@abtnode/blocklet-services 1.16.41-beta-20250331-010247-966fcfb0 → 1.16.42-beta-20250402-131159-7647e64d

package/api/emails/_templates/verify-code-body.js

@@ -14,22 +14,22 @@ function VerifyCodeBody({ appName, locale = 'en', code, magicLink, }) {
     const translations = {
         en: {
             title: `Login to ${appName}`,
-            followConfirmation: `Thank you for signing up for ${appName}. To confirm your account, please follow the button below.`,
+            followConfirmation: `Thank you for login to ${appName}. To confirm your account, please click the button below.`,
             confirmButton: 'Confirm account',
             useConfirmLink: 'If Confirm Button does not work, please use the link below.',
             orEnterCode: `Or enter the following code in the application: `,
-            followEnterCode: `Thank you for signing up for ${appName}. To confirm your account, please enter the following code in the application`,
+            followEnterCode: `Thank you for login to ${appName}. To confirm your account, please enter the following code in the application`,
             codeExpiresIn: `This code expires in ${constant_1.VERIFY_CODE_TTL / 60 / 1000} minutes.`,
             doNotShareCodeTitle: 'Do NOT share this code with anyone.',
             doNotShareCode: "Only enter this code on the official application's website. If someone asks for this code, it could be a scam.",
         },
         zh: {
             title: `登录 ${appName}`,
-            followConfirmation: `感谢您注册 ${appName}，请点击以下按钮确认您的账户。`,
+            followConfirmation: `感谢您登录 ${appName}，请点击以下按钮确认您的账户。`,
             confirmButton: '确认账户',
             useConfirmLink: '如果确认按钮无法工作，请使用以下链接。',
             orEnterCode: `或者在应用中输入以下代码：`,
-            followEnterCode: `感谢您注册 ${appName}，请在应用中输入以下代码确认您的账户。`,
+            followEnterCode: `感谢您登录 ${appName}，请在应用中输入以下代码确认您的账户。`,
             codeExpiresIn: `此代码将在${constant_1.VERIFY_CODE_TTL / 60 / 1000}分钟内过期。`,
             doNotShareCodeTitle: '请勿将此代码分享给任何人。',
             doNotShareCode: '请仅在官方应用的网站上输入此代码。如果有人要求提供此代码，这可能是一个骗局。',

package/api/routes/blocklet.js

@@ -2,7 +2,7 @@
 const fs = require('fs-extra');
 const path = require('path');
 const get = require('lodash/get');
-const cloneDeep = require('lodash/cloneDeep');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const dayjs = require('@abtnode/util/lib/dayjs');
 const JWT = require('@arcblock/jwt');
 const { isValid } = require('@arcblock/did');

package/api/routes/oauth.js

@@ -1,23 +1,15 @@
-const { messages, handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
-const { createPassportList, createPassportSwitcher, checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
-const {
-  WELLKNOWN_SERVICE_PATH_PREFIX,
-  PASSPORT_STATUS,
-  ROLES,
-  SECURITY_RULE_DEFAULT_ID,
-} = require('@abtnode/constant');
+const { handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
+const { createPassportList, createPassportSwitcher } = require('@abtnode/auth/lib/oauth');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { extractUserAvatar, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const { fromAppDid } = require('@arcblock/did-ext');
-const last = require('lodash/last');
 const pick = require('lodash/pick');
-const sortBy = require('lodash/sortBy');
-const cloneDeep = require('lodash/cloneDeep');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const { joinURL } = require('ufo');
 const { upsertToPassports } = require('@abtnode/auth/lib/passport');
 const { getWalletDid, getConnectedAccounts, getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
-const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const CustomError = require('@abtnode/util/lib/custom-error');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { withHttps, withTrailingSlash } = require('ufo');
@@ -34,6 +26,7 @@ const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
 const { createTokenFn, getDidConnectVersion, redirectWithoutCache } = require('../util');
 const federatedUtil = require('../util/federated');
+const userUtil = require('../util/user-util');
 const { isOAuthEmailVerified, isEmailUniqueRequired, isEmailKycRequired, isSameEmail } = require('../libs/kyc');
 const checkUser = require('../middlewares/check-user');
 
@@ -175,13 +168,12 @@ function getAuthClient(blocklet, provider, { legacy = false, appPid } = {}) {
 
 async function login(req, node, options) {
   const blocklet = await req.getBlocklet();
+  const teamDid = blocklet.appPid;
   const { locale = 'en', provider, inviter = null, sourceAppPid = null } = req.body;
-  const visitorId = req.get('x-blocklet-visitor-id');
   if (!blocklet.settings?.owner) {
     throw new CustomError(400, t('oauthCantBeOwner', locale));
   }
 
-  const { did: teamDid, secret, appUrl } = await req.getBlockletInfo();
   const { info: oauthInfo, wallet: userWallet } = await getOAuthFederatedUserInfo(req, {
     blocklet,
   });
@@ -189,20 +181,10 @@ async function login(req, node, options) {
   const userDid = userWallet.address;
   const userPk = userWallet.publicKey;
 
-  const { accessPolicyConfig } = await req.getSecurityConfig({ id: SECURITY_RULE_DEFAULT_ID });
-  const nodeInfo = await req.getNodeInfo();
-  const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
-  const isInvitedUserOnly = await checkInvitedUserOnly(accessPolicyConfig, node, teamDid);
-
-  const lastLoginIp = getRequestIP(req);
-  let passport = { name: 'Guest', role: 'guest' };
   let currentUser = await federatedUtil.getUserWithinFederated(
     { sourceAppPid, teamDid, userDid, userPk },
     { node, blocklet }
   );
-  let doc;
-  let passportForLog;
-  const fullName = currentUser?.fullName || oauthInfo?.name;
   const connectedAccount = {
     provider,
     did: userDid,
@@ -210,43 +192,14 @@ async function login(req, node, options) {
     id: oauthInfo.sub,
     userInfo: oauthInfo,
   };
-  const masterSite = federatedUtil.getFederatedMaster(blocklet);
   let profile;
-  // 当前账户已存在，更新账户信息
-  if (currentUser) {
-    profile = {
-      fullName: currentUser.fullName,
-      email: currentUser.email || '',
-      avatar: currentUser.avatar,
-    };
-    const allPassports = currentUser.passports || [];
-    const validPassports = allPassports.filter((item) => item.status === PASSPORT_STATUS.VALID);
-    const lastUsedPassport = last(sortBy(validPassports, 'lastLoginAt'));
-    passportForLog = lastUsedPassport;
-    if (lastUsedPassport) {
-      passport = pick(lastUsedPassport, ['id', 'name', 'role', 'scope']);
-    }
-
-    doc = await node.loginUser({
-      teamDid,
-      user: {
-        did: currentUser.did,
-        pk: currentUser.pk,
-        locale,
-        lastLoginIp,
-        sourceAppPid,
-        passport: lastUsedPassport,
-        connectedAccount,
-      },
-    });
-  } else {
+  const lastUsedPassport = userUtil.getLastUsedPassport({ passports: currentUser?.passports });
+  if (!currentUser) {
     currentUser = {
       did: userDid,
       pk: userPk,
     };
-    if (isInvitedUserOnly) {
-      throw new CustomError(403, messages.notInvited[locale]);
-    }
+    await userUtil.checkNeedInvite({ req, node, teamDid, locale });
 
     if (isEmailUniqueRequired(blocklet)) {
       const used = await node.isEmailUsed({
@@ -261,116 +214,28 @@ async function login(req, node, options) {
     }
 
     // 当前 oauth 账户不存在，自动添加一个新用户
-    let avatar = oauthInfo.picture ? await getAvatarByUrl(oauthInfo.picture) : await getAvatarByEmail(oauthInfo.email);
-    avatar = await extractUserAvatar(avatar, { dataDir });
-    passportForLog = { name: 'Guest', role: 'guest', scope: 'passport' };
+    const avatar = oauthInfo.picture
+      ? await userUtil.getAvatarBnByUrl(oauthInfo.picture, { req, node })
+      : await userUtil.getAvatarBnByEmail(oauthInfo.email, { req, node });
     profile = {
       fullName: oauthInfo.name,
       email: oauthInfo.email,
       avatar,
       emailVerified: isOAuthEmailVerified(blocklet, oauthInfo),
+      inviter,
     };
-    doc = await node.loginUser({
-      teamDid,
-      user: {
-        connectedAccount,
-        did: userDid,
-        pk: userPk,
-        sourceAppPid,
-        ...profile,
-        locale,
-        inviter,
-        lastLoginIp,
-      },
-    });
   }
 
-  await node.createAuditLog(
+  const { sessionToken, refreshToken, visitorId } = await userUtil.loginUserSession(
     {
-      action: 'login',
-      args: { teamDid, userDid: currentUser.did || userDid, passport: passportForLog, provider, sourceAppPid },
-      context: formatContext(Object.assign(req, { user: doc })),
-      result: doc,
-    },
-    node
-  );
-
-  const ua = req.get('user-agent');
-  const walletDeviceMessageToken = req.get('wallet-device-message-token');
-  const walletDeviceId = req.get('wallet-device-id');
-  const userSessionDoc = await node.upsertUserSession({
-    teamDid,
-    userDid: currentUser.did,
-    visitorId,
-    appPid: teamDid,
-    passportId: passport?.id,
-    status: 'online',
-    ua: null,
-    lastLoginIp,
-    extra: {
-      walletOS: 'web',
-      walletDeviceMessageToken,
-      walletDeviceId,
-    },
-  });
-
-  if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-    const syncUserData = {
-      did: userDid,
-      pk: userPk,
-      ...profile,
-      avatar: getUserAvatarUrl(appUrl, profile.avatar),
-      connectedAccount: [connectedAccount],
-      inviter: doc.inviter,
-    };
-
-    node
-      .syncFederated({
-        did: teamDid,
-        data: {
-          users: [
-            {
-              ...syncUserData,
-              action: 'connectAccount',
-              sourceAppPid: sourceAppPid || masterSite?.appPid,
-            },
-          ],
-        },
-      })
-      .then(() => {
-        node.syncUserSession({
-          teamDid,
-          userDid: userSessionDoc.userDid,
-          visitorId: userSessionDoc.visitorId,
-          passportId: passport?.id,
-          targetAppPid: sourceAppPid,
-          ua,
-          lastLoginIp,
-          extra: {
-            walletOS: 'web',
-            walletDeviceMessageToken,
-            walletDeviceId,
-          },
-        });
-      });
-  }
-
-  const { createSessionToken } = initJwt(node, options);
-  const createToken = createTokenFn(createSessionToken);
-  const sessionConfig = blocklet.settings?.session || {};
-  const { sessionToken, refreshToken } = createToken(
-    currentUser.did,
-    {
-      secret,
-      passport,
-      role: passport.scope === 'passport' ? passport.role : ROLES.GUEST,
-      fullName,
-      provider,
-      walletOS: 'web',
-      emailVerified: !!doc?.emailVerified,
-      phoneVerified: !!doc?.phoneVerified,
+      did: currentUser.did || userDid,
+      pk: currentUser.pk,
+      profile,
+      passport: lastUsedPassport,
+      sourceAppPid,
+      connectedAccount,
     },
-    { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+    { req, node, options }
   );
 
   // for backward compatibility
@@ -381,42 +246,35 @@ async function login(req, node, options) {
   return {
     sessionToken,
     refreshToken,
-    visitorId: userSessionDoc.visitorId,
+    visitorId,
   };
 }
 
 async function invite(req, node, options) {
   const { locale, inviteId, baseUrl, provider = LOGIN_PROVIDER.AUTH0, sourceAppPid = null } = req.body;
-  const visitorId = req.get('x-blocklet-visitor-id');
   const blocklet = await req.getBlocklet();
-
-  const { did: teamDid, secret } = await req.getBlockletInfo();
+  const teamDid = blocklet.appPid;
 
   const { info: oauthInfo, wallet: userWallet } = await getOAuthFederatedUserInfo(req, {
     blocklet,
   });
 
   const nodeInfo = await req.getNodeInfo();
-  let userDid = userWallet.address;
-  let userPk = userWallet.publicKey;
+  const userDid = userWallet.address;
+  const userPk = userWallet.publicKey;
 
   let profile;
-
-  const currentUser = await federatedUtil.getUserWithinFederated(
+  let currentUser = await federatedUtil.getUserWithinFederated(
     { sourceAppPid, teamDid, userDid, userPk },
     { node, blocklet }
   );
 
-  const { dataDir, name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
-  if (currentUser) {
-    profile = {
-      email: currentUser.email,
-      fullName: currentUser.fullName,
-      avatar: getUserAvatarUrl(baseUrl, currentUser.avatar),
+  const { name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
+  if (!currentUser) {
+    currentUser = {
+      did: userDid,
+      pk: userPk,
     };
-    userDid = currentUser.did;
-    userPk = currentUser.pk;
-  } else {
     if (isEmailUniqueRequired(blocklet)) {
       const used = await node.isEmailUsed({
         teamDid,
@@ -429,8 +287,9 @@ async function invite(req, node, options) {
       }
     }
 
-    let avatar = oauthInfo.picture ? await getAvatarByUrl(oauthInfo.picture) : await getAvatarByEmail(oauthInfo.email);
-    avatar = await extractUserAvatar(avatar, { dataDir });
+    const avatar = oauthInfo.picture
+      ? await userUtil.getAvatarBnByUrl(oauthInfo.picture, { req, node })
+      : await userUtil.getAvatarBnByEmail(oauthInfo.email, { req, node });
     profile = {
       email: oauthInfo.email,
       fullName: oauthInfo.name,
@@ -450,7 +309,11 @@ async function invite(req, node, options) {
     endpoint,
     inviteId,
     nodeInfo,
-    profile,
+    profile: profile || {
+      email: currentUser.email,
+      fullName: currentUser.fullName,
+      avatar: getUserAvatarUrl(baseUrl, currentUser.avatar),
+    },
     statusEndpointBaseUrl,
     teamDid,
     userDid: userWallet.address,
@@ -458,10 +321,6 @@ async function invite(req, node, options) {
     locale,
     provider,
   });
-  const masterSite = federatedUtil.getFederatedMaster(blocklet);
-  const syncData = {
-    users: [],
-  };
 
   if (currentUser) {
     const walletDid = getWalletDid(currentUser);
@@ -485,102 +344,29 @@ async function invite(req, node, options) {
         { req }
       );
     }
-  } else {
-    const connectedAccount = {
-      provider,
-      id: oauthInfo.sub,
-      did: userWallet.address,
-      pk: userWallet.publicKey,
-      userInfo: oauthInfo,
-    };
-    await node.loginUser({
-      teamDid,
-      user: {
-        did: userDid,
-        pk: userPk,
-        connectedAccount,
-        sourceAppPid,
-        inviter: inviteInfo.inviter?.did,
-        remark: inviteInfo.remark,
-      },
-    });
-    if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-      const syncUserData = {
-        did: userDid,
-        pk: userPk,
-        ...profile,
-        inviter: inviteInfo.inviter?.did,
-        connectedAccount: [connectedAccount],
-      };
-      syncData.users.push({
-        ...syncUserData,
-        action: 'connectAccount',
-        // HACK: @zhanghan 这里会造成 master 中的用户也增加 sourceAppPid 字段，需要在 sync 接收端处理
-        sourceAppPid: sourceAppPid || masterSite?.appPid,
-      });
-    }
   }
-  const lastLoginIp = getRequestIP(req);
-  const ua = req.get('user-agent');
-  const walletDeviceMessageToken = req.get('wallet-device-message-token');
-  const walletDeviceId = req.get('wallet-device-id');
-  const userSessionDoc = await node.upsertUserSession({
-    teamDid,
-    userDid,
-    visitorId,
-    appPid: teamDid,
-    passportId: passport.id,
-    status: 'online',
-    ua: null,
-    lastLoginIp,
-    extra: {
-      walletOS: 'web',
-      walletDeviceMessageToken,
-      walletDeviceId,
-    },
-  });
+  const connectedAccount = {
+    provider,
+    id: oauthInfo.sub,
+    did: userWallet.address,
+    pk: userWallet.publicKey,
+    userInfo: oauthInfo,
+  };
 
-  if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-    node
-      .syncFederated({
-        did: teamDid,
-        data: syncData,
-      })
-      .then(() => {
-        node.syncUserSession({
-          teamDid,
-          userDid: userSessionDoc.userDid,
-          visitorId: userSessionDoc.visitorId,
-          passportId: passport?.id,
-          targetAppPid: sourceAppPid,
-          ua,
-          lastLoginIp,
-          extra: {
-            walletOS: 'web',
-            walletDeviceMessageToken,
-            walletDeviceId,
-          },
-        });
-      });
+  if (profile) {
+    profile.inviter = inviteInfo.inviter?.did;
   }
 
-  const { createSessionToken } = initJwt(node, options);
-  const createToken = createTokenFn(createSessionToken);
-  const sessionConfig = blocklet.settings?.session || {};
-
-  const { sessionToken, refreshToken } = createToken(
-    userDid,
+  const { sessionToken, refreshToken, visitorId } = await userUtil.loginUserSession(
     {
-      secret,
+      did: currentUser.did,
+      pk: currentUser.pk,
+      profile,
       passport,
-      role,
-      fullName: profile.fullName,
-      provider,
-      walletOS: 'web',
-      emailVerified: !!user?.emailVerified,
-      phoneVerified: !!user?.phoneVerified,
+      sourceAppPid,
+      connectedAccount,
     },
-    { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+    { req, node, options, loggedUser: user }
   );
 
   // for backward compatibility
@@ -591,7 +377,7 @@ async function invite(req, node, options) {
   return {
     sessionToken,
     refreshToken,
-    visitorId: userSessionDoc.visitorId,
+    visitorId,
   };
 }
 

package/api/routes/user-session.js

@@ -3,7 +3,7 @@ const { WELLKNOWN_SERVICE_PATH_PREFIX, SESSION_TTL, PASSPORT_LOG_ACTION } = requ
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const pick = require('lodash/pick');
 const defaults = require('lodash/defaults');
-const cloneDeep = require('lodash/cloneDeep');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const omit = require('lodash/omit');
 const pLimit = require('p-limit');
 const { getSourceProvider } = require('@blocklet/meta/lib/did-utils');