npm - @abtnode/blocklet-services - Versions diffs - 1.16.16-beta-d6c5ed65 → 1.16.16-beta-d11cb031 - Mend

@abtnode/blocklet-services 1.16.16-beta-d6c5ed65 → 1.16.16-beta-d11cb031

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/api/routes/oauth.js CHANGED Viewed

@@ -19,11 +19,11 @@ const logger = require('@abtnode/logger')('blocklet-services:oauth');
 const { AuthenticationClient } = require('../libs/auth/adapters/auth0');
 const { getAvatarByEmail, transferPassport, getAvatarByUrl } = require('../libs/auth/utils');
-const { api } = require('../libs/api');
 const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
 const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../util');
 const { ApiError } = require('../util/error');
+const { loginAuth0, getFederatedMaster, getOAuthUserInfo, shouldSyncFederated } = require('../util/federated');
 const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
@@ -72,21 +72,18 @@ async function login(req, node, options) {
   const { did: teamDid, wallet: blockletWallet, secret, appUrl } = await req.getBlockletInfo();
   let userWallet;
   let oauthInfo;
-  let federatedSessionToken;
-  let federatedRefreshToken;
-  // NOTICE: 如果是统一登录，则向 master 站点发起 oauth 登录请求，auth0 的账户信息必须由 master 来生成
+  // NOTICE: 如果是统一登录，则向 master 站点发起 oauth 用户信息查询请求，auth0 的账户信息必须由 master 来生成
   if (sourceAppPid) {
-    const federatedSites = blocklet.settings?.federated?.sites || [];
-    const loginSite = federatedSites.find((x) => x.appPid === sourceAppPid);
-    const postData = { token, locale, provider, componentId };
-    const url = joinUrl(loginSite.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/api/oauth/login');
-    const { data } = await api.post(url, postData, {
-      headers: {
-        'x-did-connect-version': getDidConnectVersion(req),
-      },
+    const data = await getOAuthUserInfo({
+      request: req,
+      blocklet,
+      provider,
+      token,
+      sourceAppPid,
     });
-    ({ sessionToken: federatedSessionToken, refreshToken: federatedRefreshToken, oauthInfo, userWallet } = data);
+    userWallet = data.wallet;
+    oauthInfo = data.info;
   } else {
     const authClient = getAuthClient(blocklet, provider);
     oauthInfo = await authClient.getProfile(token);
@@ -189,22 +186,29 @@ async function login(req, node, options) {
     node
   );
+  const masterSite = getFederatedMaster(blocklet);
   // NOTICE: 采用异步来更新，不阻塞接口的正常响应
-  node.syncFederated({
-    did: teamDid,
-    data: {
-      users: [
-        {
-          did: userDid,
-          pk: userPk,
-          ...profile,
-          avatar: getUserAvatarUrl(appUrl, profile.avatar),
-          connectedAccount: [connectedAccount],
-          action: 'connectAccount',
-        },
-      ],
-    },
-  });
+  if (shouldSyncFederated(sourceAppPid, masterSite, blocklet)) {
+    const syncUserData = {
+      did: userDid,
+      pk: userPk,
+      ...profile,
+      avatar: getUserAvatarUrl(appUrl, profile.avatar),
+      connectedAccount: [connectedAccount],
+    };
+    node.syncFederated({
+      did: teamDid,
+      data: {
+        users: [
+          {
+            ...syncUserData,
+            action: 'connectAccount',
+            sourceAppPid: sourceAppPid || masterSite.appPid,
+          },
+        ],
+      },
+    });
+  }
   const { createSessionToken } = initJwt(node, options);
@@ -218,6 +222,7 @@ async function login(req, node, options) {
       role: passport.role,
       fullName,
       provider,
+      walletOS: 'web',
     },
     { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
   );
@@ -230,22 +235,33 @@ async function login(req, node, options) {
   return {
     sessionToken,
     refreshToken,
-    federatedSessionToken,
-    federatedRefreshToken,
-    oauthInfo,
-    userWallet: pick(userWallet, ['type', 'publicKey', 'address']),
   };
 }
 async function invite(req, node, options) {
-  const { locale, inviteId, token, baseUrl, provider = LOGIN_PROVIDER.AUTH0 } = req.body;
+  const { locale, inviteId, token, baseUrl, provider = LOGIN_PROVIDER.AUTH0, sourceAppPid } = req.body;
   const blocklet = await req.getBlocklet();
-  const authClient = getAuthClient(blocklet, provider);
+  let userWallet;
+  let oauthInfo;
+  // NOTICE: 如果是统一登录，则向 master 站点发起 oauth 登录请求，auth0 的账户信息必须由 master 来生成
+  if (sourceAppPid) {
+    const data = await loginAuth0({
+      request: req,
+      blocklet,
+      locale,
+      provider,
+      token,
+      sourceAppPid,
+    });
+    ({ oauthInfo, userWallet } = data);
+  } else {
+    const authClient = getAuthClient(blocklet, provider);
+    oauthInfo = await authClient.getProfile(token);
+    userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
+  }
   const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
   const nodeInfo = await req.getNodeInfo();
-  const oauthInfo = await authClient.getProfile(token);
-  const userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
   let userDid = userWallet.address;
   let userPk = userWallet.publicKey;
@@ -332,23 +348,31 @@ async function invite(req, node, options) {
         did: userDid,
         pk: userPk,
         connectedAccount,
+        sourceAppPid,
       },
     });
+    const masterSite = getFederatedMaster(blocklet);
     // NOTICE: 采用异步来更新，不阻塞接口的正常响应
-    node.syncFederated({
-      did: teamDid,
-      data: {
-        users: [
-          {
-            did: userDid,
-            pk: userPk,
-            ...profile,
-            connectedAccount: [connectedAccount],
-            action: 'connectAccount',
-          },
-        ],
-      },
-    });
+    if (shouldSyncFederated(sourceAppPid, masterSite, blocklet)) {
+      const syncUserData = {
+        did: userDid,
+        pk: userPk,
+        ...profile,
+        connectedAccount: [connectedAccount],
+      };
+      node.syncFederated({
+        did: teamDid,
+        data: {
+          users: [
+            {
+              ...syncUserData,
+              action: 'connectAccount',
+              sourceAppPid: sourceAppPid || masterSite.appPid,
+            },
+          ],
+        },
+      });
+    }
   }
   const { createSessionToken } = initJwt(node, options);
@@ -358,7 +382,7 @@ async function invite(req, node, options) {
   const { sessionToken, refreshToken } = createToken(
     userDid,
-    { secret, passport, role, fullName: profile.fullName, provider },
+    { secret, passport, role, fullName: profile.fullName, provider, walletOS: 'web' },
     { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
   );
@@ -373,14 +397,22 @@ async function invite(req, node, options) {
 // 给 DID Wallet 绑定 Auth0 的流程
 // eslint-disable-next-line no-unused-vars
 async function bind(req, node, options) {
-  const { token, locale = 'en', provider } = req.body;
+  const { token, locale = 'en', provider, sourceAppPid } = req.body;
   const blocklet = await req.getBlocklet();
-  const authClient = getAuthClient(blocklet, provider);
+  const { did: teamDid, wallet: blockletWallet, appUrl } = await req.getBlockletInfo();
   const userDid = req.user.did;
-  const userInfo = await authClient.getProfile(token);
-  const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
-  const userWallet = fromAppDid(userInfo.sub, blockletWallet.secretKey);
+  let userWallet;
+  let userInfo;
+  if (sourceAppPid) {
+    const data = await getOAuthUserInfo({ blocklet, provider, token, request: req, sourceAppPid });
+    userWallet = data.wallet;
+    userInfo = data.info;
+  } else {
+    const authClient = getAuthClient(blocklet, provider);
+    userInfo = await authClient.getProfile(token);
+    userWallet = fromAppDid(userInfo.sub, blockletWallet.secretKey);
+  }
   let oauthUser = await node.getUser({
     teamDid,
     user: { did: userWallet.address },
@@ -443,21 +475,31 @@ async function bind(req, node, options) {
     },
   });
-  // NOTICE: 采用异步来更新，不阻塞接口的正常响应
-  node.syncFederated({
-    did: teamDid,
-    data: {
-      users: [
-        {
-          did: bindUser.did,
-          pk: bindUser.pk,
-          ...mergeProfile,
-          connectedAccount: [connectedAccount],
-          action: 'connectAccount',
-        },
-      ],
-    },
-  });
+  const masterSite = getFederatedMaster(blocklet);
+  if (shouldSyncFederated(sourceAppPid, masterSite, blocklet)) {
+    // NOTICE: 采用异步来更新，不阻塞接口的正常响应
+    const syncUserData = {
+      did: bindUser.did,
+      pk: bindUser.pk,
+      ...mergeProfile,
+      connectedAccount: [connectedAccount],
+    };
+    if (syncUserData.avatar) {
+      syncUserData.avatar = getUserAvatarUrl(appUrl, syncUserData.avatar);
+    }
+    node.syncFederated({
+      did: teamDid,
+      data: {
+        users: [
+          {
+            ...syncUserData,
+            action: 'connectAccount',
+            sourceAppPid: sourceAppPid || masterSite.appPid,
+          },
+        ],
+      },
+    });
+  }
   if (!oauthUser) {
     oauthUser = {
@@ -493,11 +535,11 @@ module.exports = {
         res.status(401).send('Unauthorized');
       }
       const userDid = req.user.did;
-      const blocklet = await req.getBlockletInfo();
+      const blockletInfo = await req.getBlockletInfo();
       const nodeInfo = await req.getNodeInfo();
-      const { did: teamDid, wallet: blockletWallet, appUrl } = blocklet;
+      const { did: teamDid, wallet: blockletWallet, appUrl } = blockletInfo;
       const { passportColor } = await getApplicationInfo({ node, nodeInfo, teamDid });
-      const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blocklet)]);
+      const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blockletInfo)]);
       // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
       const user = await node.getUser({ teamDid, user: { did: userDid } });
       let ownerAvatarUrl = getUserAvatarUrl(appUrl, user.avatar);
@@ -594,7 +636,7 @@ module.exports = {
       const sessionConfig = blocklet.settings?.session || {};
       const { sessionToken, refreshToken } = createToken(
         userDid,
-        { secret, passport, role: passport.role, fullName: user?.fullName, provider },
+        { secret, passport, role: passport.role, fullName: user?.fullName, provider, walletOS: 'web' },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
       );
@@ -634,5 +676,21 @@ module.exports = {
     }
     server.post(`${prefix}/login`, loginFn);
     server.post(`${prefixApi}/login`, loginFn);
+    async function getUserFn(req, res) {
+      const { token, provider } = req.body;
+      const blocklet = await req.getBlocklet();
+      const { wallet: blockletWallet } = await req.getBlockletInfo();
+      const authClient = getAuthClient(blocklet, provider);
+      const oauthInfo = await authClient.getProfile(token);
+      const userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
+      res.json({
+        info: oauthInfo,
+        wallet: pick(userWallet, ['type', 'publicKey', 'address']),
+      });
+    }
+    server.post(`${prefix}/getUser`, getUserFn);
+    server.post(`${prefixApi}/getUser`, getUserFn);
   },
 };

package/api/routes/user.js CHANGED Viewed

@@ -274,6 +274,7 @@ async function login(req, node, options) {
       role: passport.role,
       fullName: doc.fullName,
       provider,
+      walletOS: 'api',
     },
     { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
   );

package/api/services/auth/connect/invite.js CHANGED Viewed

@@ -77,12 +77,21 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         endpoint,
       });
+      const walletOS = req.context.didwallet.os;
       // Generate new session token that client can save to localStorage
       const createToken = createTokenFn(createSessionToken);
       const sessionConfig = blocklet.settings?.session || {};
       const { sessionToken, refreshToken } = createToken(
         userDid,
-        { secret, passport, role, fullName: profile.fullName, provider: LOGIN_PROVIDER.WALLET },
+        {
+          secret,
+          passport,
+          role,
+          fullName: profile.fullName,
+          provider: LOGIN_PROVIDER.WALLET,
+          walletOS,
+        },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
       );
       await updateSession({ sessionToken, refreshToken }, true);

package/api/services/auth/connect/login.js CHANGED Viewed

@@ -40,8 +40,6 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
           {
             sessionToken: result.sessionToken,
             refreshToken: result.refreshToken,
-            federatedSessionToken: result.federatedSessionToken || '',
-            federatedRefreshToken: result.federatedRefreshToken || '',
           },
           true
         );

package/api/services/auth/connect/receive-transfer-app-owner.js CHANGED Viewed

@@ -367,9 +367,10 @@ module.exports = function createRoutes(node, _, createSessionToken) {
       // Generate new session token that client can save to localStorage
       const createToken = createTokenFn(createSessionToken);
       const sessionConfig = blocklet.settings?.session || {};
+      const walletOS = req.context?.didwallet?.os;
       const { sessionToken, refreshToken } = createToken(
         userDid,
-        { secret, passport: vc, role, fullName: profile.fullName, provider: LOGIN_PROVIDER.WALLET },
+        { secret, passport: vc, role, fullName: profile.fullName, provider: LOGIN_PROVIDER.WALLET, walletOS },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
       );
       await updateSession({ sessionToken, refreshToken }, true);

package/api/services/auth/connect/switch-passport.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
+const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/login');
 const { switchPassport } = require('../../../libs/connect/session');
 const { onConnect, onApprove } = switchPassport;
@@ -8,6 +8,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
     action: 'switch-passport',
     onConnect: ({ userDid, baseUrl, extraParams: { locale, connectedDid }, req, request }) => {
       const sourceAppPid = getSourceAppPid(request);
+      const provider = getLoginProvider(request);
       return onConnect({
         node,
         request: req,
@@ -16,11 +17,13 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         previousUserDid: connectedDid,
         baseUrl,
         sourceAppPid,
+        provider,
       });
     },
     onAuth: async ({ claims, challenge, userDid, updateSession, extraParams, req, request }) => {
       const sourceAppPid = getSourceAppPid(request);
+      const provider = getLoginProvider(request);
       const { sessionToken, refreshToken } = await onApprove({
         node,
         request: req,
@@ -30,6 +33,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         userDid,
         createSessionToken,
         sourceAppPid,
+        provider,
       });
       await updateSession({ sessionToken, refreshToken }, true);

package/api/services/auth/session.js CHANGED Viewed

@@ -56,7 +56,11 @@ module.exports = {
           .filter((x) => x.status === PASSPORT_STATUS.VALID)
           .map((x) => pick(x, ['id', 'name', 'title', 'role']));
-        res.json({ user, provider: req.user.provider || LOGIN_PROVIDER.WALLET });
+        res.json({
+          user,
+          provider: req.user.provider || LOGIN_PROVIDER.WALLET,
+          walletOS: req.user.walletOS,
+        });
       };
       const sessionApi = `${prefix}/api/did/session`;
@@ -78,6 +82,7 @@ module.exports = {
               role,
               passport,
               provider = LOGIN_PROVIDER.WALLET,
+              walletOS,
             } = await verifySessionToken(token, secret, {
               checkFromDb: true,
               teamDid,
@@ -116,11 +121,18 @@ module.exports = {
                 role,
                 fullName: user.fullName,
                 provider,
+                walletOS,
               },
               { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
             );
-            res.json({ user, nextToken: sessionToken, nextRefreshToken: refreshToken, provider });
+            res.json({
+              user,
+              nextToken: sessionToken,
+              nextRefreshToken: refreshToken,
+              provider,
+              walletOS,
+            });
           } catch (err) {
             res.status(400).send(err.message);
           }

package/api/util/federated.js CHANGED Viewed

@@ -1,5 +1,22 @@
 const joinUrl = require('url-join');
 const { USER_AVATAR_URL_PREFIX, WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_PATH_PREFIX } = require('@abtnode/constant');
+const { pick, get } = require('lodash');
+const { signV2 } = require('@arcblock/jwt');
+const { api } = require('../libs/api');
+const { getDidConnectVersion } = require('./index');
+function shouldSyncFederated(sourceAppPid, master, blocklet) {
+  if (sourceAppPid) {
+    return true;
+  }
+  if (master && blocklet && master.appPid === blocklet.appPid) {
+    return true;
+  }
+  return false;
+}
 function getFederatedMaster(blocklet) {
   const { sites } = blocklet?.settings?.federated || {};
@@ -22,8 +39,88 @@ function getUserAvatarUrl(avatar, blocklet) {
   return avatarUrl;
 }
+async function loginAuth0({ blocklet, sourceAppPid, request, token, locale, provider, componentId }) {
+  const federatedSites = blocklet.settings?.federated?.sites || [];
+  const loginSite = federatedSites.find((x) => x.appPid === sourceAppPid);
+  const postData = { token, locale, provider };
+  if (componentId) {
+    postData.componentId = componentId;
+  }
+  const url = joinUrl(loginSite.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/api/oauth/login');
+  const { data } = await api.post(url, postData, {
+    headers: {
+      'x-did-connect-version': getDidConnectVersion(request),
+    },
+  });
+  return data;
+}
+async function getOAuthUserInfo({ blocklet, sourceAppPid, request, token, provider }) {
+  const federatedSites = blocklet.settings?.federated?.sites || [];
+  const loginSite = federatedSites.find((x) => x.appPid === sourceAppPid);
+  const postData = { token, provider };
+  const url = joinUrl(loginSite.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/api/oauth/getUser');
+  const { data } = await api.post(url, postData, {
+    headers: {
+      'x-did-connect-version': getDidConnectVersion(request),
+    },
+  });
+  return data;
+}
+async function migrateAuth0({ blocklet, blockletInfo, fromUserDid, toUserDid, toUserPk }) {
+  const masterSite = getFederatedMaster(blocklet);
+  const { permanentWallet } = blockletInfo;
+  const url = joinUrl(masterSite.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/api/federated/migrateAuth0');
+  const { data } = await api.post(url, {
+    signer: permanentWallet.address,
+    data: signV2(permanentWallet.address, permanentWallet.secretKey, {
+      fromUserDid,
+      toUserDid,
+      toUserPk,
+    }),
+  });
+  return data;
+}
+async function loginByMember({ blockletInfo, blocklet, request, user, passport }) {
+  const masterSite = getFederatedMaster(blocklet);
+  if (masterSite) {
+    const walletOS = request.context.didwallet.os;
+    const { permanentWallet } = blockletInfo;
+    const postUser = pick(user, ['did', 'pk', 'fullName', 'locale']);
+    postUser.lastLoginAt = get(request, 'headers[x-real-ip]') || '';
+    if (user.email) {
+      postUser.email = user.email;
+    }
+    if (user.avatar) {
+      postUser.avatar = getUserAvatarUrl(user.avatar, blocklet);
+    }
+    const { data } = await api.post(
+      joinUrl(masterSite.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/api/federated/loginByMember'),
+      {
+        signer: permanentWallet.address,
+        data: signV2(permanentWallet.address, permanentWallet.secretKey, {
+          user: postUser,
+          passport,
+          walletOS,
+        }),
+      }
+    );
+    return data;
+  }
+  return null;
+}
 module.exports = {
   isMaster,
+  shouldSyncFederated,
   getFederatedMaster,
   getUserAvatarUrl,
+  loginAuth0,
+  migrateAuth0,
+  getOAuthUserInfo,
+  loginByMember,
 };