@abtnode/blocklet-services 1.8.69-beta-76f8a46f → 1.16.0-beta-b16cb035

package/README.md

@@ -93,6 +93,7 @@ node.onReady(() => {
 - /api/did/issue-passport
 - /api/did/lost-passport-list
 - /api/did/lost-passport-issue
+- /api/did/pre-setup
 - /api/did/setup
 - /api/did/switch-profile
 - /api/did/switch-passport

package/api/middlewares/proxy-to-daemon.js

@@ -6,7 +6,7 @@ const pick = require('lodash/pick');
 const md5 = require('@abtnode/util/lib/md5');
 const { AUTH_CERT_TYPE } = require('@abtnode/constant');
 
-const cacheKey = (userDid, appDid) => md5(`${userDid}:${appDid}`);
+const cacheKey = (userDid, appPid) => md5(`${userDid}:${appPid}`);
 
 const proxyToDaemon = ({ proxy, pathname, sessionSecret }) => {
   const cache = new LRU({
@@ -39,6 +39,8 @@ const proxyToDaemon = ({ proxy, pathname, sessionSecret }) => {
 
   return async (req, res) => {
     req.url = `${pathname}?${qs.stringify(req.query)}`;
+    // did returned ty req.getBlockletDid() is blocklet.meta.did
+    // the blocklet.meta.did is always the same as appPid in structV2 application
     const did = req.getBlockletDid();
     const token = getToken(did, pick(req.user, ['did', 'role']));
 

package/api/services/auth/connect/pre-setup.js

@@ -0,0 +1,24 @@
+const pick = require('lodash/pick');
+const { getSetupBlockletClaims } = require('@abtnode/auth/lib/server');
+const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
+
+const logger = require('@abtnode/logger')(require('../../../../package.json').name);
+
+module.exports = function createRoutes() {
+  return {
+    action: 'pre-setup',
+    authPrincipal: false,
+    claims: getSetupBlockletClaims(),
+    onAuth: async ({ claims, userDid, userPk, extraParams: { locale } }) => {
+      const claim = claims.find((x) => x.type === 'signature');
+      verifySignature(claim, userDid, userPk, locale);
+      logger.info('pre-setup.connect.success', { userDid });
+      return {
+        nextWorkflowData: {
+          claim: pick(claim, ['origin', 'sig']),
+          pk: userPk,
+        },
+      };
+    },
+  };
+};

package/api/services/auth/connect/setup.js

@@ -1,10 +1,9 @@
 /* eslint-disable arrow-parens */
 const get = require('lodash/get');
 const { messages } = require('@abtnode/auth/lib/auth');
-const formatContext = require('@abtnode/util/lib/format-context');
-const { getServerAuthMethod } = require('@abtnode/auth/lib/util/get-auth-method');
-const { getSetupBlockletClaims, ensureBlockletPermission } = require('@abtnode/auth/lib/server');
 const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const formatContext = require('@abtnode/util/lib/format-context');
+const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
 
 const logger = require('@abtnode/logger')(require('../../../../package.json').name);
 
@@ -31,52 +30,29 @@ const checkOwner = async ({ node, userDid, blocklet }) => {
 module.exports = function createRoutes(node, _authenticator, createSessionToken) {
   return {
     action: 'setup',
-    onConnect: async ({ req, userDid, extraParams: { launchType } }) => {
-      const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getNodeInfo()]);
-
-      const claims = {
-        profile: async ({ extraParams }) => {
-          const { locale } = extraParams;
+    onConnect: async ({ req, userDid, extraParams: { locale } }) => {
+      const blocklet = await req.getBlocklet();
+      await checkOwner({ node, userDid, blocklet });
 
-          return {
-            fields: ['fullName', 'avatar'],
-            description: messages.description[locale],
-          };
+      return {
+        profile: {
+          fields: ['fullName', 'avatar'],
+          description: messages.description[locale],
         },
       };
-
-      const authMethod = getServerAuthMethod(info, launchType);
-      const serverClaims = await getSetupBlockletClaims(node, authMethod, blocklet);
-
-      await checkOwner({ node, userDid, blocklet });
-
-      return Object.assign(serverClaims, claims);
     },
 
-    // eslint-disable-next-line consistent-return
-    onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl, challenge }) => {
-      const { locale, launchType, chainHost } = extraParams;
-      const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getNodeInfo()]);
+    onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl }) => {
+      const { locale, previousWorkflowData: proof } = extraParams;
+      const blocklet = await req.getBlocklet();
       const teamDid = blocklet.meta.did;
+      const user = await checkOwner({ node, userDid, blocklet });
 
-      const authMethod = getServerAuthMethod(info, launchType);
-      if (authMethod === 'nft' && !chainHost) {
-        throw new Error(messages.invalidParams[locale]);
+      // ensure owner proof form previous workflow
+      if (!proof || !proof.claim || !proof.pk) {
+        throw new Error('No owner proof found from previous workflow');
       }
-
-      await ensureBlockletPermission({
-        authMethod,
-        node,
-        userDid,
-        claims,
-        challenge,
-        locale,
-        blocklet,
-        isAuth: true,
-        chainHost,
-      });
-
-      const user = await checkOwner({ node, userDid, blocklet });
+      verifySignature(proof.claim, blocklet.appDid, proof.pk, locale);
 
       try {
         if (user) {

package/api/services/auth/index.js

@@ -27,6 +27,7 @@ const createInviteRoutes = require('./connect/invite');
 const createIssuePassportAuth = require('./connect/issue-passport');
 const createLostPassportListAuth = require('./connect/lost-passport-list');
 const createLostPassportIssueAuth = require('./connect/lost-passport-issue');
+const createPreSetupAuth = require('./connect/pre-setup');
 const createSetupAuth = require('./connect/setup');
 const createSwitchProfileAuth = require('./connect/switch-profile');
 const createSwitchPassportAuth = require('./connect/switch-passport');
@@ -168,6 +169,7 @@ const init = ({ node, options }) => {
       handler.attach(Object.assign({ app }, createIssuePassportAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createLostPassportListAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createLostPassportIssueAuth(node, authenticator, createSessionToken)));
+      handler.attach(Object.assign({ app }, createPreSetupAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSetupAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSwitchProfileAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSwitchPassportAuth(node, authenticator, createSessionToken)));

package/api/socket/channel/app.js

@@ -1,6 +1,6 @@
 const get = require('lodash/get');
 
-const { CHANNEL_TYPE, parseChannel } = require('@blocklet/meta/lib/channel');
+const { CHANNEL_TYPE, parseChannel, getAppPublicChannel } = require('@blocklet/meta/lib/channel');
 const { validateNotification } = require('@blocklet/sdk/lib/validators/notification');
 const { NODE_MODES } = require('@abtnode/constant');
 
@@ -45,9 +45,6 @@ const sendToAppChannel = async ({
   if (socketId) {
     socketFilters.id = socketId;
   }
-  if (socketDid) {
-    socketFilters[`channel.${channel}.authInfo.did`] = socketDid;
-  }
 
   // validate
 
@@ -57,19 +54,25 @@ const sendToAppChannel = async ({
 
   // parse sender
 
-  const senderInfo = await ensureSender({ sender, node, nodeInfo });
+  const appInfo = await ensureSender({ sender, node, nodeInfo });
 
-  if (channelInfo.appDid !== senderInfo.wallet.address) {
+  if (![appInfo.wallet.address, appInfo.permanentWallet.address].includes(channelInfo.appDid)) {
     throw new Error('Cannot sent message to channel of other app');
   }
 
   // parse notification
 
-  const notifications = parseNotification(notification, senderInfo);
+  const notifications = parseNotification(notification, appInfo);
+
+  const actualChannel = getAppPublicChannel(appInfo.permanentWallet.address);
+
+  if (socketDid) {
+    socketFilters[`channel.${actualChannel}.authInfo.did`] = socketDid;
+  }
 
   // send notification
   notifications.forEach((data) => {
-    broadcast(wsServer, channel, event, data, { socketFilters });
+    broadcast(wsServer, actualChannel, event, data, { socketFilters });
   });
 };
 

package/api/socket/channel/relay.js

@@ -1,22 +1,28 @@
-const { CHANNEL_TYPE, parseChannel } = require('@blocklet/meta/lib/channel');
+const { CHANNEL_TYPE, parseChannel, getRelayChannel } = require('@blocklet/meta/lib/channel');
 const { ensureSender, broadcast, EVENTS } = require('../util');
 
-// Only a blocklet can send message to a relay channel
+// Only an application can send message to a relay channel
 // But multiple clients can subscribe to the same relay channel
 const sendToRelay = async ({ sender, channel, event = EVENTS.MESSAGE, data, node, wsServer }) => {
-  const info = parseChannel(channel);
-  if (info.type !== CHANNEL_TYPE.RELAY) {
+  const channelInfo = parseChannel(channel);
+  if (channelInfo.type !== CHANNEL_TYPE.RELAY) {
     throw new Error('Cannot send message to non-relay channel');
   }
 
   const nodeInfo = await node.getNodeInfo();
-  const result = await ensureSender({ sender, node, nodeInfo });
-  if (info.appDid !== result.wallet.address) {
+
+  // Sender is appDid of application
+  const appInfo = await ensureSender({ sender, node, nodeInfo });
+
+  if (![appInfo.wallet.address, appInfo.permanentWallet.address].includes(channelInfo.appDid)) {
     throw new Error('Cannot sent message to relay channel of other app');
   }
 
-  const socketFilters = { [`channel.${channel}.authInfo.topic`]: info.topic };
-  broadcast(wsServer, channel, event, data, { socketFilters });
+  const actualChannel = getRelayChannel(appInfo.permanentWallet.address, channelInfo.topic);
+
+  const socketFilters = { [`channel.${actualChannel}.authInfo.topic`]: channelInfo.topic };
+
+  broadcast(wsServer, actualChannel, event, data, { socketFilters });
 };
 
 const onAuthenticate = () => {};

package/api/socket/util.js

@@ -1,7 +1,7 @@
 const { nanoid } = require('nanoid');
 const JWT = require('@arcblock/jwt');
 
-const { getTeamInfo } = require('@abtnode/auth/lib/auth');
+const { getApplicationInfo } = require('@abtnode/auth/lib/auth');
 
 // eslint-disable-next-line global-require
 const logger = require('@abtnode/logger')(`${require('../../package.json').name}:socket`);
@@ -24,9 +24,13 @@ const parseNotification = (notification, senderInfo) => {
     }
 
     x.sender = {
-      did: senderInfo.wallet.address,
-      pk: senderInfo.wallet.pk,
+      // did is permanent did of an application that is used to identify the application by DID Wallet
+      did: senderInfo.permanentWallet.address,
+      pk: senderInfo.permanentWallet.pk,
       name: senderInfo.name,
+      // actualDid is the did of the application that is used to decrypt the message if needed
+      actualDid: senderInfo.wallet.address,
+      actualPk: senderInfo.wallet.pk,
     };
   });
 
@@ -44,9 +48,9 @@ const broadcast = (...args) => {
 };
 
 const ensureSender = async ({ sender, node, nodeInfo }) => {
-  let senderInfo;
+  let appInfo;
   try {
-    senderInfo = await getTeamInfo({ node, nodeInfo, teamDid: sender.appDid });
+    appInfo = await getApplicationInfo({ node, nodeInfo, teamDid: sender.appDid });
   } catch (err) {
     if (err.message === 'Blocklet state must be an object') {
       err.message = `Sender blocklet does not exist: ${sender.appDid}`;
@@ -54,12 +58,12 @@ const ensureSender = async ({ sender, node, nodeInfo }) => {
     throw err;
   }
 
-  const { wallet } = senderInfo;
+  const { wallet } = appInfo;
   if (!JWT.verify(sender.token, wallet.publicKey)) {
-    throw new Error(`Invalid authentication token for sender blocklet: ${sender.did}`);
+    throw new Error(`Invalid authentication token for sender blocklet: ${sender.appDid}`);
   }
 
-  return senderInfo;
+  return appInfo;
 };
 
 const getTokenInfo = (decoded) => ({

package/build/asset-manifest.json

@@ -1,24 +1,24 @@
 {
   "files": {
     "main.css": "/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css",
-    "main.js": "/.blocklet/proxy/blocklet-service/static/js/main.ccf2aa21.js",
+    "main.js": "/.blocklet/proxy/blocklet-service/static/js/main.cb6e6a93.js",
     "static/js/560.4d01281e.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/560.4d01281e.chunk.js",
     "static/js/255.4b68f586.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/255.4b68f586.chunk.js",
     "static/js/371.60842581.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/371.60842581.chunk.js",
     "static/js/737.76692b09.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/737.76692b09.chunk.js",
-    "static/js/906.8d0bbdde.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/906.8d0bbdde.chunk.js",
+    "static/js/906.a980020a.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/906.a980020a.chunk.js",
     "static/js/868.43103624.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/868.43103624.chunk.js",
-    "static/js/409.f7b6e2fd.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/409.f7b6e2fd.chunk.js",
+    "static/js/409.1dcd48aa.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/409.1dcd48aa.chunk.js",
     "static/js/682.c64ae291.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/682.c64ae291.chunk.js",
     "static/js/711.6c22b7c7.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/711.6c22b7c7.chunk.js",
     "static/js/437.d815f0c0.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/437.d815f0c0.chunk.js",
     "static/js/690.f9a59613.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/690.f9a59613.chunk.js",
-    "static/js/313.546141b2.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/313.546141b2.chunk.js",
+    "static/js/950.8e1097d2.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/950.8e1097d2.chunk.js",
     "static/js/712.9667cdcd.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/712.9667cdcd.chunk.js",
     "static/js/511.1dd226f9.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/511.1dd226f9.chunk.js",
     "static/js/248.ad6363a4.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/248.ad6363a4.chunk.js",
     "static/css/503.b2c1f856.chunk.css": "/.blocklet/proxy/blocklet-service/static/css/503.b2c1f856.chunk.css",
-    "static/js/503.c96d3943.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/503.c96d3943.chunk.js",
+    "static/js/503.8399a560.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/503.8399a560.chunk.js",
     "static/js/203.0c856580.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/203.0c856580.chunk.js",
     "static/media/ubuntu-mono-all-400-normal.woff": "/.blocklet/proxy/blocklet-service/static/media/ubuntu-mono-all-400-normal.c879328bc62e9c68268f.woff",
     "static/media/lato-all-400-normal.woff": "/.blocklet/proxy/blocklet-service/static/media/lato-all-400-normal.3dc1eff492ab1f598560.woff",
@@ -42,28 +42,28 @@
     "router-template-styles/styles.css": "/.blocklet/proxy/blocklet-service/router-template-styles/styles.css",
     "index.html": "/.blocklet/proxy/blocklet-service/index.html",
     "main.632501d5.css.map": "/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css.map",
-    "main.ccf2aa21.js.map": "/.blocklet/proxy/blocklet-service/static/js/main.ccf2aa21.js.map",
+    "main.cb6e6a93.js.map": "/.blocklet/proxy/blocklet-service/static/js/main.cb6e6a93.js.map",
     "560.4d01281e.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/560.4d01281e.chunk.js.map",
     "255.4b68f586.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/255.4b68f586.chunk.js.map",
     "371.60842581.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/371.60842581.chunk.js.map",
     "737.76692b09.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/737.76692b09.chunk.js.map",
-    "906.8d0bbdde.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/906.8d0bbdde.chunk.js.map",
+    "906.a980020a.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/906.a980020a.chunk.js.map",
     "868.43103624.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/868.43103624.chunk.js.map",
-    "409.f7b6e2fd.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/409.f7b6e2fd.chunk.js.map",
+    "409.1dcd48aa.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/409.1dcd48aa.chunk.js.map",
     "682.c64ae291.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/682.c64ae291.chunk.js.map",
     "711.6c22b7c7.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/711.6c22b7c7.chunk.js.map",
     "437.d815f0c0.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/437.d815f0c0.chunk.js.map",
     "690.f9a59613.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/690.f9a59613.chunk.js.map",
-    "313.546141b2.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/313.546141b2.chunk.js.map",
+    "950.8e1097d2.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/950.8e1097d2.chunk.js.map",
     "712.9667cdcd.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/712.9667cdcd.chunk.js.map",
     "511.1dd226f9.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/511.1dd226f9.chunk.js.map",
     "248.ad6363a4.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/248.ad6363a4.chunk.js.map",
     "503.b2c1f856.chunk.css.map": "/.blocklet/proxy/blocklet-service/static/css/503.b2c1f856.chunk.css.map",
-    "503.c96d3943.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/503.c96d3943.chunk.js.map",
+    "503.8399a560.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/503.8399a560.chunk.js.map",
     "203.0c856580.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/203.0c856580.chunk.js.map"
   },
   "entrypoints": [
     "static/css/main.632501d5.css",
-    "static/js/main.ccf2aa21.js"
+    "static/js/main.cb6e6a93.js"
   ]
 }

package/build/index.html

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"/><meta name="theme-color" content="#000000"/><title>Blocklet Service</title><script src=".well-known/service/api/env"></script><script src="/__blocklet__.js"></script><script defer="defer" src="/.blocklet/proxy/blocklet-service/static/js/main.ccf2aa21.js"></script><link href="/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"/><meta name="theme-color" content="#000000"/><title>Blocklet Service</title><script src=".well-known/service/api/env"></script><script src="/__blocklet__.js"></script><script defer="defer" src="/.blocklet/proxy/blocklet-service/static/js/main.cb6e6a93.js"></script><link href="/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>