npm - @abtnode/blocklet-services - Versions diffs - 1.16.15 → 1.16.16-beta-e038cde7 - Mend

@abtnode/blocklet-services 1.16.15 → 1.16.16-beta-e038cde7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

package/api/index.js CHANGED Viewed

@@ -7,7 +7,6 @@ const cors = require('cors');
 const cookieParser = require('cookie-parser');
 const bodyParser = require('body-parser');
 const httpProxy = require('@arcblock/http-proxy');
-const dayjs = require('@abtnode/util/lib/dayjs');
 const minimatch = require('minimatch');
 const { getAccessLogStream } = require('@abtnode/logger');
@@ -49,20 +48,6 @@ const checkBlocklet = require('./middlewares/check-blocklet');
 const proxyToDaemon = require('./middlewares/proxy-to-daemon');
 const attachSharedUtils = require('./util/attach-shared-utils');
-const logFileGenerator = (time, index) => {
-  if (!time) {
-    return 'service.log';
-  }
-  let filename = `service-${dayjs(time).subtract(1, 'day').format('YYYY-MM-DD')}`; // prev date
-  if (index > 1) {
-    filename = `${filename}-${index}`;
-  }
-  return `${filename}.log.gz`;
-};
 const agent = new http.Agent({ maxSockets: Number.MAX_VALUE });
 module.exports = function createServer(node, serverOptions = {}) {
@@ -222,8 +207,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   /* istanbul ignore if */
   if (isProduction) {
-    // TODO: 这里没有修改原来的文件名，不过我觉得这里叫 service-access.log 会更好, 或者单独放一个目录
-    server.use(morgan('combined', { stream: getAccessLogStream(process.env.ABT_NODE_LOG_DIR, 'service.log') }));
+    server.use(morgan('combined', { stream: getAccessLogStream(process.env.ABT_NODE_LOG_DIR, 'service.access.log') }));
     /* istanbul ignore else */
   } else {
     server.use(
@@ -473,5 +457,3 @@ module.exports = function createServer(node, serverOptions = {}) {
   return server;
 };
-module.exports.logFileGenerator = logFileGenerator;

package/api/libs/auth/utils.js CHANGED Viewed

@@ -1,5 +1,5 @@
 const { getPassportStatusEndpoint, getApplicationInfo } = require('@abtnode/auth/lib/auth');
-const { createPassportVC } = require('@abtnode/auth/lib/passport');
+const { createPassportVC, upsertToPassports, createUserPassport } = require('@abtnode/auth/lib/passport');
 const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS } = require('@abtnode/constant');
 const { getAvatarByEmail, getAvatarByUrl, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const { getBlockletAppIdList } = require('@blocklet/meta/lib/util');
@@ -9,8 +9,7 @@ const uniqBy = require('lodash/uniqBy');
 const { sendToUser } = require('../notification');
-// FIXME: @zhanghan 转移通行证目前只能颁发新的，会导致用户数据中产生多余的通行证
-async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo }) {
+async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo, revokePassport = false }) {
   if (!fromUser || !toUser) {
     return;
   }
@@ -20,9 +19,9 @@ async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo
     passportColor,
   } = await getApplicationInfo({ node, nodeInfo, teamDid });
-  const blocklet = await req.getBlockletInfo();
-  const { wallet: blockletWallet } = blocklet;
-  const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blocklet)]);
+  const blockletInfo = await req.getBlockletInfo();
+  const { wallet: blockletWallet } = blockletInfo;
+  const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blockletInfo)]);
   const waitPassportList = uniqBy(
     (fromUser.passports || []).filter((x) => {
       if (x.status !== PASSPORT_STATUS.VALID) {
@@ -41,37 +40,42 @@ async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo
     return;
   }
-  const attachments = await Promise.all(
-    waitPassportList.map((x) => {
-      const vcParams = {
-        issuerName,
-        issuerWallet,
-        ownerDid: toUser.did,
-        passport: pick(x, ['name', 'title', 'endpoint', 'specVersion']),
-        endpoint: getPassportStatusEndpoint({
-          baseUrl: x.endpoint,
-          userDid: toUser.did,
-          teamDid,
-        }),
-        types: teamDid === nodeInfo.did ? [VC_TYPE_NODE_PASSPORT] : [],
-        ownerProfile: {
-          email: toUser.email,
-          fullName: toUser.fullName,
-          avatar: getUserAvatarUrl(x.endpoint, toUser.avatar),
-        },
-        preferredColor: passportColor,
-      };
+  const attachments = waitPassportList.map((x) => {
+    const vcParams = {
+      issuerName,
+      issuerWallet,
+      ownerDid: toUser.did,
+      passport: { ...pick(x, ['name', 'title', 'specVersion']), endpoint: x.endpoint || blockletInfo.appUrl },
+      endpoint: getPassportStatusEndpoint({
+        baseUrl: x.endpoint || blockletInfo.appUrl,
+        userDid: toUser.did,
+        teamDid,
+      }),
+      types: teamDid === nodeInfo.did ? [VC_TYPE_NODE_PASSPORT] : [],
+      ownerProfile: {
+        email: toUser.email,
+        fullName: toUser.fullName,
+        avatar: getUserAvatarUrl(x.endpoint || blockletInfo.appUrl, toUser.avatar),
+      },
+      preferredColor: passportColor,
+    };
-      const vc = createPassportVC(vcParams);
-      return {
-        type: 'vc',
-        data: {
-          credential: vc,
-          tag: x.name,
-        },
-      };
-    })
-  );
+    const vc = createPassportVC(vcParams);
+    return {
+      type: 'vc',
+      data: {
+        credential: vc,
+        tag: x.name,
+      },
+    };
+  });
+  const insertPassportList = attachments.map((item, index) => {
+    return {
+      ...createUserPassport(item.data.credential, { role: item.data.tag }),
+      ...pick(waitPassportList[index], ['firstLoginAt', 'lastLoginAt', 'lastLoginIp']),
+      userDid: toUser.did,
+    };
+  });
   const passportNameList = attachments.map((x) => x.data.credential.name);
@@ -86,6 +90,48 @@ async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo
     },
     { req }
   );
+  const passports = insertPassportList.reduce((acc, item) => {
+    return upsertToPassports(acc, item);
+  }, fromUser.passports || []);
+  const toUserExsit = await node.getUser({
+    teamDid,
+    user: { did: toUser.did },
+    options: {
+      enableConnectedAccount: false,
+    },
+  });
+  // HACK: 默认情况下，应该将新 passport 添加到 toUser，但某些情况下，toUser 是绑定到 fromUser 的 connectAccount，所以需要将新通行证添加到 fromUser
+  if (toUserExsit) {
+    await node.updateUser({
+      teamDid,
+      user: {
+        did: toUser.did,
+        pk: toUser.pk,
+        passports,
+      },
+    });
+  } else {
+    await node.updateUser({
+      teamDid,
+      user: {
+        did: fromUser.did,
+        pk: fromUser.pk,
+        passports,
+      },
+    });
+  }
+  if (revokePassport) {
+    const revokePendingList = waitPassportList
+      .filter((item) => item.id)
+      .map((item) => {
+        if (fromUser.sourceProvider === 'auth0') {
+          return node.removeUserPassport({ teamDid, userDid: fromUser.did, passportId: item.id });
+        }
+        return node.revokeUserPassport({ teamDid, userDid: fromUser.did, passportId: item.id });
+      });
+    await Promise.all(revokePendingList);
+  }
 }
 module.exports = {

package/api/libs/connect/session.js CHANGED Viewed

@@ -885,7 +885,14 @@ module.exports = {
         };
       }
-      await transferPassport(oauthUser, bindUser, { req: request, node, nodeInfo, teamDid, baseUrl });
+      await transferPassport(oauthUser, bindUser, {
+        req: request,
+        node,
+        nodeInfo,
+        teamDid,
+        baseUrl,
+        revokePassport: true,
+      });
       const connectedAccounts = oauthUser?.connectedAccounts || [];
       const sourceProvider = oauthUser?.sourceProvider;
@@ -893,6 +900,7 @@ module.exports = {
       const userWallet = fromAppDid(oauthAccount.id, blockletWallet.secretKey);
       await declareAccount({ wallet: userWallet, blocklet });
       await migrateAccount({ wallet: userWallet, blocklet, user: bindUser });
       await node.createAuditLog(
         {
           action: 'connectAccount',

package/api/libs/connect/shared.js CHANGED Viewed

@@ -3,7 +3,7 @@ const joinUrl = require('url-join');
 const { getConnectAppUrl, getChainInfo } = require('@blocklet/meta/lib/util');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
-const { getProvider } = require('../../util/federated');
+const { getLoginProvider } = require('@blocklet/sdk/lib/util/login');
 module.exports = {
   appInfo: async ({ request, baseUrl, extraParams }) => {
@@ -16,7 +16,7 @@ module.exports = {
     ]);
     // 对于 ux 来说， 要展示的始终是 pid，所以这个给 agentDid 的赋值也需要是 pid
     let agentDid;
-    const provider = getProvider(request, extraParams);
+    const provider = getLoginProvider(request, extraParams);
     // federated 登录模式下，需要告知原有的 blocklet-did
     if (provider === LOGIN_PROVIDER.FEDERATED) {
       agentDid = blocklet.appPid;

package/api/libs/connect/v1.js CHANGED Viewed

@@ -11,10 +11,10 @@ const { WELLKNOWN_SERVICE_PATH_PREFIX, NODE_SERVICES_PREFIX } = require('@abtnod
 const DynamicStorage = require('@abtnode/connect-storage');
 const { fromPublicKey } = require('@ocap/wallet');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { getLoginProvider } = require('@blocklet/sdk/lib/util/login');
 const cache = require('../../cache');
 const { appInfo, chainInfo } = require('./shared');
-const { getProvider } = require('../../util/federated');
 module.exports = (node, opts) => {
   const authenticator = new WalletAuthenticator({
@@ -25,7 +25,7 @@ module.exports = (node, opts) => {
       return wallet.toJSON();
     },
     delegator: async ({ request, extraParams }) => {
-      const provider = getProvider(request, extraParams);
+      const provider = getLoginProvider(request, extraParams);
       const blocklet = await request.getBlocklet();
       if (provider === LOGIN_PROVIDER.FEDERATED) {
@@ -51,7 +51,7 @@ module.exports = (node, opts) => {
     },
     delegation: async ({ request, extraParams }) => {
       const { wallet: delegatee, permanentWallet: delegator } = await request.getBlockletInfo();
-      const provider = getProvider(request, extraParams);
+      const provider = getLoginProvider(request, extraParams);
       if (provider === LOGIN_PROVIDER.FEDERATED) {
         const blocklet = await request.getBlocklet();
         const delegation = get(blocklet, 'settings.federated.config.delegation');

package/api/routes/oauth.js CHANGED Viewed

@@ -376,7 +376,7 @@ async function bind(req, node, options) {
     };
   }
   const nodeInfo = await req.getNodeInfo();
-  await transferPassport(oauthUser, bindUser, { req, node, teamDid, nodeInfo });
+  await transferPassport(oauthUser, bindUser, { req, node, teamDid, nodeInfo, revokePassport: true });
   await node.createAuditLog(
     {
       action: 'connectAccount',
@@ -407,7 +407,25 @@ module.exports = {
       const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blocklet)]);
       // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
       const user = await node.getUser({ teamDid, user: { did: userDid } });
-      const ownerAvatarUrl = getUserAvatarUrl(appUrl, user.avatar);
+      let ownerAvatarUrl = getUserAvatarUrl(appUrl, user.avatar);
+      try {
+        // FIXME: @zhanghan 暂时将 imageFilter 等 queryString 参数移除
+        const ownerAvatarUrlInstance = new URL(ownerAvatarUrl);
+        ownerAvatarUrlInstance.search = '';
+        ownerAvatarUrl = ownerAvatarUrlInstance.href;
+      } catch {
+        /* empty */
+      }
+      let issuerAvatarUrl = getAppAvatarUrl(appUrl);
+      try {
+        // FIXME: @zhanghan 暂时将 imageFilter 等 queryString 参数移除
+        const issuerAvatarUrlInstance = new URL(issuerAvatarUrl);
+        issuerAvatarUrlInstance.search = '';
+        issuerAvatarUrl = issuerAvatarUrlInstance.href;
+      } catch {
+        /* empty */
+      }
       const { passports = [] } = user || {};
       // NOTICE: 保持每一种 role 的 passport 只有一个即可
       const passportTypes = uniqBy(
@@ -429,7 +447,7 @@ module.exports = {
             title: x.title,
             issuer: x.issuer.name,
             issuerDid: x.issuer.id,
-            issuerAvatarUrl: getAppAvatarUrl(appUrl),
+            issuerAvatarUrl,
             ownerName: user?.fullName,
             ownerDid: userDid,
             ownerAvatarUrl,
@@ -463,7 +481,7 @@ module.exports = {
       // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
       const user = await node.getUser({ teamDid, user: { did: userDid } });
       const { passports = [] } = user || {};
-      const passport = passports.find((item) => item.id === passportId);
+      const passport = passportId ? passports.find((item) => item.id === passportId) : { name: 'Guest', role: 'guest' };
       await node.createAuditLog(
         {
           action: 'switchPassport',

package/api/util/blocklet-utils.js CHANGED Viewed

@@ -33,14 +33,17 @@ async function getFederatedTrustedIssuers(blocklet) {
 }
 async function getTrustedIssuers(blocklet, { provider = LOGIN_PROVIDER.WALLET } = {}) {
+  let federatedTrustedIssuers = [];
   if (provider === LOGIN_PROVIDER.FEDERATED) {
-    const federatedTrustedIssuers = await getFederatedTrustedIssuers(blocklet);
-    return federatedTrustedIssuers;
+    federatedTrustedIssuers = await getFederatedTrustedIssuers(blocklet);
   }
   const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
-  const trustedIssuers = [...getBlockletAppIdList(blocklet), ...trustedPassports].filter(Boolean);
+  // NOTICE: 在某个应用的页面登录时，需要将该应用自身颁发的通行证页放入 trustedIssuers，这样才能登录应用独立颁发的 Passport
+  // 使用该通行证登录后，其他应用均会展示为 guest
+  const trustedIssuers = [...getBlockletAppIdList(blocklet), ...trustedPassports, ...federatedTrustedIssuers].filter(
+    Boolean
+  );
   return trustedIssuers;
 }

package/api/util/federated.js CHANGED Viewed

@@ -1,6 +1,5 @@
 const joinUrl = require('url-join');
 const { USER_AVATAR_URL_PREFIX, WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_PATH_PREFIX } = require('@abtnode/constant');
-const { LOGIN_PROVIDER } = require('@blocklet/constant');
 function getFederatedMaster(blocklet) {
   const { sites } = blocklet?.settings?.federated || {};
@@ -23,20 +22,8 @@ function getUserAvatarUrl(avatar, blocklet) {
   return avatarUrl;
 }
-function getProvider(request, extraParams = {}) {
-  let provider = LOGIN_PROVIDER.WALLET;
-  // 1. 优先读取当前登录用户的 provider
-  ({ provider } = request.user || {});
-  if (!provider) {
-    // 读取在 extraParams 中指定的 provider
-    ({ provider } = extraParams);
-  }
-  return provider;
-}
 module.exports = {
   isMaster,
   getFederatedMaster,
   getUserAvatarUrl,
-  getProvider,
 };