npm - @abtnode/blocklet-services - Versions diffs - 1.16.19-beta-e6aac665 → 1.16.19-beta-710018ca - Mend

@abtnode/blocklet-services 1.16.19-beta-e6aac665 → 1.16.19-beta-710018ca

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/api/libs/connect/v1.js CHANGED Viewed

@@ -66,11 +66,7 @@ module.exports = (node, opts) => {
   const handlerOpts = {
     authenticator,
-    tokenStorage: new DynamicStorage({
-      dbPath: path.join(opts.dataDir, 'connections.db'),
-      model: 'Connection',
-      primaryKey: 'token',
-    }),
+    tokenStorage: new DynamicStorage({ dbPath: path.join(opts.dataDir, 'connections.db') }),
     sendNotificationFn: async (connectedDid, message, { req }) => {
       const { wallet } = await req.getBlockletInfo();
       return sendToUser(

package/api/libs/connect/v2.js CHANGED Viewed

@@ -22,11 +22,7 @@ module.exports = (node, opts) => {
   const handlers = createHandlers({
     logger,
     authenticator,
-    storage: new DynamicStorage({
-      dbPath: path.join(opts.dataDir, 'connections.db'),
-      model: 'ConnectionV2',
-      primaryKey: 'sessionId',
-    }),
+    storage: new DynamicStorage({ dbPath: path.join(opts.dataDir, 'connections.db'), v2: true }),
     socketPathname: `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/connect/relay/websocket`,
     sendNotificationFn: async (connectedDid, message, { request }) => {
       const { wallet } = await request.getBlockletInfo();

package/api/libs/image.js CHANGED Viewed

@@ -130,68 +130,6 @@ const isImageRequest = (req) => {
 const getImageContentType = (extension) => (extension === 'svg' ? 'image/svg+xml' : `image/${extension}`);
-const tasks = {};
-const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxAge: '356d', immutable: true }) => {
-  if (fs.existsSync(cacheDir) === false) {
-    fs.mkdirSync(cacheDir, { recursive: true });
-  }
-  const params = req.imageFilter;
-  const extension = toLower(ext || path.extname(req.path).slice(1));
-  // NOTE: 不要使用 `req.accepts('image/webp')`，这里需要排除掉 `Accept: */*` 和 `Accept: image/*` 的情况
-  const acceptWebp = req.accepts().includes('image/webp');
-  if (!acceptWebp) {
-    if (params.f === 'webp') {
-      params.f = undefined;
-    }
-    if ((!extension || extension === 'webp') && !params.f) {
-      params.f = 'png';
-    }
-  }
-  if (!extension && !params.f) {
-    params.f = 'png';
-  }
-  if (!extension && !params.f) {
-    res.status(400).send('Image filter failed: either extension or format must be specified');
-    return;
-  }
-  const cacheKey = md5(stringify({ target: req.target, path: req.originalUrl, params }));
-  const destPath = getCacheFilePath(cacheDir, `${cacheKey}.${params.f || extension}`);
-  if (fs.existsSync(destPath)) {
-    res.header('Content-Type', getImageContentType(params.f || extension));
-    res.sendFile(destPath, sendOptions);
-    return;
-  }
-  // do the convert
-  tasks[cacheKey] ??= getSrc(req)
-    .then(([src, _extension]) => processImage(src, toLower(_extension), destPath, params))
-    .finally(() => {
-      setTimeout(() => {
-        delete tasks[cacheKey];
-      }, 1000);
-    });
-  tasks[cacheKey]
-    .then(() => {
-      logger.info('image filter succeed', { params, url: req.originalUrl, destPath });
-      res.header('Content-Type', getImageContentType(params.f || extension));
-      res.sendFile(destPath, sendOptions);
-    })
-    .catch((err) => {
-      logger.error('image filter failed', { error: err, params, url: req.url });
-      if (params.e) {
-        res.status(500).send(`Image service error: ${err.message}`);
-      } else {
-        res.status(500);
-        res.sendFile(errorImage, { maxAge: 0 });
-      }
-    });
-};
 const processImage = (src, extension, dest, params) => {
   return new Promise((resolve, reject) => {
     // output stream
@@ -282,6 +220,68 @@ const processImage = (src, extension, dest, params) => {
   });
 };
+const tasks = {};
+const processAndRespond = (req, res, cacheDir, getSrc, ext, sendOptions = { maxAge: '356d', immutable: true }) => {
+  if (fs.existsSync(cacheDir) === false) {
+    fs.mkdirSync(cacheDir, { recursive: true });
+  }
+  const params = req.imageFilter;
+  const extension = toLower(ext || path.extname(req.path).slice(1));
+  // NOTE: 不要使用 `req.accepts('image/webp')`，这里需要排除掉 `Accept: */*` 和 `Accept: image/*` 的情况
+  const acceptWebp = req.accepts().includes('image/webp');
+  if (!acceptWebp) {
+    if (params.f === 'webp') {
+      params.f = undefined;
+    }
+    if ((!extension || extension === 'webp') && !params.f) {
+      params.f = 'png';
+    }
+  }
+  if (!extension && !params.f) {
+    params.f = 'png';
+  }
+  if (!extension && !params.f) {
+    res.status(400).send('Image filter failed: either extension or format must be specified');
+    return;
+  }
+  const cacheKey = md5(stringify({ target: req.target, path: req.originalUrl, params }));
+  const destPath = getCacheFilePath(cacheDir, `${cacheKey}.${params.f || extension}`);
+  if (fs.existsSync(destPath)) {
+    res.header('Content-Type', getImageContentType(params.f || extension));
+    res.sendFile(destPath, sendOptions);
+    return;
+  }
+  // do the convert
+  tasks[cacheKey] ??= getSrc(req)
+    .then(([src, _extension]) => processImage(src, toLower(_extension), destPath, params))
+    .finally(() => {
+      setTimeout(() => {
+        delete tasks[cacheKey];
+      }, 1000);
+    });
+  tasks[cacheKey]
+    .then(() => {
+      logger.info('image filter succeed', { params, url: req.originalUrl, destPath });
+      res.header('Content-Type', getImageContentType(params.f || extension));
+      res.sendFile(destPath, sendOptions);
+    })
+    .catch((err) => {
+      logger.error('image filter failed', { error: err, params, url: req.url });
+      if (params.e) {
+        res.status(500).send(`Image service error: ${err.message}`);
+      } else {
+        res.status(500);
+        res.sendFile(errorImage, { maxAge: 0 });
+      }
+    });
+};
 module.exports = {
   isImageAccepted,
   isImageRequest,

package/api/libs/open-graph/emoji.js CHANGED Viewed

@@ -5,8 +5,6 @@ const fetch = require('node-fetch').default;
 const U200D = String.fromCharCode(8205); // zero-width joiner
 const UFE0Fg = /\uFE0F/g; // variation selector regex
-const getIconCode = (char) => toCodePoint(char.indexOf(U200D) < 0 ? char.replace(UFE0Fg, '') : char);
 const toCodePoint = (unicodeSurrogates) => {
   const r = [];
   let c = 0;
@@ -26,6 +24,8 @@ const toCodePoint = (unicodeSurrogates) => {
   return r.join('-');
 };
+const getIconCode = (char) => toCodePoint(char.indexOf(U200D) < 0 ? char.replace(UFE0Fg, '') : char);
 const apis = {
   twemoji: (code) => `https://cdn.jsdelivr.net/gh/twitter/twemoji@14.0.2/assets/svg/${code.toLowerCase()}.svg`,
   openmoji: 'https://cdn.jsdelivr.net/npm/@svgmoji/openmoji@2.0.0/svg/',

package/api/libs/open-graph/index.js CHANGED Viewed

@@ -107,6 +107,7 @@ const getOgImage = ({ input, info, cacheDir, format, tmpDir }) => {
     return destPath;
   }
+  // eslint-disable-next-line no-use-before-define
   generateTasks[cacheKey] ??= generateOgImage(params, tmpDir).finally(() => {
     setTimeout(() => {
       delete generateTasks[cacheKey];

package/api/routes/oauth.js CHANGED Viewed

@@ -75,6 +75,7 @@ async function login(req, node, options) {
     throw new ApiError(400, t('oauthCantBeOwner', locale));
   }
   const { did: teamDid, wallet: blockletWallet, secret, appUrl } = await req.getBlockletInfo();
   let userWallet;
   let oauthInfo;
@@ -94,6 +95,7 @@ async function login(req, node, options) {
     oauthInfo = await authClient.getProfile(token);
     userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
   }
   const userDid = userWallet.address;
   const userPk = userWallet.publicKey;
@@ -275,6 +277,8 @@ async function invite(req, node, options) {
   let userWallet;
   let oauthInfo;
+  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
   // NOTICE: 如果是统一登录，则向 master 站点发起 oauth 登录请求，auth0 的账户信息必须由 master 来生成
   if (sourceAppPid) {
     const data = await getOAuthUserInfo({
@@ -292,7 +296,7 @@ async function invite(req, node, options) {
     oauthInfo = await authClient.getProfile(token);
     userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey);
   }
-  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
   const nodeInfo = await req.getNodeInfo();
   let userDid = userWallet.address;
   let userPk = userWallet.publicKey;

package/api/routes/user.js CHANGED Viewed

@@ -7,9 +7,9 @@ const createTranslator = require('@abtnode/util/lib/translate');
 const logger = require('@abtnode/logger')('blocklet-services:user');
 const { isFromPublicKey } = require('@arcblock/did');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
-const { fromPublicKey } = require('@ocap/wallet');
 const sortBy = require('lodash/sortBy');
 const head = require('lodash/head');
+const { verify } = require('@arcblock/jwt');
 const { isInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../util');
 const initJwt = require('../libs/jwt');
@@ -19,6 +19,7 @@ const { loginWalletSchema, loginOAuthSchema, loginUserWalletSchema } = require('
 const verifySig = require('../middlewares/verify-sig');
 const { getAvatarByEmail } = require('../libs/auth/utils');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
+const { getUserWithinFederated } = require('../util/federated');
 const validateUser = (user) => {
   try {
@@ -38,12 +39,14 @@ const translations = {
     notAllowed: '你没有权限登录该节点',
     needComponentId: '缺少登录参数: componentId',
     userInfoError: '登录用户信息有误',
+    notExist: '用户不存在',
   },
   en: {
     needInviteToLogin: 'You need to be invited to sign in to this app',
     notAllowed: 'You are not allowed to login to this node',
     needComponentId: 'componentId is required when login user',
     userInfoError: 'Login user info is invalid',
+    notExist: 'User is not exist',
   },
 };
@@ -57,7 +60,13 @@ async function checkNeedInvite({ req, node, teamDid, componentId, locale }) {
   }
 }
-function checkUserEnable(user, { locale }) {
+function ensureUserExist(user, { locale }) {
+  if (!user) {
+    throw new ApiError(404, t('notExist', locale));
+  }
+}
+function ensureUserEnable(user, { locale }) {
   if (!user.approved) {
     throw new ApiError(403, t('notAllowed', locale));
   }
@@ -130,7 +139,7 @@ async function loginWallet(
   let profile = {};
   if (currentUser) {
     if (updateInfo) {
-      await checkUserEnable(currentUser, { locale });
+      ensureUserEnable(currentUser, { locale });
       profile = await composeProfileData({ avatar, email, fullName }, { node, req, teamDid });
     }
   } else {
@@ -192,7 +201,7 @@ async function loginOAuth(
   let profile = {};
   if (currentUser) {
     if (updateInfo) {
-      await checkUserEnable(currentUser, { locale });
+      ensureUserEnable(currentUser, { locale });
       profile = await composeProfileData({ avatar, email, fullName }, { node, req, teamDid });
     }
   } else {
@@ -313,21 +322,12 @@ async function login(req, node, options) {
   };
 }
-async function verifyUserSig({ userDid, signature, teamDid, data }, { node }) {
-  const currentUser = await node.getUser({
-    teamDid,
-    user: {
-      did: userDid,
-    },
-    options: {
-      enableConnectedAccount: true,
-    },
-  });
-  if (!currentUser) {
-    throw new Error('user is not exist');
-  }
-  const userWallet = fromPublicKey(currentUser.pk);
-  const valid = userWallet.verify(data, signature);
+async function verifyUserSig({ userDid, signature, teamDid, sourceAppPid, userPk }, { node, locale, blocklet }) {
+  const currentUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
+  ensureUserExist(currentUser, { locale });
+  ensureUserEnable(currentUser, { locale });
+  const valid = verify(signature, currentUser.pk);
   if (!valid) {
     throw new Error('invalid signature');
   }
@@ -357,31 +357,48 @@ module.exports = {
      * @summary 暂时不允许用户注册，只允许登录
      */
     server.post(`${prefixApi}/loginByWallet`, async (req, res) => {
-      const { userDid, signature, walletOS, nonce, visitorId, passportId, sourceAppPid = null, locale } = req.body;
+      const {
+        userDid,
+        userPk,
+        signature,
+        walletOS,
+        challenge,
+        visitorId,
+        passportId,
+        sourceAppPid = null,
+        locale,
+        componentId,
+      } = req.body;
       const { error } = loginUserWalletSchema.validate({
         userDid,
+        userPk,
         signature,
         walletOS,
-        nonce,
+        challenge,
         visitorId,
         passportId,
         sourceAppPid,
         locale,
+        componentId,
       });
       if (error) {
         throw new ApiError(400, error.message);
       }
+      // FIXME: @zhanghan 需要根据 componentId 来判断当前 component 设置的访问权限，来看当前要登录的用户是否有登录的权限
+      const blocklet = await req.getBlocklet();
       const { did: teamDid, secret } = await req.getBlockletInfo();
-      const currentUser = await verifyUserSig({ userDid, signature, teamDid, data: nonce }, { node });
+      const currentUser = await verifyUserSig(
+        { userDid, signature, teamDid, sourceAppPid, userPk },
+        { node, locale, blocklet }
+      );
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
-      const blocklet = await req.getBlocklet();
       const sessionConfig = blocklet.settings?.session || {};
       const passports = currentUser?.passports || [];
       let passport = null;
       if (passportId) {
-        passport = passports.find((x) => x.passportId === passportId);
+        passport = passports.find((x) => x.status === 'valid' && x.passportId === passportId);
       }
       if (!passport) {
         const now = new Date().getTime();
@@ -452,7 +469,7 @@ module.exports = {
       res.json({
         sessionToken,
         refreshToken,
-        nonce,
+        challenge,
         visitorId: userSession.visitorId,
       });
     });

package/api/validators/login.js CHANGED Viewed

@@ -20,13 +20,15 @@ const loginOAuthSchema = Joi.object({
 const loginUserWalletSchema = Joi.object({
   userDid: Joi.DID().trim().required(),
+  userPk: Joi.string().required(),
   signature: Joi.string().required(),
   walletOS: Joi.string().required(),
-  nonce: Joi.string().required(),
+  challenge: Joi.string().required(),
   visitorId: Joi.string().optional(),
   passportId: Joi.string().optional(),
   sourceAppPid: Joi.DID().trim().empty(null),
   locale: Joi.string().optional(),
+  componentId: Joi.string().required(),
 }).empty(null);
 exports.loginWalletSchema = loginWalletSchema;