npm - @abtnode/blocklet-services - Versions diffs - 1.16.42-beta-20250412-084444-20b0cf19 → 1.16.42-beta-20250415-222652-04c5d2fe - Mend

@abtnode/blocklet-services 1.16.42-beta-20250412-084444-20b0cf19 → 1.16.42-beta-20250415-222652-04c5d2fe

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (340) hide show

package/api/routes/user-session.js CHANGED Viewed

@@ -1,9 +1,9 @@
 /* eslint-disable no-await-in-loop */
 const {
   WELLKNOWN_SERVICE_PATH_PREFIX,
-  SESSION_TTL,
   PASSPORT_LOG_ACTION,
   PASSPORT_STATUS,
+  SESSION_TTL,
 } = require('@abtnode/constant');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const pick = require('lodash/pick');
@@ -13,7 +13,7 @@ const omit = require('lodash/omit');
 const pLimit = require('p-limit');
 const { getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
-const { getFederatedMembers, getFederatedMaster } = require('@abtnode/auth/lib/util/federated');
+const { getFederatedMembers, getFederatedMaster, findFederatedSite } = require('@abtnode/auth/lib/util/federated');
 const { messages } = require('@abtnode/auth/lib/auth');
 const { Joi } = require('@arcblock/validator');
 const { getDeviceData } = require('@abtnode/util/lib/device');
@@ -51,12 +51,16 @@ async function getPassportFromFederatedSite(passportId, { appPid, node, teamDid,
   return undefined;
 }
-async function patchUserSessionData(userSession, { blocklet, appPid, teamDid, node }) {
+function patchUserSessionStatus(userSession, { blocklet }) {
   const sessionTtl = blocklet.settings?.session?.ttl || SESSION_TTL;
   // 修正当前 session 的 status，如果超出时间了，则应该显示为过期
   if (Date.now() - new Date(userSession.updatedAt).getTime() > sessionTtl * 1000) {
     userSession.status = 'expired';
   }
+}
+async function patchUserSessionData(userSession, { blocklet, appPid, teamDid, node }) {
+  patchUserSessionStatus(userSession, { blocklet });
   // 修正 avatar 地址，从 bn:// 转换为 http
   if (userSession.user?.avatar) {
     userSession.user.avatar = getUserAvatarUrl(userSession.user.avatar, blocklet);
@@ -154,9 +158,8 @@ module.exports = {
       }
       const teamDid = blocklet.appPid;
-      const [validSession] = await node.getUserSession({
+      const validSession = await node.getUserSession({
         teamDid,
-        userDid: validUserSession.userDid,
         id: validUserSession.id,
       });
@@ -338,35 +341,31 @@ module.exports = {
     app.get(`${prefix}/myself`, ensureBlocklet(), checkUser, async (req, res) => {
       const { blocklet } = req;
-      const { appPid } = blocklet;
-      const teamDid = appPid;
+      const { page, pageSize, status } = req.query;
+      const teamDid = blocklet.appPid;
       const userDid = req.user.did;
       // 用户管理自己所有的登录会话，不限制 visitorId
-      const userSessions = await node.getUserSession({
+      const { list: userSessions, paging } = await node.getUserSessions({
         teamDid,
-        appPid, // 不需要向主站查询 member 的会话列表，所以固定为 teamDid 即可
-        userDid,
+        query: {
+          appPid: teamDid, // 不需要向主站查询 member 的会话列表，所以固定为 teamDid 即可
+          userDid,
+          status,
+        },
+        paging: {
+          page: parseInt(page, 10),
+          pageSize: parseInt(pageSize, 10),
+        },
       });
-      const pendingList = userSessions.map((item) =>
-        limit(() =>
-          patchUserSessionData(item, {
-            blocklet,
-            appPid,
-            teamDid,
-            node,
-          })
-        )
-      );
-      await Promise.all(pendingList);
-      const result = userSessions
-        .filter((x) => {
-          return x?.user?.approved;
-        })
-        .map((x) => omit(x, userInfoBlackList));
-      res.json(result);
+      const list = userSessions.map((x) => {
+        patchUserSessionStatus(x, { blocklet });
+        return omit(x, userInfoBlackList);
+      });
+      res.json({
+        list,
+        paging,
+      });
     });
     /**
@@ -381,8 +380,6 @@ module.exports = {
       const { appPid } = blocklet;
       const teamDid = appPid;
-      const federatedSites = blocklet?.settings?.federated?.sites || [];
       const visitorId = req.get('x-blocklet-visitor-id');
       if (!visitorId) {
@@ -390,19 +387,34 @@ module.exports = {
         return;
       }
-      const userSessions = await node.getUserSession({
+      const { list: userSessions } = await node.getUserSessions({
         teamDid,
-        visitorId,
+        query: {
+          visitorId,
+          includeUser: true,
+        },
+        paging: {
+          page: 1,
+          // 模拟获取所有登录会话
+          pageSize: 100,
+        },
       });
       const validUserSessions = userSessions.filter((x) => {
-        const federatedSite = federatedSites.find((y) => y.appPid === x.appPid);
-        if (federatedSite?.appPid === teamDid) {
+        if (x.appPid === teamDid) {
           return true;
         }
-        if (federatedSite?.status === 'approved') {
-          return true;
+        const federatedSite = findFederatedSite(blocklet, x.appPid);
+        if (federatedSite) {
+          if (federatedSite.appPid === teamDid) {
+            return true;
+          }
+          if (federatedSite.status === 'approved') {
+            return true;
+          }
         }
         return false;
       });
       const pendingList = validUserSessions.map((item) =>
@@ -419,9 +431,6 @@ module.exports = {
       const result = validUserSessions
         .filter((x) => {
-          if (x.status === 'expired') {
-            return false;
-          }
           if (!x?.user?.approved) {
             return false;
           }

package/api/routes/user.js CHANGED Viewed

@@ -25,6 +25,7 @@ const { withQuery, joinURL } = require('ufo');
 const cors = require('cors');
 const createTranslator = require('@abtnode/util/lib/translate');
 const { getDeviceData } = require('@abtnode/util/lib/device');
+const { Op } = require('sequelize');
 const { createTokenFn, getDidConnectVersion } = require('../util');
 const initJwt = require('../libs/jwt');
@@ -445,7 +446,7 @@ function checkUserSig({ node }) {
 }
 async function loginEmail(req, node, options) {
-  const { locale = 'en' } = req.query;
+  const locale = req.blockletLocale;
   const { sourceAppPid = null, inviter = null } = req.body;
   const blocklet = await req.getBlocklet();
@@ -481,7 +482,7 @@ async function loginEmail(req, node, options) {
     id: sub,
     userInfo,
   };
-  const lastUsedPassport = userUtil.getLastUsedPassport({ passports: currentUser?.passports });
+  const lastUsedPassport = getLastUsedPassport(currentUser?.passports, '', { useFallback: false });
   if (!currentUser) {
     await userUtil.checkNeedInvite({ req, node, teamDid, locale });
@@ -521,7 +522,7 @@ async function loginEmail(req, node, options) {
 }
 async function inviteEmail(req, node, options) {
-  const { locale = 'en' } = req.query;
+  const locale = req.blockletLocale;
   const { sourceAppPid = null, inviteId, baseUrl } = req.body;
   if (!inviteId) {
@@ -921,18 +922,29 @@ module.exports = {
         const { blocklet } = req;
         const teamDid = blocklet.appPid;
         // NOTICE: 此处需要保留从 body 携带 visitorId 的功能，用于已登录用户注销自己指定的登录会话
-        let visitorId = req.body?.visitorId;
+        // eslint-disable-next-line prefer-const
+        let { status, visitorId } = req.body;
+        const params = {};
         if (!visitorId) {
           visitorId = req.get('x-blocklet-visitor-id');
         }
-        if (!visitorId) {
-          res.status(400).json({ error: 'visitorId is required' });
+        if (status) {
+          params.status = status;
+          if (visitorId && status === 'online') {
+            // HACK: 用户使用当前登录会话注销所有会话时，要排除当前登录会话
+            params.visitorId = { [Op.ne]: visitorId };
+          }
+        } else if (visitorId) {
+          params.visitorId = visitorId;
+        }
+        if (!params.visitorId && !params.status) {
+          res.status(400).json({ error: 'visitorId or status is required' });
           return;
         }
         await node.logoutUser({
+          ...params,
           userDid: req.user.did,
-          visitorId,
           appPid: teamDid,
           teamDid,
         });
@@ -1072,7 +1084,7 @@ module.exports = {
     );
     server.post(`${prefixApi}/email/sendCode`, ensureBlocklet(), ensureCors, async (req, res) => {
-      const { locale = 'en' } = req.query;
+      const locale = req.blockletLocale;
       const { blocklet } = req;
       const teamDid = blocklet.appPid;
       const { email, useCode = true, useMagicLink = true, sourceAppPid = null } = req.body;
@@ -1128,6 +1140,7 @@ module.exports = {
           params: {
             ...emailData,
             subject,
+            locale,
           },
         });
       } else {

package/api/services/auth/connect/gen-access-key.js ADDED Viewed

@@ -0,0 +1,92 @@
+const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
+const { messages } = require('@abtnode/auth/lib/auth');
+const { authenticateByVc } = require('@abtnode/auth/lib/server');
+const { PASSPORT_LOG_ACTION } = require('@abtnode/constant');
+const formatContext = require('@abtnode/util/lib/format-context');
+const logger = require('../../../libs/logger')('blocklet-service:connect-cli');
+const { utils } = require('../../../libs/connect/session');
+const { PASSPORT_VC_TYPES } = require('../../../libs/auth/utils');
+const { getTrustedIssuers } = require('../../../util/blocklet-utils');
+const allowedRoles = ['owner', 'admin'];
+module.exports = function createRoutes(node) {
+  return {
+    action: 'gen-access-key',
+    onConnect: async ({ request, userDid, extraParams: { locale } }) => {
+      const checkUserRole = await utils.checkUserRole({ node, userDid, locale, request, roles: allowedRoles });
+      return checkUserRole;
+    },
+    onAuth: async ({ request, userDid, challenge, claims, updateSession, extraParams }) => {
+      const { locale } = extraParams;
+      const sourceAppPid = getSourceAppPid(request);
+      const blocklet = await request.getBlocklet();
+      const { role, user, passport } = await authenticateByVc({
+        node,
+        locale,
+        teamDid: blocklet.appPid,
+        userDid,
+        claims,
+        challenge,
+        types: PASSPORT_VC_TYPES,
+        trustedIssuers: await getTrustedIssuers(blocklet, { sourceAppPid }),
+        action: 'gen-access-key',
+      });
+      if (!allowedRoles.includes(role)) {
+        throw new Error(messages.notAllowed[locale]);
+      }
+      if (passport) {
+        await node.createPassportLog(
+          blocklet.appPid,
+          {
+            passportId: passport.id,
+            action: PASSPORT_LOG_ACTION.USED,
+            operatorDid: userDid,
+            metadata: {
+              action: 'gen-access-key',
+              ownerDid: userDid,
+              userDid: user.did,
+            },
+          },
+          request
+        );
+      }
+      const teamDid = blocklet.meta.did;
+      const { accessKeyId, accessKeySecret, expireAt } = await node.createAccessKey(
+        { teamDid, remark: extraParams.source, createdVia: 'connect', passport: 'ci' },
+        { user }
+      );
+      await node.createAuditLog(
+        {
+          action: 'switchPassport',
+          args: { teamDid, userDid, passport, sourceAppPid },
+          context: formatContext(Object.assign(request, { user })),
+          result: { accessKeyId, expireAt },
+        },
+        node
+      );
+      logger.info('accessKeyId', accessKeyId);
+      await updateSession(
+        {
+          config: {
+            developerDid: userDid,
+            accessKeyId,
+            accessKeySecret,
+            expireAt,
+          },
+        },
+        true
+      );
+    },
+  };
+};

package/api/services/auth/index.js CHANGED Viewed

@@ -40,6 +40,8 @@ const createApproveVaultAuth = require('./connect/approve-vault');
 const createSessionRoutes = require('./session');
 const createPassportRoutes = require('./passport');
 const createPasskeyRoutes = require('./passkey');
+const createGenAccessKeyRoutes = require('./connect/gen-access-key');
 const { getRedirectUrl, shouldIgnoreUrl, redirectWithoutCache } = require('../../util');
 const { createConnectToDidSpacesForUserRoute } = require('./connect/connect-to-did-spaces-for-user');
 const { isEmailKycRequired, isPhoneKycRequired } = require('../../libs/kyc');
@@ -211,6 +213,11 @@ const init = ({ node, options }) => {
     const { token } = req;
     await req.ensureUser({ token });
+    // Saved for oauth server
+    if (req.user) {
+      res.locals.user = req.user;
+    }
     setUserInfoHeaders(req);
     next();
@@ -247,6 +254,7 @@ const init = ({ node, options }) => {
       handler.attach(Object.assign({ app }, createVerifyElevatedAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createVerifyDestroyAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createDestroyMyselfAuth(node)));
+      handler.attach(Object.assign({ app }, createGenAccessKeyRoutes(node)));
     });
   };

package/api/services/auth/passkey.js CHANGED Viewed

@@ -2,7 +2,7 @@ const { createPasskeyHandlers } = require('@abtnode/auth/lib/passkey');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { createPassportList, createPassportSwitcher } = require('@abtnode/auth/lib/oauth');
 const { createTokenFn } = require('../../util');
-const { checkUser } = require('../../routes/oauth');
+const { checkUser } = require('../../routes/oauth/client');
 module.exports = {
   init(router, node, options, createSessionToken) {

package/api/services/auth/session.js CHANGED Viewed

@@ -17,10 +17,32 @@ const getRequestIP = require('@abtnode/util/lib/get-request-ip');
 const { getDeviceData } = require('@abtnode/util/lib/device');
 const isUrl = require('is-url');
 const { LRUCache } = require('lru-cache');
+const createTranslator = require('@abtnode/util/lib/translate');
 const { createTokenFn, getDidConnectVersion } = require('../../util');
 const checkUser = require('../../middlewares/check-user');
+const translations = {
+  zh: {
+    userSessionLogout: '用户会话已退出',
+    invalidWebhookType: '无效的 webhook 类型',
+    invalidWebhookUrl: '无效的 webhook 地址',
+    testWebhookMessage: '这是来自 {did} 的测试消息',
+    invalidToken: '无效的 token',
+    emptyRefreshToken: 'RefreshToken 不能为空',
+  },
+  en: {
+    userSessionLogout: 'User session is logout',
+    invalidWebhookType: 'Invalid webhook type',
+    invalidWebhookUrl: 'Invalid webhook url',
+    testWebhookMessage: 'This is a test message from user {did}',
+    invalidToken: 'Invalid token',
+    emptyRefreshToken: 'RefreshToken should not be empty',
+  },
+};
+const t = createTranslator({ translations });
 const sessionRBACCache = new LRUCache({ max: 3000, ttl: 1000 * 30 });
 const unReadCountCache = new LRUCache({ max: 3000, ttl: 1000 * 5 });
@@ -176,13 +198,14 @@ module.exports = {
     const sessionApi = `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/did/session`;
     router.get(sessionApi, nocache(), sessionBearerToken, handleSession);
+    router.post(sessionApi, nocache(), sessionBearerToken, handleSession);
     router.get(
       `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/notifications/unread-count`,
       nocache(),
       sessionBearerToken,
       handleGetUnreadCount
     );
-    router.post(sessionApi, nocache(), sessionBearerToken, handleSession);
     // update user extra: settings, webhooks
     const extraApi = `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/user/extra`;
@@ -207,17 +230,17 @@ module.exports = {
     });
     router.put(extraApi, nocache(), sessionBearerToken, checkUser, async (req, res) => {
       if (['slack', 'api'].includes(req.body.type) === false) {
-        res.status(400).send({ error: 'invalid webhook type' });
+        res.status(400).send({ error: t('invalidWebhookType', req.blockletLocale) });
         return;
       }
       if (isUrl(req.body.url) === false) {
-        res.status(400).send({ error: 'invalid webhook url' });
+        res.status(400).send({ error: t('invalidWebhookUrl', req.blockletLocale) });
       }
       await node.sendTestMessage({
         webhook: { type: req.body.type, params: [{ name: 'url', value: req.body.url }] },
-        message: `This is a test message from user ${req.user.did}`,
+        message: t('testWebhookMessage', req.blockletLocale, { did: req.user.did }),
       });
       res.json({ success: true });
@@ -227,7 +250,7 @@ module.exports = {
       const { wallet } = await req.getBlockletInfo();
       const { token } = req.body;
       if (!verify(token, wallet.publicKey)) {
-        res.status(403).send('Invalid token');
+        res.status(403).send(t('invalidToken', req.blockletLocale));
         return;
       }
@@ -258,15 +281,18 @@ module.exports = {
       if (token) {
         const teamDid = req.getBlockletDid();
         const visitorId = req.get('x-blocklet-visitor-id');
+        if (!visitorId) {
+          res.status(400).send(t('userSessionLogout', req.blockletLocale));
+          return;
+        }
         const { appPid = teamDid } = req.query;
         await req.ensureUser({ token, visitorId, appPid });
         if (!req.user) {
-          res.status(400).send('user session is logout');
+          res.status(400).send(t('userSessionLogout', req.blockletLocale));
           return;
         }
         try {
-          const { secret } = await req.getBlockletInfo();
           const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getBlockletInfo()]);
           const refreshTokenType = 'refresh';
@@ -276,12 +302,12 @@ module.exports = {
             passport,
             provider = LOGIN_PROVIDER.WALLET,
             walletOS,
-          } = await verifySessionToken(token, secret, {
+          } = await verifySessionToken(token, info.secret, {
             checkFromDb: true,
             teamDid,
-            checkToken: (t) => {
-              if (t.tokenType !== refreshTokenType) {
-                throw new Error(`invalid token type ${t.tokenType}`);
+            checkToken: (_token) => {
+              if (_token.tokenType !== refreshTokenType) {
+                throw new Error(`invalid token type ${_token.tokenType}`);
               }
             },
             locale: req.blockletLocale,
@@ -310,7 +336,7 @@ module.exports = {
           const { sessionToken, refreshToken } = createToken(
             userPid,
             {
-              secret,
+              secret: info.secret,
               passport,
               role,
               fullName: user.fullName,
@@ -368,7 +394,7 @@ module.exports = {
           res.status(400).send(err.message);
         }
       } else {
-        res.status(400).send('empty refreshToken');
+        res.status(400).send(t('emptyRefreshToken', req.blockletLocale));
       }
     });
   },

package/api/services/dashboard/index.js CHANGED Viewed

@@ -126,6 +126,12 @@ function createWebsocketServer(node, ensureWsUser, options) {
     }
   });
+  eventHub.on(EVENTS.NOTIFICATION_BLOCKLET_UPDATE, (data) => {
+    const did = data.teamDid;
+    const eventName = `${did}/${EVENTS.NOTIFICATION_BLOCKLET_UPDATE}`;
+    wsServer.broadcast(eventName, eventName, data, { noCluster: true });
+  });
   eventHub.on(EVENTS.NOTIFICATION_READ, (data) => {
     const did = data.teamDid;
     if (did) {