@abtnode/core 1.16.28-next-5a717317 → 1.16.28

package/lib/api/team.js

@@ -2,7 +2,7 @@ const { EventEmitter } = require('events');
 const pick = require('lodash/pick');
 const defaults = require('lodash/defaults');
 const cloneDeep = require('lodash/cloneDeep');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 
 const logger = require('@abtnode/logger')('@abtnode/core:api:team');
 const {
@@ -511,7 +511,7 @@ class TeamAPI extends EventEmitter {
         role,
       }),
       endpoint: getPassportStatusEndpoint({
-        baseUrl: joinUrl(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+        baseUrl: joinURL(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
         userDid,
         teamDid,
       }),
@@ -966,7 +966,7 @@ class TeamAPI extends EventEmitter {
             role,
           }),
           endpoint: getPassportStatusEndpoint({
-            baseUrl: joinUrl(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+            baseUrl: joinURL(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
             userDid,
             teamDid,
           }),

package/lib/blocklet/hooks.js

@@ -1,11 +1,13 @@
 const get = require('lodash/get');
 const camelCase = require('lodash/camelCase');
 const runScript = require('@abtnode/util/lib/run-script');
+const { getSecurityNodeOptions } = require('@abtnode/util/lib/security');
 
 // eslint-disable-next-line global-require
 const logger = require('@abtnode/logger')(`${require('../../package.json').name}:blocklet:hooks`);
 
 const { getSafeEnv } = require('../util');
+const states = require('../states');
 
 const runUserHook = async (label, hookName, args) => {
   const {
@@ -27,10 +29,16 @@ const runUserHook = async (label, hookName, args) => {
     }
 
     logger.info(`run hook:${hookName}:`, { label, hook });
+
+    const nodeInfo = await states.node.read();
     // FIXME @linchen timeout 应该动态设置或不设置
     await runScript(hook, [label, hookName].join(':'), {
       cwd: appDir,
-      env: { ...getSafeEnv(env), BLOCKLET_HOOK_NAME: hookName },
+      env: {
+        ...getSafeEnv(env),
+        BLOCKLET_HOOK_NAME: hookName,
+        NODE_OPTIONS: getSecurityNodeOptions({ environmentObj: env, ...args }, nodeInfo.enableFileSystemIsolation),
+      },
       silent,
       output: outputFile,
       error: errorFile,

package/lib/blocklet/manager/disk.js

@@ -16,7 +16,7 @@ const { sign } = require('@arcblock/jwt');
 const { isInServerlessMode } = require('@abtnode/util/lib/serverless');
 const sleep = require('@abtnode/util/lib/sleep');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const { sendToUser } = require('@blocklet/sdk/lib/util/send-notification');
 
 const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
@@ -2799,7 +2799,7 @@ class DiskBlockletManager extends BaseBlockletManager {
        * @type {import('@abtnode/client').NodeState}
        */
       const node = await states.node.read();
-      referrer = joinUrl(
+      referrer = joinURL(
         `https://${encode(node.did)}.${DEFAULT_DID_DOMAIN}`,
         node.routing.adminPath,
         `/blocklets/${did}/storage`
@@ -3253,7 +3253,8 @@ class DiskBlockletManager extends BaseBlockletManager {
               logo: '',
             };
           } else {
-            throw new Error(`engine component ${engineId} not found`);
+            // Note: the component maybe in dev mode or removed
+            logger.warn(`engine component ${engineId} not found for ${did}`);
           }
         } else {
           component.engine = getEngine(engine.interpreter)?.describe();
@@ -4486,7 +4487,7 @@ class FederatedBlockletManager extends DiskBlockletManager {
   async joinFederatedLogin({ appUrl, did }, context) {
     const url = new URL(appUrl);
     // master service api 的地址
-    url.pathname = joinUrl(WELLKNOWN_SERVICE_PATH_PREFIX, '/api/federated/join');
+    url.pathname = joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/api/federated/join');
 
     const blocklet = await this.getBlocklet(did);
     const nodeInfo = await states.node.read();
@@ -4503,7 +4504,7 @@ class FederatedBlockletManager extends DiskBlockletManager {
       aliasDomain: domainAliases.map((x) => x.value),
       appLogo:
         blocklet.environmentObj.BLOCKLET_APP_LOGO ||
-        normalizePathPrefix(joinUrl(WELLKNOWN_SERVICE_PATH_PREFIX, '/blocklet/logo')) ||
+        normalizePathPrefix(joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, '/blocklet/logo')) ||
         '/',
       appLogoRect: blocklet.environmentObj.BLOCKLET_APP_LOGO_RECT,
       did: permanentWallet.address,

package/lib/blocklet/manager/helper/install-component-from-url.js

@@ -95,9 +95,11 @@ const installComponentFromUrl = async ({
   const { dynamicComponents } = await parseComponents(newChild);
 
   const index = blocklet.children.findIndex((child) => child.meta.did === meta.did);
+
   if (index >= 0) {
     // if upgrade, do not update mountPoint and title
-    newChild.mountPoint = blocklet.children[index].mountPoint;
+    newChild.mountPoint =
+      blocklet.children[index].mountPoint || formatName(newChildMeta.title) || formatName(newChildMeta.name);
     // 更新版本时, title 应该更新
     // newChild.meta.title = blocklet.children[index].meta.title;
     newChild.installedAt = blocklet.children[index].installedAt;

package/lib/blocklet/project/create-pack-release.js

@@ -13,7 +13,7 @@ const { createRelease: createBlockletRelease } = require('@abtnode/util/lib/crea
 const urlPathFriendly = require('@blocklet/meta/lib/url-path-friendly').default;
 const { hasStartEngine } = require('@blocklet/meta/lib/util');
 
-const logger = require('@abtnode/logger')('create-resource-blocklet-pack');
+const logger = require('@abtnode/logger')('blocklet-studio-pack');
 
 const { createReleaseSchema } = require('../../validators/project');
 
@@ -228,7 +228,7 @@ const createPackRelease = async ({
     if (fs.existsSync(extendedMetaFile)) {
       const extendedMeta = readMetaFile(extendedMetaFile);
       logger.info('merge extended blocklet.yml', extendedMeta);
-      Object.assign(meta, pick(extendedMeta, ['environments', 'engine']));
+      Object.assign(meta, pick(extendedMeta, ['environments', 'engine', 'capabilities']));
     }
 
     // Reset group for blocklets with engine specified

package/lib/blocklet/project/index.js

@@ -10,7 +10,7 @@ const { titleSchema } = require('@blocklet/meta/lib/schema');
 const { validateNewDid } = require('@blocklet/meta/lib/name');
 const urlPathFriendly = require('@blocklet/meta/lib/url-path-friendly').default;
 
-const logger = require('@abtnode/logger')('create-resource-blocklet');
+const logger = require('@abtnode/logger')('blocklet-studio');
 
 const { createReleaseSchema } = require('../../validators/project');
 const getIsMultipleTenant = require('./get-is-multiple-tenant');
@@ -19,8 +19,10 @@ const {
   getLogoFile,
   exportBlockletResources,
   getResourceList,
+  checkUploadExists,
   checkResourceExists,
   getExtendedMetaFile,
+  exportUploadedResources,
 } = require('./util');
 const createPackRelease = require('./create-pack-release');
 const connectToStore = require('./connect-to-store');
@@ -172,6 +174,7 @@ const createRelease = async ({
   blockletIntroduction,
   blockletLogo,
   blockletScreenshots,
+  uploadedResource,
   blockletComponents,
   note,
   manager,
@@ -196,6 +199,7 @@ const createRelease = async ({
     blockletLogo,
     blockletIntroduction,
     blockletScreenshots,
+    uploadedResource,
     note,
   };
 
@@ -235,16 +239,16 @@ const createRelease = async ({
   if (action === 'update') {
     const release = await releaseState.findOne({ projectId, id: releaseId });
     if (!release) {
-      throw new Error('release not found');
+      throw new Error(`Blocklet release ${releaseId} not found for project ${projectId}`);
     }
     if (release.status !== 'draft') {
-      throw new Error('Can not update a published release');
+      throw new Error(`Can not update a published release: ${releaseId}`);
     }
   }
 
   const existVersion = await releaseState.findOne({ projectId, blockletVersion });
   if (existVersion && (action === 'create' || existVersion.id !== releaseId)) {
-    throw new Error(`blockletVersion ${blockletVersion} already exists`);
+    throw new Error(`Release version ${blockletVersion} already exists`);
   }
 
   const { blockletDid } = project0;
@@ -253,8 +257,14 @@ const createRelease = async ({
 
   const projectDir = path.join(blocklet.env.dataDir, PROJECT.DIR, `${projectId}`);
 
+  // validate resources
+  const isResourceFromUpload = !!uploadedResource;
   if (status !== PROJECT.RELEASE_STATUS.draft) {
-    await checkResourceExists(projectDir, action, releaseId);
+    if (isResourceFromUpload) {
+      await checkUploadExists(projectDir, action, releaseId, uploadedResource);
+    } else {
+      await checkResourceExists(projectDir, action, releaseId);
+    }
   }
 
   const release = await releaseState.upsertRelease({
@@ -264,6 +274,7 @@ const createRelease = async ({
     releaseId,
     status,
   });
+  logger.info('release upsert done', release);
 
   const _releaseId = release.id;
   const releaseDir = path.join(projectDir, PROJECT.RELEASE_DIR, `${_releaseId}`);
@@ -301,7 +312,7 @@ const createRelease = async ({
   }
 
   if (fs.existsSync(releaseFile)) {
-    logger.error('release file already exists, remove it', releaseFile);
+    logger.warn('release file exists, remove it', releaseFile);
     await fs.remove(releaseFile);
   }
 
@@ -338,17 +349,7 @@ const createRelease = async ({
     });
     await fs.outputFile(changelogDistFile, changelog.join('\n\n'));
 
-    // create resource
-    await exportBlockletResources({
-      app: blocklet,
-      projectId,
-      releaseId: _releaseId,
-      exportDir: releaseBundleDir,
-      blockletDid,
-    });
-
     // create blocklet.yml
-    const resourceList = await getResourceList(resourceDir);
     const meta = {
       did: blockletDid,
       name: blockletDid,
@@ -356,20 +357,53 @@ const createRelease = async ({
       description: blockletDescription,
       version: blockletVersion,
       logo: logoFileName,
-      resource: {
-        bundles: resourceList.length ? resourceList : undefined,
-      },
       components: [],
       files: project.blockletScreenshots?.length ? ['screenshots'] : [],
       screenshots: project.blockletScreenshots || [],
     };
 
+    // create resource
+    if (isResourceFromUpload) {
+      await exportUploadedResources({
+        app: blocklet,
+        projectId,
+        releaseId: _releaseId,
+        exportDir: releaseBundleDir,
+      });
+
+      meta.main = PROJECT.MAIN_DIR;
+      meta.engine = {
+        interpreter: 'blocklet',
+        source: {
+          // FIXME: @wangshijun publish this to production store
+          store: 'https://test.store.blocklet.dev',
+          name: 'z2qa2dGC9EmsjB2WJtUcmuRWx43zTwPUZQF7g',
+          version: 'latest',
+        },
+      };
+    } else {
+      await exportBlockletResources({
+        app: blocklet,
+        projectId,
+        releaseId: _releaseId,
+        exportDir: releaseBundleDir,
+        blockletDid,
+      });
+
+      const resourceList = await getResourceList(resourceDir);
+      if (resourceList) {
+        meta.resource = {
+          bundles: resourceList.length ? resourceList : undefined,
+        };
+      }
+    }
+
     // merge extended blocklet.yml
     const extendedMetaFile = getExtendedMetaFile({ app: blocklet, projectId, releaseId });
     if (fs.existsSync(extendedMetaFile)) {
       const extendedMeta = readMetaFile(extendedMetaFile);
-      logger.info('merge extended blocklet.yml', extendedMeta);
-      Object.assign(meta, pick(extendedMeta, ['environments', 'engine']));
+      logger.info('release extended blocklet.yml', extendedMeta);
+      Object.assign(meta, pick(extendedMeta, ['environments', 'engine', 'capabilities']));
     }
 
     // Enable mountPoint for blocklets with engine specified
@@ -411,7 +445,7 @@ const createRelease = async ({
       files: [releaseFileName],
     });
 
-    logger.info('create release success', res2);
+    logger.info('release finalized', res2);
 
     return res2;
   } catch (error) {

package/lib/blocklet/project/util.js

@@ -3,6 +3,7 @@ const fs = require('fs-extra');
 const fg = require('fast-glob');
 const { isValid: isValidDid } = require('@arcblock/did');
 const { PROJECT, BLOCKLET_RESOURCE_DIR, BLOCKLET_META_FILE } = require('@blocklet/constant');
+const { expandBundle } = require('../../util');
 
 const COMPONENT_CONFIG_MAP_DIR = '.component_config';
 
@@ -77,6 +78,15 @@ const exportBlockletResources = async ({
   }
 };
 
+const exportUploadedResources = async ({ app, projectId, releaseId, exportDir }) => {
+  const projectDir = path.join(app.env.dataDir, PROJECT.DIR, `${projectId}`);
+  const releaseDir = path.join(projectDir, PROJECT.RELEASE_DIR, `${releaseId}`);
+  const sourceDir = path.join(releaseDir, PROJECT.RESOURCE_DIR, PROJECT.MAIN_DIR);
+  const destDir = path.join(exportDir, PROJECT.MAIN_DIR);
+  await fs.ensureDir(destDir);
+  await fs.copy(sourceDir, destDir);
+};
+
 async function checkIfDirectory(file) {
   try {
     const stats = await fs.promises.stat(file);
@@ -135,6 +145,29 @@ const checkResourceExists = async (projectDir, action, releaseId) => {
   }
 };
 
+const checkUploadExists = async (projectDir, action, releaseId, uploadedResource) => {
+  const uploadedFile = path.join(projectDir, PROJECT.ASSET_DIR, uploadedResource);
+  if (!fs.existsSync(uploadedFile)) {
+    throw new Error(`Uploaded resource does not exist: ${uploadedResource}`);
+  }
+
+  const resourceDir =
+    action === 'create'
+      ? path.join(projectDir, PROJECT.RESOURCE_DIR, PROJECT.MAIN_DIR)
+      : path.join(projectDir, PROJECT.RELEASE_DIR, `${releaseId}`, PROJECT.RESOURCE_DIR, PROJECT.MAIN_DIR);
+
+  if (fs.existsSync(resourceDir)) {
+    fs.rmSync(resourceDir, { recursive: true });
+  }
+  fs.ensureDirSync(resourceDir);
+
+  await expandBundle(uploadedFile, resourceDir);
+  const files = ['index.html', 'index.htm'];
+  if (files.every((file) => fs.existsSync(path.join(resourceDir, file)) === false)) {
+    throw new Error(`Uploaded resource does not contain index.html or index.htm: ${uploadedResource}`);
+  }
+};
+
 const getExtendedMetaFile = ({ app, projectId, releaseId }) => {
   const { dataDir } = app.env;
   const dirArr = [dataDir, PROJECT.DIR, projectId || '/'];
@@ -148,7 +181,9 @@ const getExtendedMetaFile = ({ app, projectId, releaseId }) => {
 module.exports = {
   getLogoFile,
   exportBlockletResources,
+  exportUploadedResources,
   getResourceList,
+  checkUploadExists,
   checkResourceExists,
   getExtendedMetaFile,
 };

package/lib/monitor/blocklet-runtime-monitor.js

@@ -1,4 +1,4 @@
-const EventEmitter = require('events');
+const { EventEmitter } = require('events');
 
 const cloneDeep = require('lodash/cloneDeep');
 const pLimit = require('p-limit');

package/lib/monitor/node-runtime-monitor.js

@@ -1,4 +1,4 @@
-const EventEmitter = require('events');
+const { EventEmitter } = require('events');
 const dayjs = require('@abtnode/util/lib/dayjs');
 const pick = require('lodash/pick');
 const cloneDeep = require('lodash/cloneDeep');

package/lib/router/helper.js

@@ -10,7 +10,7 @@ const get = require('lodash/get');
 const cloneDeep = require('lodash/cloneDeep');
 const groupBy = require('lodash/groupBy');
 const isEqual = require('lodash/isEqual');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const {
   replaceSlotToIp,
   findComponentById,
@@ -288,7 +288,7 @@ const ensureLatestInterfaceInfo = async (sites = []) => {
       if (rule.isProtected && rule.to.target === WELLKNOWN_SERVICE_PATH_PREFIX) {
         return rule;
       }
-      if (rule.isProtected && rule.to.target === joinUrl(WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_PATH_PREFIX)) {
+      if (rule.isProtected && rule.to.target === joinURL(WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_PATH_PREFIX)) {
         return rule;
       }
 
@@ -359,7 +359,7 @@ const ensureWellknownRule = async (sites = []) => {
       const rule = grouped[groupPathPrefix][0];
 
       // Serve blocklet service always
-      const servicePathPrefix = joinUrl(groupPathPrefix, WELLKNOWN_SERVICE_PATH_PREFIX);
+      const servicePathPrefix = joinURL(groupPathPrefix, WELLKNOWN_SERVICE_PATH_PREFIX);
       if (!site.rules.some((x) => x.from.pathPrefix === servicePathPrefix)) {
         site.rules.push({
           id: rule.id,
@@ -380,7 +380,7 @@ const ensureWellknownRule = async (sites = []) => {
       }
 
       // Cache user avatar from gateway
-      const avatarPathPrefix = joinUrl(servicePathPrefix, USER_AVATAR_PATH_PREFIX);
+      const avatarPathPrefix = joinURL(servicePathPrefix, USER_AVATAR_PATH_PREFIX);
       if (!site.rules.some((x) => x.from.pathPrefix === avatarPathPrefix)) {
         site.rules.push({
           id: rule.id,
@@ -492,7 +492,7 @@ const ensureBlockletWellknownRules = (sites, blocklets) => {
 
     const tmpMountPoint = mountPoint || blocklet.mountPoint;
     if (tmpMountPoint) {
-      pathPrefix = joinUrl(tmpMountPoint, pathPrefix);
+      pathPrefix = joinURL(tmpMountPoint, pathPrefix);
     }
 
     const port = findInterfacePortByName(blocklet, tmpInterface.name);
@@ -585,7 +585,7 @@ const expandComponentRules = (sites = [], blocklets) => {
             newRule.from.pathPrefix = baseRule.from.pathPrefix;
             newRule.to.pageGroup = baseRule.to.pageGroup;
           } else {
-            newRule.from.pathPrefix = joinUrl(baseRule.from.pathPrefix, x.mountPoint);
+            newRule.from.pathPrefix = joinURL(baseRule.from.pathPrefix, x.mountPoint);
           }
 
           expandedRules.push(newRule);
@@ -633,7 +633,7 @@ const ensureBlockletCache = (sites = [], blocklets) => {
           const cacheable = get(findWebInterface(component), 'cacheable', []);
           cacheable.forEach((cachePrefix) => {
             const clone = cloneDeep(rule);
-            clone.from.pathPrefix = joinUrl(rule.from.pathPrefix, cachePrefix);
+            clone.from.pathPrefix = joinURL(rule.from.pathPrefix, cachePrefix);
             clone.to.cacheGroup = isServiceFeDevelopment ? '' : 'blockletProxy';
             clone.to.targetPrefix = cachePrefix;
             clone.dynamic = true; // mark as dynamic to avoid redundant generated rules
@@ -674,7 +674,7 @@ const decompressCertificates = async (source, dest) => {
   return dest;
 };
 
-const joinCertDownUrl = (baseUrl, name) => joinUrl(baseUrl, '/certs', name);
+const joinCertDownUrl = (baseUrl, name) => joinURL(baseUrl, '/certs', name);
 
 const getIpEchoCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'ip-abtnet-io.tar.gz');
 const getDidDomainCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'did-abtnet-io.tar.gz');

package/lib/router/manager.js

@@ -13,7 +13,7 @@ const toLower = require('lodash/toLower');
 const { EventEmitter } = require('events');
 const uuid = require('uuid');
 const isUrl = require('is-url');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const cloneDeep = require('lodash/cloneDeep');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const logger = require('@abtnode/logger')('@abtnode/core:router:manager');
@@ -704,7 +704,7 @@ class RouterManager extends EventEmitter {
     const blockletPrefix = normalizePathPrefix(rawRule.from.pathPrefix);
 
     // root component's mountPoint may not be '/'
-    const rootComponentPrefix = joinUrl(blockletPrefix, blocklet.mountPoint || '/');
+    const rootComponentPrefix = joinURL(blockletPrefix, blocklet.mountPoint || '/');
     rawRule.from.pathPrefix = normalizePathPrefix(rootComponentPrefix);
 
     const isOccupiable = isGatewayBlocklet(blocklet.meta);

package/lib/states/audit-log.js

@@ -3,7 +3,7 @@
 const pick = require('lodash/pick');
 const get = require('lodash/get');
 const uniq = require('lodash/uniq');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const { getDisplayName } = require('@blocklet/meta/lib/util');
 const { BLOCKLET_SITE_GROUP_SUFFIX, NODE_SERVICES } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')('@abtnode/core:states:audit-log');
@@ -12,7 +12,7 @@ const BaseState = require('./base');
 
 const { parse } = require('../util/ua');
 
-const getServerInfo = (info) => `[${info.name}](${joinUrl(info.routing.adminPath, '/settings/about')})`;
+const getServerInfo = (info) => `[${info.name}](${joinURL(info.routing.adminPath, '/settings/about')})`;
 /**
  * @description
  * @param {import('@abtnode/client').BlockletState} blocklet
@@ -21,7 +21,7 @@ const getServerInfo = (info) => `[${info.name}](${joinUrl(info.routing.adminPath
  * }} info
  * @returns {string}
  */
-const getBlockletInfo = (blocklet, info) => `[${getDisplayName(blocklet)}](${joinUrl(info.routing.adminPath, '/blocklets/', blocklet.meta.did, '/overview')})`; // prettier-ignore
+const getBlockletInfo = (blocklet, info) => `[${getDisplayName(blocklet)}](${joinURL(info.routing.adminPath, '/blocklets/', blocklet.meta.did, '/overview')})`; // prettier-ignore
 const componentOrApplication = (componentDids) => (componentDids?.length ? 'component' : 'application');
 const getComponentNames = (blocklet, componentDids, withVersion) =>
   uniq(componentDids || [])
@@ -82,10 +82,10 @@ const expandUser = async (teamDid, userDid, passportId, info, node) => {
   const passport = user.passports.find((x) => x.id === passportId);
 
   if (teamDid === info.did) {
-    return [`[${user.fullName}](${joinUrl(info.routing.adminPath, '/team/members')})`, passport ? passport.name : ''];
+    return [`[${user.fullName}](${joinURL(info.routing.adminPath, '/team/members')})`, passport ? passport.name : ''];
   }
 
-  return [`[${user.fullName}](${joinUrl(info.routing.adminPath, '/blocklets/', teamDid, '/members')})`, passport ? passport.name : '']; // prettier-ignore
+  return [`[${user.fullName}](${joinURL(info.routing.adminPath, '/blocklets/', teamDid, '/members')})`, passport ? passport.name : '']; // prettier-ignore
 };
 
 /**

package/lib/states/release.js

@@ -31,6 +31,7 @@ class Release extends BaseState {
       'blockletScreenshots',
       'publishedStoreIds',
       'blockletComponents',
+      'uploadedResource',
       'note',
       'status',
       'files',

package/lib/states/user.js

@@ -393,6 +393,7 @@ class User extends ExtendBase {
         'email',
         'avatar',
         'role',
+
         'locale',
         'extra',
         'lastLoginIp',
@@ -413,6 +414,8 @@ class User extends ExtendBase {
       if (updates.sourceAppPid) {
         delete updates.sourceAppPid;
       }
+      // 登录不再更新 locale
+      delete updates.locale;
       // update user, connectedAccount, passport
       updates.connectedAccounts = updateConnectedAccount(exist.connectedAccounts, user.connectedAccount);
       updated = await this.updateUser(exist.did, updates);

package/lib/util/blocklet.js

@@ -1,3 +1,4 @@
+/* eslint-disable camelcase */
 /* eslint-disable no-await-in-loop */
 
 const fs = require('fs-extra');
@@ -27,7 +28,7 @@ const logger = require('@abtnode/logger')('@abtnode/core:util:blocklet');
 const pm2 = require('@abtnode/util/lib/async-pm2');
 const sleep = require('@abtnode/util/lib/sleep');
 const getPm2ProcessInfo = require('@abtnode/util/lib/get-pm2-process-info');
-const { formatEnv } = require('@abtnode/util/lib/security');
+const { formatEnv, getSecurityNodeOptions } = require('@abtnode/util/lib/security');
 const ensureEndpointHealthy = require('@abtnode/util/lib/ensure-endpoint-healthy');
 const getFolderSize = require('@abtnode/util/lib/get-folder-size');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
@@ -180,7 +181,9 @@ const getComponentDirs = (component, { dataDirs, ensure = false, ancestors = []
 };
 
 /**
- * @returns { cwd, script, args, environmentObj, interpreter, interpreterArgs }
+ * @param component {import('@abtnode/client').ComponentState & { environmentObj: {[key: string]: string } } }
+ * @returns {{cwd, script, args, environmentObj, interpreter, interpreterArgs}: { args: []}}
+ * @return {*}
  */
 const getComponentStartEngine = (component, { e2eMode = false } = {}) => {
   if (!hasStartEngine(component.meta)) {
@@ -208,8 +211,8 @@ const getComponentStartEngine = (component, { e2eMode = false } = {}) => {
   }
 
   let script = null;
-  let interpreter = '';
-  let interpreterArgs = '';
+  let interpreter;
+  let interpreterArgs = [];
   const environmentObj = {};
   let args = [];
 
@@ -226,11 +229,18 @@ const getComponentStartEngine = (component, { e2eMode = false } = {}) => {
 
   if (component.mode !== BLOCKLET_MODES.DEVELOPMENT) {
     const engine = getEngine(blockletEngineInfo.interpreter);
-    interpreter = engine.interpreter === 'node' ? '' : engine.interpreter;
-    interpreterArgs = engine.args || '';
+    interpreter = engine.interpreter === 'node' ? undefined : engine.interpreter;
+    interpreterArgs = interpreterArgs.concat(engine.args ? [engine.args] : []);
   }
 
-  return { cwd, script, args, environmentObj, interpreter, interpreterArgs };
+  return {
+    cwd,
+    script,
+    args,
+    environmentObj,
+    interpreter,
+    interpreterArgs: interpreterArgs.join(' ').trim(),
+  };
 };
 
 const getBlockletConfigObj = (blocklet, { excludeSecure } = {}) => {
@@ -248,7 +258,6 @@ const getBlockletConfigObj = (blocklet, { excludeSecure } = {}) => {
 
   return obj;
 };
-
 /**
  * set 'configs', configObj', 'environmentObj' to blocklet TODO
  * @param {*} blocklet
@@ -531,6 +540,12 @@ const startBlockletProcess = async (
 
   await forEachBlocklet(
     blocklet,
+    /**
+     *
+     * @param {import('@abtnode/client').BlockletState} b
+     * @param {*} param1
+     * @returns
+     */
     async (b, { ancestors }) => {
       if (b.meta.group === BlockletGroup.gateway) {
         return;
@@ -572,10 +587,10 @@ const startBlockletProcess = async (
       await installExternalDependencies({ appDir: env?.BLOCKLET_APP_DIR });
 
       // run hook
-      await preFlight(b, { env });
+      await preFlight(b, { env: { ...env } });
 
       // run hook
-      await preStart(b, { env });
+      await preStart(b, { env: { ...env } });
 
       // kill process if port is occupied
       try {
@@ -588,6 +603,9 @@ const startBlockletProcess = async (
       // start process
       const maxMemoryRestart = get(nodeInfo, 'runtimeConfig.blockletMaxMemoryLimit', BLOCKLET_MAX_MEM_LIMIT_IN_MB);
 
+      /**
+       * @type {pm2.StartOptions}
+       */
       const options = {
         namespace: 'blocklets',
         name: processId,
@@ -606,6 +624,7 @@ const startBlockletProcess = async (
           ...env,
           NODE_ENV: 'production',
           BLOCKLET_START_AT: now,
+          NODE_OPTIONS: getSecurityNodeOptions(b, nodeInfo.enableFileSystemIsolation),
         },
         script,
         args,

package/lib/util/get-accessible-external-node-ip.js

@@ -1,4 +1,4 @@
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const axios = require('@abtnode/util/lib/axios');
 const { DEFAULT_IP_DOMAIN, WELLKNOWN_SERVER_ADMIN_PATH } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')('@abtnode/core:util:get-accessible-external-node-ip');
@@ -15,7 +15,7 @@ const timeout = process.env.NODE_ENV === 'test' ? 500 : 5000;
 const checkConnected = async ({ ip, info }) => {
   const { adminPath = WELLKNOWN_SERVER_ADMIN_PATH } = info.routing || {};
   const origin = `https://${getNodeDomain(ip)}`;
-  const endpoint = joinUrl(origin, adminPath);
+  const endpoint = joinURL(origin, adminPath);
   await axios.get(endpoint, { timeout });
 };
 

package/lib/util/index.js

@@ -8,7 +8,7 @@ const camelCase = require('lodash/camelCase');
 const get = require('lodash/get');
 const pickBy = require('lodash/pickBy');
 const { isFromPublicKey } = require('@arcblock/did');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const { Certificate } = require('@fidm/x509');
 const getPortLib = require('get-port');
 const v8 = require('v8');
@@ -362,7 +362,7 @@ const getStateCrons = (states) => [
 
 const getDelegateState = async (chainHost, address) => {
   const result = await axios.post(
-    joinUrl(chainHost, '/gql/'),
+    joinURL(chainHost, '/gql/'),
     JSON.stringify({
       query: `{
         getDelegateState(address: "${address}") {
@@ -388,7 +388,7 @@ const getDelegateState = async (chainHost, address) => {
 };
 
 const getNFTState = async (chainHost, nftId) => {
-  const url = joinUrl(new URL(chainHost).origin, '/api/gql/');
+  const url = joinURL(new URL(chainHost).origin, '/api/gql/');
 
   const result = await axios.post(
     url,

package/lib/util/launcher.js

@@ -1,6 +1,6 @@
 const path = require('path');
 const fs = require('fs-extra');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const dayjs = require('@abtnode/util/lib/dayjs');
 const pick = require('lodash/pick');
 const uniq = require('lodash/uniq');
@@ -206,7 +206,7 @@ const setupAppOwner = async (node, sessionId) => {
       throw new Error(`Owner user not found from launcher: ${launcherUrl}`);
     }
     appOwnerProfile = pick(user, ['fullName', 'email', 'avatar']);
-    const avatarBase64 = await getAvatarByUrl(joinUrl(launcherUrl, user.avatar));
+    const avatarBase64 = await getAvatarByUrl(joinURL(launcherUrl, user.avatar));
     appOwnerProfile.avatar = await extractUserAvatar(avatarBase64, { dataDir });
     logger.info('Create owner from launcher for blocklet', { appDid, ownerDid, ownerPk, sessionId, appOwnerProfile });
   } else {
@@ -242,7 +242,7 @@ const setupAppOwner = async (node, sessionId) => {
       endpoint: appUrl,
     }),
     endpoint: getPassportStatusEndpoint({
-      baseUrl: joinUrl(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+      baseUrl: joinURL(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
       userDid: ownerDid,
       teamDid: appDid,
     }),

package/lib/util/spaces.js

@@ -3,7 +3,7 @@ const { default: axios } = require('axios');
 const isUrl = require('is-url');
 const isArray = require('lodash/isArray');
 const isEmpty = require('lodash/isEmpty');
-const joinUrl = require('url-join');
+const { joinURL, withQuery } = require('ufo');
 
 /**
  * @description
@@ -35,7 +35,9 @@ function getBackupFilesUrlFromEndpoint(endpoint) {
   const spaceDid = strArray.at(-4);
   const appDid = strArray.at(-2);
 
-  return joinUrl(prefix, 'space', spaceDid, 'apps', appDid, 'explorer', `?key=/apps/${appDid}/.did-objects/${appDid}/`);
+  return withQuery(joinURL(prefix, 'space', spaceDid, 'apps', appDid, 'explorer'), {
+    key: `/apps/${appDid}/.did-objects/${appDid}/`,
+  });
 }
 
 function getDIDSpacesUrlFromEndpoint(endpoint) {

package/lib/util/store.js

@@ -1,4 +1,4 @@
-const joinUrl = require('url-join');
+const { joinURL, withQuery } = require('ufo');
 const pick = require('lodash/pick');
 const isBase64 = require('is-base64');
 
@@ -48,7 +48,9 @@ const fixAndVerifyMetaFromStore = (meta) => {
 
 const getStoreMeta = async (registry) => {
   try {
-    const url = joinUrl(registry, BLOCKLET_STORE_META_PATH, `?__t__=${Date.now()}`);
+    const url = withQuery(joinURL(registry, BLOCKLET_STORE_META_PATH), {
+      __t__: Date.now(),
+    });
     const { data } = await request.get(url);
 
     if (!data) {
@@ -69,7 +71,7 @@ const getStoreMeta = async (registry) => {
       } else if (isBase64(logoUrl, { allowMime: true })) {
         result.logoUrl = logoUrl;
       } else {
-        result.logoUrl = joinUrl(registry, logoUrl);
+        result.logoUrl = joinURL(registry, logoUrl);
       }
     }
 
@@ -124,14 +126,14 @@ const resolveTarballURL = ({ did, tarball = '', storeUrl = '' }) => {
     return '';
   }
 
-  return joinUrl(storeUrl, 'api', 'blocklets', did, tarball);
+  return joinURL(storeUrl, 'api', 'blocklets', did, tarball);
 };
 
 const getBlockletMetaUrl = ({ did, storeUrl }) =>
-  joinUrl(storeUrl, BLOCKLET_STORE_API_PREFIX, `/blocklets/${did}/blocklet.json`);
+  joinURL(storeUrl, BLOCKLET_STORE_API_PREFIX, `/blocklets/${did}/blocklet.json`);
 
 const getBlockletMeta = async ({ did, storeUrl }) => {
-  const url = joinUrl(storeUrl, BLOCKLET_STORE_API_PREFIX, `/blocklets/${did}/blocklet.json?__t__=${Date.now()}`);
+  const url = joinURL(storeUrl, BLOCKLET_STORE_API_PREFIX, `/blocklets/${did}/blocklet.json?__t__=${Date.now()}`);
 
   const { data } = await request.get(url);
   try {

package/lib/validators/node.js

@@ -39,6 +39,7 @@ const nodeInfoSchema = Joi.object({
     }),
   autoUpgrade: Joi.boolean(),
   enableWelcomePage: Joi.boolean(),
+  enableFileSystemIsolation: Joi.boolean(),
   diskAlertThreshold: Joi.number()
     .label('disk alarm threshold')
     .max(99)

package/lib/validators/project.js

@@ -5,6 +5,7 @@ const note = Joi.string().min(1).max(PROJECT.MAX_NOTE_LENGTH);
 const blockletIntroduction = Joi.string().max(PROJECT.MAX_INTRO_LENGTH).allow('').allow(null);
 const blockletScreenshots = Joi.array().items(Joi.string().min(1).max(200));
 const blockletLogo = Joi.string().max(200).allow(null).allow('');
+const uploadedResource = Joi.string().max(255).allow(null).allow('');
 
 const createReleaseSchema = (status) =>
   Joi.object({
@@ -24,6 +25,7 @@ const createReleaseSchema = (status) =>
         required: Joi.boolean().allow(null),
       })
     ),
+    uploadedResource,
   });
 
 module.exports = {
@@ -31,5 +33,6 @@ module.exports = {
   blockletIntroduction,
   blockletScreenshots,
   blockletLogo,
+  uploadedResource,
   createReleaseSchema,
 };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.28-next-5a717317",
+  "version": "1.16.28",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,19 +19,19 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.28-next-5a717317",
-    "@abtnode/auth": "1.16.28-next-5a717317",
-    "@abtnode/certificate-manager": "1.16.28-next-5a717317",
-    "@abtnode/constant": "1.16.28-next-5a717317",
-    "@abtnode/cron": "1.16.28-next-5a717317",
-    "@abtnode/logger": "1.16.28-next-5a717317",
-    "@abtnode/models": "1.16.28-next-5a717317",
-    "@abtnode/queue": "1.16.28-next-5a717317",
-    "@abtnode/rbac": "1.16.28-next-5a717317",
-    "@abtnode/router-provider": "1.16.28-next-5a717317",
-    "@abtnode/static-server": "1.16.28-next-5a717317",
-    "@abtnode/timemachine": "1.16.28-next-5a717317",
-    "@abtnode/util": "1.16.28-next-5a717317",
+    "@abtnode/analytics": "1.16.28",
+    "@abtnode/auth": "1.16.28",
+    "@abtnode/certificate-manager": "1.16.28",
+    "@abtnode/constant": "1.16.28",
+    "@abtnode/cron": "1.16.28",
+    "@abtnode/logger": "1.16.28",
+    "@abtnode/models": "1.16.28",
+    "@abtnode/queue": "1.16.28",
+    "@abtnode/rbac": "1.16.28",
+    "@abtnode/router-provider": "1.16.28",
+    "@abtnode/static-server": "1.16.28",
+    "@abtnode/timemachine": "1.16.28",
+    "@abtnode/util": "1.16.28",
     "@arcblock/did": "1.18.123",
     "@arcblock/did-auth": "1.18.123",
     "@arcblock/did-ext": "^1.18.123",
@@ -42,20 +42,20 @@
     "@arcblock/pm2-events": "^0.0.5",
     "@arcblock/validator": "^1.18.123",
     "@arcblock/vc": "1.18.123",
-    "@blocklet/constant": "1.16.28-next-5a717317",
-    "@blocklet/env": "1.16.28-next-5a717317",
-    "@blocklet/meta": "1.16.28-next-5a717317",
-    "@blocklet/resolver": "1.16.28-next-5a717317",
-    "@blocklet/sdk": "1.16.28-next-5a717317",
-    "@blocklet/store": "1.16.28-next-5a717317",
-    "@did-space/client": "^0.4.20",
+    "@blocklet/constant": "1.16.28",
+    "@blocklet/env": "1.16.28",
+    "@blocklet/meta": "1.16.28",
+    "@blocklet/resolver": "1.16.28",
+    "@blocklet/sdk": "1.16.28",
+    "@blocklet/store": "1.16.28",
+    "@did-space/client": "^0.5.1",
     "@fidm/x509": "^1.2.1",
     "@ocap/mcrypto": "1.18.123",
     "@ocap/util": "1.18.123",
     "@ocap/wallet": "1.18.123",
     "@slack/webhook": "^5.0.4",
     "archiver": "^7.0.1",
-    "axios": "^0.27.2",
+    "axios": "^1.7.2",
     "axon": "^2.0.3",
     "chalk": "^4.1.2",
     "cross-spawn": "^7.0.3",
@@ -92,7 +92,7 @@
     "tar": "^6.1.11",
     "transliteration": "^2.3.5",
     "ua-parser-js": "^1.0.2",
-    "url-join": "^4.0.1",
+    "ufo": "^1.5.3",
     "uuid": "^9.0.1",
     "valid-url": "^1.0.9",
     "xbytes": "^1.8.0"
@@ -103,5 +103,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "3624967f9549de3a25a87ed6b20f82519ddb4757"
+  "gitHead": "54db076a7e520bbc260f8cbf0af31dd50b86aef1"
 }