@abtnode/blocklet-services 1.16.47-beta-20250721-025348-9ccb2d62 → 1.16.47-beta-20250721-130532-61549a96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/api/middlewares/launcher-login.js +34 -15
  2. package/package.json +23 -23
package/api/middlewares/launcher-login.js CHANGED
@@ -1,4 +1,5 @@
1
1
  const JWT = require('@arcblock/jwt');
2
+ const { v4: generateId } = require('uuid');
2
3
  const { isSameDid } = require('@ocap/util');
3
4
  const { getDeviceData } = require('@abtnode/util/lib/device');
4
5
  const getRequestIP = require('@abtnode/util/lib/get-request-ip');
@@ -20,6 +21,7 @@ const launcherLogin = (node, options) => async (req, res, next) => {
20
21
 
21
22
  const blocklet = await req.getBlocklet();
22
23
  if (!blocklet.controller) {
24
+ logger.debug('Launcher login is not supported for this blocklet', { blockletDid: blocklet.appDid });
23
25
  return next();
24
26
  }
25
27
 
@@ -28,12 +30,24 @@ const launcherLogin = (node, options) => async (req, res, next) => {
28
30
  const decoded = JWT.decode(token);
29
31
  const info = await req.getNodeInfo();
30
32
 
31
- if (
32
- isSameDid(decoded.iss, info.registerInfo?.appId) && // ensure the token is signed by launcher attached to this server
33
- isSameDid(decoded.oid, blocklet.settings?.owner?.did) && // ensure the owner is not changed, if transfer ownership, the token will be invalid
34
- decoded.lid === blocklet.controller.launcherSessionId && // ensure this blocklet is launched by launcher
35
- [blocklet.appDid, blocklet.appPid].includes(decoded.aid) // ensure we are visiting the same blocklet as launcher
36
- ) {
33
+ const isSameLauncher = isSameDid(decoded.iss, info.registerInfo?.appId);
34
+ const isSameOwner = isSameDid(decoded.oid, blocklet.settings?.owner?.did);
35
+ const isSameLauncherSessionId = decoded.lid === blocklet.controller.launcherSessionId;
36
+ const isSameBlocklet = [blocklet.appDid, blocklet.appPid].includes(decoded.aid);
37
+
38
+ logger.debug('Launcher login check', {
39
+ isSameLauncher,
40
+ isSameOwner,
41
+ isSameLauncherSessionId,
42
+ isSameBlocklet,
43
+ decoded,
44
+ owner: blocklet.settings?.owner,
45
+ launcher: info.registerInfo,
46
+ controller: blocklet.controller,
47
+ appDids: [blocklet.appDid, blocklet.appPid],
48
+ });
49
+
50
+ if (isSameLauncher && isSameOwner && isSameLauncherSessionId && isSameBlocklet) {
37
51
  const verified = await JWT.verify(token, info.registerInfo?.appPk);
38
52
  if (verified) {
39
53
  const user = await node.getUser({
@@ -59,16 +73,19 @@ const launcherLogin = (node, options) => async (req, res, next) => {
59
73
  },
60
74
  blocklet.settings?.session || {}
61
75
  );
76
+
77
+ const visitorId = decoded.vid || req.cookies?.vid || generateId();
78
+
62
79
  logger.info('done auto login for launcher user', {
63
80
  appPid: blocklet.appPid,
64
81
  userDid: user.did,
65
- visitorId: decoded.vid,
82
+ visitorId,
66
83
  });
67
84
 
68
85
  await node.upsertUserSession({
69
86
  teamDid: blocklet.appPid,
70
87
  userDid: user.did,
71
- visitorId: decoded.vid,
88
+ visitorId,
72
89
  appPid: blocklet.appPid,
73
90
  passportId: null,
74
91
  status: 'online',
@@ -87,14 +104,16 @@ const launcherLogin = (node, options) => async (req, res, next) => {
87
104
  secure: true,
88
105
  sameSite: 'lax',
89
106
  });
90
- if (decoded.vid) {
91
- res.cookie('vid', decoded.vid, {
92
- maxAge: 365 * 24 * 60 * 60 * 1000,
93
- secure: true,
94
- sameSite: 'lax',
95
- });
96
- }
107
+ res.cookie('vid', visitorId, {
108
+ maxAge: 365 * 24 * 60 * 60 * 1000,
109
+ secure: true,
110
+ sameSite: 'lax',
111
+ });
112
+ } else {
113
+ logger.warn('Launcher login failed, user is revoked', { userDid: user?.did });
97
114
  }
115
+ } else {
116
+ logger.warn('Launcher login failed, token is invalid', { token, verified });
98
117
  }
99
118
  }
100
119
  } catch (err) {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "1.16.47-beta-20250721-025348-9ccb2d62",
6
+ "version": "1.16.47-beta-20250721-130532-61549a96",
7
7
  "description": "Provide unified services for every blocklet",
8
8
  "main": "api/index.js",
9
9
  "files": [
@@ -34,18 +34,18 @@
34
34
  "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
35
35
  "license": "Apache-2.0",
36
36
  "dependencies": {
37
- "@abtnode/analytics": "1.16.47-beta-20250721-025348-9ccb2d62",
38
- "@abtnode/auth": "1.16.47-beta-20250721-025348-9ccb2d62",
39
- "@abtnode/client": "1.16.47-beta-20250721-025348-9ccb2d62",
40
- "@abtnode/connect-storage": "1.16.47-beta-20250721-025348-9ccb2d62",
41
- "@abtnode/constant": "1.16.47-beta-20250721-025348-9ccb2d62",
42
- "@abtnode/core": "1.16.47-beta-20250721-025348-9ccb2d62",
43
- "@abtnode/cron": "1.16.47-beta-20250721-025348-9ccb2d62",
44
- "@abtnode/db-cache": "1.16.47-beta-20250721-025348-9ccb2d62",
45
- "@abtnode/logger": "1.16.47-beta-20250721-025348-9ccb2d62",
46
- "@abtnode/models": "1.16.47-beta-20250721-025348-9ccb2d62",
47
- "@abtnode/router-templates": "1.16.47-beta-20250721-025348-9ccb2d62",
48
- "@abtnode/util": "1.16.47-beta-20250721-025348-9ccb2d62",
37
+ "@abtnode/analytics": "1.16.47-beta-20250721-130532-61549a96",
38
+ "@abtnode/auth": "1.16.47-beta-20250721-130532-61549a96",
39
+ "@abtnode/client": "1.16.47-beta-20250721-130532-61549a96",
40
+ "@abtnode/connect-storage": "1.16.47-beta-20250721-130532-61549a96",
41
+ "@abtnode/constant": "1.16.47-beta-20250721-130532-61549a96",
42
+ "@abtnode/core": "1.16.47-beta-20250721-130532-61549a96",
43
+ "@abtnode/cron": "1.16.47-beta-20250721-130532-61549a96",
44
+ "@abtnode/db-cache": "1.16.47-beta-20250721-130532-61549a96",
45
+ "@abtnode/logger": "1.16.47-beta-20250721-130532-61549a96",
46
+ "@abtnode/models": "1.16.47-beta-20250721-130532-61549a96",
47
+ "@abtnode/router-templates": "1.16.47-beta-20250721-130532-61549a96",
48
+ "@abtnode/util": "1.16.47-beta-20250721-130532-61549a96",
49
49
  "@arcblock/did": "1.20.16",
50
50
  "@arcblock/did-auth": "1.20.16",
51
51
  "@arcblock/did-ext": "1.20.16",
@@ -55,18 +55,18 @@
55
55
  "@arcblock/jwt": "1.20.16",
56
56
  "@arcblock/validator": "1.20.16",
57
57
  "@arcblock/ws": "1.20.16",
58
- "@blocklet/constant": "1.16.47-beta-20250721-025348-9ccb2d62",
58
+ "@blocklet/constant": "1.16.47-beta-20250721-130532-61549a96",
59
59
  "@blocklet/dbhub": "^0.2.9",
60
- "@blocklet/env": "1.16.47-beta-20250721-025348-9ccb2d62",
60
+ "@blocklet/env": "1.16.47-beta-20250721-130532-61549a96",
61
61
  "@blocklet/error": "^0.2.5",
62
62
  "@blocklet/form-builder": "^0.1.12",
63
63
  "@blocklet/form-collector": "^0.1.8",
64
- "@blocklet/images": "1.16.47-beta-20250721-025348-9ccb2d62",
65
- "@blocklet/js-sdk": "1.16.47-beta-20250721-025348-9ccb2d62",
64
+ "@blocklet/images": "1.16.47-beta-20250721-130532-61549a96",
65
+ "@blocklet/js-sdk": "1.16.47-beta-20250721-130532-61549a96",
66
66
  "@blocklet/mcp": "^1.10.2",
67
- "@blocklet/meta": "1.16.47-beta-20250721-025348-9ccb2d62",
68
- "@blocklet/rate-limit": "1.16.47-beta-20250721-025348-9ccb2d62",
69
- "@blocklet/sdk": "1.16.47-beta-20250721-025348-9ccb2d62",
67
+ "@blocklet/meta": "1.16.47-beta-20250721-130532-61549a96",
68
+ "@blocklet/rate-limit": "1.16.47-beta-20250721-130532-61549a96",
69
+ "@blocklet/sdk": "1.16.47-beta-20250721-130532-61549a96",
70
70
  "@blocklet/theme": "^3.0.26",
71
71
  "@blocklet/theme-builder": "0.4.2",
72
72
  "@blocklet/uploader-server": "^0.2.2",
@@ -123,7 +123,7 @@
123
123
  "whatwg-url": "14.0.0"
124
124
  },
125
125
  "devDependencies": {
126
- "@abtnode/ux": "1.16.47-beta-20250721-025348-9ccb2d62",
126
+ "@abtnode/ux": "1.16.47-beta-20250721-130532-61549a96",
127
127
  "@arcblock/bridge": "^3.0.26",
128
128
  "@arcblock/did-connect": "^3.0.26",
129
129
  "@arcblock/icons": "^3.0.26",
@@ -133,7 +133,7 @@
133
133
  "@blocklet/did-space-react": "^1.1.7",
134
134
  "@blocklet/launcher-layout": "^3.0.26",
135
135
  "@blocklet/payment-react": "^1.19.5",
136
- "@blocklet/tracker": "1.16.47-beta-20250721-025348-9ccb2d62",
136
+ "@blocklet/tracker": "1.16.47-beta-20250721-130532-61549a96",
137
137
  "@blocklet/ui-react": "^3.0.26",
138
138
  "@blocklet/uploader": "^0.2.4",
139
139
  "@emotion/react": "^11.14.0",
@@ -213,5 +213,5 @@
213
213
  "url": "https://github.com/ArcBlock/blocklet-server/issues",
214
214
  "email": "shijun@arcblock.io"
215
215
  },
216
- "gitHead": "e51fdc32b26511dd1d2297659e9aa5fa83768c40"
216
+ "gitHead": "78041763148c9b98245c28ff176ff0fc9acbd071"
217
217
  }