@abtnode/blocklet-services 1.6.27 → 1.6.28

package/{services/auth/routes → api/services/auth/connect}/login.js

@@ -9,7 +9,13 @@ const {
   getPassportStatusEndpoint,
   validatePassportStatus,
 } = require('@abtnode/auth/lib/auth');
-const { ROLES, VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT } = require('@abtnode/constant');
+const {
+  ROLES,
+  VC_TYPE_GENERAL_PASSPORT,
+  VC_TYPE_NODE_PASSPORT,
+  NODE_SERVICES,
+  WELLKNOWN_SERVICE_PATH_PREFIX,
+} = require('@abtnode/constant');
 const {
   createPassportVC,
   createPassport,
@@ -20,7 +26,7 @@ const {
   getRoleFromExternalPassport,
   createUserPassport,
 } = require('@abtnode/auth/lib/passport');
-const logger = require('@abtnode/logger')(require('../meta.json').name);
+const logger = require('@abtnode/logger')(require('../../../../package.json').name);
 
 const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
 
@@ -32,25 +38,27 @@ const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
  */
 const isInvitedUserOnly = async (invitedUserOnly, node, teamDid) => {
   const count = await node.getUsersCount({ teamDid });
-  if (invitedUserOnly === 'not-first') {
-    return count > 0 ? [true] : [false, ROLES.OWNER, true];
+
+  // issue owner passport for first login user
+  if (count === 0) {
+    return [false, ROLES.OWNER, true];
   }
 
-  if (invitedUserOnly === true || invitedUserOnly === 'yes') {
+  if ([true, 'yes', 'not-first'].includes(invitedUserOnly)) {
     return [true];
   }
 
   return [false, ROLES.GUEST];
 };
 
-module.exports = function createRoutes(node, authenticator, login, opts) {
+module.exports = function createRoutes(node, authenticator, login) {
   return {
     action: 'login',
     claims: {
       profile: async ({ extraParams, context }) => {
         const { locale } = extraParams;
 
-        const config = await context.request.getServiceConfig();
+        const config = await context.request.getServiceConfig(NODE_SERVICES.AUTH);
         const profileFields = get(config, 'profileFields');
 
         return {
@@ -69,7 +77,7 @@ module.exports = function createRoutes(node, authenticator, login, opts) {
         const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
         const trustedIssuers = [wallet.address, ...trustedPassports].filter(Boolean);
 
-        const config = (await request.getServiceConfig()) || {};
+        const config = (await request.getServiceConfig(NODE_SERVICES.AUTH)) || {};
         const [invitedUserOnly] = await isInvitedUserOnly(config.invitedUserOnly, node, teamDid);
 
         return {
@@ -105,7 +113,7 @@ module.exports = function createRoutes(node, authenticator, login, opts) {
         locale,
       });
 
-      const config = (await req.getServiceConfig()) || {};
+      const config = (await req.getServiceConfig(NODE_SERVICES.AUTH)) || {};
       const [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(
         config.invitedUserOnly,
         node,
@@ -131,7 +139,7 @@ module.exports = function createRoutes(node, authenticator, login, opts) {
             endpoint: baseUrl,
           }),
           endpoint: getPassportStatusEndpoint({
-            baseUrl: joinUrl(baseUrl, opts.prefix),
+            baseUrl: joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
             userDid,
             teamDid,
           }),

package/api/services/auth/connect/lost-passport-issue.js

@@ -0,0 +1,10 @@
+const { createLostPassportIssueRoute, TEAM_TYPES } = require('@abtnode/auth/lib/lost-passport');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+
+module.exports = function createRoutes(node) {
+  return createLostPassportIssueRoute({
+    node,
+    type: TEAM_TYPES.BLOCKLET,
+    authServicePrefix: WELLKNOWN_SERVICE_PATH_PREFIX,
+  });
+};

package/{services/auth/routes → api/services/auth/connect}/lost-passport-list.js

@@ -1,6 +1,6 @@
 const { createLostPassportListRoute } = require('@abtnode/auth/lib/lost-passport');
 
 // eslint-disable-next-line no-unused-vars
-module.exports = function createRoutes(node, authenticator, login, opts) {
+module.exports = function createRoutes(node) {
   return createLostPassportListRoute({ node, type: 'blocklet' });
 };

package/api/services/auth/index.js

@@ -0,0 +1,189 @@
+/* eslint-disable arrow-parens */
+const get = require('lodash/get');
+const minimatch = require('minimatch');
+const bearerToken = require('express-bearer-token');
+const joinUrl = require('url-join');
+
+const validators = require('@blocklet/sdk/lib/validators');
+const { genPermissionName, NODE_SERVICES, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { BLOCKLET_MODES } = require('@blocklet/meta/lib/constants');
+const { getBaseUrl } = require('@abtnode/router-adapter');
+const { setUserInfoHeaders } = require('@abtnode/auth/lib/auth');
+
+const initJwt = require('../../libs/jwt');
+const initAuth = require('../../libs/auth');
+
+const createLoginRoutes = require('./connect/login');
+const createInviteRoutes = require('./connect/invite');
+const createIssuePassportAuth = require('./connect/issue-passport');
+const createLostPassportListAuth = require('./connect/lost-passport-list');
+const createLostPassportIssueAuth = require('./connect/lost-passport-issue');
+const createSessionRoutes = require('./session');
+const createPassportRoutes = require('./passport');
+
+const init = ({ node, options }) => {
+  /**
+   * set user info to req.user
+   */
+  const ensureUser = async ({ req, token } = {}) => {
+    try {
+      if (token) {
+        const teamDid = req.getBlockletDid();
+        const result = await verify(token, teamDid);
+        req.user = result;
+      }
+    } catch {
+      // Do nothing
+    }
+  };
+
+  /**
+   * @returns {object} res
+   *  {boolean} res.blocked
+   *  {boolean} res.authenticated
+   *  {boolean} res.authorized
+   */
+  const checkAuth = async ({ req } = {}) => {
+    const config = (await req.getServiceConfig(NODE_SERVICES.AUTH)) || {};
+
+    const ignoreUrls = (get(config, 'ignoreUrls') || []).filter(Boolean);
+
+    const shouldIgnore = ignoreUrls.some((s) => minimatch(req.url, s));
+    if (shouldIgnore) {
+      return {};
+    }
+
+    if (config.blockUnauthenticated === false) {
+      return {};
+    }
+
+    if (!req.user) {
+      return { blocked: true, authenticated: false };
+    }
+
+    if (!config.blockUnauthorized) {
+      return {};
+    }
+
+    const rule = await req.getRoutingRule();
+    if (rule.to && rule.to.interfaceName) {
+      const permissionName = genPermissionName(rule.to.interfaceName);
+      const teamDid = req.getBlockletDid();
+      const rbac = await node.getRBAC(teamDid);
+
+      if (await rbac.can(req.user.role, ...permissionName.split('_'))) {
+        return {};
+      }
+
+      return { blocked: true, authenticated: true, authorized: false };
+    }
+
+    return {};
+  };
+
+  const { login, verify } = initJwt(node, options);
+  const { authenticator, handlers } = initAuth(node, options);
+
+  const middlewares = {};
+  const routes = {};
+
+  // auth middleware for http request
+  middlewares.bearerToken = bearerToken({
+    queryKey: options.loginTokenKey,
+    bodyKey: options.loginTokenKey,
+    headerKey: 'Bearer',
+    cookie: {
+      signed: true,
+      secret: options.sessionSecret,
+      key: options.loginTokenKey,
+    },
+  });
+
+  // set user info to req.user and req.headers
+  middlewares.userInfo = async (req, res, next) => {
+    const { token } = req;
+    await ensureUser({ req, token });
+
+    setUserInfoHeaders(req);
+
+    next();
+  };
+
+  // did-auth api
+  routes.attachDidAuthHandlers = (app) => {
+    handlers.forEach((handler) => {
+      handler.attach(Object.assign({ app }, createLoginRoutes(node, authenticator, login)));
+      handler.attach(Object.assign({ app }, createInviteRoutes(node, authenticator, login)));
+      handler.attach(Object.assign({ app }, createIssuePassportAuth(node, authenticator, login)));
+      handler.attach(Object.assign({ app }, createLostPassportListAuth(node, authenticator, login)));
+      handler.attach(Object.assign({ app }, createLostPassportIssueAuth(node, authenticator, login)));
+    });
+  };
+
+  // public http api
+  routes.createPassportRoutes = createPassportRoutes;
+  routes.createSessionRoutes = createSessionRoutes;
+
+  // auth middleware for websocket connect
+  middlewares.ensureWsAuth = async (req, socket, head, next) => {
+    const { searchParams } = new URL(req.url, `http://${req.headers.host || 'unknown'}`);
+    const token = searchParams.get('token');
+
+    // ignore some dev path in dev mode
+    const blocklet = await req.getBlocklet();
+    const devUrls = ['/sockjs-node'];
+    const mode = get(blocklet, 'mode');
+    if (mode === BLOCKLET_MODES.DEVELOPMENT && devUrls.includes(req.url)) {
+      next();
+      return;
+    }
+
+    await ensureUser({ req, token });
+
+    setUserInfoHeaders(req);
+
+    const { blocked, authenticated, authorized } = await checkAuth({ req });
+    if (blocked) {
+      let message = '401 Unauthorized';
+      if (authenticated && !authorized) {
+        message = '403 Forbidden';
+      }
+      socket.write(`HTTP/1.1 ${message}\r\n\r\n`);
+      socket.destroy();
+      return;
+    }
+
+    next();
+  };
+
+  middlewares.checkAuth = async (req, res, next) => {
+    const { blocked, authenticated, authorized } = await checkAuth({ req });
+
+    if (blocked) {
+      if (!authenticated) {
+        const baseUrl = getBaseUrl(req);
+        // redirect to target path after login
+        const redirect = encodeURIComponent(`${baseUrl.replace(/\/+$/, '')}/${req.url.replace(/^\/+/, '')}`);
+        res.redirect(joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/login', `/?redirect=${redirect}`));
+        return;
+      }
+
+      if (!authorized) {
+        res.status(403).json({ code: 'forbidden', error: 'not allowed' });
+        return;
+      }
+    }
+
+    next();
+  };
+
+  return {
+    middlewares,
+    routes,
+  };
+};
+
+module.exports = {
+  init,
+  validators,
+};

package/api/services/auth/passport.js

@@ -0,0 +1,22 @@
+const { getPassportStatus } = require('@abtnode/auth/lib/auth');
+
+const { PREFIXES } = require('../../util/constants');
+
+module.exports = {
+  init(server, node) {
+    PREFIXES.forEach((prefix) => {
+      server.get(`${prefix}/api/passport/status`, async (req, res) => {
+        const { vcId, userDid, locale } = req.query;
+        const teamDid = req.headers['x-blocklet-did'];
+
+        if (teamDid !== req.query.teamDid) {
+          throw new Error('teamDid is invalid');
+        }
+
+        const status = await getPassportStatus({ node, teamDid, userDid, vcId, locale });
+
+        res.json(status);
+      });
+    });
+  },
+};

package/api/services/auth/session.js

@@ -0,0 +1,31 @@
+const nocache = require('nocache');
+
+const { PREFIXES } = require('../../util/constants');
+
+module.exports = {
+  init(server, node) {
+    PREFIXES.forEach((prefix) => {
+      const url = `${prefix}/api/did/session`;
+
+      const handler = async (req, res) => {
+        if (!req.user) {
+          res.json({ user: null });
+          return;
+        }
+
+        const user = { ...req.user };
+        if (user.role) {
+          const teamDid = req.getBlockletDid();
+          // FIXME: this code may have performance issue
+          const rbac = await node.getRBAC(teamDid);
+          user.permissions = await rbac.getScope(req.user.role);
+        }
+
+        res.json({ user });
+      };
+
+      server.get(url, nocache(), handler);
+      server.post(url, nocache(), handler);
+    });
+  },
+};

package/{services/auth/routes/notification.js → api/services/notification/index.js}

@@ -9,15 +9,18 @@ const {
   validateMessage,
 } = require('@blocklet/sdk/lib/validators/notification');
 // eslint-disable-next-line global-require
-const logger = require('@abtnode/logger')(`${require('../meta.json').name}:notification`);
+const logger = require('@abtnode/logger')(`${require('../../../package.json').name}:notification`);
 const { getTeamInfo } = require('@abtnode/auth/lib/auth');
 const { NODE_MODES } = require('@abtnode/constant');
 
-const states = require('../state');
-const { getBlockletLogo } = require('../util');
+const states = require('../../state');
+const { getBlockletLogo } = require('../../util');
+const { PREFIXES } = require('../../util/constants');
 
 const getDid = (jwt) => jwt.iss.replace(/^did:abt:/, '');
 
+// todo: move to notification dir
+
 const authenticate = (req, cb) => {
   const { searchParams } = new URL(req.url, `http://${req.headers.host || 'unknown'}`);
   const token = searchParams.get('token');
@@ -204,7 +207,7 @@ const sendCachedMessages = async (wsServer, payload) => {
   }
 };
 
-const init = (node, httpRouter, wsRouter, opts) => {
+const init = ({ node }) => {
   // Create ws server
   const wsServer = new WsServer({
     logger,
@@ -239,10 +242,7 @@ const init = (node, httpRouter, wsRouter, opts) => {
     });
   }
 
-  // mount
-  wsRouter.use(`${opts.prefix}/websocket`, wsServer.onConnect.bind(wsServer));
-
-  httpRouter.post(`${opts.prefix}/api/sendToUser`, async (req, res) => {
+  const sendToUser = async (req, res) => {
     try {
       await onSendToUser(node, req.body.data, wsServer);
       res.status(200).send('');
@@ -251,7 +251,23 @@ const init = (node, httpRouter, wsRouter, opts) => {
       res.statusMessage = error.message;
       res.status(400).send(error.message);
     }
-  });
+  };
+
+  // mount
+  return {
+    sendToUser: {
+      attach: (app) => {
+        PREFIXES.forEach((prefix) => {
+          app.post(`${prefix}/api/sendToUser`, sendToUser);
+        });
+      },
+    },
+    attach: (wsRouter) => {
+      PREFIXES.forEach((prefix) => {
+        wsRouter.use(`${prefix}/websocket`, wsServer.onConnect.bind(wsServer));
+      });
+    },
+  };
 };
 
 module.exports = { init };

package/api/services/static.js

@@ -0,0 +1,76 @@
+const path = require('path');
+const serveStatic = require('serve-static');
+
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+
+const isFeDevelopment = process.env.ABT_NODE_SERVICE_FE_PORT;
+
+const distDir = path.resolve(__dirname, '../../build');
+const devDir = path.resolve(__dirname, '../../public');
+
+const attachUtils = ({ req, res, proxy }) => {
+  res.sendWebPage = () => {
+    if (isFeDevelopment) {
+      proxy.web(
+        req,
+        res,
+        {
+          target: `http://127.0.0.1:${process.env.ABT_NODE_SERVICE_FE_PORT}`,
+        },
+        (error) => {
+          if (error) {
+            console.error(error);
+            res.status(502).send(error.message);
+          }
+        }
+      );
+    } else {
+      res.sendFile(path.join(distDir, 'index.html'));
+    }
+  };
+
+  res.sendStaticFile = (file, sendOptions) => {
+    if (isFeDevelopment) {
+      res.sendFile(path.join(devDir, file), sendOptions);
+    } else {
+      res.sendFile(path.join(distDir, file), sendOptions);
+    }
+  };
+};
+
+const attachStaticResources = ({ app, proxy }) => {
+  if (isFeDevelopment) {
+    app.use('/static', (req, res) => {
+      proxy.web(
+        req,
+        res,
+        {
+          target: `http://127.0.0.1:${process.env.ABT_NODE_SERVICE_FE_PORT}/static`,
+        },
+        (error) => {
+          if (error) {
+            console.error(error);
+            res.status(502).send(error.message);
+          }
+        }
+      );
+    });
+  } else {
+    app.use(`${WELLKNOWN_SERVICE_PATH_PREFIX}/static`, serveStatic(distDir, { index: false }));
+  }
+};
+
+const attachDevProxy = ({ wsRouter, proxy }) => {
+  if (isFeDevelopment) {
+    wsRouter.use('/sockjs-node', async (req, socket, head) => {
+      const target = 'http://127.0.0.1:3040';
+      proxy.ws(req, socket, head, { target }, (error) => {
+        if (error) {
+          console.error('socket proxy error', { from: req.url, to: target, error });
+        }
+      });
+    });
+  }
+};
+
+module.exports = { attachUtils, attachStaticResources, attachDevProxy };

package/api/util/attach-shared-utils.js

@@ -0,0 +1,149 @@
+const get = require('lodash/get');
+
+const getBlockletInfo = require('@blocklet/meta/lib/info');
+const { getDefaultServiceConfig } = require('@abtnode/core/lib/util/service');
+const logger = require('@abtnode/logger')(require('../../package.json').name);
+const cache = require('../cache');
+
+const formatContext = require('./format-context');
+
+module.exports = ({ node, req, options }) => {
+  req.getBlockletUrl = () => req.headers['x-blocklet-url'] || get(options, 'blockletUrl', '');
+  req.getBlockletDid = () => req.headers['x-blocklet-did'] || get(options, 'blockletDid', '');
+  req.getBlockletRealDid = () => req.headers['x-blocklet-real-did'] || get(options, 'blockletRealDid', '');
+  req.getRoutingRuleId = () => req.headers['x-routing-rule-id'] || get(options, 'routingRuleId', '');
+
+  req.getServiceContext = () => formatContext(req);
+
+  req.getRoutingRule = async () => {
+    const ruleId = req.getRoutingRuleId(req);
+    if (!ruleId) {
+      return null;
+    }
+
+    let rule = cache.get(ruleId);
+
+    if (!rule) {
+      rule = await node.getRoutingRuleById(ruleId);
+      cache.set(ruleId, rule);
+    }
+
+    return rule;
+  };
+
+  /**
+   * @return obj | null
+   * @TODO get service config from routing rule
+   */
+  req.getServiceConfig = async (serviceName) => {
+    const ruleId = req.getRoutingRuleId(req);
+    if (!ruleId || !serviceName) {
+      return null;
+    }
+
+    const cacheKeys = {
+      rule: cache.keyFns.routingRule(ruleId),
+      config: cache.keyFns.serviceConfig(ruleId, serviceName),
+    };
+
+    // Return cached config if exists
+    const cached = cache.get(cacheKeys.config);
+    if (cached) {
+      return cached;
+    }
+
+    // Find rule
+    let rule = cache.get(cacheKeys.rule);
+    if (!rule) {
+      rule = await node.getRoutingRuleById(ruleId);
+      cache.set(cacheKeys.rule, rule);
+    }
+    if (!rule) {
+      return null;
+    }
+
+    const defaultConfig = getDefaultServiceConfig(serviceName);
+
+    // find blocklet
+    let blocklet = await req.getBlocklet();
+    if (!blocklet) {
+      return defaultConfig;
+    }
+
+    const realDid = req.getBlockletRealDid();
+    if (realDid && blocklet.meta.did !== realDid) {
+      blocklet = (blocklet.children || []).find((x) => x.meta.did === realDid);
+    }
+    if (!blocklet) {
+      return defaultConfig;
+    }
+
+    // find interface
+    let interfaceName = rule.to.realInterfaceName;
+
+    // we should only use rule.to.realInterfaceName, rule.to.interfaceName is for backward compatible
+    if (!interfaceName) {
+      logger.error(
+        `rule.to.realInterfaceName was not fround, please reInstall blocklet ${rule.to.did} to eliminate hidden bugs`
+      );
+      interfaceName = rule.to.interfaceName;
+    }
+
+    const _interface = blocklet.meta.interfaces.find((x) => x.name === interfaceName);
+    if (!_interface) {
+      return defaultConfig;
+    }
+
+    // find service
+    const service = (_interface.services || []).find((x) => serviceName === x.name);
+
+    if (!service) {
+      return defaultConfig;
+    }
+
+    return service.config;
+  };
+
+  req.getBlocklet = async () => {
+    const did = req.getBlockletDid();
+    if (!did) {
+      return null;
+    }
+
+    const cacheKey = cache.keyFns.blocklet(did);
+    let blocklet = cache.get(cacheKey);
+    if (!blocklet) {
+      const context = req.getServiceContext();
+      blocklet = await node.getBlocklet({ did, attachRuntimeInfo: false }, context);
+      if (blocklet) {
+        cache.set(cacheKey, blocklet);
+      }
+    }
+
+    return blocklet;
+  };
+
+  req.getNodeInfo = async () => {
+    const cacheKey = cache.keyFns.node();
+    let nodeInfo = cache.get(cacheKey);
+    if (!nodeInfo) {
+      nodeInfo = await node.states.node.read();
+      cache.set(cacheKey, nodeInfo);
+    }
+
+    return nodeInfo;
+  };
+
+  req.getBlockletInfo = async () => {
+    const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getNodeInfo()]);
+    if (!blocklet) {
+      throw new Error('Blocklet does not exist');
+    }
+
+    return getBlockletInfo(blocklet, info.sk);
+  };
+
+  req.cache = cache;
+};
+
+exports.formatContext = formatContext;

package/api/util/constants.js

@@ -0,0 +1,10 @@
+const { NODE_SERVICES_PREFIX, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+
+const PREFIXES = [
+  NODE_SERVICES_PREFIX.AUTH_SERVICE, // backward compatible
+  WELLKNOWN_SERVICE_PATH_PREFIX,
+];
+
+module.exports = {
+  PREFIXES,
+};

package/api/util/format-context.js

@@ -0,0 +1,24 @@
+const get = require('lodash/get');
+
+const { isProduction } = require('../libs/env');
+
+const formatContext = (ctx = {}) => {
+  if (ctx && ctx.user) {
+    delete ctx.user.avatar;
+  }
+
+  const port = isProduction ? get(ctx, 'headers[x-real-port]', '') : '';
+  const hostname = get(ctx, 'headers[x-real-hostname]', ctx.hostname);
+  const protocol = get(ctx, 'headers[x-real-protocol]', 'http').replace(/:$/, '');
+
+  return {
+    protocol,
+    user: ctx.user || null,
+    url: ctx.originalUrl,
+    query: ctx.query,
+    hostname,
+    port: Number(port) === 80 ? '' : Number(port),
+  };
+};
+
+module.exports = formatContext;