo: UserRepo,
|
|
private pageRepo: PageRepo,
|
|
private readonly spaceMemberRepo: SpaceMemberRepo,
|
|
private readonly pagePermissionRepo: PagePermissionRepo,
|
|
) {}
|
|
|
|
async onAuthenticate(data: onAuthenticatePayload) {
|
|
const { documentName, token } = data;
|
|
const pageId = getPageId(documentName);
|
|
|
|
let jwtPayload: JwtCollabPayload;
|
|
|
|
try {
|
|
jwtPayload = await this.tokenService.verifyJwt(token, JwtType.COLLAB);
|
|
} catch (error) {
|
|
throw new UnauthorizedException('Invalid collab token');
|
|
}
|
|
|
|
const userId = jwtPayload.sub;
|
|
const workspaceId = jwtPayload.workspaceId;
|
|
|
|
const user = await this.userRepo.findById(userId, workspaceId);
|
|
|
|
if (!user) {
|
|
throw new UnauthorizedException();
|
|
}
|
|
|
|
if (isUserDisabled(user)) {
|
|
throw new UnauthorizedException();
|
|
}
|
|
|
|
const page = await this.pageRepo.findById(pageId);
|
|
if (!page) {
|
|
this.logger.debug(`Page not found: ${pageId}`);
|
|
throw new NotFoundException('Page not found');
|
|
}
|
|
|
|
const userSpaceRoles = await this.spaceMemberRepo.getUserSpaceRoles(
|
|
user.id,
|
|
page.spaceId,
|
|
);
|
|
|
|
const userSpaceRole = findHighestUserSpaceRole(userSpaceRoles);
|
|
|
|
if (!userSpaceRole) {
|
|
this.logger.warn(`User not authorized to access page: ${pageId}`);
|
|
throw new UnauthorizedException();
|
|
}
|
|
|
|
// Check page-level permissions
|
|
const { hasAnyRestriction, canAccess, canEdit } =
|
|
await this.pagePermissionRepo.canUserEditPage(user.id, page.id);
|
|
|
|
if (hasAnyRestriction) {
|
|
if (!canAccess) {
|
|
this.logger.warn(
|
|
`User ${user.id} denied page-level access to page: ${pageId}`,
|
|
);
|
|
throw new UnauthorizedException();
|
|
}
|
|
|
|
if (!canEdit) {
|
|
data.connectionConfig.readOnly = true;
|
|
this.logger.debug(
|
|
`User ${user.id} granted readonly access to restricted page: ${pageId}`,
|
|
);
|
|
}
|
|
} else {
|
|
// No restrictions - use space-level permissions
|
|
if (userSpaceRole === SpaceRole.READER) {
|
|
data.connectionConfig.readOnly = true;
|
|
this.logger.debug(`User granted readonly access to page: ${pageId}`);
|
|
}
|
|
}
|
|
|
|
if (page.deletedAt) {
|
|
data.connectionConfig.readOnly = true;
|
|
}
|
|
|
|
this.logger.debug(`Authenticated user ${user.id} on page ${pageId}`);
|
|
|
|
// Carry the signed agent-edit provenance claim into the hocuspocus
|
|
// connection context (§6.6 / §15 C2). The human collab path omits these
|
|
// claims, so it resolves to actor='user' / aiChatId=null.
|
|
return {
|
|
user,
|
|
actor: jwtPayload.actor ?? 'user',
|
|
aiChatId: jwtPayload.aiChatId ?? null,
|
|
};
|
|
}
|
|
}
|