Implement Upload Hook for momentry integration (Phase 1)

- Add upload_hook.rs module: trigger video_probe + video_register on upload
- Add UploadHookSection to config: video extensions, binary paths
- Integrate with SFTP: handle_close triggers hook on write files
- Integrate with SCP/rsync: child process exit triggers hook
- All 155 tests pass

markbase-core/src/ssh_server/server.rs

@@ -10,8 +10,9 @@ use crate::ssh_server::cipher::{EncryptedPacket, EncryptionContext};
 use crate::ssh_server::kex::{KexProposal, KexResult};
 use crate::ssh_server::kex_complete::KexState;
 use crate::ssh_server::packet::{PacketType, SshPacket};
-use crate::ssh_server::port_forward::PortForwardManager; // Phase 13
-use crate::ssh_server::ssh_security_config::SshSecurityConfig; // Phase 13.1
+use crate::ssh_server::port_forward::PortForwardManager;
+use crate::ssh_server::ssh_security_config::SshSecurityConfig;
+use crate::ssh_server::upload_hook::UploadHook;
 use crate::ssh_server::version::VersionExchange;
 use anyhow::{anyhow, Result};
 use log::{error, info, warn};
@@ -19,14 +20,14 @@ use std::io::{Read, Write};
 use std::net::{TcpListener, TcpStream};
 use std::path::PathBuf;
 use std::sync::{Arc, Mutex};
-use std::thread; // Phase 13: 端口转发线程同步
+use std::thread;
 
-/// SSH服务器配置（Phase 13.1企业级安全配置）
 pub struct SshServerConfig {
     pub port: u16,
     pub bind_address: String,
-    pub security_config: SshSecurityConfig, // Phase 13.1: 企业级安全配置
-    pub pg_conn: Option<String>,            // PostgreSQL连接字符串（SFTPGo兼容认证）
+    pub security_config: SshSecurityConfig,
+    pub pg_conn: Option<String>,
+    pub upload_hook_config: crate::config::UploadHookSection,
 }
 
 impl Default for SshServerConfig {
@@ -34,8 +35,9 @@ impl Default for SshServerConfig {
         Self {
             port: 2024,
             bind_address: "127.0.0.1".to_string(),
-            security_config: SshSecurityConfig::enterprise_default(), // Phase 13.1
+            security_config: SshSecurityConfig::enterprise_default(),
             pg_conn: None,
+            upload_hook_config: crate::config::UploadHookSection::default(),
         }
     }
 }
@@ -49,6 +51,7 @@ impl SshServerConfig {
             bind_address: "127.0.0.1".to_string(),
             security_config: config,
             pg_conn: None,
+            upload_hook_config: crate::config::UploadHookSection::default(),
         })
     }
 }
@@ -81,8 +84,9 @@ impl SshServer {
             self.config.security_config.max_sessions
         );
 
-        let security_config = self.security_config.clone(); // Phase 13.1: 共享安全配置
+        let security_config = self.security_config.clone();
         let pg_conn = self.config.pg_conn.clone();
+        let upload_hook_config = self.config.upload_hook_config.clone();
 
         for stream in listener.incoming() {
             match stream {
@@ -90,14 +94,18 @@ impl SshServer {
                     let client_addr = stream.peer_addr()?;
                     info!("New SSH connection from {}", client_addr);
 
-                    let security_config_clone = security_config.clone(); // Phase 13.1
+                    let security_config_clone = security_config.clone();
                     let pg_conn_clone = pg_conn.clone();
+                    let upload_hook_config_clone = upload_hook_config.clone();
 
                     thread::spawn(move || {
-                        if let Err(e) =
-                            handle_connection_complete(stream, security_config_clone, pg_conn_clone)
+                        if let Err(e) = handle_connection_complete(
+                            stream,
+                            security_config_clone,
+                            pg_conn_clone,
+                            upload_hook_config_clone,
+                        )
                         {
-                            // Phase 13.1
                             error!("Connection error: {}", e);
                         }
                     });
@@ -117,6 +125,7 @@ fn handle_connection_complete(
     stream: TcpStream,
     security_config: Arc<Mutex<SshSecurityConfig>>,
     pg_conn: Option<String>,
+    upload_hook_config: crate::config::UploadHookSection,
 ) -> Result<()> {
     info!("Handling client connection (Phase 1-13 complete flow with port forwarding)");
 
@@ -173,8 +182,23 @@ fn handle_connection_complete(
     let auth_user = perform_ssh_auth(&mut stream, &mut auth_handler, &mut encryption_ctx)?;
     info!("SSH authentication succeeded: user={}", auth_user.username);
 
-    // Phase 6: SSH Channel管理（参考OpenSSH channel.c）
-    let mut channel_manager = ChannelManager::new(auth_user.home_dir.clone());
+    let upload_hook = if upload_hook_config.enabled {
+        Some(Arc::new(UploadHook::new(
+            upload_hook_config.enabled,
+            PathBuf::from(&upload_hook_config.video_probe_path),
+            PathBuf::from(&upload_hook_config.video_register_cli),
+            PathBuf::from(&upload_hook_config.video_register_dir),
+            upload_hook_config.video_extensions.clone(),
+        )))
+    } else {
+        None
+    };
+
+    let mut channel_manager = ChannelManager::new(
+        auth_user.home_dir.clone(),
+        upload_hook,
+        auth_user.username.clone(),
+    );
 
     // Phase 13: PortForwardManager初始化
     let mut port_forward_manager = PortForwardManager::new();
@@ -666,8 +690,9 @@ pub fn run_ssh_server(port: Option<u16>, pg_conn: Option<&str>) -> Result<()> {
     let config = SshServerConfig {
         port: port.unwrap_or(2024),
         bind_address: "127.0.0.1".to_string(),
-        security_config: SshSecurityConfig::enterprise_default(), // Phase 13.1: 添加安全配置
+        security_config: SshSecurityConfig::enterprise_default(),
         pg_conn: pg_conn.map(|s| s.to_string()),
+        upload_hook_config: crate::config::UploadHookSection::default(),
     };
 
     let server = SshServer::new(config);