@abtnode/core 1.16.43-beta-20250425-130658-8da18f4d → 1.16.43-beta-20250427-232837-e671de06

package/lib/blocklet/manager/disk.js

@@ -2335,7 +2335,7 @@ class DiskBlockletManager extends BaseBlockletManager {
         }
 
         const cert = await this.certManager.manager.getByDomain(alias.value);
-        if (cert.status === 'error') {
+        if (cert?.status === 'error') {
           await issueCert(alias);
         }
       })
@@ -2418,6 +2418,7 @@ class DiskBlockletManager extends BaseBlockletManager {
       {
         name: 'update-blocklet-certificate',
         time: '*/10 * * * *',
+        options: { runOnInit: false },
         fn: () => {
           if (Date.now() - startTime > TWO_DAYS) {
             return;

package/lib/blocklet/migration-dist/migration.cjs

@@ -548,6 +548,7 @@ module.exports = Object.freeze({
   WELLKNOWN_ACME_CHALLENGE_PREFIX: '/.well-known/acme-challenge',
   WELLKNOWN_DID_RESOLVER_PREFIX: '/.well-known/did.json', // server wellknown endpoint
   WELLKNOWN_OAUTH_SERVER: '/.well-known/oauth-authorization-server',
+  WELLKNOWN_OPENID_SERVER: '/.well-known/openid-configuration',
   WELLKNOWN_BLACKLIST_PREFIX: '/.well-known/blacklist',
   WELLKNOWN_PING_PREFIX: '/.well-known/ping',
   WELLKNOWN_ANALYTICS_PREFIX: '/.well-known/analytics',
@@ -616,10 +617,10 @@ module.exports = Object.freeze({
   WHO_CAN_ACCESS,
   WHO_CAN_ACCESS_PREFIX_ROLES: 'roles:',
 
-  GATEWAY_REQ_LIMIT: Object.freeze({
-    min: 10,
-    max: 100,
-  }),
+  GATEWAY_RATE_LIMIT: { min: 5, max: 500 },
+  GATEWAY_RATE_LIMIT_BURST_FACTOR: { min: 1, max: 10 },
+  GATEWAY_RATE_LIMIT_GLOBAL: { min: 100, max: 5000 },
+  GATEWAY_RATE_LIMIT_METHODS: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'HEAD'],
 
   // Store
   STORE_DETAIL_PAGE_PATH_PREFIX: '/blocklets',
@@ -817,6 +818,9 @@ module.exports = Object.freeze({
     TOKEN: '/token',
     REGISTRATION: '/register',
     REVOCATION: '/revoke',
+    USERINFO: '/userinfo',
+    JWKS: '/jwks',
+    LOGOUT: '/logout',
   },
   OAUTH_CODE_TTL: 10 * 60, // 10 minutes
   OAUTH_ACCESS_TOKEN_TTL: 24 * 60 * 60, // 1 day

package/lib/router/helper.js

@@ -45,6 +45,7 @@ const {
   WELLKNOWN_ACME_CHALLENGE_PREFIX,
   WELLKNOWN_DID_RESOLVER_PREFIX,
   WELLKNOWN_OAUTH_SERVER,
+  WELLKNOWN_OPENID_SERVER,
   WELLKNOWN_PING_PREFIX,
   WELLKNOWN_ANALYTICS_PREFIX,
   LOG_RETAIN_IN_DAYS,
@@ -941,6 +942,12 @@ module.exports = function getRouterHelpers({
         to: proxyTarget,
       };
 
+      const openidWellknownRule = {
+        isProtected: true,
+        from: { pathPrefix: WELLKNOWN_OPENID_SERVER },
+        to: proxyTarget,
+      };
+
       if (site) {
         const didResolverRuleUpdateRes = await upsertSiteRule({ site, rule: didResolverWellknownRule }, context);
         const acmeRuleUpdateRes = await upsertSiteRule({ site, rule: acmeChallengeWellknownRule }, context);
@@ -948,13 +955,15 @@ module.exports = function getRouterHelpers({
         const pingRuleRes = await upsertSiteRule({ site, rule: pingWellknownRule }, context);
         const analyticsRuleRes = await upsertSiteRule({ site, rule: analyticsWellknownRule }, context);
         const oauthServerRuleRes = await upsertSiteRule({ site, rule: oauthServerWellknownRule }, context);
+        const openidRuleRes = await upsertSiteRule({ site, rule: openidWellknownRule }, context);
         return (
           didResolverRuleUpdateRes ||
           acmeRuleUpdateRes ||
           blacklistUpdateRes ||
           pingRuleRes ||
           analyticsRuleRes ||
-          oauthServerRuleRes
+          oauthServerRuleRes ||
+          openidRuleRes
         );
       }
 
@@ -971,6 +980,7 @@ module.exports = function getRouterHelpers({
               pingWellknownRule,
               analyticsWellknownRule,
               oauthServerWellknownRule,
+              openidWellknownRule,
             ],
             isProtected: true,
           },

package/lib/router/index.js

@@ -11,7 +11,9 @@ const {
   DEFAULT_IP_DOMAIN,
   BLOCKLET_PROXY_PATH_PREFIX,
   BLOCKLET_SITE_GROUP_SUFFIX,
-  GATEWAY_REQ_LIMIT,
+  GATEWAY_RATE_LIMIT,
+  GATEWAY_RATE_LIMIT_GLOBAL,
+  GATEWAY_RATE_LIMIT_METHODS,
 } = require('@abtnode/constant');
 const { BLOCKLET_UI_INTERFACES, BLOCKLET_MODES } = require('@blocklet/constant');
 
@@ -120,9 +122,22 @@ class Router {
 
     this.routingTable = getRoutingTable({ sites, nodeInfo });
 
-    const requestLimit = nodeInfo.routing.requestLimit || { enabled: false, rate: GATEWAY_REQ_LIMIT.min };
+    const requestLimit = Object.assign(
+      {
+        enabled: false,
+        rate: GATEWAY_RATE_LIMIT.min,
+        global: GATEWAY_RATE_LIMIT_GLOBAL.min,
+        methods: GATEWAY_RATE_LIMIT_METHODS,
+        burstFactor: 2,
+      },
+      nodeInfo.routing.requestLimit
+    );
     if (requestLimit.enabled) {
-      requestLimit.maxInstantRate = requestLimit.rate >= 20 ? 20 : requestLimit.rate + 20;
+      requestLimit.burst = Math.min(Math.round(requestLimit.rate * requestLimit.burstFactor), GATEWAY_RATE_LIMIT.max);
+      requestLimit.burstGlobal = Math.min(
+        Math.round(requestLimit.global * requestLimit.burstFactor),
+        GATEWAY_RATE_LIMIT_GLOBAL.max
+      );
     }
 
     const blockPolicy = nodeInfo.routing.blockPolicy || { enabled: false, blacklist: [] };

package/lib/states/audit-log.js

@@ -350,7 +350,7 @@ const getLogContent = async (action, args, context, result, info, node) => {
     case 'switchPassport':
       return `${args?.provider ? `${args?.provider} ` : ''}${user} switched passport to ${args?.passport?.name}`;
     case 'login':
-      return `${args?.provider ? `${args?.provider} ` : ''}${user} logged in with passport ${args?.passport?.name}`;
+      return `${args?.provider ? `${args?.provider} ` : ''}${user} logged in with passport ${args?.passport?.name || 'Guest'}`;
     case 'configPassportIssuance':
       return `${args.enabled ? 'enabled' : 'disabled'} passport issuance`;
     case 'createPassportIssuance':

package/lib/validators/node.js

@@ -1,5 +1,10 @@
 /* eslint-disable newline-per-chained-call */
-const { GATEWAY_REQ_LIMIT } = require('@abtnode/constant');
+const {
+  GATEWAY_RATE_LIMIT,
+  GATEWAY_RATE_LIMIT_GLOBAL,
+  GATEWAY_RATE_LIMIT_METHODS,
+  GATEWAY_RATE_LIMIT_BURST_FACTOR,
+} = require('@abtnode/constant');
 const Joi = require('joi');
 const isIp = require('is-ip');
 const isUrl = require('is-url');
@@ -64,11 +69,24 @@ const nodeInfoSchema = Joi.object({
 const updateGatewaySchema = Joi.object({
   requestLimit: Joi.object({
     enabled: Joi.bool().required(),
+    global: Joi.number()
+      .min(GATEWAY_RATE_LIMIT_GLOBAL.min)
+      .max(GATEWAY_RATE_LIMIT_GLOBAL.max)
+      .when('requestLimit.enabled', { is: true, then: Joi.required() }),
+    burstFactor: Joi.number()
+      .min(GATEWAY_RATE_LIMIT_BURST_FACTOR.min)
+      .max(GATEWAY_RATE_LIMIT_BURST_FACTOR.max)
+      .default(2)
+      .when('requestLimit.enabled', { is: true, then: Joi.required() }),
     rate: Joi.number()
-      .min(GATEWAY_REQ_LIMIT.min)
-      .max(GATEWAY_REQ_LIMIT.max)
+      .min(GATEWAY_RATE_LIMIT.min)
+      .max(GATEWAY_RATE_LIMIT.max)
+      .when('requestLimit.enabled', { is: true, then: Joi.required() }),
+    methods: Joi.array()
+      .items(Joi.string().valid(...GATEWAY_RATE_LIMIT_METHODS))
+      .min(1)
+      .default(GATEWAY_RATE_LIMIT_METHODS)
       .when('requestLimit.enabled', { is: true, then: Joi.required() }),
-    ipHeader: Joi.string().allow('').trim(),
   }),
   cacheEnabled: Joi.bool().optional().default(true),
   blockPolicy: Joi.object({

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.43-beta-20250425-130658-8da18f4d",
+  "version": "1.16.43-beta-20250427-232837-e671de06",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,21 +19,21 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/auth": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/certificate-manager": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/client": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/constant": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/cron": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/docker-utils": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/logger": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/models": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/queue": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/rbac": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/router-provider": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/static-server": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/timemachine": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@abtnode/util": "1.16.43-beta-20250425-130658-8da18f4d",
+    "@abtnode/analytics": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/auth": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/certificate-manager": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/client": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/constant": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/cron": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/docker-utils": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/logger": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/models": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/queue": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/rbac": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/router-provider": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/static-server": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/timemachine": "1.16.43-beta-20250427-232837-e671de06",
+    "@abtnode/util": "1.16.43-beta-20250427-232837-e671de06",
     "@arcblock/did": "1.20.2",
     "@arcblock/did-auth": "1.20.2",
     "@arcblock/did-ext": "^1.20.2",
@@ -44,14 +44,14 @@
     "@arcblock/pm2-events": "^0.0.5",
     "@arcblock/validator": "^1.20.2",
     "@arcblock/vc": "1.20.2",
-    "@blocklet/constant": "1.16.43-beta-20250425-130658-8da18f4d",
+    "@blocklet/constant": "1.16.43-beta-20250427-232837-e671de06",
     "@blocklet/did-space-js": "^1.0.48",
-    "@blocklet/env": "1.16.43-beta-20250425-130658-8da18f4d",
+    "@blocklet/env": "1.16.43-beta-20250427-232837-e671de06",
     "@blocklet/error": "^0.2.4",
-    "@blocklet/meta": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@blocklet/resolver": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@blocklet/sdk": "1.16.43-beta-20250425-130658-8da18f4d",
-    "@blocklet/store": "1.16.43-beta-20250425-130658-8da18f4d",
+    "@blocklet/meta": "1.16.43-beta-20250427-232837-e671de06",
+    "@blocklet/resolver": "1.16.43-beta-20250427-232837-e671de06",
+    "@blocklet/sdk": "1.16.43-beta-20250427-232837-e671de06",
+    "@blocklet/store": "1.16.43-beta-20250427-232837-e671de06",
     "@blocklet/theme": "^2.13.12",
     "@fidm/x509": "^1.2.1",
     "@ocap/mcrypto": "1.20.2",
@@ -116,5 +116,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "b5195a0290d5ced00bb716a709548b1a56356134"
+  "gitHead": "3644f271b67d5ebaa7a8b852173860a005f1d057"
 }