1

2026-04-21 10:30:12 +08:00
parent ae28dab032
commit 13bc79306f
49 changed files with 3691 additions and 1357 deletions
--- a/server-node/src/routes/authRoutes.ts
+++ b/server-node/src/routes/authRoutes.ts
@@ -1,4 +1,4 @@
-import { type Request, Router } from 'express';
+import { type Request, type Response, Router } from 'express';
 import { z } from 'zod';

 import type {
@@ -30,6 +30,10 @@ import {
  sendPhoneLoginCode,
  startWechatLogin,
 } from '../auth/authService.js';
+import {
+  clearAccessSessionCookie,
+  setAccessSessionCookie,
+} from '../auth/accessSessionCookie.js';
 import {
  clearRefreshSessionCookie,
  readRefreshSessionToken,
@@ -112,6 +116,23 @@ function buildRefreshCookieLifetimeSeconds(
  );
 }

+function buildAccessCookieLifetimeSeconds(context: AppContext) {
+  return Math.max(0, context.config.authSession.accessCookieTtlSeconds);
+}
+
+async function writeAccessSessionCookie(
+  context: AppContext,
+  response: Response,
+  token: string,
+) {
+  setAccessSessionCookie(
+    response,
+    context.config,
+    token,
+    buildAccessCookieLifetimeSeconds(context),
+  );
+}
+
 export function createAuthRoutes(context: AppContext) {
  const router = Router();
  const requireAuth = requireJwtAuth(context.config, context.userRepository);
@@ -145,6 +166,7 @@ export function createAuthRoutes(context: AppContext) {
        user,
        requestContext,
      );
+      await writeAccessSessionCookie(context, response, result.token);
      setRefreshSessionCookie(
        response,
        context.config,
@@ -223,6 +245,7 @@ export function createAuthRoutes(context: AppContext) {
        user,
        requestContext,
      );
+      await writeAccessSessionCookie(context, response, result.token);
      setRefreshSessionCookie(
        response,
        context.config,
@@ -298,6 +321,7 @@ export function createAuthRoutes(context: AppContext) {
          user,
          requestContext,
        );
+        await writeAccessSessionCookie(context, response, result.token);
        setRefreshSessionCookie(
          response,
          context.config,
@@ -309,7 +333,6 @@ export function createAuthRoutes(context: AppContext) {
          302,
          buildAuthResultRedirectUrl(redirectPath, {
            auth_provider: 'wechat',
-            auth_token: result.token,
            auth_binding_status: result.user.bindingStatus,
          }),
        );
@@ -352,6 +375,7 @@ export function createAuthRoutes(context: AppContext) {
        user,
        requestContext,
      );
+      await writeAccessSessionCookie(context, response, result.token);
      setRefreshSessionCookie(
        response,
        context.config,
@@ -369,6 +393,7 @@ export function createAuthRoutes(context: AppContext) {
      const refreshToken = readRefreshSessionToken(request, context.config);
      try {
        const result = await refreshAuthSession(context, refreshToken);
+        await writeAccessSessionCookie(context, response, result.token);
        setRefreshSessionCookie(
          response,
          context.config,
@@ -376,9 +401,11 @@ export function createAuthRoutes(context: AppContext) {
          buildRefreshCookieLifetimeSeconds(context, result.refreshExpiresAt),
        );
        sendApiResponse(response, {
+          ok: true,
          token: result.token,
        });
      } catch (error) {
+        clearAccessSessionCookie(response, context.config);
        clearRefreshSessionCookie(response, context.config);
        throw error;
      }
@@ -479,6 +506,7 @@ export function createAuthRoutes(context: AppContext) {
    routeMeta({ operation: 'auth.logout_all' }),
    requireAuth,
    asyncHandler(async (request, response) => {
+      clearAccessSessionCookie(response, context.config);
      clearRefreshSessionCookie(response, context.config);
      sendApiResponse(
        response,
@@ -498,6 +526,7 @@ export function createAuthRoutes(context: AppContext) {
    asyncHandler(async (request, response) => {
      const refreshToken = readRefreshSessionToken(request, context.config);
      await revokeRefreshSession(context, refreshToken);
+      clearAccessSessionCookie(response, context.config);
      clearRefreshSessionCookie(response, context.config);
      sendApiResponse(
        response,
--- a/server-node/src/routes/runtimeRoutes.ts
+++ b/server-node/src/routes/runtimeRoutes.ts
@@ -7,6 +7,7 @@ import type {
  CustomWorldGalleryResponse,
  CustomWorldLibraryMutationResponse,
  CustomWorldLibraryResponse,
+  GenerateCustomWorldProfileInput,
  PlatformBrowseHistoryBatchSyncRequest,
  PlatformBrowseHistoryResponse,
  PlatformBrowseHistoryWriteEntry,
@@ -50,6 +51,7 @@ import {
  streamNpcChatTurnFromOrchestrator,
  streamNpcRecruitDialogueFromOrchestrator,
 } from '../modules/ai/chatOrchestrator.js';
+import { generateCustomWorldProfileFromOrchestrator } from '../modules/ai/customWorldOrchestrator.js';
 import {
  hydrateSavedSnapshot,
  normalizeSavedSnapshotPayload,
@@ -118,6 +120,12 @@ const customWorldProfileSchema = z.object({
  profile: jsonObjectSchema,
 });

+const customWorldProfileGenerationSchema = z.object({
+  settingText: z.string().trim().min(1),
+  creatorIntent: jsonObjectSchema.nullish(),
+  generationMode: z.enum(['fast', 'full']).optional(),
+});
+
 const customWorldSceneNpcSchema = z.object({
  profile: jsonObjectSchema,
  landmarkId: z.string().trim().min(1),
@@ -600,6 +608,23 @@ export function createRuntimeRoutes(context: AppContext) {
    }),
  );

+  router.post(
+    '/runtime/custom-world/profile',
+    routeMeta({ operation: 'runtime.customWorld.profile' }),
+    asyncHandler(async (request, response) => {
+      const payload = customWorldProfileGenerationSchema.parse(
+        request.body,
+      ) as GenerateCustomWorldProfileInput;
+      sendApiResponse(
+        response,
+        await generateCustomWorldProfileFromOrchestrator(
+          context.llmClient,
+          payload,
+        ),
+      );
+    }),
+  );
+
  router.post(
    '/runtime/custom-world-library/:profileId/publish',
    routeMeta({ operation: 'runtime.customWorldLibrary.publish' }),