npm - @abtnode/blocklet-services - Versions diffs - 1.6.25 → 1.6.28 - Mend

@abtnode/blocklet-services 1.6.25 → 1.6.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/README.md +1 -5
package/{lib → api}/cache.js +0 -0
package/api/index.js +296 -0
package/{services/auth → api}/libs/auth.js +24 -8
package/api/libs/env.js +7 -0
package/{services/auth → api}/libs/jwt.js +1 -0
package/api/middlewares/check-admin-permission.js +15 -0
package/api/middlewares/check-running.js +46 -0
package/api/routes/blocklet.js +98 -0
package/api/routes/env.js +27 -0
package/{services/auth/routes → api/services/auth/connect}/invite.js +5 -4
package/{services/auth/routes → api/services/auth/connect}/issue-passport.js +6 -2
package/{services/auth/routes → api/services/auth/connect}/login.js +18 -10
package/api/services/auth/connect/lost-passport-issue.js +10 -0
package/{services/auth/routes → api/services/auth/connect}/lost-passport-list.js +1 -1
package/api/services/auth/index.js +189 -0
package/api/services/auth/passport.js +22 -0
package/api/services/auth/session.js +31 -0
package/{services/auth/routes/notification.js → api/services/notification/index.js} +25 -9
package/api/services/static.js +76 -0
package/{services/auth → api}/state/index.js +0 -0
package/{services/auth → api}/state/message.js +0 -0
package/api/util/attach-shared-utils.js +149 -0
package/api/util/constants.js +10 -0
package/api/util/format-context.js +24 -0
package/{services/auth → api}/util/index.js +31 -1
package/build/asset-manifest.json +32 -30
package/build/index.html +1 -1
package/build/precache-manifest.8fa5bc7546805566144fcf8af71f0904.js +154 -0
package/build/service-worker.js +2 -2
package/build/static/css/2.d49e994f.chunk.css +2 -0
package/build/static/css/{2.cc9dc85c.chunk.css.map → 2.d49e994f.chunk.css.map} +1 -1
package/build/static/js/2.1421337b.chunk.js +3 -0
package/build/static/js/{2.90523f87.chunk.js.LICENSE.txt → 2.1421337b.chunk.js.LICENSE.txt} +0 -0
package/build/static/js/2.1421337b.chunk.js.map +1 -0
package/build/static/js/3.d701dfdf.chunk.js +3 -0
package/build/static/js/{3.e6540184.chunk.js.LICENSE.txt → 3.d701dfdf.chunk.js.LICENSE.txt} +0 -0
package/build/static/js/3.d701dfdf.chunk.js.map +1 -0
package/build/static/js/4.22e700c7.chunk.js +2 -0
package/build/static/js/4.22e700c7.chunk.js.map +1 -0
package/build/static/js/5.10a35adf.chunk.js +2 -0
package/build/static/js/5.10a35adf.chunk.js.map +1 -0
package/build/static/js/6.2dcc3ced.chunk.js +2 -0
package/build/static/js/6.2dcc3ced.chunk.js.map +1 -0
package/build/static/js/7.e6b88c03.chunk.js +2 -0
package/build/static/js/7.e6b88c03.chunk.js.map +1 -0
package/build/static/js/8.2a01d8cd.chunk.js +2 -0
package/build/static/js/8.2a01d8cd.chunk.js.map +1 -0
package/build/static/js/main.ebd8fbea.chunk.js +2 -0
package/build/static/js/main.ebd8fbea.chunk.js.map +1 -0
package/build/static/js/runtime-main.b885fccc.js +2 -0
package/build/static/js/runtime-main.b885fccc.js.map +1 -0
package/{services/auth/meta.json → configs/auth.json} +2 -2
package/package.json +22 -20
package/build/precache-manifest.f3419eb785f255da7655fa425fc775a1.js +0 -150
package/build/static/css/2.cc9dc85c.chunk.css +0 -2
package/build/static/js/2.90523f87.chunk.js +0 -3
package/build/static/js/2.90523f87.chunk.js.map +0 -1
package/build/static/js/3.e6540184.chunk.js +0 -3
package/build/static/js/3.e6540184.chunk.js.map +0 -1
package/build/static/js/4.4410aa8a.chunk.js +0 -2
package/build/static/js/4.4410aa8a.chunk.js.map +0 -1
package/build/static/js/5.967448ae.chunk.js +0 -2
package/build/static/js/5.967448ae.chunk.js.map +0 -1
package/build/static/js/6.1de827ed.chunk.js +0 -2
package/build/static/js/6.1de827ed.chunk.js.map +0 -1
package/build/static/js/7.cb386b54.chunk.js +0 -2
package/build/static/js/7.cb386b54.chunk.js.map +0 -1
package/build/static/js/main.c51a8d5b.chunk.js +0 -2
package/build/static/js/main.c51a8d5b.chunk.js.map +0 -1
package/build/static/js/runtime-main.24dfe4a3.js +0 -2
package/build/static/js/runtime-main.24dfe4a3.js.map +0 -1
package/lib/index.js +0 -443
package/lib/mount.js +0 -52
package/lib/util.js +0 -17
package/services/auth/index.js +0 -290
package/services/auth/routes/blocklet-info.js +0 -33
package/services/auth/routes/env.js +0 -33
package/services/auth/routes/lost-passport-issue.js +0 -5
package/services/auth/routes/passport.js +0 -18
package/services/auth/routes/session.js +0 -27

package/services/auth/index.js DELETED Viewed

@@ -1,290 +0,0 @@
-/* eslint-disable arrow-parens */
-const path = require('path');
-const get = require('lodash/get');
-const minimatch = require('minimatch');
-const bearerToken = require('express-bearer-token');
-const validators = require('@blocklet/sdk/lib/validators');
-const {
-  genPermissionName,
-  NODE_SERVICES,
-  NODE_SERVICES_PREFIX,
-  WELLKNOWN_AUTH_PATH_PREFIX,
-} = require('@abtnode/constant');
-const { BLOCKLET_MODES, BlockletStatus } = require('@blocklet/meta/lib/constants');
-const getBlockletNotRunningTemplate = require('@abtnode/router-templates/lib/blocklet-not-running');
-const getBlockletMaintenanceTemplate = require('@abtnode/router-templates/lib/blocklet-maintenance');
-const { getBaseUrl } = require('@abtnode/router-adapter');
-const { setUserInfoHeaders } = require('@abtnode/auth/lib/auth');
-const logger = require('@abtnode/logger')(require('./meta.json').name);
-const { name, description, version } = require('./meta.json');
-const initJwt = require('./libs/jwt');
-const initAuth = require('./libs/auth');
-const createLoginRoutes = require('./routes/login');
-const createInviteRoutes = require('./routes/invite');
-const createIssuePassportAuth = require('./routes/issue-passport');
-const createLostPassportListAuth = require('./routes/lost-passport-list');
-const createLostPassportIssueAuth = require('./routes/lost-passport-issue');
-const createSessionRoutes = require('./routes/session');
-const createEnvRoutes = require('./routes/env');
-const createBlockletRoutes = require('./routes/blocklet-info');
-const createPassportRoutes = require('./routes/passport');
-const { init: initNotification } = require('./routes/notification');
-const { init: initStates } = require('./state/index');
-const defaultOptions = {
-  dataDir: '',
-  sessionSecret: 'your_should_change_this',
-  sessionTtl: '7d',
-  webWalletUrl: 'https://web.abtwallet.io',
-  loginTokenKey: 'login_token',
-};
-const init = ({ node, httpRouter, serviceHttpRouter, wsRouter, options }) => {
-  if (!options.dataDir) {
-    throw new Error('Auth service requires dataDir to start');
-  }
-  if (!options.sessionSecret) {
-    throw new Error('Auth service requires sessionSecret to start');
-  }
-  const isProduction = process.env.NODE_ENV === 'production' || process.env.ABT_NODE_SERVICE_ENV === 'production';
-  const isE2E = process.env.NODE_ENV === 'e2e';
-  const distDir = path.resolve(__dirname, '../../build');
-  logger.info('init params', { isProduction, distDir });
-  const opts = { ...defaultOptions, ...options, name, description, version, prefix: NODE_SERVICES_PREFIX.AUTH_SERVICE };
-  if (opts.sessionSecret === defaultOptions.sessionSecret) {
-    logger.warn('session secret should be set to make things secure');
-  }
-  /**
-   * set user info to req.user
-   */
-  const ensureUser = async ({ req, token } = {}) => {
-    try {
-      if (token) {
-        const teamDid = req.getBlockletDid();
-        const result = await verify(token, teamDid);
-        req.user = result;
-      }
-    } catch {
-      // Do nothing
-    }
-  };
-  /**
-   * @returns {object} res
-   *  {boolean} res.blocked
-   *  {boolean} res.authenticated
-   *  {boolean} res.authorized
-   */
-  const checkAuth = async ({ req } = {}) => {
-    if (!isProduction && !isE2E) {
-      return {};
-    }
-    const config = (await req.getServiceConfig(NODE_SERVICES.AUTH_SERVICE)) || {};
-    const ignoreUrls = (get(config, 'ignoreUrls') || []).filter(Boolean);
-    const shouldIgnore = ignoreUrls.some((s) => minimatch(req.url, s)) || req.url.startsWith(`${opts.prefix}/api`);
-    if (shouldIgnore) {
-      return {};
-    }
-    if (config.blockUnauthenticated === false) {
-      return {};
-    }
-    if (!req.user) {
-      return { blocked: true, authenticated: false };
-    }
-    if (!config.blockUnauthorized) {
-      return {};
-    }
-    const rule = await req.getRoutingRule();
-    if (rule.to && rule.to.interfaceName) {
-      const permissionName = genPermissionName(rule.to.interfaceName);
-      const teamDid = req.getBlockletDid();
-      const rbac = await node.getRBAC(teamDid);
-      if (await rbac.can(req.user.role, ...permissionName.split('_'))) {
-        return {};
-      }
-      return { blocked: true, authenticated: true, authorized: false };
-    }
-    return {};
-  };
-  initStates(opts.dataDir);
-  initNotification(node, httpRouter, wsRouter, opts);
-  const { login, verify } = initJwt(node, opts);
-  const { authenticator, handlers } = initAuth(node, opts);
-  // auth middleware for http request
-  serviceHttpRouter.use(
-    bearerToken({
-      queryKey: opts.loginTokenKey,
-      bodyKey: opts.loginTokenKey,
-      headerKey: 'Bearer',
-      cookie: {
-        signed: true,
-        secret: opts.sessionSecret,
-        key: opts.loginTokenKey,
-      },
-    })
-  );
-  // set user info to req.user
-  serviceHttpRouter.use(async (req, res, next) => {
-    const { token } = req;
-    await ensureUser({ req, token });
-    next();
-  });
-  // set user info to req.headers
-  serviceHttpRouter.use(async (req, res, next) => {
-    setUserInfoHeaders(req);
-    next();
-  });
-  // public did-auth api
-  handlers.attach(Object.assign({ app: serviceHttpRouter }, createLoginRoutes(node, authenticator, login, opts)));
-  handlers.attach(Object.assign({ app: serviceHttpRouter }, createInviteRoutes(node, authenticator, login, opts)));
-  handlers.attach(Object.assign({ app: serviceHttpRouter }, createIssuePassportAuth(node, authenticator, login, opts)));
-  handlers.attach(
-    Object.assign({ app: serviceHttpRouter }, createLostPassportListAuth(node, authenticator, login, opts))
-  );
-  handlers.attach(
-    Object.assign({ app: serviceHttpRouter }, createLostPassportIssueAuth(node, authenticator, login, opts))
-  );
-  // public page
-  [`${WELLKNOWN_AUTH_PATH_PREFIX}/issue-passport`, `${WELLKNOWN_AUTH_PATH_PREFIX}/lost-passport`].forEach((x) => {
-    serviceHttpRouter.get(x, (req, res) => {
-      res.sendFile(path.join(distDir, 'index.html'));
-    });
-  });
-  // public http api
-  createEnvRoutes.init(httpRouter, node, opts);
-  createBlockletRoutes.init(httpRouter, node, opts);
-  createPassportRoutes.init(httpRouter, node, opts);
-  // check blocklet running
-  // Request would not arrive here before blocklet is installed, because there is no config in router provider(nginx)
-  serviceHttpRouter.use(async (req, res, next) => {
-    const blocklet = await req.getBlocklet();
-    if (
-      ![
-        BlockletStatus.running,
-        // Waiting, Downloading should be allowed because blocklet is currently being upgrading
-        BlockletStatus.waiting,
-        BlockletStatus.downloading,
-      ].includes(blocklet.status)
-    ) {
-      const nodeInfo = await req.getNodeInfo();
-      res.status(500);
-      // return json if json has high priority, e.g. "*/*,application/json"
-      if (req.accepts(['html', 'json']) === 'json') {
-        res.json({ code: 'error', error: 'blocklet is not running' });
-      } else if (blocklet.status === BlockletStatus.starting) {
-        res.send(getBlockletMaintenanceTemplate(blocklet, nodeInfo));
-      } else {
-        res.send(getBlockletNotRunningTemplate(blocklet, nodeInfo));
-      }
-      return;
-    }
-    next();
-  });
-  // auth middleware for websocket connect
-  wsRouter.use('**', async (req, socket, head, next) => {
-    const { searchParams } = new URL(req.url, `http://${req.headers.host || 'unknown'}`);
-    const token = searchParams.get('token');
-    // ignore some dev path in dev mode
-    const blocklet = await req.getBlocklet();
-    const devUrls = ['/sockjs-node'];
-    const mode = get(blocklet, 'mode');
-    if (mode === BLOCKLET_MODES.DEVELOPMENT && devUrls.includes(req.url)) {
-      next();
-      return;
-    }
-    await ensureUser({ req, token });
-    setUserInfoHeaders(req);
-    const { blocked, authenticated, authorized } = await checkAuth({ req });
-    if (blocked) {
-      let message = '401 Unauthorized';
-      if (authenticated && !authorized) {
-        message = '403 Forbidden';
-      }
-      socket.write(`HTTP/1.1 ${message}\r\n\r\n`);
-      socket.destroy();
-      return;
-    }
-    next();
-  });
-  serviceHttpRouter.use(async (req, res, next) => {
-    const { blocked, authenticated, authorized } = await checkAuth({ req });
-    if (blocked) {
-      if (!authenticated) {
-        if (req.path !== '/') {
-          // redirect to root path for login
-          // redirect to target path after login
-          const baseUrl = getBaseUrl(req);
-          const redirect = encodeURIComponent(`${baseUrl.replace(/\/+$/, '')}/${req.url.replace(/^\/+/, '')}`);
-          res.redirect(`${baseUrl.replace(/\/+$/, '')}/?redirect=${redirect}`);
-        } else {
-          res.sendFile(path.join(distDir, 'index.html'));
-        }
-        return;
-      }
-      if (!authorized) {
-        res.status(403).json({ code: 'forbidden', error: 'not allowed' });
-        return;
-      }
-    }
-    next();
-  });
-  // Note: this api depends on the user decoding logic
-  createSessionRoutes.init(serviceHttpRouter, node, opts);
-  // Block /.service/@abtnode/auth-service/<invalid_path>
-  serviceHttpRouter.use((req, res, next) => {
-    if (req.path.startsWith(opts.prefix)) {
-      res.status(400).send('Bad request');
-      return;
-    }
-    next();
-  });
-};
-module.exports = {
-  name,
-  description,
-  version,
-  init,
-  validators,
-};

package/services/auth/routes/blocklet-info.js DELETED Viewed

@@ -1,33 +0,0 @@
-/* eslint-disable no-console */
-const fs = require('fs');
-const path = require('path');
-const get = require('lodash/get');
-const logger = require('@abtnode/logger')(require('../meta.json').name);
-module.exports = {
-  init(server, node, opts) {
-    server.get(`${opts.prefix}/blocklet/logo/:did`, async (req, res) => {
-      const staticDir = path.resolve(__dirname, './build');
-      const sendOptions = { maxAge: '1d' };
-      let blocklet = null;
-      try {
-        blocklet = await node.ensureBlockletIntegrity(req.params.did);
-        if (blocklet && get(blocklet, 'env.appDir') && blocklet.meta.logo) {
-          const logoFile = path.join(get(blocklet, 'env.appDir'), blocklet.meta.logo);
-          if (fs.existsSync(logoFile)) {
-            res.sendFile(logoFile, sendOptions);
-            return;
-          }
-        }
-        res.sendFile('/images/blocklet.png', { root: staticDir, ...sendOptions });
-      } catch (err) {
-        logger.error('failed to send blocklet logo', { did: req.params.did, error: err });
-        res.sendFile('/images/blocklet.png', { root: staticDir, ...sendOptions });
-      }
-    });
-  },
-};

package/services/auth/routes/env.js DELETED Viewed

@@ -1,33 +0,0 @@
-const { WELLKNOWN_AUTH_PATH_PREFIX } = require('@abtnode/constant');
-module.exports = {
-  init(server, node, opts) {
-    server.get(`**${opts.prefix}/api/env`, async (req, res) => {
-      res.type('js');
-      const [blocklet, config, info] = await Promise.all([
-        req.getBlockletInfo(),
-        req.getServiceConfig(opts.name),
-        req.getNodeInfo(),
-      ]);
-      let pathPrefix = req.headers['x-path-prefix'] || '/';
-      let groupPathPrefix = req.headers['x-group-path-prefix'];
-      // fix pathPrefix && groupPathPrefix
-      // FIXME: pathPrefix and groupPathPrefix should be correct in service gateway
-      pathPrefix = pathPrefix.replace(WELLKNOWN_AUTH_PATH_PREFIX, '') || '/';
-      if (groupPathPrefix) {
-        groupPathPrefix = groupPathPrefix.replace(WELLKNOWN_AUTH_PATH_PREFIX, '') || '/';
-      }
-      res.send(`window.env = {
-  appId: "${blocklet.did}",
-  appName: "${blocklet.name}",
-  pathPrefix: "${pathPrefix}",
-  apiPrefix: "${pathPrefix.replace(/\/+$/, '')}${opts.prefix}",
-  ${groupPathPrefix ? `groupPathPrefix: "${groupPathPrefix}",` : ''}
-  webWalletUrl: "${info.webWalletUrl || config.webWalletUrl || opts.webWalletUrl}",
-}`);
-    });
-  },
-};

package/services/auth/routes/lost-passport-issue.js DELETED Viewed

@@ -1,5 +0,0 @@
-const { createLostPassportIssueRoute, TEAM_TYPES } = require('@abtnode/auth/lib/lost-passport');
-module.exports = function createRoutes(node, authenticator, login, opts) {
-  return createLostPassportIssueRoute({ node, type: TEAM_TYPES.BLOCKLET, authServicePrefix: opts.prefix });
-};

package/services/auth/routes/passport.js DELETED Viewed

@@ -1,18 +0,0 @@
-const { getPassportStatus } = require('@abtnode/auth/lib/auth');
-module.exports = {
-  init(server, node, opts) {
-    server.get(`${opts.prefix}/api/passport/status`, async (req, res) => {
-      const { vcId, userDid, locale } = req.query;
-      const teamDid = req.headers['x-blocklet-did'];
-      if (teamDid !== req.query.teamDid) {
-        throw new Error('teamDid is invalid');
-      }
-      const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
-      res.json(status);
-    });
-  },
-};

package/services/auth/routes/session.js DELETED Viewed

@@ -1,27 +0,0 @@
-const nocache = require('nocache');
-module.exports = {
-  init(server, node, opts) {
-    const prefix = `${opts.prefix}/api/did/session`;
-    const handler = async (req, res) => {
-      if (!req.user) {
-        res.json({ user: null });
-        return;
-      }
-      const user = { ...req.user };
-      if (user.role) {
-        const teamDid = req.getBlockletDid();
-        // FIXME: this code may have performance issue
-        const rbac = await node.getRBAC(teamDid);
-        user.permissions = await rbac.getScope(req.user.role);
-      }
-      res.json({ user });
-    };
-    server.get(prefix, nocache(), handler);
-    server.post(prefix, nocache(), handler);
-  },
-};