@abtnode/core 1.15.17 → 1.16.0-beta-b16cb035

package/lib/api/team.js

@@ -1,13 +1,46 @@
 const { EventEmitter } = require('events');
 const pick = require('lodash/pick');
+const joinUrl = require('url-join');
+
 const logger = require('@abtnode/logger')('@abtnode/core:api:team');
-const { ROLES, genPermissionName } = require('@abtnode/constant');
+const {
+  ROLES,
+  genPermissionName,
+  EVENTS,
+  WHO_CAN_ACCESS,
+  PASSPORT_STATUS,
+  WELLKNOWN_SERVICE_PATH_PREFIX,
+  MAX_USER_PAGE_SIZE,
+  STORE_DETAIL_PAGE_PATH_PREFIX,
+} = require('@abtnode/constant');
 const { isValid: isValidDid } = require('@arcblock/did');
-const { BlockletEvents } = require('@blocklet/meta/lib/constants');
+const { BlockletEvents } = require('@blocklet/constant');
+const { sendToUser } = require('@blocklet/sdk/lib/util/send-notification');
+const {
+  createPassportVC,
+  createPassport,
+  upsertToPassports,
+  createUserPassport,
+} = require('@abtnode/auth/lib/passport');
+const { getPassportStatusEndpoint } = require('@abtnode/auth/lib/auth');
+const getBlockletInfo = require('@blocklet/meta/lib/info');
+const { parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
+
 const { validateTrustedPassportIssuers } = require('../validators/trusted-passport');
 const { validateCreateRole, validateUpdateRole } = require('../validators/role');
 const { validateCreatePermission, validateUpdatePermission } = require('../validators/permission');
 
+const { getBlocklet } = require('../util/blocklet');
+const StoreUtil = require('../util/store');
+
+const sanitizeUrl = (url) => {
+  if (!url) {
+    throw new Error('Registry URL should not be empty');
+  }
+
+  return url.trim();
+};
+
 const validateReservedRole = (role) => {
   if (Object.values(ROLES).includes(role)) {
     throw new Error(`The role ${role} is reserved`);
@@ -15,18 +48,53 @@ const validateReservedRole = (role) => {
   return true;
 };
 
+const sendPassportVcNotification = ({ userDid, appWallet: wallet, locale, vc }) => {
+  try {
+    const receiver = userDid;
+    const sender = { appDid: wallet.address, appSk: wallet.secretKey };
+    const message = {
+      title: {
+        en: 'Receive a Passport',
+        zh: '获得通行证',
+      }[locale],
+      body: {
+        en: 'You got a passport',
+        zh: '你获得了一张通行证',
+      }[locale],
+      attachments: [
+        {
+          type: 'vc',
+          data: {
+            credential: vc,
+            tag: vc.credentialSubject.passport.name,
+          },
+        },
+      ],
+    };
+
+    sendToUser(receiver, message, sender, process.env.ABT_NODE_SERVICE_PORT).catch((error) => {
+      logger.error('Failed send passport vc to wallet', { error });
+    });
+  } catch (error) {
+    logger.error('Failed send passport vc to wallet', { error });
+  }
+};
+
 class TeamAPI extends EventEmitter {
   /**
    *
    * @param {object} states abtnode core StateDB
    */
-  constructor({ teamManager, states }) {
+  constructor({ teamManager, states, dataDirs }) {
     super();
 
     this.notification = states.notification;
     this.node = states.node;
-    this.inviteExpireTime = 1000 * 3600 * 24 * 30; // 30 days
+    this.states = states;
+    this.memberInviteExpireTime = 1000 * 3600 * 24 * 30; // 30 days
+    this.serverInviteExpireTime = 1000 * 3600; // 1 hour
     this.teamManager = teamManager;
+    this.dataDirs = dataDirs;
   }
 
   // User && Invitation
@@ -54,41 +122,71 @@ class TeamAPI extends EventEmitter {
     if (teamDid === nodeInfo.did && nodeInfo.nodeOwner && user.did !== nodeInfo.nodeOwner.did) {
       await this.notification.create({
         title: 'New member join',
-        description: `User with Name (${user.fullName}) and DID (${user.did}) has joined this Node`,
+        description: `User with Name (${user.fullName}) and DID (${user.did}) has joined this server`,
         entityType: 'node',
-        action: '/settings/team',
+        action: '/team/members',
         entityId: user.did,
         severity: 'success',
       });
     }
 
-    this.emit('user.added', { teamDid, user: doc });
+    this.emit(EVENTS.USER_ADDED, { teamDid, user: doc });
 
     return doc;
   }
 
-  async getUsers({ teamDid }) {
+  async getUsers({ teamDid, query, paging: inputPaging, sort, dids }) {
     const state = await this.getUserState(teamDid);
 
-    const list = await state.getUsers();
-
-    return list.map(
-      (d) =>
-        pick(d, [
-          'did',
-          'pk',
-          'role',
-          'email',
-          'fullName',
-          'approved',
-          'createdAt',
-          'updatedAt',
-          'passports',
-          'firstLoginAt',
-          'lastLoginAt',
-        ])
-      // eslint-disable-next-line function-paren-newline
-    );
+    if (inputPaging?.pageSize > MAX_USER_PAGE_SIZE) {
+      throw new Error(`Length of users should not exceed ${MAX_USER_PAGE_SIZE} per page`);
+    }
+
+    if (dids && dids.length > MAX_USER_PAGE_SIZE) {
+      throw new Error(`Length of users should not exceed ${MAX_USER_PAGE_SIZE}`);
+    }
+
+    let list;
+    let paging;
+
+    if (dids) {
+      list = await state.getUsersByDids({ query, dids });
+      paging = {
+        total: list.length,
+        pageSize: dids.length,
+        pageCount: 1,
+        page: 1,
+      };
+    } else {
+      const doc = await state.getUsers({ query, sort, paging: { pageSize: 20, ...inputPaging } });
+      list = doc.list;
+      paging = doc.paging;
+    }
+
+    return {
+      users: list.map(
+        (d) =>
+          pick(d, [
+            'did',
+            'pk',
+            'role',
+            'email',
+            'fullName',
+            'approved',
+            'createdAt',
+            'updatedAt',
+            'passports',
+            'firstLoginAt',
+            'lastLoginAt',
+            'lastLoginIp',
+            'remark',
+            'avatar',
+            'locale',
+          ])
+        // eslint-disable-next-line function-paren-newline
+      ),
+      paging,
+    };
   }
 
   async getUsersCount({ teamDid }) {
@@ -97,19 +195,54 @@ class TeamAPI extends EventEmitter {
     return state.count();
   }
 
+  async getUsersCountPerRole({ teamDid }) {
+    const roles = await this.getRoles({ teamDid });
+
+    const state = await this.getUserState(teamDid);
+
+    const res = [];
+
+    const all = await state.count();
+    res.push({ key: '$all', value: all });
+
+    for (const { name } of roles) {
+      // eslint-disable-next-line no-await-in-loop
+      const count = await state.count({ passports: { $elemMatch: { name, status: PASSPORT_STATUS.VALID } } });
+      res.push({ key: name, value: count });
+    }
+
+    const none = await state.count({ passports: { $size: 0 } });
+    res.push({ key: '$none', value: none });
+
+    return res;
+  }
+
   async getUser({ teamDid, user }) {
     const state = await this.getUserState(teamDid);
 
     return state.getUser(user.did);
   }
 
+  async getOwner({ teamDid }) {
+    const owner = await this.teamManager.getOwner(teamDid);
+
+    if (!owner) {
+      return null;
+    }
+
+    const state = await this.getUserState(teamDid);
+
+    const full = await state.getUser(owner.did);
+    return full || owner;
+  }
+
   async updateUser({ teamDid, user }) {
     const state = await this.getUserState(teamDid);
 
     const doc = await state.update(user);
 
     logger.info('user updated successfully', { teamDid, userDid: user.did });
-    this.emit('user.updated', { teamDid, user: doc });
+    this.emit(EVENTS.USER_UPDATED, { teamDid, user: doc });
 
     return doc;
   }
@@ -131,7 +264,7 @@ class TeamAPI extends EventEmitter {
 
     logger.info('user removed successfully', { teamDid, userDid: did });
 
-    this.emit('user.removed', { teamDid, user: { did } });
+    this.emit(EVENTS.USER_REMOVED, { teamDid, user: { did } });
 
     return { did };
   }
@@ -152,7 +285,7 @@ class TeamAPI extends EventEmitter {
 
     logger.info('user approval updated successfully', { teamDid, userDid: user.did, approved: user.approved });
 
-    this.emit('user.updated', { teamDid, user: doc2 });
+    this.emit(EVENTS.USER_UPDATED, { teamDid, user: doc2 });
 
     return doc2;
   }
@@ -171,11 +304,77 @@ class TeamAPI extends EventEmitter {
 
     logger.info('user role updated successfully', { teamDid, userDid: user.did, role: user.role });
 
-    this.emit('user.updated', { teamDid, user: doc });
+    this.emit(EVENTS.USER_UPDATED, { teamDid, user: doc });
 
     return doc;
   }
 
+  async issuePassportToUser({ teamDid, userDid, role: roleName, notify = true }, context = {}) {
+    const { locale = 'en' } = context;
+
+    const userState = await this.getUserState(teamDid);
+    const user = await userState.getUser(userDid);
+
+    if (!user) {
+      throw new Error(`user does not exist: ${userDid}`);
+    }
+
+    if (!user.approved) {
+      throw new Error(`the user is revoked: ${userDid}`);
+    }
+
+    const rbac = await this.getRBAC(teamDid);
+    const role = await rbac.getRole(roleName);
+
+    if (!role) {
+      throw new Error(`passport does not exist: ${roleName}`);
+    }
+
+    // create vc
+    const blocklet = await getBlocklet({ did: teamDid, states: this.states, dataDirs: this.dataDirs });
+    const nodeInfo = await this.node.read();
+    const blockletInfo = getBlockletInfo(blocklet, nodeInfo.sk);
+    const { wallet, passportColor, appUrl, name: issuerName } = blockletInfo;
+
+    const vc = createPassportVC({
+      issuerName,
+      issuerWallet: wallet,
+      ownerDid: userDid,
+      passport: await createPassport({
+        role,
+      }),
+      endpoint: getPassportStatusEndpoint({
+        baseUrl: joinUrl(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+        userDid,
+        teamDid,
+      }),
+      ownerProfile: {
+        ...user,
+        avatar: await parseUserAvatar(user.avatar, { dataDir: blocklet.env.dataDir }),
+      },
+      preferredColor: passportColor,
+    });
+
+    // write passport to db
+    const passport = createUserPassport(vc, { role: role.name });
+    user.passports = upsertToPassports(user.passports || [], passport);
+    await this.updateUser({
+      teamDid,
+      user: {
+        did: user.did,
+        pk: user.pk,
+        passports: user.passports,
+      },
+    });
+
+    // send vc to wallet
+    if (notify) {
+      sendPassportVcNotification({ userDid, appWallet: wallet, locale, vc });
+    }
+
+    return user;
+  }
+
   async revokeUserPassport({ teamDid, userDid, passportId } = {}) {
     if (!passportId) {
       throw new Error('Revoked passport should not be empty');
@@ -187,7 +386,7 @@ class TeamAPI extends EventEmitter {
 
     logger.info('user passport revoked successfully', { teamDid, userDid, passportId });
 
-    this.emit('user.updated', { teamDid, user: doc });
+    this.emit(EVENTS.USER_UPDATED, { teamDid, user: doc });
 
     return doc;
   }
@@ -203,16 +402,40 @@ class TeamAPI extends EventEmitter {
 
     logger.info('user passport enabled successfully', { teamDid, userDid, passportId });
 
-    this.emit('user.updated', { teamDid, user: doc });
+    this.emit(EVENTS.USER_UPDATED, { teamDid, user: doc });
 
     return doc;
   }
 
   // Invite member
 
-  async createInvitation({ teamDid, role, remark, interfaceName }, context) {
+  /**
+   * @type InvitationSession {
+   *   type: 'invite';
+   *   role: string;
+   *   remark: string;
+   *   expireDate: number;
+   *   inviter: {
+   *     did: string;
+   *     email?: string;
+   *     fullName?: string;
+   *     role?: string;
+   *   };
+   *   teamDid: string;
+   *   status: '' | 'success';
+   *   receiver: {
+   *     did: string;
+   *   };
+   * }
+   * @returns
+   */
+  async createMemberInvitation({ teamDid, role, expireTime, remark }, context) {
     await this.teamManager.checkEnablePassportIssuance(teamDid);
 
+    if (expireTime && expireTime <= 0) {
+      throw new Error('Expire time must be greater than 0');
+    }
+
     if (!role) {
       throw new Error('Role cannot be empty');
     }
@@ -232,7 +455,7 @@ class TeamAPI extends EventEmitter {
       throw new Error('Inviter does not exist');
     }
 
-    const expireDate = Date.now() + this.inviteExpireTime;
+    const expireDate = Date.now() + (expireTime || this.memberInviteExpireTime);
     const state = await this.getSessionState(teamDid);
     const { id: inviteId } = await state.start({
       type: 'invite',
@@ -241,7 +464,6 @@ class TeamAPI extends EventEmitter {
       expireDate,
       inviter: user,
       teamDid,
-      interfaceName,
     });
 
     logger.info('Create invite member', { role, user, inviteId });
@@ -253,16 +475,47 @@ class TeamAPI extends EventEmitter {
       expireDate: new Date(expireDate).toString(),
       inviter: user,
       teamDid,
-      interfaceName,
     };
   }
 
-  async getInvitations({ teamDid }) {
+  async createTransferInvitation({ teamDid, remark }, context) {
+    return this.createMemberInvitation(
+      { teamDid, expireTime: this.serverInviteExpireTime, remark, role: 'owner' },
+      context
+    );
+  }
+
+  async getInvitation({ teamDid, inviteId }) {
+    if (!teamDid || !inviteId) {
+      return null;
+    }
+
+    const state = await this.getSessionState(teamDid);
+
+    const invitation = await state.findOne({ _id: inviteId, type: 'invite' });
+    if (!invitation) {
+      return null;
+    }
+
+    return {
+      // eslint-disable-next-line no-underscore-dangle
+      inviteId: invitation._id,
+      role: invitation.role,
+      remark: invitation.remark,
+      expireDate: new Date(invitation.expireDate).toString(),
+      inviter: invitation.inviter,
+      teamDid: invitation.teamDid,
+      status: invitation.status,
+      receiver: invitation.receiver,
+    };
+  }
+
+  async getInvitations({ teamDid, filter }) {
     const state = await this.getSessionState(teamDid);
 
     const invitations = await state.find({ type: 'invite' });
 
-    return invitations.map((d) => ({
+    return invitations.filter(filter || ((x) => x.status !== 'success')).map((d) => ({
       // eslint-disable-next-line no-underscore-dangle
       inviteId: d._id,
       role: d.role,
@@ -270,7 +523,8 @@ class TeamAPI extends EventEmitter {
       expireDate: new Date(d.expireDate).toString(),
       inviter: d.inviter,
       teamDid: d.teamDid,
-      interfaceName: d.interfaceName,
+      status: d.status,
+      receiver: d.receiver,
     }));
   }
 
@@ -287,7 +541,7 @@ class TeamAPI extends EventEmitter {
     return true;
   }
 
-  async processInvitation({ teamDid, inviteId }) {
+  async checkInvitation({ teamDid, inviteId }) {
     const state = await this.getSessionState(teamDid);
 
     const invitation = await state.read(inviteId);
@@ -296,7 +550,7 @@ class TeamAPI extends EventEmitter {
       throw new Error(`The invitation does not exist: ${inviteId}`);
     }
 
-    const { role, expireDate } = await state.read(inviteId);
+    const { role, expireDate, remark } = await state.read(inviteId);
 
     if (Date.now() > expireDate) {
       logger.error('Invite id has expired', { inviteId, expireAt: new Date(expireDate) });
@@ -309,15 +563,33 @@ class TeamAPI extends EventEmitter {
       throw new Error(`Role does not exist: ${role}`);
     }
 
-    await state.end(inviteId);
-
-    logger.info('Invitation session completed successfully', { inviteId, role });
-
     return {
       role,
+      remark,
     };
   }
 
+  async closeInvitation({ teamDid, inviteId, status, receiver, timeout = 30 * 1000 }) {
+    const state = await this.getSessionState(teamDid);
+
+    const invitation = await state.read(inviteId);
+
+    if (!invitation) {
+      throw new Error(`The invitation does not exist: ${inviteId}`);
+    }
+
+    await state.update(inviteId, { status, receiver });
+
+    setTimeout(async () => {
+      try {
+        logger.info('Invitation session closed', { inviteId });
+        await state.end(inviteId);
+      } catch (error) {
+        logger.error('close invitation failed', { error });
+      }
+    }, timeout);
+  }
+
   // Issue Passport
 
   async createPassportIssuance({ teamDid, ownerDid, name }) {
@@ -338,7 +610,7 @@ class TeamAPI extends EventEmitter {
       throw new Error(`Passport does not exist: ${name}`);
     }
 
-    const expireDate = Date.now() + this.inviteExpireTime;
+    const expireDate = Date.now() + this.memberInviteExpireTime;
 
     const state = await this.getSessionState(teamDid);
     const { id } = await state.start({
@@ -365,7 +637,13 @@ class TeamAPI extends EventEmitter {
   async getPassportIssuances({ teamDid, ownerDid }) {
     const state = await this.getSessionState(teamDid);
 
-    const list = await state.find({ type: 'passport-issuance', ownerDid });
+    const query = { type: 'passport-issuance' };
+
+    if (ownerDid) {
+      query.ownerDid = ownerDid;
+    }
+
+    const list = await state.find(query);
 
     return list.map((d) => ({
       // eslint-disable-next-line no-underscore-dangle
@@ -452,14 +730,18 @@ class TeamAPI extends EventEmitter {
     }
   }
 
-  // Access Control
+  async configWhoCanAccess({ teamDid, value }) {
+    if (!Object.values(WHO_CAN_ACCESS).includes(value)) {
+      throw new Error('value is invalid');
+    }
 
-  async getRoles({ teamDid }) {
-    const rbac = await this.getRBAC(teamDid);
+    await this.teamManager.configWhoCanAccess(teamDid, value);
+  }
 
-    const roles = await rbac.getRoles();
+  // Access Control
 
-    return roles.map((d) => pick(d, ['name', 'grants', 'title', 'description']));
+  async getRoles({ teamDid }) {
+    return this.teamManager.getRoles(teamDid);
   }
 
   async createRole({ teamDid, name, description, title, childName, permissions = [] }) {
@@ -486,7 +768,7 @@ class TeamAPI extends EventEmitter {
   async updateRole({ teamDid, role: { name, title, description } = {} }) {
     logger.info('update role', { teamDid, name, title, description });
 
-    validateUpdateRole({ name, title, description });
+    await validateUpdateRole({ name, title, description });
 
     const rbac = await this.getRBAC(teamDid);
 
@@ -628,6 +910,55 @@ class TeamAPI extends EventEmitter {
     );
   }
 
+  // eslint-disable-next-line no-unused-vars
+  async addStore({ teamDid, url }, context) {
+    logger.info('add registry', { url });
+
+    const urlObj = new URL(url);
+    let newUrl = urlObj.origin;
+
+    // if the pathname is store blocklet list or blocklet detail
+    if (urlObj.pathname?.includes(STORE_DETAIL_PAGE_PATH_PREFIX)) {
+      const lastIndex = urlObj.pathname.lastIndexOf(STORE_DETAIL_PAGE_PATH_PREFIX);
+      const pathnamePrefix = urlObj.pathname.substring(0, lastIndex);
+      newUrl = `${newUrl}${pathnamePrefix || ''}`;
+    }
+
+    const sanitized = sanitizeUrl(newUrl);
+
+    const storeList = await this.teamManager.getStoreList(teamDid);
+
+    const exist = storeList.find((x) => x.url === sanitized);
+    if (exist) {
+      throw new Error(`Blocklet registry already exist: ${sanitized}`);
+    }
+
+    await StoreUtil.validateStoreUrl(sanitized);
+
+    const store = await StoreUtil.getStoreMeta(sanitized);
+
+    storeList.push({ ...store, url: sanitized, protected: false });
+
+    return this.teamManager.updateStoreList(teamDid, storeList);
+  }
+
+  // eslint-disable-next-line no-unused-vars
+  async deleteStore({ teamDid, url }, context) {
+    logger.info('delete registry', { url });
+    const sanitized = sanitizeUrl(url);
+
+    const storeList = await this.teamManager.getStoreList(teamDid);
+    const exist = storeList.find((x) => x.url === sanitized);
+    if (!exist) {
+      throw new Error(`Blocklet registry does not exist: ${sanitized}`);
+    }
+
+    return this.teamManager.updateStoreList(
+      teamDid,
+      storeList.filter((x) => x.url !== sanitized)
+    );
+  }
+
   // =======
   // Private
   // =======
@@ -648,7 +979,7 @@ class TeamAPI extends EventEmitter {
   // Just for test
   // =============
   setInviteExpireTime(ms) {
-    this.inviteExpireTime = ms;
+    this.memberInviteExpireTime = ms;
   }
 }