import { Controller, Get, Post, Delete, Body, Param, Query, UseGuards, Request, ParseUUIDPipe, Sse, MessageEvent, UnauthorizedException, Headers, Res, Req, } from '@nestjs/common'; import type { Response, Request as ExpressRequest } from 'express'; import { Observable, Subject } from 'rxjs'; import { JwtService } from '@nestjs/jwt'; import { ChatService } from './chat.service'; import { CreateConversationDto, SendMessageDto, QueryConversationDto, } from '../dto'; import { PermissionsGuard } from '@modules/organization/auth/guards/permissions.guard'; import { RequirePermissions } from '@common/decorators/permissions.decorator'; import { Public } from '@common/decorators/public.decorator'; import { SkipRegionCheck } from '@common/guards/region.guard'; import { Auditable, Sensitive } from '@core/observability/audit/decorators/auditable.decorator'; @Controller('ai-assistant/conversations') export class ChatController { constructor( private readonly chatService: ChatService, private readonly jwtService: JwtService, ) {} // ==================== 对话管理 ==================== /** * 创建新对话 */ @Post() @Auditable() @RequirePermissions('ai:conversation:create') async create( @Body() dto: CreateConversationDto, @Request() req: any, ) { return this.chatService.createConversation(dto, req.user.userId); } /** * 获取对话列表 */ @Get() @RequirePermissions('ai:conversation:read') async findAll( @Query() query: QueryConversationDto, @Request() req: any, ) { return this.chatService.findConversations(query, req.user.userId); } /** * 获取对话详情 */ @Get(':id') @RequirePermissions('ai:conversation:read') async findOne( @Param('id', ParseUUIDPipe) id: string, @Request() req: any, ) { return this.chatService.findConversation(id, req.user.userId); } /** * 删除对话 */ @Delete(':id') @Auditable() @Sensitive() @RequirePermissions('ai:conversation:delete') async remove( @Param('id', ParseUUIDPipe) id: string, @Request() req: any, ) { return this.chatService.deleteConversation(id, req.user.userId); } // ==================== 消息管理 ==================== /** * 发送消息 */ @Post(':id/messages') @Auditable() @RequirePermissions('ai:conversation:create') async sendMessage( @Param('id', ParseUUIDPipe) id: string, @Body() dto: SendMessageDto, @Request() req: any, ) { return this.chatService.sendMessage(id, dto, req.user.userId); } /** * 流式获取 AI 回复 * 注意:SSE端点不能使用抛出异常的Guard,因为会在stream开始后尝试设置headers * 使用 @Public() 排除 JwtAuthGuard * 使用 @SkipRegionCheck() 排除 RegionGuard * 手动处理 SSE 响应,避免 NestJS SSE 装饰器的 headers 冲突 */ @Get(':id/messages/stream') @Public() @SkipRegionCheck() async streamReply( @Param('id') id: string, @Query('messageId') messageId: string, @Headers('authorization') authorization: string, @Res() res: Response, ): Promise { // 手动设置 SSE headers res.setHeader('Content-Type', 'text/event-stream'); res.setHeader('Cache-Control', 'no-cache'); res.setHeader('Connection', 'keep-alive'); res.flushHeaders(); // 辅助函数:发送 SSE 事件 const sendEvent = (data: any) => { res.write(`event: message\n`); res.write(`data: ${JSON.stringify(data)}\n\n`); }; // 辅助函数:发送错误并关闭连接 const sendError = (error: string) => { sendEvent({ type: 'error', error }); res.end(); }; // 手动验证 UUID 格式 const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i; if (!uuidRegex.test(id) || !uuidRegex.test(messageId)) { return sendError('Invalid UUID format'); } // 手动验证 JWT try { if (!authorization || !authorization.startsWith('Bearer ')) { return sendError('Unauthorized: Missing or invalid authorization header'); } const token = authorization.substring(7); const payload = await this.jwtService.verifyAsync(token); const userId = payload.sub || payload.userId; // JWT 标准使用 'sub' 字段 if (!userId) { return sendError('Unauthorized: Invalid token payload'); } // JWT 验证通过,调用 service 并订阅 const stream$ = await this.chatService.streamReply(id, messageId, userId); stream$.subscribe({ next: (event) => { res.write(`event: message\n`); res.write(`data: ${event.data}\n\n`); }, error: (err) => { sendError(err.message || 'Stream error'); }, complete: () => { res.end(); }, }); } catch (error) { sendError(error instanceof Error ? error.message : 'Unauthorized'); } } }