@abtnode/auth 1.7.26 → 1.8.1

package/lib/auth.js

@@ -402,10 +402,14 @@ const handleInvitationResponse = async ({
   verifySignature(claim, userDid, userPk, locale);
 
   const tmpInvitation = await node.getInvitation({ teamDid, inviteId });
+  if (!tmpInvitation) {
+    throw new Error(`The invitation does not exist: ${inviteId}`);
+  }
 
   if (tmpInvitation.role === 'owner' && userDid === nodeInfo.nodeOwner.did) {
     throw new Error(messages.notAllowedTransferToSelf[locale]);
   }
+
   const inviteInfo = await node.processInvitation({ teamDid, inviteId });
   if (inviteInfo.role === 'owner' && get(nodeInfo, 'ownerNft.holder')) {
     // 这种情况下是 Transfer 有 Owner NFT 的 Blocklet Server

package/lib/server.js

@@ -1,4 +1,5 @@
 const get = require('lodash/get');
+const isEmpty = require('lodash/isEmpty');
 const last = require('lodash/last');
 const Client = require('@ocap/client');
 const { fromPublicKey } = require('@ocap/wallet');
@@ -10,7 +11,6 @@ const {
   ROLES,
   VC_TYPE_GENERAL_PASSPORT,
   VC_TYPE_NODE_PASSPORT,
-  VC_TYPE_BLOCKLET_PURCHASE,
   NFT_TYPE_SERVER_OWNERSHIP,
 } = require('@abtnode/constant');
 const {
@@ -29,13 +29,11 @@ const {
   getRoleFromExternalPassport,
   createUserPassport,
 } = require('./passport');
-
 const logger = require('./logger');
 
 const secret = process.env.ABT_NODE_SESSION_SECRET;
 const LAUNCH_BLOCKLET_TOKEN_EXPIRE = '1d';
 const abtnodeVcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
-const blockletVcTypes = [VC_TYPE_BLOCKLET_PURCHASE];
 
 const authenticateByVc = async ({ node, locale, userDid, claims, challenge, requireNodeInitialized = true }) => {
   if (requireNodeInitialized) {
@@ -184,7 +182,7 @@ const getAuthVcClaim =
     return claim;
   };
 
-const getLaunchFreeBlockletClaims = (node, authMethod) => {
+const getLaunchBlockletClaims = (node, authMethod) => {
   if (authMethod === 'vc') {
     return {
       serverPassport: ['verifiableCredential', getAuthVcClaim(node)],
@@ -202,31 +200,6 @@ const getLaunchFreeBlockletClaims = (node, authMethod) => {
   };
 };
 
-const getLaunchPaidBlockletClaims = (node, authMethod) => {
-  const claims = getLaunchFreeBlockletClaims(node, authMethod);
-
-  claims.blockletPurchaseNft = [
-    'verifiableCredential',
-    async ({ extraParams: { locale, blockletMetaUrl }, context: { didwallet } }) => {
-      checkWalletVersion({ didwallet, locale });
-      const registryUrl = new URL(blockletMetaUrl).origin;
-      const [registry, { meta }] = await Promise.all([
-        node.getRegistryMeta(registryUrl),
-        node.getBlockletMetaFromUrl({ url: blockletMetaUrl }),
-      ]);
-
-      return {
-        description: messages.requestBlockletNft[locale],
-        item: blockletVcTypes,
-        trustedIssuers: [registry.id],
-        tag: meta.did,
-      };
-    },
-  ];
-
-  return claims;
-};
-
 const getOwnershipNFTClaim = async (node, locale) => {
   const info = await node.getNodeInfo();
   if (!info.ownerNft && !info.ownerNft.issuer) {
@@ -281,8 +254,12 @@ const ensureBlockletPermission = async ({ authMethod, node, userDid, claims, cha
 
 const createLaunchBlockletHandler =
   (node, authMethod) =>
-  async ({ claims, challenge, userDid, updateSession, req, extraParams: { locale, blockletMetaUrl } }) => {
+  async ({ claims, challenge, userDid, updateSession, req, extraParams }) => {
+    const { locale, blockletMetaUrl } = extraParams;
+    logger.info('createLaunchBlockletHandler', extraParams);
+
     if (!blockletMetaUrl) {
+      logger.error('blockletMetaUrl must be provided');
       throw new Error(messages.invalidParams[locale]);
     }
 
@@ -295,37 +272,20 @@ const createLaunchBlockletHandler =
       locale,
     });
 
-    const result = await node.getBlockletMetaFromUrl({ url: blockletMetaUrl, checkPrice: true });
-    if (!result.meta) {
+    const blocklet = await node.getBlockletMetaFromUrl({ url: blockletMetaUrl, checkPrice: true });
+    if (!blocklet.meta) {
       throw new Error(messages.invalidBlocklet[locale]);
     }
 
-    const { did } = result.meta;
-
-    let blockletPurchaseVerified;
-    if (!result.isFree) {
-      const registryUrl = new URL(blockletMetaUrl).origin;
-      const registryMeta = await node.getRegistryMeta(registryUrl);
-
-      const { vc: blockletVc } = await getVCFromClaims({
-        claims,
-        challenge,
-        trustedIssuers: [registryMeta.id],
-        vcTypes: blockletVcTypes,
-        locale,
-      });
-
-      if (!blockletVc) {
-        throw new Error(messages.missingBlockletCredentialClaim[locale]);
-      }
-
-      if (get(blockletVc, 'credentialSubject.purchased.blocklet.id') !== did) {
-        throw new Error(messages.invalidBlockletVc[locale]);
+    if (!blocklet.isFree) {
+      if (isEmpty(extraParams?.previousWorkflowData?.downloadToken)) {
+        logger.error('downloadToken must be provided');
+        throw new Error(messages.invalidParams[locale]);
       }
-
-      blockletPurchaseVerified = true;
     }
 
+    const { did } = blocklet.meta;
+
     let sessionToken = '';
     if (authMethod === 'vc') {
       sessionToken = createAuthToken({
@@ -345,19 +305,19 @@ const createLaunchBlockletHandler =
     }
 
     // 检查是否已安装，这里不做升级的处理
-    const existedBlocklet = await node.getBlocklet({ did });
+    const existedBlocklet = await node.getBlocklet({ did, attachRuntimeInfo: false });
     await updateSession({ sessionToken }, true);
 
     if (existedBlocklet) {
       const storageData = { did: userDid };
 
-      if (semver.gt(result.meta.version, existedBlocklet.meta.version)) {
+      if (semver.gt(blocklet.meta.version, existedBlocklet.meta.version)) {
         const appDidEnv = existedBlocklet.environments.find((e) => e.key === 'BLOCKLET_APP_ID');
         storageData.upgradeAvailable = {
           appDid: appDidEnv ? appDidEnv.value : '',
           did: existedBlocklet.meta.did,
           currentVersion: existedBlocklet.meta.version,
-          version: result.meta.version,
+          version: blocklet.meta.version,
         };
       }
 
@@ -366,12 +326,11 @@ const createLaunchBlockletHandler =
       return;
     }
 
-    const context = {};
-    if (typeof blockletPurchaseVerified !== 'undefined') {
-      context.blockletPurchaseVerified = blockletPurchaseVerified;
-    }
+    const tmp = await node.installBlocklet({
+      url: blockletMetaUrl,
+      downloadToken: extraParams?.previousWorkflowData?.downloadToken,
+    });
 
-    const tmp = await node.installBlocklet({ url: blockletMetaUrl }, context);
     await node.createAuditLog(
       {
         action: 'installBlocklet',
@@ -389,8 +348,7 @@ module.exports = {
   authenticateByVc,
   authenticateByNFT,
   getOwnershipNFTClaim,
-  getLaunchFreeBlockletClaims,
-  getLaunchPaidBlockletClaims,
+  getLaunchBlockletClaims,
   createLaunchBlockletHandler,
   ensureBlockletPermission,
 };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.7.26",
+  "version": "1.8.1",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,12 +20,13 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.7.26",
-    "@abtnode/logger": "1.7.26",
-    "@abtnode/util": "1.7.26",
+    "@abtnode/constant": "1.8.1",
+    "@abtnode/logger": "1.8.1",
+    "@abtnode/util": "1.8.1",
     "@arcblock/did": "1.17.0",
+    "@arcblock/jwt": "^1.17.0",
     "@arcblock/vc": "1.17.0",
-    "@blocklet/meta": "1.7.26",
+    "@blocklet/meta": "1.8.1",
     "@ocap/client": "1.17.0",
     "@ocap/mcrypto": "1.17.0",
     "@ocap/util": "1.17.0",
@@ -40,5 +41,5 @@
   "devDependencies": {
     "jest": "^27.4.5"
   },
-  "gitHead": "b7ef9b4ddb18f7a0c3898177fe06d9cefe966566"
+  "gitHead": "c970b8a386bebd7fe6dbc8b8eedf8bd8328b4bb5"
 }