@abtnode/blocklet-services 1.8.69-beta-b0bb2d67 → 1.8.69-beta-650a290b

package/README.md

@@ -93,6 +93,7 @@ node.onReady(() => {
 - /api/did/issue-passport
 - /api/did/lost-passport-list
 - /api/did/lost-passport-issue
+- /api/did/pre-setup
 - /api/did/setup
 - /api/did/switch-profile
 - /api/did/switch-passport

package/api/index.js

@@ -112,18 +112,30 @@ module.exports = function createServer(node, serverOptions = {}) {
   });
 
   // Cross process events
-  [BlockletEvents.updated, BlockletEvents.started, BlockletEvents.removed, BlockletEvents.statusChange].forEach(
-    (name) => {
-      eventHub.on(name, (data) => {
-        const did = get(data, 'meta.did');
-        if (did) {
-          logger.info('delete blocklet cache on update', { did, pid: process.pid });
-          cache.del(cache.keyFns.blocklet(did));
-          cache.del(cache.keyFns.blockletInfo(did));
-        }
-      });
-    }
-  );
+  [
+    BlockletEvents.updated,
+    BlockletEvents.started,
+    BlockletEvents.removed,
+    BlockletEvents.statusChange,
+    BlockletEvents.installed,
+  ].forEach((name) => {
+    eventHub.on(name, (data) => {
+      const did = get(data, 'meta.did');
+      if (did) {
+        logger.info('delete blocklet cache on update', { did, pid: process.pid });
+        cache.del(cache.keyFns.blocklet(did));
+        cache.del(cache.keyFns.blockletInfo(did));
+      }
+
+      // structV1Did is just for migration purpose and should be removed in the future
+      const structV1Did = get(data, 'structV1Did');
+      if (structV1Did) {
+        logger.info('delete blocklet cache on update', { structV1Did, pid: process.pid });
+        cache.del(cache.keyFns.blocklet(structV1Did));
+        cache.del(cache.keyFns.blockletInfo(structV1Did));
+      }
+    });
+  });
   eventHub.on(EVENTS.NODE_UPDATED, () => {
     logger.info('node update', { pid: process.pid });
     cache.del(cache.keyFns.node());
@@ -281,7 +293,7 @@ module.exports = function createServer(node, serverOptions = {}) {
   // error handler
   // eslint-disable-next-line no-unused-vars
   server.use((err, req, res, next) => {
-    logger.error('Something broke', { error: err });
+    logger.error('Something broke', { url: req.url, error: err });
     res.status(500).send(`Blocklet Service: Something broke! ${err.message}`);
   });
 

package/api/libs/connect/session.js

@@ -29,6 +29,7 @@ const {
   createPassport,
   upsertToPassports,
 } = require('@abtnode/auth/lib/passport');
+const { getKeyPairClaim } = require('@abtnode/auth/lib/server');
 
 const { getRolesFromAuthConfig, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 
@@ -506,4 +507,55 @@ module.exports = {
       return sessionToken;
     },
   },
+
+  migrateToStructV2: {
+    getClaims: ({ node }) => ({
+      verifiableCredential: async ({ extraParams: { locale }, context: { request } }) => {
+        const blocklet = await request.getBlocklet();
+        const { wallet } = await request.getBlockletInfo();
+
+        const trustedPassports = (blocklet.trustedPassports || []).map((x) => x.issuerDid);
+        const trustedIssuers = [wallet.address, ...trustedPassports].filter(Boolean);
+
+        return {
+          type: 'verifiableCredential',
+          description: messages.requestPassport[locale],
+          item: vcTypes,
+          trustedIssuers,
+          optional: false,
+        };
+      },
+      keyPair: getKeyPairClaim({ node }),
+    }),
+
+    onAuth: async ({ claims, challenge, userDid, extraParams: { locale }, req, node }) => {
+      const blocklet = await req.getBlocklet();
+      const { wallet, did: teamDid } = await req.getBlockletInfo();
+      const appId = wallet.address;
+
+      // Get passport vc
+      const vc = await getPassportVc({ blocklet, appId, claims, challenge, locale });
+      if (!vc) {
+        throw new Error(messages.missingCredentialClaim[locale]);
+      }
+
+      const role = await getRoleFromVC({ vc, appId, node, locale, blocklet, teamDid });
+
+      if (role !== ROLES.OWNER) {
+        throw new Error(
+          {
+            zh: '只有应用所有者才能执行此操作',
+            en: 'Only the application owner can perform this action',
+          }[locale]
+        );
+      }
+
+      const keyPair = claims.find((x) => x.type === 'keyPair');
+      if (!keyPair) {
+        throw new Error(messages.missingKeyPair[locale]);
+      }
+
+      return { blocklet, keyPair, user: { role, did: userDid } };
+    },
+  },
 };

package/api/middlewares/proxy-to-daemon.js

@@ -3,16 +3,20 @@ const qs = require('querystring');
 const LRU = require('lru-cache');
 const pick = require('lodash/pick');
 
+const md5 = require('@abtnode/util/lib/md5');
 const { AUTH_CERT_TYPE } = require('@abtnode/constant');
 
+const cacheKey = (userDid, appDid) => md5(`${userDid}:${appDid}`);
+
 const proxyToDaemon = ({ proxy, pathname, sessionSecret }) => {
   const cache = new LRU({
-    max: 50, // cache at most 50 blocklet
+    max: 50,
     maxAge: 86400 * 1000, // cache for 1 day
   });
 
   const getToken = (did, user) => {
-    const cacheToken = cache.get(user.did);
+    const key = cacheKey(user.did, did);
+    const cacheToken = cache.get(key);
     if (cacheToken) {
       return cacheToken;
     }
@@ -28,7 +32,7 @@ const proxyToDaemon = ({ proxy, pathname, sessionSecret }) => {
       { expiresIn: '1d' }
     );
 
-    cache.set(user.did, token);
+    cache.set(key, token);
 
     return token;
   };

package/api/services/auth/connect/migrate-app-to-struct-v2.js

@@ -0,0 +1,55 @@
+const jwt = require('jsonwebtoken');
+const { toHex } = require('@ocap/util');
+const logger = require('@abtnode/logger')('blocklet-service:connect:migrate');
+
+const Client = require('@abtnode/client');
+const { AUTH_CERT_TYPE } = require('@abtnode/constant');
+
+const { migrateToStructV2 } = require('../../../libs/connect/session');
+
+const { getClaims, onAuth } = migrateToStructV2;
+
+module.exports = function createRoutes(node, options) {
+  return {
+    action: 'migrate-app-to-struct-v2',
+
+    claims: getClaims(node),
+
+    onAuth: async ({ claims, challenge, userDid, extraParams: { locale }, req }) => {
+      try {
+        const { blocklet, keyPair, user } = await onAuth({
+          claims,
+          challenge,
+          userDid,
+          extraParams: { locale },
+          req,
+          node,
+        });
+
+        const input = {
+          did: blocklet.meta.did,
+          appSk: toHex(keyPair.secret),
+        };
+
+        const token = jwt.sign(
+          {
+            type: AUTH_CERT_TYPE.BLOCKLET_USER,
+            did: userDid,
+            role: user.role,
+            blockletDid: blocklet.meta.did,
+          },
+          options.sessionSecret,
+          { expiresIn: '10s' }
+        );
+
+        const client = new Client(`http://127.0.0.1:${process.env.ABT_NODE_PORT}/api/gql`);
+        client.setAuthToken(token);
+
+        await client.migrateApplicationToStructV2({ input });
+      } catch (error) {
+        logger.error('migrate application failed', { error, userDid });
+        throw error;
+      }
+    },
+  };
+};

package/api/services/auth/connect/pre-setup.js

@@ -0,0 +1,24 @@
+const pick = require('lodash/pick');
+const { getSetupBlockletClaims } = require('@abtnode/auth/lib/server');
+const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
+
+const logger = require('@abtnode/logger')(require('../../../../package.json').name);
+
+module.exports = function createRoutes() {
+  return {
+    action: 'pre-setup',
+    authPrincipal: false,
+    claims: getSetupBlockletClaims(),
+    onAuth: async ({ claims, userDid, userPk, extraParams: { locale } }) => {
+      const claim = claims.find((x) => x.type === 'signature');
+      verifySignature(claim, userDid, userPk, locale);
+      logger.info('pre-setup.connect.success', { userDid });
+      return {
+        nextWorkflowData: {
+          claim: pick(claim, ['origin', 'sig']),
+          pk: userPk,
+        },
+      };
+    },
+  };
+};

package/api/services/auth/connect/setup.js

@@ -1,10 +1,9 @@
 /* eslint-disable arrow-parens */
 const get = require('lodash/get');
 const { messages } = require('@abtnode/auth/lib/auth');
-const formatContext = require('@abtnode/util/lib/format-context');
-const { getServerAuthMethod } = require('@abtnode/auth/lib/util/get-auth-method');
-const { getSetupBlockletClaims, ensureBlockletPermission } = require('@abtnode/auth/lib/server');
 const { extractUserAvatar } = require('@abtnode/util/lib/user-avatar');
+const formatContext = require('@abtnode/util/lib/format-context');
+const verifySignature = require('@abtnode/auth/lib/util/verify-signature');
 
 const logger = require('@abtnode/logger')(require('../../../../package.json').name);
 
@@ -31,52 +30,29 @@ const checkOwner = async ({ node, userDid, blocklet }) => {
 module.exports = function createRoutes(node, _authenticator, createSessionToken) {
   return {
     action: 'setup',
-    onConnect: async ({ req, userDid, extraParams: { launchType } }) => {
-      const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getNodeInfo()]);
-
-      const claims = {
-        profile: async ({ extraParams }) => {
-          const { locale } = extraParams;
+    onConnect: async ({ req, userDid, extraParams: { locale } }) => {
+      const blocklet = await req.getBlocklet();
+      await checkOwner({ node, userDid, blocklet });
 
-          return {
-            fields: ['fullName', 'avatar'],
-            description: messages.description[locale],
-          };
+      return {
+        profile: {
+          fields: ['fullName', 'avatar'],
+          description: messages.description[locale],
         },
       };
-
-      const authMethod = getServerAuthMethod(info, launchType);
-      const serverClaims = await getSetupBlockletClaims(node, authMethod, blocklet);
-
-      await checkOwner({ node, userDid, blocklet });
-
-      return Object.assign(serverClaims, claims);
     },
 
-    // eslint-disable-next-line consistent-return
-    onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl, challenge }) => {
-      const { locale, launchType, chainHost } = extraParams;
-      const [blocklet, info] = await Promise.all([req.getBlocklet(), req.getNodeInfo()]);
+    onAuth: async ({ claims, userDid, userPk, updateSession, extraParams, req, baseUrl }) => {
+      const { locale, previousWorkflowData: proof } = extraParams;
+      const blocklet = await req.getBlocklet();
       const teamDid = blocklet.meta.did;
+      const user = await checkOwner({ node, userDid, blocklet });
 
-      const authMethod = getServerAuthMethod(info, launchType);
-      if (authMethod === 'nft' && !chainHost) {
-        throw new Error(messages.invalidParams[locale]);
+      // ensure owner proof form previous workflow
+      if (!proof || !proof.claim || !proof.pk) {
+        throw new Error('No owner proof found from previous workflow');
       }
-
-      await ensureBlockletPermission({
-        authMethod,
-        node,
-        userDid,
-        claims,
-        challenge,
-        locale,
-        blocklet,
-        isAuth: true,
-        chainHost,
-      });
-
-      const user = await checkOwner({ node, userDid, blocklet });
+      verifySignature(proof.claim, blocklet.appDid, proof.pk, locale);
 
       try {
         if (user) {

package/api/services/auth/index.js

@@ -27,11 +27,13 @@ const createInviteRoutes = require('./connect/invite');
 const createIssuePassportAuth = require('./connect/issue-passport');
 const createLostPassportListAuth = require('./connect/lost-passport-list');
 const createLostPassportIssueAuth = require('./connect/lost-passport-issue');
+const createPreSetupAuth = require('./connect/pre-setup');
 const createSetupAuth = require('./connect/setup');
 const createSwitchProfileAuth = require('./connect/switch-profile');
 const createSwitchPassportAuth = require('./connect/switch-passport');
 const createRotateKeyPairAuth = require('./connect/rotate-key-pair');
 const createFuelAuth = require('./connect/fuel');
+const createMigrateToStructV2Routes = require('./connect/migrate-app-to-struct-v2');
 const createSessionRoutes = require('./session');
 const createPassportRoutes = require('./passport');
 const { getRedirectUrl } = require('../../util');
@@ -167,11 +169,13 @@ const init = ({ node, options }) => {
       handler.attach(Object.assign({ app }, createIssuePassportAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createLostPassportListAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createLostPassportIssueAuth(node, authenticator, createSessionToken)));
+      handler.attach(Object.assign({ app }, createPreSetupAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSetupAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSwitchProfileAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createSwitchPassportAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createRotateKeyPairAuth(node, authenticator, createSessionToken)));
       handler.attach(Object.assign({ app }, createFuelAuth(authenticator, createSessionToken)));
+      handler.attach(Object.assign({ app }, createMigrateToStructV2Routes(node, options)));
     });
   };
 

package/build/asset-manifest.json

@@ -1,24 +1,24 @@
 {
   "files": {
     "main.css": "/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css",
-    "main.js": "/.blocklet/proxy/blocklet-service/static/js/main.7700a901.js",
+    "main.js": "/.blocklet/proxy/blocklet-service/static/js/main.c9dd5af4.js",
     "static/js/560.4d01281e.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/560.4d01281e.chunk.js",
     "static/js/255.4b68f586.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/255.4b68f586.chunk.js",
     "static/js/371.60842581.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/371.60842581.chunk.js",
     "static/js/737.76692b09.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/737.76692b09.chunk.js",
-    "static/js/906.8d0bbdde.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/906.8d0bbdde.chunk.js",
+    "static/js/906.ebb2512d.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/906.ebb2512d.chunk.js",
     "static/js/868.43103624.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/868.43103624.chunk.js",
-    "static/js/409.3622d7f6.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/409.3622d7f6.chunk.js",
+    "static/js/409.ceb64579.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/409.ceb64579.chunk.js",
     "static/js/682.c64ae291.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/682.c64ae291.chunk.js",
     "static/js/711.6c22b7c7.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/711.6c22b7c7.chunk.js",
     "static/js/437.d815f0c0.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/437.d815f0c0.chunk.js",
     "static/js/690.f9a59613.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/690.f9a59613.chunk.js",
-    "static/js/313.546141b2.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/313.546141b2.chunk.js",
+    "static/js/950.07fa9e3d.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/950.07fa9e3d.chunk.js",
     "static/js/712.9667cdcd.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/712.9667cdcd.chunk.js",
     "static/js/511.1dd226f9.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/511.1dd226f9.chunk.js",
     "static/js/248.ad6363a4.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/248.ad6363a4.chunk.js",
     "static/css/503.b2c1f856.chunk.css": "/.blocklet/proxy/blocklet-service/static/css/503.b2c1f856.chunk.css",
-    "static/js/503.c96d3943.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/503.c96d3943.chunk.js",
+    "static/js/503.1b995e29.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/503.1b995e29.chunk.js",
     "static/js/203.0c856580.chunk.js": "/.blocklet/proxy/blocklet-service/static/js/203.0c856580.chunk.js",
     "static/media/ubuntu-mono-all-400-normal.woff": "/.blocklet/proxy/blocklet-service/static/media/ubuntu-mono-all-400-normal.c879328bc62e9c68268f.woff",
     "static/media/lato-all-400-normal.woff": "/.blocklet/proxy/blocklet-service/static/media/lato-all-400-normal.3dc1eff492ab1f598560.woff",
@@ -42,28 +42,28 @@
     "router-template-styles/styles.css": "/.blocklet/proxy/blocklet-service/router-template-styles/styles.css",
     "index.html": "/.blocklet/proxy/blocklet-service/index.html",
     "main.632501d5.css.map": "/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css.map",
-    "main.7700a901.js.map": "/.blocklet/proxy/blocklet-service/static/js/main.7700a901.js.map",
+    "main.c9dd5af4.js.map": "/.blocklet/proxy/blocklet-service/static/js/main.c9dd5af4.js.map",
     "560.4d01281e.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/560.4d01281e.chunk.js.map",
     "255.4b68f586.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/255.4b68f586.chunk.js.map",
     "371.60842581.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/371.60842581.chunk.js.map",
     "737.76692b09.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/737.76692b09.chunk.js.map",
-    "906.8d0bbdde.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/906.8d0bbdde.chunk.js.map",
+    "906.ebb2512d.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/906.ebb2512d.chunk.js.map",
     "868.43103624.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/868.43103624.chunk.js.map",
-    "409.3622d7f6.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/409.3622d7f6.chunk.js.map",
+    "409.ceb64579.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/409.ceb64579.chunk.js.map",
     "682.c64ae291.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/682.c64ae291.chunk.js.map",
     "711.6c22b7c7.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/711.6c22b7c7.chunk.js.map",
     "437.d815f0c0.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/437.d815f0c0.chunk.js.map",
     "690.f9a59613.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/690.f9a59613.chunk.js.map",
-    "313.546141b2.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/313.546141b2.chunk.js.map",
+    "950.07fa9e3d.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/950.07fa9e3d.chunk.js.map",
     "712.9667cdcd.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/712.9667cdcd.chunk.js.map",
     "511.1dd226f9.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/511.1dd226f9.chunk.js.map",
     "248.ad6363a4.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/248.ad6363a4.chunk.js.map",
     "503.b2c1f856.chunk.css.map": "/.blocklet/proxy/blocklet-service/static/css/503.b2c1f856.chunk.css.map",
-    "503.c96d3943.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/503.c96d3943.chunk.js.map",
+    "503.1b995e29.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/503.1b995e29.chunk.js.map",
     "203.0c856580.chunk.js.map": "/.blocklet/proxy/blocklet-service/static/js/203.0c856580.chunk.js.map"
   },
   "entrypoints": [
     "static/css/main.632501d5.css",
-    "static/js/main.7700a901.js"
+    "static/js/main.c9dd5af4.js"
   ]
 }

package/build/index.html

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"/><meta name="theme-color" content="#000000"/><title>Blocklet Service</title><script src=".well-known/service/api/env"></script><script src="/__blocklet__.js"></script><script defer="defer" src="/.blocklet/proxy/blocklet-service/static/js/main.7700a901.js"></script><link href="/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"/><meta name="theme-color" content="#000000"/><title>Blocklet Service</title><script src=".well-known/service/api/env"></script><script src="/__blocklet__.js"></script><script defer="defer" src="/.blocklet/proxy/blocklet-service/static/js/main.c9dd5af4.js"></script><link href="/.blocklet/proxy/blocklet-service/static/css/main.632501d5.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>