npm - @abtnode/blocklet-services - Versions diffs - 1.16.45-beta-20250612-231219-481217be → 1.16.45-beta-20250618-073451-6e48fb62 - Mend

@abtnode/blocklet-services 1.16.45-beta-20250612-231219-481217be → 1.16.45-beta-20250618-073451-6e48fb62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/api/index.js CHANGED Viewed

@@ -909,12 +909,18 @@ self.blocklet = {
           proxy.off('open', setIsOpen);
           proxy.off('proxyReqWs', setProxyReq);
-          socket.write('HTTP/1.1 502 Proxy Timeout\r\n\r\n', (error) => {
-            if (error) {
-              logger.error('ws socket timeout response error', { error });
-            }
+          // Only write if socket is still open and writable
+          if (socket.writable && !socket.destroyed) {
+            socket.write('HTTP/1.1 502 Proxy Timeout\r\n\r\n', (error) => {
+              if (error) {
+                logger.error('ws socket timeout response error', { error });
+              }
+              socket.destroy();
+            });
+            // If already closed, just ensure it's destroyed
+          } else if (!socket.destroyed) {
             socket.destroy();
-          });
+          }
           proxyReq?.destroy();
           proxyReq = null;

package/api/libs/connect/session.js CHANGED Viewed

@@ -1,6 +1,5 @@
 // Holds shared logic for session-manager v1 and v2
 const get = require('lodash/get');
-const merge = require('lodash/merge');
 const { joinURL } = require('ufo');
 const formatContext = require('@abtnode/util/lib/format-context');
 const { extractUserAvatar, getAppAvatarUrl } = require('@abtnode/util/lib/user');
@@ -8,7 +7,6 @@ const {
   messages,
   validatePassportStatus,
   getPassportStatusEndpoint,
-  getApplicationInfo,
   verifyNFT,
   canSessionBeElevated,
 } = require('@abtnode/auth/lib/auth');
@@ -33,9 +31,7 @@ const {
 const { CustomError } = require('@blocklet/error');
 const { getKeyPairClaim, getAuthPrincipalForMigrateAppToV2 } = require('@abtnode/auth/lib/server');
 const { checkInvitedUserOnly } = require('@abtnode/auth/lib/oauth');
-const { fromAppDid } = require('@arcblock/did-ext');
 const { LOGIN_PROVIDER, BLOCKLET_APP_SPACE_REQUIREMENT, DID_SPACES } = require('@blocklet/constant');
-const createTranslator = require('@abtnode/util/lib/translate');
 const {
   getBlockletAppIdList,
   forEachBlockletSync,
@@ -50,16 +46,15 @@ const { PASSPORT_LOG_ACTION, PASSPORT_SOURCE, PASSPORT_STATUS } = require('@abtn
 const { getDeviceData } = require('@abtnode/util/lib/device');
 const { getVerifyAccessClaims } = require('@abtnode/auth/lib/server');
 const getOrigin = require('@abtnode/util/lib/get-origin');
+const { PASSPORT_VC_TYPES } = require('@abtnode/auth/lib/util/transfer-passport');
+const bindWallet = require('@abtnode/auth/lib/util/bind-wallet');
 const logger = require('../logger')('connect');
 const { createTokenFn, getDidConnectVersion } = require('../../util');
-const { transferPassport, PASSPORT_VC_TYPES } = require('../auth/utils');
-const { migrateAccount, declareAccount } = require('../../services/oauth/client');
 const { getKycClaims, verifyKycClaims, getPassportVc, getProfileItems } = require('../kyc');
 const { getTrustedIssuers, getFederatedTrustedIssuers } = require('../../util/blocklet-utils');
 const {
   getUserAvatarUrl,
-  migrateFederatedAccount,
   getFederatedMaster,
   shouldSyncFederated,
   getUserWithinFederated,
@@ -250,14 +245,14 @@ module.exports = {
      * }} param0
      * @returns
      */
-    onConnect: async ({ node, request, userDid, locale = 'en', passportId = '', action, baseUrl, inviter }) => {
+    onConnect: async ({ node, request, userDid, userPk, locale = 'en', passportId = '', action, baseUrl, inviter }) => {
       /**
        * @type {import('@abtnode/client').BlockletState}
        */
       const blocklet = await request.getBlocklet();
       const { accessPolicyConfig } = await request.getSecurityConfig({ id: SECURITY_RULE_DEFAULT_ID });
       const blockletInfo = await request.getBlockletInfo();
-      const { did: teamDid, wallet: blockletWallet } = blockletInfo;
+      const { did: teamDid } = blockletInfo;
       const sourceAppPid = getSourceAppPid(request);
       const profileItems = getProfileItems(blocklet.settings?.session, request.context.didwallet);
@@ -269,16 +264,7 @@ module.exports = {
         },
       };
-      const user = await node.getUser({
-        teamDid: blocklet.meta.did,
-        user: {
-          did: userDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-          blockletSk: blockletWallet.secretKey,
-        },
-      });
+      const user = await getUserWithinFederated({ sourceAppPid, teamDid, userDid, userPk }, { node, blocklet });
       const isInvitedUserOnly = accessPolicyConfig
         ? await checkInvitedUserOnly(accessPolicyConfig, node, teamDid)
@@ -1129,260 +1115,7 @@ module.exports = {
   },
   // 给 Auth0 绑定 DID Wallet 账户，基本流程与 login 一致，但在创建更新用户信息的逻辑不一样
-  bindWallet: {
-    authPrincipal: ({ email, locale, previousUserDid }) => {
-      const user = email || previousUserDid;
-      const message =
-        locale === 'zh' ? `将你的 DID Wallet 与账号 ${user} 绑定` : `Connect your DID Wallet with ${user}`;
-      return {
-        description: message,
-        supervised: true,
-      };
-    },
-    onConnect: async ({ node, request, userDid, locale, previousUserDid }) => {
-      const translations = {
-        en: {
-          notFound: "Couldn't find account information.",
-          alreadyBindOAuth: 'Your wallet account ({did}) is already bond to another email.',
-          alreadyBindWallet: 'Your email is already bond to another wallet account {did}.',
-          alreadyMainAccount:
-            'Your wallet account is already bond to this app. You cannot bind it again. Please use another wallet account or create a new one to try again.',
-        },
-        zh: {
-          notFound: '无法获取账户信息。',
-          alreadyBindOAuth: '你的钱包账户 {did} 已经与其他账户绑定。',
-          alreadyBindWallet: '当前账户已经绑定过钱包账户 {did}。',
-          alreadyMainAccount: '你的钱包账户 {did} 已绑定过该应用，无法重复绑定，请切换或新建一个钱包账户再次尝试。',
-        },
-      };
-      const t = createTranslator({ translations });
-      const { did: teamDid } = await request.getBlockletInfo();
-      const walletUser = await node.getUser({ teamDid, user: { did: userDid } });
-      if (walletUser) {
-        throw new Error(t('alreadyMainAccount', locale, { did: userDid }));
-      }
-      const oauthUser = await node.getUser({
-        teamDid,
-        user: {
-          did: previousUserDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-        },
-      });
-      if (!oauthUser) {
-        throw new Error(t('notFound', locale, { email: oauthUser.email }));
-      }
-      const sourceProvider = oauthUser.sourceProvider || LOGIN_PROVIDER.WALLET;
-      const oauthConnectedAccounts = oauthUser.connectedAccounts || [];
-      const exist = oauthConnectedAccounts.find((item) => item.provider === LOGIN_PROVIDER.WALLET);
-      if (exist) {
-        throw new Error(t('alreadyBindWallet', locale, { email: oauthUser.email, did: exist.did }));
-      }
-      const bindUser = await node.getUser({
-        teamDid,
-        user: {
-          did: userDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-        },
-      });
-      if (bindUser) {
-        const bindConnectedAccounts = bindUser.connectedAccounts || [];
-        if (bindConnectedAccounts.find((item) => item.provider === sourceProvider)) {
-          throw new Error(t('alreadyBindOAuth', locale, { email: oauthUser.email, did: userDid }));
-        }
-      }
-      const claims = {
-        profile: {
-          type: 'profile',
-          description: messages.description[locale],
-          items: ['fullName', 'avatar'],
-        },
-      };
-      // 至少需要一个 claim
-      if (oauthUser.avatar) {
-        delete claims.profile;
-      }
-      if (Object.keys(claims).length > 0) {
-        return claims;
-      }
-      return [];
-    },
-    onApprove: async ({ node, request, locale, userDid, userPk, claims, previousUserDid, baseUrl }) => {
-      const blocklet = await request.getBlocklet();
-      const sourceAppPid = getSourceAppPid(request);
-      const blockletInfo = await request.getBlockletInfo();
-      const { did: teamDid, wallet: blockletWallet } = blockletInfo;
-      const oauthUser = await node.getUser({ teamDid, user: { did: previousUserDid } });
-      const nodeInfo = await request.getNodeInfo();
-      // Check user approved
-      let bindUser = await node.getUser({
-        teamDid,
-        user: {
-          did: userDid,
-        },
-        options: {
-          enableConnectedAccount: true,
-        },
-      });
-      if (bindUser && !bindUser.approved) {
-        throw new Error(messages.notAllowedAppUser[locale]);
-      }
-      const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
-      const profileOld = claims.find((x) => x.type === 'profile') || { avatar: null };
-      const avatar = await extractUserAvatar(oauthUser.avatar || profileOld.avatar, { dataDir });
-      const profile = {
-        fullName: oauthUser.fullName,
-        avatar,
-        email: oauthUser.email,
-      };
-      if (sourceAppPid) {
-        try {
-          await migrateFederatedAccount({
-            // 目前只允许未注册过的钱包绑定 auth0，所以直接传入钱包生成的 userDid 和 userPk
-            toUserDid: userDid,
-            toUserPk: userPk,
-            fromUserDid: previousUserDid,
-            blockletInfo,
-            blocklet,
-          });
-        } catch (error) {
-          logger.error('Failed to migrate federated account', {
-            error,
-            toUserDid: userDid,
-            fromUserDid: previousUserDid,
-          });
-          if (error?.response?.data) {
-            throw new Error(error.response.data);
-          }
-          throw error;
-        }
-      } else {
-        const connectedAccounts = oauthUser?.connectedAccounts || [];
-        const sourceProvider = oauthUser?.sourceProvider;
-        const oauthAccount = connectedAccounts.find((item) => item.provider === sourceProvider);
-        const userWallet = fromAppDid(oauthAccount.id, blockletWallet.secretKey);
-        await declareAccount({ wallet: userWallet, blocklet });
-        await migrateAccount({ wallet: userWallet, blocklet, user: { did: userDid, pk: userPk } });
-      }
-      // TODO: 获取当前登录使用的 passport（无法获取到 passport.id）
-      // 使用最近一次使用的 passport 来代替
-      const mergePassport = (oauthUser.passports || []).reduce((sum, cur) => {
-        return upsertToPassports(sum, cur);
-      }, bindUser?.passports || []);
-      const mergeProfile = merge(profile, {
-        email: bindUser?.email,
-        fullName: bindUser?.fullName,
-        avatar: bindUser?.avatar,
-        inviter: bindUser?.inviter,
-        generation: bindUser?.generation,
-        emailVerified: bindUser?.emailVerified,
-        phoneVerified: bindUser?.phoneVerified,
-      });
-      const currentTime = new Date().toISOString();
-      const connectedAccount = {
-        provider: LOGIN_PROVIDER.WALLET,
-        did: userDid,
-        pk: userPk,
-        lastLoginAt: currentTime,
-        firstLoginAt: currentTime,
-        userInfo: {
-          wallet: request.context.didwallet,
-        },
-      };
-      await node.updateUser({
-        teamDid,
-        user: {
-          did: oauthUser.did,
-          pk: oauthUser.pk,
-          ...mergeProfile,
-          lastLoginIp: getRequestIP(request),
-          connectedAccounts: [connectedAccount],
-          passports: mergePassport,
-        },
-      });
-      const masterSite = getFederatedMaster(blocklet);
-      // NOTICE: 采用异步来更新，不阻塞接口的正常响应
-      if (shouldSyncFederated(sourceAppPid, blocklet)) {
-        const syncUserData = {
-          did: oauthUser.did,
-          pk: oauthUser.pk,
-          ...mergeProfile,
-          connectedAccount: [connectedAccount],
-        };
-        if (syncUserData.avatar) {
-          syncUserData.avatar = getUserAvatarUrl(syncUserData.avatar, blocklet);
-        }
-        node.syncFederated({
-          did: teamDid,
-          data: {
-            users: [
-              {
-                ...syncUserData,
-                action: 'connectAccount',
-                sourceAppPid: sourceAppPid || masterSite.appPid,
-              },
-            ],
-          },
-        });
-      }
-      if (!bindUser) {
-        bindUser = {
-          ...oauthUser,
-          // 发送 passport 的对象要设置为 wallet-did
-          did: userDid,
-          pk: userPk,
-        };
-      }
-      // FIXME：@zhanghan 统一登录的 passport 相关问题后续统一处理
-      await transferPassport(oauthUser, bindUser, {
-        req: request,
-        node,
-        nodeInfo,
-        teamDid,
-        baseUrl,
-        revokePassport: true,
-      });
-      await node.createAuditLog(
-        {
-          action: 'connectAccount',
-          args: { teamDid, connectedAccount, provider: LOGIN_PROVIDER.WALLET, userDid: oauthUser.did },
-          context: formatContext(Object.assign(request, { user: oauthUser })),
-          result: bindUser,
-        },
-        node
-      );
-      return {
-        nextWorkflowData: {
-          userDid,
-        },
-      };
-    },
-  },
+  bindWallet,
   migrateToStructV2: {
     authPrincipal: false,

package/api/libs/kyc.js CHANGED Viewed

@@ -8,10 +8,10 @@ const { Hasher } = require('@ocap/mcrypto');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { messages, getVCFromClaims } = require('@abtnode/auth/lib/auth');
 const { getPassportClaimUrl, getKycAcquireUrl } = require('@abtnode/auth/lib/passport');
+const { PASSPORT_VC_TYPES } = require('@abtnode/auth/lib/util/transfer-passport');
 const logger = require('@abtnode/logger')('@abtnode/blocklet-services/kyc');
 const { getTrustedIssuers } = require('../util/blocklet-utils');
-const { PASSPORT_VC_TYPES } = require('./auth/utils');
 const { api } = require('./api');
 const getPassportVc = async ({ claims, challenge, locale, trustedIssuers, types = PASSPORT_VC_TYPES }) => {

package/api/routes/blocklet.js CHANGED Viewed

@@ -422,7 +422,7 @@ module.exports = {
         routing: {
           webInterfaceCount,
           siteRuleCount,
-          healthy,
+          running: healthy,
         },
       });
     });

package/api/routes/csp-proxy.js CHANGED Viewed

@@ -2,6 +2,7 @@ const { getChainClient } = require('@abtnode/util/lib/get-chain-client');
 const { MAIN_CHAIN_ENDPOINT } = require('@abtnode/constant');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { default: axios } = require('axios');
+const isUrl = require('is-url');
 const logger = require('../libs/logger')('blocklet-services:csp-proxy');
@@ -20,16 +21,18 @@ module.exports = {
       const { url } = req.query;
       if (!url) {
-        res.status(400).send('Missing image URL');
+        res.status(400).send('Missing resource URL');
       }
-      try {
-        // 检查是否是一个有效的URL
-        const urlObj = new URL(url);
+      if (!isUrl(url)) {
+        res.status(400).send('Invalid resource URL');
+        return;
+      }
-        // 检查协议是否是https
-        if (urlObj.protocol !== 'https:') {
-          res.status(400).send('Invalid image URL');
+      try {
+        const tmp = new URL(url);
+        if (tmp.protocol !== 'https:') {
+          res.status(400).send('Invalid resource URL');
           return;
         }
@@ -51,16 +54,12 @@ module.exports = {
         response.data.on('error', (err) => {
           logger.error('Stream error:', err.message);
           if (!res.headersSent) {
-            res.status(500).send('Error streaming the image');
+            res.status(500).send('Error streaming the resource');
           }
         });
       } catch (error) {
-        if (error instanceof TypeError && error.message.includes('Invalid URL')) {
-          res.status(400).send('Invalid image URL');
-          return;
-        }
-        logger.error('Error fetching the image:', error.message);
-        res.status(500).send('Could not fetch the image');
+        logger.error('Error fetching the resource:', { error, url });
+        res.status(400).send(`Could not fetch the resource: ${error.message}`);
       }
     });
   },

package/api/routes/oauth/client.js CHANGED Viewed

@@ -14,6 +14,8 @@ const { CustomError } = require('@blocklet/error');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { withHttps, withTrailingSlash } = require('ufo');
 const { getLastUsedPassport } = require('@abtnode/auth/lib/passport');
+const { getAvatarByEmail, getAvatarByUrl } = require('@abtnode/util/lib/user');
+const { transferPassport } = require('@abtnode/auth/lib/util/transfer-passport');
 const logger = require('../../libs/logger')('oauth:client');
 const { OauthClient } = require('../../libs/auth');
@@ -22,7 +24,6 @@ const OAuthAuth0Legacy = require('../../libs/auth/adapters/auth0-legacy');
 const OAuthGithub = require('../../libs/auth/adapters/github');
 const OAuthGoogle = require('../../libs/auth/adapters/google');
 const OAuthApple = require('../../libs/auth/adapters/apple');
-const { getAvatarByEmail, transferPassport, getAvatarByUrl } = require('../../libs/auth/utils');
 const initJwt = require('../../libs/jwt');
 const { sendToUser } = require('../../libs/notification');
 const { createTokenFn, getDidConnectVersion, redirectWithoutCache } = require('../../util');

package/api/routes/user.js CHANGED Viewed

@@ -26,13 +26,12 @@ const createTranslator = require('@abtnode/util/lib/translate');
 const { getDeviceData } = require('@abtnode/util/lib/device');
 const { Op } = require('sequelize');
 const getOrigin = require('@abtnode/util/lib/get-origin');
+const { getAvatarByEmail, getAvatarByUrl } = require('@abtnode/util/lib/user');
 const { createTokenFn, getDidConnectVersion } = require('../util');
 const initJwt = require('../libs/jwt');
-const { getAvatarByUrl } = require('../libs/auth/utils');
 const { loginWalletSchema, loginOAuthSchema, loginUserWalletSchema, checkUserSchema } = require('../validators/login');
 const verifySig = require('../middlewares/verify-sig');
-const { getAvatarByEmail } = require('../libs/auth/utils');
 const logger = require('../libs/logger')('user');
 const ensureBlocklet = require('../middlewares/ensure-blocklet');
 const checkUser = require('../middlewares/check-user');

package/api/services/auth/connect/bind-wallet.js CHANGED Viewed

@@ -1,48 +1,6 @@
-const { bindWallet } = require('../../../libs/connect/session');
-const logger = require('../../../libs/logger')(require('../../../../package.json').name);
-const { onConnect, onApprove, authPrincipal } = bindWallet;
+const { createBindWalletRoute } = require('@abtnode/auth/lib/bind-wallet');
 // eslint-disable-next-line no-unused-vars
 module.exports = function createRoutes(node, authenticator, createSessionToken) {
-  return {
-    action: 'bind-wallet',
-    authPrincipal: false,
-    claims: {
-      authPrincipal: ({ extraParams: { locale, previousUserDid, email } }) => {
-        return authPrincipal({ locale, previousUserDid, email });
-      },
-    },
-    onConnect: ({ req, userDid, extraParams: { locale, passportId = '', componentId, previousUserDid } }) => {
-      return onConnect({
-        node,
-        request: req,
-        userDid,
-        locale,
-        passportId,
-        componentId,
-        previousUserDid,
-      });
-    },
-    onAuth: async ({ claims, userDid, userPk, extraParams: { locale, previousUserDid }, req, baseUrl }) => {
-      try {
-        const result = await onApprove({
-          node,
-          request: req,
-          locale,
-          userDid,
-          userPk,
-          baseUrl,
-          claims,
-          previousUserDid,
-        });
-        return result;
-      } catch (err) {
-        logger.error('login.error', { error: err, userDid });
-        throw new Error(err.message);
-      }
-    },
-  };
+  return createBindWalletRoute({ node });
 };

package/api/services/auth/connect/gen-access-key.js CHANGED Viewed

@@ -3,10 +3,10 @@ const { messages } = require('@abtnode/auth/lib/auth');
 const { authenticateByVc } = require('@abtnode/auth/lib/server');
 const { PASSPORT_LOG_ACTION, SERVER_ROLES } = require('@abtnode/constant');
 const formatContext = require('@abtnode/util/lib/format-context');
+const { PASSPORT_VC_TYPES } = require('@abtnode/auth/lib/util/transfer-passport');
 const logger = require('../../../libs/logger')('blocklet-service:connect-cli');
 const { utils } = require('../../../libs/connect/session');
-const { PASSPORT_VC_TYPES } = require('../../../libs/auth/utils');
 const { getTrustedIssuers } = require('../../../util/blocklet-utils');
 const allowedRoles = ['owner', 'admin'];

package/api/services/auth/connect/verify-destroy.js CHANGED Viewed

@@ -4,11 +4,11 @@ const { ROLES } = require('@abtnode/constant');
 const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
 const { fromBase64 } = require('@ocap/util');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const { PASSPORT_VC_TYPES } = require('@abtnode/auth/lib/util/transfer-passport');
 const { PASSPORT_LOG_ACTION } = require('@abtnode/constant');
 const logger = require('../../../libs/logger')();
 const { createTokenFn, getDidConnectVersion } = require('../../../util');
-const { PASSPORT_VC_TYPES } = require('../../../libs/auth/utils');
 const { getTrustedIssuers } = require('../../../util/blocklet-utils');
 const ALLOWED_ROLES = [ROLES.OWNER, ROLES.ADMIN, ROLES.MEMBER];
@@ -19,7 +19,11 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
     action: 'verify-destroy',
     onConnect: async ({ request, userDid, extraParams: { locale, payload, roles } }) => {
       const blocklet = await request.getBlocklet();
-      const user = await node.getUser({ teamDid: blocklet.appPid, user: { did: userDid } });
+      const user = await node.getUser({
+        teamDid: blocklet.appPid,
+        user: { did: userDid },
+        options: { enableConnectedAccount: true },
+      });
       if (!user) {
         throw new Error(messages.notAllowed[locale]);
       }

package/api/services/auth/connect/verify-elevated.js CHANGED Viewed

@@ -5,8 +5,9 @@ const { LOGIN_PROVIDER } = require('@blocklet/constant');
 const { getSourceAppPid } = require('@blocklet/sdk/lib/util/login');
 const { PASSPORT_LOG_ACTION } = require('@abtnode/constant');
+const { PASSPORT_VC_TYPES } = require('@abtnode/auth/lib/util/transfer-passport');
 const { createTokenFn, getDidConnectVersion } = require('../../../util');
-const { PASSPORT_VC_TYPES } = require('../../../libs/auth/utils');
 const { getTrustedIssuers } = require('../../../util/blocklet-utils');
 const allowedRoles = [ROLES.OWNER, ROLES.ADMIN, ROLES.MEMBER];
@@ -26,7 +27,11 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
         throw new Error(messages.notEnabled[locale]);
       }
-      const user = await node.getUser({ teamDid: blocklet.appPid, user: { did: userDid } });
+      const user = await node.getUser({
+        teamDid: blocklet.appPid,
+        user: { did: userDid },
+        options: { enableConnectedAccount: true },
+      });
       if (!user) {
         throw new Error(messages.notAllowed[locale]);
       }

package/api/services/auth/passport.js CHANGED Viewed

@@ -1,5 +1,14 @@
 const { getPassportStatus } = require('@abtnode/auth/lib/auth');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { CustomError } = require('@blocklet/error');
+const logger = require('../../libs/logger');
+const messages = {
+  passportStatusCheckFailed: {
+    en: 'Failed to get passport status',
+    zh: '获取通行证状态失败',
+  },
+};
 module.exports = {
   init(router, node) {
@@ -7,15 +16,19 @@ module.exports = {
       const { vcId, userDid, locale } = req.query;
       const teamDid = req.headers['x-blocklet-did'];
-      // HACK: 这里的 req.query.teamDid 可能是 blocklet 容器化之前的 teamDid(等于 blocklet.yml did)，需要根据这个 did 找到现有对应的 teamDid，否则无法使用在容器化之前颁发的通行证来登录
-      const blocklet = await node.getBlocklet({ did: req.query.teamDid, useCache: true });
-      if (teamDid !== blocklet?.meta?.did) {
-        throw new Error('teamDid is invalid');
-      }
+      try {
+        // HACK: 2025-06-13 经沟通，不再对 query 中的 teamDid 做校验，应该直接使用 req.headers['x-blocklet-did'] 中的 teamDid
+        const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
-      const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
+        res.json(status);
+      } catch (err) {
+        logger.error('failed to get passport status', { teamDid, userDid, vcId, locale, err });
-      res.json(status);
+        if (err instanceof CustomError) {
+          throw err;
+        }
+        throw new CustomError(500, messages.passportStatusCheckFailed[locale] || messages.passportStatusCheckFailed.en);
+      }
     });
   },
 };

package/api/services/auth/session.js CHANGED Viewed

@@ -113,10 +113,10 @@ module.exports = {
         // FIXME: @zhanghan BlockletSDK 和 Aistro 来的请求暂时不需要检查 visitorId，需要在 aistro 适配新的逻辑
         await req.ensureUser({ token, appPid, blockletInfo });
       } else {
-        await req.ensureUser({ token, visitorId, appPid, blockletInfo });
+        await req.ensureUser({ token, appPid, blockletInfo, visitorId });
       }
       if (!req.user) {
-        res.json({ user: null });
+        res.status(401).json({ error: 'not login' });
         return;
       }