@abtnode/core 1.16.31-beta-52250475 → 1.16.31-beta-a0cc72cf

package/lib/api/team.js

@@ -282,7 +282,7 @@ class TeamAPI extends EventEmitter {
     const now = Date.now();
     let sessionTtl = SESSION_TTL;
     let blocklet;
-    if (teamDid !== nodeInfo.did) {
+    if (teamDid !== nodeInfo.did && query?.includeUserSessions) {
       blocklet = await getBlocklet({ did: teamDid, states: this.states, dataDirs: this.dataDirs });
       sessionTtl = blocklet.settings?.session?.ttl || SESSION_TTL;
     }
@@ -310,6 +310,8 @@ class TeamAPI extends EventEmitter {
             'locale',
             'tags',
             'url',
+            'inviter',
+            'generation',
             'userSessions',
             // oauth relate fields
             'sourceProvider',

package/lib/blocklet/hooks.js

@@ -32,7 +32,6 @@ const runUserHook = async (label, hookName, args) => {
     logger.info(`run hook:${hookName}:`, { label, hook });
 
     const nodeInfo = await states.node.read();
-    // FIXME @linchen timeout 应该动态设置或不设置
     await runScript(hook, [label, hookName].join(':'), {
       cwd: appDir,
       env: {

package/lib/blocklet/manager/disk.js

@@ -2372,6 +2372,20 @@ class DiskBlockletManager extends BaseBlockletManager {
     return states.backup.getBlockletBackups({ did });
   }
 
+  async updateInviteSettings({ did, invite }, context) {
+    await states.blockletExtras.setSettings(did, { invite });
+
+    const newState = await this.getBlocklet(did);
+    this.emit(BlockletInternalEvents.appSettingChanged, { appDid: did });
+    this.emit(BlockletEvents.updated, { ...newState, context });
+
+    return newState;
+  }
+
+  getInviteSettings({ did }) {
+    return states.blockletExtras.getSettings(did, 'invite', { enabled: false });
+  }
+
   deleteCache(did) {
     const cache = this.cachedBlocklets.get(did);
     if (cache) {
@@ -4854,6 +4868,8 @@ class FederatedBlockletManager extends DiskBlockletManager {
           'disconnectedAccount',
           'action',
           'sourceAppPid',
+          'inviter',
+          'generation',
         ])
       );
     }

package/lib/index.js

@@ -377,15 +377,15 @@ function ABTNode(options) {
     updateBlockletSpaceGateway: blockletManager.updateBlockletSpaceGateway.bind(blockletManager),
     getBlockletSpaceGateways: blockletManager.getBlockletSpaceGateways.bind(blockletManager),
 
-    // auto backup
+    // auto backup related
     updateAutoBackup: blockletManager.updateAutoBackup.bind(blockletManager),
-
-    // blocklet backup record
     getBlockletBackups: blockletManager.getBlockletBackups.bind(blockletManager),
 
     // check update
     updateAutoCheckUpdate: blockletManager.updateAutoCheckUpdate.bind(blockletManager),
 
+    updateInviteSettings: blockletManager.updateInviteSettings.bind(blockletManager),
+
     // Store
     getBlockletMeta: StoreUtil.getBlockletMeta,
     getStoreMeta: StoreUtil.getStoreMeta,

package/lib/states/user.js

@@ -1,13 +1,15 @@
+const cloneDeep = require('lodash/cloneDeep');
 const pickBy = require('lodash/pickBy');
 const get = require('lodash/get');
 const pick = require('lodash/pick');
 const uniq = require('lodash/uniq');
 const { isValid, toAddress } = require('@arcblock/did');
-const { PASSPORT_STATUS } = require('@abtnode/constant');
+const { PASSPORT_STATUS, USER_MAX_INVITE_DEPTH } = require('@abtnode/constant');
 const { BaseState } = require('@abtnode/models');
 const { Sequelize, Op } = require('sequelize');
 const { updateConnectedAccount } = require('@abtnode/util/lib/user');
 const { LOGIN_PROVIDER } = require('@blocklet/constant');
+const logger = require('@abtnode/logger')('@abtnode/core:states:user');
 
 const { validateOwner } = require('../util');
 const { loginSchema, disconnectAccountSchema } = require('../validators/user');
@@ -72,6 +74,7 @@ class User extends ExtendBase {
     // create user
     await this.insert({
       ...user,
+      ...(await this._extractInviteInfo(user)),
       sourceProvider: user.sourceProvider || LOGIN_PROVIDER.WALLET,
       approved: !!user.approved,
     });
@@ -94,12 +97,20 @@ class User extends ExtendBase {
 
   // FIXME: @wangshijun wrap these in a transaction
   async updateUser(did, updates) {
-    const exist = await super.count({ did });
+    const exist = await super.findOne({ did });
     if (!exist) {
       throw new Error(`user does not exist: ${did}`);
     }
 
-    await super.update({ did }, { $set: updates });
+    // Allow to update inviter only when inviter is not set
+    const pending = cloneDeep(updates);
+    if (exist.inviter) {
+      delete pending.inviter;
+    } else {
+      Object.assign(pending, await this._extractInviteInfo({ did, ...pending }));
+    }
+
+    await super.update({ did }, { $set: pending });
     await Promise.all(
       (get(updates, 'passports') || [])
         .filter((x) => x.id)
@@ -185,16 +196,33 @@ class User extends ExtendBase {
   /**
    * Get blocklet service user list
    */
-  // eslint-disable-next-line require-await
   async getUsers({ query, sort, paging } = {}) {
     const where = {};
-    const { approved, role, search, tags, includeTags, includePassports, includeUserSessions } = query || {};
+    const replacements = {};
+
+    const {
+      approved,
+      role,
+      search,
+      tags,
+      invitee,
+      inviter,
+      generation, // 0 - unlimited, 1 - invited by inviter, 2 - invited by another
+      includeTags,
+      includePassports,
+      includeUserSessions,
+    } = query || {};
     const shouldIncludeTag = (tags && tags.length) || includeTags;
 
     if (isNullOrUndefined(approved) === false) {
       where.approved = approved;
     }
 
+    const sorting = pickBy(sort, (x) => !isNullOrUndefined(x));
+    if (!Object.keys(sorting).length) {
+      sorting.createdAt = -1;
+    }
+
     if (search) {
       if (search.length > 50) {
         throw new Error('the length of search text should not more than 50');
@@ -206,28 +234,92 @@ class User extends ExtendBase {
       }
     }
 
-    const replacements = {};
+    if (inviter && invitee) {
+      throw new Error('You can not query by inviter and invitee at the same time');
+    }
 
-    if (role && role !== '$all' && !where.did) {
-      replacements.status = PASSPORT_STATUS.VALID;
-      if (role === '$none') {
-        where.did = {
-          [Op.notIn]: Sequelize.literal('(SELECT DISTINCT userDid FROM passports WHERE status = :status)'),
-        };
-      } else {
-        replacements.role = role;
-        where.did = {
-          [Op.in]: Sequelize.literal(
-            '(SELECT DISTINCT userDid FROM passports WHERE name = :role AND status = :status)'
-          ),
-        };
+    let total = 0;
+    if (!where.did) {
+      // handle descendant query
+      if (inviter) {
+        if (isValid(inviter) === false) {
+          throw new Error('inviter did invalid');
+        }
+        const exist = await this.model.findByPk(toAddress(inviter), { attributes: ['did', 'generation'] });
+        if (!exist) {
+          throw new Error(`inviter not found: ${inviter}`);
+        }
+
+        try {
+          const { pageSize: size = 20, page = 1 } = paging || {};
+          const pageSize = Math.min(100, size);
+          const offset = (page - 1) * pageSize;
+          //   LIMIT ${pageSize} OFFSET ${offset}
+          const subQuery = `
+WITH RECURSIVE UserTree(did,inviter,generation,createdAt) AS (
+  SELECT did,inviter,generation,createdAt FROM users WHERE inviter="${exist.did}"
+  UNION ALL
+	SELECT child.did,child.inviter,child.generation,child.createdAt FROM users AS child INNER JOIN UserTree AS parent ON (child.inviter=parent.did) ORDER BY child.createdAt DESC
+)
+SELECT did,inviter,generation FROM UserTree ${generation > 0 ? `WHERE generation=${(exist.generation > 0 ? exist.generation : 0) + generation}` : ''}`.trim();
+          const children = await this.query(subQuery);
+          total = children.length;
+          where.did = children.slice(offset, offset + pageSize).map((x) => x.did);
+        } catch (err) {
+          console.error('Failed to get descendants', err);
+          where.did = [];
+        }
       }
-    }
 
-    const sorting = pickBy(sort, (x) => !isNullOrUndefined(x));
-    if (!Object.keys(sorting).length) {
-      sorting.createdAt = -1;
+      // handle ancestor query
+      if (invitee) {
+        if (isValid(invitee) === false) {
+          throw new Error('invitee did invalid');
+        }
+        const exist = await this.model.findByPk(toAddress(invitee), { attributes: ['did', 'generation'] });
+        if (!exist) {
+          throw new Error(`invitee not found: ${invitee}`);
+        }
+
+        try {
+          const subQuery = `
+WITH RECURSIVE UserTree(did,inviter,generation) AS (
+  SELECT did,inviter,generation FROM users WHERE did="${exist.did}"
+  UNION ALL
+	SELECT
+    inviter,
+    (SELECT inviter FROM users AS parent WHERE parent.did=child.inviter),
+    (SELECT generation FROM users AS parent WHERE parent.did=child.inviter)
+    FROM UserTree AS child
+    WHERE inviter IS NOT NULL
+)
+SELECT did,inviter,generation FROM UserTree`.trim();
+          const children = await this.query(subQuery);
+          where.did = children.map((x) => x.did).filter((x) => x !== exist.did);
+        } catch (err) {
+          console.error('Failed to get ancestors', err);
+          where.did = [];
+        }
+      }
+
+      // handle role/status query
+      if (role && role !== '$all') {
+        replacements.status = PASSPORT_STATUS.VALID;
+        if (role === '$none') {
+          where.did = {
+            [Op.notIn]: Sequelize.literal('(SELECT DISTINCT userDid FROM passports WHERE status = :status)'),
+          };
+        } else {
+          replacements.role = role;
+          where.did = {
+            [Op.in]: Sequelize.literal(
+              '(SELECT DISTINCT userDid FROM passports WHERE name = :role AND status = :status)'
+            ),
+          };
+        }
+      }
     }
+
     const include = [];
     if (shouldIncludeTag) {
       include.push(this.getTagInclude(tags));
@@ -250,7 +342,7 @@ class User extends ExtendBase {
     }
 
     const result = await this.paginate({ where, include, replacements }, sorting, paging);
-    return result;
+    return { list: result.list, paging: { ...result.paging, total: total || result.paging.total } };
   }
 
   // eslint-disable-next-line require-await
@@ -371,10 +463,10 @@ class User extends ExtendBase {
    * @param {string} user.did
    * @param {string} user.pk
    * @param {ConnectedAccount} user.connectedAccount
-   * @param {passport} user.passport
    * @param {string} user.fullName - user profile's name
    * @param {string} user.avatar - url of user's avatar, eg: bn://avatar/7f8848569405f8cdf8b1b2788ebf7d0f.jpg
    * @param {string} user.locale - locale
+   * @param {string} user.inviter - inviter
    * @param {Object} [user.extra] - extra data of user
    * @param {string} user.lastLoginIp - lastLoginIp
    * @param {('owner'|'admin'|'member'|'guest'|string)} user.role - deprecated user's role
@@ -402,6 +494,8 @@ class User extends ExtendBase {
         'extra',
         'lastLoginIp',
         'remark',
+        'inviter',
+        'generation',
         'sourceAppPid',
       ]),
       lastLoginAt: now,
@@ -413,13 +507,15 @@ class User extends ExtendBase {
       updates.sourceAppPid = null;
     }
 
+    Object.assign(updates, await this._extractInviteInfo(raw));
+
     if (exist) {
-      // HACK: sourceAppPid 不能更新
-      if (updates.sourceAppPid) {
-        delete updates.sourceAppPid;
-      }
-      // 登录不再更新 locale
+      // immutable fields
       delete updates.locale;
+      delete updates.sourceAppPid;
+      delete updates.inviter;
+      delete updates.generation;
+
       // update user, connectedAccount, passport
       updates.connectedAccounts = updateConnectedAccount(exist.connectedAccounts, user.connectedAccount);
       updated = await this.updateUser(exist.did, updates);
@@ -437,6 +533,49 @@ class User extends ExtendBase {
     return { ...updated, _action: exist ? 'update' : 'add' };
   }
 
+  async _extractInviteInfo(raw) {
+    const info = {};
+
+    if (raw.inviter) {
+      // sybil-attack
+      if (isValid(raw.inviter)) {
+        const inviterId = toAddress(raw.inviter);
+        const inviter = await this.model.findByPk(inviterId, { attributes: ['did', 'generation'] });
+        if (inviter) {
+          // circle preventing
+          const { list: ancestors } = await this.getUsers({ query: { invitee: inviterId } });
+          const hasCircle = ancestors.some((x) => x.did === raw.did);
+          if (hasCircle) {
+            logger.warn('Set inviter result in cycle is not allowed', raw);
+            info.inviter = null;
+          } else {
+            info.inviter = inviterId;
+            info.generation = inviter.generation + 1;
+          }
+        } else {
+          logger.warn('Set inviter to non-exist user is not allowed', raw);
+        }
+      } else {
+        logger.warn('Set inviter to invalid did is not allowed', raw);
+        info.inviter = null;
+      }
+
+      // anti-land-attack
+      if (info.inviter === raw.did) {
+        logger.warn('Set inviter to self is not allowed', raw);
+        info.inviter = null;
+      }
+    }
+    if (!info.inviter) {
+      info.generation = 0;
+    }
+    if (info.generation > USER_MAX_INVITE_DEPTH) {
+      throw new Error('You have exceeded max user invite chain length');
+    }
+
+    return info;
+  }
+
   async disconnectUserAccount(raw) {
     const { error, value: connectedAccount } = disconnectAccountSchema.validate(raw);
     if (error) {

package/lib/util/launcher.js

@@ -357,9 +357,13 @@ const setupAppOwner = async ({ node, sessionId, justCreate = false, context }) =
   };
 };
 
-const getLauncherSession = async ({ launcherUrl, launcherSessionId, external = true }) => {
+const getLauncherSession = async ({ launcherUrl, launcherSessionId, external = true }, context) => {
   const info = await states.node.read();
-  const result = await getLauncherSessionRaw(info.sk, { launcherUrl, launcherSessionId });
+  const result = await getLauncherSessionRaw(info.sk, {
+    launcherUrl,
+    launcherSessionId,
+    locale: context?.query?.locale,
+  });
 
   // strip sensitive data if call from external
   if (external && result.launcherSession) {

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.31-beta-52250475",
+  "version": "1.16.31-beta-a0cc72cf",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,43 +19,43 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.31-beta-52250475",
-    "@abtnode/auth": "1.16.31-beta-52250475",
-    "@abtnode/certificate-manager": "1.16.31-beta-52250475",
-    "@abtnode/constant": "1.16.31-beta-52250475",
-    "@abtnode/cron": "1.16.31-beta-52250475",
-    "@abtnode/logger": "1.16.31-beta-52250475",
-    "@abtnode/models": "1.16.31-beta-52250475",
-    "@abtnode/queue": "1.16.31-beta-52250475",
-    "@abtnode/rbac": "1.16.31-beta-52250475",
-    "@abtnode/router-provider": "1.16.31-beta-52250475",
-    "@abtnode/static-server": "1.16.31-beta-52250475",
-    "@abtnode/timemachine": "1.16.31-beta-52250475",
-    "@abtnode/util": "1.16.31-beta-52250475",
-    "@arcblock/did": "1.18.132",
-    "@arcblock/did-auth": "1.18.132",
-    "@arcblock/did-ext": "^1.18.132",
+    "@abtnode/analytics": "1.16.31-beta-a0cc72cf",
+    "@abtnode/auth": "1.16.31-beta-a0cc72cf",
+    "@abtnode/certificate-manager": "1.16.31-beta-a0cc72cf",
+    "@abtnode/constant": "1.16.31-beta-a0cc72cf",
+    "@abtnode/cron": "1.16.31-beta-a0cc72cf",
+    "@abtnode/logger": "1.16.31-beta-a0cc72cf",
+    "@abtnode/models": "1.16.31-beta-a0cc72cf",
+    "@abtnode/queue": "1.16.31-beta-a0cc72cf",
+    "@abtnode/rbac": "1.16.31-beta-a0cc72cf",
+    "@abtnode/router-provider": "1.16.31-beta-a0cc72cf",
+    "@abtnode/static-server": "1.16.31-beta-a0cc72cf",
+    "@abtnode/timemachine": "1.16.31-beta-a0cc72cf",
+    "@abtnode/util": "1.16.31-beta-a0cc72cf",
+    "@arcblock/did": "1.18.135",
+    "@arcblock/did-auth": "1.18.135",
+    "@arcblock/did-ext": "^1.18.135",
     "@arcblock/did-motif": "^1.1.13",
-    "@arcblock/did-util": "1.18.132",
-    "@arcblock/event-hub": "1.18.132",
-    "@arcblock/jwt": "^1.18.132",
+    "@arcblock/did-util": "1.18.135",
+    "@arcblock/event-hub": "1.18.135",
+    "@arcblock/jwt": "^1.18.135",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/validator": "^1.18.132",
-    "@arcblock/vc": "1.18.132",
-    "@blocklet/constant": "1.16.31-beta-52250475",
-    "@blocklet/env": "1.16.31-beta-52250475",
-    "@blocklet/meta": "1.16.31-beta-52250475",
-    "@blocklet/resolver": "1.16.31-beta-52250475",
-    "@blocklet/sdk": "1.16.31-beta-52250475",
-    "@blocklet/store": "1.16.31-beta-52250475",
-    "@did-space/client": "^0.5.28",
+    "@arcblock/validator": "^1.18.135",
+    "@arcblock/vc": "1.18.135",
+    "@blocklet/constant": "1.16.31-beta-a0cc72cf",
+    "@blocklet/env": "1.16.31-beta-a0cc72cf",
+    "@blocklet/meta": "1.16.31-beta-a0cc72cf",
+    "@blocklet/resolver": "1.16.31-beta-a0cc72cf",
+    "@blocklet/sdk": "1.16.31-beta-a0cc72cf",
+    "@blocklet/store": "1.16.31-beta-a0cc72cf",
+    "@did-space/client": "^0.5.31",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.18.132",
-    "@ocap/util": "1.18.132",
-    "@ocap/wallet": "1.18.132",
+    "@ocap/mcrypto": "1.18.135",
+    "@ocap/util": "1.18.135",
+    "@ocap/wallet": "1.18.135",
     "@slack/webhook": "^5.0.4",
     "archiver": "^7.0.1",
-    "axios": "^1.7.2",
+    "axios": "^1.7.5",
     "axon": "^2.0.3",
     "chalk": "^4.1.2",
     "cross-spawn": "^7.0.3",
@@ -81,7 +81,7 @@
     "p-limit": "^3.1.0",
     "p-retry": "4.6.1",
     "read-last-lines": "^1.8.0",
-    "semver": "^7.3.8",
+    "semver": "^7.6.3",
     "sequelize": "^6.35.0",
     "shelljs": "^0.8.5",
     "ssri": "^8.0.1",
@@ -103,5 +103,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "26155b86f103f9e64fd8a23b7fffdb279c71209c"
+  "gitHead": "d1eec814979a4086fc5efd7c719687b76c972ec6"
 }