@abtnode/core 1.16.30-beta-cd65989e → 1.16.30

package/lib/api/team.js

@@ -465,14 +465,23 @@ class TeamAPI extends EventEmitter {
       throw new Error('Cannot update owner\'s approval'); // prettier-ignore
     }
 
-    const doc2 = await state.updateApproved(pick(user, ['did', 'approved']));
+    const changeData = pick(user, ['did', 'approved']);
+
+    const result = await state.updateApproved(changeData);
 
     logger.info('user approval updated successfully', { teamDid, userDid: user.did, approved: user.approved });
 
-    this.emit(TeamEvents.userUpdated, { teamDid, user: doc2 });
-    this.emit(TeamEvents.userPermissionUpdated, { teamDid, user: doc2 });
+    if (changeData?.approved === false) {
+      // 需要注销指定 userDid 在当前 member 和 master 中的所有 userSession
+      await this.logoutUser({
+        teamDid,
+        userDid: user.did,
+      });
+    }
+    this.emit(TeamEvents.userUpdated, { teamDid, user: result });
+    this.emit(TeamEvents.userPermissionUpdated, { teamDid, user: result });
 
-    return doc2;
+    return result;
   }
 
   async issuePassportToUser({ teamDid, userDid, role: roleName, notify = true }, context = {}) {
@@ -1479,7 +1488,17 @@ class TeamAPI extends EventEmitter {
       include: {
         model: userState.model,
         as: 'user',
-        attributes: ['did', 'pk', 'sourceProvider', 'fullName', 'email', 'avatar', 'remark', 'sourceAppPid'],
+        attributes: [
+          'did',
+          'pk',
+          'sourceProvider',
+          'fullName',
+          'email',
+          'avatar',
+          'remark',
+          'sourceAppPid',
+          'approved',
+        ],
       },
     });
     return userSessions.map((x) => x.toJSON());
@@ -1524,7 +1543,7 @@ class TeamAPI extends EventEmitter {
 
   async upsertUserSession({ teamDid, appPid, userDid, visitorId, ua, lastLoginIp, passportId, status, extra }) {
     if (!userDid) {
-      throw new Error('userDid are required');
+      throw new Error('userDid is required');
     }
 
     const state = await this.getUserSessionState(teamDid);
@@ -1663,9 +1682,26 @@ class TeamAPI extends EventEmitter {
   }
 
   async logoutUser({ teamDid, userDid, visitorId, appPid }) {
-    const state = await this.getUserSessionState(teamDid);
-    const data = await state.remove({ userDid, visitorId, appPid });
+    if (!userDid) {
+      throw new Error('userDid is required');
+    }
+    if (!teamDid) {
+      throw new Error('teamDid is required');
+    }
+
     const nodeInfo = await this.node.read();
+    if (nodeInfo.did === teamDid) {
+      return 0;
+    }
+    const state = await this.getUserSessionState(teamDid);
+    const userSessionParams = { userDid };
+    if (visitorId) {
+      userSessionParams.visitorId = visitorId;
+    }
+    if (appPid) {
+      userSessionParams.appPid = appPid;
+    }
+    const result = await state.remove(userSessionParams);
     const blocklet = await getBlocklet({ did: teamDid, states: this.states, dataDirs: this.dataDirs });
     const { permanentWallet } = getBlockletInfo(blocklet, nodeInfo.sk);
     const federated = defaults(cloneDeep(blocklet.settings.federated || {}), {
@@ -1677,6 +1713,7 @@ class TeamAPI extends EventEmitter {
       callFederated({
         action: 'sync',
         permanentWallet,
+        // FIXME: @zhanghan 是否还需要通知其他 Member 站点，执行退出登录的操作
         site: masterSite,
         data: {
           userSessions: [
@@ -1684,13 +1721,14 @@ class TeamAPI extends EventEmitter {
               action: 'logout',
               userDid,
               visitorId,
-              appPid: teamDid,
+              // HACK: 如果未传入 appPid，代表要注销当前用户在 master 中所有登录状态，所以传入 undefined；否则就只注销 master 中记录的当前 member 的登录状态
+              appPid: appPid ? teamDid : undefined,
             },
           ],
         },
       });
     }
-    return data;
+    return result;
   }
 }
 

package/lib/util/get-accessible-external-node-ip.js

@@ -14,7 +14,8 @@ const timeout = process.env.NODE_ENV === 'test' ? 500 : 5000;
 // FIXME: check connected by wellknown endpoint
 const checkConnected = async ({ ip, info }) => {
   const { adminPath = WELLKNOWN_SERVER_ADMIN_PATH } = info.routing || {};
-  const origin = `https://${getNodeDomain(ip)}`;
+  // dev 模式下，检查的地址不一样
+  const origin = process.env.NODE_ENV === 'development' ? `http://${ip}:3000` : `https://${getNodeDomain(ip)}`;
   const endpoint = joinURL(origin, adminPath);
   await axios.get(endpoint, { timeout });
 };

package/lib/util/launcher.js

@@ -1,9 +1,11 @@
 const path = require('path');
+const os = require('os');
 const fs = require('fs-extra');
 const { joinURL } = require('ufo');
 const dayjs = require('@abtnode/util/lib/dayjs');
 const pick = require('lodash/pick');
 const uniq = require('lodash/uniq');
+const trim = require('lodash/trim');
 const isEmpty = require('lodash/isEmpty');
 const {
   getUserAvatarUrl,
@@ -415,7 +417,25 @@ const getLaunchSessionStatus = async (blockletDid, controller) => {
   return launcherSession.status;
 };
 
+const isBlockletProtected = (blockletDid) => {
+  if (!process.env.ABT_NODE_DATA_DIR) {
+    return false;
+  }
+
+  const configFile = path.join(process.env.ABT_NODE_DATA_DIR, '.protected-serverless-apps');
+  if (fs.existsSync(configFile)) {
+    const protectedAppIds = fs.readFileSync(configFile, 'utf8').split(os.EOL).map(trim).filter(Boolean);
+    return protectedAppIds.includes(blockletDid);
+  }
+
+  return false;
+};
+
 const isBlockletExpired = async (blockletDid, controller) => {
+  if (isBlockletProtected(blockletDid)) {
+    logger.info('skip expire protected serverless app', { blockletDid, controller });
+    return false;
+  }
   const status = await getLaunchSessionStatus(blockletDid, controller);
   return [LAUNCH_SESSION_STATUS.overdue, LAUNCH_SESSION_STATUS.canceled, LAUNCH_SESSION_STATUS.terminated].includes(
     status
@@ -425,6 +445,10 @@ const isBlockletExpired = async (blockletDid, controller) => {
 const isLaunchSessionTerminated = (session) => session.status === LAUNCH_SESSION_STATUS.terminated;
 
 const isBlockletTerminated = async (blockletDid, controller) => {
+  if (isBlockletProtected(blockletDid)) {
+    logger.info('skip terminate protected serverless app', { blockletDid, controller });
+    return false;
+  }
   const status = await getLaunchSessionStatus(blockletDid, controller);
   return status === LAUNCH_SESSION_STATUS.terminated;
 };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.30-beta-cd65989e",
+  "version": "1.16.30",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,40 +19,40 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.30-beta-cd65989e",
-    "@abtnode/auth": "1.16.30-beta-cd65989e",
-    "@abtnode/certificate-manager": "1.16.30-beta-cd65989e",
-    "@abtnode/constant": "1.16.30-beta-cd65989e",
-    "@abtnode/cron": "1.16.30-beta-cd65989e",
-    "@abtnode/logger": "1.16.30-beta-cd65989e",
-    "@abtnode/models": "1.16.30-beta-cd65989e",
-    "@abtnode/queue": "1.16.30-beta-cd65989e",
-    "@abtnode/rbac": "1.16.30-beta-cd65989e",
-    "@abtnode/router-provider": "1.16.30-beta-cd65989e",
-    "@abtnode/static-server": "1.16.30-beta-cd65989e",
-    "@abtnode/timemachine": "1.16.30-beta-cd65989e",
-    "@abtnode/util": "1.16.30-beta-cd65989e",
-    "@arcblock/did": "1.18.131",
-    "@arcblock/did-auth": "1.18.131",
-    "@arcblock/did-ext": "^1.18.131",
+    "@abtnode/analytics": "1.16.30",
+    "@abtnode/auth": "1.16.30",
+    "@abtnode/certificate-manager": "1.16.30",
+    "@abtnode/constant": "1.16.30",
+    "@abtnode/cron": "1.16.30",
+    "@abtnode/logger": "1.16.30",
+    "@abtnode/models": "1.16.30",
+    "@abtnode/queue": "1.16.30",
+    "@abtnode/rbac": "1.16.30",
+    "@abtnode/router-provider": "1.16.30",
+    "@abtnode/static-server": "1.16.30",
+    "@abtnode/timemachine": "1.16.30",
+    "@abtnode/util": "1.16.30",
+    "@arcblock/did": "1.18.132",
+    "@arcblock/did-auth": "1.18.132",
+    "@arcblock/did-ext": "^1.18.132",
     "@arcblock/did-motif": "^1.1.13",
-    "@arcblock/did-util": "1.18.131",
-    "@arcblock/event-hub": "1.18.131",
-    "@arcblock/jwt": "^1.18.131",
+    "@arcblock/did-util": "1.18.132",
+    "@arcblock/event-hub": "1.18.132",
+    "@arcblock/jwt": "^1.18.132",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/validator": "^1.18.131",
-    "@arcblock/vc": "1.18.131",
-    "@blocklet/constant": "1.16.30-beta-cd65989e",
-    "@blocklet/env": "1.16.30-beta-cd65989e",
-    "@blocklet/meta": "1.16.30-beta-cd65989e",
-    "@blocklet/resolver": "1.16.30-beta-cd65989e",
-    "@blocklet/sdk": "1.16.30-beta-cd65989e",
-    "@blocklet/store": "1.16.30-beta-cd65989e",
-    "@did-space/client": "^0.5.27",
+    "@arcblock/validator": "^1.18.132",
+    "@arcblock/vc": "1.18.132",
+    "@blocklet/constant": "1.16.30",
+    "@blocklet/env": "1.16.30",
+    "@blocklet/meta": "1.16.30",
+    "@blocklet/resolver": "1.16.30",
+    "@blocklet/sdk": "1.16.30",
+    "@blocklet/store": "1.16.30",
+    "@did-space/client": "^0.5.28",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.18.131",
-    "@ocap/util": "1.18.131",
-    "@ocap/wallet": "1.18.131",
+    "@ocap/mcrypto": "1.18.132",
+    "@ocap/util": "1.18.132",
+    "@ocap/wallet": "1.18.132",
     "@slack/webhook": "^5.0.4",
     "archiver": "^7.0.1",
     "axios": "^1.7.2",
@@ -103,5 +103,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "8646768b8ac83cdb8c213ab17fe8030f3d5dc6fc"
+  "gitHead": "18420639259c736016b19152229183d9fc1c1656"
 }