npm - @abtnode/blocklet-services - Versions diffs - 1.16.41-beta-20250325-054737-39c060ca → 1.16.41-beta-20250329-232306-53c45e3b - Mend

@abtnode/blocklet-services 1.16.41-beta-20250325-054737-39c060ca → 1.16.41-beta-20250329-232306-53c45e3b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/api/libs/connect/session.js CHANGED Viewed

@@ -46,6 +46,7 @@ const {
 const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/login');
 const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abtnode/auth/lib/util/spaces');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
+const { PASSPORT_LOG_ACTION, PASSPORT_SOURCE, PASSPORT_STATUS } = require('@abtnode/constant');
 const logger = require('../logger')('connect');
 const { createTokenFn, getDidConnectVersion } = require('../../util');
@@ -75,6 +76,20 @@ const validateLocalPassport = async ({ vc, node, locale, blocklet, teamDid, user
     if (vc.credentialSubject.id !== userDid) {
       throw new CustomError(403, messages.actionForbidden[locale]);
     }
+    const passport = await node.getPassportById({ teamDid, passportId: vc.id });
+    if (!passport) {
+      throw new CustomError(403, messages.passportNotFound[locale]);
+    }
+    if (passport.status === PASSPORT_STATUS.REVOKED) {
+      throw new CustomError(403, messages.passportRevoked[locale](passport.title));
+    }
+    if (passport.status === PASSPORT_STATUS.EXPIRED) {
+      throw new CustomError(403, messages.passportExpired[locale]);
+    }
     if (!(await node.isPassportValid({ teamDid, passportId: vc.id }))) {
       throw new CustomError(403, messages.passportNotFound[locale]);
     }
@@ -204,7 +219,8 @@ module.exports = {
        */
       const blocklet = await request.getBlocklet();
       const { accessPolicyConfig } = await request.getSecurityConfig({ id: SECURITY_RULE_DEFAULT_ID });
-      const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const blockletInfo = await request.getBlockletInfo();
+      const { did: teamDid, wallet: blockletWallet } = blockletInfo;
       const sourceAppPid = getSourceAppPid(request);
       const profileItems = getProfileItems(blocklet.settings?.session, request.context.didwallet);
@@ -481,7 +497,13 @@ module.exports = {
       }
       // Recreate passport with correct role
-      passport = vc ? createUserPassport(vc, { role }) : null;
+      passport = vc ? createUserPassport(vc, { role, source: PASSPORT_SOURCE.ISSUE }) : null;
+      if (passport?.id) {
+        const isTrustedPassport = (blocklet.trustedPassports || []).some((x) => x.issuerDid === passport?.issuer?.id);
+        if (isTrustedPassport) {
+          passport.source = PASSPORT_SOURCE.TRUSTED;
+        }
+      }
       const now = new Date().toISOString();
       const connectedNft = nftState
@@ -636,6 +658,21 @@ module.exports = {
           });
       }
+      if (passport) {
+        await node.createPassportLog(
+          teamDid,
+          {
+            passportId: passport.id,
+            action: PASSPORT_LOG_ACTION.USED,
+            operatorDid: userDid,
+            metadata: {
+              action,
+            },
+          },
+          request
+        );
+      }
       // Generate new session token that client can save to localStorage
       const createToken = createTokenFn(createSessionToken);
       const sessionConfig = blocklet.settings?.session || {};
@@ -989,7 +1026,7 @@ module.exports = {
       await checkAppOwner({ node, role, blocklet, userDid, locale });
       // Recreate passport with correct role
-      passport = vc ? createUserPassport(vc, { role }) : null;
+      passport = vc ? createUserPassport(vc, { role, source: PASSPORT_SOURCE.ISSUE }) : null;
       await node.updateUser({
         teamDid,
@@ -1015,6 +1052,21 @@ module.exports = {
         node
       );
+      if (passport) {
+        await node.createPassportLog(
+          teamDid,
+          {
+            passportId: passport.id,
+            action: PASSPORT_LOG_ACTION.USED,
+            operatorDid: '',
+            metadata: {
+              action: 'switch-passport-approve',
+            },
+          },
+          request
+        );
+      }
       // Generate new session token that client can save to localStorage
       const createToken = createTokenFn(createSessionToken);
       const sessionConfig = blocklet.settings?.session || {};

package/api/libs/email.js CHANGED Viewed

@@ -5,7 +5,8 @@ const { getEmailServiceProvider } = require('@abtnode/auth/lib/email');
 const { sendEmailWithLauncher } = require('@abtnode/auth/lib/launcher');
 const logger = require('./logger')('blocklet-services:notification');
-const { NotificationEmail } = require('../emails/pages/notification');
+const { NotificationEmail } = require('../emails/_templates/notification');
+const { VerifyCodeEmail } = require('../emails/_templates/verify-code');
 const cache = require('../cache');
 const schemaEmail = Joi.string().email().required();
@@ -15,7 +16,16 @@ const validateEmail = schemaEmail.validateAsync.bind(schemaEmail);
 async function sendEmail(
   receiver,
   notification,
-  { teamDid, node, locale, unsubscribeToken = '', userInfo = {}, raw = false, launcher = false }
+  {
+    teamDid,
+    node,
+    locale,
+    unsubscribeToken = '',
+    userInfo = {},
+    raw = false,
+    launcher = false,
+    template = 'notification',
+  }
 ) {
   if (!receiver) {
     throw new Error('receiver is required');
@@ -56,20 +66,42 @@ async function sendEmail(
       'You have received a notification'
     }`;
-    const html = render(
-      NotificationEmail({
-        subject,
-        appInfo,
-        ...notification,
-        locale,
-        raw,
-        unsubscribeToken,
-        userInfo: {
-          ...userInfo,
-          email: receiver,
-        },
-      })
-    );
+    let html = '';
+    try {
+      if (template === 'notification') {
+        html = await render(
+          NotificationEmail({
+            subject,
+            appInfo,
+            ...notification,
+            locale,
+            raw,
+            unsubscribeToken,
+            userInfo: {
+              ...userInfo,
+              email: receiver,
+            },
+          })
+        );
+      } else if (template === 'verify-code') {
+        html = await render(
+          VerifyCodeEmail({
+            subject,
+            appInfo,
+            ...notification,
+            locale,
+            raw,
+            userInfo: {
+              ...userInfo,
+              email: receiver,
+            },
+          })
+        );
+      }
+    } catch (err) {
+      logger.error('Failed to render email template:', err);
+      throw new Error(`Failed to render ${template} template: ${err.message}`);
+    }
     const emailData = {
       from: `"${appInfo.title}" <${config.from}>`,

package/api/middlewares/body-parser.js ADDED Viewed

@@ -0,0 +1,10 @@
+const bodyParser = require('body-parser');
+const { MAX_UPLOAD_FILE_SIZE } = require('@abtnode/constant');
+// body parser only for blocklet service related request
+const maxUploadSize = Number(process.env.MAX_UPLOAD_FILE_SIZE) || MAX_UPLOAD_FILE_SIZE;
+module.exports = [
+  bodyParser.json({ limit: `${maxUploadSize}mb` }),
+  bodyParser.urlencoded({ extended: true, limit: `${maxUploadSize}mb` }),
+];

package/api/routes/blocklet.js CHANGED Viewed

@@ -10,7 +10,6 @@ const { joinURL } = require('ufo');
 const cors = require('cors');
 const { getPassportStatusEndpoint } = require('@abtnode/auth/lib/auth');
 const { createPassportVC, createPassport, createUserPassport } = require('@abtnode/auth/lib/passport');
 const formatContext = require('@abtnode/util/lib/format-context');
 const { getStatusFromError } = require('@abtnode/util/lib/custom-error');
 const { getUserAvatarUrl, getAvatarFile, getAppAvatarUrl, extractUserAvatar } = require('@abtnode/util/lib/user');
@@ -41,6 +40,7 @@ const {
   USER_AVATAR_URL_PREFIX,
   WELLKNOWN_BLOCKLET_HEALTH_PATH,
 } = require('@abtnode/constant');
+const { PASSPORT_SOURCE, PASSPORT_LOG_ACTION, PASSPORT_ISSUE_ACTION } = require('@abtnode/constant');
 const { createDownloadLogStream } = require('@abtnode/core/lib/util/log');
@@ -189,7 +189,7 @@ module.exports = {
       // 不能使用 useCache 可能会拿不到最新的 blocklet 信息
       const blocklet = await req.getBlocklet({ useCache: false });
-      const { fromSetup } = req.body;
+      const { fromSetup } = req.query;
       const { did: userDid } = req.user;
       // eslint-disable-next-line no-unreachable
@@ -223,7 +223,7 @@ module.exports = {
         }
       }
-      if (fromSetup) {
+      if (fromSetup === '1') {
         const teamDid = blocklet.meta.did;
         const { wallet, name, passportColor } = await req.getBlockletInfo();
         // NOTICE: 这里的 did 是从 session 中取到的永久 did，不需要查询 connectedAccount
@@ -267,7 +267,8 @@ module.exports = {
           });
           // write passport to db
-          const passport = createUserPassport(vc, { role });
+          const passport = createUserPassport(vc, { role, source: PASSPORT_SOURCE.ISSUE });
           const result = await node.updateUser({
             teamDid,
             user: {
@@ -285,6 +286,18 @@ module.exports = {
             node
           );
+          if (passport) {
+            await node.createPassportLog(teamDid, {
+              passportId: passport.id,
+              action: PASSPORT_LOG_ACTION.ISSUE,
+              operatorDid: userDid,
+              metadata: {
+                action: PASSPORT_ISSUE_ACTION.ISSUE_ON_BLOCKLET_START,
+                context: formatContext(req),
+              },
+            });
+          }
           // send owner vc
           const notificationText = {
             title: {

package/api/routes/federated.js CHANGED Viewed

@@ -41,19 +41,21 @@ function getAuditLogActorByFederatedSite(blocklet) {
   };
 }
-async function syncSwitchProfile(user, { node, teamDid, dataDir }) {
-  const tempUser = pick(user, [
-    'did',
-    'pk',
-    'avatar',
-    'fullName',
-    'email',
-    'phone',
-    'url',
-    'inviter',
-    'emailVerified',
-    'phoneVerified',
-  ]);
+const SYNC_FIELDS = [
+  'did',
+  'pk',
+  'avatar',
+  'fullName',
+  'email',
+  'phone',
+  'url',
+  'inviter',
+  'emailVerified',
+  'phoneVerified',
+];
+async function syncSwitchProfile(user, { node, teamDid, dataDir, fields = SYNC_FIELDS }) {
+  const tempUser = pick(user, fields);
   // 处理 avatar
   if (tempUser.avatar) {
@@ -142,6 +144,10 @@ async function syncDisconnectAccount(user, { node, teamDid, blocklet }) {
   });
 }
+function syncUserProfile(user, { node, teamDid, dataDir }) {
+  return syncSwitchProfile(user, { node, teamDid, dataDir, fields: [...SYNC_FIELDS, 'metadata', 'address'] });
+}
 /**
  * member 站点向 master 站点请求拉取一个用户信息
  */
@@ -153,6 +159,8 @@ const syncUserFnMaps = {
   connectAccount: syncConnectAccount,
   // 用户解绑第三方登录
   disconnectAccount: syncDisconnectAccount,
+  // 用户同步 profile
+  syncProfile: syncUserProfile,
 };
 module.exports = {
@@ -804,5 +812,20 @@ module.exports = {
       const siteInfo = await generateSiteInfo({ nodeInfo, blocklet, domainAliases });
       res.json(siteInfo);
     });
+    // 用于 member 向 master 获取指定 sub 用户的共公开钱包信息
+    server.post(`${prefixApi}/getUser`, ensureBlocklet(), checkFederatedCall(), async (req, res) => {
+      const { verifyData } = req;
+      const { userSub } = verifyData;
+      if (!userSub) {
+        res.status(400).json({ error: 'missing userSub' });
+        return;
+      }
+      const { wallet: blockletWallet } = await req.getBlockletInfo();
+      const userWallet = fromAppDid(userSub, blockletWallet.secretKey);
+      res.json({
+        wallet: pick(userWallet, ['type', 'publicKey', 'address']),
+      });
+    });
   },
 };

package/api/routes/mcp.js ADDED Viewed

@@ -0,0 +1,87 @@
+/* eslint-disable no-console */
+const { WELLKNOWN_SERVICE_PATH_PREFIX, SECURITY_RULE_DEFAULT_ID } = require('@abtnode/constant');
+const { joinURL } = require('ufo');
+const get = require('lodash/get');
+const getBlockletInfo = require('@blocklet/meta/lib/info');
+const { checkPublicAccess } = require('@blocklet/meta/lib/util');
+// eslint-disable-next-line import/no-unresolved
+const { SSEServerTransport } = require('@modelcontextprotocol/sdk/server/sse.js');
+const { mcpServer } = require('../services/mcp/server');
+const isMCPSupported = (b) => get(b.meta, 'capabilities.mcp', false);
+module.exports = {
+  init(server, node) {
+    // Return all MCP servers
+    server.get(joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/mcp/servers'), async (req, res) => {
+      const blocklet = await req.getBlocklet();
+      const { securityRules } = await node.getBlockletSecurityRules({ did: blocklet.appDid });
+      let securityConfig = securityRules.find((x) => x.id === SECURITY_RULE_DEFAULT_ID);
+      const mcpServers = [];
+      // Blocklet Service MCP Server
+      const info = getBlockletInfo(blocklet);
+      const baseUrl = joinURL(info.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/blocklet');
+      mcpServers.push({
+        did: blocklet.appDid,
+        name: info.name,
+        description: info.description,
+        endpoint: joinURL(info.appUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/mcp/sse'),
+        protected: !checkPublicAccess(securityConfig),
+        version: info.version,
+        logo: joinURL(baseUrl, '/logo'),
+      });
+      // Components MCP Server
+      blocklet.children.forEach((x) => {
+        securityConfig = securityRules.find((r) => r.componentDid === x.meta.did && r.pathPattern === '*');
+        if (isMCPSupported(x)) {
+          mcpServers.push({
+            did: `${blocklet.appDid}/${x.meta.did}`,
+            name: x.meta.title,
+            description: x.meta.description,
+            endpoint: joinURL(info.appUrl, x.mountPoint, '/mcp/sse'),
+            protected: !checkPublicAccess(securityConfig),
+            version: x.meta.version,
+            logo: joinURL(baseUrl, `/logo-bundle/${x.meta.did}?v=${info.version}`),
+          });
+        }
+      });
+      // TODO: should we include official services? such as chain, did-spaces, name-service, etc.
+      res.json({
+        version: info.version,
+        servers: mcpServers,
+      });
+    });
+    // Serve Service MCP server
+    // to support multiple simultaneous connections we have a lookup object from sessionId to transport
+    const transports = {};
+    server.get(joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/mcp/sse'), async (_, res) => {
+      // Set required headers for SSE
+      res.header('X-Accel-Buffering', 'no');
+      const transport = new SSEServerTransport(joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/mcp/messages'), res);
+      transports[transport.sessionId] = transport;
+      res.on('close', () => {
+        delete transports[transport.sessionId];
+      });
+      await mcpServer.connect(transport);
+    });
+    server.post(joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/mcp/messages'), async (req, res) => {
+      const { sessionId } = req.query;
+      const transport = transports[sessionId];
+      if (transport) {
+        // Send the body to the transport since we have already parsed it
+        await transport.handlePostMessage(req, res, req.body);
+      } else {
+        res.status(400).send('No transport found for sessionId');
+      }
+    });
+  },
+};

package/api/routes/user-session.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /* eslint-disable no-await-in-loop */
-const { WELLKNOWN_SERVICE_PATH_PREFIX, SESSION_TTL } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX, SESSION_TTL, PASSPORT_LOG_ACTION } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const pick = require('lodash/pick');
 const defaults = require('lodash/defaults');
@@ -223,6 +223,21 @@ module.exports = {
             },
           });
+          if (targetPassport) {
+            await node.createPassportLog(
+              teamDid,
+              {
+                passportId: targetPassport.id,
+                action: PASSPORT_LOG_ACTION.LOGIN,
+                operatorDid: loggedInUser.did,
+                metadata: {
+                  action: 'login',
+                },
+              },
+              req
+            );
+          }
           result = createToken(
             user.did,
             {