XuqmGroup-Server/tenant-service/src/main/java/com/xuqm/tenant/service/SystemUpdateService.java

package com.xuqm.tenant.service;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.util.List;
import java.util.function.Consumer;

@Service
public class SystemUpdateService {

    private static final Logger log = LoggerFactory.getLogger(SystemUpdateService.class);

    // nginx is restarted last so it picks up any patched config files.
    private static final List<String> OTHER_SERVICES = List.of(
            "file-service", "tenant-web", "im-service", "push-service", "update-service", "license-service", "nginx"
    );

    @Value("${PRIVATE_DEPLOY_ROOT:/opt/xuqm-private}")
    private String deployRoot;

    /** 拉取最新镜像并重建所有容器。 */
    public void runUpdate(Consumer<String> emit) {
        String composeFile = deployRoot + "/docker-compose.yml";

        dockerLogin(emit);
        patchConfigs(emit);

        emit.accept(">>> 拉取最新镜像...");
        for (String svc : OTHER_SERVICES) {
            emit.accept("  pulling " + svc + " ...");
            exec(emit, "docker", "compose", "-f", composeFile, "pull", "--quiet", svc);
        }
        emit.accept("  pulling tenant-service ...");
        exec(emit, "docker", "compose", "-f", composeFile, "pull", "--quiet", "tenant-service");
        emit.accept(">>> 镜像拉取完成");

        restartAndSelfUpdate(emit, composeFile);
    }

    /** 不拉取新镜像，直接用当前本地镜像重建所有容器。 */
    public void runReset(Consumer<String> emit) {
        String composeFile = deployRoot + "/docker-compose.yml";

        patchConfigs(emit);
        restartAndSelfUpdate(emit, composeFile);
    }

    // ── Shared core ───────────────────────────────────────────────────────────

    private void restartAndSelfUpdate(Consumer<String> emit, String composeFile) {
        emit.accept(">>> 重建各服务容器...");
        for (String svc : OTHER_SERVICES) {
            emit.accept("  restarting " + svc + " ...");
            exec(emit, "docker", "compose", "-f", composeFile,
                    "up", "-d", "--no-deps", "--force-recreate", svc);
            emit.accept("  " + svc + " ✓");
        }

        emit.accept(">>> 启动自更新助手容器...");
        String selfImage = getCurrentImage();
        if (selfImage == null) {
            emit.accept(">>> [错误] 无法获取当前 tenant-service 镜像名，请手动执行：");
            emit.accept(">>>   docker compose -f " + composeFile + " up -d --no-deps --force-recreate tenant-service");
            emit.accept("DONE");
            return;
        }
        boolean helperStarted = spawnSelfUpdater(composeFile, selfImage);

        if (helperStarted) {
            emit.accept(">>> 助手容器已就绪，tenant-service 即将重建（连接将短暂中断）...");
            emit.accept("RESTART_SELF");
        } else {
            emit.accept(">>> [警告] 助手容器启动失败，请手动执行：");
            emit.accept(">>>   docker compose -f " + composeFile + " up -d --no-deps --force-recreate tenant-service");
            emit.accept("DONE");
        }
    }

    // ── Config patchers ───────────────────────────────────────────────────────

    private void patchConfigs(Consumer<String> emit) {
        emit.accept(">>> 检查并修复配置文件...");
        patchNginxFileRoute(emit);
        patchNginxUpdateTimeout(emit);
        patchDockerComposeFileService(emit);
        patchDockerComposeUpdateService(emit);
    }

    private void patchNginxUpdateTimeout(Consumer<String> emit) {
        Path conf = Paths.get(deployRoot, "config", "nginx", "conf.d", "xuqm.conf");
        if (!Files.exists(conf)) return;
        try {
            String content = Files.readString(conf);
            // Already patched with regex location (new format) or exact-match (old format)
            if (content.contains("location ~ ^/api/system/") || content.contains("location = /api/system/update")) return;
            String anchor = "  # 核心 API（兜底，在所有具体 /api/xxx/ 之后）\n  location /api/ {";
            if (!content.contains(anchor)) {
                emit.accept("  [跳过] nginx 更新超时补丁锚点未找到，请手动检查");
                return;
            }
            String injection = "  # 一键更新/重置：操作耗时较长，需要更长超时（精确匹配，优先于 /api/ 前缀）\n"
                    + "  location ~ ^/api/system/(update|reset)$ {\n"
                    + "    set $svc tenant-service;\n"
                    + "    proxy_pass         http://$svc:9001;\n"
                    + "    proxy_set_header   Host $host;\n"
                    + "    proxy_set_header   X-Real-IP $remote_addr;\n"
                    + "    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n"
                    + "    proxy_read_timeout 600s;\n"
                    + "    proxy_send_timeout 600s;\n"
                    + "  }\n\n"
                    + anchor;
            String patched = content.replace(anchor, injection);
            Files.writeString(conf, patched, StandardOpenOption.TRUNCATE_EXISTING);
            emit.accept("  [已修复] nginx: 补齐 /api/system/(update|reset) 600s 超时");
        } catch (IOException e) {
            emit.accept("  [警告] nginx 更新超时修复失败: " + e.getMessage());
        }
    }

    private void patchNginxFileRoute(Consumer<String> emit) {
        Path conf = Paths.get(deployRoot, "config", "nginx", "conf.d", "xuqm.conf");
        if (!Files.exists(conf)) return;
        try {
            String content = Files.readString(conf);
            if (!content.contains("location /file/")) return;
            String patched = content.replace("location /file/", "location /api/file/");
            Files.writeString(conf, patched, StandardOpenOption.TRUNCATE_EXISTING);
            emit.accept("  [已修复] nginx: location /file/ → /api/file/");
        } catch (IOException e) {
            emit.accept("  [警告] nginx 配置修复失败: " + e.getMessage());
        }
    }

    private void patchDockerComposeFileService(Consumer<String> emit) {
        Path composeFile = Paths.get(deployRoot, "docker-compose.yml");
        if (!Files.exists(composeFile)) return;
        try {
            String content = Files.readString(composeFile);
            if (content.contains("FILE_UPLOAD_DIR") && content.contains("FILE_BASE_URL")) return;

            String consoleDomain = readEnvValue(Paths.get(deployRoot, "config", "xuqm.env"), "CONSOLE_DOMAIN");
            if (consoleDomain == null) consoleDomain = "";

            String anchor = "      SPRING_DATA_REDIS_DATABASE: \"${REDIS_DATABASE:-0}\"\n";
            if (!content.contains(anchor)) {
                emit.accept("  [跳过] docker-compose 文件-服务补丁锚点未找到，请手动检查");
                return;
            }
            String injection = anchor
                    + "      FILE_UPLOAD_DIR: \"/data/uploads\"\n"
                    + "      FILE_BASE_URL: \"" + consoleDomain + "\"\n";
            String patched = content.replace(anchor, injection);
            Files.writeString(composeFile, patched, StandardOpenOption.TRUNCATE_EXISTING);
            emit.accept("  [已修复] docker-compose: 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL");
        } catch (IOException e) {
            emit.accept("  [警告] docker-compose 修复失败: " + e.getMessage());
        }
    }

    private void patchDockerComposeUpdateService(Consumer<String> emit) {
        Path composeFile = Paths.get(deployRoot, "docker-compose.yml");
        if (!Files.exists(composeFile)) return;
        try {
            String content = Files.readString(composeFile);
            if (content.contains("FILE_SERVICE_INTERNAL_URL")) return;

            String consoleDomain = readEnvValue(Paths.get(deployRoot, "config", "xuqm.env"), "CONSOLE_DOMAIN");
            if (consoleDomain == null) consoleDomain = "";

            String anchor = "      SDK_TENANT_SERVICE_URL: \"http://tenant-service:9001\"\n";
            // Fallback anchor for older docker-compose that may not have SDK_TENANT_SERVICE_URL
            String fallbackAnchor = "  update-service:\n";
            String envBlock = "      FILE_BASE_URL: \"" + consoleDomain + "\"\n"
                    + "      FILE_SERVICE_INTERNAL_URL: \"http://file-service:8086\"\n";
            String patched;
            if (content.contains(anchor)) {
                patched = content.replace(anchor, anchor + envBlock);
            } else if (content.contains(fallbackAnchor)) {
                // Inject env block into update-service's environment section by finding its image line
                String imageAnchor = "    image: ${REGISTRY}/update-service:${IMAGE_TAG}\n";
                if (!content.contains(imageAnchor)) {
                    emit.accept("  [跳过] docker-compose update-service 补丁锚点未找到，请手动检查");
                    return;
                }
                String envAnchor = imageAnchor + "    environment:\n";
                if (!content.contains(envAnchor)) {
                    emit.accept("  [跳过] docker-compose update-service environment 段未找到，请手动检查");
                    return;
                }
                patched = content.replace(envAnchor, envAnchor + envBlock);
            } else {
                emit.accept("  [跳过] docker-compose update-service 段未找到，请手动检查");
                return;
            }
            Files.writeString(composeFile, patched, StandardOpenOption.TRUNCATE_EXISTING);
            emit.accept("  [已修复] docker-compose: 补齐 update-service 的 FILE_BASE_URL 和 FILE_SERVICE_INTERNAL_URL");
        } catch (IOException e) {
            emit.accept("  [警告] docker-compose update-service 修复失败: " + e.getMessage());
        }
    }

    // ── Docker helpers ────────────────────────────────────────────────────────

    private void dockerLogin(Consumer<String> emit) {
        try {
            String registry = null, user = null, password = null;
            for (String line : Files.readAllLines(Paths.get(deployRoot + "/.env"))) {
                if (line.startsWith("REGISTRY="))             registry = line.substring("REGISTRY=".length()).trim();
                else if (line.startsWith("REGISTRY_USER="))   user     = line.substring("REGISTRY_USER=".length()).trim();
                else if (line.startsWith("REGISTRY_PASSWORD=")) password = line.substring("REGISTRY_PASSWORD=".length()).trim();
            }
            if (registry == null || user == null || password == null || password.isEmpty()) return;
            String host = registry.contains("/") ? registry.substring(0, registry.indexOf('/')) : registry;
            ProcessBuilder pb = new ProcessBuilder("docker", "login", host, "-u", user, "--password-stdin")
                    .redirectErrorStream(true);
            Process p = pb.start();
            p.getOutputStream().write((password + "\n").getBytes());
            p.getOutputStream().flush();
            p.getOutputStream().close();
            String out = new String(p.getInputStream().readAllBytes()).trim();
            int code = p.waitFor();
            if (code == 0) {
                emit.accept("  已完成镜像仓库登录");
            } else {
                emit.accept("  [警告] 镜像仓库登录失败，将使用本地缓存（" + out + "）");
            }
        } catch (Exception e) {
            emit.accept("  [警告] 读取仓库凭据失败: " + e.getMessage());
        }
    }

    private boolean spawnSelfUpdater(String composeFile, String image) {
        try {
            new ProcessBuilder("docker", "rm", "-f", "xuqm-self-updater")
                    .redirectErrorStream(true).start().waitFor();

            String shellCmd = "sleep 8 && docker compose -f " + composeFile
                    + " up -d --no-deps --force-recreate tenant-service";

            Process p = new ProcessBuilder(
                    "docker", "run", "-d", "--rm",
                    "--name", "xuqm-self-updater",
                    "-v", "/var/run/docker.sock:/var/run/docker.sock",
                    "-v", deployRoot + ":" + deployRoot,
                    "--entrypoint", "sh",
                    image,
                    "-c", shellCmd
            ).redirectErrorStream(true).start();

            String out = new String(p.getInputStream().readAllBytes()).trim();
            int code = p.waitFor();
            log.info("self-updater spawn: code={} containerId={}", code, out);
            return code == 0;
        } catch (Exception e) {
            log.error("failed to spawn self-updater", e);
            return false;
        }
    }

    private String getCurrentImage() {
        try {
            Process p = new ProcessBuilder(
                    "docker", "ps",
                    "--filter", "label=com.docker.compose.service=tenant-service",
                    "--format", "{{.Image}}"
            ).redirectErrorStream(true).start();
            String out = new String(p.getInputStream().readAllBytes()).trim();
            p.waitFor();
            return out.isEmpty() ? null : out;
        } catch (Exception e) {
            return null;
        }
    }

    private String readEnvValue(Path envFile, String key) {
        if (!Files.exists(envFile)) return null;
        try {
            for (String line : Files.readAllLines(envFile)) {
                if (line.startsWith(key + "=")) {
                    return line.substring(key.length() + 1).trim();
                }
            }
        } catch (IOException ignored) {}
        return null;
    }

    private void exec(Consumer<String> emit, String... cmd) {
        try {
            Process p = new ProcessBuilder(cmd)
                    .redirectErrorStream(true)
                    .start();
            try (BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()))) {
                String line;
                while ((line = reader.readLine()) != null) {
                    if (!line.isBlank()) emit.accept("    " + line);
                }
            }
            int code = p.waitFor();
            if (code != 0) emit.accept("    [warn] exit code " + code);
        } catch (Exception e) {
            emit.accept("    [error] " + e.getMessage());
            log.error("exec failed: {}", String.join(" ", cmd), e);
        }
    }
}
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								package com.xuqm.tenant.service;
 								import org.slf4j.Logger;
 								import org.slf4j.LoggerFactory;
 								import org.springframework.beans.factory.annotation.Value;
 								import org.springframework.stereotype.Service;
 								import java.io.BufferedReader;
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								import java.io.IOException;
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								import java.io.InputStreamReader;
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								import java.nio.file.Files;
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								import java.nio.file.Path;
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								import java.nio.file.Paths;
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								import java.nio.file.StandardOpenOption;
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								import java.util.List;
 								import java.util.function.Consumer;
 								@Service
 								public class SystemUpdateService {
 								    private static final Logger log = LoggerFactory.getLogger(SystemUpdateService.class);
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								    // nginx is restarted last so it picks up any patched config files.
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								    private static final List<String> OTHER_SERVICES = List.of(
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								            "file-service", "tenant-web", "im-service", "push-service", "update-service", "license-service", "nginx"
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								    );
 								    @Value("${PRIVATE_DEPLOY_ROOT:/opt/xuqm-private}")
 								    private String deployRoot;
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								    /** 拉取最新镜像并重建所有容器。 */
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								    public void runUpdate(Consumer<String> emit) {
 								        String composeFile = deployRoot + "/docker-compose.yml";
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								        dockerLogin(emit);
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								        patchConfigs(emit);
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								        emit.accept(">>> 拉取最新镜像...");
 								        for (String svc : OTHER_SERVICES) {
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            emit.accept("  pulling " + svc + " ...");
 								            exec(emit, "docker", "compose", "-f", composeFile, "pull", "--quiet", svc);
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								        }
 								        emit.accept("  pulling tenant-service ...");
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								        exec(emit, "docker", "compose", "-f", composeFile, "pull", "--quiet", "tenant-service");
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								        emit.accept(">>> 镜像拉取完成");
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								        restartAndSelfUpdate(emit, composeFile);
 								    }
 								    /** 不拉取新镜像，直接用当前本地镜像重建所有容器。 */
 								    public void runReset(Consumer<String> emit) {
 								        String composeFile = deployRoot + "/docker-compose.yml";
 								        patchConfigs(emit);
 								        restartAndSelfUpdate(emit, composeFile);
 								    }
 								    // ── Shared core ───────────────────────────────────────────────────────────
 								    private void restartAndSelfUpdate(Consumer<String> emit, String composeFile) {
 								        emit.accept(">>> 重建各服务容器...");
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								        for (String svc : OTHER_SERVICES) {
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            emit.accept("  restarting " + svc + " ...");
 								            exec(emit, "docker", "compose", "-f", composeFile,
 								                    "up", "-d", "--no-deps", "--force-recreate", svc);
 								            emit.accept("  " + svc + " ✓");
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								        }
-												fix(system-update): 用独立助手容器替代 CompletableFuture 实现 tenant-service 自重建

原方案：CompletableFuture 延迟调用 docker-compose up。
问题：docker-compose 发出 stop 指令后，容器内全部进程（含 CompletableFuture 线程）
     被立即杀死，rm/create/start 步骤永远不会执行，tenant-service 停在停止状态。

新方案：先用 docker run -d 启动独立助手容器（xuqm-self-updater），
     它不依附于 tenant-service，不会随之终止；8 秒后执行 force-recreate。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:52:36 +08:00
+								        emit.accept(">>> 启动自更新助手容器...");
-												fix(system-update): 用 compose label 查询容器，修复 isRunning 和自更新助手镜像

- isRunning() 改用 docker ps --filter label=com.docker.compose.service
  兼容 Compose v1 (xuqm_svc_1) 和 v2 (xuqm-svc-1) 命名格式
- 自更新助手镜像改用 getCurrentImage() 从运行中容器的 label 获取，
  不再依赖容器环境变量 REGISTRY/IMAGE_TAG（容器内未注入这两个变量）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 15:46:39 +08:00
+								        String selfImage = getCurrentImage();
 								        if (selfImage == null) {
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            emit.accept(">>> [错误] 无法获取当前 tenant-service 镜像名，请手动执行：");
 								            emit.accept(">>>   docker compose -f " + composeFile + " up -d --no-deps --force-recreate tenant-service");
-												fix(system-update): 用 compose label 查询容器，修复 isRunning 和自更新助手镜像

- isRunning() 改用 docker ps --filter label=com.docker.compose.service
  兼容 Compose v1 (xuqm_svc_1) 和 v2 (xuqm-svc-1) 命名格式
- 自更新助手镜像改用 getCurrentImage() 从运行中容器的 label 获取，
  不再依赖容器环境变量 REGISTRY/IMAGE_TAG（容器内未注入这两个变量）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 15:46:39 +08:00
+								            emit.accept("DONE");
 								            return;
 								        }
-												fix(system-update): 用独立助手容器替代 CompletableFuture 实现 tenant-service 自重建

原方案：CompletableFuture 延迟调用 docker-compose up。
问题：docker-compose 发出 stop 指令后，容器内全部进程（含 CompletableFuture 线程）
     被立即杀死，rm/create/start 步骤永远不会执行，tenant-service 停在停止状态。

新方案：先用 docker run -d 启动独立助手容器（xuqm-self-updater），
     它不依附于 tenant-service，不会随之终止；8 秒后执行 force-recreate。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:52:36 +08:00
+								        boolean helperStarted = spawnSelfUpdater(composeFile, selfImage);
 								        if (helperStarted) {
 								            emit.accept(">>> 助手容器已就绪，tenant-service 即将重建（连接将短暂中断）...");
 								            emit.accept("RESTART_SELF");
 								        } else {
 								            emit.accept(">>> [警告] 助手容器启动失败，请手动执行：");
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								            emit.accept(">>>   docker compose -f " + composeFile + " up -d --no-deps --force-recreate tenant-service");
-												fix(system-update): 用独立助手容器替代 CompletableFuture 实现 tenant-service 自重建

原方案：CompletableFuture 延迟调用 docker-compose up。
问题：docker-compose 发出 stop 指令后，容器内全部进程（含 CompletableFuture 线程）
     被立即杀死，rm/create/start 步骤永远不会执行，tenant-service 停在停止状态。

新方案：先用 docker run -d 启动独立助手容器（xuqm-self-updater），
     它不依附于 tenant-service，不会随之终止；8 秒后执行 force-recreate。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:52:36 +08:00
+								            emit.accept("DONE");
 								        }
 								    }
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								    // ── Config patchers ───────────────────────────────────────────────────────
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								    private void patchConfigs(Consumer<String> emit) {
 								        emit.accept(">>> 检查并修复配置文件...");
 								        patchNginxFileRoute(emit);
-												fix(tenant-service): 自动修复 nginx 更新接口 60s 超时

patchNginxUpdateTimeout 为 /api/system/update 注入精确匹配 location，
proxy_read_timeout 设为 600s，避免 docker pull 静默期断连。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:19:55 +08:00
+								        patchNginxUpdateTimeout(emit);
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								        patchDockerComposeFileService(emit);
-												fix(update): rewrite file-service URL to internal address for private deployments

UpdateAssetService: add FILE_BASE_URL / FILE_SERVICE_INTERNAL_URL config; any URL
starting with FILE_BASE_URL is rewritten to the internal file-service address instead
of going through the external domain, fixing APK inspect timeout on private deployments.

SystemUpdateService: add patchDockerComposeUpdateService() to inject FILE_BASE_URL and
FILE_SERVICE_INTERNAL_URL into existing customers' docker-compose.yml on update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 16:03:09 +08:00
+								        patchDockerComposeUpdateService(emit);
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								    }
-												fix(tenant-service): 自动修复 nginx 更新接口 60s 超时

patchNginxUpdateTimeout 为 /api/system/update 注入精确匹配 location，
proxy_read_timeout 设为 600s，避免 docker pull 静默期断连。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:19:55 +08:00
+								    private void patchNginxUpdateTimeout(Consumer<String> emit) {
 								        Path conf = Paths.get(deployRoot, "config", "nginx", "conf.d", "xuqm.conf");
 								        if (!Files.exists(conf)) return;
 								        try {
 								            String content = Files.readString(conf);
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            // Already patched with regex location (new format) or exact-match (old format)
 								            if (content.contains("location ~ ^/api/system/") || content.contains("location = /api/system/update")) return;
-												fix(tenant-service): 自动修复 nginx 更新接口 60s 超时

patchNginxUpdateTimeout 为 /api/system/update 注入精确匹配 location，
proxy_read_timeout 设为 600s，避免 docker pull 静默期断连。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:19:55 +08:00
+								            String anchor = "  # 核心 API（兜底，在所有具体 /api/xxx/ 之后）\n  location /api/ {";
 								            if (!content.contains(anchor)) {
 								                emit.accept("  [跳过] nginx 更新超时补丁锚点未找到，请手动检查");
 								                return;
 								            }
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            String injection = "  # 一键更新/重置：操作耗时较长，需要更长超时（精确匹配，优先于 /api/ 前缀）\n"
 								                    + "  location ~ ^/api/system/(update|reset)$ {\n"
-												fix(tenant-service): 自动修复 nginx 更新接口 60s 超时

patchNginxUpdateTimeout 为 /api/system/update 注入精确匹配 location，
proxy_read_timeout 设为 600s，避免 docker pull 静默期断连。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:19:55 +08:00
+								                    + "    set $svc tenant-service;\n"
 								                    + "    proxy_pass         http://$svc:9001;\n"
 								                    + "    proxy_set_header   Host $host;\n"
 								                    + "    proxy_set_header   X-Real-IP $remote_addr;\n"
 								                    + "    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n"
 								                    + "    proxy_read_timeout 600s;\n"
 								                    + "    proxy_send_timeout 600s;\n"
 								                    + "  }\n\n"
 								                    + anchor;
 								            String patched = content.replace(anchor, injection);
 								            Files.writeString(conf, patched, StandardOpenOption.TRUNCATE_EXISTING);
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								            emit.accept("  [已修复] nginx: 补齐 /api/system/(update|reset) 600s 超时");
-												fix(tenant-service): 自动修复 nginx 更新接口 60s 超时

patchNginxUpdateTimeout 为 /api/system/update 注入精确匹配 location，
proxy_read_timeout 设为 600s，避免 docker pull 静默期断连。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:19:55 +08:00
+								        } catch (IOException e) {
 								            emit.accept("  [警告] nginx 更新超时修复失败: " + e.getMessage());
 								        }
 								    }
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
+								    private void patchNginxFileRoute(Consumer<String> emit) {
 								        Path conf = Paths.get(deployRoot, "config", "nginx", "conf.d", "xuqm.conf");
 								        if (!Files.exists(conf)) return;
 								        try {
 								            String content = Files.readString(conf);
 								            if (!content.contains("location /file/")) return;
 								            String patched = content.replace("location /file/", "location /api/file/");
 								            Files.writeString(conf, patched, StandardOpenOption.TRUNCATE_EXISTING);
 								            emit.accept("  [已修复] nginx: location /file/ → /api/file/");
 								        } catch (IOException e) {
 								            emit.accept("  [警告] nginx 配置修复失败: " + e.getMessage());
 								        }
 								    }
 								    private void patchDockerComposeFileService(Consumer<String> emit) {
 								        Path composeFile = Paths.get(deployRoot, "docker-compose.yml");
 								        if (!Files.exists(composeFile)) return;
 								        try {
 								            String content = Files.readString(composeFile);
 								            if (content.contains("FILE_UPLOAD_DIR") && content.contains("FILE_BASE_URL")) return;
 								            String consoleDomain = readEnvValue(Paths.get(deployRoot, "config", "xuqm.env"), "CONSOLE_DOMAIN");
 								            if (consoleDomain == null) consoleDomain = "";
 								            String anchor = "      SPRING_DATA_REDIS_DATABASE: \"${REDIS_DATABASE:-0}\"\n";
 								            if (!content.contains(anchor)) {
 								                emit.accept("  [跳过] docker-compose 文件-服务补丁锚点未找到，请手动检查");
 								                return;
 								            }
 								            String injection = anchor
 								                    + "      FILE_UPLOAD_DIR: \"/data/uploads\"\n"
 								                    + "      FILE_BASE_URL: \"" + consoleDomain + "\"\n";
 								            String patched = content.replace(anchor, injection);
 								            Files.writeString(composeFile, patched, StandardOpenOption.TRUNCATE_EXISTING);
 								            emit.accept("  [已修复] docker-compose: 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL");
 								        } catch (IOException e) {
 								            emit.accept("  [警告] docker-compose 修复失败: " + e.getMessage());
 								        }
 								    }
-												fix(update): rewrite file-service URL to internal address for private deployments

UpdateAssetService: add FILE_BASE_URL / FILE_SERVICE_INTERNAL_URL config; any URL
starting with FILE_BASE_URL is rewritten to the internal file-service address instead
of going through the external domain, fixing APK inspect timeout on private deployments.

SystemUpdateService: add patchDockerComposeUpdateService() to inject FILE_BASE_URL and
FILE_SERVICE_INTERNAL_URL into existing customers' docker-compose.yml on update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 16:03:09 +08:00
+								    private void patchDockerComposeUpdateService(Consumer<String> emit) {
 								        Path composeFile = Paths.get(deployRoot, "docker-compose.yml");
 								        if (!Files.exists(composeFile)) return;
 								        try {
 								            String content = Files.readString(composeFile);
 								            if (content.contains("FILE_SERVICE_INTERNAL_URL")) return;
 								            String consoleDomain = readEnvValue(Paths.get(deployRoot, "config", "xuqm.env"), "CONSOLE_DOMAIN");
 								            if (consoleDomain == null) consoleDomain = "";
 								            String anchor = "      SDK_TENANT_SERVICE_URL: \"http://tenant-service:9001\"\n";
-												tenant: auto-generate license file on app creation, decouple from license service

- AppEntity: add licenseFileContent field to store pre-generated encrypted license
- AppService: generate license file content on create/update with normalized baseUrl
- AppController: read license file content from entity instead of generating on-the-fly
- Web: remove license download v-if serviceEnabled check, always show download button

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

											
										
										
											2026-05-22 17:56:12 +08:00
+								            // Fallback anchor for older docker-compose that may not have SDK_TENANT_SERVICE_URL
 								            String fallbackAnchor = "  update-service:\n";
 								            String envBlock = "      FILE_BASE_URL: \"" + consoleDomain + "\"\n"
 								                    + "      FILE_SERVICE_INTERNAL_URL: \"http://file-service:8086\"\n";
 								            String patched;
 								            if (content.contains(anchor)) {
 								                patched = content.replace(anchor, anchor + envBlock);
 								            } else if (content.contains(fallbackAnchor)) {
 								                // Inject env block into update-service's environment section by finding its image line
 								                String imageAnchor = "    image: ${REGISTRY}/update-service:${IMAGE_TAG}\n";
 								                if (!content.contains(imageAnchor)) {
 								                    emit.accept("  [跳过] docker-compose update-service 补丁锚点未找到，请手动检查");
 								                    return;
 								                }
 								                String envAnchor = imageAnchor + "    environment:\n";
 								                if (!content.contains(envAnchor)) {
 								                    emit.accept("  [跳过] docker-compose update-service environment 段未找到，请手动检查");
 								                    return;
 								                }
 								                patched = content.replace(envAnchor, envAnchor + envBlock);
 								            } else {
 								                emit.accept("  [跳过] docker-compose update-service 段未找到，请手动检查");
-												fix(update): rewrite file-service URL to internal address for private deployments

UpdateAssetService: add FILE_BASE_URL / FILE_SERVICE_INTERNAL_URL config; any URL
starting with FILE_BASE_URL is rewritten to the internal file-service address instead
of going through the external domain, fixing APK inspect timeout on private deployments.

SystemUpdateService: add patchDockerComposeUpdateService() to inject FILE_BASE_URL and
FILE_SERVICE_INTERNAL_URL into existing customers' docker-compose.yml on update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 16:03:09 +08:00
+								                return;
 								            }
 								            Files.writeString(composeFile, patched, StandardOpenOption.TRUNCATE_EXISTING);
 								            emit.accept("  [已修复] docker-compose: 补齐 update-service 的 FILE_BASE_URL 和 FILE_SERVICE_INTERNAL_URL");
 								        } catch (IOException e) {
 								            emit.accept("  [警告] docker-compose update-service 修复失败: " + e.getMessage());
 								        }
 								    }
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								    // ── Docker helpers ────────────────────────────────────────────────────────
-												feat(tenant-service): 一键更新自动修复配置文件

- 更新前执行幂等配置修复：nginx location /file/ → /api/file/，
  docker-compose.yml 补齐 FILE_UPLOAD_DIR 和 FILE_BASE_URL
- nginx 移至 OTHER_SERVICES 末尾，最后重启以应用修复后的配置
- docker login 读取 .env 中的仓库凭据，解决私有镜像拉取 403

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 17:08:01 +08:00
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								    private void dockerLogin(Consumer<String> emit) {
 								        try {
 								            String registry = null, user = null, password = null;
 								            for (String line : Files.readAllLines(Paths.get(deployRoot + "/.env"))) {
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								                if (line.startsWith("REGISTRY="))             registry = line.substring("REGISTRY=".length()).trim();
 								                else if (line.startsWith("REGISTRY_USER="))   user     = line.substring("REGISTRY_USER=".length()).trim();
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								                else if (line.startsWith("REGISTRY_PASSWORD=")) password = line.substring("REGISTRY_PASSWORD=".length()).trim();
 								            }
 								            if (registry == null || user == null || password == null || password.isEmpty()) return;
 								            String host = registry.contains("/") ? registry.substring(0, registry.indexOf('/')) : registry;
 								            ProcessBuilder pb = new ProcessBuilder("docker", "login", host, "-u", user, "--password-stdin")
 								                    .redirectErrorStream(true);
 								            Process p = pb.start();
 								            p.getOutputStream().write((password + "\n").getBytes());
 								            p.getOutputStream().flush();
 								            p.getOutputStream().close();
 								            String out = new String(p.getInputStream().readAllBytes()).trim();
 								            int code = p.waitFor();
 								            if (code == 0) {
 								                emit.accept("  已完成镜像仓库登录");
 								            } else {
 								                emit.accept("  [警告] 镜像仓库登录失败，将使用本地缓存（" + out + "）");
 								            }
 								        } catch (Exception e) {
 								            emit.accept("  [警告] 读取仓库凭据失败: " + e.getMessage());
 								        }
 								    }
-												fix(system-update): 用独立助手容器替代 CompletableFuture 实现 tenant-service 自重建

原方案：CompletableFuture 延迟调用 docker-compose up。
问题：docker-compose 发出 stop 指令后，容器内全部进程（含 CompletableFuture 线程）
     被立即杀死，rm/create/start 步骤永远不会执行，tenant-service 停在停止状态。

新方案：先用 docker run -d 启动独立助手容器（xuqm-self-updater），
     它不依附于 tenant-service，不会随之终止；8 秒后执行 force-recreate。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:52:36 +08:00
+								    private boolean spawnSelfUpdater(String composeFile, String image) {
 								        try {
 								            new ProcessBuilder("docker", "rm", "-f", "xuqm-self-updater")
 								                    .redirectErrorStream(true).start().waitFor();
-												feat(license): 支持修改 License 过期时间 + 修复一键更新三个问题

License 过期时间：
- LicenseAdminController PATCH 接口增加 expiresAt 字段
- AppLicenseService.update() 移除"一旦设置不可修改"限制，支持清空（永久）或更新日期

一键更新 (SystemUpdateService) 修复：
1. 改用 docker compose (v2) 替换 docker-compose (v1)
2. isRunning/getCurrentImage 去掉 project=xuqm 标签过滤
   （deploy.sh 不传 -p 参数，实际 project 标签为目录名）
3. 拉取前读取 deployRoot/.env 中的 REGISTRY 凭据并执行 docker login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 16:26:01 +08:00
+								            String shellCmd = "sleep 8 && docker compose -f " + composeFile
 								                    + " up -d --no-deps --force-recreate tenant-service";
-												fix(system-update): 用独立助手容器替代 CompletableFuture 实现 tenant-service 自重建

原方案：CompletableFuture 延迟调用 docker-compose up。
问题：docker-compose 发出 stop 指令后，容器内全部进程（含 CompletableFuture 线程）
     被立即杀死，rm/create/start 步骤永远不会执行，tenant-service 停在停止状态。

新方案：先用 docker run -d 启动独立助手容器（xuqm-self-updater），
     它不依附于 tenant-service，不会随之终止；8 秒后执行 force-recreate。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:52:36 +08:00
 								            Process p = new ProcessBuilder(
 								                    "docker", "run", "-d", "--rm",
 								                    "--name", "xuqm-self-updater",
 								                    "-v", "/var/run/docker.sock:/var/run/docker.sock",
 								                    "-v", deployRoot + ":" + deployRoot,
 								                    "--entrypoint", "sh",
 								                    image,
 								                    "-c", shellCmd
 								            ).redirectErrorStream(true).start();
 								            String out = new String(p.getInputStream().readAllBytes()).trim();
 								            int code = p.waitFor();
 								            log.info("self-updater spawn: code={} containerId={}", code, out);
 								            return code == 0;
 								        } catch (Exception e) {
 								            log.error("failed to spawn self-updater", e);
 								            return false;
 								        }
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								    }
-												fix(system-update): 用 compose label 查询容器，修复 isRunning 和自更新助手镜像

- isRunning() 改用 docker ps --filter label=com.docker.compose.service
  兼容 Compose v1 (xuqm_svc_1) 和 v2 (xuqm-svc-1) 命名格式
- 自更新助手镜像改用 getCurrentImage() 从运行中容器的 label 获取，
  不再依赖容器环境变量 REGISTRY/IMAGE_TAG（容器内未注入这两个变量）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 15:46:39 +08:00
+								    private String getCurrentImage() {
 								        try {
 								            Process p = new ProcessBuilder(
 								                    "docker", "ps",
 								                    "--filter", "label=com.docker.compose.service=tenant-service",
 								                    "--format", "{{.Image}}"
 								            ).redirectErrorStream(true).start();
 								            String out = new String(p.getInputStream().readAllBytes()).trim();
 								            p.waitFor();
 								            return out.isEmpty() ? null : out;
 								        } catch (Exception e) {
 								            return null;
 								        }
 								    }
-												feat(tenant): split update/reset ops, remove bootstrap app auto-creation

- SystemUpdateService: split runUpdate() (pull+recreate) and runReset() (recreate only)
- SystemUpdateController: add POST /api/system/reset endpoint
- SdkAppProvisioningService: remove ensureBootstrapApp/ensureApp/ensureFeatureDefaults; resolveApp now throws 404 instead of auto-creating
- SdkAppInitializer: remove ensureBootstrapApp call; only runs one-time migration marking existing system apps as isDefault=true
- PrivateTenantBootstrapInitializer: remove bootstrap app creation; only ensures admin tenant account exists

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-22 15:33:20 +08:00
+								    private String readEnvValue(Path envFile, String key) {
 								        if (!Files.exists(envFile)) return null;
 								        try {
 								            for (String line : Files.readAllLines(envFile)) {
 								                if (line.startsWith(key + "=")) {
 								                    return line.substring(key.length() + 1).trim();
 								                }
 								            }
 								        } catch (IOException ignored) {}
 								        return null;
 								    }
-												feat(tenant-service): 一键更新接口 + Dockerfile 添加 docker-compose

- 新增 SystemUpdateController POST /api/system/update（PRIVATE 模式）
- SystemUpdateService 通过 docker-compose 拉镜像并逐服务重建容器
- Dockerfile 添加 docker-cli + docker-compose（用于容器内调用 Docker API）

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

											
										
										
											2026-05-21 14:46:40 +08:00
+								    private void exec(Consumer<String> emit, String... cmd) {
 								        try {
 								            Process p = new ProcessBuilder(cmd)
 								                    .redirectErrorStream(true)
 								                    .start();
 								            try (BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()))) {
 								                String line;
 								                while ((line = reader.readLine()) != null) {
 								                    if (!line.isBlank()) emit.accept("    " + line);
 								                }
 								            }
 								            int code = p.waitFor();
 								            if (code != 0) emit.accept("    [warn] exit code " + code);
 								        } catch (Exception e) {
 								            emit.accept("    [error] " + e.getMessage());
 								            log.error("exec failed: {}", String.join(" ", cmd), e);
 								        }
 								    }
 								}