@abtnode/auth 1.16.39 → 1.16.40-beta-20250227-092112-1815be0a

package/lib/lost-passport.js

@@ -11,12 +11,13 @@ const getNodeWallet = require('@abtnode/util/lib/get-app-wallet');
 const CustomError = require('@abtnode/util/lib/custom-error');
 const { getActivePassports } = require('@abtnode/util/lib/passport');
 const { getDisplayName, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
-const { VC_TYPE_NODE_PASSPORT, NODE_DATA_DIR_NAME } = require('@abtnode/constant');
+const { NODE_DATA_DIR_NAME, VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT } = require('@abtnode/constant');
 const { getUserAvatarUrl, getAppAvatarUrl, getServerAvatarUrl, extractUserAvatar } = require('@abtnode/util/lib/user');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const { getWalletDid } = require('@blocklet/meta/lib/did-utils');
 const { Hasher } = require('@ocap/mcrypto');
 const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/login');
+const isArray = require('lodash/isArray');
 const {
   getFederatedMaster,
   shouldSyncFederated,
@@ -278,7 +279,11 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix, createTok
     let role;
     let passport;
 
-    const purpose = teamDid === info.did || isEmpty(exist.type) ? 'login' : 'verification';
+    // @note: 如果通行证类型为空，或者为通用通行证，则认为是登录，但是这可能会导致恶意应用伪造 type 字段
+    const purpose =
+      isEmpty(exist.type) || (isArray(exist.type) && exist.type.includes(VC_TYPE_GENERAL_PASSPORT))
+        ? 'login'
+        : 'verification';
     if (oldPassport.scope === 'passport') {
       const vcParams = {
         issuerName,
@@ -362,7 +367,7 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix, createTok
       node
     );
 
-    if (oldPassport.scope === 'passport' && purpose === 'login' && isFunction(createToken)) {
+    if (oldPassport.scope === 'passport' && isFunction(createToken)) {
       if (type === TEAM_TYPES.BLOCKLET) {
         const lastLoginIp = getRequestIP(request);
         const walletDeviceMessageToken = request.get('wallet-device-message-token');

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.39",
+  "version": "1.16.40-beta-20250227-092112-1815be0a",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,22 +20,22 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.39",
-    "@abtnode/logger": "1.16.39",
-    "@abtnode/util": "1.16.39",
-    "@arcblock/did": "1.19.10",
-    "@arcblock/did-auth": "1.19.10",
-    "@arcblock/jwt": "^1.19.10",
-    "@arcblock/nft-display": "^2.11.48",
-    "@arcblock/validator": "^1.19.10",
-    "@arcblock/vc": "1.19.10",
-    "@blocklet/constant": "1.16.39",
-    "@blocklet/meta": "1.16.39",
-    "@blocklet/sdk": "1.16.39",
-    "@ocap/client": "^1.19.10",
-    "@ocap/mcrypto": "1.19.10",
-    "@ocap/util": "1.19.10",
-    "@ocap/wallet": "1.19.10",
+    "@abtnode/constant": "1.16.40-beta-20250227-092112-1815be0a",
+    "@abtnode/logger": "1.16.40-beta-20250227-092112-1815be0a",
+    "@abtnode/util": "1.16.40-beta-20250227-092112-1815be0a",
+    "@arcblock/did": "1.19.12",
+    "@arcblock/did-auth": "1.19.12",
+    "@arcblock/jwt": "^1.19.12",
+    "@arcblock/nft-display": "^2.11.49",
+    "@arcblock/validator": "^1.19.12",
+    "@arcblock/vc": "1.19.12",
+    "@blocklet/constant": "1.16.40-beta-20250227-092112-1815be0a",
+    "@blocklet/meta": "1.16.40-beta-20250227-092112-1815be0a",
+    "@blocklet/sdk": "1.16.40-beta-20250227-092112-1815be0a",
+    "@ocap/client": "^1.19.12",
+    "@ocap/mcrypto": "1.19.12",
+    "@ocap/util": "1.19.12",
+    "@ocap/wallet": "1.19.12",
     "@simplewebauthn/server": "^13.0.0",
     "axios": "^1.7.9",
     "flat": "^5.0.2",
@@ -52,5 +52,5 @@
   "devDependencies": {
     "jest": "^29.7.0"
   },
-  "gitHead": "e3a614757b32dba71dcc187f20060932df31eab6"
+  "gitHead": "e33d791e24236a10ed3d196618aba989a0eee8ad"
 }