@abtnode/auth 1.16.52-beta-20251003-083412-fdfc4e36 → 1.16.52-beta-20251005-235515-42ad5caf

package/lib/auth.js

@@ -413,7 +413,7 @@ const beforeInvitationRequest = async ({ node, teamDid, inviteId, locale = 'en'
   }
 };
 
-const createInvitationRequest = async ({ node, nodeInfo, teamDid, inviteId, baseUrl, locale = 'en' }) => {
+const createInvitationRequest = async ({ node, nodeInfo, teamDid, inviteId, baseUrl, locale = 'en', orgId = '' }) => {
   // verify invite id
   await node.checkInvitation({ teamDid, inviteId });
   const inviteInfo = await node.getInvitation({ teamDid, inviteId });
@@ -425,7 +425,7 @@ const createInvitationRequest = async ({ node, nodeInfo, teamDid, inviteId, base
     logo,
   } = await getApplicationInfo({ node, nodeInfo, teamDid, baseUrl });
 
-  const result = await createPassport({ name: inviteInfo.role, node, teamDid, locale });
+  const result = await createPassport({ name: inviteInfo.role, node, teamDid, locale, orgId });
 
   return {
     description: messages.receivePassport[locale],
@@ -522,7 +522,15 @@ const handleInvitationReceive = async ({
     enableConnectedAccount: true,
   });
 
-  const result = await createPassport({ name: inviteInfo.role, node, teamDid, locale, endpoint });
+  const { orgId = '', inviteUserDids = [] } = inviteInfo || {};
+  const isOrgInvite = !!orgId;
+  // 邀请内部成员时，接收者必须在邀请列表中
+  if (orgId && inviteUserDids.length > 0 && !inviteUserDids.includes(userDid)) {
+    // 接收者不在邀请列表中，不允许接收通行证
+    throw new CustomError(403, 'You are not allowed to receive passport');
+  }
+
+  const result = await createPassport({ name: inviteInfo.role, node, teamDid, locale, endpoint, orgId });
   const purpose = teamDid === nodeInfo.did || isEmpty(result.types) ? 'login' : 'verification';
   const vcParams = {
     issuerName,
@@ -675,11 +683,20 @@ const handleInvitationReceive = async ({
     );
   }
 
+  // 处理加入组织逻辑
+  const inviteMemberDid = user?.did || userDid;
+  if (isOrgInvite && inviteUserDids.length > 0) {
+    await node.updateOrgMember({ teamDid, orgId, userDid: inviteMemberDid, status: 'active' }, req);
+  } else if (isOrgInvite && !inviteUserDids.length) {
+    await node.addOrgMember({ teamDid, orgId, userDid: inviteMemberDid }, req);
+  }
+
   // await node.closeInvitation({ teamDid, inviteId, status: 'success', receiver: { did: userDid, role } });
   await node.closeInvitation({
     teamDid,
     inviteId,
     status: 'success',
+    isOrgInvite,
     receiver: { did: user?.did || userDid, role, timeout: 1000 * 9999 },
   });
 

package/lib/invitation.js

@@ -65,13 +65,25 @@ async function getInvitation({ node, teamDid, inviteId, roles }) {
     /**
      * @type {Role}
      */
-    const role = roles.find((v) => v.name === invitationData.role);
     const invitation = {
       ...invitationData,
       expireDate: new Date(invitationData.expireDate).getTime(),
       receiver: null,
     };
 
+    let orgRoles = [];
+    if (invitation.orgId) {
+      try {
+        orgRoles = await node.getRoles({ teamDid, orgId: invitationData.orgId });
+      } catch (err) {
+        logger.error('failed to get org roles', { teamDid, orgId: invitationData.orgId, error: err });
+      }
+    }
+
+    const allRoles = [...roles, ...orgRoles];
+
+    const role = allRoles.find((v) => v.name === invitationData.role);
+
     return {
       invitation,
       role,
@@ -182,6 +194,14 @@ module.exports = {
           return;
         }
 
+        // 如果是邀请内部用户加入 Org，则需要检查是否邀请了该用户
+        if (invitation.orgId && req.user && invitation.inviteUserDids?.length > 0) {
+          if (!invitation.inviteUserDids.includes(req.user.did)) {
+            res.status(404).send('You have already received the invitation or not invited you');
+            return;
+          }
+        }
+
         try {
           role.permissions = await node.getPermissionsByRole({ teamDid, role: { name: role.name } });
         } catch (err) {

package/lib/util/user-info.js

@@ -13,7 +13,7 @@ const getUserPublicInfo = async ({ req, teamDid, node }) => {
   const inputSchema = Joi.DID().required();
   const { error, value } = inputSchema.validate(req.query.did);
   if (error) {
-    throw new CustomError(400, error.details[0].message);
+    throw new CustomError(400, 'Invalid user did');
   }
 
   let _teamDid = teamDid;

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.52-beta-20251003-083412-fdfc4e36",
+  "version": "1.16.52-beta-20251005-235515-42ad5caf",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,9 +20,9 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.52-beta-20251003-083412-fdfc4e36",
-    "@abtnode/logger": "1.16.52-beta-20251003-083412-fdfc4e36",
-    "@abtnode/util": "1.16.52-beta-20251003-083412-fdfc4e36",
+    "@abtnode/constant": "1.16.52-beta-20251005-235515-42ad5caf",
+    "@abtnode/logger": "1.16.52-beta-20251005-235515-42ad5caf",
+    "@abtnode/util": "1.16.52-beta-20251005-235515-42ad5caf",
     "@arcblock/did": "1.25.6",
     "@arcblock/did-connect-js": "1.25.6",
     "@arcblock/did-ext": "1.25.6",
@@ -31,10 +31,10 @@
     "@arcblock/nft-display": "^3.1.44",
     "@arcblock/validator": "1.25.6",
     "@arcblock/vc": "1.25.6",
-    "@blocklet/constant": "1.16.52-beta-20251003-083412-fdfc4e36",
+    "@blocklet/constant": "1.16.52-beta-20251005-235515-42ad5caf",
     "@blocklet/error": "^0.2.5",
-    "@blocklet/meta": "1.16.52-beta-20251003-083412-fdfc4e36",
-    "@blocklet/sdk": "1.16.52-beta-20251003-083412-fdfc4e36",
+    "@blocklet/meta": "1.16.52-beta-20251005-235515-42ad5caf",
+    "@blocklet/sdk": "1.16.52-beta-20251005-235515-42ad5caf",
     "@ocap/client": "1.25.6",
     "@ocap/mcrypto": "1.25.6",
     "@ocap/util": "1.25.6",
@@ -56,5 +56,5 @@
   "devDependencies": {
     "jest": "^29.7.0"
   },
-  "gitHead": "973c4fe0d6c1bb59c9101cea4866105ab5ec89d2"
+  "gitHead": "7b295929a123edac2cb292c43f2edda0d3e3e6b8"
 }