@abtnode/auth 1.16.24 → 1.16.25-beta-fe54d1bc

package/lib/lost-passport.js

@@ -9,8 +9,15 @@ const getNodeWallet = require('@abtnode/util/lib/get-app-wallet');
 const { getDisplayName, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS, NODE_DATA_DIR_NAME } = require('@abtnode/constant');
 const get = require('lodash/get');
+const isFunction = require('lodash/isFunction');
 const { getUserAvatarUrl, getAppAvatarUrl, getServerAvatarUrl, extractUserAvatar } = require('@abtnode/util/lib/user');
 const { getWalletDid } = require('@blocklet/meta/lib/did-utils');
+const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/login');
+const {
+  getFederatedMaster,
+  shouldSyncFederated,
+  getUserAvatarUrl: getUserAvatarUrlForFederated,
+} = require('./util/federated');
 
 const logger = require('./logger');
 const { messages, getUser, checkWalletVersion, getPassportStatusEndpoint } = require('./auth');
@@ -24,6 +31,7 @@ const {
 const verifySignature = require('./util/verify-signature');
 
 const createPassportSvg = require('./util/create-passport-svg');
+const { getDidConnectVersion } = require('../../blocklet-services/api/util');
 
 const TEAM_TYPES = {
   BLOCKLET: 'blocklet',
@@ -150,7 +158,7 @@ const createLostPassportListRoute = ({ node, type }) => ({
  * Did Auth api for issue lost passport
  * @param {Enum} type node | blocklet
  */
-const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
+const createLostPassportIssueRoute = ({ node, type, authServicePrefix, createToken }) => ({
   action: 'lost-passport-issue',
   authPrincipal: false,
   claims: [
@@ -210,7 +218,7 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
     },
   ],
 
-  onAuth: async ({ claims, userDid, userPk, extraParams, updateSession, baseUrl, req }) => {
+  onAuth: async ({ claims, userDid, userPk, extraParams, updateSession, baseUrl, req, request }) => {
     const { locale = 'en', receiverDid, passportName } = extraParams;
 
     const { teamDid, issuerDidList, issuerName, issuerLogo, issuerWallet, passportColor, info, dataDir } =
@@ -316,6 +324,113 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
       node
     );
 
+    if (isFunction(createToken)) {
+      if (type === TEAM_TYPES.BLOCKLET) {
+        const lastLoginIp = request.headers['x-real-ip'];
+        const ua = request.headers['user-agent'];
+        const walletOS = request.context.didwallet.os;
+        const sourceAppPid = getSourceAppPid(request);
+        const provider = getLoginProvider(request);
+
+        const currentUser = await node.getUser({
+          teamDid,
+          user: {
+            did: userDid,
+          },
+          options: {
+            enableConnectedAccount: true,
+          },
+        });
+        const connectAccount = { provider, did: userDid, pk: userPk };
+
+        const updatedUser = await node.loginUser({
+          teamDid,
+          user: {
+            did: currentUser.did,
+            pk: currentUser.pk,
+            locale,
+            passport,
+            sourceAppPid,
+            lastLoginIp,
+            connectedAccount: [connectAccount],
+          },
+        });
+
+        const blocklet = await request.getBlocklet();
+        const sessionConfig = blocklet.settings?.session || {};
+        const { secret } = await request.getBlockletInfo();
+        const userSessionDoc = await node.upsertUserSession({
+          teamDid,
+          visitorId: extraParams?.visitorId,
+          userDid,
+          appPid: teamDid,
+          passportId: passport?.id,
+          status: 'online',
+          ua,
+          lastLoginIp,
+          extra: {
+            walletOS,
+          },
+        });
+
+        if (shouldSyncFederated(sourceAppPid, blocklet)) {
+          const masterSite = getFederatedMaster(blocklet);
+          node
+            .syncFederated({
+              did: teamDid,
+              data: {
+                users: [
+                  {
+                    did: updatedUser.did,
+                    pk: updatedUser.pk,
+                    fullName: updatedUser.fullName,
+                    email: updatedUser.email || '',
+                    avatar: getUserAvatarUrlForFederated(updatedUser.avatar, blocklet),
+                    connectedAccount: [connectAccount],
+                    action: 'connectAccount',
+                    sourceAppPid: sourceAppPid || masterSite.appPid,
+                  },
+                ],
+              },
+            })
+            .then(() => {
+              node.syncUserSession({
+                teamDid,
+                userDid,
+                visitorId: userSessionDoc.visitorId,
+                passportId: passport?.id,
+                targetAppPid: sourceAppPid,
+                ua,
+                lastLoginIp,
+                extra: {
+                  walletOS,
+                },
+              });
+            });
+        }
+        const { sessionToken, refreshToken } = createToken(
+          userDid,
+          {
+            secret,
+            passport,
+            role,
+            fullName: user.fullName,
+            provider,
+            // request.context.store.connectedWallet
+            walletOS,
+          },
+          { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+        );
+        await updateSession({ sessionToken, refreshToken }, true);
+      } else if (type === TEAM_TYPES.NODE) {
+        const sessionToken = createToken(userDid, {
+          passport,
+          role,
+        });
+        await updateSession({ sessionToken }, true);
+      }
+    }
+
     await updateSession({ passportId: vc.id });
 
     return {

package/lib/util/federated.js

@@ -0,0 +1,65 @@
+const { WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_URL_PREFIX, USER_AVATAR_PATH_PREFIX } = require('@abtnode/constant');
+const pRetry = require('p-retry');
+const { signV2 } = require('@arcblock/jwt');
+const joinUrl = require('url-join');
+
+const request = require('./request');
+
+function isMaster(site) {
+  return site?.isMaster !== false;
+}
+
+function getUserAvatarUrl(avatar, blocklet) {
+  let avatarUrl = avatar;
+  if (avatar && avatar.startsWith(USER_AVATAR_URL_PREFIX)) {
+    avatarUrl = joinUrl(WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_PATH_PREFIX, avatarUrl.split('/').slice(-1)[0]);
+
+    const appUrl = blocklet.environmentObj.BLOCKLET_APP_URL;
+    avatarUrl = joinUrl(appUrl, avatarUrl);
+  }
+  return avatarUrl;
+}
+
+function getFederatedMaster(blocklet) {
+  const { sites } = blocklet?.settings?.federated || {};
+  const masterSite = (sites || []).find((item) => isMaster(item));
+  return masterSite || null;
+}
+
+function shouldSyncFederated(sourceAppPid, blocklet) {
+  if (sourceAppPid) {
+    return true;
+  }
+
+  const masterSite = getFederatedMaster(blocklet);
+  return !!(masterSite && blocklet && masterSite.appPid === blocklet.appPid);
+}
+
+function findFederatedSite(blocklet, targetAppPid) {
+  const { sites } = blocklet?.settings?.federated || {};
+  const targetSite = (sites || []).find((item) => item.appPid === targetAppPid);
+  return targetSite || null;
+}
+
+async function callFederated({ site, permanentWallet, data, action }) {
+  const url = new URL(site.appUrl);
+  url.pathname = joinUrl(WELLKNOWN_SERVICE_PATH_PREFIX, `/api/federated/${action}`);
+  const result = await pRetry(
+    () =>
+      request.post(url.href, {
+        signer: permanentWallet.address,
+        data: signV2(permanentWallet.address, permanentWallet.secretKey, data),
+      }),
+    { retries: 3 }
+  );
+  return result.data;
+}
+
+module.exports = {
+  callFederated,
+  getUserAvatarUrl,
+  shouldSyncFederated,
+  getFederatedMaster,
+  findFederatedSite,
+  isMaster,
+};

package/lib/util/request.js

@@ -0,0 +1,10 @@
+const axios = require('@abtnode/util/lib/axios');
+const { version } = require('../../package.json');
+
+module.exports =
+  process.env.NODE_ENV === 'test'
+    ? axios
+    : axios.create({
+        timeout: 10 * 1000,
+        headers: { 'User-Agent': `ABTNode/${version}`, 'x-blocklet-server-version': version },
+      });

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.24",
+  "version": "1.16.25-beta-fe54d1bc",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,19 +20,21 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.24",
-    "@abtnode/logger": "1.16.24",
-    "@abtnode/util": "1.16.24",
-    "@arcblock/did": "1.18.110",
-    "@arcblock/nft-display": "2.9.41",
-    "@arcblock/validator": "^1.18.110",
-    "@arcblock/vc": "1.18.110",
-    "@blocklet/constant": "1.16.24",
-    "@blocklet/meta": "1.16.24",
-    "@ocap/client": "^1.18.110",
-    "@ocap/mcrypto": "1.18.110",
-    "@ocap/util": "1.18.110",
-    "@ocap/wallet": "1.18.110",
+    "@abtnode/constant": "1.16.25-beta-fe54d1bc",
+    "@abtnode/logger": "1.16.25-beta-fe54d1bc",
+    "@abtnode/util": "1.16.25-beta-fe54d1bc",
+    "@arcblock/did": "1.18.113",
+    "@arcblock/jwt": "^1.18.113",
+    "@arcblock/nft-display": "2.9.42",
+    "@arcblock/validator": "^1.18.113",
+    "@arcblock/vc": "1.18.113",
+    "@blocklet/constant": "1.16.25-beta-fe54d1bc",
+    "@blocklet/meta": "1.16.25-beta-fe54d1bc",
+    "@blocklet/sdk": "1.16.25-beta-fe54d1bc",
+    "@ocap/client": "^1.18.113",
+    "@ocap/mcrypto": "1.18.113",
+    "@ocap/util": "1.18.113",
+    "@ocap/wallet": "1.18.113",
     "axios": "^0.27.2",
     "flat": "^5.0.2",
     "fs-extra": "^11.2.0",
@@ -49,5 +51,5 @@
   "devDependencies": {
     "jest": "^29.7.0"
   },
-  "gitHead": "6cd6669cb3569f96433e18b1dac346432741a1a7"
+  "gitHead": "e9411b6ee3c482554c76fe91796560abeb0e56ad"
 }