@abtnode/core 1.16.30 → 1.16.31-beta-4246ab25

package/lib/api/team.js

@@ -282,7 +282,7 @@ class TeamAPI extends EventEmitter {
     const now = Date.now();
     let sessionTtl = SESSION_TTL;
     let blocklet;
-    if (teamDid !== nodeInfo.did) {
+    if (teamDid !== nodeInfo.did && query?.includeUserSessions) {
       blocklet = await getBlocklet({ did: teamDid, states: this.states, dataDirs: this.dataDirs });
       sessionTtl = blocklet.settings?.session?.ttl || SESSION_TTL;
     }
@@ -310,6 +310,8 @@ class TeamAPI extends EventEmitter {
             'locale',
             'tags',
             'url',
+            'inviter',
+            'generation',
             'userSessions',
             // oauth relate fields
             'sourceProvider',

package/lib/blocklet/manager/disk.js

@@ -2372,6 +2372,20 @@ class DiskBlockletManager extends BaseBlockletManager {
     return states.backup.getBlockletBackups({ did });
   }
 
+  async updateInviteSettings({ did, invite }, context) {
+    await states.blockletExtras.setSettings(did, { invite });
+
+    const newState = await this.getBlocklet(did);
+    this.emit(BlockletInternalEvents.appSettingChanged, { appDid: did });
+    this.emit(BlockletEvents.updated, { ...newState, context });
+
+    return newState;
+  }
+
+  getInviteSettings({ did }) {
+    return states.blockletExtras.getSettings(did, 'invite', { enabled: false });
+  }
+
   deleteCache(did) {
     const cache = this.cachedBlocklets.get(did);
     if (cache) {
@@ -4854,6 +4868,8 @@ class FederatedBlockletManager extends DiskBlockletManager {
           'disconnectedAccount',
           'action',
           'sourceAppPid',
+          'inviter',
+          'generation',
         ])
       );
     }

package/lib/index.js

@@ -377,15 +377,15 @@ function ABTNode(options) {
     updateBlockletSpaceGateway: blockletManager.updateBlockletSpaceGateway.bind(blockletManager),
     getBlockletSpaceGateways: blockletManager.getBlockletSpaceGateways.bind(blockletManager),
 
-    // auto backup
+    // auto backup related
     updateAutoBackup: blockletManager.updateAutoBackup.bind(blockletManager),
-
-    // blocklet backup record
     getBlockletBackups: blockletManager.getBlockletBackups.bind(blockletManager),
 
     // check update
     updateAutoCheckUpdate: blockletManager.updateAutoCheckUpdate.bind(blockletManager),
 
+    updateInviteSettings: blockletManager.updateInviteSettings.bind(blockletManager),
+
     // Store
     getBlockletMeta: StoreUtil.getBlockletMeta,
     getStoreMeta: StoreUtil.getStoreMeta,

package/lib/states/user.js

@@ -3,11 +3,12 @@ const get = require('lodash/get');
 const pick = require('lodash/pick');
 const uniq = require('lodash/uniq');
 const { isValid, toAddress } = require('@arcblock/did');
-const { PASSPORT_STATUS } = require('@abtnode/constant');
+const { PASSPORT_STATUS, USER_MAX_INVITE_DEPTH } = require('@abtnode/constant');
 const { BaseState } = require('@abtnode/models');
 const { Sequelize, Op } = require('sequelize');
 const { updateConnectedAccount } = require('@abtnode/util/lib/user');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const logger = require('@abtnode/logger')('@abtnode/core:states:user');
 
 const { validateOwner } = require('../util');
 const { loginSchema, disconnectAccountSchema } = require('../validators/user');
@@ -72,6 +73,7 @@ class User extends ExtendBase {
     // create user
     await this.insert({
       ...user,
+      ...(await this._prepareInviteInfo(user)),
       sourceProvider: user.sourceProvider || LOGIN_PROVIDER.WALLET,
       approved: !!user.approved,
     });
@@ -188,7 +190,18 @@ class User extends ExtendBase {
   // eslint-disable-next-line require-await
   async getUsers({ query, sort, paging } = {}) {
     const where = {};
-    const { approved, role, search, tags, includeTags, includePassports, includeUserSessions } = query || {};
+    const {
+      approved,
+      role,
+      search,
+      tags,
+      invitee,
+      inviter,
+      generation, // 0 - unlimited, 1 - invited by inviter, 2 - invited by another
+      includeTags,
+      includePassports,
+      includeUserSessions,
+    } = query || {};
     const shouldIncludeTag = (tags && tags.length) || includeTags;
 
     if (isNullOrUndefined(approved) === false) {
@@ -206,17 +219,81 @@ class User extends ExtendBase {
       }
     }
 
+    if (inviter && invitee) {
+      throw new Error('You can not query by inviter and invitee at the same time');
+    }
+
+    // handle descendant query
+    if (inviter) {
+      if (isValid(inviter) === false) {
+        throw new Error('inviter did invalid');
+      }
+      const exist = await this.model.findByPk(toAddress(inviter), { attributes: ['did', 'generation'] });
+      if (!exist) {
+        throw new Error(`inviter not found: ${inviter}`);
+      }
+
+      try {
+        const subQuery = `
+WITH RECURSIVE UserTree(did,inviter,generation) AS (
+  SELECT did,inviter,generation FROM users WHERE inviter="${exist.did}"
+  UNION ALL
+	SELECT child.did,child.inviter,child.generation FROM users AS child INNER JOIN UserTree AS parent ON (child.inviter=parent.did)
+)
+SELECT did,inviter,generation FROM UserTree ${generation > 0 ? `WHERE generation=${(exist.generation > 0 ? exist.generation : 0) + generation}` : ''} LIMIT ${USER_MAX_INVITE_DEPTH}`.trim();
+        const children = await this.query(subQuery);
+        where.did = children.map((x) => x.did);
+      } catch (err) {
+        console.error('Failed to get descendants', err);
+        where.did = [];
+      }
+    }
+
+    // handle ancestor query
+    if (invitee) {
+      if (isValid(invitee) === false) {
+        throw new Error('invitee did invalid');
+      }
+      const exist = await this.model.findByPk(toAddress(invitee), { attributes: ['did', 'generation'] });
+      if (!exist) {
+        throw new Error(`invitee not found: ${invitee}`);
+      }
+
+      try {
+        const subQuery = `
+WITH RECURSIVE UserTree(did,inviter,generation) AS (
+  SELECT did,inviter,generation FROM users WHERE did="${exist.did}"
+  UNION ALL
+	SELECT
+    inviter,
+    (SELECT inviter FROM users AS parent WHERE parent.did=child.inviter),
+    (SELECT generation FROM users AS parent WHERE parent.did=child.inviter)
+    FROM UserTree AS child
+    WHERE inviter IS NOT NULL
+    LIMIT ${USER_MAX_INVITE_DEPTH}
+)
+SELECT did,inviter,generation FROM UserTree`.trim();
+        const children = await this.query(subQuery);
+        where.did = children.map((x) => x.did).filter((x) => x !== exist.did);
+      } catch (err) {
+        console.error('Failed to get ancestors', err);
+        where.did = [];
+      }
+    }
+
+    const replacements = {};
+
     if (role && role !== '$all' && !where.did) {
+      replacements.status = PASSPORT_STATUS.VALID;
       if (role === '$none') {
         where.did = {
-          [Op.notIn]: Sequelize.literal(
-            `(SELECT DISTINCT userDid FROM passports WHERE status = '${PASSPORT_STATUS.VALID}')`
-          ),
+          [Op.notIn]: Sequelize.literal('(SELECT DISTINCT userDid FROM passports WHERE status = :status)'),
         };
       } else {
+        replacements.role = role;
         where.did = {
           [Op.in]: Sequelize.literal(
-            `(SELECT DISTINCT userDid FROM passports WHERE name = '${role}' AND status = '${PASSPORT_STATUS.VALID}')`
+            '(SELECT DISTINCT userDid FROM passports WHERE name = :role AND status = :status)'
           ),
         };
       }
@@ -246,7 +323,8 @@ class User extends ExtendBase {
         required: false,
       });
     }
-    const result = await this.paginate({ where, include }, sorting, paging);
+
+    const result = await this.paginate({ where, include, replacements }, sorting, paging);
     return result;
   }
 
@@ -287,11 +365,10 @@ class User extends ExtendBase {
       return this.count({
         where: {
           did: {
-            [Op.notIn]: Sequelize.literal(
-              `(SELECT DISTINCT userDid FROM passports WHERE status = '${PASSPORT_STATUS.VALID}')`
-            ),
+            [Op.notIn]: Sequelize.literal('(SELECT DISTINCT userDid FROM passports WHERE status = :status)'),
           },
         },
+        replacements: { status: PASSPORT_STATUS.VALID },
       });
     }
 
@@ -305,10 +382,11 @@ class User extends ExtendBase {
       where: {
         did: {
           [Op.in]: Sequelize.literal(
-            `(SELECT DISTINCT userDid FROM passports WHERE name = '${name}' AND status = '${status}')`
+            '(SELECT DISTINCT userDid FROM passports WHERE name = :name AND status = :status)'
           ),
         },
       },
+      replacements: { name, status },
     });
   }
 
@@ -368,10 +446,10 @@ class User extends ExtendBase {
    * @param {string} user.did
    * @param {string} user.pk
    * @param {ConnectedAccount} user.connectedAccount
-   * @param {passport} user.passport
    * @param {string} user.fullName - user profile's name
    * @param {string} user.avatar - url of user's avatar, eg: bn://avatar/7f8848569405f8cdf8b1b2788ebf7d0f.jpg
    * @param {string} user.locale - locale
+   * @param {string} user.inviter - inviter
    * @param {Object} [user.extra] - extra data of user
    * @param {string} user.lastLoginIp - lastLoginIp
    * @param {('owner'|'admin'|'member'|'guest'|string)} user.role - deprecated user's role
@@ -399,6 +477,8 @@ class User extends ExtendBase {
         'extra',
         'lastLoginIp',
         'remark',
+        'inviter',
+        'generation',
         'sourceAppPid',
       ]),
       lastLoginAt: now,
@@ -410,11 +490,17 @@ class User extends ExtendBase {
       updates.sourceAppPid = null;
     }
 
+    Object.assign(updates, await this._prepareInviteInfo(raw));
+
     if (exist) {
-      // HACK: sourceAppPid 不能更新
+      // immutable
       if (updates.sourceAppPid) {
         delete updates.sourceAppPid;
       }
+      if (updates.inviter) {
+        delete updates.inviter;
+        delete updates.generation;
+      }
       // 登录不再更新 locale
       delete updates.locale;
       // update user, connectedAccount, passport
@@ -434,6 +520,42 @@ class User extends ExtendBase {
     return { ...updated, _action: exist ? 'update' : 'add' };
   }
 
+  async _prepareInviteInfo(raw) {
+    const info = {};
+
+    // set inviter and generation
+    if (raw.inviter) {
+      // sybil-attack
+      if (isValid(raw.inviter)) {
+        const inviterId = toAddress(raw.inviter);
+        const inviter = await this.model.findByPk(inviterId, { attributes: ['did', 'generation'] });
+        if (inviter) {
+          info.inviter = inviterId;
+          info.generation = inviter.generation + 1;
+        } else {
+          logger.warn('Set inviter to non-exist user is not allowed', raw);
+        }
+      } else {
+        logger.warn('Set inviter to invalid did is not allowed', raw);
+        info.inviter = null;
+      }
+
+      // anti-land-attack
+      if (info.inviter === raw.did) {
+        logger.warn('Set inviter to self is not allowed', raw);
+        info.inviter = null;
+      }
+    }
+    if (!info.inviter) {
+      info.generation = 0;
+    }
+    if (info.generation > USER_MAX_INVITE_DEPTH) {
+      throw new Error('You have exceeded max user invite chain length');
+    }
+
+    return info;
+  }
+
   async disconnectUserAccount(raw) {
     const { error, value: connectedAccount } = disconnectAccountSchema.validate(raw);
     if (error) {

package/lib/util/index.js

@@ -354,7 +354,7 @@ const getStateCrons = (states) => [
     options: { runOnInit: false },
     fn: async () => {
       const removed = await states.auditLog.remove({
-        createdAt: { $lt: new Date(Date.now() - 1000 * 60 * 60 * 24 * 90) },
+        createdAt: { $lt: new Date(Date.now() - 1000 * 60 * 60 * 24 * 365) },
       });
       logger.info(`Removed ${removed} audit logs`);
     },

package/lib/util/launcher.js

@@ -311,7 +311,7 @@ const setupAppOwner = async ({ node, sessionId, justCreate = false, context }) =
   logger.info('Create owner for blocklet', { appDid, ownerDid, sessionId });
 
   // create owner login token that can be used to login on blocklet site
-  const appSecret = Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address].map(Buffer.from)));
+  const appSecret = Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address].map((v) => Buffer.from(v))));
   const setupToken = createAuthToken({
     did: ownerDid,
     passport,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.30",
+  "version": "1.16.31-beta-4246ab25",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,43 +19,43 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.30",
-    "@abtnode/auth": "1.16.30",
-    "@abtnode/certificate-manager": "1.16.30",
-    "@abtnode/constant": "1.16.30",
-    "@abtnode/cron": "1.16.30",
-    "@abtnode/logger": "1.16.30",
-    "@abtnode/models": "1.16.30",
-    "@abtnode/queue": "1.16.30",
-    "@abtnode/rbac": "1.16.30",
-    "@abtnode/router-provider": "1.16.30",
-    "@abtnode/static-server": "1.16.30",
-    "@abtnode/timemachine": "1.16.30",
-    "@abtnode/util": "1.16.30",
-    "@arcblock/did": "1.18.132",
-    "@arcblock/did-auth": "1.18.132",
-    "@arcblock/did-ext": "^1.18.132",
+    "@abtnode/analytics": "1.16.31-beta-4246ab25",
+    "@abtnode/auth": "1.16.31-beta-4246ab25",
+    "@abtnode/certificate-manager": "1.16.31-beta-4246ab25",
+    "@abtnode/constant": "1.16.31-beta-4246ab25",
+    "@abtnode/cron": "1.16.31-beta-4246ab25",
+    "@abtnode/logger": "1.16.31-beta-4246ab25",
+    "@abtnode/models": "1.16.31-beta-4246ab25",
+    "@abtnode/queue": "1.16.31-beta-4246ab25",
+    "@abtnode/rbac": "1.16.31-beta-4246ab25",
+    "@abtnode/router-provider": "1.16.31-beta-4246ab25",
+    "@abtnode/static-server": "1.16.31-beta-4246ab25",
+    "@abtnode/timemachine": "1.16.31-beta-4246ab25",
+    "@abtnode/util": "1.16.31-beta-4246ab25",
+    "@arcblock/did": "1.18.135",
+    "@arcblock/did-auth": "1.18.135",
+    "@arcblock/did-ext": "^1.18.135",
     "@arcblock/did-motif": "^1.1.13",
-    "@arcblock/did-util": "1.18.132",
-    "@arcblock/event-hub": "1.18.132",
-    "@arcblock/jwt": "^1.18.132",
+    "@arcblock/did-util": "1.18.135",
+    "@arcblock/event-hub": "1.18.135",
+    "@arcblock/jwt": "^1.18.135",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/validator": "^1.18.132",
-    "@arcblock/vc": "1.18.132",
-    "@blocklet/constant": "1.16.30",
-    "@blocklet/env": "1.16.30",
-    "@blocklet/meta": "1.16.30",
-    "@blocklet/resolver": "1.16.30",
-    "@blocklet/sdk": "1.16.30",
-    "@blocklet/store": "1.16.30",
-    "@did-space/client": "^0.5.28",
+    "@arcblock/validator": "^1.18.135",
+    "@arcblock/vc": "1.18.135",
+    "@blocklet/constant": "1.16.31-beta-4246ab25",
+    "@blocklet/env": "1.16.31-beta-4246ab25",
+    "@blocklet/meta": "1.16.31-beta-4246ab25",
+    "@blocklet/resolver": "1.16.31-beta-4246ab25",
+    "@blocklet/sdk": "1.16.31-beta-4246ab25",
+    "@blocklet/store": "1.16.31-beta-4246ab25",
+    "@did-space/client": "^0.5.31",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.18.132",
-    "@ocap/util": "1.18.132",
-    "@ocap/wallet": "1.18.132",
+    "@ocap/mcrypto": "1.18.135",
+    "@ocap/util": "1.18.135",
+    "@ocap/wallet": "1.18.135",
     "@slack/webhook": "^5.0.4",
     "archiver": "^7.0.1",
-    "axios": "^1.7.2",
+    "axios": "^1.7.5",
     "axon": "^2.0.3",
     "chalk": "^4.1.2",
     "cross-spawn": "^7.0.3",
@@ -81,7 +81,7 @@
     "p-limit": "^3.1.0",
     "p-retry": "4.6.1",
     "read-last-lines": "^1.8.0",
-    "semver": "^7.3.8",
+    "semver": "^7.6.3",
     "sequelize": "^6.35.0",
     "shelljs": "^0.8.5",
     "ssri": "^8.0.1",
@@ -103,5 +103,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "18420639259c736016b19152229183d9fc1c1656"
+  "gitHead": "ef93705b89033e4cd5fed458b64521d0a994a1d0"
 }