npm - @abtnode/blocklet-services - Versions diffs - 1.16.41-beta-20250325-154552-2bf78c26 → 1.16.41-beta-20250331-010247-966fcfb0 - Mend

@abtnode/blocklet-services 1.16.41-beta-20250325-154552-2bf78c26 → 1.16.41-beta-20250331-010247-966fcfb0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/api/routes/user.js CHANGED Viewed

@@ -1,7 +1,15 @@
-const { WELLKNOWN_SERVICE_PATH_PREFIX, SECURITY_RULE_DEFAULT_ID } = require('@abtnode/constant');
+const {
+  WELLKNOWN_SERVICE_PATH_PREFIX,
+  SECURITY_RULE_DEFAULT_ID,
+  ROLES,
+  VERIFY_CODE_TTL,
+  PASSPORT_STATUS,
+} = require('@abtnode/constant');
+const JWT = require('@arcblock/jwt');
+const { render } = require('@react-email/components');
 const { messages, getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const { fromAppDid } = require('@arcblock/did-ext');
-const { extractUserAvatar } = require('@abtnode/util/lib/user');
+const { extractUserAvatar, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
 const { fromBase64 } = require('@ocap/util');
@@ -12,8 +20,9 @@ const merge = require('lodash/merge');
 const omitBy = require('lodash/omitBy');
 const omit = require('lodash/omit');
 const uniq = require('lodash/uniq');
+const last = require('lodash/last');
+const sortBy = require('lodash/sortBy');
 const { getLastUsedPassport } = require('@abtnode/auth/lib/passport');
-const { verify, decode } = require('@arcblock/jwt');
 const { getWallet } = require('@blocklet/meta/lib/did-utils');
 const { Joi } = require('@arcblock/validator');
 const { parse } = require('@abtnode/core/lib/util/ua');
@@ -21,7 +30,11 @@ const { checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const formatError = require('@abtnode/util/lib/format-error');
 const CustomError = require('@abtnode/util/lib/custom-error');
+const { callFederated } = require('@abtnode/auth/lib/util/federated');
 const { xss } = require('@blocklet/xss');
+const { withQuery } = require('ufo');
+const cors = require('cors');
 const { createTokenFn, getDidConnectVersion } = require('../util');
 const initJwt = require('../libs/jwt');
 const { getAvatarByUrl } = require('../libs/auth/utils');
@@ -31,8 +44,13 @@ const { getAvatarByEmail } = require('../libs/auth/utils');
 const logger = require('../libs/logger')('user');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
 const checkUser = require('../middlewares/check-user');
-const { getUserWithinFederated, getUserAvatarUrl } = require('../util/federated');
+const { getUserWithinFederated, getUserAvatarUrl: getRawUserAvatarUrl } = require('../util/federated');
 const { Profile } = require('../state/profile');
+const { emailSchema } = require('../socket/channel/did');
+const { sendEmail } = require('../libs/email');
+const federatedUtil = require('../util/federated');
+const { VerifyCodeBody } = require('../emails/_templates/verify-code-body');
+const { checkFederatedCall } = require('../middlewares/check-federated');
 const validateUser = (user) => {
   try {
@@ -57,12 +75,25 @@ const translations = {
     needComponentId: '缺少登录参数: componentId',
     userInfoError: '登录用户信息有误',
     notExist: '用户不存在',
+    //
+    emailInvalid: '邮箱格式不正确',
+    emailSendSuccess: '验证码发送成功',
+    emailAlreadySent: '我们已发送验证电子邮件。请检查您的收件箱或垃圾邮件文件夹。如果您没有看到它，您可以稍后再试。',
+    emailVerifySuccess: '邮箱验证成功',
+    emailTitle: '登录 {appName}',
   },
   en: {
     notAllowed: 'Your have been revoked access to this blocklet',
     needComponentId: 'componentId is required when login user',
     userInfoError: 'Login user info is invalid',
     notExist: 'User does not exist',
+    //
+    emailInvalid: 'Invalid email format',
+    emailSendSuccess: 'Verification code sent successfully',
+    emailAlreadySent:
+      "We've sent a verification email. Please check your inbox and spam folder. If you don't see it, you can try again in a few minutes.",
+    emailVerifySuccess: 'Email verified successfully',
+    emailTitle: 'Login to {appName}',
   },
 };
@@ -367,7 +398,7 @@ async function verifyUserSig({ userDid, signature, teamDid, sourceAppPid, userPk
   const userDidWallet = getWallet(currentUser);
   // HACK: @zhanghan 钱包传递的签名使用的是 didWallet 账户，但这个账户可能是 原生的 oauth 账户，所以需要找到对应的 did-wallet 账户
-  const valid = verify(signature, userDidWallet.pk);
+  const valid = await JWT.verify(signature, userDidWallet.pk);
   if (!valid) {
     throw new Error('invalid signature');
   }
@@ -395,7 +426,7 @@ function checkUserSig({ node }) {
       }
       const userDidWallet = getWallet(user);
-      const valid = verify(userSig, userDidWallet.pk);
+      const valid = await JWT.verify(userSig, userDidWallet.pk);
       if (!valid) {
         logger.error('Verify sig failed', {
           userDid,
@@ -412,7 +443,7 @@ function checkUserSig({ node }) {
         fullName: user.fullName,
         walletOS,
       };
-      const resData = decode(userSig, true);
+      const resData = JWT.decode(userSig, true);
       // NOTICE: set decode data to req.body, it's not a good practice, but we need it in next middleware
       req.body = pick(resData, ['notifications']);
     }
@@ -462,7 +493,7 @@ const profileSetSchema = Joi.object({
   metadata: Joi.object({
     email: Joi.string().email().optional(),
     phone: Joi.object({
-      phoneNumber: Joi.string().optional(),
+      phoneNumber: Joi.string().allow('').optional(),
       country: Joi.string().optional(),
     }).optional(),
     bio: Joi.string().allow('').max(200).optional(),
@@ -501,6 +532,17 @@ const spaceGatewaySchema = Joi.object({
 module.exports = {
   init(server, node, options) {
+    const ensureCors = cors(async (req, callback) => {
+      const domains = await federatedUtil.getTrustedDomains({ node, req, blocklet: req.blocklet });
+      const host = req?.get('host') || req?.headers?.host;
+      if (domains.includes(host)) {
+        callback(null, { origin: true });
+      } else {
+        callback(null, { origin: false });
+      }
+    });
+    // 应用后端自行登录逻辑（SDK 中调用）
     server.post([`${prefix}/login`, `${prefixApi}/login`], verifySig, async (req, res) => {
       try {
         const data = await login(req, node, options);
@@ -797,6 +839,365 @@ module.exports = {
       }
     );
+    // master 帮 member 进行邮件代发
+    server.post(
+      `${prefixApi}/email/forwardSendCode`,
+      ensureBlocklet(),
+      checkFederatedCall({ mode: 'memberToMaster', allowStatus: ['approved'] }),
+      async (req, res) => {
+        const { blocklet, verifyData } = req;
+        const teamDid = blocklet.appPid;
+        const { subject, code, magicLink, appName, locale } = verifyData;
+        const emailBody = await render(
+          VerifyCodeBody({
+            code,
+            magicLink,
+            appName,
+            locale,
+          })
+        );
+        const result = await sendEmail(
+          subject,
+          {
+            title: t('emailTitle', locale, { appName }),
+            body: emailBody,
+          },
+          {
+            teamDid,
+            node,
+            locale,
+            raw: true,
+            launcher: true,
+          }
+        );
+        res.json(result);
+      }
+    );
+    server.post(`${prefixApi}/email/sendCode`, ensureBlocklet(), ensureCors, async (req, res) => {
+      const { locale = 'en' } = req.query;
+      const { blocklet } = req;
+      const teamDid = blocklet.appPid;
+      const { email, useCode = true, useMagicLink = true, sourceAppPid = null } = req.body;
+      const { error, value: subject } = emailSchema.validate(email);
+      if (error) {
+        res.status(400).send({ error: t('emailInvalid', locale), code: 'email_invalid' });
+        return;
+      }
+      if (await node.isSubjectSent({ teamDid, subject })) {
+        res.status(400).send({
+          error: t('emailAlreadySent', locale),
+          code: 'email_already_sent',
+        });
+        return;
+      }
+      const blockletInfo = await req.getBlockletInfo();
+      const doc = await node.createVerifyCode({ teamDid, subject, purpose: 'login' });
+      const now = Math.floor(Date.now() / 1000);
+      const magicLinkToken = JWT.signV2(blockletInfo.wallet.address, blockletInfo.wallet.secretKey, {
+        exp: String(now + VERIFY_CODE_TTL),
+        data: {
+          id: doc.id,
+          code: doc.code,
+        },
+      });
+      logger.info('Email login: create verify code', { teamDid, doc });
+      const emailData = {
+        appName: blockletInfo.name,
+        locale,
+      };
+      if (useCode) {
+        emailData.code = doc.code;
+      }
+      if (useMagicLink) {
+        emailData.magicLink = withQuery(req.get('referer'), {
+          magicToken: magicLinkToken,
+          sourceAppPid,
+        });
+      }
+      let result;
+      if (sourceAppPid) {
+        // 通知 master 去发送邮件
+        result = await federatedUtil.sendEmailVerifyCode({
+          blocklet,
+          blockletInfo,
+          request: req,
+          params: {
+            ...emailData,
+            subject,
+          },
+        });
+      } else {
+        const emailBody = await render(VerifyCodeBody(emailData));
+        result = await sendEmail(
+          subject,
+          {
+            title: t('emailTitle', locale, { appName: blockletInfo.name }),
+            body: emailBody,
+          },
+          {
+            teamDid,
+            node,
+            locale,
+            raw: true,
+            launcher: true,
+          }
+        );
+      }
+      logger.info('Email login: send verify code', { teamDid, result });
+      await node.sendVerifyCode({ teamDid, code: doc.code });
+      // 返回 verify code 的 id，用于后续状态的监听
+      res.json({ id: doc.id });
+    });
+    server.get(`${prefixApi}/email/status`, ensureBlocklet(), ensureCors, async (req, res) => {
+      const { codeId } = req.query;
+      const { blocklet } = req;
+      const teamDid = blocklet.appPid;
+      const doc = await node.getVerifyCode({ teamDid, id: codeId });
+      logger.info('Email login: check verify code status', { teamDid, codeId, doc });
+      if (doc) {
+        res.json({ verified: doc.verified, id: doc.id });
+      } else {
+        res.json({ verified: false, id: undefined });
+      }
+    });
+    server.post(`${prefixApi}/email/login`, ensureBlocklet(), ensureCors, async (req, res) => {
+      try {
+        const { locale = 'en' } = req.query;
+        const { blocklet } = req;
+        const teamDid = blocklet.appPid;
+        let passport = { name: 'Guest', role: 'guest' };
+        const { code, magicToken, sourceAppPid = null } = req.body;
+        const blockletInfo = await req.getBlockletInfo();
+        let finalCode = code;
+        if (!code && magicToken) {
+          const valid = await JWT.verify(magicToken, blockletInfo.wallet.publicKey);
+          if (!valid) {
+            logger.error('Email login: Invalid magic token', { teamDid, magicToken });
+            throw new CustomError(401, 'Invalid magic link');
+          }
+          const decodeData = JWT.decode(magicToken, true);
+          if (!decodeData?.data?.code) {
+            logger.error('Email login: failed to parse magicToken data', { teamDid, magicToken, decodeData });
+            throw new CustomError(400, 'Invalid magic token format');
+          }
+          finalCode = decodeData?.data?.code;
+        }
+        const verifyCodeResult = await node.consumeVerifyCode({ teamDid, code: finalCode });
+        if (!verifyCodeResult) {
+          throw new CustomError(400, 'Invalid verify code');
+        }
+        logger.info('Email login: consume verify code', { teamDid, code, result: verifyCodeResult });
+        // 保持跟 oauth 账户的格式一致
+        const sub = `email|${verifyCodeResult.subject}`;
+        let userWallet;
+        if (sourceAppPid) {
+          const masterSite = federatedUtil.getFederatedMaster(blocklet);
+          const { permanentWallet } = blockletInfo;
+          const result = await callFederated({
+            action: 'getUser',
+            site: masterSite,
+            permanentWallet,
+            data: {
+              userSub: sub,
+            },
+          });
+          userWallet = result?.wallet;
+        } else {
+          userWallet = fromAppDid(sub, blockletInfo.wallet.secretKey);
+        }
+        const lastLoginIp = getRequestIP(req);
+        const userDid = userWallet.address;
+        const userPk = userWallet.publicKey;
+        let doc;
+        let passportForLog;
+        let profile;
+        let currentUser = await node.getUser({ teamDid, user: { did: userWallet.address } });
+        const connectedAccount = {
+          provider: LOGIN_PROVIDER.EMAIL,
+          did: userDid,
+          pk: userPk,
+          id: sub,
+        };
+        if (currentUser) {
+          profile = {
+            fullName: currentUser.fullName,
+            email: currentUser.email,
+            avatar: currentUser.avatar,
+          };
+          const allPassports = currentUser.passports || [];
+          const validPassports = allPassports.filter((item) => item.status === PASSPORT_STATUS.VALID);
+          const lastUsedPassport = last(sortBy(validPassports, 'lastLoginAt'));
+          passportForLog = lastUsedPassport;
+          if (lastUsedPassport) {
+            passport = pick(lastUsedPassport, ['id', 'name', 'role', 'scope']);
+          }
+          doc = await node.loginUser({
+            teamDid,
+            user: {
+              did: currentUser.did,
+              pk: currentUser.pk,
+              locale,
+              lastLoginIp,
+              sourceAppPid,
+              passport: lastUsedPassport,
+              connectedAccount,
+            },
+          });
+        } else {
+          await checkNeedInvite({ req, node, teamDid, locale });
+          currentUser = {
+            did: userWallet.address,
+            pk: userWallet.publicKey,
+          };
+          const nodeInfo = await req.getNodeInfo();
+          const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
+          let avatar = await getAvatarByEmail(verifyCodeResult.subject);
+          avatar = await extractUserAvatar(avatar, { dataDir });
+          profile = {
+            fullName: verifyCodeResult.subject.split('@')[0],
+            email: verifyCodeResult.subject,
+            avatar,
+            // email 登录默认认为邮箱已验证
+            emailVerified: true,
+          };
+          // 实际创建用户
+          doc = await node.loginUser({
+            teamDid,
+            user: {
+              did: currentUser.did,
+              pk: currentUser.pk,
+              ...profile,
+              locale,
+              lastLoginIp,
+              sourceAppPid,
+              connectedAccount,
+            },
+          });
+        }
+        await node.createAuditLog(
+          {
+            action: 'login',
+            args: {
+              teamDid,
+              userDid: currentUser.did || userDid,
+              passport: passportForLog,
+              provider: LOGIN_PROVIDER.EMAIL,
+              sourceAppPid,
+            },
+            context: formatContext(Object.assign(req, { user: doc })),
+            result: doc,
+          },
+          node
+        );
+        const ua = req.get('user-agent');
+        const visitorId = req.get('x-blocklet-visitor-id');
+        const walletDeviceMessageToken = req.get('wallet-device-message-token');
+        const walletDeviceId = req.get('wallet-device-id');
+        const userSessionDoc = await node.upsertUserSession({
+          teamDid,
+          userDid: currentUser.did,
+          visitorId,
+          appPid: teamDid,
+          passportId: passport?.id,
+          status: 'online',
+          ua: null,
+          lastLoginIp,
+          extra: {
+            walletOS: 'web',
+            walletDeviceMessageToken,
+            walletDeviceId,
+          },
+        });
+        if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
+          const syncUserData = {
+            did: currentUser.did,
+            pk: currentUser.pk,
+            ...profile,
+            avatar: getUserAvatarUrl(blockletInfo.appUrl, profile.avatar),
+            connectedAccount: [connectedAccount],
+            inviter: doc.inviter,
+          };
+          const masterSite = federatedUtil.getFederatedMaster(blocklet);
+          node
+            .syncFederated({
+              did: teamDid,
+              data: {
+                users: [
+                  {
+                    ...syncUserData,
+                    action: 'connectAccount',
+                    sourceAppPid: sourceAppPid || masterSite?.appPid,
+                  },
+                ],
+              },
+            })
+            .then(() => {
+              node.syncUserSession({
+                teamDid,
+                userDid: userSessionDoc.userDid,
+                visitorId: userSessionDoc.visitorId,
+                passportId: passport?.id,
+                targetAppPid: sourceAppPid,
+                ua,
+                lastLoginIp,
+                extra: {
+                  walletOS: 'web',
+                  walletDeviceMessageToken,
+                  walletDeviceId,
+                },
+              });
+            });
+        }
+        const { createSessionToken } = initJwt(node, options);
+        const createToken = createTokenFn(createSessionToken);
+        const sessionConfig = blocklet.settings?.session || {};
+        const { sessionToken, refreshToken } = createToken(
+          currentUser.did,
+          {
+            secret: blockletInfo.secret,
+            passport,
+            role: passport.scope === 'passport' ? passport.role : ROLES.GUEST,
+            fullName: doc.fullName,
+            provider: LOGIN_PROVIDER.EMAIL,
+            walletOS: 'web',
+            emailVerified: !!doc?.emailVerified,
+            phoneVerified: !!doc?.phoneVerified,
+          },
+          { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+        );
+        return res.status(200).json({
+          sessionToken,
+          refreshToken,
+          visitorId: userSessionDoc.visitorId,
+        });
+      } catch (error) {
+        logger.error('Email login failed', { error });
+        return res.status(400).send(error.message);
+      }
+    });
     server.put(`${prefixApi}/notification/webhook`, checkUser, ensureBlocklet(), async (req, res) => {
       const { value, error } = webhookSetSchema.validate(req.body);
       if (error) {
@@ -865,8 +1266,8 @@ module.exports = {
             updateData.email = metadata.email;
           }
-          if (metadata.phone?.phoneNumber) {
-            updateData.phone = metadata.phone.phoneNumber;
+          if (metadata.phone) {
+            updateData.phone = metadata.phone?.phoneNumber || null;
           }
         }
@@ -875,7 +1276,7 @@ module.exports = {
           updateData.address = address;
         }
-        const user = await node.updateUser({
+        const user = await node.updateUserInfoAndSync({
           teamDid,
           user: updateData,
         });
@@ -937,35 +1338,6 @@ module.exports = {
       }
     );
-    // public api
-    server.get(`${prefixApi}`, ensureBlocklet(), async (req, res) => {
-      const inputSchema = Joi.DID().required();
-      const { error, value } = inputSchema.validate(req.query.did);
-      if (error) {
-        res.status(400).send({ error: error.details[0].message });
-        return;
-      }
-      const { blocklet } = req;
-      const teamDid = blocklet.appPid;
-      const user = await node.getUser({ teamDid, user: { did: value } });
-      if (!user || !user?.approved) {
-        res.status(404).send({ error: 'User not found' });
-        return;
-      }
-      if (user.avatar) {
-        user.avatar = getUserAvatarUrl(user.avatar, blocklet);
-      }
-      let returnFields = ['avatar', 'did', 'fullName', 'sourceAppPid', 'createdAt', 'email', 'phone', 'metadata'];
-      // 如果是自己查询，可以返回 address
-      const reqUser = req.user;
-      if (reqUser?.did === user.did) {
-        returnFields = returnFields.concat(['address']);
-      }
-      res.json(pick(user, returnFields));
-    });
     // 支持用户更新 DID Space 信息
     server.put(`${prefixApi}/updateDidSpace`, checkUser, ensureBlocklet(), async (req, res) => {
       try {
@@ -1043,5 +1415,35 @@ module.exports = {
         res.status(400).send(formatError(err));
       }
     });
+    // public api
+    // 获取用户可以公开的信息
+    server.get(`${prefixApi}`, ensureBlocklet(), async (req, res) => {
+      const inputSchema = Joi.DID().required();
+      const { error, value } = inputSchema.validate(req.query.did);
+      if (error) {
+        res.status(400).send({ error: error.details[0].message });
+        return;
+      }
+      const { blocklet } = req;
+      const teamDid = blocklet.appPid;
+      const user = await node.getUser({ teamDid, user: { did: value } });
+      if (!user || !user?.approved) {
+        res.status(404).send({ error: 'User not found' });
+        return;
+      }
+      if (user.avatar) {
+        user.avatar = getRawUserAvatarUrl(user.avatar, blocklet);
+      }
+      let returnFields = ['avatar', 'did', 'fullName', 'sourceAppPid', 'createdAt', 'email', 'phone', 'metadata'];
+      // 如果是自己查询，可以返回 address
+      const reqUser = req.user;
+      if (reqUser?.did === user.did) {
+        returnFields = returnFields.concat(['address']);
+      }
+      res.json(pick(user, returnFields));
+    });
   },
 };

package/api/services/auth/connect/issue-passport.js CHANGED Viewed

@@ -26,18 +26,18 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
     claims: {
       signature: async ({ extraParams, context: { request, baseUrl, didwallet } }) => {
-        const { id, locale } = extraParams;
+        const { id, locale, inviteId } = extraParams;
         checkWalletVersion({ didwallet, locale });
         const nodeInfo = await node.getNodeInfo();
         const teamDid = request.get('x-blocklet-did');
-        return createIssuePassportRequest({ node, nodeInfo, teamDid, id, locale, baseUrl });
+        return createIssuePassportRequest({ node, nodeInfo, teamDid, id, locale, baseUrl, inviteId });
       },
     },
     onAuth: async ({ userDid, userPk, claims, extraParams, updateSession, req, baseUrl }) => {
       // NOTICE: 和 did-connect 相关的 visitorId 需要从 extraParams 中获取，不能从 headers 中获取
-      const { locale, id, visitorId, inviter } = extraParams;
+      const { locale, inviteId, id, visitorId, inviter } = extraParams;
       const sourceAppPid = getSourceAppPid(req);
       const nodeInfo = await node.getNodeInfo();
       const blocklet = await req.getBlocklet();
@@ -64,6 +64,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         statusEndpointBaseUrl,
         updateSession,
         endpoint,
+        inviteId,
       });
       // NOTICE: 找回通行证的前提是用户已经存在，不存在需要更新 sourceAppPid 的情况，所以不会包含 sourceAppPid 字段

package/api/services/auth/connect/receive-transfer-app-owner.js CHANGED Viewed

@@ -19,6 +19,7 @@ const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const { getBlockletChainInfo, isInProgress } = require('@blocklet/meta/lib/util');
 const { ROLES, MAIN_CHAIN_ENDPOINT } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { PASSPORT_SOURCE, PASSPORT_LOG_ACTION, PASSPORT_ISSUE_ACTION } = require('@abtnode/constant');
 const { createTokenFn, getDidConnectVersion } = require('../../../util');
 const logger = require('../../../libs/logger')('blocklet-service:transfer-blocklet-owner');
@@ -238,7 +239,7 @@ module.exports = function createRoutes(node, _, createSessionToken) {
       const vc = await createPassportVC(vcParams);
       const role = getRoleFromLocalPassport(get(vc, 'credentialSubject.passport'));
-      const passport = createUserPassport(vc, { role });
+      const passport = createUserPassport(vc, { role, source: PASSPORT_SOURCE.ISSUE });
       // NOTICE: owner 必须是 did-wallet 账户，这里不应该去查询 connectedAccount
       const user = await getUser(node, appPid, userDid);
@@ -305,6 +306,21 @@ module.exports = function createRoutes(node, _, createSessionToken) {
         );
       }
+      if (passport) {
+        await node.createPassportLog(
+          appPid,
+          {
+            passportId: passport.id,
+            action: PASSPORT_LOG_ACTION.ISSUE,
+            operatorDid: userDid,
+            metadata: {
+              action: PASSPORT_ISSUE_ACTION.ISSUE_ON_RECEIVE_TRANSFER_APP_OWNER,
+            },
+          },
+          req
+        );
+      }
       // NOTICE: must NOT use appDid here if update BLOCKLET_APP_SK
       await node.configBlocklet(
         {

package/api/services/auth/connect/verify-destroy.js CHANGED Viewed

@@ -5,6 +5,7 @@ const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
 const { fromBase64 } = require('@ocap/util');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { PASSPORT_LOG_ACTION } = require('@abtnode/constant');
 const logger = require('../../../libs/logger')();
 const { createTokenFn, getDidConnectVersion } = require('../../../util');
 const { PASSPORT_VC_TYPES } = require('../../../libs/auth/utils');
@@ -59,11 +60,30 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         challenge,
         types: PASSPORT_VC_TYPES,
         trustedIssuers: await getTrustedIssuers(blocklet, { sourceAppPid }),
+        action: 'verify-destroy',
       });
       if (!ALLOWED_ROLES.includes(role)) {
         throw new Error(messages.notAllowed[locale]);
       }
+      if (passport) {
+        await node.createPassportLog(
+          blocklet.appPid,
+          {
+            passportId: passport.id,
+            action: PASSPORT_LOG_ACTION.USED,
+            operatorDid: userDid,
+            metadata: {
+              action: 'verify-destroy',
+              ownerDid: userDid,
+              userDid: user.did,
+            },
+          },
+          request
+        );
+      }
       const parsed = JSON.parse(fromBase64(payload).toString());
       const session = await node.startSession({ data: { ...parsed, type: 'destroy', operator: userDid } });