@abtnode/blocklet-services 1.16.19-beta-340de95d → 1.16.19-beta-7b2db880

package/api/libs/connect/session.js

@@ -48,7 +48,13 @@ const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../.
 const { transferPassport } = require('../auth/utils');
 const { migrateAccount, declareAccount } = require('../../services/oauth');
 const { getTrustedIssuers, getFederatedTrustedIssuers } = require('../../util/blocklet-utils');
-const { getUserAvatarUrl, migrateAuth0, getFederatedMaster, shouldSyncFederated } = require('../../util/federated');
+const {
+  getUserAvatarUrl,
+  migrateAuth0,
+  getFederatedMaster,
+  shouldSyncFederated,
+  getUserWithinFederated,
+} = require('../../util/federated');
 
 const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
 
@@ -215,23 +221,16 @@ module.exports = {
       const blocklet = await request.getBlocklet();
       const blockletInfo = await request.getBlockletInfo();
       const { wallet, secret, name, passportColor, did: teamDid } = blockletInfo;
+      const sourceAppPid = getSourceAppPid(request);
 
       // Check user approved
-      const user = await node.getUser({
-        teamDid,
-        user: {
-          did: userDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-        },
-      });
-      if (user && !user.approved) {
+      const currentUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
+      if (currentUser && !currentUser.approved) {
         throw new Error(messages.notAllowed[locale]);
       }
 
-      const realDid = user?.did || userDid;
-      const realPk = user?.pk || userPk;
+      const realDid = currentUser?.did || userDid;
+      const realPk = currentUser?.pk || userPk;
 
       // Get auth config
       const authConfig = (await request.getServiceConfig(NODE_SERVICES.AUTH, { componentId })) || {};
@@ -244,7 +243,6 @@ module.exports = {
       let defaultTtlPolicy = 'never';
       let issuePassport = false;
 
-      const sourceAppPid = getSourceAppPid(request);
       const provider = getLoginProvider(request);
       const masterSite = getFederatedMaster(blocklet);
 
@@ -318,7 +316,7 @@ module.exports = {
 
       // Get user passport from vc
       let passport = vc ? createUserPassport(vc) : null;
-      if (user && passport && isUserPassportRevoked(user, passport)) {
+      if (currentUser && passport && isUserPassportRevoked(currentUser, passport)) {
         throw new Error(messages.passportRevoked[locale](passport.title, name));
       }
 
@@ -342,19 +340,19 @@ module.exports = {
           }
         : null;
 
-      let fullName = user?.fullName;
+      let fullName = currentUser?.fullName;
       // Update profile
       const passportForLog = passport || { name: 'Guest', role: 'guest' };
 
       const connectAccount = { provider, did: userDid, pk: userPk };
 
       let updatedUser;
-      if (user) {
+      if (currentUser) {
         updatedUser = await node.loginUser({
           teamDid,
           user: {
-            did: user.did,
-            pk: user.pk,
+            did: currentUser.did,
+            pk: currentUser.pk,
             locale,
             passport,
             sourceAppPid,

package/api/libs/connect/v2.js

@@ -1,5 +1,5 @@
 const path = require('path');
-const { NedbStorage } = require('@did-connect/storage-nedb');
+const DynamicStorage = require('@abtnode/connect-storage');
 const { Authenticator } = require('@did-connect/authenticator');
 const createHandlers = require('@blocklet/sdk/lib/connect/handler');
 const { sendToUser } = require('@blocklet/sdk/lib/util/send-notification');
@@ -22,10 +22,7 @@ module.exports = (node, opts) => {
   const handlers = createHandlers({
     logger,
     authenticator,
-    storage: new NedbStorage({
-      // FIXME: @wangshijun this does not work anymore
-      dbPath: path.join(opts.dataDir, 'sessions.db'),
-    }),
+    storage: new DynamicStorage({ dbPath: path.join(opts.dataDir, 'connections.db'), v2: true }),
     socketPathname: `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/connect/relay/websocket`,
     sendNotificationFn: async (connectedDid, message, { request }) => {
       const { wallet } = await request.getBlockletInfo();

package/api/libs/image.js

@@ -130,68 +130,6 @@ const isImageRequest = (req) => {
 
 const getImageContentType = (extension) => (extension === 'svg' ? 'image/svg+xml' : `image/${extension}`);
 
-const tasks = {};
-const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxAge: '356d', immutable: true }) => {
-  if (fs.existsSync(cacheDir) === false) {
-    fs.mkdirSync(cacheDir, { recursive: true });
-  }
-
-  const params = req.imageFilter;
-  const extension = toLower(ext || path.extname(req.path).slice(1));
-
-  // NOTE: 不要使用 `req.accepts('image/webp')`，这里需要排除掉 `Accept: */*` 和 `Accept: image/*` 的情况
-  const acceptWebp = req.accepts().includes('image/webp');
-  if (!acceptWebp) {
-    if (params.f === 'webp') {
-      params.f = undefined;
-    }
-    if ((!extension || extension === 'webp') && !params.f) {
-      params.f = 'png';
-    }
-  }
-  if (!extension && !params.f) {
-    params.f = 'png';
-  }
-
-  if (!extension && !params.f) {
-    res.status(400).send('Image filter failed: either extension or format must be specified');
-    return;
-  }
-
-  const cacheKey = md5(stringify({ target: req.target, path: req.originalUrl, params }));
-  const destPath = getCacheFilePath(cacheDir, `${cacheKey}.${params.f || extension}`);
-  if (fs.existsSync(destPath)) {
-    res.header('Content-Type', getImageContentType(params.f || extension));
-    res.sendFile(destPath, sendOptions);
-    return;
-  }
-
-  // do the convert
-  tasks[cacheKey] ??= getSrc(req)
-    .then(([src, _extension]) => processImage(src, toLower(_extension), destPath, params))
-    .finally(() => {
-      setTimeout(() => {
-        delete tasks[cacheKey];
-      }, 1000);
-    });
-
-  tasks[cacheKey]
-    .then(() => {
-      logger.info('image filter succeed', { params, url: req.originalUrl, destPath });
-      res.header('Content-Type', getImageContentType(params.f || extension));
-      res.sendFile(destPath, sendOptions);
-    })
-    .catch((err) => {
-      logger.error('image filter failed', { error: err, params, url: req.url });
-      if (params.e) {
-        res.status(500).send(`Image service error: ${err.message}`);
-      } else {
-        res.status(500);
-        res.sendFile(errorImage, { maxAge: 0 });
-      }
-    });
-};
-
 const processImage = (src, extension, dest, params) => {
   return new Promise((resolve, reject) => {
     // output stream
@@ -235,7 +173,7 @@ const processImage = (src, extension, dest, params) => {
       dimensions.height = height;
     }
 
-    const pipeline = sharp({ animated: true }).timeout({ seconds: 30 });
+    const pipeline = sharp({ animated: true, limitInputPixels: 0 }).timeout({ seconds: 60 });
     if (rotate) {
       pipeline.rotate(rotate);
     }
@@ -268,7 +206,7 @@ const processImage = (src, extension, dest, params) => {
       pipeline.negate();
     }
 
-    pipeline[format || EXTENSIONS[extension]]({ quality, progressive: !!progressive, force: true });
+    pipeline[format || EXTENSIONS[extension]]({ quality, progressive: !!progressive, dither: 0, force: true });
 
     pipeline.on('error', (err) => {
       reject(err);
@@ -282,6 +220,68 @@ const processImage = (src, extension, dest, params) => {
   });
 };
 
+const tasks = {};
+const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxAge: '356d', immutable: true }) => {
+  if (fs.existsSync(cacheDir) === false) {
+    fs.mkdirSync(cacheDir, { recursive: true });
+  }
+
+  const params = req.imageFilter;
+  const extension = toLower(ext || path.extname(req.path).slice(1));
+
+  // NOTE: 不要使用 `req.accepts('image/webp')`，这里需要排除掉 `Accept: */*` 和 `Accept: image/*` 的情况
+  const acceptWebp = req.accepts().includes('image/webp');
+  if (!acceptWebp) {
+    if (params.f === 'webp') {
+      params.f = undefined;
+    }
+    if ((!extension || extension === 'webp') && !params.f) {
+      params.f = 'png';
+    }
+  }
+  if (!extension && !params.f) {
+    params.f = 'png';
+  }
+
+  if (!extension && !params.f) {
+    res.status(400).send('Image filter failed: either extension or format must be specified');
+    return;
+  }
+
+  const cacheKey = md5(stringify({ target: req.target, path: req.originalUrl, params }));
+  const destPath = getCacheFilePath(cacheDir, `${cacheKey}.${params.f || extension}`);
+  if (fs.existsSync(destPath)) {
+    res.header('Content-Type', getImageContentType(params.f || extension));
+    res.sendFile(destPath, sendOptions);
+    return;
+  }
+
+  // do the convert
+  tasks[cacheKey] ??= getSrc(req)
+    .then(([src, _extension]) => processImage(src, toLower(_extension), destPath, params))
+    .finally(() => {
+      setTimeout(() => {
+        delete tasks[cacheKey];
+      }, 1000);
+    });
+
+  tasks[cacheKey]
+    .then(() => {
+      logger.info('image filter succeed', { params, url: req.originalUrl, destPath });
+      res.header('Content-Type', getImageContentType(params.f || extension));
+      res.sendFile(destPath, sendOptions);
+    })
+    .catch((err) => {
+      logger.error('image filter failed', { error: err, params, url: req.url });
+      if (params.e) {
+        res.status(500).send(`Image service error: ${err.message}`);
+      } else {
+        res.status(500);
+        res.sendFile(errorImage, { maxAge: 0 });
+      }
+    });
+};
+
 module.exports = {
   isImageAccepted,
   isImageRequest,

package/api/libs/open-graph/emoji.js

@@ -5,8 +5,6 @@ const fetch = require('node-fetch').default;
 const U200D = String.fromCharCode(8205); // zero-width joiner
 const UFE0Fg = /\uFE0F/g; // variation selector regex
 
-const getIconCode = (char) => toCodePoint(char.indexOf(U200D) < 0 ? char.replace(UFE0Fg, '') : char);
-
 const toCodePoint = (unicodeSurrogates) => {
   const r = [];
   let c = 0;
@@ -26,6 +24,8 @@ const toCodePoint = (unicodeSurrogates) => {
   return r.join('-');
 };
 
+const getIconCode = (char) => toCodePoint(char.indexOf(U200D) < 0 ? char.replace(UFE0Fg, '') : char);
+
 const apis = {
   twemoji: (code) => `https://cdn.jsdelivr.net/gh/twitter/twemoji@14.0.2/assets/svg/${code.toLowerCase()}.svg`,
   openmoji: 'https://cdn.jsdelivr.net/npm/@svgmoji/openmoji@2.0.0/svg/',

package/api/libs/open-graph/index.js

@@ -107,6 +107,7 @@ const getOgImage = ({ input, info, cacheDir, format, tmpDir }) => {
     return destPath;
   }
 
+  // eslint-disable-next-line no-use-before-define
   generateTasks[cacheKey] ??= generateOgImage(params, tmpDir).finally(() => {
     setTimeout(() => {
       delete generateTasks[cacheKey];

package/api/routes/federated.js

@@ -1,4 +1,4 @@
-const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX, FEDERATED } = require('@abtnode/constant');
 const { signV2 } = require('@arcblock/jwt');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const cloneDeep = require('lodash/cloneDeep');
@@ -25,13 +25,12 @@ const { createTokenFn, getDidConnectVersion } = require('../util');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
 const verifyFederatedCall = require('../middlewares/verify-federated-call');
 const checkFederatedCorsCall = require('../middlewares/check-federated-cors-call');
-const { getUserAvatarUrl, getFederatedMaster } = require('../util/federated');
+const { getUserAvatarUrl, getFederatedMaster, getUserWithinFederated } = require('../util/federated');
 const { declareAccount, migrateAccount } = require('../services/oauth');
 
 const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
 
 const prefix = `${PREFIX}/api/federated`;
-const limitSync = pLimit(1);
 
 function getAuditLogActorByFederatedSite(blocklet) {
   return {
@@ -60,8 +59,13 @@ async function syncSwitchProfile(user, { node, teamDid, dataDir }) {
   });
 }
 
-async function syncConnectAccount(user, { node, teamDid, dataDir }) {
+/**
+ * 处理站点群中某一站点推送的同步 connectAccount 的请求
+ */
+
+async function syncConnectAccount(user, { node, teamDid, dataDir, blocklet }) {
   const tempUser = pick(user, ['did', 'pk', 'avatar', 'fullName', 'email', 'connectedAccount', 'sourceAppPid']);
+  const masterSite = getFederatedMaster(blocklet);
 
   // 处理 avatar
   if (tempUser.avatar) {
@@ -73,15 +77,71 @@ async function syncConnectAccount(user, { node, teamDid, dataDir }) {
     }
   }
 
+  // NOTICE: 如果当前站点不是 master，就需要考虑该 member 需要向 master 请求同步一次指定账户，因为指定账户可能存在于站点群，而不存在于当前站点中的情况
+  if (masterSite.appPid !== teamDid) {
+    await getUserWithinFederated(
+      {
+        sourceAppPid: tempUser.sourceAppPid,
+        teamDid,
+        userDid: tempUser.did,
+        userPk: tempUser.pk,
+      },
+      { blocklet, node }
+    );
+  }
+
   await node.loginUser({
     teamDid,
     user: tempUser,
   });
 }
 
+/**
+ * member 站点向 master 站点请求拉取一个用户信息
+ */
+async function pullUserAccount(user, { node, teamDid, blocklet }) {
+  const { did } = user;
+  const currentUser = await node.getUser({
+    teamDid,
+    user: {
+      did,
+    },
+    options: {
+      enableConnectedAccount: true,
+    },
+  });
+
+  if (!currentUser) return null;
+
+  const syncUser = pick(currentUser, [
+    'did',
+    'pk',
+    'fullName',
+    'email',
+    'remark',
+    'sourceProvider',
+    'locale',
+    'approved',
+    'extra',
+    'sourceAppPid',
+  ]);
+  syncUser.avatar = getUserAvatarUrl(currentUser.avatar, blocklet);
+  syncUser.email = syncUser.email || '';
+  syncUser.connectedAccounts = currentUser.connectedAccounts.map((x) => {
+    const connectAccount = pick(x, ['did', 'pk', 'provider', 'id']);
+    if (!connectAccount.id) {
+      delete connectAccount.id;
+    }
+    return connectAccount;
+  });
+
+  return syncUser;
+}
+
 const syncFnMaps = {
   switchProfile: syncSwitchProfile,
   connectAccount: syncConnectAccount,
+  pullAccount: pullUserAccount,
 };
 
 module.exports = {
@@ -186,6 +246,7 @@ module.exports = {
         signer: permanentWallet.address,
         data: signV2(permanentWallet.address, permanentWallet.secretKey, { sites: federated.sites }),
       };
+      const limitSync = pLimit(FEDERATED.SYNC_LIMIT);
 
       const waitingList = federated.sites
         .filter((item) => item.appId !== federated.config.appId)
@@ -313,9 +374,15 @@ module.exports = {
       const { verifySite } = req.body;
       const teamDid = blocklet.appPid;
       const { users = null, sites = null, userSessions = null } = req.body.verifyData;
+      const resultData = {
+        users: [],
+        sites: [],
+        userSessions: [],
+      };
 
       // FIXME: @zhanghan 校验 users 和 sites 数据合法性
       if (!isNil(sites)) {
+        const limitSync = pLimit(FEDERATED.SYNC_LIMIT);
         const pendingSiteList = [];
         const federated = cloneDeep(blocklet.settings.federated || {});
         federated.sites = sites;
@@ -327,34 +394,39 @@ module.exports = {
             });
           })
         );
-        await Promise.all(pendingSiteList);
+        const resList = await Promise.all(pendingSiteList);
+        resultData.sites = resList;
       }
 
       if (!isNil(users)) {
         if (Array.isArray(users)) {
+          const limitSync = pLimit(FEDERATED.SYNC_LIMIT);
           const pendingUserList = [];
           const nodeInfo = await req.getNodeInfo();
           const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
           for (const user of users) {
             pendingUserList.push(
               limitSync(async () => {
-                await syncFnMaps[user.action]?.(
+                const result = await syncFnMaps[user.action]?.(
                   {
                     ...user,
                     sourceAppPid: user.sourceAppPid === teamDid ? null : user.sourceAppPid,
                   },
-                  { node, teamDid, dataDir }
+                  { node, teamDid, dataDir, blocklet }
                 );
+                return result;
               })
             );
           }
-          await Promise.all(pendingUserList);
+          const resList = await Promise.all(pendingUserList);
+          resultData.users = resList;
         }
       }
 
       if (!isNil(userSessions)) {
         if (Array.isArray(userSessions)) {
           const pendingUserSessionList = [];
+          const limitSync = pLimit(FEDERATED.SYNC_LIMIT);
           for (const userSession of userSessions) {
             const { action, ...userSessionItem } = userSession;
             pendingUserSessionList.push(
@@ -367,7 +439,8 @@ module.exports = {
               })
             );
           }
-          await Promise.all(pendingUserSessionList);
+          const resList = await Promise.all(pendingUserSessionList);
+          resultData.userSessions = resList;
         }
       }
 
@@ -381,10 +454,13 @@ module.exports = {
         },
         node
       );
-      res.json({});
+      res.json(resultData);
     });
 
-    // step 4 检测自动登录条件(member 向 master 发起请求)
+    /**
+     * @deprecated
+     * step 4 检测自动登录条件(member 向 master 发起请求)
+     */
     server.post(
       `${prefix}/prelogin`,
       cors({ credentials: true, origin: true }),
@@ -425,7 +501,10 @@ module.exports = {
       }
     );
 
-    // step 5 完成 member 的自动登录(member 向 master 请求)
+    /**
+     * @deprecated
+     * step 5 完成 member 的自动登录(member 向 master 请求)
+     */
     server.post(
       `${prefix}/login`,
       cors({ credentials: true, origin: true }),
@@ -591,7 +670,10 @@ module.exports = {
       res.json({ sessionToken, refreshToken });
     });
 
-    // member 要求 master 退出登录
+    /**
+     * @deprecated
+     * member 要求 master 退出登录
+     */
     server.post(
       `${prefix}/logout`,
       cors({ credentials: true, origin: true }),
@@ -698,11 +780,18 @@ module.exports = {
       const teamDid = blocklet.appPid;
 
       const sessionConfig = blocklet.settings?.session || {};
-      const prevUser = await node.getUser({
-        teamDid,
-        user: { did: user.did },
-        options: { enableConnectedAccount: true },
-      });
+      const prevUser = await getUserWithinFederated(
+        {
+          teamDid,
+          sourceAppPid: verifySite.appPid,
+          userDid: user.did,
+          userPk: user.pk,
+        },
+        {
+          node,
+          blocklet,
+        }
+      );
       // HACK: member 调用 master 时，将 passport 的 role 还原为 master 中原有的 role
       const targetPassport = passport?.id ? (prevUser?.passports || []).find((item) => item.id === passport.id) : null;
 
@@ -718,7 +807,6 @@ module.exports = {
       }
       const realDid = prevUser?.did || user.did;
       const realPk = prevUser?.pk || user.pk;
-      // NOTICE: 这里是 Master 登录，不需要 sourceAppPid 字段
       const newUser = await node.loginUser({
         teamDid,
         user: {
@@ -726,6 +814,7 @@ module.exports = {
           did: realDid,
           pk: realPk,
           passport: targetPassport,
+          sourceAppPid: verifySite.appPid,
           connectedAccount: {
             provider: provider || LOGIN_PROVIDER.WALLET,
             did: user.did,

package/api/routes/oauth.js

@@ -23,7 +23,12 @@ const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
 const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../util');
 const { ApiError } = require('../util/error');
-const { loginAuth0, getFederatedMaster, getOAuthUserInfo, shouldSyncFederated } = require('../util/federated');
+const {
+  getFederatedMaster,
+  getOAuthUserInfo,
+  shouldSyncFederated,
+  getUserWithinFederated,
+} = require('../util/federated');
 
 const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
 
@@ -70,6 +75,7 @@ async function login(req, node, options) {
     throw new ApiError(400, t('oauthCantBeOwner', locale));
   }
   const { did: teamDid, wallet: blockletWallet, secret, appUrl } = await req.getBlockletInfo();
+
   let userWallet;
   let oauthInfo;
 
@@ -89,6 +95,7 @@ async function login(req, node, options) {
     oauthInfo = await authClient.getProfile(token);
     userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
   }
+
   const userDid = userWallet.address;
   const userPk = userWallet.publicKey;
 
@@ -99,15 +106,7 @@ async function login(req, node, options) {
 
   const lastLoginIp = get(req, 'headers[x-real-ip]') || '';
   let passport = { name: 'Guest', role: 'guest' };
-  let currentUser = await node.getUser({
-    teamDid,
-    user: {
-      did: userDid,
-    },
-    options: {
-      enableConnectedAccount: true,
-    },
-  });
+  let currentUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
   let doc;
   let passportForLog;
   const fullName = currentUser?.fullName || oauthInfo?.nickname;
@@ -117,6 +116,7 @@ async function login(req, node, options) {
     pk: userPk,
     id: oauthInfo.sub,
   };
+  const masterSite = getFederatedMaster(blocklet);
   let profile;
   // 当前账户已存在，更新账户信息
   if (currentUser) {
@@ -156,6 +156,7 @@ async function login(req, node, options) {
     if (invitedUserOnly) {
       throw new ApiError(403, t('needInviteToLogin', locale));
     }
+
     passportForLog = { name: 'Guest', role: 'guest' };
     profile = {
       fullName: oauthInfo.nickname,
@@ -186,7 +187,6 @@ async function login(req, node, options) {
     node
   );
 
-  const masterSite = getFederatedMaster(blocklet);
   const ua = req.headers['user-agent'];
   const userSessionDoc = await node.upsertUserSession({
     teamDid,
@@ -277,37 +277,34 @@ async function invite(req, node, options) {
   let userWallet;
   let oauthInfo;
 
+  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
+
   // NOTICE: 如果是统一登录，则向 master 站点发起 oauth 登录请求，auth0 的账户信息必须由 master 来生成
   if (sourceAppPid) {
-    const data = await loginAuth0({
+    const data = await getOAuthUserInfo({
       request: req,
       blocklet,
-      locale,
       provider,
       token,
       sourceAppPid,
+      locale,
     });
-    ({ oauthInfo, userWallet } = data);
+    userWallet = data.wallet;
+    oauthInfo = data.info;
   } else {
     const authClient = getAuthClient(blocklet, provider);
     oauthInfo = await authClient.getProfile(token);
     userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
   }
-  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
+
   const nodeInfo = await req.getNodeInfo();
   let userDid = userWallet.address;
   let userPk = userWallet.publicKey;
 
   let profile;
-  const currentUser = await node.getUser({
-    teamDid,
-    user: {
-      did: userDid,
-    },
-    options: {
-      enableConnectedAccount: true,
-    },
-  });
+
+  const currentUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
+
   const { dataDir, name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
   if (currentUser) {
     profile = {
@@ -340,8 +337,8 @@ async function invite(req, node, options) {
     profile,
     statusEndpointBaseUrl,
     teamDid,
-    userDid,
-    userPk,
+    userDid: userWallet.address,
+    userPk: userWallet.publicKey,
     locale,
     provider,
   });
@@ -506,7 +503,7 @@ async function bind(req, node, options) {
   if (!avatar) {
     const nodeInfo = await req.getNodeInfo();
     const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
-    avatar = await getAvatarByEmail(userInfo.email);
+    avatar = userInfo.picture ? await getAvatarByUrl(userInfo.picture) : await getAvatarByEmail(userInfo.email);
     avatar = await extractUserAvatar(avatar, { dataDir });
   }