@abtnode/auth 1.16.0-beta-8ee536d7 → 1.16.0-beta-62b42401

package/lib/auth.js

@@ -16,6 +16,7 @@ const {
   NODE_DATA_DIR_NAME,
   AUTH_CERT_TYPE,
   WELLKNOWN_BLOCKLET_ADMIN_PATH,
+  USER_TYPE,
 } = require('@abtnode/constant');
 const axios = require('@abtnode/util/lib/axios');
 const { extractUserAvatar, parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
@@ -398,16 +399,7 @@ const getUser = async (node, teamDid, userDid) => {
 };
 
 const beforeInvitationRequest = async ({ node, teamDid, inviteId, locale = 'en' }) => {
-  const inviteInfo = await node.getInvitation({ teamDid, inviteId });
-
-  if (!inviteInfo) {
-    throw new Error(
-      {
-        en: 'The invitation link does not exist or has been used',
-        zh: '邀请链接不存在或已被使用',
-      }[locale]
-    );
-  }
+  await node.checkInvitation({ teamDid, inviteId });
 
   const count = await node.getUsersCount({ teamDid });
   if (count === 0) {
@@ -422,10 +414,8 @@ const beforeInvitationRequest = async ({ node, teamDid, inviteId, locale = 'en'
 
 const createInvitationRequest = async ({ node, nodeInfo, teamDid, inviteId, locale = 'en' }) => {
   // verify invite id
+  await node.checkInvitation({ teamDid, inviteId });
   const inviteInfo = await node.getInvitation({ teamDid, inviteId });
-  if (!inviteInfo) {
-    throw new Error('The invitation does not exist or has been used');
-  }
 
   const {
     name: issuerName,
@@ -457,55 +447,51 @@ const createInvitationRequest = async ({ node, nodeInfo, teamDid, inviteId, loca
   };
 };
 
-const handleInvitationResponse = async ({
-  req = {},
+const handleInvitationReceive = async ({
   node,
+  req,
   nodeInfo,
+  locale = 'en',
   teamDid,
+  inviteId,
   userDid,
   userPk,
-  inviteId,
-  locale = 'en',
-  claims,
+  userSource = USER_TYPE.WALLET,
+  newNftOwner,
   statusEndpointBaseUrl,
   endpoint,
-  newNftOwner,
+  profile,
 }) => {
   if (!nodeInfo.nodeOwner) {
     throw new Error(messages.notInitialized[locale]);
   }
-
-  const claim = claims.find((x) => x.type === 'signature');
-  verifySignature(claim, userDid, userPk, locale);
-
-  const inviteInfo = await node.getInvitation({ teamDid, inviteId });
-  if (!inviteInfo) {
-    throw new Error(`The invitation does not exist: ${inviteId}`);
-  }
-
-  if (inviteInfo.role === 'owner' && userDid === nodeInfo.nodeOwner.did) {
-    throw new Error(messages.notAllowedTransferToSelf[locale]);
-  }
-
   await node.checkInvitation({ teamDid, inviteId });
 
-  if (inviteInfo.role === 'owner' && get(nodeInfo, 'ownerNft.holder')) {
-    // 这种情况下是 Transfer 有 Owner NFT 的 Blocklet Server
-    const client = new Client(nodeInfo.launcher.chainHost);
-    const ownerNftDid = get(nodeInfo, 'ownerNft.did');
-
-    const { state: assetState } = await client.getAssetState({ address: ownerNftDid });
-    if (assetState.owner !== newNftOwner) {
-      const hash = await client.transfer({
-        delegator: get(nodeInfo, 'ownerNft.holder'),
-        to: newNftOwner,
-        assets: [ownerNftDid],
-        wallet: getNodeWallet(nodeInfo.sk),
-      });
+  const inviteInfo = await node.getInvitation({ teamDid, inviteId });
+  if (inviteInfo.role === 'owner') {
+    // 禁止将 owner 转移给自己的逻辑
+    if (userDid === nodeInfo.nodeOwner.did) {
+      throw new Error(messages.notAllowedTransferToSelf[locale]);
+    }
 
-      logger.info('transferred nft', { hash, nft: ownerNftDid });
-      await node.updateNftHolder(newNftOwner);
-      logger.info('updated owner nft holder', { holder: newNftOwner, nft: ownerNftDid });
+    if (get(nodeInfo, 'ownerNft.holder')) {
+      // 这种情况下是 Transfer 有 Owner NFT 的 Blocklet Server
+      const client = new Client(nodeInfo.launcher.chainHost);
+      const ownerNftDid = get(nodeInfo, 'ownerNft.did');
+
+      const { state: assetState } = await client.getAssetState({ address: ownerNftDid });
+      if (assetState.owner !== newNftOwner) {
+        const hash = await client.transfer({
+          delegator: get(nodeInfo, 'ownerNft.holder'),
+          to: newNftOwner,
+          assets: [ownerNftDid],
+          wallet: getNodeWallet(nodeInfo.sk),
+        });
+
+        logger.info('transferred nft', { hash, nft: ownerNftDid });
+        await node.updateNftHolder(newNftOwner);
+        logger.info('updated owner nft holder', { holder: newNftOwner, nft: ownerNftDid });
+      }
     }
   }
 
@@ -519,8 +505,6 @@ const handleInvitationResponse = async ({
 
   const { remark } = inviteInfo;
 
-  const profile = claims.find((x) => x.type === 'profile');
-
   const vcParams = {
     issuerName,
     issuerWallet,
@@ -582,6 +566,7 @@ const handleInvitationResponse = async ({
       user: {
         ...profile,
         avatar,
+        source: userSource,
         did: userDid,
         pk: userPk,
         locale,
@@ -605,6 +590,7 @@ const handleInvitationResponse = async ({
       teamDid,
       user: {
         ...profile,
+        source: userSource,
         avatar,
         did: userDid,
         pk: userPk,
@@ -649,6 +635,43 @@ const handleInvitationResponse = async ({
   };
 };
 
+const handleInvitationResponse = async ({
+  req = {},
+  node,
+  nodeInfo,
+  teamDid,
+  userDid,
+  userPk,
+  inviteId,
+  locale = 'en',
+  claims,
+  statusEndpointBaseUrl,
+  endpoint,
+  newNftOwner,
+}) => {
+  const claim = claims.find((x) => x.type === 'signature');
+  verifySignature(claim, userDid, userPk, locale);
+
+  const profile = claims.find((x) => x.type === 'profile');
+
+  const receiveResult = await handleInvitationReceive({
+    nodeInfo,
+    locale,
+    req,
+    node,
+    inviteId,
+    teamDid,
+    newNftOwner,
+    userDid,
+    userPk,
+    statusEndpointBaseUrl,
+    endpoint,
+    profile,
+  });
+
+  return receiveResult;
+};
+
 const beforeIssuePassportRequest = async ({ node, teamDid, id, locale = 'en' }) => {
   const issuanceInfo = await node.getPassportIssuance({ teamDid, sessionId: id });
 
@@ -1049,6 +1072,7 @@ module.exports = {
   beforeInvitationRequest,
   createInvitationRequest,
   handleInvitationResponse,
+  handleInvitationReceive,
   beforeIssuePassportRequest,
   createIssuePassportRequest,
   handleIssuePassportResponse,

package/lib/server.js

@@ -189,6 +189,7 @@ const authenticateByNFT = async ({ node, claims, userDid, challenge, locale, isA
   if (state.owner !== ownerDid) {
     throw new Error(messages.invalidNftHolder[locale]);
   }
+
   if (state.issuer !== info.launcher.did) {
     throw new Error(messages.invalidNftIssuer[locale]);
   }
@@ -557,6 +558,7 @@ const createLaunchBlockletHandler =
     }
 
     let blocklet;
+    let blockletWalletType;
     if (blockletMetaUrl) {
       blocklet = await node.getBlockletMetaFromUrl({ url: blockletMetaUrl, checkPrice: true });
       if (!blocklet.meta) {
@@ -569,6 +571,11 @@ const createLaunchBlockletHandler =
           throw new Error(messages.invalidParams[locale]);
         }
       }
+
+      const blockletWalletTypeEnv = (blocklet.meta.environments || []).find((x) => x.name === 'BLOCKLET_WALLET_TYPE');
+      if (blockletWalletTypeEnv) {
+        blockletWalletType = blockletWalletTypeEnv.default;
+      }
     }
 
     const { role, passport, user, extra, nft } = await ensureBlockletPermission({
@@ -620,7 +627,7 @@ const createLaunchBlockletHandler =
     }
 
     const appSk = toHex(keyPair.secret);
-    const appDid = getApplicationWallet(appSk).address;
+    const appDid = getApplicationWallet(appSk, undefined, blockletWalletType).address;
     await updateSession({ appDid });
 
     if (blocklet) {
@@ -723,6 +730,37 @@ const createRotateKeyPairHandler =
     );
   };
 
+const createRestoreOnServerlessHandler =
+  (node, authMethod) =>
+  async ({ claims, challenge, userDid, updateSession, extraParams: { chainHost, locale } }) => {
+    const { role, extra } = await ensureBlockletPermission({
+      authMethod,
+      node,
+      userDid,
+      claims,
+      challenge,
+      locale,
+      isAuth: false,
+      chainHost,
+    });
+
+    const sessionToken = createBlockletControllerAuthToken({
+      did: userDid,
+      role,
+      secret,
+      controller: extra.controller,
+      expiresIn: EXTERNAL_LAUNCH_BLOCKLET_TOKEN_EXPIRE,
+    });
+
+    await updateSession({ sessionToken }, true);
+
+    return {
+      nextWorkflowData: {
+        controller: extra.controller,
+      },
+    };
+  };
+
 module.exports = {
   getAuthVcClaim,
   getKeyPairClaim,
@@ -734,6 +772,7 @@ module.exports = {
   getLaunchBlockletClaims,
   createLaunchBlockletHandler,
   createRotateKeyPairHandler,
+  createRestoreOnServerlessHandler,
   ensureBlockletPermission,
   getBlockletPermissionChecker,
   getSetupBlockletClaims,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.0-beta-8ee536d7",
+  "version": "1.16.0-beta-62b42401",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,18 +20,18 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.16.0-beta-8ee536d7",
-    "@abtnode/logger": "1.16.0-beta-8ee536d7",
-    "@abtnode/util": "1.16.0-beta-8ee536d7",
-    "@arcblock/did": "1.18.62",
-    "@arcblock/jwt": "^1.18.62",
-    "@arcblock/vc": "1.18.62",
-    "@blocklet/constant": "1.16.0-beta-8ee536d7",
-    "@blocklet/meta": "1.16.0-beta-8ee536d7",
-    "@ocap/client": "1.18.62",
-    "@ocap/mcrypto": "1.18.62",
-    "@ocap/util": "1.18.62",
-    "@ocap/wallet": "1.18.62",
+    "@abtnode/constant": "1.16.0-beta-62b42401",
+    "@abtnode/logger": "1.16.0-beta-62b42401",
+    "@abtnode/util": "1.16.0-beta-62b42401",
+    "@arcblock/did": "1.18.63",
+    "@arcblock/jwt": "^1.18.63",
+    "@arcblock/vc": "1.18.63",
+    "@blocklet/constant": "1.16.0-beta-62b42401",
+    "@blocklet/meta": "1.16.0-beta-62b42401",
+    "@ocap/client": "1.18.63",
+    "@ocap/mcrypto": "1.18.63",
+    "@ocap/util": "1.18.63",
+    "@ocap/wallet": "1.18.63",
     "axios": "^0.27.2",
     "joi": "17.7.0",
     "jsonwebtoken": "^9.0.0",
@@ -43,5 +43,5 @@
   "devDependencies": {
     "jest": "^27.5.1"
   },
-  "gitHead": "57d0c45be311a5fbc1c0fffa2814b62c1a3ee34c"
+  "gitHead": "6ef1c3601d0cfdcf5da0b55b4c54ef1fa9fce7d2"
 }