@abtnode/core 1.16.32-beta-04a5da00 → 1.16.32-beta-0593a408

package/lib/api/team.js

@@ -312,6 +312,8 @@ class TeamAPI extends EventEmitter {
             'url',
             'inviter',
             'generation',
+            'emailVerified',
+            'phoneVerified',
             'userSessions',
             // oauth relate fields
             'sourceProvider',
@@ -373,6 +375,16 @@ class TeamAPI extends EventEmitter {
     return state.getUser(user.did, options);
   }
 
+  async isEmailUsed({ teamDid, email, verified = false }) {
+    const state = await this.getUserState(teamDid);
+    return state.isEmailUsed(email, verified);
+  }
+
+  async isPhoneUsed({ teamDid, phone, verified = false }) {
+    const state = await this.getUserState(teamDid);
+    return state.isPhoneUsed(phone, verified);
+  }
+
   async getUserByDid({ teamDid, userDid }) {
     const state = await this.getUserState(teamDid);
     return state.getUserByDid(userDid);
@@ -412,6 +424,10 @@ class TeamAPI extends EventEmitter {
     const doc = await state.updateUser(user.did, user);
     logger.info('user updated successfully', { teamDid, userDid: user.did });
     this.emit(TeamEvents.userUpdated, { teamDid, user: doc });
+    if (user.kycChanged) {
+      logger.info('user updated with kycChanged', { teamDid, userDid: user.did });
+      this.emit(TeamEvents.userPermissionUpdated, { teamDid, user: doc });
+    }
     return doc;
   }
 
@@ -1437,6 +1453,10 @@ class TeamAPI extends EventEmitter {
     return this.teamManager.getUserState(did);
   }
 
+  getVerifyCodeState(did) {
+    return this.teamManager.getVerifyCodeState(did);
+  }
+
   getUserSessionState(did) {
     return this.teamManager.getUserSessionState(did);
   }
@@ -1732,6 +1752,37 @@ class TeamAPI extends EventEmitter {
     }
     return result;
   }
+
+  // KYC related
+  async createVerifyCode({ teamDid, subject, scope = 'email' }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.create(subject, scope);
+  }
+
+  async consumeVerifyCode({ teamDid, code }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.verify(code);
+  }
+
+  async sendVerifyCode({ teamDid, code }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.send(code);
+  }
+
+  async isSubjectVerified({ teamDid, subject }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.isVerified(subject);
+  }
+
+  async isSubjectSent({ teamDid, subject }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.isSent(subject);
+  }
+
+  async getVerifyCode({ teamDid, code }) {
+    const state = await this.getVerifyCodeState(teamDid);
+    return state.findOne({ code });
+  }
 }
 
 module.exports = TeamAPI;

package/lib/blocklet/manager/disk.js

@@ -1888,6 +1888,18 @@ class DiskBlockletManager extends BaseBlockletManager {
       sessionConfig.ttl = validateConfig.ttl;
     }
 
+    sessionConfig.email = validateConfig.email;
+    sessionConfig.phone = validateConfig.phone;
+
+    // Do some final check
+    if (
+      sessionConfig.email?.enabled &&
+      sessionConfig.email?.requireVerified &&
+      !blocklet.settings.notification?.email?.enabled
+    ) {
+      throw new Error('Email verification is required but email notification is not enabled');
+    }
+
     await states.blockletExtras.setSettings(blocklet.meta.did, { session: sessionConfig });
     this.emit(BlockletInternalEvents.appSettingChanged, { appDid: did });
 
@@ -2383,10 +2395,6 @@ class DiskBlockletManager extends BaseBlockletManager {
     return newState;
   }
 
-  getInviteSettings({ did }) {
-    return states.blockletExtras.getSettings(did, 'invite', { enabled: false });
-  }
-
   deleteCache(did) {
     const cache = this.cachedBlocklets.get(did);
     if (cache) {
@@ -4871,6 +4879,8 @@ class FederatedBlockletManager extends DiskBlockletManager {
           'sourceAppPid',
           'inviter',
           'generation',
+          'emailVerified',
+          'phoneVerified',
         ])
       );
     }

package/lib/index.js

@@ -445,6 +445,8 @@ function ABTNode(options) {
     getUserByDid: teamAPI.getUserByDid.bind(teamAPI),
     isPassportValid: teamAPI.isPassportValid.bind(teamAPI),
     isConnectedAccount: teamAPI.isConnectedAccount.bind(teamAPI),
+    isEmailUsed: teamAPI.isEmailUsed.bind(teamAPI),
+    isPhoneUsed: teamAPI.isPhoneUsed.bind(teamAPI),
     switchProfile: teamAPI.switchProfile.bind(teamAPI),
 
     // user-session
@@ -496,6 +498,14 @@ function ABTNode(options) {
     configTrustedFactories: teamAPI.configTrustedFactories.bind(teamAPI),
     configPassportIssuance: teamAPI.configPassportIssuance.bind(teamAPI),
 
+    // KYC
+    createVerifyCode: teamAPI.createVerifyCode.bind(teamAPI),
+    sendVerifyCode: teamAPI.sendVerifyCode.bind(teamAPI),
+    consumeVerifyCode: teamAPI.consumeVerifyCode.bind(teamAPI),
+    getVerifyCode: teamAPI.getVerifyCode.bind(teamAPI),
+    isSubjectSent: teamAPI.isSubjectSent.bind(teamAPI),
+    isSubjectVerified: teamAPI.isSubjectVerified.bind(teamAPI),
+
     // Team Settings
     addBlockletStore: teamAPI.addStore.bind(teamAPI),
     deleteBlockletStore: teamAPI.deleteStore.bind(teamAPI),

package/lib/states/audit-log.js

@@ -520,7 +520,7 @@ const getScope = (args = {}) => {
 };
 
 const fixActor = (actor) => {
-  if ([NODE_SERVICES.AUTH_SERVICE, 'blocklet'].includes(actor?.role)) {
+  if ([NODE_SERVICES.AUTH, 'blocklet'].includes(actor?.role)) {
     actor.role = '';
   }
 };

package/lib/states/user.js

@@ -496,6 +496,8 @@ SELECT did,inviter,generation FROM UserTree`.trim();
         'remark',
         'inviter',
         'generation',
+        'emailVerified',
+        'phoneVerified',
         'sourceAppPid',
       ]),
       lastLoginAt: now,
@@ -587,7 +589,21 @@ SELECT did,inviter,generation FROM UserTree`.trim();
 
   // eslint-disable-next-line require-await
   async getUserByDid(did) {
-    return this.findOne({ did }, { did: 1, pk: 1, fullName: 1, email: 1, role: 1, approved: 1 });
+    return this.findOne(
+      { did },
+      {
+        did: 1,
+        pk: 1,
+        fullName: 1,
+        email: 1,
+        role: 1,
+        approved: 1,
+        inviter: 1,
+        generation: 1,
+        emailVerified: 1,
+        phoneVerified: 1,
+      }
+    );
   }
 
   async isUserValid(did) {
@@ -641,6 +657,24 @@ SELECT did,inviter,generation FROM UserTree`.trim();
     const passport = await this.passport.findOne({ id: passportId });
     return passport;
   }
+
+  async isEmailUsed(email, verified = false) {
+    const condition = { email };
+    if (verified) {
+      condition.emailVerified = true;
+    }
+    const doc = await this.findOne(condition);
+    return email && !!doc;
+  }
+
+  async isPhoneUsed(phone, verified = false) {
+    const condition = { phone };
+    if (verified) {
+      condition.phoneVerified = true;
+    }
+    const doc = await this.findOne(condition);
+    return phone && !!doc;
+  }
 }
 
 module.exports = User;

package/lib/states/verify-code.js

@@ -0,0 +1,120 @@
+const logger = require('@abtnode/logger')('@abtnode/core:states:verify-code');
+
+const { Hasher } = require('@ocap/mcrypto');
+const { Joi } = require('@arcblock/validator');
+const { VERIFY_CODE_LENGTH, VERIFY_CODE_TTL, VERIFY_SEND_TTL } = require('@abtnode/constant');
+
+const BaseState = require('./base');
+
+const schema = Joi.string().email().required();
+
+/**
+ * @extends BaseState<import('@abtnode/models').VerifyCodeState>
+ */
+class VerifyCodeState extends BaseState {
+  async create(subject, scope = 'email') {
+    if (scope === 'email') {
+      const { error } = schema.validate(subject);
+      if (error) {
+        throw new Error('Invalid email specified when create verify code');
+      }
+    }
+
+    const count = await super.remove({ subject, verified: false });
+    if (count > 0) {
+      logger.info('remove old verify code', { subject });
+    }
+
+    return this.insert({
+      code: await this.getVerifyCode(),
+      subject,
+      digest: Hasher.SHA3.hash256(subject),
+      scope,
+      verified: false,
+      expired: false,
+      sent: false,
+    });
+  }
+
+  async verify(code) {
+    if (!code || code.length !== VERIFY_CODE_LENGTH) {
+      throw new Error('verify code invalid');
+    }
+
+    const doc = await super.findOne({ code });
+    if (!doc) {
+      throw new Error('verify code not found');
+    }
+
+    if (doc.expired) {
+      throw new Error('verify code has expired');
+    }
+
+    if (+new Date() > +doc.createdAt + VERIFY_CODE_TTL) {
+      logger.info('expire verify token', { code, subject: doc.subject });
+      await super.update({ code }, { expired: true, expiredAt: Date.now() });
+      throw new Error('verify code has expired');
+    }
+
+    if (doc.verified) {
+      throw new Error('verify code has been consumed');
+    }
+
+    logger.info('consume verify code', { code, subject: doc.subject });
+    const [, [updated]] = await super.update({ code }, { verified: true, verifiedAt: Date.now() });
+    // await super.remove({ subject: doc.subject, verified: false });
+
+    return updated;
+  }
+
+  async send(code) {
+    if (!code || code.length !== VERIFY_CODE_LENGTH) {
+      throw new Error('verify code invalid');
+    }
+
+    const doc = await super.findOne({ code });
+    if (!doc) {
+      throw new Error('verify code not found');
+    }
+
+    if (doc.sent) {
+      throw new Error('verify code has sent');
+    }
+
+    logger.info('send verify code', { code, subject: doc.subject });
+    const [, [updated]] = await super.update({ code }, { sent: true, sentAt: Date.now() });
+    return updated;
+  }
+
+  async isVerified(subject) {
+    const doc = await this.findOne({ subject, verified: true });
+    return !!doc;
+  }
+
+  async isSent(subject) {
+    const doc = await this.findOne({ subject, sent: true });
+    if (!doc) {
+      return false;
+    }
+
+    return doc.sentAt && +doc.sentAt + VERIFY_SEND_TTL > +new Date();
+  }
+
+  async getVerifyCode() {
+    let code;
+    let exist;
+    do {
+      code = this.generate();
+      // eslint-disable-next-line no-await-in-loop
+      exist = await super.findOne({ code });
+    } while (exist);
+
+    return code;
+  }
+
+  generate() {
+    return Array.from({ length: VERIFY_CODE_LENGTH }, () => Math.floor(Math.random() * 10)).join('');
+  }
+}
+
+module.exports = VerifyCodeState;

package/lib/team/manager.js

@@ -35,6 +35,7 @@ const States = {
   Project: require('../states/project'),
   Release: require('../states/release'),
   Notification: require('../states/notification'),
+  VerifyCode: require('../states/verify-code'),
 };
 
 const getDefaultTeamState = () => ({
@@ -47,6 +48,7 @@ const getDefaultTeamState = () => ({
   project: null,
   release: null,
   notification: null,
+  verifyCode: null,
 });
 
 class TeamManager extends EventEmitter {
@@ -104,6 +106,7 @@ class TeamManager extends EventEmitter {
       connectedAccount: await this.createState(this.nodeDid, 'ConnectedAccount'),
       session: await this.createState(this.nodeDid, 'Session'),
       notification: await this.createState(this.nodeDid, 'Notification'),
+      verifyCode: await this.createState(this.nodeDid, 'VerifyCode'),
     };
   }
 
@@ -135,6 +138,10 @@ class TeamManager extends EventEmitter {
     return this.getState(teamDid, 'notification');
   }
 
+  getVerifyCodeState(teamDid) {
+    return this.getState(teamDid, 'verifyCode');
+  }
+
   async createNotification({ teamDid, receiver, ...payload }) {
     const notification = await this.getState(teamDid, 'notification');
     const doc = await notification.create({ ...payload, teamDid });

package/lib/util/docker/parse-docker-options-from-pm2.js

@@ -63,6 +63,7 @@ async function parseDockerOptionsFromPm2(input, nodeInfo) {
   dockerEnv.BLOCKLET_CACHE_DIR = path.join(baseDir, 'cache');
   dockerEnv.BLOCKLET_DOCKER_NAME = name;
   dockerEnv.BLOCKLET_HOST = 'host.docker.internal';
+  dockerEnv.USING_DOCKER = 'true';
   const envVars = stringifyEnvFile(dockerEnv);
 
   const dockerEnvFile = path.join(options.env.BLOCKLET_DATA_DIR, 'docker-env');
@@ -123,14 +124,16 @@ async function parseDockerOptionsFromPm2(input, nodeInfo) {
   --cpus="${dockerEnv.BLOCKLET_DOCKER_CPUS}" \
   --memory="${dockerEnv.BLOCKLET_DOCKER_MEMORY}" \
   --env-file ${dockerEnvFile} \
-  --read-only --cap-drop=ALL --security-opt no-new-privileges \
+  --read-only --cap-drop=ALL \
   ${networkHost} \
   ${DOCKER_IMAGE_NAME} \
   sh -c \
   '${socatCommand} \
    cd ${dockerEnv.BLOCKLET_APP_DIR} && npm install && ${runScript}'`;
 
-  options.env = {};
+  options.env = {
+    USING_DOCKER: 'true',
+  };
 
   return options;
 }

package/lib/validators/util.js

@@ -28,6 +28,39 @@ const sessionConfigSchema = Joi.object({
   ttl: Joi.number()
     .min(86400) // 1d
     .max(86400 * 30), // 30d
+  email: Joi.object({
+    enabled: Joi.boolean().default(false),
+    requireVerified: Joi.boolean().default(false),
+    requireUnique: Joi.boolean().default(false),
+    trustOauthProviders: Joi.boolean().default(false),
+    domainBlackList: Joi.array().items(Joi.string()).optional().default([]),
+    trustedIssuers: Joi.array()
+      .items(
+        Joi.object({
+          id: Joi.DID().required(),
+          name: Joi.string().required(),
+          pk: Joi.string().optional(),
+        })
+      )
+      .optional()
+      .default([]),
+  }),
+  phone: Joi.object({
+    enabled: Joi.boolean().default(false),
+    requireVerified: Joi.boolean().default(false),
+    requireUnique: Joi.boolean().default(false),
+    regionBlackList: Joi.array().items(Joi.string()).optional().default([]),
+    trustedIssuers: Joi.array()
+      .items(
+        Joi.object({
+          id: Joi.DID().required(),
+          name: Joi.string().required(),
+          pk: Joi.string().optional(),
+        })
+      )
+      .optional()
+      .default([]),
+  }),
 });
 
 module.exports = {

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.32-beta-04a5da00",
+  "version": "1.16.32-beta-0593a408",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,19 +19,19 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.32-beta-04a5da00",
-    "@abtnode/auth": "1.16.32-beta-04a5da00",
-    "@abtnode/certificate-manager": "1.16.32-beta-04a5da00",
-    "@abtnode/constant": "1.16.32-beta-04a5da00",
-    "@abtnode/cron": "1.16.32-beta-04a5da00",
-    "@abtnode/logger": "1.16.32-beta-04a5da00",
-    "@abtnode/models": "1.16.32-beta-04a5da00",
-    "@abtnode/queue": "1.16.32-beta-04a5da00",
-    "@abtnode/rbac": "1.16.32-beta-04a5da00",
-    "@abtnode/router-provider": "1.16.32-beta-04a5da00",
-    "@abtnode/static-server": "1.16.32-beta-04a5da00",
-    "@abtnode/timemachine": "1.16.32-beta-04a5da00",
-    "@abtnode/util": "1.16.32-beta-04a5da00",
+    "@abtnode/analytics": "1.16.32-beta-0593a408",
+    "@abtnode/auth": "1.16.32-beta-0593a408",
+    "@abtnode/certificate-manager": "1.16.32-beta-0593a408",
+    "@abtnode/constant": "1.16.32-beta-0593a408",
+    "@abtnode/cron": "1.16.32-beta-0593a408",
+    "@abtnode/logger": "1.16.32-beta-0593a408",
+    "@abtnode/models": "1.16.32-beta-0593a408",
+    "@abtnode/queue": "1.16.32-beta-0593a408",
+    "@abtnode/rbac": "1.16.32-beta-0593a408",
+    "@abtnode/router-provider": "1.16.32-beta-0593a408",
+    "@abtnode/static-server": "1.16.32-beta-0593a408",
+    "@abtnode/timemachine": "1.16.32-beta-0593a408",
+    "@abtnode/util": "1.16.32-beta-0593a408",
     "@arcblock/did": "1.18.135",
     "@arcblock/did-auth": "1.18.135",
     "@arcblock/did-ext": "^1.18.135",
@@ -42,13 +42,13 @@
     "@arcblock/pm2-events": "^0.0.5",
     "@arcblock/validator": "^1.18.135",
     "@arcblock/vc": "1.18.135",
-    "@blocklet/constant": "1.16.32-beta-04a5da00",
-    "@blocklet/env": "1.16.32-beta-04a5da00",
-    "@blocklet/meta": "1.16.32-beta-04a5da00",
-    "@blocklet/resolver": "1.16.32-beta-04a5da00",
-    "@blocklet/sdk": "1.16.32-beta-04a5da00",
-    "@blocklet/store": "1.16.32-beta-04a5da00",
-    "@did-space/client": "^0.5.32",
+    "@blocklet/constant": "1.16.32-beta-0593a408",
+    "@blocklet/env": "1.16.32-beta-0593a408",
+    "@blocklet/meta": "1.16.32-beta-0593a408",
+    "@blocklet/resolver": "1.16.32-beta-0593a408",
+    "@blocklet/sdk": "1.16.32-beta-0593a408",
+    "@blocklet/store": "1.16.32-beta-0593a408",
+    "@did-space/client": "^0.5.33",
     "@fidm/x509": "^1.2.1",
     "@ocap/mcrypto": "1.18.135",
     "@ocap/util": "1.18.135",
@@ -105,5 +105,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "f609e3593366aace895c936b00f9623002e29b32"
+  "gitHead": "5cca981049ad04018d8d361d9cdd33748f47d7d7"
 }