@abtnode/blocklet-services 1.16.6-beta-593a7a98 → 1.16.6-beta-e2082fec

package/api/libs/connect/session.js

@@ -204,7 +204,14 @@ module.exports = {
       action,
     }) => {
       const blocklet = await request.getBlocklet();
-      const { wallet, name, passportColor, did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const {
+        wallet,
+        secret,
+        name,
+        passportColor,
+        did: teamDid,
+        wallet: blockletWallet,
+      } = await request.getBlockletInfo();
 
       // Check user approved
       const user = await node.getUser({
@@ -385,7 +392,7 @@ module.exports = {
       }
 
       // Generate new session token that client can save to localStorage
-      const sessionToken = await createSessionToken(realDid, { passport, role });
+      const sessionToken = await createSessionToken(realDid, { secret, passport, role });
       logger.info(`${action}.success`, { userDid: realDid, role });
 
       if (
@@ -561,7 +568,7 @@ module.exports = {
       componentId,
     }) => {
       const blocklet = await request.getBlocklet();
-      const { name, did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const { name, did: teamDid, wallet: blockletWallet, secret } = await request.getBlockletInfo();
 
       // Validate user
       const user = await node.getUser({
@@ -639,7 +646,7 @@ module.exports = {
       );
 
       // Generate new session token that client can save to localStorage
-      const sessionToken = await createSessionToken(userDid, { passport, role });
+      const sessionToken = await createSessionToken(userDid, { secret, passport, role });
       return sessionToken;
     },
   },

package/api/libs/jwt.js

@@ -14,14 +14,9 @@ const getUser = async (node, teamDid, userDid) => {
 
 // eslint-disable-next-line no-unused-vars
 const initJwt = (node, options) => {
-  const secret = options.sessionSecret;
-  const ttl = options.sessionTtl || '1d';
+  const ttl = options.sessionTtl || '7d';
 
-  if (!secret) {
-    throw new Error('Auth service require a non-empty session secret to start');
-  }
-
-  const createSessionToken = async (did, { role, passport }) =>
+  const createSessionToken = async (did, { role, secret, passport }) =>
     createAuthToken({
       did,
       passport,
@@ -30,7 +25,7 @@ const initJwt = (node, options) => {
       expiresIn: ttl,
     });
 
-  const verifySessionToken = (token, teamDid) =>
+  const verifySessionToken = (token, secret, teamDid) =>
     // eslint-disable-next-line implicit-arrow-linebreak
     new Promise((resolve, reject) => {
       jwt.verify(token, secret, async (err, decoded) => {

package/api/routes/oauth.js

@@ -65,7 +65,7 @@ async function login(req, node, options) {
   }
   const authClient = getAuthClient(blocklet, provider);
 
-  const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
+  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
   const config = await req.getServiceConfig(NODE_SERVICES.AUTH, { componentId });
   const nodeInfo = await req.getNodeInfo();
   const { dataDir } = await getApplicationInfo({ node, nodeInfo, teamDid });
@@ -155,6 +155,7 @@ async function login(req, node, options) {
   const { createSessionToken } = initJwt(node, options);
 
   const sessionToken = await createSessionToken(currentUser.did, {
+    secret,
     passport,
     role: passport.role,
   });
@@ -166,7 +167,7 @@ async function invite(req, node, options) {
   const blocklet = await req.getBlocklet();
   const authClient = getAuthClient(blocklet, provider);
 
-  const { did: teamDid, wallet: blockletWallet } = await req.getBlockletInfo();
+  const { did: teamDid, wallet: blockletWallet, secret } = await req.getBlockletInfo();
   const nodeInfo = await req.getNodeInfo();
   const oauthInfo = await authClient.getProfile(token);
   const userWallet = fromAppDid(oauthInfo.sub, blockletWallet.secretKey, types.RoleType.ROLE_ACCOUNT);
@@ -265,7 +266,7 @@ async function invite(req, node, options) {
 
   const { createSessionToken } = initJwt(node, options);
 
-  const sessionToken = await createSessionToken(userDid, { passport, role });
+  const sessionToken = await createSessionToken(userDid, { secret, passport, role });
   return sessionToken;
 }
 
@@ -434,7 +435,7 @@ module.exports = {
     server.post(`${prefix}/switch`, async (req, res) => {
       const userDid = req.user.did;
       const { passportId } = req.body;
-      const { did: teamDid } = await req.getBlockletInfo();
+      const { did: teamDid, secret } = await req.getBlockletInfo();
       // NOTICE: 这里获取的 did 是当前登录用户的永久 did，无需查询 connectedAccount
       const user = await node.getUser({ teamDid, user: { did: userDid } });
       const { passports = [] } = user || {};
@@ -449,7 +450,7 @@ module.exports = {
         node
       );
       const { createSessionToken } = initJwt(node, options);
-      const sessionToken = await createSessionToken(userDid, { passport, role: passport.role });
+      const sessionToken = await createSessionToken(userDid, { secret, passport, role: passport.role });
       res.status(200).send(sessionToken);
     });
 

package/api/services/auth/connect/invite.js

@@ -53,6 +53,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
     onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl }) => {
       const { locale, inviteId } = extraParams;
       const nodeInfo = await req.getNodeInfo();
+      const { secret } = await req.getBlockletInfo();
       const teamDid = req.headers['x-blocklet-did'];
       const statusEndpointBaseUrl = joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX);
       const endpoint = baseUrl;
@@ -72,7 +73,7 @@ module.exports = function createRoutes(node, authenticator, createSessionToken)
       });
 
       // Generate new session token that client can save to localStorage
-      const sessionToken = await createSessionToken(userDid, { passport, role });
+      const sessionToken = await createSessionToken(userDid, { secret, passport, role });
       await updateSession({ sessionToken }, true);
       await updateSession({ passportId: response.data.id });
       logger.info('invite.success', { userDid });

package/api/services/auth/connect/receive-transfer-app-owner.js

@@ -202,6 +202,7 @@ module.exports = function createRoutes(node, _, createSessionToken) {
         wallet: issuerWallet,
         passportColor,
         dataDir,
+        secret,
       } = await getApplicationInfo({ node, teamDid: appPid });
 
       const statusEndpointBaseUrl = baseUrl;
@@ -367,7 +368,7 @@ module.exports = function createRoutes(node, _, createSessionToken) {
       logger.info('transfer ownership success', { userDid });
 
       // Generate new session token that client can save to localStorage
-      const sessionToken = await createSessionToken(userDid, { passport: vc, role });
+      const sessionToken = await createSessionToken(userDid, { secret, passport: vc, role });
       await updateSession({ sessionToken }, true);
       await updateSession({ passportId: vc?.id });
       logger.info('invite.success', { userDid });

package/api/services/auth/connect/setup.js

@@ -48,6 +48,7 @@ module.exports = function createRoutes(node, _authenticator, createSessionToken)
       const blocklet = await req.getBlocklet();
       const teamDid = blocklet.meta.did;
       const user = await checkOwner({ node, userDid, blocklet });
+      const { secret } = await req.getBlockletInfo();
 
       // ensure owner proof form previous workflow
       if (!proof || !proof.claim || !proof.pk) {
@@ -109,7 +110,7 @@ module.exports = function createRoutes(node, _authenticator, createSessionToken)
         }
 
         // Generate new session token that client can save to localStorage
-        const sessionToken = await createSessionToken(userDid, { role: 'owner' });
+        const sessionToken = await createSessionToken(userDid, { secret, role: 'owner' });
         await updateSession({ sessionToken }, true);
         logger.info('setup.connect.success', { userDid });
       } catch (err) {

package/api/services/auth/index.js

@@ -69,7 +69,8 @@ const init = ({ node, options }) => {
     try {
       if (token) {
         const teamDid = req.getBlockletDid();
-        const result = await verifySessionToken(token, teamDid);
+        const { secret } = await req.getBlockletInfo();
+        const result = await verifySessionToken(token, secret, teamDid);
         if (result && result.avatar && result.avatar.startsWith(USER_AVATAR_URL_PREFIX)) {
           result.avatar = `${WELLKNOWN_SERVICE_PATH_PREFIX}${USER_AVATAR_PATH_PREFIX}/${
             result.avatar.split('/').slice(-1)[0]

package/api/services/auth/session.js

@@ -27,9 +27,10 @@ module.exports = {
         let nextToken = '';
         if (req.query[encKey]) {
           try {
+            const { secret } = await req.getBlockletInfo();
             const encryptionKey = decodeEncryptionKey(req.query[encKey]);
             nextToken = JSON.stringify(
-              await createSessionToken(user.did, { passport: user.passport, role: user.role })
+              await createSessionToken(user.did, { secret, passport: user.passport, role: user.role })
             );
             nextToken = Buffer.from(SealedBox.seal(Buffer.from(nextToken), encryptionKey)).toString('base64');
           } catch {

package/api/util/attach-shared-utils.js

@@ -88,7 +88,7 @@ module.exports = ({ node, req, options }) => {
     const did = req.getBlockletDid();
     const context = req.getServiceContext();
 
-    return cache.getBlocklet({ did, context, node, force: useCache });
+    return cache.getBlocklet({ did, context, node, force: !useCache });
   };
 
   req.getNodeInfo = () => cache.getNodeInfo({ node });

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.6-beta-593a7a98",
+  "version": "1.16.6-beta-e2082fec",
   "description": "Provide unified services for every blocklet",
   "main": "api/index.js",
   "files": [
@@ -31,16 +31,16 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/auth": "1.16.6-beta-593a7a98",
-    "@abtnode/client": "1.16.6-beta-593a7a98",
-    "@abtnode/constant": "1.16.6-beta-593a7a98",
-    "@abtnode/core": "1.16.6-beta-593a7a98",
-    "@abtnode/cron": "1.16.6-beta-593a7a98",
-    "@abtnode/db": "1.16.6-beta-593a7a98",
-    "@abtnode/logger": "1.16.6-beta-593a7a98",
-    "@abtnode/router-adapter": "1.16.6-beta-593a7a98",
-    "@abtnode/router-templates": "1.16.6-beta-593a7a98",
-    "@abtnode/util": "1.16.6-beta-593a7a98",
+    "@abtnode/auth": "1.16.6-beta-e2082fec",
+    "@abtnode/client": "1.16.6-beta-e2082fec",
+    "@abtnode/constant": "1.16.6-beta-e2082fec",
+    "@abtnode/core": "1.16.6-beta-e2082fec",
+    "@abtnode/cron": "1.16.6-beta-e2082fec",
+    "@abtnode/db": "1.16.6-beta-e2082fec",
+    "@abtnode/logger": "1.16.6-beta-e2082fec",
+    "@abtnode/router-adapter": "1.16.6-beta-e2082fec",
+    "@abtnode/router-templates": "1.16.6-beta-e2082fec",
+    "@abtnode/util": "1.16.6-beta-e2082fec",
     "@arcblock/did": "^1.18.77",
     "@arcblock/did-auth": "1.18.77",
     "@arcblock/did-auth-storage-nedb": "^1.7.1",
@@ -48,11 +48,11 @@
     "@arcblock/event-hub": "1.18.77",
     "@arcblock/jwt": "1.18.77",
     "@arcblock/ws": "1.18.77",
-    "@blocklet/constant": "1.16.6-beta-593a7a98",
+    "@blocklet/constant": "1.16.6-beta-e2082fec",
     "@blocklet/form-builder": "^0.1.11",
     "@blocklet/form-collector": "^0.1.6",
-    "@blocklet/meta": "1.16.6-beta-593a7a98",
-    "@blocklet/sdk": "1.16.6-beta-593a7a98",
+    "@blocklet/meta": "1.16.6-beta-e2082fec",
+    "@blocklet/sdk": "1.16.6-beta-e2082fec",
     "@did-connect/authenticator": "^2.1.54",
     "@did-connect/relay-adapter-express": "^2.1.54",
     "@did-connect/storage-nedb": "^2.1.54",
@@ -89,7 +89,7 @@
     "@nedb/multi": "^2.0.5"
   },
   "devDependencies": {
-    "@abtnode/ux": "1.16.6-beta-593a7a98",
+    "@abtnode/ux": "1.16.6-beta-e2082fec",
     "@arcblock/did-connect": "^2.5.36",
     "@arcblock/icons": "^2.5.36",
     "@arcblock/ux": "^2.5.36",
@@ -155,5 +155,5 @@
     "url": "https://github.com/ArcBlock/blocklet-server/issues",
     "email": "shijun@arcblock.io"
   },
-  "gitHead": "5ea65d1ddc91e997f029741f01ce453464d86666"
+  "gitHead": "851e0ab17f1c6e160aedc47fcdbf7dd54dfa7237"
 }