npm - @abtnode/blocklet-services - Versions diffs - 1.16.32-beta-4d47ae7f → 1.16.32-beta-17be26d7 - Mend

@abtnode/blocklet-services 1.16.32-beta-4d47ae7f → 1.16.32-beta-17be26d7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/api/routes/openembed.js CHANGED Viewed

@@ -3,13 +3,13 @@ const { BLOCKLET_OPENEMBED_PREFIX } = require('@blocklet/constant');
 const pMap = require('p-map');
 const YAML = require('yaml');
 const { joinURL, withQuery, withLeadingSlash, withoutTrailingSlash } = require('ufo');
-const { fromAppDid } = require('@arcblock/did-ext');
-const { types } = require('@ocap/mcrypto');
+const { types, Hasher } = require('@ocap/mcrypto');
 const { hasStartEngine } = require('@blocklet/meta/lib/util');
+const { fromPublicKey } = require('@ocap/wallet');
 const { api } = require('../libs/api');
-async function getComponentOpenEmbedData(component, { generateDid }) {
+async function getComponentOpenEmbedData(component) {
   const port = component?.ports?.BLOCKLET_PORT || component?.environmentObj?.BLOCKLET_PORT;
   // NOTICE: 此处更倾向于使用本地地址，这也能达到更快的速度
   const url = joinURL(`http://127.0.0.1:${port}`, BLOCKLET_OPENEMBED_PREFIX);
@@ -40,7 +40,10 @@ async function getComponentOpenEmbedData(component, { generateDid }) {
       const mergedPathname = joinURL(mountPoint, pathname);
       const pathItem = result.embeds[pathname];
       pathItem.tags = [title];
-      const itemWallet = generateDid(JSON.stringify(['openembed', did, pathname]));
+      const walletPk = Hasher.SHA3.hash256(JSON.stringify(['openembed', did, pathname]));
+      const itemWallet = fromPublicKey(walletPk, {
+        role: types.RoleType.ROLE_ANY,
+      });
       pathItem['x-meta'] = {
         id: itemWallet.address,
         did,
@@ -103,7 +106,7 @@ async function mergeOpenEmbed(dataList, { blocklet, node }) {
   };
 }
-async function generateOpenEmbedData({ blocklet, did, generateDid, node }) {
+async function generateOpenEmbedData({ blocklet, did, node }) {
   const blockletCompontList = blocklet?.children || [];
   const appUrl = blocklet?.environmentObj?.BLOCKLET_APP_URL;
   const healthCheckUrl = joinURL(appUrl, '/.well-known/service/health');
@@ -116,20 +119,16 @@ async function generateOpenEmbedData({ blocklet, did, generateDid, node }) {
   if (did) {
     const findComponent = runningCompontList.find((component) => component?.meta?.did === did);
     if (findComponent) {
-      const result = getComponentOpenEmbedData(findComponent, { baseUrl: appUrl, generateDid });
+      const result = getComponentOpenEmbedData(findComponent, { baseUrl: appUrl });
       return result;
     }
     return null;
   }
   // 多个 component 组合
-  const componentListData = await pMap(
-    runningCompontList,
-    (x) => getComponentOpenEmbedData(x, { baseUrl: appUrl, generateDid }),
-    {
-      concurrency: 3,
-      stopOnError: false,
-    }
-  );
+  const componentListData = await pMap(runningCompontList, (x) => getComponentOpenEmbedData(x, { baseUrl: appUrl }), {
+    concurrency: 3,
+    stopOnError: false,
+  });
   const result = await mergeOpenEmbed(componentListData, { blocklet, node });
   return result;
 }
@@ -140,12 +139,7 @@ module.exports = {
     app.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/openembed.yaml`, async (req, res) => {
       const { did } = req.query;
       const blocklet = await req.getBlocklet({ useCache: false });
-      const { permanentWallet } = await req.getBlockletInfo();
-      const rootSk = permanentWallet.secretKey;
-      function generateDid(didPath) {
-        return fromAppDid(didPath, rootSk, types.RoleType.ROLE_ASSET);
-      }
-      const data = await generateOpenEmbedData({ blocklet, did, generateDid, node });
+      const data = await generateOpenEmbedData({ blocklet, did, node });
       const ymlData = YAML.stringify(data);
       res.setHeader('Content-Disposition', 'attachment; filename="openembed.yml"');
       res.status(200).send(ymlData);
@@ -154,13 +148,8 @@ module.exports = {
     app.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/openembed.json`, async (req, res) => {
       const { did } = req.query;
       const blocklet = await req.getBlocklet({ useCache: false });
-      const { permanentWallet } = await req.getBlockletInfo();
-      const rootSk = permanentWallet.secretKey;
-      function generateDid(didPath) {
-        return fromAppDid(didPath, rootSk, types.RoleType.ROLE_ASSET);
-      }
-      const data = await generateOpenEmbedData({ blocklet, did, generateDid, node });
+      const data = await generateOpenEmbedData({ blocklet, did, node });
       res.status(200).json(data);
     });
   },

package/api/routes/user-session.js CHANGED Viewed

@@ -201,6 +201,8 @@ module.exports = {
               fullName: loggedInUser.fullName,
               provider,
               walletOS,
+              emailVerified: !!user.emailVerified,
+              phoneVerified: !!user.phoneVerified,
             },
             {
               ...sessionConfig,

package/api/routes/user.js CHANGED Viewed

@@ -295,7 +295,6 @@ async function login(req, node, options) {
   );
   const { createSessionToken } = initJwt(node, options);
   const createToken = createTokenFn(createSessionToken);
   const sessionConfig = blocklet.settings?.session || {};
   const { sessionToken, refreshToken } = createToken(
@@ -307,6 +306,8 @@ async function login(req, node, options) {
       fullName: userDoc.fullName,
       provider,
       walletOS: 'api',
+      emailVerified: !!userDoc.emailVerified,
+      phoneVerified: !!userDoc.phoneVerified,
     },
     { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
   );
@@ -526,6 +527,8 @@ module.exports = {
           fullName: loggedInUser.fullName,
           provider: 'wallet',
           walletOS,
+          emailVerified: !!loggedInUser.emailVerified,
+          phoneVerified: !!loggedInUser.phoneVerified,
         },
         { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
       );
@@ -801,7 +804,19 @@ module.exports = {
       }
       res.json(
-        pick(user || {}, ['did', 'locale', 'avatar', 'fullName', 'email', 'phone', 'url', 'inviter', 'generation'])
+        pick(user || {}, [
+          'did',
+          'locale',
+          'avatar',
+          'fullName',
+          'email',
+          'phone',
+          'url',
+          'inviter',
+          'generation',
+          'emailVerified',
+          'phoneVerified',
+        ])
       );
     });

package/api/services/analytics/index.js CHANGED Viewed

@@ -1,38 +1,35 @@
 /* eslint-disable consistent-return */
 const fs = require('fs-extra');
 const { getHtmlResultPath } = require('@abtnode/analytics');
-const { PREFIXES } = require('../../util/constants');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 module.exports = {
   init({ app, node }) {
-    PREFIXES.forEach((prefix) => {
-      app.get(`${prefix}/api/analytics/traffic`, async (req, res) => {
-        if (!req.user) {
-          return res.status(403).send('You are not allowed to view this page');
-        }
+    app.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/analytics/traffic`, async (req, res) => {
+      if (!req.user) {
+        return res.status(403).send('You are not allowed to view this page');
+      }
-        const blocklet = await req.getBlocklet();
-        if (!blocklet) {
-          return res.status(400).send('Blocklet not found');
-        }
+      const blocklet = await req.getBlocklet();
+      if (!blocklet) {
+        return res.status(400).send('Blocklet not found');
+      }
-        if (blocklet.mode !== 'production') {
-          return res.status(400).send('Traffic analytics are only available for production blocklets');
-        }
+      if (blocklet.mode !== 'production') {
+        return res.status(400).send('Traffic analytics are only available for production blocklets');
+      }
-        const { date } = req.query;
-        if (!date) {
-          return res.status(400).send('Date is required to load traffic analytics');
-        }
+      const { date } = req.query;
+      if (!date) {
+        return res.status(400).send('Date is required to load traffic analytics');
+      }
-        const filePath = getHtmlResultPath(node.dataDirs.data, date, blocklet.appPid);
-        if (fs.existsSync(filePath) === false) {
-          return res.status(400).send('Traffic insight for selected date not found');
-        }
+      const filePath = getHtmlResultPath(node.dataDirs.data, date, blocklet.appPid);
+      if (fs.existsSync(filePath) === false) {
+        return res.status(400).send('Traffic insight for selected date not found');
+      }
-        return res.sendFile(filePath);
-      });
+      return res.sendFile(filePath);
     });
   },
 };

package/api/services/auth/connect/invite.js CHANGED Viewed

@@ -1,4 +1,3 @@
-const get = require('lodash/get');
 const { joinURL } = require('ufo');
 const {
   createInvitationRequest,
@@ -8,12 +7,15 @@ const {
   beforeInvitationRequest,
 } = require('@abtnode/auth/lib/auth');
 const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
-const { NODE_SERVICES, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const { createTokenFn, getDidConnectVersion } = require('../../../util');
 const { getUserWithinFederated } = require('../../../util/federated');
+const { getProfileItems, getKycClaims, verifyKycClaims } = require('../../../libs/kyc');
+const { getTrustedIssuers } = require('../../../util/blocklet-utils');
+const { getUser } = require('../../../libs/jwt');
 const logger = require('../../../libs/logger')('auth');
 module.exports = function createRoutes(node, authenticator, createSessionToken) {
@@ -27,37 +29,37 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
       await beforeInvitationRequest({ node, teamDid, locale, inviteId });
     },
-    claims: {
-      profile: async ({ extraParams, context }) => {
-        const { locale } = extraParams;
+    onConnect: async ({ userDid, extraParams, request, baseUrl, didwallet }) => {
+      const { locale, inviteId } = extraParams;
+      checkWalletVersion({ didwallet, locale });
+      const nodeInfo = await request.getNodeInfo();
+      const blocklet = await request.getBlocklet();
+      const teamDid = request.get('x-blocklet-did');
-        const config = await context.request.getServiceConfig(NODE_SERVICES.AUTH);
-        const profileFields = get(config, 'profileFields');
-        return {
-          fields: profileFields || ['fullName', 'avatar'],
+      const claims = {
+        profile: {
+          fields: getProfileItems(blocklet.settings?.session, didwallet),
           description: messages.description[locale],
-        };
-      },
-      signature: async ({ extraParams, context: { request, baseUrl, didwallet } }) => {
-        const { locale, inviteId } = extraParams;
-        checkWalletVersion({ didwallet, locale });
-        const nodeInfo = await request.getNodeInfo();
-        const teamDid = request.get('x-blocklet-did');
-        return createInvitationRequest({
+        },
+        signature: await createInvitationRequest({
           node,
           nodeInfo,
           teamDid,
           inviteId,
           locale,
           baseUrl,
-        });
-      },
+        }),
+      };
+      const sourceAppPid = getSourceAppPid(request);
+      const user = await getUser(node, teamDid, userDid);
+      const trustedIssuers = await getTrustedIssuers(blocklet, { sourceAppPid });
+      Object.assign(claims, getKycClaims(blocklet, user, locale, baseUrl, trustedIssuers));
+      return claims;
     },
-    onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl }) => {
+    onAuth: async ({ claims, userDid, userPk, challenge, updateSession, extraParams, req, baseUrl }) => {
       // NOTICE: 和 did-connect 相关的 visitorId 需要从 extraParams 中获取，不能从 headers 中获取
       const { locale, inviteId, visitorId } = extraParams;
       const sourceAppPid = getSourceAppPid(req);
@@ -68,7 +70,18 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
       const statusEndpointBaseUrl = joinURL(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX);
       const endpoint = baseUrl;
-      await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
+      const existUser = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
+      const kycUpdates = await verifyKycClaims({
+        node,
+        blocklet,
+        teamDid,
+        claims,
+        challenge,
+        locale,
+        sourceAppPid,
+        user: existUser,
+      });
       const { passport, response, role, profile, user } = await handleInvitationResponse({
         req,
@@ -82,6 +95,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         claims,
         statusEndpointBaseUrl,
         endpoint,
+        kycUpdates,
       });
       const walletOS = req.context.didwallet.os;

package/api/services/auth/connect/issue-kyc.js ADDED Viewed

@@ -0,0 +1,58 @@
+const { joinURL } = require('ufo');
+const {
+  checkWalletVersion,
+  beforeIssueKycRequest,
+  handleIssueKycResponse,
+  messages,
+} = require('@abtnode/auth/lib/auth');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+module.exports = function createRoutes(node) {
+  return {
+    action: 'issue-kyc',
+    onStart: async ({ extraParams, req }) => {
+      const { code, locale = 'en' } = extraParams;
+      const teamDid = req.get('x-blocklet-did');
+      await beforeIssueKycRequest({ node, teamDid, code, locale });
+    },
+    claims: {
+      profile: ({ extraParams, context: { didwallet } }) => {
+        const { locale } = extraParams;
+        checkWalletVersion({ didwallet, locale });
+        return {
+          type: 'profile',
+          description: messages.description[locale],
+          items: ['fullName', 'avatar'],
+        };
+      },
+    },
+    onAuth: async ({ userDid, userPk, claims, extraParams, request, baseUrl }) => {
+      const { locale, code, updateKyc, inviter } = extraParams;
+      const nodeInfo = await node.getNodeInfo();
+      const teamDid = request.get('x-blocklet-did');
+      const statusEndpointBaseUrl = joinURL(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX);
+      const endpoint = baseUrl;
+      const result = await handleIssueKycResponse({
+        request,
+        node,
+        nodeInfo,
+        teamDid,
+        userDid,
+        userPk,
+        code,
+        locale,
+        claims,
+        statusEndpointBaseUrl,
+        endpoint,
+        inviter,
+        updateKyc: updateKyc === '1',
+      });
+      return result;
+    },
+  };
+};

package/api/services/auth/connect/login.js CHANGED Viewed

@@ -58,6 +58,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         return result;
       } catch (err) {
+        console.error(err);
         logger.error('login.error', { error: err, userDid });
         throw new Error(err.message);
       }

package/api/services/auth/connect/update-kyc.js ADDED Viewed

@@ -0,0 +1,82 @@
+const { messages } = require('@abtnode/auth/lib/auth');
+const { getKycClaims, verifyKycClaims, getProfileItems, isProfileClaimRequired } = require('../../../libs/kyc');
+const { getTrustedIssuers } = require('../../../util/blocklet-utils');
+// Used to update user kyc status using existing certificates
+// eslint-disable-next-line no-unused-vars
+module.exports = function createRoutes(node, authenticator, createSessionToken) {
+  return {
+    action: 'update-kyc',
+    onConnect: async ({ userDid, extraParams, request, baseUrl }) => {
+      const { locale, sourceAppPid } = extraParams;
+      const blocklet = await request.getBlocklet();
+      const user = await node.getUser({ teamDid: blocklet.appPid, user: { did: userDid } });
+      if (!user) {
+        throw new Error(messages.userNotFound[locale]);
+      }
+      if (!user.approved) {
+        throw new Error(messages.notAllowedAppUser[locale]);
+      }
+      const claims = {};
+      if (isProfileClaimRequired(blocklet, user)) {
+        const profileItems = getProfileItems(blocklet.settings?.session, request.context.didwallet);
+        claims.profile = {
+          type: 'profile',
+          description: messages.description[locale],
+          items: profileItems,
+        };
+      }
+      const trustedIssuers = await getTrustedIssuers(blocklet, { sourceAppPid });
+      return Object.assign(claims, getKycClaims(blocklet, user, locale, baseUrl, trustedIssuers));
+    },
+    onAuth: async ({ userDid, claims, challenge, extraParams, request }) => {
+      const { locale, sourceAppPid } = extraParams;
+      const profile = claims.find((claim) => claim.type === 'profile');
+      const blocklet = await request.getBlocklet();
+      const user = await node.getUser({ teamDid: blocklet.appPid, user: { did: userDid } });
+      if (!user) {
+        throw new Error(messages.userNotFound[locale]);
+      }
+      if (!user.approved) {
+        throw new Error(messages.notAllowedAppUser[locale]);
+      }
+      const kycUpdates = await verifyKycClaims({
+        node,
+        blocklet,
+        teamDid: blocklet.appPid,
+        claims,
+        challenge,
+        locale,
+        sourceAppPid,
+        user,
+      });
+      const profileUpdates = {};
+      if (profile) {
+        if (profile.email) {
+          profileUpdates.email = profile.email;
+        }
+        if (profile.phone) {
+          profileUpdates.phone = profile.phone;
+        }
+      }
+      const updatedUser = await node.updateUser({
+        teamDid: blocklet.appPid,
+        user: {
+          did: userDid,
+          kycChanged: true,
+          ...kycUpdates,
+          ...profileUpdates,
+        },
+      });
+      return updatedUser;
+    },
+  };
+};

package/api/services/auth/index.js CHANGED Viewed

@@ -10,6 +10,7 @@ const {
   WHO_CAN_ACCESS,
   WHO_CAN_ACCESS_PREFIX_ROLES,
   ROLES,
+  WELLKNOWN_SERVICE_PATH_PREFIX,
 } = require('@abtnode/constant');
 const { BLOCKLET_MODES } = require('@blocklet/constant');
 const { setUserInfoHeaders } = require('@abtnode/auth/lib/auth');
@@ -37,12 +38,14 @@ const createCheckHasProjectIdAuth = require('./connect/check-has-project-id');
 const createFuelAuth = require('./connect/fuel');
 const createMigrateToStructV2Routes = require('./connect/migrate-app-to-struct-v2');
 const createTransferAppOwnerRoutes = require('./connect/transfer-app-owner');
+const createIssueKycAuth = require('./connect/issue-kyc');
+const createUpdateKycAuth = require('./connect/update-kyc');
 const createReceiveTransferAppOwnerRoutes = require('./connect/receive-transfer-app-owner');
 const createSessionRoutes = require('./session');
 const createPassportRoutes = require('./passport');
 const { getRedirectUrl, shouldIgnoreUrl } = require('../../util');
-const { PREFIXES } = require('../../util/constants');
 const { createConnectToDidSpacesForUserRoute } = require('./connect/connect-to-did-spaces-for-user');
+const { isEmailKycRequired } = require('../../libs/kyc');
 const getTokenFromWsConnect = (req, options) => {
   const cookies = cookie.parse(req.headers.cookie || '');
@@ -244,6 +247,8 @@ const init = ({ node, options }) => {
       handler.attach(Object.assign({ app }, createReceiveTransferAppOwnerRoutes(node, options, createSessionToken)));
       handler.attach(Object.assign({ app }, createGenBlockletKeyPareAuth(node, options, createSessionToken)));
       handler.attach(Object.assign({ app }, createCheckHasProjectIdAuth(node, options, createSessionToken)));
+      handler.attach(Object.assign({ app }, createIssueKycAuth(node, authenticator, createSessionToken)));
+      handler.attach(Object.assign({ app }, createUpdateKycAuth(node, authenticator, createSessionToken)));
     });
   };
@@ -261,16 +266,14 @@ const init = ({ node, options }) => {
   };
   routes.createCommonRoutes = {
     init: (router) => {
-      PREFIXES.forEach((prefix) => {
-        router.get(`${prefix}/redirect-with-login`, async (req, res) => {
-          if (req.query.setupToken) {
-            await req.attachSetupToken({ res, token: req.query.setupToken }).catch((error) => {
-              logger.error('attach login token failed when redirecting with login', { error }); // 不阻塞跳转
-            });
-          }
+      router.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/redirect-with-login`, async (req, res) => {
+        if (req.query.setupToken) {
+          await req.attachSetupToken({ res, token: req.query.setupToken }).catch((error) => {
+            logger.error('attach login token failed when redirecting with login', { error }); // 不阻塞跳转
+          });
+        }
-          res.redirect('/');
-        });
+        res.redirect('/');
       });
     },
   };
@@ -319,6 +322,27 @@ const init = ({ node, options }) => {
     next();
   };
+  middlewares.checkKyc = async (req, res, next) => {
+    if (req.user) {
+      const component = await req.getComponent();
+      if (component?.mode === 'development') {
+        return next();
+      }
+      const blocklet = await req.getBlocklet();
+      if (isEmailKycRequired(blocklet) && !req.user.emailVerified) {
+        if (req.accepts(['html', 'json']) === 'html') {
+          return res.redirect(getRedirectUrl({ req, pagePath: '/kyc/email', params: { updateKyc: 1 } }));
+        }
+        // Security principles: user should not known the reason
+        return res.status(403).json({ code: 403, error: REASON_403 });
+      }
+    }
+    return next();
+  };
   middlewares.checkAuth = async (req, res, next) => {
     const { blocked, authenticated, authorized, payable, requiredRoles } = await checkAuth({ req });

package/api/services/auth/passport.js CHANGED Viewed

@@ -1,24 +1,21 @@
 const { getPassportStatus } = require('@abtnode/auth/lib/auth');
-const { PREFIXES } = require('../../util/constants');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 module.exports = {
   init(server, node) {
-    PREFIXES.forEach((prefix) => {
-      server.get(`${prefix}/api/passport/status`, async (req, res) => {
-        const { vcId, userDid, locale } = req.query;
-        const teamDid = req.headers['x-blocklet-did'];
+    server.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/passport/status`, async (req, res) => {
+      const { vcId, userDid, locale } = req.query;
+      const teamDid = req.headers['x-blocklet-did'];
-        // HACK: 这里的 req.query.teamDid 可能是 blocklet 容器化之前的 teamDid(等于 blocklet.yml did)，需要根据这个 did 找到现有对应的 teamDid，否则无法使用在容器化之前颁发的通行证来登录
-        const blocklet = await node.getBlocklet({ did: req.query.teamDid, useCache: true });
-        if (teamDid !== blocklet?.meta?.did) {
-          throw new Error('teamDid is invalid');
-        }
+      // HACK: 这里的 req.query.teamDid 可能是 blocklet 容器化之前的 teamDid(等于 blocklet.yml did)，需要根据这个 did 找到现有对应的 teamDid，否则无法使用在容器化之前颁发的通行证来登录
+      const blocklet = await node.getBlocklet({ did: req.query.teamDid, useCache: true });
+      if (teamDid !== blocklet?.meta?.did) {
+        throw new Error('teamDid is invalid');
+      }
-        const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
+      const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
-        res.json(status);
-      });
+      res.json(status);
     });
   },
 };