api-debug/server/routes/debug.js

const express = require('express');
const router = express.Router();
const db = require('../db');
const axios = require('axios');
const crypto = require('crypto');
const auth = require('../middleware/auth');

router.use(auth);

/**
 * 将私钥（裸 base64 PKCS8 DER 或 PEM）加载为 KeyObject
 */
function loadPrivateKey(raw) {
    if (!raw) return null;
    if (raw.includes('-----BEGIN')) {
        return crypto.createPrivateKey(raw);
    }
    const derBuf = Buffer.from(raw.trim(), 'base64');
    return crypto.createPrivateKey({ key: derBuf, format: 'der', type: 'pkcs8' });
}

// 获取 DingTalk Access Token
async function getAccessToken(appKey, appSecret) {
    // 1. 检查缓存
    const [rows] = await db.query(
        'SELECT * FROM token_cache WHERE app_key = ? AND expires_at > NOW()',
        [appKey]
    );

    if (rows.length > 0) {
        return rows[0].access_token;
    }

    // 2. 调用钉钉接口获取
    try {
        const response = await axios.post('https://api.dingtalk.com/v1.0/oauth2/accessToken', {
            appKey,
            appSecret
        });

        const { accessToken, expireIn } = response.data;

        // 计算过期时间 (提前 5 分钟过期以保证安全)
        const expiresAt = new Date(Date.now() + (expireIn - 300) * 1000);

        // 3. 更新缓存
        await db.query(
            'INSERT INTO token_cache (app_key, access_token, expires_at) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE access_token = ?, expires_at = ?',
            [appKey, accessToken, expiresAt, accessToken, expiresAt]
        );

        return accessToken;
    } catch (err) {
        console.error('获取钉钉 Token 失败:', err.response ? err.response.data : err.message);
        throw new Error('获取 AccessToken 失败: ' + (err.response?.data?.message || err.message));
    }
}

// 旗舰版PP 接口调试转发
router.post('/execute-pp', async (req, res) => {
    try {
        const { tenantId, endpointId, body, queryParams } = req.body;

        if (!tenantId || !endpointId) {
            return res.status(400).json({ error: 'tenantId and endpointId are required' });
        }

        // 1. 获取租户和接口信息（验证归属当前用户）
        const [[tenantInfo]] = await db.query('SELECT * FROM tenants WHERE id = ? AND user_id = ?', [tenantId, req.user.username]);
        const [[endpointInfo]] = await db.query('SELECT * FROM endpoints WHERE id = ? AND user_id = ?', [endpointId, req.user.username]);

        if (!tenantInfo || !endpointInfo) {
            return res.status(404).json({ error: '租户或接口信息不存在' });
        }

        // The endpoint URL is an absolute URL (e.g., https://api.dingtalk.com/...)
        if (!endpointInfo.url) {
            return res.status(400).json({ error: 'Endpoint url is missing' });
        }
        let finalUrl = endpointInfo.url;

        const headers = {
            'Content-Type': 'application/json',
            'Accept': 'application/json'
        };

        let requestConfig = {
            method: endpointInfo.method.toLowerCase(),
            url: finalUrl,
            headers,
            timeout: 15000 // 15s timeout
        };

        // Standard PP Logic
        if (tenantInfo.type === '标品PP') {
            // 1. Basic Auth using API Key
            if (tenantInfo.api_key) {
                const encodedKey = Buffer.from(`${tenantInfo.api_key}:`).toString('base64');
                headers['Authorization'] = `Basic ${encodedKey}`;
            }

            // 2. Prepare Query Parameters for Signature
            const mergedParams = { ...(queryParams || {}) };

            // Auto inject missing parameters
            if (!mergedParams.timestamp) mergedParams.timestamp = Date.now().toString();
            if (!mergedParams.nonce) {
                // 文档要求：字母数字，最多 8 字符
                const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
                mergedParams.nonce = Array.from({ length: 8 }, () => chars[Math.floor(Math.random() * chars.length)]).join('');
            }
            if (!mergedParams.entCode && tenantInfo.ent_code) mergedParams.entCode = tenantInfo.ent_code;
            if (!mergedParams.apiCode && endpointInfo.api_code) mergedParams.apiCode = endpointInfo.api_code;
            // userName 为非必填，有值时加入签名（文档示例：...&userName=xiao@qq.com）
            if (!mergedParams.userName && endpointInfo.user_name) mergedParams.userName = endpointInfo.user_name;

            // 3. RSA-MD5 Signature Generation
            if (tenantInfo.private_key) {
                // Collect keys and sort alphabetically
                const keys = Object.keys(mergedParams).sort();
                const signParts = keys.map(k => `${k}=${mergedParams[k]}`);
                const signString = signParts.join('&');

                try {
                    const privateKey = loadPrivateKey(tenantInfo.private_key);
                    const signGenerator = crypto.createSign('RSA-MD5');
                    signGenerator.update(signString, 'utf8');
                    const signatureBase64 = signGenerator.sign(privateKey, 'base64');
                    // Add signature to params (axios params will URL-encode it automatically)
                    mergedParams.sign = signatureBase64;
                } catch (signErr) {
                    console.error('Failed to generate signature via RSA-MD5', signErr);
                    // Continue anyway, it might fail on server but we let them debug it
                }
            }

            requestConfig.params = mergedParams;
        } else if (tenantInfo.type === '旗舰版PP') {
            // DingTalk specific logic
            // 2. 获取 Token
            const token = (await getAccessToken(tenantInfo.app_key, tenantInfo.app_secret)).trim();
            headers['x-acs-dingtalk-access-token'] = token;
        } else {
            return res.status(400).json({ error: `不支持的租户类型: ${tenantInfo.type}` });
        }

        // Apply Data Body
        if (requestConfig.method !== 'get' && body && Object.keys(body).length > 0) {
            requestConfig.data = body;
        }

        // 仅供复制 CURL 使用 (近似的命令)
        let curlCmd = `curl -X ${endpointInfo.method.toUpperCase()} '${finalUrl}${requestConfig.params ? '?' + new URLSearchParams(requestConfig.params).toString() : ''}'`;
        Object.entries(headers).forEach(([k, v]) => {
            curlCmd += ` \\\n  -H '${k}: ${v}'`;
        });
        if (requestConfig.data) {
            // 格式化输出 JSON
            curlCmd += ` \\\n  -d '${JSON.stringify(requestConfig.data, null, 2)}'`;
        }

        console.log('--- [TRACE] 发送请求详情 ---');
        console.log('URL:', requestConfig.url);
        console.log('Headers:', JSON.stringify(requestConfig.headers, null, 2));
        if (requestConfig.params) console.log('Query Params:', JSON.stringify(requestConfig.params, null, 2));
        if (requestConfig.data) console.log('Payload:', JSON.stringify(requestConfig.data, null, 2));
        console.log('等效 CURL 命令:\n', curlCmd);

        // 3. 执行转发请求
        const response = await axios(requestConfig);

        // 4. 保存历史记录
        await db.query(
            'INSERT INTO debug_history (tenant_id, endpoint_id, url, curl_cmd, response_data) VALUES (?, ?, ?, ?, ?)',
            [tenantInfo.id, endpointInfo.id, finalUrl, curlCmd, JSON.stringify(response.data)]
        );

        console.log('--- [TRACE] 接口响应成功并已保存历史 ---');
        res.json({
            curlCmd: curlCmd,
            data: response.data
        });
    } catch (err) {
        const errorMsg = err.response ? err.response.data : err.message;
        console.error('--- 调试请求失败 ---');
        console.error('错误信息:', err.response ? JSON.stringify(errorMsg, null, 2) : errorMsg);

        // 失败也保存历史以便排查 (可选，这里为保持简单先不存，或可根据需求扩展)

        res.status(err.response ? err.response.status : 500).json({
            error: errorMsg
        });
    }
});

// 获取调试历史
router.get('/history', async (req, res) => {
    try {
        const [rows] = await db.query(
            `SELECT dh.*, t.name as tenant_name, e.name as endpoint_name
             FROM debug_history dh
             LEFT JOIN tenants t ON dh.tenant_id = t.id
             LEFT JOIN endpoints e ON dh.endpoint_id = e.id
             WHERE t.user_id = ?
             ORDER BY dh.created_at DESC LIMIT 50`,
            [req.user.username]
        );
        res.json(rows);
    } catch (err) {
        res.status(500).json({ error: err.message });
    }
});

module.exports = router;