@abtnode/blocklet-services 1.16.37-beta-20250104-120451-e4049aeb → 1.16.37-beta-20250107-235521-f1778ec0

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2018-2020 ArcBlock
+Copyright 2018-2025 ArcBlock
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

package/api/index.js

@@ -416,6 +416,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   createConnectRelayRoutes.init(server, node, options, wsRouter);
   authRoutes.attachDidAuthHandlers(server);
   authRoutes.createPassportRoutes.init(server, node);
+  authRoutes.createPasskeyRoutes.init(server, node);
   authRoutes.createCommonRoutes.init(server, node);
 
   // API: gql

package/api/libs/auth/utils.js

@@ -33,38 +33,40 @@ async function transferPassport(fromUser, toUser, { req, teamDid, node, nodeInfo
     return;
   }
 
-  const attachments = waitPassportList.map((x) => {
-    const vcParams = {
-      issuerName,
-      issuerWallet,
-      ownerDid: toUser.did,
-      passport: { ...pick(x, ['name', 'title', 'specVersion']), endpoint: x.endpoint || blockletInfo.appUrl },
-      endpoint: getPassportStatusEndpoint({
-        baseUrl: x.endpoint || blockletInfo.appUrl,
-        userDid: toUser.did,
-        teamDid,
-      }),
-      ownerProfile: {
-        email: toUser.email,
-        fullName: toUser.fullName,
-        avatar: getUserAvatarUrl(x.endpoint || blockletInfo.appUrl, toUser.avatar),
-      },
-      preferredColor: passportColor,
-      types: teamDid === nodeInfo.did ? [VC_TYPE_NODE_PASSPORT] : x.types,
-      purpose: teamDid === nodeInfo.did || isEmpty(x.types) ? 'login' : 'verification',
-      display: x.display,
-    };
-
-    const vc = createPassportVC(vcParams);
-    return {
-      type: 'vc',
-      data: {
-        credential: vc,
-        tag: x.name,
+  const attachments = await Promise.all(
+    waitPassportList.map(async (x) => {
+      const vcParams = {
+        issuerName,
+        issuerWallet,
+        ownerDid: toUser.did,
+        passport: { ...pick(x, ['name', 'title', 'specVersion']), endpoint: x.endpoint || blockletInfo.appUrl },
+        endpoint: getPassportStatusEndpoint({
+          baseUrl: x.endpoint || blockletInfo.appUrl,
+          userDid: toUser.did,
+          teamDid,
+        }),
+        ownerProfile: {
+          email: toUser.email,
+          fullName: toUser.fullName,
+          avatar: getUserAvatarUrl(x.endpoint || blockletInfo.appUrl, toUser.avatar),
+        },
+        preferredColor: passportColor,
+        types: teamDid === nodeInfo.did ? [VC_TYPE_NODE_PASSPORT] : x.types,
+        purpose: teamDid === nodeInfo.did || isEmpty(x.types) ? 'login' : 'verification',
         display: x.display,
-      },
-    };
-  });
+      };
+
+      const vc = await createPassportVC(vcParams);
+      return {
+        type: 'vc',
+        data: {
+          credential: vc,
+          tag: x.name,
+          display: x.display,
+        },
+      };
+    })
+  );
   const insertPassportList = attachments.map((item, index) => {
     return {
       ...createUserPassport(item.data.credential, { role: item.data.tag, display: item.data.display }),

package/api/libs/connect/session.js

@@ -31,6 +31,7 @@ const {
   getPassportClaimUrl,
 } = require('@abtnode/auth/lib/passport');
 const { getKeyPairClaim, getAuthPrincipalForMigrateAppToV2 } = require('@abtnode/auth/lib/server');
+const { checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
 const { fromAppDid } = require('@arcblock/did-ext');
 const { LOGIN_PROVIDER, BLOCKLET_APP_SPACE_REQUIREMENT, DID_SPACES } = require('@blocklet/constant');
 const createTranslator = require('@abtnode/util/lib/translate');
@@ -46,7 +47,7 @@ const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abt
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 
 const logger = require('../logger')('connect');
-const { checkInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../../util');
+const { createTokenFn, getDidConnectVersion } = require('../../util');
 const { transferPassport, PASSPORT_VC_TYPES } = require('../auth/utils');
 const { migrateAccount, declareAccount } = require('../../services/oauth');
 const { getKycClaims, verifyKycClaims, getPassportVc, isProfileUrlSupported, getProfileItems } = require('../kyc');
@@ -393,7 +394,7 @@ module.exports = {
 
         const profile = claims.find((x) => x.type === 'profile');
 
-        vc = createPassportVC({
+        vc = await createPassportVC({
           issuerName: name,
           issuerWallet: wallet,
           issuerAvatarUrl: getAppAvatarUrl(baseUrl),

package/api/routes/blocklet.js

@@ -244,7 +244,7 @@ module.exports = {
         const hasOwnerPassport = (user.passports || []).some((x) => x.name === role);
         if (hasOwnerPassport === false) {
           // create vc
-          const vc = createPassportVC({
+          const vc = await createPassportVC({
             issuerName: name,
             issuerWallet: wallet,
             issuerAvatarUrl: getAppAvatarUrl(appUrl),

package/api/routes/oauth.js

@@ -1,27 +1,25 @@
 const { handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
-const { upsertToPassports, createPassportSvg } = require('@abtnode/auth/lib/passport');
+const { createPassportList, createPassportSwitcher, checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
 const {
   WELLKNOWN_SERVICE_PATH_PREFIX,
   PASSPORT_STATUS,
   ROLES,
   SECURITY_RULE_DEFAULT_ID,
 } = require('@abtnode/constant');
-const { extractUserAvatar, getUserAvatarUrl, getAppAvatarUrl } = require('@abtnode/util/lib/user');
+const { extractUserAvatar, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const { fromAppDid } = require('@arcblock/did-ext');
-const { getBlockletAppIdList } = require('@blocklet/meta/lib/util');
-const uniq = require('lodash/uniq');
 const last = require('lodash/last');
 const pick = require('lodash/pick');
 const sortBy = require('lodash/sortBy');
 const cloneDeep = require('lodash/cloneDeep');
 const { joinURL } = require('ufo');
+const { upsertToPassports } = require('@abtnode/auth/lib/passport');
 const { getWalletDid, getConnectedAccounts, getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const CustomError = require('@abtnode/util/lib/custom-error');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
-const { getActivePassports } = require('@abtnode/util/lib/passport');
 const { withHttps, withTrailingSlash } = require('ufo');
 
 const logger = require('../libs/logger')('oauth');
@@ -34,7 +32,7 @@ const OAuthApple = require('../libs/auth/adapters/apple');
 const { getAvatarByEmail, transferPassport, getAvatarByUrl } = require('../libs/auth/utils');
 const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
-const { checkInvitedUserOnly, createTokenFn, getDidConnectVersion, redirectWithoutCache } = require('../util');
+const { createTokenFn, getDidConnectVersion, redirectWithoutCache } = require('../util');
 const federatedUtil = require('../util/federated');
 const { isOAuthEmailVerified, isEmailUniqueRequired, isEmailKycRequired, isSameEmail } = require('../libs/kyc');
 const checkUser = require('../middlewares/check-user');
@@ -768,67 +766,25 @@ async function unbind(req, node) {
 }
 
 module.exports = {
-  init(server, node, options) {
-    server.get(`${prefixApi}/configs`, async (req, res) => {
+  checkUser,
+
+  init(router, node, options) {
+    const { createSessionToken } = initJwt(node, options);
+
+    router.get(`${prefixApi}/configs`, async (req, res) => {
       const blocklet = await req.getBlocklet();
       const oauthConfig = blocklet?.settings?.oauth || {};
       res.send(oauthConfig);
     });
 
-    server.get(`${prefixApi}/passports`, checkUser, async (req, res) => {
-      const userDid = req.user.did;
-      const blockletInfo = await req.getBlockletInfo();
-      const nodeInfo = await req.getNodeInfo();
-      const { did: teamDid, wallet: blockletWallet, appUrl } = blockletInfo;
-      const { passportColor } = await getApplicationInfo({ node, nodeInfo, teamDid });
-      const issuerDidList = uniq([blockletWallet.address, ...getBlockletAppIdList(blockletInfo)]);
-      // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
-      const user = await node.getUser({ teamDid, user: { did: userDid } });
-      let ownerAvatarUrl = getUserAvatarUrl(appUrl, user.avatar);
-      try {
-        // FIXME: @zhanghan 暂时将 imageFilter 等 queryString 参数移除
-        const ownerAvatarUrlInstance = new URL(ownerAvatarUrl);
-        ownerAvatarUrlInstance.search = '';
-        ownerAvatarUrl = ownerAvatarUrlInstance.href;
-      } catch {
-        /* empty */
-      }
-      let issuerAvatarUrl = getAppAvatarUrl(appUrl);
-      try {
-        // FIXME: @zhanghan 暂时将 imageFilter 等 queryString 参数移除
-        const issuerAvatarUrlInstance = new URL(issuerAvatarUrl);
-        issuerAvatarUrlInstance.search = '';
-        issuerAvatarUrl = issuerAvatarUrlInstance.href;
-      } catch {
-        /* empty */
-      }
+    router.get(`${prefixApi}/passports`, checkUser, createPassportList(node, 'service'));
+    router.post(
+      `${prefixApi}/switch`,
+      checkUser,
+      createPassportSwitcher(node, createTokenFn(createSessionToken), 'service')
+    );
 
-      const { passports = [] } = user || {};
-      const passportTypes = getActivePassports({ passports }, issuerDidList).map((x) => {
-        return {
-          ...pick(x, ['id', 'name', 'title', 'role', 'scope', 'role']),
-          display:
-            x.scope === 'custom'
-              ? x.display
-              : createPassportSvg({
-                  scope: x.scope,
-                  role: x.role,
-                  title: x.scope === 'kyc' ? x.name : x.title,
-                  issuer: x.issuer.name,
-                  issuerDid: x.issuer.id,
-                  issuerAvatarUrl,
-                  ownerName: user?.fullName,
-                  ownerDid: userDid,
-                  ownerAvatarUrl,
-                  isDataUrl: true,
-                  preferredColor: passportColor || 'auto',
-                }),
-        };
-      });
-      res.send(passportTypes);
-    });
-
-    server.post(`${prefixApi}/bind`, checkUser, async (req, res) => {
+    router.post(`${prefixApi}/bind`, checkUser, async (req, res) => {
       try {
         await bind(req, node, options);
         res.status(200).json({});
@@ -842,7 +798,7 @@ module.exports = {
       }
     });
 
-    server.post(`${prefixApi}/unbind`, checkUser, async (req, res) => {
+    router.post(`${prefixApi}/unbind`, checkUser, async (req, res) => {
       try {
         await unbind(req, node, options);
         res.status(200).json({});
@@ -856,58 +812,12 @@ module.exports = {
       }
     });
 
-    server.post(`${prefixApi}/switch`, checkUser, async (req, res) => {
-      const { did: userDid, provider } = req.user;
-      const { passportId } = req.body;
-      const blocklet = await req.getBlocklet();
-      const { did: teamDid, secret } = await req.getBlockletInfo();
-      // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
-      const user = await node.getUser({ teamDid, user: { did: userDid } });
-      const { passports = [] } = user || {};
-      const passport = passportId
-        ? passports.find((item) => item.id === passportId)
-        : { name: 'Guest', role: 'guest', scope: 'passport' };
-      await node.createAuditLog(
-        {
-          action: 'switchPassport',
-          args: { teamDid, userDid, passport, provider: user?.sourceProvider },
-          context: formatContext(Object.assign(req, { user })),
-          result: user,
-        },
-        node
-      );
-      const { createSessionToken } = initJwt(node, options);
-      const createToken = createTokenFn(createSessionToken);
-      const sessionConfig = blocklet.settings?.session || {};
-      const { sessionToken, refreshToken } = createToken(
-        userDid,
-        {
-          secret,
-          passport,
-          role: passport.scope === 'passport' ? passport.role : ROLES.GUEST,
-          fullName: user?.fullName,
-          provider,
-          walletOS: 'web',
-          emailVerified: !!user?.emailVerified,
-          phoneVerified: !!user?.phoneVerified,
-        },
-        { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
-      );
-
-      // for backward compatibility
-      if (!getDidConnectVersion(req)) {
-        res.status(200).send(sessionToken);
-      }
-
-      res.status(200).json({ sessionToken, refreshToken });
-    });
-
     /**
      * oauth 方式登录
      * 1. 普通配置下，登录/注册是同样的流程，登录过程中会自动注册账号
      * 2. 仅邀请可登录模式下，只允许登录，不允许注册
      */
-    server.post(`${prefixApi}/login`, async (req, res) => {
+    router.post(`${prefixApi}/login`, async (req, res) => {
       const { action = 'login' } = req.body;
       const actionMap = {
         login,
@@ -931,7 +841,7 @@ module.exports = {
       }
     });
 
-    server.post(`${prefixApi}/getUser`, async (req, res) => {
+    router.post(`${prefixApi}/getUser`, async (req, res) => {
       const { provider, token, idToken, code, appPid } = req.body;
       const blocklet = await req.getBlocklet();
       const oauthInfo = await getOAuthUserInfo({ blocklet, provider, token, idToken, code, appPid });
@@ -959,7 +869,7 @@ module.exports = {
       };
     };
 
-    server.get(`${prefix}/login/:provider`, checkReferrerMiddleware(), async (req, res) => {
+    router.get(`${prefix}/login/:provider`, checkReferrerMiddleware(), async (req, res) => {
       const { provider } = req.params;
       const blocklet = await req.getBlocklet();
       const availableProviderList = Object.keys(blocklet.settings?.oauth).filter(
@@ -977,7 +887,7 @@ module.exports = {
 
     // HACK: apple 需要特殊处理，callback 使用的是 post 请求返回的，通过特殊处理转为 get 请求，转由前端继续处理
     // 此处改为所有 provider 都兼容的模式
-    server.post(`${prefix}/callback/:provider`, (req, res) => {
+    router.post(`${prefix}/callback/:provider`, (req, res) => {
       /**
        * @type {{code?: string, user?: {name: {firstName: string, lastName: string}, email: string}}}
        */

package/api/routes/user.js

@@ -4,22 +4,23 @@ const { fromAppDid } = require('@arcblock/did-ext');
 const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
+const { fromBase64 } = require('@ocap/util');
 const { isFromPublicKey } = require('@arcblock/did');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
-const sortBy = require('lodash/sortBy');
-const head = require('lodash/head');
 const pick = require('lodash/pick');
 const merge = require('lodash/merge');
 const omitBy = require('lodash/omitBy');
+const { getLastUsedPassport } = require('@abtnode/auth/lib/passport');
 const { verify, decode } = require('@arcblock/jwt');
 const { getWallet } = require('@blocklet/meta/lib/did-utils');
 const { Joi } = require('@arcblock/validator');
 const { parse } = require('@abtnode/core/lib/util/ua');
+const { checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const formatError = require('@abtnode/util/lib/format-error');
 const CustomError = require('@abtnode/util/lib/custom-error');
 
-const { checkInvitedUserOnly, createTokenFn, getDidConnectVersion } = require('../util');
+const { createTokenFn, getDidConnectVersion } = require('../util');
 const initJwt = require('../libs/jwt');
 const { getAvatarByUrl } = require('../libs/auth/utils');
 const { loginWalletSchema, loginOAuthSchema, loginUserWalletSchema, checkUserSchema } = require('../validators/login');
@@ -33,7 +34,12 @@ const { Profile } = require('../state/profile');
 
 const validateUser = (user) => {
   try {
-    return user && user.did && user.pk && isFromPublicKey(user.did, user.pk);
+    return (
+      user &&
+      user.did &&
+      user.pk &&
+      (isFromPublicKey(user.did, user.pk) || isFromPublicKey(user.did, fromBase64(user.pk)))
+    );
   } catch (e) {
     return false;
   }
@@ -524,28 +530,7 @@ module.exports = {
       const { createSessionToken } = initJwt(node, options);
       const createToken = createTokenFn(createSessionToken);
       const sessionConfig = blocklet.settings?.session || {};
-      const passports = currentUser?.passports || [];
-
-      let passport = null;
-      if (passportId) {
-        passport = passports.find((x) => x.status === 'valid' && x.passportId === passportId);
-      }
-      if (!passport) {
-        const now = new Date().getTime();
-        passport = head(
-          sortBy(passports, (x) => {
-            const lastLoginAt = new Date(x.lastLoginAt).getTime();
-            if (typeof lastLoginAt === 'number') {
-              return now - lastLoginAt;
-            }
-            return now;
-          })
-        );
-      }
-
-      if (!passport) {
-        passport = { name: 'Guest', role: 'guest' };
-      }
+      const passport = getLastUsedPassport(currentUser?.passports || [], passportId);
 
       const lastLoginIp = getRequestIP(req);
       const loggedInUser = await node.loginUser({

package/api/services/auth/connect/receive-transfer-app-owner.js

@@ -236,8 +236,7 @@ module.exports = function createRoutes(node, _, createSessionToken) {
         preferredColor: passportColor,
       };
 
-      const vc = createPassportVC(vcParams);
-
+      const vc = await createPassportVC(vcParams);
       const role = getRoleFromLocalPassport(get(vc, 'credentialSubject.passport'));
       const passport = createUserPassport(vc, { role });
 

package/api/services/auth/connect/setup.js

@@ -30,7 +30,7 @@ const checkOwner = async ({ node, userDid, blocklet }) => {
   return user;
 };
 
-module.exports = function createRoutes(node, _authenticator, createSessionToken) {
+module.exports = function createRoutes(node, authenticator, createSessionToken) {
   return {
     action: 'setup',
     onConnect: async ({ req, userDid, extraParams: { locale } }) => {
@@ -113,7 +113,12 @@ module.exports = function createRoutes(node, _authenticator, createSessionToken)
 
         // Generate new session token that client can save to localStorage
         // HACK: 此处没有 passportId，所以特意不设置 refreshToken，失效后下次登录就能选择合适的 passport
-        const sessionToken = await createSessionToken(userDid, { secret, role: 'owner', fullName: profile?.fullName });
+        const sessionToken = await createSessionToken(userDid, {
+          secret,
+          role: 'owner',
+          fullName: profile?.fullName,
+          elevated: true,
+        });
         await updateSession({ sessionToken }, true);
         logger.info('setup.connect.success', { userDid });
       } catch (err) {

package/api/services/auth/connect/verify-destroy.js

@@ -1,6 +1,6 @@
 const { messages } = require('@abtnode/auth/lib/auth');
-const { authenticateByVc, getVerifyAccessClaims } = require('@abtnode/auth/lib/server');
-const { ROLES, MFA_PROTECTED_METHODS } = require('@abtnode/constant');
+const { authenticateByVc, getVerifyAccessClaims, validateVerifyDestroyRequest } = require('@abtnode/auth/lib/server');
+const { ROLES } = require('@abtnode/constant');
 const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
 const { fromBase64 } = require('@ocap/util');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
@@ -26,20 +26,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         throw new Error(messages.notAuthorized[locale]);
       }
 
-      // ensure payload is valid
-      const parsed = JSON.parse(fromBase64(payload).toString());
-      if (!MFA_PROTECTED_METHODS.includes(parsed.action)) {
-        throw new Error(messages.notAllowed[locale]);
-      }
-
-      // ensure roles are valid
-      const expected = roles
-        .split(',')
-        .map((x) => x.trim())
-        .filter(Boolean);
-      if (expected.some((x) => !ALLOWED_ROLES.includes(x))) {
-        throw new Error(messages.notAllowed[locale]);
-      }
+      const expected = validateVerifyDestroyRequest({ payload, roles, locale, allowedRoles: ALLOWED_ROLES });
 
       const sourceAppPid = getSourceAppPid(request);
       return {

package/api/services/auth/index.js

@@ -37,6 +37,7 @@ const createVerifyDestroyAuth = require('./connect/verify-destroy');
 const createReceiveTransferAppOwnerRoutes = require('./connect/receive-transfer-app-owner');
 const createSessionRoutes = require('./session');
 const createPassportRoutes = require('./passport');
+const createPasskeyRoutes = require('./passkey');
 const { getRedirectUrl, shouldIgnoreUrl, redirectWithoutCache } = require('../../util');
 const { createConnectToDidSpacesForUserRoute } = require('./connect/connect-to-did-spaces-for-user');
 const { isEmailKycRequired, isPhoneKycRequired } = require('../../libs/kyc');
@@ -249,6 +250,9 @@ const init = ({ node, options }) => {
 
   // public http api
   routes.createPassportRoutes = createPassportRoutes;
+  routes.createPasskeyRoutes = {
+    init: (router) => createPasskeyRoutes.init(router, node, options, createSessionToken),
+  };
   routes.createSessionRoutes = {
     // eslint-disable-next-line no-shadow
     init: (router, node) =>

package/api/services/auth/passkey.js

@@ -0,0 +1,31 @@
+const { createPasskeyHandlers } = require('@abtnode/auth/lib/passkey');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { createPassportList, createPassportSwitcher } = require('@abtnode/auth/lib/oauth');
+const { createTokenFn } = require('../../util');
+const { checkUser } = require('../../routes/oauth');
+
+module.exports = {
+  init(router, node, options, createSessionToken) {
+    const createToken = createTokenFn(createSessionToken);
+
+    const {
+      ensurePasskeySession,
+      ensureUser,
+      handleRegisterRequest,
+      handleRegisterResponse,
+      handleAuthRequest,
+      handleAuthResponse,
+    } = createPasskeyHandlers(node, 'service', createToken);
+
+    const prefix = `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/passkey`;
+
+    router.get(`${prefix}/register`, handleRegisterRequest);
+    router.post(`${prefix}/register`, ensurePasskeySession, handleRegisterResponse);
+    router.get(`${prefix}/auth`, ensureUser, handleAuthRequest);
+    router.post(`${prefix}/auth`, ensurePasskeySession, handleAuthResponse);
+
+    // Following routes are same as oauth routes
+    router.get(`${prefix}/passports`, checkUser, createPassportList(node, 'service'));
+    router.post(`${prefix}/switch`, checkUser, createPassportSwitcher(node, createToken, 'service'));
+  },
+};

package/api/services/auth/passport.js

@@ -2,8 +2,8 @@ const { getPassportStatus } = require('@abtnode/auth/lib/auth');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 
 module.exports = {
-  init(server, node) {
-    server.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/passport/status`, async (req, res) => {
+  init(router, node) {
+    router.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/passport/status`, async (req, res) => {
       const { vcId, userDid, locale } = req.query;
       const teamDid = req.headers['x-blocklet-did'];
 

package/api/services/notification/index.js

@@ -23,14 +23,15 @@ const authenticateConnect = (req, cb) => {
     return;
   }
 
-  if (!JWT.verify(token, pk)) {
-    cb(new Error('token verify failed'));
-    return;
-  }
-
-  const decoded = JWT.decode(token);
-  const info = getTokenInfo(decoded);
-  cb(null, info);
+  JWT.verify(token, pk)
+    .then(() => {
+      const decoded = JWT.decode(token);
+      const info = getTokenInfo(decoded);
+      cb(null, info);
+    })
+    .catch((err) => {
+      cb(err, null);
+    });
 };
 
 const authenticateJoinChannel = async ({ topic: channel, payload, node }) => {
@@ -45,7 +46,7 @@ const authenticateJoinChannel = async ({ topic: channel, payload, node }) => {
   // so we need to support token is valid for one day
   const tolerance = 3600 * 24;
 
-  if (!JWT.verify(payload.token, payload.pk, { tolerance })) {
+  if (!(await JWT.verify(payload.token, payload.pk, { tolerance }))) {
     throw new Error(`verify did failed: ${info.did}`);
   }
 

package/api/socket/channel/did.js

@@ -20,6 +20,7 @@ const states = require('../../state');
 const { validateEmail, sendEmail } = require('../../libs/email');
 const { sendPush } = require('../../libs/push-kit');
 const { getBlockletInfo } = require('../../cache');
+const { nanoid } = require('../../util');
 
 const CHANNEL_FIELD_MAP = {
   wallet: ['walletSendStatus', 'walletSendAt'],
@@ -192,6 +193,8 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
         });
       }
 
+      // 为消息添加一个ID，wallet钱包接受消息会使用这个字段
+      data.id = data.id || doc?.id || nanoid();
       // 发送钱包消息
       if (channels.includes('app')) {
         for (const receiverDid of receiverAppDidList) {

package/api/socket/util.js

@@ -23,6 +23,8 @@ const parseNotification = (notification, senderInfo) => {
       x.createdAt = new Date();
     }
 
+    x.type = x.type || 'notification';
+
     x.sender = {
       // did is permanent did of an application that is used to identify the application by DID Wallet
       did: senderInfo.permanentWallet.address,
@@ -60,7 +62,7 @@ const ensureSenderApp = async ({ sender, node, nodeInfo }) => {
   }
 
   const { wallet } = appInfo;
-  if (!JWT.verify(sender.token, wallet.publicKey)) {
+  if (!(await JWT.verify(sender.token, wallet.publicKey))) {
     throw new Error(`Invalid authentication token for sender blocklet: ${sender.appDid}`);
   }
 

package/api/util/attach-shared-utils.js

@@ -159,6 +159,7 @@ module.exports = ({ node, req, options }) => {
         };
 
         const user = await verifySessionToken(token, secret, opt);
+
         if (user && visitorId) {
           const [userSession] = await node.getUserSession({
             teamDid,
@@ -166,14 +167,14 @@ module.exports = ({ node, req, options }) => {
             userDid: user.did,
             visitorId,
           });
-          if (!userSession) return;
-
-          req.userSession = userSession;
+          if (userSession) {
+            req.userSession = userSession;
+          }
         }
         req.user = user;
       }
     } catch (error) {
-      logger.debug('Failed to ensureUser', { error });
+      console.error('Failed to ensureUser', error);
     }
   };