makemd/server/src/api/controllers/NodeController.ts

import { Request, Response } from 'express';
import { SecretDeliveryService } from '../../core/protocols/SecretDeliveryService';
import { NodeIdentityService } from '../../core/security/NodeIdentityService';
import { ReputationZKPService } from '../../core/ai/ReputationZKPService';

export class NodeController {
  /**
   * [FE_SEC_01] 获取节点的 ZKP 隐私声誉证明
   */
  static async getZkpProof(req: Request, res: Response) {
    try {
      const { nodeId } = req.query;
      if (!nodeId) return res.status(400).json({ success: false, error: 'nodeId is required' });

      const proof = await ReputationZKPService.generateReputationProof(nodeId as string);
      res.json({ success: true, data: proof });
    } catch (err: any) {
      res.status(500).json({ success: false, error: err.message });
    }
  }

  /**
   * [FE_SEC_01] 校验节点的 ZKP 证明
   */
  static async verifyZkpProof(req: Request, res: Response) {
    try {
      const { nodeId, proof, publicSignals } = req.body;
      if (!nodeId || !proof || !publicSignals) {
        return res.status(400).json({ success: false, error: 'Missing nodeId, proof, or publicSignals' });
      }

      const isValid = await ReputationZKPService.verifyReputationProof(proof, publicSignals);
      res.json({ success: true, data: { isValid } });
    } catch (err: any) {
      res.status(500).json({ success: false, error: err.message });
    }
  }

  static async getAll(req: Request, res: Response) {
    res.json({ success: true, data: [] });
  }

  /**
   * [CORE_SEC_04] 节点身份注册 (基于硬件指纹)
   */
  static async register(req: Request, res: Response) {
    try {
      const { nodeId, hardwareFingerprint, publicKey } = req.body;
      if (!nodeId || !hardwareFingerprint || !publicKey) {
        return res.status(400).json({ success: false, error: 'Missing registration fields' });
      }

      const success = await NodeIdentityService.registerNode({
        nodeId,
        hardwareFingerprint,
        publicKey
      });

      if (!success) {
        return res.status(403).json({ success: false, error: 'Fingerprint mismatch or unauthorized access' });
      }

      res.json({ success: true, message: 'Node registration pending approval' });
    } catch (err: any) {
      res.status(500).json({ success: false, error: err.message });
    }
  }

  /**
   * [CORE_SEC_03] 为节点任务请求会话密钥
   */
  static async requestSession(req: Request, res: Response) {
    try {
      const { nodeId, shopId, taskId } = req.body;
      if (!nodeId || !shopId || !taskId) {
        return res.status(400).json({ success: false, error: 'Missing required fields' });
      }

      const session = await SecretDeliveryService.createSession(nodeId, shopId, taskId);
      res.json({ success: true, data: { sessionId: session.sessionId, expiresAt: session.expiresAt } });
    } catch (err: any) {
      res.status(500).json({ success: false, error: err.message });
    }
  }

  /**
   * [CORE_SEC_03] 节点获取加密凭据负载
   */
  static async getCredential(req: Request, res: Response) {
    try {
      const { sessionId, credentialId } = req.query;
      if (!sessionId || !credentialId) {
        return res.status(400).json({ success: false, error: 'Missing sessionId or credentialId' });
      }

      const payload = await SecretDeliveryService.getDeliveryPayload(
        String(sessionId),
        Number(credentialId)
      );

      res.json({ success: true, data: payload });
    } catch (err: any) {
      res.status(500).json({ success: false, error: err.message });
    }
  }
}