Fail closed when SpacetimeDB auth restore is unavailable

server-rs/crates/api-server/src/state.rs

@@ -1,9 +1,8 @@
 use std::{
     collections::HashMap,
     error::Error,
-    fmt, fs,
+    fmt,
     sync::{Arc, Mutex},
-    time::{SystemTime, UNIX_EPOCH},
 };
 
 use axum::extract::FromRef;
@@ -300,6 +299,7 @@ pub enum AppStateInitError {
     Jwt(JwtError),
     RefreshCookie(RefreshCookieError),
     AuthStore(String),
+    DependencyUnavailable(String),
     SmsProvider(SmsProviderError),
     WechatPay(String),
     Oss(OssError),
@@ -308,12 +308,12 @@ pub enum AppStateInitError {
 
 impl AppState {
     pub fn new(config: AppConfig) -> Result<Self, AppStateInitError> {
-        #[cfg(test)]
-        let auth_store = InMemoryAuthStore::default();
-        #[cfg(not(test))]
-        let auth_store = InMemoryAuthStore::from_persistence_path(config.auth_store_path.clone())
-            .map_err(AppStateInitError::AuthStore)?;
-        Self::new_with_auth_store(config, auth_store)
+        Self::new_with_empty_auth_store(config)
+    }
+
+    pub fn new_with_empty_auth_store(config: AppConfig) -> Result<Self, AppStateInitError> {
+        // 中文注释：api-server 不再把本地 auth-store.json 当作用户认证真相源，启动恢复只允许来自 SpacetimeDB。
+        Self::new_with_auth_store(config, InMemoryAuthStore::default())
     }
 
     fn new_with_auth_store(
@@ -549,8 +549,8 @@ impl AppState {
             OffsetDateTime::now_utc().unix_timestamp_nanos() / 1_000,
         )
         .map_err(|_| SpacetimeClientError::Runtime("认证快照更新时间超出 i64 范围".to_string()))?;
-        // 本地 auth_store 是当前认证请求的即时真相源；SpacetimeDB 正式认证表用于跨进程恢复。
-        // 远端数据库挂起或网络异常时，只降级远端恢复能力，不能让已成功的登录/刷新/退出回滚为失败。
+        // 当前进程内 auth_store 是认证请求的即时工作集；SpacetimeDB 正式认证表用于跨进程恢复。
+        // 远端数据库挂起或网络异常时，只降级后续恢复能力，不能让已成功的登录/刷新/退出回滚为失败。
         #[cfg(not(test))]
         if let Err(error) = self
             .spacetime_client
@@ -577,64 +577,42 @@ impl AppState {
             pool_size: config.spacetime_pool_size,
             procedure_timeout: config.spacetime_procedure_timeout,
         });
-        let mut candidates = Vec::new();
+        let mut spacetime_restore_available = false;
+        let mut restore_errors = Vec::new();
 
         match spacetime_client
             .export_auth_store_snapshot_from_tables()
             .await
         {
             Ok(snapshot) => {
+                spacetime_restore_available = true;
                 if let Some(candidate) = auth_store_candidate_from_snapshot_record(
                     snapshot,
                     AuthStoreRestoreSource::SpacetimeTables,
                 )? {
-                    candidates.push(candidate);
+                    let state = Self::new_with_auth_store(config, candidate.auth_store)?;
+                    info!(
+                        source = candidate.source.as_str(),
+                        updated_at_micros = candidate.updated_at_micros,
+                        "已恢复认证快照"
+                    );
+                    return Ok(state);
                 }
             }
             Err(error) => {
                 warn!(error = %error, "从 SpacetimeDB 表恢复认证快照失败");
+                restore_errors.push(error.to_string());
             }
         }
 
-        match spacetime_client.get_auth_store_snapshot().await {
-            Ok(snapshot) => {
-                if let Some(candidate) = auth_store_candidate_from_snapshot_record(
-                    snapshot,
-                    AuthStoreRestoreSource::SpacetimeSnapshot,
-                )? {
-                    candidates.push(candidate);
-                }
-            }
-            Err(error) => {
-                warn!(error = %error, "从 SpacetimeDB 快照记录恢复认证快照失败");
-            }
+        if !spacetime_restore_available {
+            return Err(AppStateInitError::DependencyUnavailable(format!(
+                "SpacetimeDB 认证恢复不可用：{}",
+                restore_errors.join("; ")
+            )));
         }
 
-        if let Some(candidate) = auth_store_candidate_from_local_file(&config)? {
-            candidates.push(candidate);
-        }
-
-        if let Some(candidate) = select_auth_store_restore_candidate(candidates) {
-            let source = candidate.source;
-            let should_sync_to_spacetime = source == AuthStoreRestoreSource::LocalFile;
-            let state = Self::new_with_auth_store(config, candidate.auth_store)?;
-            info!(
-                source = source.as_str(),
-                updated_at_micros = candidate.updated_at_micros,
-                "已恢复认证快照"
-            );
-            if should_sync_to_spacetime {
-                if let Err(error) = state.sync_auth_store_snapshot_to_spacetime().await {
-                    warn!(
-                        error = %error,
-                        "本地认证快照回写 SpacetimeDB 失败，当前启动继续"
-                    );
-                }
-            }
-            return Ok(state);
-        }
-
-        Self::new(config)
+        Self::new_with_empty_auth_store(config)
     }
 
     pub fn refresh_session_service(&self) -> &RefreshSessionService {
@@ -988,16 +966,12 @@ impl AppState {
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 enum AuthStoreRestoreSource {
     SpacetimeTables,
-    SpacetimeSnapshot,
-    LocalFile,
 }
 
 impl AuthStoreRestoreSource {
     fn as_str(self) -> &'static str {
         match self {
             Self::SpacetimeTables => "spacetime_tables",
-            Self::SpacetimeSnapshot => "spacetime_snapshot",
-            Self::LocalFile => "local_file",
         }
     }
 }
@@ -1029,57 +1003,14 @@ fn auth_store_candidate_from_snapshot_record(
     }))
 }
 
-fn auth_store_candidate_from_local_file(
-    config: &AppConfig,
-) -> Result<Option<AuthStoreRestoreCandidate>, AppStateInitError> {
-    if !config.auth_store_path.is_file() {
-        return Ok(None);
-    }
-
-    let updated_at_micros = fs::metadata(&config.auth_store_path)
-        .ok()
-        .and_then(|metadata| metadata.modified().ok())
-        .and_then(system_time_to_unix_micros);
-    let auth_store = InMemoryAuthStore::from_persistence_path(config.auth_store_path.clone())
-        .map_err(AppStateInitError::AuthStore)?;
-
-    Ok(Some(AuthStoreRestoreCandidate {
-        source: AuthStoreRestoreSource::LocalFile,
-        updated_at_micros,
-        auth_store,
-    }))
-}
-
-fn system_time_to_unix_micros(system_time: SystemTime) -> Option<i64> {
-    let duration = system_time.duration_since(UNIX_EPOCH).ok()?;
-    i64::try_from(duration.as_micros()).ok()
-}
-
-fn select_auth_store_restore_candidate(
-    candidates: Vec<AuthStoreRestoreCandidate>,
-) -> Option<AuthStoreRestoreCandidate> {
-    candidates.into_iter().max_by_key(|candidate| {
-        (
-            candidate.updated_at_micros.unwrap_or(i64::MIN),
-            auth_store_restore_source_priority(candidate.source),
-        )
-    })
-}
-
-fn auth_store_restore_source_priority(source: AuthStoreRestoreSource) -> u8 {
-    match source {
-        AuthStoreRestoreSource::SpacetimeTables => 3,
-        AuthStoreRestoreSource::SpacetimeSnapshot => 2,
-        AuthStoreRestoreSource::LocalFile => 1,
-    }
-}
-
 impl fmt::Display for AppStateInitError {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             Self::Jwt(error) => write!(f, "{error}"),
             Self::RefreshCookie(error) => write!(f, "{error}"),
-            Self::AuthStore(error) | Self::WechatPay(error) => write!(f, "{error}"),
+            Self::AuthStore(error) | Self::DependencyUnavailable(error) | Self::WechatPay(error) => {
+                write!(f, "{error}")
+            }
             Self::SmsProvider(error) => write!(f, "{error}"),
             Self::Oss(error) => write!(f, "{error}"),
             Self::Llm(error) => write!(f, "{error}"),