@abtnode/blocklet-services 1.16.8-beta-186fd5aa → 1.16.8-next-c66e39c7

package/api/index.js

@@ -23,7 +23,7 @@ const logger = require('@abtnode/logger')(require('../package.json').name);
 const cache = require('./cache');
 const { ensureProxyUrl } = require('./util');
 const { isProduction, isE2E } = require('./libs/env');
-const { init: initStates } = require('./state/index');
+const states = require('./state/index');
 
 const { init: initNotification } = require('./services/notification');
 const { init: initRelay } = require('./services/relay');
@@ -82,7 +82,7 @@ module.exports = function createServer(node, serverOptions = {}) {
 
   logger.info('init blocklet service', { isProduction });
 
-  initStates(options.dataDir);
+  states.init(options.dataDir);
 
   const { middlewares: authMiddlewares, routes: authRoutes, ensureWsUser } = initAuth({ node, options });
   const notificationService = initNotification({ node });

package/api/libs/auth/utils.js

@@ -4,7 +4,7 @@ const logger = require('@abtnode/auth/lib/logger');
 const { getPassportStatusEndpoint, getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const { createPassportVC } = require('@abtnode/auth/lib/passport');
 const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS } = require('@abtnode/constant');
-const { parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { parseUserAvatar } = require('@abtnode/util/lib/user');
 const { getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const pick = require('lodash/pick');
 const uniq = require('lodash/uniq');

package/api/libs/connect/session.js

@@ -2,7 +2,7 @@
 const get = require('lodash/get');
 const joinUrl = require('url-join');
 const formatContext = require('@abtnode/util/lib/format-context');
-const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const {
   messages,
   getVCFromClaims,
@@ -42,7 +42,7 @@ const logger = require('@abtnode/logger')(require('../../../package.json').name)
 const { isInvitedUserOnly } = require('../../util');
 const { transferPassport } = require('../auth/utils');
 const { generateTranslate } = require('../translate');
-const { mergeUserData, migrateAccount, declareAccount } = require('../../services/oauth');
+const { migrateAccount, declareAccount } = require('../../services/oauth');
 
 const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
 
@@ -178,7 +178,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
           blockletSk: blockletWallet.secretKey,
         },
       });
@@ -203,14 +202,7 @@ module.exports = {
       action,
     }) => {
       const blocklet = await request.getBlocklet();
-      const {
-        wallet,
-        secret,
-        name,
-        passportColor,
-        did: teamDid,
-        wallet: blockletWallet,
-      } = await request.getBlockletInfo();
+      const { wallet, secret, name, passportColor, did: teamDid } = await request.getBlockletInfo();
 
       // Check user approved
       const user = await node.getUser({
@@ -220,8 +212,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
       if (user && !user.approved) {
@@ -251,8 +241,8 @@ module.exports = {
         }
       } else if (action === 'exchangePassport') {
         const claim = claims.find((x) => x.type === 'asset');
-        const { users } = await node.getUsers({ teamDid, query: { connectedDid: claim.asset } });
-        if (users.length) {
+        const isConnected = await node.isConnectedAccount({ teamDid, did: claim.asset });
+        if (isConnected) {
           throw new Error(messages.nftAlreadyUsed[locale]);
         }
 
@@ -437,7 +427,7 @@ module.exports = {
         throw new Error(messages.actionForbidden[locale]);
       }
 
-      const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const { did: teamDid } = await request.getBlockletInfo();
       const user = await node.getUser({
         teamDid,
         user: {
@@ -445,8 +435,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
 
@@ -467,7 +455,7 @@ module.exports = {
     },
     onApprove: async ({ node, request, locale, profile, userDid }) => {
       const blocklet = await request.getBlocklet();
-      const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const { did: teamDid } = await request.getBlockletInfo();
 
       // check user approved
       const user = await node.getUser({
@@ -477,8 +465,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
       if (!user) {
@@ -518,7 +504,7 @@ module.exports = {
         throw new Error(messages.userMismatch[locale]);
       }
 
-      const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const { did: teamDid } = await request.getBlockletInfo();
 
       const user = await node.getUser({
         teamDid,
@@ -527,8 +513,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
 
@@ -567,7 +551,7 @@ module.exports = {
       componentId,
     }) => {
       const blocklet = await request.getBlocklet();
-      const { name, did: teamDid, wallet: blockletWallet, secret } = await request.getBlockletInfo();
+      const { name, did: teamDid, secret } = await request.getBlockletInfo();
 
       // Validate user
       const user = await node.getUser({
@@ -577,8 +561,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
       if (!user) {
@@ -678,7 +660,7 @@ module.exports = {
         },
       };
       const t = generateTranslate({ translations });
-      const { did: teamDid, wallet: blockletWallet } = await request.getBlockletInfo();
+      const { did: teamDid } = await request.getBlockletInfo();
 
       const walletUser = await node.getUser({ teamDid, user: { did: userDid } });
       if (walletUser) {
@@ -693,16 +675,14 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
 
       if (!oauthUser) {
         throw new Error(t('notFound', locale));
       }
-      const oauthConnectedAccounts = oauthUser.extraConfigs?.connectedAccounts || [];
-      const sourceProvider = oauthUser.extraConfigs?.sourceProvider || 'wallet';
+      const oauthConnectedAccounts = oauthUser.connectedAccounts || [];
+      const sourceProvider = oauthUser.sourceProvider || 'wallet';
       if (oauthConnectedAccounts.find((item) => item.provider === 'wallet')) {
         throw new Error(t('alreadyBindWallet', locale));
       }
@@ -714,13 +694,11 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
 
       if (bindUser) {
-        const bindConnectedAccounts = bindUser.extraConfigs?.connectedAccounts || [];
+        const bindConnectedAccounts = bindUser.connectedAccounts || [];
         if (bindConnectedAccounts.find((item) => item.provider === sourceProvider)) {
           throw new Error(`${oauthUser.email} ${t('alreadyBindOAuth', locale)}`);
         }
@@ -759,8 +737,6 @@ module.exports = {
         },
         options: {
           enableConnectedAccount: true,
-          enableNormalize: true,
-          blockletSk: blockletWallet.secretKey,
         },
       });
       if (bindUser && !bindUser.approved) {
@@ -799,36 +775,18 @@ module.exports = {
 
       await node.updateUser({
         teamDid,
-        user: mergeUserData(
-          {
-            ...mergeProfile,
-            did: oauthUser.did,
-            pk: oauthUser.pk,
-            passports: mergePassport,
-            extraConfigs: oauthUser.extraConfigs,
-          },
-          {
-            locale,
-            lastLoginIp: get(request, 'headers[x-real-ip]') || '',
-            connectedAccount,
-          }
-        ),
+        user: {
+          did: oauthUser.did,
+          pk: oauthUser.pk,
+          ...mergeProfile,
+          locale,
+          lastLoginIp: get(request, 'headers[x-real-ip]') || '',
+          connectedAccounts: [connectedAccount],
+          passports: mergePassport,
+        },
       });
 
-      if (bindUser) {
-        // 更新 bind 用户记录的绑定信息
-        await node.updateUser({
-          teamDid,
-          user: {
-            did: bindUser.did,
-            pk: bindUser.pk,
-            extraConfigs: {
-              ...(bindUser.extraConfigs || {}),
-              bindDid: userDid,
-            },
-          },
-        });
-      } else {
+      if (!bindUser) {
         bindUser = {
           ...oauthUser,
           // 发送 passport 的对象要设置为 wallet-did
@@ -839,8 +797,8 @@ module.exports = {
 
       await transferPassport(oauthUser, bindUser, { req: request, node, nodeInfo, teamDid });
 
-      const connectedAccounts = oauthUser?.extraConfigs?.connectedAccounts || [];
-      const sourceProvider = oauthUser?.extraConfigs?.sourceProvider;
+      const connectedAccounts = oauthUser?.connectedAccounts || [];
+      const sourceProvider = oauthUser?.sourceProvider;
       const oauthAccount = connectedAccounts.find((item) => item.provider === sourceProvider);
       const userWallet = fromAppDid(oauthAccount.id, blockletWallet.secretKey);
       await declareAccount({ wallet: userWallet, blocklet });

package/api/libs/connect/v1.js

@@ -1,6 +1,5 @@
 const path = require('path');
 const get = require('lodash/get');
-const DiskStorage = require('@arcblock/did-auth-storage-nedb');
 const { toAddress } = require('@ocap/util');
 const { WalletAuthenticator } = require('@arcblock/did-auth');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
@@ -8,6 +7,7 @@ const WalletHandlers = require('@blocklet/sdk/lib/wallet-handler');
 const { getDelegation } = require('@blocklet/sdk/lib/connect/shared');
 const { sendToUser, sendToRelay } = require('@blocklet/sdk/lib/util/send-notification');
 const { WELLKNOWN_SERVICE_PATH_PREFIX, NODE_SERVICES_PREFIX } = require('@abtnode/constant');
+const DynamicStorage = require('@abtnode/connect-storage');
 
 const cache = require('../../cache');
 const { appInfo, chainInfo } = require('./shared');
@@ -39,10 +39,7 @@ module.exports = (node, opts) => {
 
   const handlerOpts = {
     authenticator,
-    tokenStorage: new DiskStorage({
-      dbPath: path.join(opts.dataDir, 'auth.db'),
-      dbPort: process.env.NODE_ENV === 'test' ? null : Number(process.env.NEDB_MULTI_PORT),
-    }),
+    tokenStorage: new DynamicStorage({ dbPath: path.join(opts.dataDir, 'connections.db') }),
     sendNotificationFn: async (connectedDid, message, { req }) => {
       const { wallet } = await req.getBlockletInfo();
       return sendToUser(

package/api/libs/connect/v2.js

@@ -23,8 +23,8 @@ module.exports = (node, opts) => {
     logger,
     authenticator,
     storage: new NedbStorage({
+      // FIXME: @wangshijun this does not work anymore
       dbPath: path.join(opts.dataDir, 'sessions.db'),
-      dbPort: process.env.NODE_ENV === 'test' ? null : Number(process.env.NEDB_MULTI_PORT),
     }),
     socketPathname: `${WELLKNOWN_SERVICE_PATH_PREFIX}/api/connect/relay/websocket`,
     sendNotificationFn: async (connectedDid, message, { request }) => {

package/api/libs/jwt.js

@@ -1,11 +1,9 @@
 /* eslint-disable no-underscore-dangle */
 const jwt = require('jsonwebtoken');
 const { createAuthToken } = require('@abtnode/auth/lib/auth');
-const { isUserPassportRevoked } = require('@abtnode/auth/lib/passport');
 
-// FIXME: we need to test performance for this code
 const getUser = async (node, teamDid, userDid) => {
-  const user = await node.getUser({ teamDid, user: { did: userDid } });
+  const user = await node.getUserByDid({ teamDid, userDid });
   if (user && user.approved) {
     return user;
   }
@@ -44,8 +42,11 @@ const initJwt = (node, options) => {
           return reject(new Error('Invalid jwt token: invalid user'));
         }
 
-        if (passport && passport.id && isUserPassportRevoked(user, passport)) {
-          return reject(new Error(`Passport ${passport.name} has been revoked`));
+        if (passport && passport.id) {
+          const valid = await node.isPassportValid({ teamDid, passportId: passport.id });
+          if (valid === false) {
+            return reject(new Error(`Passport ${passport.name} has been revoked`));
+          }
         }
 
         user.role = role;

package/api/routes/blocklet.js

@@ -7,7 +7,7 @@ const JWT = require('@arcblock/jwt');
 const handleInstanceInStore = require('@abtnode/core/lib/util/public-to-store');
 
 const formatContext = require('@abtnode/util/lib/format-context');
-const { parseUserAvatar, getAvatarFile } = require('@abtnode/util/lib/user-avatar');
+const { parseUserAvatar, getAvatarFile } = require('@abtnode/util/lib/user');
 const {
   attachSendLogoContext,
   ensureBlockletExist,

package/api/routes/oauth.js

@@ -1,7 +1,7 @@
 const { handleInvitationReceive, getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const { upsertToPassports, createPassportSvg } = require('@abtnode/auth/lib/passport');
 const { WELLKNOWN_SERVICE_PATH_PREFIX, NODE_SERVICES, PASSPORT_STATUS } = require('@abtnode/constant');
-const { parseUserAvatar, extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { parseUserAvatar, extractUserAvatar } = require('@abtnode/util/lib/user');
 const { fromAppDid } = require('@arcblock/did-ext');
 const { getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const get = require('lodash/get');
@@ -20,7 +20,6 @@ const { getAvatarByEmail, transferPassport, getAvatarByUrl } = require('../libs/
 const initJwt = require('../libs/jwt');
 const { sendToUser } = require('../libs/notification');
 const { generateTranslate } = require('../libs/translate');
-const { mergeUserData, migrateAccount, declareAccount } = require('../services/oauth');
 const { isInvitedUserOnly } = require('../util');
 const { ApiError } = require('../util/error');
 
@@ -85,8 +84,6 @@ async function login(req, node, options) {
     },
     options: {
       enableConnectedAccount: true,
-      enableNormalize: true,
-      blockletSk: blockletWallet.secretKey,
     },
   });
   let doc;
@@ -183,8 +180,6 @@ async function invite(req, node, options) {
     },
     options: {
       enableConnectedAccount: true,
-      enableNormalize: true,
-      blockletSk: blockletWallet.secretKey,
     },
   });
   const { dataDir, name: applicationName } = await getApplicationInfo({ node, nodeInfo, teamDid });
@@ -293,8 +288,7 @@ async function bind(req, node, options) {
 
   // NOTICE: 这里获得的 did 是当前登录用户的永久 did，无需再去查询 connectedAccount
   const bindUser = await node.getUser({ teamDid, user: { did: userDid } });
-
-  if (bindUser.extraConfigs?.sourceProvider !== 'wallet') {
+  if (bindUser.sourceProvider !== 'wallet') {
     throw new ApiError(400, t('oauthCantBindOauth', locale));
   }
 
@@ -330,38 +324,16 @@ async function bind(req, node, options) {
   await node.updateUser({
     teamDid,
     user: {
+      did: bindUser.did,
+      pk: bindUser.pk,
       ...mergeProfile,
-      ...mergeUserData(
-        {
-          did: bindUser.did,
-          pk: bindUser.pk,
-          passports: mergePassport,
-          extraConfigs: bindUser.extraConfigs,
-        },
-        {
-          locale,
-          connectedAccount,
-        }
-      ),
+      passports: mergePassport,
+      locale,
+      connectedAccounts: [connectedAccount],
     },
   });
-  if (oauthUser) {
-    // NOTICE: 这种情况已经不存在了，目前只有当 oauthUser 不存在时，才能进行 connect 操作（将来可能放开这个限制） 2023-05-03
-    // 将 oauth 绑定的 did 记录在 oauth 用户的表中
-    await node.updateUser({
-      teamDid,
-      user: {
-        did: userWallet.address,
-        pk: userWallet.publicKey,
-        extraConfigs: {
-          ...(oauthUser.extraConfigs || {}),
-          bindDid: bindUser.did,
-        },
-      },
-    });
-    await declareAccount({ wallet: userWallet, blocklet });
-    await migrateAccount({ wallet: userWallet, blocklet, user: bindUser });
-  } else {
+
+  if (!oauthUser) {
     oauthUser = {
       did: userWallet.address,
       pk: userWallet.publicKey,
@@ -453,7 +425,7 @@ module.exports = {
       await node.createAuditLog(
         {
           action: 'switchPassport',
-          args: { teamDid, userDid, passport, provider: user?.extraConfigs?.sourceProvider },
+          args: { teamDid, userDid, passport, provider: user?.sourceProvider },
           context: formatContext(Object.assign(req, { user })),
           result: user,
         },

package/api/routes/user.js

@@ -1,7 +1,7 @@
 const { NODE_SERVICES, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { getApplicationInfo } = require('@abtnode/auth/lib/auth');
 const { fromAppDid } = require('@arcblock/did-ext');
-const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const formatContext = require('@abtnode/util/lib/format-context');
 const logger = require('@abtnode/logger')('blocklet-services:user');
 

package/api/services/auth/connect/receive-transfer-app-owner.js

@@ -6,7 +6,7 @@ const { getKeyPairClaim, getAuthPrincipalForTransferAppOwnerShip } = require('@a
 const sleep = require('@abtnode/util/lib/sleep');
 const { getChainClient } = require('@abtnode/util/lib/get-chain-client');
 const formatContext = require('@abtnode/util/lib/format-context');
-const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const { ensureAccountOnMainChain } = require('@abtnode/util/lib/ensure-account-on-main-chain');
 const {
   createPassport,
@@ -19,8 +19,6 @@ const { getBlockletChainInfo, isInProgress } = require('@blocklet/meta/lib/util'
 const { ROLES } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')('blocklet-service:transfer-blocklet-owner');
 
-const { mergeUserData } = require('../../oauth');
-
 const migrateAppOnChain = async (blocklet, oldSk, newSk) => {
   if (process.env.NODE_ENV === 'test') {
     return;
@@ -238,24 +236,18 @@ module.exports = function createRoutes(node, _, createSessionToken) {
       const user = await getUser(node, appPid, userDid);
 
       // update state
-
       await node.updateBlockletOwner({ did: appPid, owner: { did: userDid, pk: userPk } });
-
-      const avatar = await extractUserAvatar(get(profile, 'avatar'), {
-        dataDir,
-      });
+      const avatar = await extractUserAvatar(get(profile, 'avatar'), { dataDir });
 
       if (user) {
         const doc = await node.updateUser({
           teamDid: appPid,
           user: {
-            ...mergeUserData(user, {
-              avatar,
-              locale,
-              lastLoginIp: get(req, 'headers[x-real-ip]') || '',
-              lastUsedPassport: passport,
-              connectedAccount: { provider: 'wallet', did: userDid },
-            }),
+            did: user.did,
+            locale,
+            lastLoginIp: get(req, 'headers[x-real-ip]') || '',
+            passports: [passport],
+            connectedAccounts: [{ provider: 'wallet', did: userDid, pk: userPk }],
             ...profile,
             avatar,
           },

package/api/services/auth/connect/setup.js

@@ -1,7 +1,7 @@
 /* eslint-disable arrow-parens */
 const get = require('lodash/get');
 const { messages } = require('@abtnode/auth/lib/auth');
-const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const { extractUserAvatar } = require('@abtnode/util/lib/user');
 const formatContext = require('@abtnode/util/lib/format-context');
 const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
 
@@ -68,6 +68,7 @@ module.exports = function createRoutes(node, _authenticator, createSessionToken)
               locale,
               lastLoginAt: new Date().toISOString(),
               lastLoginIp: get(req, 'headers[x-real-ip]') || '',
+              // FIXME: @linchen this temporary field should not be recorded in user state
               extra: {
                 baseUrl,
               },

package/api/services/auth/session.js

@@ -15,12 +15,13 @@ module.exports = {
           return;
         }
 
-        const user = { ...req.user };
-        if (user.role) {
-          const teamDid = req.getBlockletDid();
+        const teamDid = req.getBlockletDid();
+        const user = await node.getUser({ teamDid, user: { did: req.user.did } });
+        if (req.user.role) {
           // FIXME: this code may have performance issue
           const rbac = await node.getRBAC(teamDid);
           user.permissions = await rbac.getScope(req.user.role);
+          user.role = req.user.role;
         }
 
         const encKey = '_ek_';