npm - @abtnode/blocklet-services - Versions diffs - 1.16.34-beta-20241125-062922-620c3f17 → 1.16.34-beta-20241126-120125-d0907434 - Mend

@abtnode/blocklet-services 1.16.34-beta-20241125-062922-620c3f17 → 1.16.34-beta-20241126-120125-d0907434

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (204) hide show

package/api/routes/federated.js CHANGED Viewed

@@ -21,7 +21,12 @@ const initJwt = require('../libs/jwt');
 const { createTokenFn, getDidConnectVersion } = require('../util');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
 const verifyFederatedCall = require('../middlewares/verify-federated-call');
-const { getUserAvatarUrl, getFederatedMaster, getUserWithinFederated, isMaster } = require('../util/federated');
+const {
+  getUserAvatarUrl,
+  getFederatedMaster,
+  getUserWithinFederated,
+  getTrustedDomains,
+} = require('../util/federated');
 const { declareAccount, migrateAccount } = require('../services/oauth');
 const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
@@ -840,31 +845,7 @@ module.exports = {
     // 获取当前站点所有可信的域名
     server.get(`${prefix}/getTrustedDomains`, ensureBlocklet(), async (req, res) => {
       const { blocklet } = req;
-      const teamDid = blocklet.appPid;
-      const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
-        config: {
-          appId: blocklet.appDid,
-          appPid: teamDid,
-        },
-        sites: [],
-      });
-      const nodeInfo = await req.getNodeInfo();
-      const domainAliases = await node.getBlockletDomainAliases({ blocklet, nodeInfo });
-      const domainList = domainAliases.map((item) => item.value);
-      federated.sites
-        .filter((x) => x.status === 'approved' || isMaster(x))
-        .forEach((cur) => {
-          try {
-            const appDomain = new URL(cur.appUrl).host;
-            if (appDomain) {
-              domainList.push(appDomain);
-            }
-          } catch {
-            logger.error('Failed to get domain from appUrl', { appUrl: cur.appUrl });
-          }
-          domainList.push(...(cur?.aliasDomain || []));
-        });
-      const result = [...new Set(domainList)];
+      const result = await getTrustedDomains({ node, req, blocklet });
       res.json(result);
     });
   },

package/api/routes/oauth.js CHANGED Viewed

@@ -965,13 +965,11 @@ module.exports = {
     const checkReferrer = async (req, res, next) => {
       const blocklet = await req.getBlocklet();
-      const nodeInfo = await req.getNodeInfo();
-      const domainAliases = await node.getBlockletDomainAliases({ blocklet, nodeInfo });
-      const domainAliasesHost = domainAliases.map((x) => x.value);
+      const trustedDomains = await federatedUtil.getTrustedDomains({ node, req, blocklet });
       const referrer = req.get('referrer');
       const referrerHost = new URL(referrer).host;
-      if (!domainAliasesHost.includes(referrerHost)) {
+      if (!trustedDomains.includes(referrerHost)) {
         res.status(400).send(`Invalid host: ${referrerHost}`);
         return;
       }

package/api/routes/user-session.js CHANGED Viewed

@@ -1,21 +1,21 @@
 /* eslint-disable no-await-in-loop */
 const { WELLKNOWN_SERVICE_PATH_PREFIX, SESSION_TTL } = require('@abtnode/constant');
-const { LOGIN_PROVIDER } = require('@blocklet/constant');
-const pick = require('lodash/pick');
+// const { LOGIN_PROVIDER } = require('@blocklet/constant');
+// const pick = require('lodash/pick');
 const defaults = require('lodash/defaults');
 const cloneDeep = require('lodash/cloneDeep');
-const sortBy = require('lodash/sortBy');
+// const sortBy = require('lodash/sortBy');
 const omit = require('lodash/omit');
 const pLimit = require('p-limit');
-const { getSourceProvider } = require('@blocklet/meta/lib/did-utils');
+// const { getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
-const { messages } = require('@abtnode/auth/lib/auth');
+// const { messages } = require('@abtnode/auth/lib/auth');
-const logger = require('../libs/logger')('blocklet-services:user-session');
+// const logger = require('../libs/logger')('blocklet-services:user-session');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
 const { getUserAvatarUrl } = require('../util/federated');
-const initJwt = require('../libs/jwt');
-const { createTokenFn, getDidConnectVersion } = require('../util');
+// const initJwt = require('../libs/jwt');
+// const { createTokenFn, getDidConnectVersion } = require('../util');
 const prefix = `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/user-session`;
 const limit = pLimit(5);
@@ -89,199 +89,208 @@ async function patchUserSessionData(userSession, { blocklet, appPid, teamDid, no
 }
 module.exports = {
+  // eslint-disable-next-line no-unused-vars
   init(app, node, options) {
+    // FIXME: @zhanghan 登录要确保安全性
     // NOTE: 保留 /login 路由，该功能不是针对于某一个实体来操作的，需要更明确表达意图
-    app.post(`${prefix}/login`, ensureBlocklet(), async (req, res) => {
-      const { blocklet } = req;
-      const loginUserSession = req.body;
-      let visitorId = req.body?.visitorId;
-      if (!visitorId) {
-        visitorId = req.get('x-blocklet-visitor-id');
-      }
+    app.post(`${prefix}/login`, ensureBlocklet(), (req, res) => {
+      res.status(400).json({ error: 'not supported' });
-      if (!loginUserSession.userDid) {
-        res.status(400).json({ error: 'userDid is required' });
-        return;
-      }
-      if (!loginUserSession.appPid) {
-        res.status(400).json({ error: 'appPid is required' });
-        return;
-      }
+      // const { blocklet } = req;
+      // const loginUserSession = req.body;
+      // // let visitorId = req.body?.visitorId;
+      // // if (!visitorId) {
+      // //   visitorId = req.get('x-blocklet-visitor-id');
+      // // }
+      // if (!loginUserSession.id) {
+      //   res.status(400).json({ error: 'not supported' });
+      //   return;
+      // }
-      const teamDid = blocklet.appPid;
-      const userSessions = await node.getUserSession({
-        teamDid,
-        userDid: loginUserSession.userDid,
-        visitorId,
-        id: loginUserSession.id,
-      });
-      const now = Date.now();
-      const sessionTtl = blocklet.settings?.session?.ttl || SESSION_TTL;
-      // NOTICE: 保持与前端一致的排序方式，确保此时续期的是前端展示的 walletOS
-      const sortedUserSessions = sortBy(userSessions, (x) => now - new Date(x.updatedAt).getTime());
-      const validSession = sortedUserSessions.some((x) => now - new Date(x.updatedAt).getTime() < sessionTtl * 1000);
-      if (validSession) {
-        const user = await node.getUser({ teamDid, user: { did: loginUserSession.userDid } });
-        if (!user.approved) {
-          res.status(401).json(messages.notAllowedAppUser.en);
-          return;
-        }
-        const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
-          config: {
-            appId: blocklet.appDid,
-            appPid: teamDid,
-          },
-          sites: [],
-        });
-        const sourceProvider = getSourceProvider(user);
-        const provider = sourceProvider || LOGIN_PROVIDER.WALLET;
-        const memberSite = federated.sites.find(
-          (item) => item.appPid === loginUserSession.appPid && item.isMaster === false
-        );
-        const postUser = pick(user, ['did', 'pk', 'fullName', 'locale', 'inviter', 'generation']);
-        postUser.lastLoginAt = getRequestIP(req);
-        if (user.email) {
-          postUser.email = user.email;
-        }
-        if (user.avatar) {
-          postUser.avatar = getUserAvatarUrl(user.avatar, blocklet);
-        }
-        let result = {};
-        const walletOS = validSession?.extra?.walletOS || 'web';
-        const isFederatedLogin = !!memberSite;
-        if (isFederatedLogin) {
-          try {
-            result = await node.loginFederated({
-              did: teamDid,
-              data: {
-                user: postUser,
-                passport: loginUserSession.passportId ? { id: loginUserSession.passportId } : undefined,
-                walletOS,
-                provider,
-              },
-              site: memberSite,
-            });
-          } catch (err) {
-            if (err.response) {
-              const { status, data } = err.response;
-              res.status(status).json(data);
-              return;
-            }
-            throw err;
-          }
-        } else {
-          const { createSessionToken } = initJwt(node, options);
-          const createToken = createTokenFn(createSessionToken);
-          const { secret } = await req.getBlockletInfo();
-          const sessionConfig = blocklet.settings?.session || {};
-          const targetPassport = loginUserSession.passportId
-            ? (user?.passports || []).find((item) => item.id === loginUserSession.passportId)
-            : null;
-          const loggedInUser = await node.loginUser({
-            teamDid,
-            user: {
-              did: postUser.did,
-              pk: postUser.pk,
-              passport: targetPassport,
-              connectedAccount: {
-                provider,
-                did: user.did,
-                pk: user.pk,
-              },
-            },
-          });
-          result = createToken(
-            user.did,
-            {
-              secret,
-              passport: targetPassport,
-              role: targetPassport?.role || 'guest',
-              fullName: loggedInUser.fullName,
-              provider,
-              walletOS,
-              emailVerified: !!user?.emailVerified,
-              phoneVerified: !!user?.phoneVerified,
-            },
-            {
-              ...sessionConfig,
-              didConnectVersion: getDidConnectVersion(req),
-            }
-          );
-        }
-        const lastLoginIp = getRequestIP(req);
-        const ua = req.get('user-agent');
-        const walletDeviceMessageToken = req.get('wallet-device-message-token');
-        const walletDeviceId = req.get('wallet-device-id');
-        const userSessionDoc = await node.upsertUserSession({
-          id: loginUserSession.id,
-          teamDid,
-          userDid: loginUserSession.userDid,
-          visitorId,
-          appPid: loginUserSession.appPid,
-          passportId: loginUserSession.passportId,
-          status: 'online',
-          ua,
-          lastLoginIp,
-          extra: {
-            walletOS,
-            walletDeviceMessageToken,
-            walletDeviceId,
-          },
-        });
+      // if (!loginUserSession.userDid) {
+      //   res.status(400).json({ error: 'userDid is required' });
+      //   return;
+      // }
+      // if (!loginUserSession.appPid) {
+      //   res.status(400).json({ error: 'appPid is required' });
+      //   return;
+      // }
-        if (isFederatedLogin) {
-          node.syncUserSession({
-            teamDid,
-            userDid: loginUserSession.userDid,
-            visitorId: userSessionDoc.visitorId,
-            passportId: loginUserSession.passportId,
-            targetAppPid: loginUserSession.appPid,
-            ua,
-            lastLoginIp,
-            extra: {
-              walletOS,
-              walletDeviceMessageToken,
-              walletDeviceId,
-            },
-          });
-        }
-        logger.info('quick-login with', {
-          teamDid,
-          visitorId,
-          userDid: loginUserSession.userDid,
-          appPid: loginUserSession.appPid,
-          passportId: loginUserSession.passportId,
-          extra: {
-            walletOS,
-          },
-        });
+      // const teamDid = blocklet.appPid;
+      // const userSessions = await node.getUserSession({
+      //   teamDid,
+      //   userDid: loginUserSession.userDid,
+      //   // visitorId,
+      //   id: loginUserSession.id,
+      // });
+      // const now = Date.now();
+      // const sessionTtl = blocklet.settings?.session?.ttl || SESSION_TTL;
+      // // NOTICE: 保持与前端一致的排序方式，确保此时续期的是前端展示的 walletOS
+      // const sortedUserSessions = sortBy(userSessions, (x) => now - new Date(x.updatedAt).getTime());
+      // const validSession = sortedUserSessions.some((x) => now - new Date(x.updatedAt).getTime() < sessionTtl * 1000);
-        res.json({ ...result, visitorId: userSessionDoc.visitorId });
-      } else {
-        logger.warn('failed to quick-login with', {
-          teamDid,
-          visitorId,
-          userDid: loginUserSession.userDid,
-          appPid: loginUserSession.appPid,
-          passportId: loginUserSession.passportId,
-        });
-        res.status(401).json({ error: 'session expired' });
-      }
+      // if (validSession) {
+      //   const user = await node.getUser({ teamDid, user: { did: loginUserSession.userDid } });
+      //   if (!user.approved) {
+      //     res.status(401).json(messages.notAllowedAppUser.en);
+      //     return;
+      //   }
+      //   const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
+      //     config: {
+      //       appId: blocklet.appDid,
+      //       appPid: teamDid,
+      //     },
+      //     sites: [],
+      //   });
+      //   const sourceProvider = getSourceProvider(user);
+      //   const provider = sourceProvider || LOGIN_PROVIDER.WALLET;
+      //   const memberSite = federated.sites.find(
+      //     (item) => item.appPid === loginUserSession.appPid && item.isMaster === false
+      //   );
+      //   const postUser = pick(user, ['did', 'pk', 'fullName', 'locale', 'inviter', 'generation']);
+      //   postUser.lastLoginAt = getRequestIP(req);
+      //   if (user.email) {
+      //     postUser.email = user.email;
+      //   }
+      //   if (user.avatar) {
+      //     postUser.avatar = getUserAvatarUrl(user.avatar, blocklet);
+      //   }
+      //   let result = {};
+      //   const walletOS = validSession?.extra?.walletOS || 'web';
+      //   const isFederatedLogin = !!memberSite;
+      //   if (isFederatedLogin) {
+      //     try {
+      //       result = await node.loginFederated({
+      //         did: teamDid,
+      //         data: {
+      //           user: postUser,
+      //           passport: loginUserSession.passportId ? { id: loginUserSession.passportId } : undefined,
+      //           walletOS,
+      //           provider,
+      //         },
+      //         site: memberSite,
+      //       });
+      //     } catch (err) {
+      //       if (err.response) {
+      //         const { status, data } = err.response;
+      //         res.status(status).json(data);
+      //         return;
+      //       }
+      //       throw err;
+      //     }
+      //   } else {
+      //     const { createSessionToken } = initJwt(node, options);
+      //     const createToken = createTokenFn(createSessionToken);
+      //     const { secret } = await req.getBlockletInfo();
+      //     const sessionConfig = blocklet.settings?.session || {};
+      //     const targetPassport = loginUserSession.passportId
+      //       ? (user?.passports || []).find((item) => item.id === loginUserSession.passportId)
+      //       : null;
+      //     const loggedInUser = await node.loginUser({
+      //       teamDid,
+      //       user: {
+      //         did: postUser.did,
+      //         pk: postUser.pk,
+      //         passport: targetPassport,
+      //         connectedAccount: {
+      //           provider,
+      //           did: user.did,
+      //           pk: user.pk,
+      //         },
+      //       },
+      //     });
+      //     result = createToken(
+      //       user.did,
+      //       {
+      //         secret,
+      //         passport: targetPassport,
+      //         role: targetPassport?.role || 'guest',
+      //         fullName: loggedInUser.fullName,
+      //         provider,
+      //         walletOS,
+      //         emailVerified: !!user?.emailVerified,
+      //         phoneVerified: !!user?.phoneVerified,
+      //       },
+      //       {
+      //         ...sessionConfig,
+      //         didConnectVersion: getDidConnectVersion(req),
+      //       }
+      //     );
+      //   }
+      //   const lastLoginIp = getRequestIP(req);
+      //   const ua = req.get('user-agent');
+      //   const walletDeviceMessageToken = req.get('wallet-device-message-token');
+      //   const walletDeviceId = req.get('wallet-device-id');
+      //   const userSessionDoc = await node.upsertUserSession({
+      //     id: loginUserSession.id,
+      //     teamDid,
+      //     userDid: loginUserSession.userDid,
+      //     // visitorId,
+      //     appPid: loginUserSession.appPid,
+      //     passportId: loginUserSession.passportId,
+      //     status: 'online',
+      //     ua,
+      //     lastLoginIp,
+      //     extra: {
+      //       walletOS,
+      //       walletDeviceMessageToken,
+      //       walletDeviceId,
+      //     },
+      //   });
+      //   if (isFederatedLogin) {
+      //     node.syncUserSession({
+      //       teamDid,
+      //       userDid: loginUserSession.userDid,
+      //       visitorId: userSessionDoc.visitorId,
+      //       passportId: loginUserSession.passportId,
+      //       targetAppPid: loginUserSession.appPid,
+      //       ua,
+      //       lastLoginIp,
+      //       extra: {
+      //         walletOS,
+      //         walletDeviceMessageToken,
+      //         walletDeviceId,
+      //       },
+      //     });
+      //   }
+      //   logger.info('quick-login with', {
+      //     teamDid,
+      //     // visitorId,
+      //     userDid: loginUserSession.userDid,
+      //     appPid: loginUserSession.appPid,
+      //     passportId: loginUserSession.passportId,
+      //     extra: {
+      //       walletOS,
+      //     },
+      //   });
+      //   res.json({ ...result, visitorId: userSessionDoc.visitorId });
+      // } else {
+      //   logger.warn('failed to quick-login with', {
+      //     teamDid,
+      //     // visitorId,
+      //     userDid: loginUserSession.userDid,
+      //     appPid: loginUserSession.appPid,
+      //     passportId: loginUserSession.passportId,
+      //   });
+      //   res.status(401).json({ error: 'session expired' });
+      // }
     });
     /**
      * 获取指定用户的所有登录会话
+     * FIXME: @zhanghan 获取要确保安全性
      */
     app.get(`${prefix}`, ensureBlocklet(), async (req, res) => {
       const { blocklet } = req;