npm - @abtnode/blocklet-services - Versions diffs - 1.16.16-beta-2e5e3db7 → 1.16.16-beta-cfa95fa6 - Mend

@abtnode/blocklet-services 1.16.16-beta-2e5e3db7 → 1.16.16-beta-cfa95fa6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/api/emails/components/copyright.js CHANGED Viewed

@@ -2,6 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const jsx_runtime_1 = require("react/jsx-runtime");
 const components_1 = require("@react-email/components");
+// @ts-ignore
+const constant_1 = require("@abtnode/constant");
 const startYear = 2017;
 const endYear = new Date().getFullYear();
 function Copyright() {
@@ -9,6 +11,6 @@ function Copyright() {
             textAlign: 'center',
             color: '#898989',
             fontSize: 12,
-        } }, { children: ["\u00A9 ", startYear, "-", endYear, " ArcBlock, Inc. All Rights Reserved."] })));
+        } }, { children: ["\u00A9 ", startYear, "-", endYear, " ", constant_1.COPYRIGHT_OWNER, " All Rights Reserved."] })));
 }
 exports.default = Copyright;

package/api/index.js CHANGED Viewed

@@ -143,7 +143,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   Object.keys(BlockletInternalEvents).forEach((key) => {
     const event = BlockletInternalEvents[key];
     eventHub.on(event, (data) => {
-      const { appDid } = data;
+      const { appDid, componentDid } = data;
       // Let first worker process do something as master
       if (process.env.NODE_ENV === 'test' || process.env.NODE_APP_INSTANCE === '0') {
@@ -151,7 +151,7 @@ module.exports = function createServer(node, serverOptions = {}) {
           return;
         }
-        notificationService.sendToAppComponents.exec({ event, appDid, data }).catch((error) => {
+        notificationService.sendToAppComponents.exec({ event, appDid, componentDid, data }).catch((error) => {
           logger.error('send to component error', { error });
         });
       }

package/api/middlewares/verify-federated-call.js CHANGED Viewed

@@ -28,6 +28,7 @@ function verifyFederatedCall({ isMaster = false } = { isMaster: false }) {
     }
     req.body.verifyData = decode(data);
+    req.body.verifySite = validSite;
     next();
   };
 }

package/api/routes/federated.js CHANGED Viewed

@@ -33,6 +33,14 @@ const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
 const prefix = `${PREFIX}/api/federated`;
 const limitSync = pLimit(1);
+function getAuditLogActorByFederatedSite(blocklet) {
+  return {
+    did: blocklet.appPid,
+    fullName: blocklet.appName,
+    role: 'blocklet',
+  };
+}
 async function syncSwitchProfile(user, { node, teamDid, dataDir }) {
   const tempUser = pick(user, ['did', 'pk', 'avatar', 'fullName', 'email']);
@@ -89,11 +97,12 @@ module.exports = {
       // master blocklet
       const { blocklet } = req;
       const { site } = req.body;
+      const teamDid = blocklet.appPid;
       const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
         config: {
           appId: blocklet.appDid,
-          appPid: blocklet.appPid,
+          appPid: teamDid,
         },
         sites: [],
       });
@@ -103,7 +112,7 @@ module.exports = {
         const domainAliases = await node.getBlockletDomainAliases(blocklet);
         const masterSite = {
           appId: blocklet.appDid,
-          appPid: blocklet.appPid,
+          appPid: teamDid,
           aliasDid: (blocklet.migratedFrom || []).map((item) => item.appDid),
           appName: blockletInfo.name,
           appDescription: blockletInfo.description,
@@ -133,11 +142,23 @@ module.exports = {
       }
       // member 申请后，将 member 展示在列表中
       // 更新的是自己
-      await node.setFederated({
-        did: blocklet.appPid,
+      const newState = await node.setFederated({
+        did: teamDid,
         config: federated,
       });
+      await node.createAuditLog(
+        {
+          action: 'requestJoinFederated',
+          args: { teamDid, memberSite: site },
+          context: {
+            user: getAuditLogActorByFederatedSite(site),
+          },
+          result: newState,
+        },
+        node
+      );
       // 将新增的数据返回给 member
       res.json({
         sites: federated.sites,
@@ -148,16 +169,17 @@ module.exports = {
     server.post(`${prefix}/quit`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
       const { memberPid } = req.body.verifyData;
+      const teamDid = blocklet.appPid;
       const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
         config: {
           appId: blocklet.appDid,
-          appPid: blocklet.appPid,
+          appPid: teamDid,
         },
         sites: [],
       });
-      remove(federated.sites, (item) => item.appPid === memberPid);
+      const removedSites = remove(federated.sites, (item) => item.appPid === memberPid);
       const { permanentWallet } = await req.getBlockletInfo();
       const postData = {
@@ -182,22 +204,47 @@ module.exports = {
         });
       await Promise.all(waitingList);
-      await node.setFederated({
-        did: blocklet.appPid,
+      const newState = await node.setFederated({
+        did: teamDid,
         config: federated,
       });
+      await node.createAuditLog(
+        {
+          action: 'quitFederated',
+          args: { memberSite: removedSites[0], teamDid },
+          context: {
+            user: getAuditLogActorByFederatedSite(removedSites[0]),
+          },
+          result: newState,
+        },
+        node
+      );
       res.json({});
     });
     // master 通知 member 当前统一登录要解散
     server.post(`${prefix}/disband`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
+      const { verifySite } = req.body;
+      const teamDid = blocklet.appPid;
-      await node.setFederated({
-        did: blocklet.appPid,
+      const newState = await node.setFederated({
+        did: teamDid,
         config: null,
       });
+      await node.createAuditLog(
+        {
+          action: 'disbandFederated',
+          args: { blocklet, masterSite: verifySite, teamDid },
+          context: {
+            user: getAuditLogActorByFederatedSite(verifySite),
+          },
+          result: newState,
+        },
+        node
+      );
       res.json({});
     });
@@ -207,10 +254,12 @@ module.exports = {
     server.post(`${prefix}/audit-res`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
       const { delegation, roles, masterPid, status } = req.body.verifyData;
+      const { verifySite } = req.body;
+      const teamDid = blocklet.appPid;
       const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
         config: {
           appId: blocklet.appDid,
-          appPid: blocklet.appPid,
+          appPid: teamDid,
           isMaster: false,
         },
         sites: [],
@@ -221,7 +270,7 @@ module.exports = {
         const hasTrustedPassport = trustedPassports.find((item) => item.issuerDid === masterPid);
         if (!hasTrustedPassport) {
           await node.configTrustedPassports({
-            teamDid: blocklet.appPid,
+            teamDid,
             trustedPassports: [
               ...trustedPassports,
               {
@@ -239,10 +288,21 @@ module.exports = {
         }
       }
-      await node.setFederated({
-        did: blocklet.appPid,
+      const newState = await node.setFederated({
+        did: teamDid,
         config: federated,
       });
+      await node.createAuditLog(
+        {
+          action: 'auditFederated',
+          args: { masterSite: verifySite, status, teamDid },
+          context: {
+            user: getAuditLogActorByFederatedSite(verifySite),
+          },
+          result: newState,
+        },
+        node
+      );
       res.json(federated);
     });
@@ -250,6 +310,7 @@ module.exports = {
     // 该路由为 member 接受响应的 api(只允许 master 调用)
     server.post(`${prefix}/sync`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
+      const { verifySite } = req.body;
       const teamDid = blocklet.appPid;
       const { users = null, sites = null } = req.body.verifyData;
@@ -261,7 +322,7 @@ module.exports = {
         pendingList.push(
           limitSync(async () => {
             await node.setFederated({
-              did: blocklet.appPid,
+              did: teamDid,
               config: federated,
             });
           })
@@ -286,6 +347,16 @@ module.exports = {
       }
       await Promise.all(pendingList);
+      await node.createAuditLog(
+        {
+          action: 'syncFederated',
+          args: { users, sites, callerSite: verifySite, teamDid },
+          context: {
+            user: getAuditLogActorByFederatedSite(verifySite),
+          },
+        },
+        node
+      );
       res.json({});
     });
@@ -316,7 +387,7 @@ module.exports = {
         const blockletInfo = await req.getBlockletInfo();
         const site = {
           appId: blocklet.appDid,
-          appPid: blocklet.appPid,
+          appPid: teamDid,
           appName: blockletInfo.name,
           appDescription: blockletInfo.description,
           appUrl: blockletInfo.appUrl,
@@ -330,7 +401,7 @@ module.exports = {
       }
     );
-    // step 5 完成自动登录(member 向 master 请求)
+    // step 5 完成 member 的自动登录(member 向 master 请求)
     server.post(
       `${prefix}/login`,
       cors({ credentials: true, origin: true }),
@@ -345,9 +416,9 @@ module.exports = {
         const { onlyWriteCookie = false } = req.body;
         const { blocklet } = req;
+        const teamDid = blocklet.appPid;
         if (!onlyWriteCookie) {
           const { permanentWallet } = await req.getBlockletInfo();
-          const teamDid = blocklet.appPid;
           const federatedSites = blocklet.settings?.federated?.sites || [];
           const loginSite = federatedSites.find((item) => {
             const siteHost = new URL(item.appUrl).host;
@@ -391,6 +462,16 @@ module.exports = {
             res.status(500).send('Generate token error');
             return;
           }
+          await node.createAuditLog(
+            {
+              action: 'loginFederated',
+              args: { blocklet, memberSite: loginSite, teamDid },
+              context: {
+                user: req.user,
+              },
+            },
+            node
+          );
         }
         const cacheTtl = blocklet.settings?.session?.cacheTtl || 60 * 60;
@@ -400,6 +481,7 @@ module.exports = {
           sameSite: 'none',
           secure: true,
         });
         res.json(data);
       }
     );
@@ -407,6 +489,7 @@ module.exports = {
     // step 6 发放自动登录 token(master 向 member 发起生成 token 请求)
     server.post(`${prefix}/token`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { user, masterPid, role, passport, walletOS, provider } = req.body.verifyData;
+      const { verifySite } = req.body;
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
       const { secret } = await req.getBlockletInfo();
@@ -468,6 +551,16 @@ module.exports = {
           didConnectVersion: getDidConnectVersion(req),
         }
       );
+      await node.createAuditLog(
+        {
+          action: 'loginByMaster',
+          args: { masterSite: verifySite, teamDid, blocklet },
+          context: {
+            user: doc,
+          },
+        },
+        node
+      );
       res.json({ sessionToken, refreshToken });
     });
@@ -492,6 +585,7 @@ module.exports = {
     // member 传递过来的 user.did 和 user.pk 均为 master-site 与钱包生成的
     server.post(`${prefix}/loginByMember`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
+      const { verifySite } = req.body;
       const { user, passport, walletOS, provider } = req.body.verifyData;
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
@@ -553,11 +647,24 @@ module.exports = {
         }
       );
+      await node.createAuditLog(
+        {
+          action: 'loginByMember',
+          args: { memberSite: verifySite, teamDid, blocklet },
+          context: {
+            user: newUser,
+          },
+        },
+        node
+      );
       res.json({ sessionToken, refreshToken });
     });
+    // member 向 master 申请 auth0 账号的 migrate
     server.post(`${prefix}/migrateAuth0`, ensureBlocklet(), verifyFederatedCall(), async (req, res) => {
       const { blocklet } = req;
+      const { verifySite } = req.body;
       const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
       const { fromUserDid, toUserDid, toUserPk } = req.body.verifyData;
       const oauthUser = await node.getUser({ teamDid, user: { did: fromUserDid } });
@@ -572,9 +679,21 @@ module.exports = {
       };
       await declareAccount({ wallet: userWallet, blocklet });
       await migrateAccount({ wallet: userWallet, blocklet, user: bindUser });
+      await node.createAuditLog(
+        {
+          action: 'migrateFederatedAuth0',
+          args: { fromUserDid, toUserDid, callerSite: verifySite, teamDid },
+          context: {
+            user: getAuditLogActorByFederatedSite(verifySite),
+          },
+        },
+        node
+      );
       res.json({});
     });
+    // member 去登录 master
+    // 该监听是由 member 站点来做的，member 向自己的后端来申请要登录 master，member 的后端组装加密数据，由 Master 来接收并执行相应操作
     server.post(`${prefix}/loginMaster`, ensureBlocklet(), async (req, res) => {
       if (!req.user) {
         res.status(401).send('Unauthorized');
@@ -597,6 +716,16 @@ module.exports = {
       };
       const { data } = await api.post(url, postData);
+      await node.createAuditLog(
+        {
+          action: 'loginFederatedMaster',
+          args: { blocklet, masterSite, teamDid },
+          context: {
+            user,
+          },
+        },
+        node
+      );
       res.json(data);
     });
   },

package/api/services/auth/index.js CHANGED Viewed

@@ -1,7 +1,6 @@
 /* eslint-disable arrow-parens */
 const get = require('lodash/get');
 const cookie = require('cookie');
-const minimatch = require('minimatch');
 const bearerToken = require('@abtnode/util/lib/express-bearer-token');
 const validators = require('@blocklet/sdk/lib/validators');
@@ -37,7 +36,7 @@ const createTransferAppOwnerRoutes = require('./connect/transfer-app-owner');
 const createReceiveTransferAppOwnerRoutes = require('./connect/receive-transfer-app-owner');
 const createSessionRoutes = require('./session');
 const createPassportRoutes = require('./passport');
-const { getRedirectUrl } = require('../../util');
+const { getRedirectUrl, shouldIgnoreUrl } = require('../../util');
 const { sessionCacheDisabledUser } = require('../../cache');
 const getTokenFromWsConnect = (req, options) => {
@@ -98,7 +97,7 @@ const init = ({ node, options }) => {
     // developers need not config the following urls in blocklet.yml
     ignoreUrls.push('/api/public/**');
-    const shouldIgnore = ignoreUrls.some((s) => minimatch(req.url, s));
+    const shouldIgnore = shouldIgnoreUrl(req.url, ignoreUrls);
     if (shouldIgnore) {
       return {};
     }

package/api/services/notification/index.js CHANGED Viewed

@@ -153,7 +153,8 @@ const init = ({ node }) => {
     },
     sendToAppComponents: {
-      exec: ({ event, appDid, data }) => sendToAppComponents({ event, appDid, data, node, wsServer }),
+      exec: ({ event, appDid, componentDid, data }) =>
+        sendToAppComponents({ event, appDid, componentDid, data, node, wsServer }),
     },
     sendToAppChannel: {

package/api/socket/channel/component.js CHANGED Viewed

@@ -34,8 +34,14 @@ const onAuthenticate = async ({ channel, payload, node }) => {
   const nodeInfo = await node.getNodeInfo({ useCache: true });
-  if (getComponentApiKey({ serverSk: nodeInfo.sk, app, component }) !== apiKey) {
-    throw new Error(`Invalid API key. app: ${appDid}, component: ${componentDid}`);
+  const expectedApiKey = getComponentApiKey({ serverSk: nodeInfo.sk, app, component }) || '';
+  if (expectedApiKey !== apiKey) {
+    throw new Error(
+      `Invalid API key. app: ${appDid}, component: ${componentDid}, expected: ${String(expectedApiKey).slice(
+        0,
+        4
+      )}***, actual: ${String(apiKey).slice(0, 4)}***, installedAt: ${component.installedAt}`
+    );
   }
 };
@@ -92,24 +98,26 @@ const sendToAppComponents = async ({ event, appDid, componentDid: inputComponent
   for (const component of app.children || []) {
     const componentDid = component.meta.did;
-    if (inputComponentDid && componentDid !== inputComponentDid) {
-      return;
-    }
-    // eslint-disable-next-line no-loop-func
-    broadcast(wsServer, getComponentChannel(appDid, componentDid), event, notification, async (count) => {
-      // FIXME @linchen 组件以 cluster 模式启动时, 是否确保所有组件实例都收到消息?
-      if (count <= 0) {
-        logger.info('Online component client was not found', { appDid, componentDid });
-        await lock.acquire();
-        try {
-          await states.message.insert({ did: getCacheId(appDid, componentDid), event, data: notification });
-          lock.release();
-        } catch (error) {
-          lock.release();
+    if (!inputComponentDid || componentDid === inputComponentDid) {
+      // realAppDid is diff with appDid when app development mode
+      const realAppDid = app.appDid || appDid;
+      // eslint-disable-next-line no-loop-func
+      broadcast(wsServer, getComponentChannel(realAppDid, componentDid), event, notification, async (count) => {
+        // FIXME @linchen 组件以 cluster 模式启动时, 是否确保所有组件实例都收到消息?
+        if (count <= 0) {
+          logger.info('Online component client was not found', { realAppDid, componentDid });
+          await lock.acquire();
+          try {
+            await states.message.insert({ did: getCacheId(realAppDid, componentDid), event, data: notification });
+            lock.release();
+          } catch (error) {
+            lock.release();
+          }
         }
-      }
-    });
+      });
+    }
   }
 };

package/api/util/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
 const joinUrl = require('url-join');
 const get = require('lodash/get');
+const minimatch = require('minimatch');
 const { ROLES, WHO_CAN_ACCESS } = require('@abtnode/constant');
 const { BlockletSource, BLOCKLET_MODES, BlockletGroup } = require('@blocklet/constant');
 const { findWebInterface, findWebInterfacePort, findComponentByIdV2 } = require('@blocklet/meta/lib/util');
@@ -241,6 +242,23 @@ const getDidConnectVersion = (req) => {
 const nanoid = (length = 16) => [...Array(length)].map(() => Math.random().toString(36)[2]).join('');
+const shouldIgnoreUrl = (url, urls) => {
+  let { length } = url;
+  for (let i = 0; i < url.length; i++) {
+    if (url[i] === '?' || url[i] === '#') {
+      length = i;
+      break;
+    }
+  }
+  const _url = url.slice(0, length);
+  for (let i = 0; i < urls.length; i++) {
+    if (minimatch(_url, urls[i])) {
+      return true;
+    }
+  }
+  return false;
+};
 module.exports = {
   getBlockletLogo,
   shouldGotoStartPage,
@@ -251,4 +269,5 @@ module.exports = {
   createTokenFn,
   getDidConnectVersion,
   nanoid,
+  shouldIgnoreUrl,
 };