@abtnode/blocklet-services 1.16.18-beta-aa01bd8e → 1.16.18-beta-f4777312

package/api/index.js

@@ -162,11 +162,6 @@ module.exports = function createServer(node, serverOptions = {}) {
           logger.error('send to component error', { error });
         });
       }
-
-      // backward compatibility, should be removed if BlockletSDK@1.6.14 is not supported anymore
-      notificationService.sendToApp.exec({ event, appDid, data }).catch((error) => {
-        logger.error('send to app error', { error });
-      });
     });
   });
 
@@ -285,7 +280,7 @@ module.exports = function createServer(node, serverOptions = {}) {
     server.use(
       `${WELLKNOWN_SERVICE_PATH_PREFIX}${pathname}`,
       checkMemberPermission,
-      proxyToDaemon({ proxy, pathname, ...options })
+      proxyToDaemon({ proxy, ...options })
     );
   });
 
@@ -463,7 +458,6 @@ module.exports = function createServer(node, serverOptions = {}) {
 
   BlockletEventsNotifier.init({ node, notificationService });
 
-  server.sendToApp = ({ event, appDid, data }) => notificationService.sendToApp.exec({ event, appDid, data });
   server.sendToAppComponents = ({ event, appDid, data }) =>
     notificationService.sendToAppComponents.exec({ event, appDid, data });
 

package/api/libs/image.js

@@ -128,6 +128,8 @@ const isImageRequest = (req) => {
   return true;
 };
 
+const getImageContentType = (extension) => (extension === 'svg' ? 'image/svg+xml' : `image/${extension}`);
+
 const tasks = {};
 const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxAge: '356d', immutable: true }) => {
   if (fs.existsSync(cacheDir) === false) {
@@ -159,7 +161,7 @@ const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxA
   const cacheKey = md5(stringify({ target: req.target, path: req.originalUrl, params }));
   const destPath = getCacheFilePath(cacheDir, `${cacheKey}.${params.f || extension}`);
   if (fs.existsSync(destPath)) {
-    res.header('Content-Type', `image/${params.f || extension}`);
+    res.header('Content-Type', getImageContentType(params.f || extension));
     res.sendFile(destPath, sendOptions);
     return;
   }
@@ -176,7 +178,7 @@ const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxA
   tasks[cacheKey]
     .then(() => {
       logger.info('image filter succeed', { params, url: req.originalUrl, destPath });
-      res.header('Content-Type', `image/${params.f || extension}`);
+      res.header('Content-Type', getImageContentType(params.f || extension));
       res.sendFile(destPath, sendOptions);
     })
     .catch((err) => {
@@ -192,6 +194,21 @@ const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxA
 
 const processImage = (src, extension, dest, params) => {
   return new Promise((resolve, reject) => {
+    // output stream
+    const out = fs.createWriteStream(dest);
+    out.on('close', () => {
+      resolve(dest);
+    });
+
+    out.on('error', (err) => {
+      reject(err);
+    });
+
+    if (extension === 'svg') {
+      src.pipe(out);
+      return;
+    }
+
     const {
       imageFilter,
       w: width,
@@ -251,16 +268,6 @@ const processImage = (src, extension, dest, params) => {
       pipeline.negate();
     }
 
-    // output stream
-    const out = fs.createWriteStream(dest);
-    out.on('close', () => {
-      resolve(dest);
-    });
-
-    out.on('error', (err) => {
-      reject(err);
-    });
-
     pipeline[format || EXTENSIONS[extension]]({ quality, progressive: !!progressive, force: true });
 
     pipeline.on('error', (err) => {

package/api/routes/env.js

@@ -30,11 +30,13 @@ module.exports = {
   apiPrefix: "${pathPrefix.replace(/\/+$/, '')}${WELLKNOWN_SERVICE_PATH_PREFIX}",
   ${groupPathPrefix ? `groupPathPrefix: "${groupPathPrefix}",` : ''}
   webWalletUrl: "${info.webWalletUrl || config.webWalletUrl || opts.webWalletUrl}",
-  nftDomainUrl: "${info.nftDomainUrl}",
+  nftDomainUrl: "${info.nftDomainUrl || ''}",
   passportColor: "${passportColor}",
   serverDid: "${info.did}",
   serverVersion: "${info.version}",
-  mode: "${info.mode}"
+  mode: "${info.mode}",
+  ownerNft: ${JSON.stringify(info.ownerNft || '')},
+  launcher: ${JSON.stringify(info.launcher || '')}
 }`);
     });
   },

package/api/routes/federated.js

@@ -339,7 +339,10 @@ module.exports = {
             pendingUserList.push(
               limitSync(async () => {
                 await syncFnMaps[user.action]?.(
-                  { ...user, sourceAppPid: user.sourceAppPid === teamDid ? undefined : user.sourceAppPid },
+                  {
+                    ...user,
+                    sourceAppPid: user.sourceAppPid === teamDid ? null : user.sourceAppPid,
+                  },
                   { node, teamDid, dataDir }
                 );
               })

package/api/routes/oauth.js

@@ -64,7 +64,7 @@ function getAuthClient(blocklet, provider) {
 
 async function login(req, node, options) {
   const blocklet = await req.getBlocklet();
-  const { token, locale = 'en', provider, componentId, sourceAppPid, visitorId } = req.body;
+  const { token, locale = 'en', provider, componentId, sourceAppPid = null, visitorId } = req.body;
 
   if (!blocklet.settings?.owner) {
     throw new ApiError(400, t('oauthCantBeOwner', locale));
@@ -264,7 +264,15 @@ async function login(req, node, options) {
 }
 
 async function invite(req, node, options) {
-  const { locale, inviteId, token, baseUrl, provider = LOGIN_PROVIDER.AUTH0, sourceAppPid, visitorId } = req.body;
+  const {
+    locale,
+    inviteId,
+    token,
+    baseUrl,
+    provider = LOGIN_PROVIDER.AUTH0,
+    sourceAppPid = null,
+    visitorId,
+  } = req.body;
   const blocklet = await req.getBlocklet();
   let userWallet;
   let oauthInfo;
@@ -390,6 +398,7 @@ async function invite(req, node, options) {
       syncData.users.push({
         ...syncUserData,
         action: 'connectAccount',
+        // HACK: @zhanghan 这里会造成 master 中的用户也增加 sourceAppPid 字段，需要在 sync 接收端处理
         sourceAppPid: sourceAppPid || masterSite?.appPid,
       });
     }

package/api/routes/user.js

@@ -102,7 +102,7 @@ async function composeProfileData({ avatar, fullName, email }, { node, req, team
 
 async function loginWallet(
   { did, pk, avatar, email, fullName },
-  { node, req, locale, componentId, teamDid, updateInfo = true, sourceAppPid }
+  { node, req, locale, componentId, teamDid, updateInfo = true, sourceAppPid = null }
 ) {
   const provider = LOGIN_PROVIDER.WALLET;
   const { error } = loginWalletSchema.validate({
@@ -162,7 +162,7 @@ async function loginWallet(
 
 async function loginOAuth(
   { provider, id, avatar, email, fullName },
-  { node, req, locale, componentId, teamDid, blockletWallet, updateInfo = true, sourceAppPid }
+  { node, req, locale, componentId, teamDid, blockletWallet, updateInfo = true, sourceAppPid = null }
 ) {
   const { error } = loginOAuthSchema.validate({
     provider,
@@ -232,7 +232,7 @@ async function login(req, node, options) {
     locale = 'en',
     updateInfo = true,
     visitorId,
-    sourceAppPid,
+    sourceAppPid = null,
   } = req.body;
 
   const componentId = req.get('x-blocklet-component-id');
@@ -356,7 +356,7 @@ module.exports = {
      * @summary 暂时不允许用户注册，只允许登录
      */
     server.post(`${prefixApi}/loginByWallet`, async (req, res) => {
-      const { userDid, signature, walletOS, nonce, visitorId, passportId, sourceAppPid, locale } = req.body;
+      const { userDid, signature, walletOS, nonce, visitorId, passportId, sourceAppPid = null, locale } = req.body;
       const { error } = loginUserWalletSchema.validate({
         userDid,
         signature,

package/api/services/auth/index.js

@@ -84,12 +84,16 @@ const init = ({ node, options }) => {
   };
 
   /**
-   * @returns {object} res
-   *  {boolean} res.blocked
-   *  {boolean} res.authenticated
-   *  {boolean} res.authorized
-   *  {boolean} res.ignored
-   *  {string} res.payable
+   * @typedef {object} CheckAuthRes
+   * @property {boolean} blocked
+   * @property {boolean} authenticated
+   * @property {boolean} authorized
+   * @property {boolean} ignored
+   * @property {string} payable
+   */
+
+  /**
+   * @returns {CheckAuthRes} res
    */
   const checkAuth = async ({ req } = {}) => {
     const config = (await req.getServiceConfig(NODE_SERVICES.AUTH)) || {};
@@ -107,24 +111,74 @@ const init = ({ node, options }) => {
 
     const teamDid = req.getBlockletDid();
 
+    // 所有人都可以访问的情况
     if (!config.whoCanAccess || config.whoCanAccess === WHO_CAN_ACCESS.ALL) {
       if (config.blockUnauthenticated && !req.user) {
-        return { blocked: true, authenticated: false };
+        return {
+          blocked: true,
+          authenticated: false,
+        };
       }
     } else if (!req.user) {
+      // 需要被邀请才能访问的情况
       const rbac = await node.getRBAC(teamDid);
       const allRoles = await rbac.getRoles(teamDid);
       const payableRole = allRoles.find((x) => x.extra?.acquire?.pay);
-      return { blocked: true, authenticated: false, payable: payableRole?.extra?.acquire?.pay };
+      return {
+        blocked: true,
+        authenticated: false,
+        payable: payableRole?.extra?.acquire?.pay,
+      };
     } else if (config.whoCanAccess === WHO_CAN_ACCESS.OWNER && req.user.role !== ROLES.OWNER) {
-      return { blocked: true, authenticated: true, authorized: false };
+      // 需要 owner 才能访问
+      return {
+        blocked: true,
+        authenticated: true,
+        authorized: false,
+        requiredRoles: [
+          {
+            name: ROLES.OWNER,
+            title: 'Owner',
+            description: 'Owner',
+          },
+        ],
+      };
     } else if (config.whoCanAccess.startsWith(WHO_CAN_ACCESS_PREFIX_ROLES)) {
+      // 指定 passport 才能访问
+      // 需要用户拥有的权限
       const roles = getRolesFromAuthConfig(config);
       if (!roles.includes(req.user.role)) {
         const rbac = await node.getRBAC(teamDid);
+        // 系统中的所有权限
         const allRoles = await rbac.getRoles(teamDid);
-        const payableRole = allRoles.find((x) => roles.includes(x.name) && x.extra?.acquire?.pay);
-        return { blocked: true, authenticated: true, authorized: false, payable: payableRole?.extra?.acquire?.pay };
+
+        return {
+          blocked: true,
+          authenticated: true,
+          authorized: false,
+          requiredRoles: roles
+            .map((item) => {
+              if (item.name === ROLES.OWNER) {
+                return {
+                  name: item.name,
+                  title: 'Owner',
+                  description: 'Owner',
+                };
+              }
+              const findRole = allRoles.find((x) => x.name === item);
+              if (!findRole) {
+                return null;
+              }
+
+              return {
+                name: findRole.name,
+                title: findRole.title,
+                description: findRole.description,
+                payable: findRole?.extra?.acquire?.pay,
+              };
+            })
+            .filter((x) => x),
+        };
       }
     }
 
@@ -254,7 +308,7 @@ const init = ({ node, options }) => {
   };
 
   middlewares.checkAuth = async (req, res, next) => {
-    const { blocked, authenticated, authorized, payable } = await checkAuth({ req });
+    const { blocked, authenticated, authorized, payable, requiredRoles } = await checkAuth({ req });
 
     if (blocked) {
       if (!authenticated) {
@@ -269,7 +323,17 @@ const init = ({ node, options }) => {
 
       if (!authorized) {
         if (req.accepts(['html', 'json']) === 'html') {
-          res.redirect(getRedirectUrl({ req, pagePath: '/login', params: { authenticated: 1, payable } }));
+          res.redirect(
+            getRedirectUrl({
+              req,
+              pagePath: '/login',
+              params: {
+                authenticated: 1,
+                payable,
+                requiredRoles: JSON.stringify(requiredRoles),
+              },
+            })
+          );
         } else {
           // Security principles: user should not known the reason
           res.status(404).json({ code: 404, error: REASON_404 });

package/api/services/auth/session.js

@@ -1,6 +1,8 @@
 const nocache = require('nocache');
 const joinUrl = require('url-join');
 const pick = require('lodash/pick');
+const omit = require('lodash/omit');
+const merge = require('lodash/merge');
 const {
   WELLKNOWN_SERVICE_PATH_PREFIX,
   USER_AVATAR_URL_PREFIX,
@@ -9,6 +11,7 @@ const {
 } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 
+const isUrl = require('is-url');
 const { PREFIXES } = require('../../util/constants');
 const { createTokenFn, getDidConnectVersion } = require('../../util');
 
@@ -57,7 +60,7 @@ module.exports = {
           .map((x) => pick(x, ['id', 'name', 'title', 'role']));
 
         res.json({
-          user,
+          user: omit(user, ['extra']),
           provider: req.user.provider || LOGIN_PROVIDER.WALLET,
           walletOS: req.user.walletOS,
         });
@@ -67,6 +70,50 @@ module.exports = {
       router.get(sessionApi, nocache(), sessionBearerToken, handleSession);
       router.post(sessionApi, nocache(), sessionBearerToken, handleSession);
 
+      // update user extra: settings, webhooks
+      const extraApi = `${prefix}/api/user/extra`;
+      const checkUser = async (req, res, next) => {
+        const { token } = req;
+        await ensureUser({ req, token });
+        if (!req.user) {
+          res.status(403).json(null);
+        } else {
+          next();
+        }
+      };
+      router.get(extraApi, nocache(), sessionBearerToken, checkUser, async (req, res) => {
+        const teamDid = req.getBlockletDid();
+        const user = await node.getUser({ teamDid, user: { did: req.user.did } });
+        res.json(user.extra || {});
+      });
+      router.post(extraApi, nocache(), sessionBearerToken, checkUser, async (req, res) => {
+        const teamDid = req.getBlockletDid();
+        const exist = await node.getUser({ teamDid, user: { did: req.user.did } });
+        const user = await node.updateUserExtra({
+          teamDid,
+          did: req.user.did,
+          extra: JSON.stringify(merge({}, exist.extra || {}, req.body)),
+        });
+        res.json(user.extra);
+      });
+      router.put(extraApi, nocache(), sessionBearerToken, checkUser, async (req, res) => {
+        if (['slack', 'api'].includes(req.body.type) === false) {
+          res.status(400).send({ error: 'invalid webhook type' });
+          return;
+        }
+
+        if (isUrl(req.body.url) === false) {
+          res.status(400).send({ error: 'invalid webhook url' });
+        }
+
+        await node.sendTestMessage({
+          webhook: { type: req.body.type, params: [{ name: 'url', value: req.body.url }] },
+          message: `This is a test message from user ${req.user.did}`,
+        });
+
+        res.json({ success: true });
+      });
+
       router.post(`${prefix}/api/did/refreshSession`, refreshBearerToken, async (req, res) => {
         const token = req.refreshToken;
         if (token) {

package/api/services/notification/blocklet-events-notifier.js

@@ -189,6 +189,7 @@ const init = ({ node, notificationService }) => {
             notification: {
               title: message.title[locale] || message.title[DEFAULT_LOCALE],
               body: message.body[locale] || message.body[DEFAULT_LOCALE],
+              source: 'app',
             },
           };
           notificationService.sendToUser.exec(input);

package/api/socket/channel/component.js

@@ -100,17 +100,18 @@ const sendToAppComponents = async ({ event, appDid, componentDid: inputComponent
     const componentDid = component.meta.did;
 
     if (!inputComponentDid || componentDid === inputComponentDid) {
-      // realAppDid is diff with appDid when app development mode
-      const realAppDid = app.appDid || appDid;
+      // appPid is diff with appDid when app development mode
+      // appPid is diff with appDid when app has been rotated
+      const appPid = app.appPid || appDid;
 
       // eslint-disable-next-line no-loop-func
-      broadcast(wsServer, getComponentChannel(realAppDid, componentDid), event, notification, async (count) => {
+      broadcast(wsServer, getComponentChannel(appPid, componentDid), event, notification, async (count) => {
         // FIXME @linchen 组件以 cluster 模式启动时, 是否确保所有组件实例都收到消息?
         if (count <= 0) {
-          logger.info('Online component client was not found', { realAppDid, componentDid });
+          logger.info('Online component client was not found', { appPid, componentDid });
           await lock.acquire();
           try {
-            await states.message.insert({ did: getCacheId(realAppDid, componentDid), event, data: notification });
+            await states.message.insert({ did: getCacheId(appPid, componentDid), event, data: notification });
             lock.release();
           } catch (error) {
             lock.release();

package/api/socket/channel/did.js

@@ -8,6 +8,9 @@ const { NODE_MODES } = require('@abtnode/constant');
 const { getWalletDid } = require('@blocklet/sdk/lib/did');
 const JWT = require('@arcblock/jwt');
 const pMap = require('p-map');
+const uniqBy = require('lodash/uniqBy');
+const uniq = require('lodash/uniq');
+const get = require('lodash/get');
 
 // eslint-disable-next-line global-require
 const logger = require('@abtnode/logger')(`${require('../../../package.json').name}:notification`);
@@ -34,21 +37,25 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
   const { keepForOfflineUser = true } = options || {};
   const receiver = Array.isArray(rawDid) ? rawDid : [rawDid];
 
-  const receiverDidList = [];
-  const receiverEmailList = [];
+  let receiverDidList = [];
+  let receiverEmailList = [];
+  let webhookList = [];
+
+  const webhookSenders = new Map();
 
   // sender.appDid 就是当前 blockletDid，通知的发送方就是这个 blocklet 本身
   const teamDid = sender.appDid;
 
   await pMap(receiver, async (item) => {
-    const userInfoItem = await node.getUser({
-      teamDid,
-      user: { did: item },
-      options: { enableConnectedAccount: true },
-    });
-    const receiverDid = getWalletDid(userInfoItem) || item;
-    const receiverEmail = userInfoItem?.email;
-    if (receiverDid) {
+    const user = await node.getUser({ teamDid, user: { did: item }, options: { enableConnectedAccount: true } });
+    const walletEnabled = get(user, 'extra.notifications.wallet', true);
+    const emailEnabled = get(user, 'extra.notifications.email', true);
+    const webhooks = get(user, 'extra.webhooks', []);
+
+    const receiverDid = getWalletDid(user) || item;
+    const receiverEmail = user?.email;
+
+    if (receiverDid && walletEnabled) {
       try {
         await validateReceiver(receiverDid);
         receiverDidList.push(receiverDid);
@@ -56,17 +63,21 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
         /* empty */
       }
     }
-    if (receiverEmail) {
+    if (receiverEmail && emailEnabled) {
       try {
         await validateEmail(receiverEmail);
         receiverEmailList.push({
           email: receiverEmail,
-          locale: userInfoItem?.locale || 'en',
+          locale: user?.locale || 'en',
         });
       } catch {
         /* empty */
       }
     }
+
+    if (Array.isArray(webhooks)) {
+      webhookList.push(...webhooks.filter((x) => x.type && x.url));
+    }
   });
 
   if (receiverDidList.length === 0 && receiverEmailList.length === 0) {
@@ -85,6 +96,11 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
   // parse notification
   const notifications = parseNotification(notification, senderInfo);
 
+  // uniq receivers
+  receiverDidList = uniq(receiverDidList);
+  receiverEmailList = uniqBy(receiverEmailList, 'email');
+  webhookList = uniqBy(webhookList, 'url');
+
   // send notification
   notifications.forEach((data) => {
     for (const receiverDid of receiverDidList) {
@@ -95,14 +111,29 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
         }
       });
     }
-    // NOTICE: 目前只有 notification 的通知能够发送邮件，并且 type 可能为 undefined
-    if ([undefined, NOTIFICATION_TYPES.NOTIFICATION].includes(data.type)) {
-      for (const receiverEmail of receiverEmailList) {
-        sendEmail(receiverEmail.email, data, { teamDid: sender.appDid, node, locale: receiverEmail.locale }).catch(
-          (error) => {
-            logger.error('Failed to send email', { error });
-          }
-        );
+
+    // Do not send email for component activities
+    if (data.source !== 'app') {
+      // NOTICE: 目前只有 notification 的通知能够发送邮件，并且 type 可能为 undefined
+      if ([undefined, NOTIFICATION_TYPES.NOTIFICATION].includes(data.type)) {
+        for (const receiverEmail of receiverEmailList) {
+          sendEmail(receiverEmail.email, data, { teamDid: sender.appDid, node, locale: receiverEmail.locale }).catch(
+            (error) => {
+              logger.error('Failed to send email', { error });
+            }
+          );
+        }
+      }
+
+      // send webhook
+      for (const webhook of webhookList) {
+        let webhookSender = webhookSenders.get(webhook.type);
+        if (!webhookSender) {
+          webhookSender = node.getMessageSender(webhook.type);
+          webhookSenders.set(webhook.type, webhookSender);
+        }
+
+        webhookSender.sendNotification(webhook.url, notification);
       }
     }
   });

package/api/socket/util.js

@@ -29,6 +29,7 @@ const parseNotification = (notification, senderInfo) => {
       did: senderInfo.permanentWallet.address,
       pk: senderInfo.permanentWallet.pk,
       name: senderInfo.name,
+      logo: senderInfo.logo,
       // actualDid is the did of the application that is used to decrypt the message if needed
       actualDid: senderInfo.wallet.address,
       actualPk: senderInfo.wallet.pk,