npm - @abtnode/blocklet-services - Versions diffs - 1.16.41 → 1.16.42-beta-20250403-230303-c167c6a1 - Mend

@abtnode/blocklet-services 1.16.41 → 1.16.42-beta-20250403-230303-c167c6a1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (332) hide show

package/api/emails/_templates/verify-code-body.js CHANGED Viewed

@@ -14,22 +14,22 @@ function VerifyCodeBody({ appName, locale = 'en', code, magicLink, }) {
     const translations = {
         en: {
             title: `Login to ${appName}`,
-            followConfirmation: `Thank you for signing up for ${appName}. To confirm your account, please follow the button below.`,
+            followConfirmation: `Thank you for login to ${appName}. To confirm your account, please click the button below.`,
             confirmButton: 'Confirm account',
             useConfirmLink: 'If Confirm Button does not work, please use the link below.',
             orEnterCode: `Or enter the following code in the application: `,
-            followEnterCode: `Thank you for signing up for ${appName}. To confirm your account, please enter the following code in the application`,
+            followEnterCode: `Thank you for login to ${appName}. To confirm your account, please enter the following code in the application`,
             codeExpiresIn: `This code expires in ${constant_1.VERIFY_CODE_TTL / 60 / 1000} minutes.`,
             doNotShareCodeTitle: 'Do NOT share this code with anyone.',
             doNotShareCode: "Only enter this code on the official application's website. If someone asks for this code, it could be a scam.",
         },
         zh: {
             title: `登录 ${appName}`,
-            followConfirmation: `感谢您注册 ${appName}，请点击以下按钮确认您的账户。`,
+            followConfirmation: `感谢您登录 ${appName}，请点击以下按钮确认您的账户。`,
             confirmButton: '确认账户',
             useConfirmLink: '如果确认按钮无法工作，请使用以下链接。',
             orEnterCode: `或者在应用中输入以下代码：`,
-            followEnterCode: `感谢您注册 ${appName}，请在应用中输入以下代码确认您的账户。`,
+            followEnterCode: `感谢您登录 ${appName}，请在应用中输入以下代码确认您的账户。`,
             codeExpiresIn: `此代码将在${constant_1.VERIFY_CODE_TTL / 60 / 1000}分钟内过期。`,
             doNotShareCodeTitle: '请勿将此代码分享给任何人。',
             doNotShareCode: '请仅在官方应用的网站上输入此代码。如果有人要求提供此代码，这可能是一个骗局。',

package/api/index.js CHANGED Viewed

@@ -22,6 +22,7 @@ const {
   RESOURCE_PATTERN,
 } = require('@blocklet/constant');
 const { getAppOgCacheDir } = require('@abtnode/util/lib/blocklet');
+const { ensureLocale } = require('@abtnode/util/lib/middlewares/ensure-locale');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const createInvite = require('@abtnode/auth/lib/invitation');
 const { getStatusFromError } = require('@abtnode/util/lib/custom-error');
@@ -448,6 +449,8 @@ module.exports = function createServer(node, serverOptions = {}) {
   server.set('trust proxy', 'loopback');
   server.use(cookieParser());
+  // 此时没有执行 bodyParser，所以不使用 body 进行判断
+  server.use(ensureLocale({ methods: ['query', 'cookies'] }));
   // Shared util functions on current request
   server.use((req, res, next) => {
@@ -649,7 +652,7 @@ self.blocklet = {
   });
   // This must come after all proxied requests that begins with WELLKNOWN_SERVICE_PATH_PREFIX
-  server.use(WELLKNOWN_SERVICE_PATH_PREFIX, bodyParser);
+  server.use(WELLKNOWN_SERVICE_PATH_PREFIX, bodyParser, ensureLocale({ force: true }));
   // Studio service
   StudioService.init(server, node);

package/api/libs/connect/session.js CHANGED Viewed

@@ -47,6 +47,7 @@ const { getSourceAppPid, getLoginProvider } = require('@blocklet/sdk/lib/util/lo
 const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abtnode/auth/lib/util/spaces');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const { PASSPORT_LOG_ACTION, PASSPORT_SOURCE, PASSPORT_STATUS } = require('@abtnode/constant');
+const { getDeviceData } = require('@abtnode/util/lib/device');
 const logger = require('../logger')('connect');
 const { createTokenFn, getDidConnectVersion } = require('../../util');
@@ -595,11 +596,10 @@ module.exports = {
         );
       }
       const lastLoginIp = getRequestIP(request);
-      const walletDeviceMessageToken = request.get('wallet-device-message-token');
-      const walletDeviceId = request.get('wallet-device-id');
       const ua = request.get('user-agent');
       // request.context.store.connectedWallet
       const walletOS = request.context.didwallet.os;
+      const deviceData = getDeviceData({ req: request });
       const userSessionDoc = await node.upsertUserSession({
         teamDid,
@@ -612,8 +612,7 @@ module.exports = {
         lastLoginIp,
         extra: {
           walletOS,
-          walletDeviceMessageToken,
-          walletDeviceId,
+          device: deviceData,
         },
       });
@@ -651,8 +650,7 @@ module.exports = {
               lastLoginIp,
               extra: {
                 walletOS,
-                walletDeviceMessageToken,
-                walletDeviceId,
+                device: deviceData,
               },
             });
           });

package/api/libs/jwt.js CHANGED Viewed

@@ -47,7 +47,7 @@ const initJwt = (node, options) => {
       elevated,
     });
-  const verifySessionToken = (token, secret, { checkFromDb, teamDid, checkToken } = {}) =>
+  const verifySessionToken = (token, secret, { checkFromDb, teamDid, checkToken, locale = 'en' } = {}) =>
     // eslint-disable-next-line implicit-arrow-linebreak
     new Promise((resolve, reject) => {
       jwt.verify(token, secret, async (err, decoded) => {
@@ -91,13 +91,13 @@ const initJwt = (node, options) => {
           }
           if (!user.approved) {
-            return reject(new Error(`Invalid jwt token: ${messages.notAllowedAppUser.en}`));
+            return reject(new Error(`Invalid jwt token: ${messages.notAllowedAppUser[locale]}`));
           }
           if (passport && passport.id) {
             const valid = await node.isPassportValid({ teamDid, passportId: passport.id });
             if (valid === false) {
-              return reject(new Error(`Passport ${passport.name} has been revoked`));
+              return reject(new Error(messages.passportRevoked[locale](passport.name, passport.issuer?.name)));
             }
           }

package/api/libs/push-kit/index.js CHANGED Viewed

@@ -56,10 +56,13 @@ async function sendPush(receiver, notification, { node, teamDid }) {
       user.userSessions.forEach((x) => {
         // NOTICE: 这里需要转为小写来判断
         const platform = x?.extra?.walletOS?.toLowerCase();
-        const deviceToken = x?.extra?.walletDeviceMessageToken;
+        // 兼容处理，支持读取 walletDeviceMessageToken
+        const deviceToken = x?.extra?.device?.messageToken || x?.extra?.walletDeviceMessageToken;
+        const deviceClientName = x?.extra?.device?.clientName;
         if (platform && ['ios', 'android', 'ios-sandbox'].includes(platform) && deviceToken) {
           acc.push({
             platform,
+            deviceClientName,
             deviceToken,
             userDid: x.userDid,
           });
@@ -70,7 +73,7 @@ async function sendPush(receiver, notification, { node, teamDid }) {
   }, []);
   const filterTargets = uniqWith(targets, (a, b) => {
-    return a.deviceToken === b.deviceToken && a.platform === b.platform;
+    return a.deviceToken === b.deviceToken && a.platform === b.platform && a.deviceClientName === b.deviceClientName;
   });
   if (filterTargets.length === 0) {

package/api/routes/blocklet.js CHANGED Viewed

@@ -2,7 +2,7 @@
 const fs = require('fs-extra');
 const path = require('path');
 const get = require('lodash/get');
-const cloneDeep = require('lodash/cloneDeep');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const dayjs = require('@abtnode/util/lib/dayjs');
 const JWT = require('@arcblock/jwt');
 const { isValid } = require('@arcblock/did');

package/api/routes/federated.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const { WELLKNOWN_SERVICE_PATH_PREFIX, FEDERATED } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX, FEDERATED, PASSPORT_STATUS } = require('@abtnode/constant');
 const { signV2 } = require('@arcblock/jwt');
 const isNil = require('lodash/isNil');
 const pick = require('lodash/pick');
@@ -573,13 +573,23 @@ module.exports = {
           }
         );
         if (prevUser?.approved === false) {
-          res.status(401).json({ error: messages.notAllowedAppUser.en });
+          res.status(401).json({ error: messages.notAllowedAppUser[req.blockletLocale] });
           return;
         }
         // HACK: member 调用 master 时，将 passport 的 role 还原为 master 中原有的 role
         const targetPassport = passport?.id
           ? (prevUser?.passports || []).find((item) => item.id === passport.id)
           : null;
+        if (targetPassport?.status === PASSPORT_STATUS.EXPIRED) {
+          res.status(401).json({ error: messages.passportExpired[req.blockletLocale] });
+          return;
+        }
+        if (targetPassport?.status === PASSPORT_STATUS.REVOKED) {
+          res.status(401).json({
+            error: messages.passportRevoked[req.blockletLocale](targetPassport.title, targetPassport.issuer?.name),
+          });
+          return;
+        }
         // HACK: 用户在 master 中存在时，不更新任何用户信息；不存在时，将新增一个用户
         const filterUserInfo = prevUser ? {} : user;

package/api/routes/oauth.js CHANGED Viewed

@@ -1,23 +1,15 @@
-const { messages, handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
-const { createPassportList, createPassportSwitcher, checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
-const {
-  WELLKNOWN_SERVICE_PATH_PREFIX,
-  PASSPORT_STATUS,
-  ROLES,
-  SECURITY_RULE_DEFAULT_ID,
-} = require('@abtnode/constant');
+const { handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
+const { createPassportList, createPassportSwitcher } = require('@abtnode/auth/lib/oauth');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { extractUserAvatar, getUserAvatarUrl } = require('@abtnode/util/lib/user');
 const { fromAppDid } = require('@arcblock/did-ext');
-const last = require('lodash/last');
 const pick = require('lodash/pick');
-const sortBy = require('lodash/sortBy');
-const cloneDeep = require('lodash/cloneDeep');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const { joinURL } = require('ufo');
 const { upsertToPassports } = require('@abtnode/auth/lib/passport');
 const { getWalletDid, getConnectedAccounts, getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
-const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const CustomError = require('@abtnode/util/lib/custom-error');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { withHttps, withTrailingSlash } = require('ufo');
@@ -34,6 +26,7 @@ const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
 const { createTokenFn, getDidConnectVersion, redirectWithoutCache } = require('../util');
 const federatedUtil = require('../util/federated');
+const userUtil = require('../util/user-util');
 const { isOAuthEmailVerified, isEmailUniqueRequired, isEmailKycRequired, isSameEmail } = require('../libs/kyc');
 const checkUser = require('../middlewares/check-user');
@@ -175,13 +168,12 @@ function getAuthClient(blocklet, provider, { legacy = false, appPid } = {}) {
 async function login(req, node, options) {
   const blocklet = await req.getBlocklet();
+  const teamDid = blocklet.appPid;
   const { locale = 'en', provider, inviter = null, sourceAppPid = null } = req.body;
-  const visitorId = req.get('x-blocklet-visitor-id');
   if (!blocklet.settings?.owner) {
     throw new CustomError(400, t('oauthCantBeOwner', locale));
   }
-  const { did: teamDid, secret, appUrl } = await req.getBlockletInfo();
   const { info: oauthInfo, wallet: userWallet } = await getOAuthFederatedUserInfo(req, {
     blocklet,
   });
@@ -189,20 +181,10 @@ async function login(req, node, options) {
   const userDid = userWallet.address;
   const userPk = userWallet.publicKey;
-  const { accessPolicyConfig } = await req.getSecurityConfig({ id: SECURITY_RULE_DEFAULT_ID });
-  const nodeInfo = await req.getNodeInfo();
-  const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
-  const isInvitedUserOnly = await checkInvitedUserOnly(accessPolicyConfig, node, teamDid);
-  const lastLoginIp = getRequestIP(req);
-  let passport = { name: 'Guest', role: 'guest' };
   let currentUser = await federatedUtil.getUserWithinFederated(
     { sourceAppPid, teamDid, userDid, userPk },
     { node, blocklet }
   );
-  let doc;
-  let passportForLog;
-  const fullName = currentUser?.fullName || oauthInfo?.name;
   const connectedAccount = {
     provider,
     did: userDid,
@@ -210,43 +192,14 @@ async function login(req, node, options) {
     id: oauthInfo.sub,
     userInfo: oauthInfo,
   };
-  const masterSite = federatedUtil.getFederatedMaster(blocklet);
   let profile;
-  // 当前账户已存在，更新账户信息
-  if (currentUser) {
-    profile = {
-      fullName: currentUser.fullName,
-      email: currentUser.email || '',
-      avatar: currentUser.avatar,
-    };
-    const allPassports = currentUser.passports || [];
-    const validPassports = allPassports.filter((item) => item.status === PASSPORT_STATUS.VALID);
-    const lastUsedPassport = last(sortBy(validPassports, 'lastLoginAt'));
-    passportForLog = lastUsedPassport;
-    if (lastUsedPassport) {
-      passport = pick(lastUsedPassport, ['id', 'name', 'role', 'scope']);
-    }
-    doc = await node.loginUser({
-      teamDid,
-      user: {
-        did: currentUser.did,
-        pk: currentUser.pk,
-        locale,
-        lastLoginIp,
-        sourceAppPid,
-        passport: lastUsedPassport,
-        connectedAccount,
-      },
-    });
-  } else {
+  const lastUsedPassport = userUtil.getLastUsedPassport({ passports: currentUser?.passports });
+  if (!currentUser) {
     currentUser = {
       did: userDid,
       pk: userPk,
     };
-    if (isInvitedUserOnly) {
-      throw new CustomError(403, messages.notInvited[locale]);
-    }
+    await userUtil.checkNeedInvite({ req, node, teamDid, locale });
     if (isEmailUniqueRequired(blocklet)) {
       const used = await node.isEmailUsed({
@@ -261,116 +214,28 @@ async function login(req, node, options) {
     }
     // 当前 oauth 账户不存在，自动添加一个新用户
-    let avatar = oauthInfo.picture ? await getAvatarByUrl(oauthInfo.picture) : await getAvatarByEmail(oauthInfo.email);
-    avatar = await extractUserAvatar(avatar, { dataDir });
-    passportForLog = { name: 'Guest', role: 'guest', scope: 'passport' };
+    const avatar = oauthInfo.picture
+      ? await userUtil.getAvatarBnByUrl(oauthInfo.picture, { req, node })
+      : await userUtil.getAvatarBnByEmail(oauthInfo.email, { req, node });
     profile = {
       fullName: oauthInfo.name,
       email: oauthInfo.email,
       avatar,
       emailVerified: isOAuthEmailVerified(blocklet, oauthInfo),
+      inviter,
     };
-    doc = await node.loginUser({
-      teamDid,
-      user: {
-        connectedAccount,
-        did: userDid,
-        pk: userPk,
-        sourceAppPid,
-        ...profile,
-        locale,
-        inviter,
-        lastLoginIp,
-      },
-    });
   }
-  await node.createAuditLog(
+  const { sessionToken, refreshToken, visitorId } = await userUtil.loginUserSession(
     {
-      action: 'login',
-      args: { teamDid, userDid: currentUser.did || userDid, passport: passportForLog, provider, sourceAppPid },
-      context: formatContext(Object.assign(req, { user: doc })),
-      result: doc,
-    },
-    node
-  );
-  const ua = req.get('user-agent');
-  const walletDeviceMessageToken = req.get('wallet-device-message-token');
-  const walletDeviceId = req.get('wallet-device-id');
-  const userSessionDoc = await node.upsertUserSession({
-    teamDid,
-    userDid: currentUser.did,
-    visitorId,
-    appPid: teamDid,
-    passportId: passport?.id,
-    status: 'online',
-    ua: null,
-    lastLoginIp,
-    extra: {
-      walletOS: 'web',
-      walletDeviceMessageToken,
-      walletDeviceId,
-    },
-  });
-  if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-    const syncUserData = {
-      did: userDid,
-      pk: userPk,
-      ...profile,
-      avatar: getUserAvatarUrl(appUrl, profile.avatar),
-      connectedAccount: [connectedAccount],
-      inviter: doc.inviter,
-    };
-    node
-      .syncFederated({
-        did: teamDid,
-        data: {
-          users: [
-            {
-              ...syncUserData,
-              action: 'connectAccount',
-              sourceAppPid: sourceAppPid || masterSite?.appPid,
-            },
-          ],
-        },
-      })
-      .then(() => {
-        node.syncUserSession({
-          teamDid,
-          userDid: userSessionDoc.userDid,
-          visitorId: userSessionDoc.visitorId,
-          passportId: passport?.id,
-          targetAppPid: sourceAppPid,
-          ua,
-          lastLoginIp,
-          extra: {
-            walletOS: 'web',
-            walletDeviceMessageToken,
-            walletDeviceId,
-          },
-        });
-      });
-  }
-  const { createSessionToken } = initJwt(node, options);
-  const createToken = createTokenFn(createSessionToken);
-  const sessionConfig = blocklet.settings?.session || {};
-  const { sessionToken, refreshToken } = createToken(
-    currentUser.did,
-    {
-      secret,
-      passport,
-      role: passport.scope === 'passport' ? passport.role : ROLES.GUEST,
-      fullName,
-      provider,
-      walletOS: 'web',
-      emailVerified: !!doc?.emailVerified,
-      phoneVerified: !!doc?.phoneVerified,
+      did: currentUser.did || userDid,
+      pk: currentUser.pk,
+      profile,
+      passport: lastUsedPassport,
+      sourceAppPid,
+      connectedAccount,
     },
-    { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+    { req, node, options }
   );
   // for backward compatibility
@@ -381,42 +246,35 @@ async function login(req, node, options) {
   return {
     sessionToken,
     refreshToken,
-    visitorId: userSessionDoc.visitorId,
+    visitorId,
   };
 }
 async function invite(req, node, options) {
   const { locale, inviteId, baseUrl, provider = LOGIN_PROVIDER.AUTH0, sourceAppPid = null } = req.body;
-  const visitorId = req.get('x-blocklet-visitor-id');
   const blocklet = await req.getBlocklet();
-  const { did: teamDid, secret } = await req.getBlockletInfo();
+  const teamDid = blocklet.appPid;
   const { info: oauthInfo, wallet: userWallet } = await getOAuthFederatedUserInfo(req, {
     blocklet,
   });
   const nodeInfo = await req.getNodeInfo();
-  let userDid = userWallet.address;
-  let userPk = userWallet.publicKey;
+  const userDid = userWallet.address;
+  const userPk = userWallet.publicKey;
   let profile;
-  const currentUser = await federatedUtil.getUserWithinFederated(
+  let currentUser = await federatedUtil.getUserWithinFederated(
     { sourceAppPid, teamDid, userDid, userPk },
     { node, blocklet }
   );
-  const { dataDir, name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
-  if (currentUser) {
-    profile = {
-      email: currentUser.email,
-      fullName: currentUser.fullName,
-      avatar: getUserAvatarUrl(baseUrl, currentUser.avatar),
+  const { name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
+  if (!currentUser) {
+    currentUser = {
+      did: userDid,
+      pk: userPk,
     };
-    userDid = currentUser.did;
-    userPk = currentUser.pk;
-  } else {
     if (isEmailUniqueRequired(blocklet)) {
       const used = await node.isEmailUsed({
         teamDid,
@@ -429,8 +287,9 @@ async function invite(req, node, options) {
       }
     }
-    let avatar = oauthInfo.picture ? await getAvatarByUrl(oauthInfo.picture) : await getAvatarByEmail(oauthInfo.email);
-    avatar = await extractUserAvatar(avatar, { dataDir });
+    const avatar = oauthInfo.picture
+      ? await userUtil.getAvatarBnByUrl(oauthInfo.picture, { req, node })
+      : await userUtil.getAvatarBnByEmail(oauthInfo.email, { req, node });
     profile = {
       email: oauthInfo.email,
       fullName: oauthInfo.name,
@@ -450,7 +309,11 @@ async function invite(req, node, options) {
     endpoint,
     inviteId,
     nodeInfo,
-    profile,
+    profile: profile || {
+      email: currentUser.email,
+      fullName: currentUser.fullName,
+      avatar: getUserAvatarUrl(baseUrl, currentUser.avatar),
+    },
     statusEndpointBaseUrl,
     teamDid,
     userDid: userWallet.address,
@@ -458,10 +321,6 @@ async function invite(req, node, options) {
     locale,
     provider,
   });
-  const masterSite = federatedUtil.getFederatedMaster(blocklet);
-  const syncData = {
-    users: [],
-  };
   if (currentUser) {
     const walletDid = getWalletDid(currentUser);
@@ -485,102 +344,29 @@ async function invite(req, node, options) {
         { req }
       );
     }
-  } else {
-    const connectedAccount = {
-      provider,
-      id: oauthInfo.sub,
-      did: userWallet.address,
-      pk: userWallet.publicKey,
-      userInfo: oauthInfo,
-    };
-    await node.loginUser({
-      teamDid,
-      user: {
-        did: userDid,
-        pk: userPk,
-        connectedAccount,
-        sourceAppPid,
-        inviter: inviteInfo.inviter?.did,
-        remark: inviteInfo.remark,
-      },
-    });
-    if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-      const syncUserData = {
-        did: userDid,
-        pk: userPk,
-        ...profile,
-        inviter: inviteInfo.inviter?.did,
-        connectedAccount: [connectedAccount],
-      };
-      syncData.users.push({
-        ...syncUserData,
-        action: 'connectAccount',
-        // HACK: @zhanghan 这里会造成 master 中的用户也增加 sourceAppPid 字段，需要在 sync 接收端处理
-        sourceAppPid: sourceAppPid || masterSite?.appPid,
-      });
-    }
   }
-  const lastLoginIp = getRequestIP(req);
-  const ua = req.get('user-agent');
-  const walletDeviceMessageToken = req.get('wallet-device-message-token');
-  const walletDeviceId = req.get('wallet-device-id');
-  const userSessionDoc = await node.upsertUserSession({
-    teamDid,
-    userDid,
-    visitorId,
-    appPid: teamDid,
-    passportId: passport.id,
-    status: 'online',
-    ua: null,
-    lastLoginIp,
-    extra: {
-      walletOS: 'web',
-      walletDeviceMessageToken,
-      walletDeviceId,
-    },
-  });
+  const connectedAccount = {
+    provider,
+    id: oauthInfo.sub,
+    did: userWallet.address,
+    pk: userWallet.publicKey,
+    userInfo: oauthInfo,
+  };
-  if (federatedUtil.shouldSyncFederated(sourceAppPid, blocklet)) {
-    node
-      .syncFederated({
-        did: teamDid,
-        data: syncData,
-      })
-      .then(() => {
-        node.syncUserSession({
-          teamDid,
-          userDid: userSessionDoc.userDid,
-          visitorId: userSessionDoc.visitorId,
-          passportId: passport?.id,
-          targetAppPid: sourceAppPid,
-          ua,
-          lastLoginIp,
-          extra: {
-            walletOS: 'web',
-            walletDeviceMessageToken,
-            walletDeviceId,
-          },
-        });
-      });
+  if (profile) {
+    profile.inviter = inviteInfo.inviter?.did;
   }
-  const { createSessionToken } = initJwt(node, options);
-  const createToken = createTokenFn(createSessionToken);
-  const sessionConfig = blocklet.settings?.session || {};
-  const { sessionToken, refreshToken } = createToken(
-    userDid,
+  const { sessionToken, refreshToken, visitorId } = await userUtil.loginUserSession(
     {
-      secret,
+      did: currentUser.did,
+      pk: currentUser.pk,
+      profile,
       passport,
-      role,
-      fullName: profile.fullName,
-      provider,
-      walletOS: 'web',
-      emailVerified: !!user?.emailVerified,
-      phoneVerified: !!user?.phoneVerified,
+      sourceAppPid,
+      connectedAccount,
     },
-    { ...sessionConfig, didConnectVersion: getDidConnectVersion(req) }
+    { req, node, options, loggedUser: user }
   );
   // for backward compatibility
@@ -591,7 +377,7 @@ async function invite(req, node, options) {
   return {
     sessionToken,
     refreshToken,
-    visitorId: userSessionDoc.visitorId,
+    visitorId,
   };
 }