npm - @abtnode/blocklet-services - Versions diffs - 1.6.30 → 1.7.1 - Mend

@abtnode/blocklet-services 1.6.30 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/api/index.js CHANGED Viewed

@@ -29,7 +29,10 @@ const { init: initAuth } = require('./services/auth');
 const StaticService = require('./services/static');
 const createEnvRoutes = require('./routes/env');
 const createBlockletRoutes = require('./routes/blocklet');
+const createDnsResolver = require('./routes/dns-resolver');
 const checkRunning = require('./middlewares/check-running');
+const checkAdminPermission = require('./middlewares/check-admin-permission');
+const proxyToDaemon = require('./middlewares/proxy-to-daemon');
 const attachSharedUtils = require('./util/attach-shared-utils');
 const logFileGenerator = (time, index) => {
@@ -52,7 +55,7 @@ module.exports = function createServer(node, serverOptions = {}) {
     sessionSecret: process.env.ABT_NODE_SESSION_SECRET,
     sessionTtl: process.env.ABT_NODE_SESSION_TTL,
     webWalletUrl: 'https://web.abtwallet.io',
-    loginTokenKey: 'login_token',
+    sessionTokenKey: 'login_token',
     ...serverOptions,
     isProduction,
     isE2E,
@@ -74,6 +77,15 @@ module.exports = function createServer(node, serverOptions = {}) {
   // Proxy engine
   const proxy = httpProxy.createProxyServer({});
+  proxy.safeWeb = (req, res, opts = {}) => {
+    proxy.web(req, res, opts, (error) => {
+      if (error) {
+        logger.error('http proxy error', { error });
+        res.status(502).send(`Can not proxy to upstream target: ${opts.target}`);
+      }
+    });
+  };
   // eslint-disable-next-line no-unused-vars
   proxy.on('proxyReq', (proxyReq, req, res) => {
     if (req.rawBody) {
@@ -175,6 +187,12 @@ module.exports = function createServer(node, serverOptions = {}) {
   authRoutes.createPassportRoutes.init(server, node, options);
   authRoutes.createSessionRoutes.init(server, node, options);
+  // API: gql
+  server.use(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/gql`, checkAdminPermission, proxyToDaemon({ proxy, ...options }));
+  // API: dns resolver
+  createDnsResolver.init(server, node, options);
   // Web Page
   server.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/**`, (req, res) => {
     res.sendWebPage();
@@ -202,20 +220,9 @@ module.exports = function createServer(node, serverOptions = {}) {
     const { target } = ensureProxyUrl(req);
     if (target) {
-      proxy.web(
-        req,
-        res,
-        {
-          target,
-        },
-        (error) => {
-          if (error) {
-            console.error(error);
-            logger.error('http proxy error', { error });
-            res.status(502).send(`Can not proxy to upstream blocklet: ${target}`);
-          }
-        }
-      );
+      proxy.safeWeb(req, res, {
+        target,
+      });
     } else {
       next();
     }
@@ -290,6 +297,11 @@ module.exports = function createServer(node, serverOptions = {}) {
     }
   });
+  // Events
+  server.on('sendToUser', (data) => {
+    notificationService.sendToUser.exec(data);
+  });
   return server;
 };

package/api/libs/auth.js CHANGED Viewed

@@ -34,7 +34,7 @@ module.exports = (node, opts) => {
       return {
         name: meta.name,
-        description: meta.description || `Login to ${meta.name}`,
+        description: meta.description || `Connect to ${meta.name}`,
         icon: logo,
         updateSubEndpoint: true,
         subscriptionEndpoint: joinUrl(groupPathPrefix, WELLKNOWN_SERVICE_PATH_PREFIX, 'websocket'),

package/api/libs/jwt.js CHANGED Viewed

@@ -21,7 +21,7 @@ const initJwt = (node, options) => {
     throw new Error('Auth service require a non-empty session secret to start');
   }
-  const login = async (did, { role, passport }) =>
+  const createSessionToken = async (did, { role, passport }) =>
     createAuthToken({
       did,
       passport,
@@ -30,7 +30,7 @@ const initJwt = (node, options) => {
       expiresIn: ttl,
     });
-  const verify = (token, teamDid) =>
+  const verifySessionToken = (token, teamDid) =>
     // eslint-disable-next-line implicit-arrow-linebreak
     new Promise((resolve, reject) => {
       jwt.verify(token, secret, async (err, decoded) => {
@@ -64,8 +64,8 @@ const initJwt = (node, options) => {
     });
   return {
-    login,
-    verify,
+    createSessionToken,
+    verifySessionToken,
   };
 };

package/api/middlewares/check-running.js CHANGED Viewed

@@ -1,12 +1,8 @@
-const joinUrl = require('url-join');
 const { BlockletStatus } = require('@blocklet/meta/lib/constants');
-const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const getBlockletNotRunningTemplate = require('@abtnode/router-templates/lib/blocklet-not-running');
 const getBlockletMaintenanceTemplate = require('@abtnode/router-templates/lib/blocklet-maintenance');
-const { getBaseUrl } = require('@abtnode/router-adapter');
-const { shouldGotoStartPage } = require('../util');
+const { shouldGotoStartPage, getRedirectUrl } = require('../util');
 const checkRunning = async (req, res, next) => {
   const blocklet = await req.getBlocklet();
@@ -18,12 +14,12 @@ const checkRunning = async (req, res, next) => {
       BlockletStatus.downloading,
     ].includes(blocklet.status)
   ) {
-    if (shouldGotoStartPage(req)) {
-      const baseUrl = getBaseUrl(req);
-      const redirect = encodeURIComponent(
-        `${baseUrl.replace(/\/+$/, '')}/${req.url.replace(/^\/+/, '').replace('__start__=1', '')}`
-      );
-      res.redirect(joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX, '/start', `/?redirect=${redirect}`));
+    if (shouldGotoStartPage(req, blocklet)) {
+      if (blocklet.settings.initialized) {
+        res.redirect(getRedirectUrl({ req, pagePath: '/start' }));
+      } else {
+        res.redirect(getRedirectUrl({ req, pagePath: '/setup' }));
+      }
       return;
     }

package/api/middlewares/proxy-to-daemon.js ADDED Viewed

@@ -0,0 +1,42 @@
+const jwt = require('jsonwebtoken');
+const LRU = require('lru-cache');
+const proxyToDaemon = ({ proxy, sessionSecret }) => {
+  const cache = new LRU({
+    max: 50, // cache at most 50 blocklet
+    maxAge: 86400 * 1000, // cache for 1 day
+  });
+  const getToken = (did) => {
+    const cacheToken = cache.get(did);
+    if (cacheToken) {
+      return cacheToken;
+    }
+    const token = jwt.sign(
+      {
+        type: 'blocklet',
+        did,
+      },
+      sessionSecret,
+      { expiresIn: '1d' }
+    );
+    cache.set(did, token);
+    return token;
+  };
+  return async (req, res) => {
+    req.url = '/api/gql';
+    const did = req.getBlockletDid();
+    const token = getToken(did);
+    req.headers.authorization = `Bearer ${token}`;
+    proxy.safeWeb(req, res, {
+      target: `http://127.0.0.1:${process.env.ABT_NODE_PORT}`,
+    });
+  };
+};
+module.exports = proxyToDaemon;

package/api/routes/blocklet.js CHANGED Viewed

@@ -3,11 +3,22 @@ const fs = require('fs');
 const path = require('path');
 const get = require('lodash/get');
 const cloneDeep = require('lodash/cloneDeep');
+const joinUrl = require('url-join');
+const JWT = require('@arcblock/jwt');
 const { fixBlockletStatus, wipeSensitiveData } = require('@blocklet/meta/lib/util');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')(require('../../package.json').name);
+const { getPassportStatusEndpoint } = require('@abtnode/auth/lib/auth');
+const {
+  createPassportVC,
+  createPassport,
+  upsertToPassports,
+  createUserPassport,
+} = require('@abtnode/auth/lib/passport');
 const checkAdminPermission = require('../middlewares/check-admin-permission');
 const polishBlocklet = (doc) => {
@@ -62,15 +73,105 @@ module.exports = {
     server.post(`${prefix}/api/blocklet/start`, checkAdminPermission, async (req, res) => {
       const blocklet = await req.getBlocklet();
+      const { fromSetup } = req.body;
       const doc = await node.startBlocklet({
         did: blocklet.meta.did,
         checkHealthImmediately: true,
         throwOnError: true,
       });
+      if (fromSetup) {
+        await node.setBlockletInitialized({ did: blocklet.meta.did });
+        const { did: userDid, role } = req.user;
+        const { wallet, name, passportColor } = await req.getBlockletInfo();
+        const teamDid = blocklet.meta.did;
+        const user = await node.getUser({ teamDid, user: { did: userDid } });
+        const { pk, locale = 'en', extra = {} } = user;
+        const { baseUrl } = extra;
+        // create vc
+        const vc = createPassportVC({
+          issuerName: name,
+          issuerWallet: wallet,
+          ownerDid: userDid,
+          passport: await createPassport({
+            name: role,
+            node,
+            teamDid,
+            locale,
+            endpoint: (extra || {}).baseUrl,
+          }),
+          endpoint: getPassportStatusEndpoint({
+            baseUrl: joinUrl(baseUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+            userDid,
+            teamDid,
+          }),
+          ownerProfile: user,
+          preferredColor: passportColor,
+        });
+        // write passport to db
+        const passport = createUserPassport(vc, { role });
+        await node.updateUser({
+          teamDid,
+          user: {
+            did: userDid,
+            pk,
+            passports: upsertToPassports(user.passports || [], passport),
+          },
+        });
+        // send vc to wallet
+        const receiver = userDid;
+        const token = JWT.sign(wallet.address, wallet.secretKey);
+        const data = {
+          sender: { did: teamDid, token, appDid: wallet.address },
+          receiver,
+          notification: {
+            title: {
+              en: 'Up and Running',
+              zh: '启动并运行',
+            }[locale],
+            body: {
+              en: 'The application is up and running successfully',
+              zh: '应用程序已启动并成功运行',
+            }[locale],
+            attachments: [
+              {
+                type: 'vc',
+                data: {
+                  credential: vc,
+                  tag: role,
+                },
+              },
+            ],
+          },
+        };
+        server.emit('sendToUser', data);
+      }
       res.json(polishBlocklet(doc));
     });
+    server.get(`${prefix}/api/blocklet/meta`, async (req, res) => {
+      const blocklet = await req.getBlocklet();
+      res.json(blocklet.meta);
+    });
+    server.post(`${prefix}/api/blocklet/who-can-access`, checkAdminPermission, async (req, res) => {
+      const { whoCanAccess } = req.body;
+      const blocklet = await req.getBlocklet();
+      await node.configWhoCanAccess({ teamDid: blocklet.meta.did, value: whoCanAccess });
+      const newBlocklet = await req.getBlocklet({ useCache: false });
+      res.json(polishBlocklet(newBlocklet));
+    });
     // backward compatible
     server.get(`${prefix}/blocklet/logo/:did`, async (req, res) => {
       const sendOptions = { maxAge: '1d' };

package/api/routes/dns-resolver.js ADDED Viewed

@@ -0,0 +1,39 @@
+const dns = require('dns');
+const LRU = require('lru-cache');
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+module.exports = {
+  init(app) {
+    const cache = new LRU({
+      max: 50, // cache at most 50
+      maxAge: 5 * 60 * 1000, // cache for 5 minute
+    });
+    app.get(`${WELLKNOWN_SERVICE_PATH_PREFIX}/api/dns-resolve/`, async (req, res) => {
+      const { hostname } = req.query;
+      if (!hostname) {
+        res.status(400).send('hostname should not be empty');
+        return;
+      }
+      const cachedAddress = cache.get(hostname);
+      if (cachedAddress) {
+        res.json({ address: cachedAddress });
+        return;
+      }
+      dns.lookup(hostname, async (err, address) => {
+        if (err) {
+          cache.del(hostname);
+          res.json({ address: null, error: err.message });
+          return;
+        }
+        cache.set(hostname, address);
+        res.json({ address });
+      });
+    });
+  },
+};

package/api/routes/env.js CHANGED Viewed

@@ -1,26 +1,36 @@
-const { NODE_SERVICES } = require('@abtnode/constant');
-const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const get = require('lodash/get');
+const { NODE_SERVICES, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
+const { BLOCKLET_CONFIGURABLE_KEY } = require('@blocklet/meta/lib/constants');
 module.exports = {
   init(server, node, opts) {
     server.get(`**${WELLKNOWN_SERVICE_PATH_PREFIX}/api/env`, async (req, res) => {
       res.type('js');
-      const [blocklet, config, info] = await Promise.all([
+      const [blockletInfo, blocklet, config, info] = await Promise.all([
         req.getBlockletInfo(),
+        req.getBlocklet(),
         req.getServiceConfig(NODE_SERVICES.AUTH),
         req.getNodeInfo(),
       ]);
       const pathPrefix = req.headers['x-path-prefix'] || '/';
       const groupPathPrefix = req.headers['x-group-path-prefix'];
+      const passportColor = get(
+        (blocklet.environments || []).find((x) => x.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_PASSPORT_COLOR),
+        'value',
+        'auto'
+      );
       res.send(`window.env = {
-  appId: "${blocklet.did}",
-  appName: "${blocklet.name}",
+  did: "${blockletInfo.did}",
+  appId: "${blocklet.appDid}",
+  appName: "${blockletInfo.name}",
   pathPrefix: "${pathPrefix}",
   apiPrefix: "${pathPrefix.replace(/\/+$/, '')}${WELLKNOWN_SERVICE_PATH_PREFIX}",
   ${groupPathPrefix ? `groupPathPrefix: "${groupPathPrefix}",` : ''}
   webWalletUrl: "${info.webWalletUrl || config.webWalletUrl || opts.webWalletUrl}",
+  passportColor: "${passportColor}",
 }`);
     });
   },

package/api/services/auth/connect/invite.js CHANGED Viewed

@@ -10,7 +10,7 @@ const {
 const { NODE_SERVICES, WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')(require('../../../../package.json').name);
-module.exports = function createRoutes(node, authenticator, login) {
+module.exports = function createRoutes(node, authenticator, createSessionToken) {
   return {
     action: 'invite',
@@ -71,9 +71,9 @@ module.exports = function createRoutes(node, authenticator, login) {
       });
       // Generate new session token that client can save to localStorage
-      const loginToken = await login(userDid, { passport, role });
-      await storage.update(token, { did: userDid, loginToken });
-      logger.info('login.success', { userDid });
+      const sessionToken = await createSessionToken(userDid, { passport, role });
+      await storage.update(token, { did: userDid, sessionToken });
+      logger.info('invite.success', { userDid });
       return response;
     },

package/api/services/auth/connect/login.js CHANGED Viewed

@@ -15,6 +15,7 @@ const {
   VC_TYPE_NODE_PASSPORT,
   NODE_SERVICES,
   WELLKNOWN_SERVICE_PATH_PREFIX,
+  WHO_CAN_ACCESS,
 } = require('@abtnode/constant');
 const {
   createPassportVC,
@@ -36,7 +37,7 @@ const vcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
  * @returns {String} config[1] default role
  * @returns {Boolean} config[2] issue passport
  */
-const isInvitedUserOnly = async (invitedUserOnly, node, teamDid) => {
+const isInvitedUserOnly = async (config, node, teamDid) => {
   const count = await node.getUsersCount({ teamDid });
   // issue owner passport for first login user
@@ -44,49 +45,67 @@ const isInvitedUserOnly = async (invitedUserOnly, node, teamDid) => {
     return [false, ROLES.OWNER, true];
   }
-  if ([true, 'yes', 'not-first'].includes(invitedUserOnly)) {
+  if ([WHO_CAN_ACCESS.OWNER, WHO_CAN_ACCESS.INVITED].includes(config.whoCanAccess)) {
+    return [true];
+  }
+  if ([WHO_CAN_ACCESS.ALL].includes(config.whoCanAccess)) {
+    return [false, ROLES.GUEST];
+  }
+  if ([true, 'yes', 'not-first'].includes(config.invitedUserOnly)) {
     return [true];
   }
   return [false, ROLES.GUEST];
 };
-module.exports = function createRoutes(node, authenticator, login) {
+module.exports = function createRoutes(node, authenticator, createSessionToken) {
   return {
     action: 'login',
-    claims: {
-      profile: async ({ extraParams, context }) => {
-        const { locale } = extraParams;
-        const config = await context.request.getServiceConfig(NODE_SERVICES.AUTH);
-        const profileFields = get(config, 'profileFields');
-        return {
-          fields: profileFields || ['fullName', 'avatar'],
-          description: messages.description[locale],
-        };
-      },
-      verifiableCredential: async ({ context, extraParams: { locale } }) => {
-        const { request, abtwallet } = context;
-        const { wallet, did: teamDid } = await request.getBlockletInfo();
-        checkWalletVersion({ abtwallet, locale });
-        const blocklet = await request.getBlocklet();
-        const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
-        const trustedIssuers = [wallet.address, ...trustedPassports].filter(Boolean);
-        const config = (await request.getServiceConfig(NODE_SERVICES.AUTH)) || {};
-        const [invitedUserOnly] = await isInvitedUserOnly(config.invitedUserOnly, node, teamDid);
-        return {
-          description: messages.requestPassport[locale],
-          item: vcTypes,
-          trustedIssuers,
-          optional: !invitedUserOnly,
-        };
-      },
+    onConnect: async ({ req, userDid }) => {
+      const blocklet = await req.getBlocklet();
+      const claims = {
+        profile: async ({ extraParams, context }) => {
+          const { locale } = extraParams;
+          const config = await context.request.getServiceConfig(NODE_SERVICES.AUTH);
+          const profileFields = get(config, 'profileFields');
+          return {
+            fields: profileFields || ['fullName', 'avatar'],
+            description: messages.description[locale],
+          };
+        },
+        verifiableCredential: async ({ context, extraParams: { locale } }) => {
+          const { request, abtwallet } = context;
+          const { wallet, did: teamDid } = await request.getBlockletInfo();
+          checkWalletVersion({ abtwallet, locale });
+          const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
+          const trustedIssuers = [wallet.address, ...trustedPassports].filter(Boolean);
+          const config = (await request.getServiceConfig(NODE_SERVICES.AUTH)) || {};
+          const [invitedUserOnly] = await isInvitedUserOnly(config, node, teamDid);
+          return {
+            description: messages.requestPassport[locale],
+            item: vcTypes,
+            trustedIssuers,
+            optional: !invitedUserOnly,
+          };
+        },
+      };
+      const user = await node.getUser({ teamDid: blocklet.meta.did, user: { did: userDid } });
+      if (user) {
+        delete claims.profile;
+      }
+      return claims;
     },
     // eslint-disable-next-line consistent-return
@@ -114,11 +133,7 @@ module.exports = function createRoutes(node, authenticator, login) {
       });
       const config = (await req.getServiceConfig(NODE_SERVICES.AUTH)) || {};
-      const [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(
-        config.invitedUserOnly,
-        node,
-        teamDid
-      );
+      const [invitedUserOnly, defaultRole, issuePassport] = await isInvitedUserOnly(config, node, teamDid);
       if (invitedUserOnly && !vc) {
         throw new Error(messages.missingCredentialClaim[locale]);
@@ -180,18 +195,25 @@ module.exports = function createRoutes(node, authenticator, login) {
         }
       }
+      if (config.whoCanAccess === WHO_CAN_ACCESS.OWNER && role !== ROLES.OWNER) {
+        throw new Error(
+          {
+            zh: '你不是该应用的所有者',
+            en: 'You are not the owner of this application',
+          }[locale]
+        );
+      }
       // Recreate passport with correct role
       passport = vc ? createUserPassport(vc, { role }) : null;
       // Update profile
       try {
-        const profile = claims.find((x) => x.type === 'profile');
         if (user) {
           // Update user
           await node.updateUser({
             teamDid,
             user: {
-              ...profile,
               did: userDid,
               pk: userPk,
               locale,
@@ -201,6 +223,7 @@ module.exports = function createRoutes(node, authenticator, login) {
           });
         } else {
           // Create user
+          const profile = claims.find((x) => x.type === 'profile');
           await node.addUser({
             teamDid,
             user: {
@@ -217,8 +240,8 @@ module.exports = function createRoutes(node, authenticator, login) {
         }
         // Generate new session token that client can save to localStorage
-        const loginToken = await login(userDid, { passport, role });
-        await storage.update(token, { did: userDid, loginToken });
+        const sessionToken = await createSessionToken(userDid, { passport, role });
+        await storage.update(token, { did: userDid, sessionToken });
         logger.info('login.success', { userDid, role });
         // issue passport for the first login user in a invite-only team