npm - @abtnode/auth - Versions diffs - 1.16.6-beta-7cbab489 → 1.16.6-beta-61cf68d3 - Mend

@abtnode/auth 1.16.6-beta-7cbab489 → 1.16.6-beta-61cf68d3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/auth.js CHANGED Viewed

@@ -399,8 +399,8 @@ const createAuthTokenByOwnershipNFT = ({ did, role, secret, expiresIn } = {}) =>
   return jwt.sign(payload, secret, { expiresIn });
 };
-const getUser = async (node, teamDid, userDid) => {
-  const user = await node.getUser({ teamDid, user: { did: userDid } });
+const getUser = async (node, teamDid, userDid, options = {}) => {
+  const user = await node.getUser({ teamDid, user: { did: userDid }, options });
   return user;
 };
@@ -541,23 +541,27 @@ const handleInvitationReceive = async ({
   const role = getRoleFromLocalPassport(get(vc, 'credentialSubject.passport'));
   const passport = createUserPassport(vc, { role });
-  const user = await getUser(node, teamDid, userDid);
+  const user = await getUser(node, teamDid, userDid, {
+    enableConnectedAccount: true,
+  });
+  // NOTICE: owner 目前必须是 did-wallet 的账户，暂不做额外 did 判断
   if (role === 'owner') {
     if (issuerType === TEAM_TYPE.blocklet) {
       // should not be here
       throw new Error('not allowed to transfer application ownership');
     }
-    // TODO: @zhanghan 判断方式应该是 userDid === nodeInfo.nodeOwner.did
-    // by @linchen
-    if (user && user.role === 'owner') {
+    if (userDid === nodeInfo.nodeOwner.did) {
       throw new Error(messages.alreadyTransferred[locale](userDid));
     }
     await node.updateNodeOwner({ nodeOwner: { did: userDid, pk: userPk } });
-    const originalOwner = await getUser(node, teamDid, nodeInfo.nodeOwner.did);
+    // NOTICE: 这里理论上不需要查询 connectedAccount (owner 必须是 did-wallet 的账户)，加上后也不影响
+    const originalOwner = await getUser(node, teamDid, nodeInfo.nodeOwner.did, {
+      enableConnectedAccount: true,
+    });
     const originalOwnerPassport = (originalOwner.passports || []).find((p) => p.role === 'owner');
     if (originalOwnerPassport) {
       await node.revokeUserPassport({ teamDid, userDid: nodeInfo.nodeOwner.did, passportId: originalOwnerPassport.id });
@@ -579,8 +583,8 @@ const handleInvitationReceive = async ({
       user: {
         ...profile,
         avatar,
-        did: userDid,
-        pk: userPk,
+        did: user.did,
+        pk: user.pk,
         locale,
         passport,
         lastLoginIp: get(req, 'headers[x-real-ip]') || '',
@@ -595,7 +599,7 @@ const handleInvitationReceive = async ({
     await node.createAuditLog(
       {
         action: 'updateUser',
-        args: { teamDid, userDid, passport, inviteId, reason: 'accepted invitation' },
+        args: { teamDid, userDid: user.did, passport, inviteId, reason: 'accepted invitation' },
         context: formatContext(Object.assign(req, { user })),
         result: doc,
       },
@@ -623,7 +627,7 @@ const handleInvitationReceive = async ({
     await node.createAuditLog(
       {
         action: 'addUser',
-        args: { teamDid, userDid, passport, inviteId, reason: 'accepted invitation' },
+        args: { teamDid, userDid: user?.did || userDid, passport, inviteId, reason: 'accepted invitation' },
         context: formatContext(Object.assign(req, { user: doc })),
         result: doc,
       },
@@ -631,14 +635,14 @@ const handleInvitationReceive = async ({
     );
   }
-  logger.info('invite success', { userDid });
+  logger.info('invite success', { userDid: user?.did || userDid });
   // await node.closeInvitation({ teamDid, inviteId, status: 'success', receiver: { did: userDid, role } });
   await node.closeInvitation({
     teamDid,
     inviteId,
     status: 'success',
-    receiver: { did: userDid, role, timeout: 1000 * 9999 },
+    receiver: { did: user?.did || userDid, role, timeout: 1000 * 9999 },
   });
   return {
@@ -725,6 +729,7 @@ const createIssuePassportRequest = async ({ node, nodeInfo, teamDid, id, locale
     throw new Error('Cannot receive owner passport because the owner already exists');
   }
+  // NOTICE: 这里是给指定用户颁发 passport，绑定的 did 无需查询 connectedAccount
   const user = await getUser(node, teamDid, issuanceInfo.ownerDid);
   const passport = await createPassport({
@@ -774,7 +779,11 @@ const handleIssuePassportResponse = async ({
   const claim = claims.find((x) => x.type === 'signature');
   verifySignature(claim, userDid, userPk, locale);
-  const user = await getUser(node, teamDid, userDid);
+  const user = await getUser(node, teamDid, userDid, {
+    enableConnectedAccount: true,
+  });
+  const realDid = user.did || userDid;
+  const realPk = user.pk || userPk;
   if (user && !user.approved) {
     throw new Error(
       {
@@ -802,7 +811,7 @@ const handleIssuePassportResponse = async ({
     throw new Error('Cannot receive Owner Passport because the owner already exists');
   }
-  if (ownerDid !== userDid) {
+  if (ownerDid !== realDid) {
     throw new Error(messages.notOwner[locale]);
   }
@@ -844,8 +853,8 @@ const handleIssuePassportResponse = async ({
     await node.updateUser({
       teamDid,
       user: {
-        did: userDid,
-        pk: userPk,
+        did: realDid,
+        pk: realPk,
         passports: upsertToPassports(user.passports || [], passport),
       },
     });
@@ -856,7 +865,7 @@ const handleIssuePassportResponse = async ({
   await node.createAuditLog(
     {
       action: 'processPassportIssuance',
-      args: { teamDid, userDid, ...result, sessionId: id, reason: 'claimed passport' },
+      args: { teamDid, userDid: realDid, ...result, sessionId: id, reason: 'claimed passport' },
       context: formatContext(Object.assign(req, { user })),
       result,
     },
@@ -864,8 +873,8 @@ const handleIssuePassportResponse = async ({
   );
   if (name === ROLES.OWNER && issuerType === TEAM_TYPE.BLOCKLET) {
-    logger.info('Bind owner for blocklet', { teamDid, userDid });
-    await node.setBlockletInitialized({ did: teamDid, owner: { did: userDid, pk: userPk } });
+    logger.info('Bind owner for blocklet', { teamDid, userDid: realDid });
+    await node.setBlockletInitialized({ did: teamDid, owner: { did: realDid, pk: userPk } });
   }
   await updateSession({ passportId: vc.id });
@@ -969,7 +978,8 @@ const getPassportStatus = async ({ node, teamDid, userDid, vcId, locale = 'en' }
     },
   };
-  const user = await node.getUser({ teamDid, user: { did: userDid } });
+  // NOTICE: 该方法使用的地方是外部通过 api 来使用，无法控制输入的 userDid，所以需要查询 connectedAccount，加上后也不影响任何逻辑
+  const user = await node.getUser({ teamDid, user: { did: userDid }, options: { enableConnectedAccount: true } });
   if (!user) {
     throw new Error(messages.userNotFound[locale]);

package/lib/invitation.js CHANGED Viewed

@@ -63,11 +63,13 @@ module.exports = {
           role.permissions = [];
         }
+        // NOTICE: 邀请人的 did 为永久 did，无需查询 connectedAccount
         let user = await node.getUser({ teamDid: info.did, user: { did: invitation.inviter.did } });
         let avatar = user && (await parseUserAvatar(user.avatar, { dataDir: info.dataDir }));
         // blocklet 邀请链接可能是 server 的 member
         if (!user && type === 'blocklet') {
+          // NOTICE: 邀请人的 did 为永久 did，无需查询 connectedAccount
           user = await node.getUser({ teamDid: nodeInfo.did, user: { did: invitation.inviter.did } });
           avatar =
             user &&

package/lib/lost-passport.js CHANGED Viewed

@@ -10,6 +10,7 @@ const { getDisplayName, getBlockletAppIdList } = require('@blocklet/meta/lib/uti
 const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS, NODE_DATA_DIR_NAME } = require('@abtnode/constant');
 const get = require('lodash/get');
 const { parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { getWalletDid } = require('@blocklet/meta/lib/did-utils');
 const logger = require('./logger');
 const { messages, getUser, checkWalletVersion, getPassportStatusEndpoint } = require('./auth');
@@ -103,7 +104,9 @@ const createLostPassportListRoute = ({ node, type }) => ({
     const { teamDid, issuerDidList, dataDir } = await getApplicationInfo({ node, req, type });
     // check user approved
-    const user = await getUser(node, teamDid, userDid);
+    const user = await getUser(node, teamDid, userDid, {
+      enableConnectedAccount: true,
+    });
     if (!user) {
       throw new Error(messages.userNotFound[locale]);
@@ -131,7 +134,7 @@ const createLostPassportListRoute = ({ node, type }) => ({
       throw new Error(messages.passportNotFound[locale]);
     }
-    logger.info('get passport type list', { userDid });
+    logger.info('get passport type list', { userDid: user.did });
     user.avatar = await parseUserAvatar(user.avatar, { did: teamDid, dataDir });
@@ -149,10 +152,19 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
   claims: [
     {
       authPrincipal: async ({ extraParams }) => {
-        const { receiverDid } = extraParams;
+        // HACK: authPrincipal 中无法拿到 request 对象，只能由前端传来 teamDid
+        const { receiverDid, teamDid } = extraParams;
+        let walletDid = receiverDid;
+        // 兼容不包含 teamDid 字段的情况
+        if (teamDid) {
+          const user = await getUser(node, teamDid, receiverDid, {
+            enableConnectedAccount: true,
+          });
+          walletDid = getWalletDid(user);
+        }
         return {
           description: 'Please select the required DID',
-          target: receiverDid,
+          target: walletDid,
         };
       },
     },
@@ -166,7 +178,9 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
           req: request,
           type,
         });
-        const user = await getUser(node, teamDid, receiverDid);
+        const user = await getUser(node, teamDid, receiverDid, {
+          enableConnectedAccount: true,
+        });
         const passport = await createPassport({
           name: passportName,
@@ -210,7 +224,21 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
     logger.info('claim.signature.onAuth', { userPk, userDid, claim });
     verifySignature(claim, userDid, userPk, locale);
-    if (receiverDid !== userDid) {
+    // check user approved
+    const user = await getUser(node, teamDid, userDid, {
+      enableConnectedAccount: true,
+    });
+    // 二次校验用户是否存在
+    if (!user) {
+      throw new Error(messages.userNotFound[locale]);
+    }
+    if (!user.approved) {
+      throw new Error(messages.notAllowed[locale]);
+    }
+    // NOTICE: 实际测试过程中，receiverDid 是当前登录用户的永久 did，而 userDid 是 wallet did，所以需要经过转换才能比较
+    if (receiverDid !== user.did) {
       // should not be here
       throw new Error(
         {
@@ -220,12 +248,6 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
       );
     }
-    // check user approved
-    const user = await getUser(node, teamDid, userDid);
-    if (!user.approved) {
-      throw new Error(messages.notAllowed[locale]);
-    }
     // check passport
     const exist = (user.passports || []).find(
       (x) =>
@@ -280,15 +302,15 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
     const result = await node.updateUser({
       teamDid,
       user: {
-        did: userDid,
-        pk: userPk,
+        did: user.did,
+        pk: user.pk,
         passports: upsertToPassports(user.passports || [], passport),
       },
     });
     await node.createAuditLog(
       {
         action: 'updateUser',
-        args: { teamDid, userDid, passport, reason: 'recovered passport' },
+        args: { teamDid, userDid: user.did, passport, reason: 'recovered passport' },
         context: formatContext(Object.assign(req, { user })),
         result,
       },

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.6-beta-7cbab489",
+  "version": "1.16.6-beta-61cf68d3",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,16 +20,16 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.16.6-beta-7cbab489",
-    "@abtnode/logger": "1.16.6-beta-7cbab489",
-    "@abtnode/util": "1.16.6-beta-7cbab489",
-    "@arcblock/did": "1.18.75",
-    "@arcblock/vc": "1.18.75",
-    "@blocklet/constant": "1.16.6-beta-7cbab489",
-    "@blocklet/meta": "1.16.6-beta-7cbab489",
-    "@ocap/mcrypto": "1.18.75",
-    "@ocap/util": "1.18.75",
-    "@ocap/wallet": "1.18.75",
+    "@abtnode/constant": "1.16.6-beta-61cf68d3",
+    "@abtnode/logger": "1.16.6-beta-61cf68d3",
+    "@abtnode/util": "1.16.6-beta-61cf68d3",
+    "@arcblock/did": "1.18.76",
+    "@arcblock/vc": "1.18.76",
+    "@blocklet/constant": "1.16.6-beta-61cf68d3",
+    "@blocklet/meta": "1.16.6-beta-61cf68d3",
+    "@ocap/mcrypto": "1.18.76",
+    "@ocap/util": "1.18.76",
+    "@ocap/wallet": "1.18.76",
     "joi": "17.7.0",
     "jsonwebtoken": "^9.0.0",
     "lodash": "^4.17.21",
@@ -41,5 +41,5 @@
   "devDependencies": {
     "jest": "^27.5.1"
   },
-  "gitHead": "36b58c0651762472ac34ad880965c47510eb9768"
+  "gitHead": "574a27436b429a97f443fc9ea1b44988807206bd"
 }