npm - @abtnode/blocklet-services - Versions diffs - 1.16.53-beta-20251011-054719-4ed2f6b7 → 1.16.53-beta-20251013-005429-ca3b05de - Mend

@abtnode/blocklet-services 1.16.53-beta-20251011-054719-4ed2f6b7 → 1.16.53-beta-20251013-005429-ca3b05de

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (127) hide show

package/api/index.js CHANGED Viewed

@@ -337,23 +337,13 @@ module.exports = function createServer(node, serverOptions = {}) {
   async function wrapHelmet({ req, res, securityConfig, blocklet, info }, next) {
     let config = securityConfig?.responseHeaderPolicy?.securityHeader || {};
     config = cleanConfigOverride(config);
-    const referer = req.get('referer');
     // NOTICE: 获取当前站点所有可信的域名
-    const trustedDomains = await federatedUtil.getTrustedDomains({ node, req, blocklet });
-    // 为了避免 header 过大，这里仅保留 referer 的域名
-    const filteredTrustedDomains = trustedDomains.filter((x) => {
-      if (referer) {
-        try {
-          const refererUrl = new URL(referer);
-          return refererUrl.hostname === x;
-        } catch (err) {
-          // FIXME: @LiuShuang 这里处错误信息不重要，先打印先忽略
-          // logger.error('Failed to parse referer', { referer, err });
-        }
-      }
-      return false;
-    });
-    config = await patchResponseHeader(config, { node, blocklet, trustedDomains: filteredTrustedDomains });
+    const trustedDomains = await federatedUtil.getTrustedDomains({ node, req, blocklet, minimal: true });
+    // NOTICE: 这里需要使用全量的可信域名
+    // 1. 用户直接打开指定网址 referer 会是空，无法应用匹配规则
+    // 2. 用户从其他网站(非当前 blocklet)跳过来，referer 会是跳转前的网址，无法应用匹配规则
+    // 综上，必须使用全量的可信域名，来确保统一登录可用
+    config = await patchResponseHeader(config, { node, blocklet, trustedDomains });
     // TODO: @zhanghan apply these to user defined rules
     if (
@@ -467,12 +457,13 @@ module.exports = function createServer(node, serverOptions = {}) {
             'https://*.youtu.be',
             'https://*.vimeo.com',
             ...whitelist.official,
+            ...trustedDomains.filter(Boolean).map((x) => `https://${x}`),
           ].filter(Boolean),
           frameAncestors: [
             "'self'",
             ...whitelist.spaces,
             ...whitelist.official,
-            ...filteredTrustedDomains.filter(Boolean).map((x) => `https://${x}`),
+            ...trustedDomains.filter(Boolean).map((x) => `https://${x}`),
           ].filter(Boolean),
           manifestSrc: ["'self'", ASSET_CDN_HOST],
         },

package/api/util/federated.js CHANGED Viewed

@@ -114,7 +114,7 @@ function syncFederatedUser(blocklet, node, user, sourceAppPid) {
   }
 }
-async function getTrustedDomains({ node, req, blocklet }) {
+async function getTrustedDomains({ node, req, blocklet, minimal = false }) {
   if (!blocklet) {
     return req.hostname ? [req.hostname] : [];
   }
@@ -127,9 +127,12 @@ async function getTrustedDomains({ node, req, blocklet }) {
     },
     sites: [],
   });
-  const nodeInfo = await req.getNodeInfo();
-  const domainAliases = await node.getBlockletDomainAliases({ blocklet, nodeInfo });
-  const domainList = domainAliases.map((item) => item.value);
+  const domainList = [];
+  if (!minimal) {
+    const nodeInfo = await req.getNodeInfo();
+    const domainAliases = await node.getBlockletDomainAliases({ blocklet, nodeInfo });
+    domainList.push(...domainAliases.map((item) => item.value));
+  }
   federated.sites
     // 只展示状态是 approved 的站点为可信域名
     .filter((x) => x.status === 'approved' || isMaster(x))
@@ -142,7 +145,9 @@ async function getTrustedDomains({ node, req, blocklet }) {
       } catch {
         logger.error('Failed to get domain from appUrl', { appUrl: cur.appUrl });
       }
-      domainList.push(...(cur?.aliasDomain || []));
+      if (!minimal) {
+        domainList.push(...(cur?.aliasDomain || []));
+      }
     });
   const result = [...new Set(domainList)];
   return result;

package/dist/assets/{access-control-abOzA88J.js → access-control-7gWIJZpX.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import{D as E,j as e,ak as l,y as h,bq as A,b6 as g,br as L,at as N,W as y}from"./vendor-mui-core-DRxbhqaK.js";import{r as m}from"./vendor-react-Dvs43sk9.js";import{T as I,H as j}from"./vendor-ux-B9VfuZTg.js";import{A as b}from"./config-DuFudWCR.js";import{a as O}from"./page-header-DvSb4Cmz.js";import{l as v,e as R,c as o,f as T}from"./index-CDK4fL-O.js";import{S as Y}from"./layout-BZEqr9pw.js";import{S as D}from"./step-actions-DMXYHHE_.js";import{S as P}from"./button-BmGMF4AE.js";import"./vendor-utils-CUDP56Ff.js";import"./vendor-hooks-BlA8TRnZ.js";import"./lottie-web-4koyQiv_.js";import"./vendor-arcblock-DeeG8u0h.js";import"./content-layout-B9tc9LCL.js";import"./use-mobile-D6YQgajG.js";function W({onNext:a=()=>{}}){const C=E(),{t:n,locale:p}=I(),[i,c]=m.useState(!1),[S,d]=m.useState(""),{blocklet:r}=v();m.useEffect(()=>{const t=R.findServiceFromMeta(r.meta,o.NODE_SERVICES.AUTH);d(t?.config?.whoCanAccess||o.WHO_CAN_ACCESS.ALL)},[r]);const f=async t=>{let s=o.ACCESS_POLICY_PUBLIC;t===o.WHO_CAN_ACCESS.ALL?s=o.ACCESS_POLICY_PUBLIC:t===o.WHO_CAN_ACCESS.INVITED?s=o.ACCESS_POLICY_INVITED_ONLY:t===o.WHO_CAN_ACCESS.OWNER?s=o.ACCESS_POLICY_OWNER_ONLY:t===o.WHO_CAN_ACCESS.ADMIN&&(s=o.ACCESS_POLICY_ADMIN_ONLY);try{c(!0),await T.updateBlockletSecurityRule({input:{did:r.meta.did,data:{id:o.SECURITY_RULE_DEFAULT_ID,accessPolicyId:s}}}),c(!1)}catch(_){c(!1),j.error(_.message)}},x=async t=>{i||(d(t.target.value),await f(t.target.value))},u={marginRight:4,fontSize:18,verticalAlign:"text-bottom",color:C.palette.text.secondary};return e.jsxs(k,{children:[e.jsx(l,{className:"header",children:e.jsx(O,{title:n("blocklet.config.access.title"),subTitle:n("blocklet.config.access.description")})}),e.jsx(l,{className:"form-container",children:e.jsx(h,{component:"fieldset",children:e.jsx(A,{name:"inherit",value:S,onChange:x,children:b.map(t=>e.jsxs(l,{sx:{mb:2,"&:last-child":{mb:0}},children:[e.jsx(g,{value:t.value,control:e.jsx(L,{size:"small",color:"primary"}),label:e.jsxs("span",{style:{display:"flex",alignItems:"center",position:"relative"},children:[e.jsx(t.icon,{style:u}),e.jsx("span",{style:{marginTop:2},children:t.title[p]})]})}),e.jsx(l,{className:"tip",children:t.description[p]})]},t.value))})})}),e.jsx(D,{mt:8,disabled:i,blocklet:r,onStartNow:()=>a("complete"),children:e.jsx(P,{loading:i,variant:"contained",disabled:i,onClick:()=>a(),children:n("setup.continue")})})]})}W.propTypes={onNext:y.func};const k=N(Y)`
+import{D as E,j as e,ak as l,y as h,bq as A,b6 as g,br as L,at as N,W as y}from"./vendor-mui-core-DRxbhqaK.js";import{r as m}from"./vendor-react-Dvs43sk9.js";import{T as I,H as j}from"./vendor-ux-B9VfuZTg.js";import{A as b}from"./config-D8oltJzP.js";import{a as O}from"./page-header-DvSb4Cmz.js";import{l as v,e as R,c as o,f as T}from"./index-Dkx4Mp12.js";import{S as Y}from"./layout-3MwmBHGM.js";import{S as D}from"./step-actions-C6BvFfMg.js";import{S as P}from"./button-BmGMF4AE.js";import"./vendor-utils-CUDP56Ff.js";import"./vendor-hooks-BlA8TRnZ.js";import"./lottie-web-4koyQiv_.js";import"./vendor-arcblock-DeeG8u0h.js";import"./content-layout-B9tc9LCL.js";import"./use-mobile-D6YQgajG.js";function W({onNext:a=()=>{}}){const C=E(),{t:n,locale:p}=I(),[i,c]=m.useState(!1),[S,d]=m.useState(""),{blocklet:r}=v();m.useEffect(()=>{const t=R.findServiceFromMeta(r.meta,o.NODE_SERVICES.AUTH);d(t?.config?.whoCanAccess||o.WHO_CAN_ACCESS.ALL)},[r]);const f=async t=>{let s=o.ACCESS_POLICY_PUBLIC;t===o.WHO_CAN_ACCESS.ALL?s=o.ACCESS_POLICY_PUBLIC:t===o.WHO_CAN_ACCESS.INVITED?s=o.ACCESS_POLICY_INVITED_ONLY:t===o.WHO_CAN_ACCESS.OWNER?s=o.ACCESS_POLICY_OWNER_ONLY:t===o.WHO_CAN_ACCESS.ADMIN&&(s=o.ACCESS_POLICY_ADMIN_ONLY);try{c(!0),await T.updateBlockletSecurityRule({input:{did:r.meta.did,data:{id:o.SECURITY_RULE_DEFAULT_ID,accessPolicyId:s}}}),c(!1)}catch(_){c(!1),j.error(_.message)}},x=async t=>{i||(d(t.target.value),await f(t.target.value))},u={marginRight:4,fontSize:18,verticalAlign:"text-bottom",color:C.palette.text.secondary};return e.jsxs(k,{children:[e.jsx(l,{className:"header",children:e.jsx(O,{title:n("blocklet.config.access.title"),subTitle:n("blocklet.config.access.description")})}),e.jsx(l,{className:"form-container",children:e.jsx(h,{component:"fieldset",children:e.jsx(A,{name:"inherit",value:S,onChange:x,children:b.map(t=>e.jsxs(l,{sx:{mb:2,"&:last-child":{mb:0}},children:[e.jsx(g,{value:t.value,control:e.jsx(L,{size:"small",color:"primary"}),label:e.jsxs("span",{style:{display:"flex",alignItems:"center",position:"relative"},children:[e.jsx(t.icon,{style:u}),e.jsx("span",{style:{marginTop:2},children:t.title[p]})]})}),e.jsx(l,{className:"tip",children:t.description[p]})]},t.value))})})}),e.jsx(D,{mt:8,disabled:i,blocklet:r,onStartNow:()=>a("complete"),children:e.jsx(P,{loading:i,variant:"contained",disabled:i,onClick:()=>a(),children:n("setup.continue")})})]})}W.propTypes={onNext:y.func};const k=N(Y)`
   height: 100%;
   overflow-y: auto;
   .header {