@abtnode/blocklet-services 1.16.44-beta-20250512-155818-937e465d → 1.16.44-beta-20250516-225119-c0b5ec8d

package/api/index.js

@@ -25,7 +25,7 @@ const { getAppOgCacheDir } = require('@abtnode/util/lib/blocklet');
 const { ensureLocale } = require('@abtnode/util/lib/middlewares/ensure-locale');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const createInvite = require('@abtnode/auth/lib/invitation');
-const { getStatusFromError } = require('@abtnode/util/lib/custom-error');
+const { getStatusFromError } = require('@blocklet/error');
 const { withQuery, joinURL, withTrailingSlash } = require('ufo');
 const { createProxyMiddleware, responseInterceptor } = require('http-proxy-middleware');
 const { findComponentByIdV2, getMountPoints } = require('@blocklet/meta/lib/util');
@@ -67,6 +67,7 @@ const createOAuthServerRoutes = require('./routes/oauth/server');
 const createFederatedRoutes = require('./routes/federated');
 const createUserRoutes = require('./routes/user');
 const createOcapRoutes = require('./routes/ocap');
+const createCspProxyRoutes = require('./routes/csp-proxy');
 const createUserSessionRoutes = require('./routes/user-session');
 const createBlockletRoutes = require('./routes/blocklet');
 const createConnectRelayRoutes = require('./routes/connect/relay');
@@ -763,6 +764,7 @@ self.blocklet = {
   createFederatedRoutes.init(server, node, options);
   createUserRoutes.init(server, node, options);
   createOcapRoutes.init(server);
+  createCspProxyRoutes.init(server);
   createUserSessionRoutes.init(server, node, options);
   createEnvRoutes.init(server, node, options);
   createBlockletRoutes.init(server, node);

package/api/libs/connect/session.js

@@ -30,7 +30,7 @@ const {
   upsertToPassports,
   getPassportClaimUrl,
 } = require('@abtnode/auth/lib/passport');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { CustomError } = require('@blocklet/error');
 const { getKeyPairClaim, getAuthPrincipalForMigrateAppToV2 } = require('@abtnode/auth/lib/server');
 const { checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
 const { fromAppDid } = require('@arcblock/did-ext');
@@ -1243,14 +1243,27 @@ module.exports = {
       };
 
       if (sourceAppPid) {
-        await migrateFederatedAccount({
-          // 目前只允许未注册过的钱包绑定 auth0，所以直接传入钱包生成的 userDid 和 userPk
-          toUserDid: userDid,
-          toUserPk: userPk,
-          fromUserDid: previousUserDid,
-          blockletInfo,
-          blocklet,
-        });
+        try {
+          await migrateFederatedAccount({
+            // 目前只允许未注册过的钱包绑定 auth0，所以直接传入钱包生成的 userDid 和 userPk
+            toUserDid: userDid,
+            toUserPk: userPk,
+            fromUserDid: previousUserDid,
+            blockletInfo,
+            blocklet,
+          });
+        } catch (error) {
+          logger.error('Failed to migrate federated account', {
+            error,
+            toUserDid: userDid,
+            fromUserDid: previousUserDid,
+          });
+
+          if (error?.response?.data) {
+            throw new Error(error.response.data);
+          }
+          throw error;
+        }
       } else {
         const connectedAccounts = oauthUser?.connectedAccounts || [];
         const sourceProvider = oauthUser?.sourceProvider;

package/api/libs/image.js

@@ -8,8 +8,7 @@ const toLower = require('lodash/toLower');
 const { Joi } = require('@arcblock/validator');
 const stringify = require('json-stable-stringify');
 const md5 = require('@abtnode/util/lib/md5');
-const formatError = require('@abtnode/util/lib/format-error');
-const { getStatusFromError } = require('@abtnode/util/lib/custom-error');
+const { formatError, getStatusFromError } = require('@blocklet/error');
 
 const logger = require('@abtnode/logger')('@abtnode/blocklet-services/image');
 

package/api/libs/open-graph/index.js

@@ -7,8 +7,7 @@ const { joinURL } = require('ufo');
 const { Joi } = require('@arcblock/validator');
 const stringify = require('json-stable-stringify');
 const md5 = require('@abtnode/util/lib/md5');
-const formatError = require('@abtnode/util/lib/format-error');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { formatError, CustomError } = require('@blocklet/error');
 const { getPassportColor } = require('@abtnode/auth/lib/util/create-passport-svg');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 

package/api/libs/push-kit/index.js

@@ -18,6 +18,7 @@ async function sendPush(receiver, notification, { node, teamDid }) {
 
   if (!config.enabled || !config.endpoint) {
     // skip send email
+    logger.warn(`Push Kit Service is not Enabled: ${teamDid}`);
     throw new Error('Push Kit Service is not Enabled.');
   }
 

package/api/middlewares/check-federated-cors-call.js

@@ -6,8 +6,8 @@ function checkFederatedCorsCall() {
     const sites = federated?.sites || [];
     const memberEnabled = sites.find((item) => {
       if (item.status === 'approved') {
-        const siteHost = new URL(item.appUrl).host;
-        const callerHost = new URL(caller).host;
+        const siteHost = new URL(item.appUrl).hostname;
+        const callerHost = new URL(caller).hostname;
         return [siteHost, ...(item.aliasDomain || [])].includes(callerHost);
       }
       return false;

package/api/middlewares/check-permission.js

@@ -1,7 +1,14 @@
-const { ROLES } = require('@abtnode/constant');
+const { ROLES, SERVER_ROLES } = require('@abtnode/constant');
 
-const adminRoles = [ROLES.OWNER, ROLES.ADMIN];
-const memberRoles = [ROLES.OWNER, ROLES.ADMIN, ROLES.MEMBER];
+const adminRoles = [ROLES.OWNER, ROLES.ADMIN, SERVER_ROLES.BLOCKLET_OWNER, SERVER_ROLES.BLOCKLET_ADMIN];
+const memberRoles = [
+  ROLES.OWNER,
+  ROLES.ADMIN,
+  ROLES.MEMBER,
+  SERVER_ROLES.BLOCKLET_OWNER,
+  SERVER_ROLES.BLOCKLET_ADMIN,
+  SERVER_ROLES.BLOCKLET_MEMBER,
+];
 
 const getCheckMiddleware = (roles) => (req, res, next) => {
   if (!req.user) {

package/api/routes/blocklet.js

@@ -11,7 +11,7 @@ const cors = require('cors');
 const { getPassportStatusEndpoint } = require('@abtnode/auth/lib/auth');
 const { createPassportVC, createPassport, createUserPassport } = require('@abtnode/auth/lib/passport');
 const formatContext = require('@abtnode/util/lib/format-context');
-const { getStatusFromError } = require('@abtnode/util/lib/custom-error');
+const { getStatusFromError } = require('@blocklet/error');
 const { getUserAvatarUrl, getAvatarFile, getAppAvatarUrl, extractUserAvatar } = require('@abtnode/util/lib/user');
 const {
   attachSendLogoContext,

package/api/routes/csp-proxy.js

@@ -0,0 +1,67 @@
+const { getChainClient } = require('@abtnode/util/lib/get-chain-client');
+const { MAIN_CHAIN_ENDPOINT } = require('@abtnode/constant');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { default: axios } = require('axios');
+
+const logger = require('../libs/logger')('blocklet-services:csp-proxy');
+
+const PREFIX = WELLKNOWN_SERVICE_PATH_PREFIX;
+
+module.exports = {
+  init(server) {
+    const chainClient = getChainClient(MAIN_CHAIN_ENDPOINT);
+
+    if (!chainClient) {
+      logger.error('get chain client failed');
+      return;
+    }
+
+    server.get(`${PREFIX}/proxy`, async (req, res) => {
+      const { url } = req.query;
+
+      if (!url) {
+        res.status(400).send('Missing image URL');
+      }
+
+      try {
+        // 检查是否是一个有效的URL
+        const urlObj = new URL(url);
+
+        // 检查协议是否是https
+        if (urlObj.protocol !== 'https:') {
+          res.status(400).send('Invalid image URL');
+          return;
+        }
+
+        // 使用流式请求和响应
+        const response = await axios.get(url, {
+          responseType: 'stream',
+        });
+
+        // 设置响应头
+        res.set('Content-Type', response.headers['content-type']);
+        if (response.headers['content-length']) {
+          res.set('Content-Length', response.headers['content-length']);
+        }
+
+        // 直接将流管道传输到响应
+        response.data.pipe(res);
+
+        // 处理错误
+        response.data.on('error', (err) => {
+          logger.error('Stream error:', err.message);
+          if (!res.headersSent) {
+            res.status(500).send('Error streaming the image');
+          }
+        });
+      } catch (error) {
+        if (error instanceof TypeError && error.message.includes('Invalid URL')) {
+          res.status(400).send('Invalid image URL');
+          return;
+        }
+        logger.error('Error fetching the image:', error.message);
+        res.status(500).send('Could not fetch the image');
+      }
+    });
+  },
+};

package/api/routes/federated.js

@@ -333,32 +333,37 @@ module.exports = {
       ensureBlocklet(),
       checkFederatedCall({ mode: 'memberToMaster' }),
       async (req, res) => {
-        const { blocklet, verifySite, verifyData } = req;
-        const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
-        const { fromUserDid, toUserDid, toUserPk } = verifyData;
-        const oauthUser = await node.getUser({ teamDid, user: { did: fromUserDid } });
-        const connectedAccounts = oauthUser?.connectedAccounts || [];
-        const sourceProvider = oauthUser?.sourceProvider;
-        const oauthAccount = connectedAccounts.find((item) => item.provider === sourceProvider);
-        const userWallet = fromAppDid(oauthAccount.id, blockletWallet.secretKey);
-
-        const bindUser = {
-          did: toUserDid,
-          pk: toUserPk,
-        };
-        await declareAccount({ wallet: userWallet, blocklet });
-        await migrateAccount({ wallet: userWallet, blocklet, user: bindUser });
-        await node.createAuditLog(
-          {
-            action: 'migrateFederatedAccount',
-            args: { fromUserDid, toUserDid, callerSite: verifySite, teamDid },
-            context: {
-              user: getAuditLogActorByFederatedSite(verifySite),
+        try {
+          const { blocklet, verifySite, verifyData } = req;
+          const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
+          const { fromUserDid, toUserDid, toUserPk } = verifyData;
+          const oauthUser = await node.getUser({ teamDid, user: { did: fromUserDid } });
+          const connectedAccounts = oauthUser?.connectedAccounts || [];
+          const sourceProvider = oauthUser?.sourceProvider;
+          const oauthAccount = connectedAccounts.find((item) => item.provider === sourceProvider);
+          const userWallet = fromAppDid(oauthAccount.id, blockletWallet.secretKey);
+
+          const bindUser = {
+            did: toUserDid,
+            pk: toUserPk,
+          };
+          await declareAccount({ wallet: userWallet, blocklet });
+          await migrateAccount({ wallet: userWallet, blocklet, user: bindUser });
+          await node.createAuditLog(
+            {
+              action: 'migrateFederatedAccount',
+              args: { fromUserDid, toUserDid, callerSite: verifySite, teamDid },
+              context: {
+                user: getAuditLogActorByFederatedSite(verifySite),
+              },
             },
-          },
-          node
-        );
-        res.status(204).send();
+            node
+          );
+          res.status(204).send();
+        } catch (error) {
+          logger.error('Failed to migrate federated account', { error });
+          res.status(500).send(error.message);
+        }
       }
     );
 

package/api/routes/oauth/client.js

@@ -10,7 +10,7 @@ const { upsertToPassports } = require('@abtnode/auth/lib/passport');
 const { getWalletDid, getConnectedAccounts, getSourceProvider } = require('@blocklet/meta/lib/did-utils');
 const formatContext = require('@abtnode/util/lib/format-context');
 const createTranslator = require('@abtnode/util/lib/translate');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { CustomError } = require('@blocklet/error');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { withHttps, withTrailingSlash } = require('ufo');
 const { getLastUsedPassport } = require('@abtnode/auth/lib/passport');
@@ -655,7 +655,7 @@ module.exports = {
         }
 
         try {
-          referrerHost = new URL(referrer).host;
+          referrerHost = new URL(referrer).hostname;
         } catch (err) {
           logger.error('Invalid referrer (failed to parse referrer)', { err });
           res.status(400).send('Invalid host'); // 这里故意返回 Invalid host 而不是 Invalid referrer，可以避免攻击者伪造 referrer 来绕过信任域名检查

package/api/routes/openembed.js

@@ -1,6 +1,6 @@
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { BLOCKLET_OPENEMBED_PREFIX } = require('@blocklet/constant');
-const formatError = require('@abtnode/util/lib/format-error');
+const { formatError } = require('@blocklet/error');
 const pMap = require('p-map');
 const YAML = require('yaml');
 const { joinURL, withQuery, withLeadingSlash, withoutTrailingSlash } = require('ufo');

package/api/routes/user-session.js

@@ -136,8 +136,7 @@ module.exports = {
   init(app, node, options) {
     const ensureCors = cors(async (req, callback) => {
       const domains = await getTrustedDomains({ node, req, blocklet: req.blocklet });
-      const host = req?.get('host') || req?.headers?.host;
-      if (domains.includes(host)) {
+      if (domains.includes(req.hostname)) {
         callback(null, { origin: true });
       } else {
         callback(null, { origin: false });

package/api/routes/user.js

@@ -18,8 +18,7 @@ const { getWallet, getWalletDid } = require('@blocklet/meta/lib/did-utils');
 const { Joi } = require('@arcblock/validator');
 const { parse } = require('@abtnode/core/lib/util/ua');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
-const formatError = require('@abtnode/util/lib/format-error');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { formatError, CustomError } = require('@blocklet/error');
 const { xss } = require('@blocklet/xss');
 const { withQuery, joinURL } = require('ufo');
 const cors = require('cors');
@@ -738,8 +737,7 @@ module.exports = {
   init(server, node, options) {
     const ensureCors = cors(async (req, callback) => {
       const domains = await federatedUtil.getTrustedDomains({ node, req, blocklet: req.blocklet });
-      const host = req?.get('host') || req?.headers?.host;
-      if (domains.includes(host)) {
+      if (domains.includes(req.hostname)) {
         callback(null, { origin: true });
       } else {
         callback(null, { origin: false });
@@ -940,8 +938,13 @@ module.exports = {
             // HACK: 用户使用当前登录会话注销所有会话时，要排除当前登录会话
             params.visitorId = { [Op.ne]: visitorId };
           }
-        } else if (visitorId) {
-          params.visitorId = visitorId;
+        } else {
+          params.status = {
+            [Op.ne]: 'offline',
+          };
+          if (visitorId) {
+            params.visitorId = visitorId;
+          }
         }
         if (!params.visitorId && !params.status) {
           res.status(400).json({ error: 'visitorId or status is required' });

package/api/services/auth/connect/connect-to-did-spaces-for-user.js

@@ -3,7 +3,7 @@ const { Joi } = require('@arcblock/validator');
 const { messages } = require('@abtnode/auth/lib/auth');
 const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('@abtnode/auth/lib/util/spaces');
 const { DID_SPACES } = require('@blocklet/constant');
-const formatError = require('@abtnode/util/lib/format-error');
+const { formatError } = require('@blocklet/error');
 const logger = require('../../../libs/logger')(require('../../../../package.json').name);
 
 const ExtraParamsSchema = Joi.object({

package/api/services/auth/connect/pre-setup.js

@@ -9,7 +9,7 @@ module.exports = function createRoutes() {
     action: 'pre-setup',
     authPrincipal: false,
     claims: getAppDidOwnerClaims(),
-    onAuth: ({ claims, userDid, userPk, extraParams: { locale } }) => {
+    onAuth: ({ claims, userDid, userPk, extraParams: { locale, visitorId } }) => {
       const claim = claims.find((x) => x.type === 'signature');
       verifySignature(claim, userDid, userPk, locale);
       logger.info('pre-setup.connect.success', { userDid });
@@ -17,6 +17,7 @@ module.exports = function createRoutes() {
         nextWorkflowData: {
           claim: pick(claim, ['origin', 'sig']),
           pk: userPk,
+          visitorId,
         },
       };
     },

package/api/services/auth/connect/setup.js

@@ -4,8 +4,10 @@ const { messages } = require('@abtnode/auth/lib/auth');
 const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const formatContext = require('@abtnode/util/lib/format-context');
 const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
-const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const getRequestIP = require('@abtnode/util/lib/get-request-ip');
+const { getDeviceData } = require('@abtnode/util/lib/device');
+const getOrigin = require('@abtnode/util/lib/get-origin');
+const { getLoginProvider } = require('@blocklet/sdk/lib/util/login');
 
 const logger = require('../../../libs/logger')('setup');
 
@@ -59,6 +61,10 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
       verifySignature(proof.claim, blocklet.appDid, proof.pk, locale);
       const profile = claims.find((x) => x.type === 'profile');
 
+      const lastLoginIp = getRequestIP(req);
+      const deviceData = getDeviceData({ req });
+      const walletOS = req.context.didwallet.os;
+      const provider = getLoginProvider(req);
       try {
         if (user) {
           // Update user
@@ -89,17 +95,18 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
               did: userDid,
               pk: userPk,
               locale,
-              lastLoginIp: getRequestIP(req),
+              lastLoginIp,
               extra: {
                 baseUrl,
               },
               connectedAccount: {
-                provider: LOGIN_PROVIDER.WALLET,
+                provider,
                 did: userDid,
                 pk: userPk,
               },
             },
           });
+
           await node.createAuditLog(
             {
               action: 'addUser',
@@ -111,6 +118,22 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
           );
         }
 
+        const userSessionDoc = await node.upsertUserSession({
+          teamDid,
+          visitorId: proof?.visitorId || extraParams?.visitorId,
+          userDid,
+          appPid: teamDid,
+          status: 'online',
+          ua: null,
+          lastLoginIp,
+          extra: {
+            walletOS,
+            device: deviceData,
+          },
+          locale,
+          origin: await getOrigin({ req }),
+        });
+
         // Generate new session token that client can save to localStorage
         // HACK: 此处没有 passportId，所以特意不设置 refreshToken，失效后下次登录就能选择合适的 passport
         const sessionToken = await createSessionToken(userDid, {
@@ -119,7 +142,11 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
           fullName: profile?.fullName,
           elevated: true,
         });
-        await updateSession({ sessionToken }, true);
+        if (userSessionDoc) {
+          await updateSession({ sessionToken, visitorId: userSessionDoc?.visitorId }, true);
+        } else {
+          await updateSession({ sessionToken }, true);
+        }
         logger.info('setup.connect.success', { userDid });
       } catch (err) {
         logger.error('setup.connect.error', { error: err, userDid });

package/api/services/image/index.js

@@ -3,7 +3,7 @@
 const path = require('path');
 const { http } = require('follow-redirects');
 const { getAppImageCacheDir } = require('@abtnode/util/lib/blocklet');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { CustomError } = require('@blocklet/error');
 
 const logger = require('../../libs/logger')();
 

package/api/services/notification/queue.js

@@ -5,6 +5,7 @@ const JWT = require('@arcblock/jwt');
 const md5 = require('@abtnode/util/lib/md5');
 const { wipeSensitiveData } = require('@blocklet/meta/lib/util');
 const cloneDeep = require('@abtnode/util/lib/deep-clone');
+const { NOTIFICATION_TYPES } = require('@blocklet/sdk/lib/validators/notification');
 const {
   NODE_MODES,
   EVENTS,
@@ -23,6 +24,23 @@ const eventHub =
 
 const logger = require('../../libs/logger')('notification');
 
+/**
+ *
+ * 校验是否是有效的 passthrough 消息
+ * 场景：discuss kit chat 中发送消息时会有两个通知，一个通知是消息的已读状态没有消息体，一个通知发送的内容，
+ */
+const validPassthroughMessage = (notification) => {
+  if (
+    !notification ||
+    notification.type !== NOTIFICATION_TYPES.PASSTHROUGH ||
+    notification.passthroughType !== 'messageStatus'
+  ) {
+    return true;
+  }
+  const { data } = notification;
+  return data && data.message;
+};
+
 const createNotificationQueue = (name, options, handler) => {
   if (!handler || typeof handler !== 'function') {
     throw new Error('Handler is required');
@@ -80,7 +98,7 @@ const init = ({ node, notificationService }) => {
           pushOnly: job.pushOnly,
         });
       } catch (error) {
-        logger.error('Failed to send to app', { notificationId: job.notification.id, error });
+        logger.warning('Failed to send to app', { notificationId: job.notification.id, error });
       }
     }
   );
@@ -104,7 +122,7 @@ const init = ({ node, notificationService }) => {
         pushOnly: job.pushOnly,
       });
     } catch (error) {
-      logger.error('Failed to send to push', { notificationId: job.notification.id, error });
+      logger.warn('Failed to send to push', { notificationId: job.notification.id, error });
     }
   });
 
@@ -176,7 +194,7 @@ const init = ({ node, notificationService }) => {
           pushOnly: input.pushOnly,
         });
       } catch (error) {
-        logger.error('Failed to send to email', { notificationId: job.notificationId, error });
+        logger.warn('Failed to send to email', { notificationId: job.notificationId, error });
       }
     }
   );
@@ -226,7 +244,7 @@ const init = ({ node, notificationService }) => {
           pushOnly: input.pushOnly,
         });
       } catch (error) {
-        logger.error('Failed to send to webhook', { url: job.url, notificationId: job.notification.id, error });
+        logger.warn('Failed to send to webhook', { url: job.url, notificationId: job.notification.id, error });
       }
     }
   );
@@ -415,6 +433,11 @@ const init = ({ node, notificationService }) => {
   const insertToPushKitPushQueue = (props, nodeInfo, isResend) => {
     const { channels, notification, sender, userInfo, teamDid, options = {} } = props;
 
+    // 如果是无效的 passthrough 消息，则不进行推送
+    if (!validPassthroughMessage(notification)) {
+      return;
+    }
+
     const receiverDid = getWalletDid(userInfo) || userInfo.did;
 
     const commonParams = {

package/api/socket/channel/did.js

@@ -35,6 +35,12 @@ const CHANNEL_FIELD_MAP = {
   [NOTIFICATION_SEND_CHANNEL.EMAIL]: ['emailSendStatus', 'emailSendAt', 'emailSendFailedReason', 'emailSendRecord'],
 };
 
+const CHANNEL_MAP = {
+  [NOTIFICATION_TYPES.HI]: [NOTIFICATION_SEND_CHANNEL.WALLET],
+  [NOTIFICATION_TYPES.CONNECT]: [NOTIFICATION_SEND_CHANNEL.WALLET],
+  [NOTIFICATION_TYPES.PASSTHROUGH]: [NOTIFICATION_SEND_CHANNEL.WALLET, NOTIFICATION_SEND_CHANNEL.PUSH],
+};
+
 const updateNotificationSendStatus = async ({
   node,
   teamDid,
@@ -163,10 +169,11 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
         // eg: type = 'passthrough', 'hi', 'connect', 'feed', 默认只需要通知 wallet
         const pushOnly = _notification.type && _notification.type.toLowerCase() !== NOTIFICATION_TYPES.NOTIFICATION;
 
-        // 如果是 passthrough hi connect, 只需要通知 wallet
-        const onlyWallet = [NOTIFICATION_TYPES.PASSTHROUGH, NOTIFICATION_TYPES.HI, NOTIFICATION_TYPES.CONNECT].includes(
-          _notification.type?.toLowerCase()
-        );
+        // 通知渠道的确定有两种方式 1. 用户传入的 channels 2. 根据 notification 类型确定
+        // 如果是 hi connect, 只需要通知 wallet
+        // passthrough 类型，用于 discuss kit 的 chat channel
+        // 1. push kit: native 通知快速跳转到 chat channel
+        // 2. app: 钱包消息，可以查看到接收到消息
 
         return node.createNotification({
           teamDid,
@@ -177,7 +184,7 @@ const sendToUserDid = async ({ sender, receiver: rawDid, notification, options,
           entityType: _notification.entityType || 'blocklet',
           entityId: _notification.entityId || sender.appDid,
           source: _notification.source || 'component',
-          channels: onlyWallet ? [NOTIFICATION_SEND_CHANNEL.WALLET] : channels,
+          channels: CHANNEL_MAP[_notification.type] || channels,
           sender,
           options: { ...rest },
           pushOnly,
@@ -234,7 +241,7 @@ const sendToAppDid = async ({
       }
 
       if (count <= 0 && keepForOfflineUser) {
-        logger.error('Online client was not found', { userDid: receiver });
+        logger.warn('Online client was not found', { userDid: receiver });
         await states.message.insert({
           did: receiver,
           event: EVENTS.MESSAGE,
@@ -558,7 +565,7 @@ const sendToPush = async ({ sender, receiver, notification, options, node, pushO
       return res;
     })
     .catch((err) => {
-      logger.error('Failed to send pushKit', { error: err });
+      logger.warn('Failed to send pushKit', { error: err });
       if (!pushOnly) {
         updateNotificationSendStatus({
           node,

package/api/util/federated.js

@@ -126,6 +126,10 @@ function syncFederatedUser(blocklet, node, user, sourceAppPid) {
 }
 
 async function getTrustedDomains({ node, req, blocklet }) {
+  if (!blocklet) {
+    return req.hostname ? [req.hostname] : [];
+  }
+
   const teamDid = blocklet.appPid;
   const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
     config: {
@@ -142,7 +146,7 @@ async function getTrustedDomains({ node, req, blocklet }) {
     .filter((x) => x.status === 'approved' || isMaster(x))
     .forEach((cur) => {
       try {
-        const appDomain = new URL(cur.appUrl).host;
+        const appDomain = new URL(cur.appUrl).hostname;
         if (appDomain) {
           domainList.push(appDomain);
         }

package/api/util/user-util.js

@@ -1,5 +1,5 @@
 const JWT = require('@arcblock/jwt');
-const CustomError = require('@abtnode/util/lib/custom-error');
+const { CustomError } = require('@blocklet/error');
 const { callFederated } = require('@abtnode/auth/lib/util/federated');
 const { fromAppDid } = require('@arcblock/did-ext');