@abtnode/core 1.16.44-beta-20250529-223630-10e16ac8 → 1.16.44-beta-20250603-231026-30a9d27f

package/lib/blocklet/manager/disk.js

@@ -26,6 +26,7 @@ const { sendToUser } = require('@blocklet/sdk/lib/util/send-notification');
 const { getDidDomainForBlocklet } = require('@abtnode/util/lib/get-domain-for-blocklet');
 const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
 const promiseSpawn = require('@abtnode/util/lib/promise-spawn');
+const { sanitizeTag } = require('@abtnode/util/lib/sanitize');
 
 const {
   BLOCKLET_INSTALL_TYPE,
@@ -237,7 +238,6 @@ const ensureBlockletRunning = require('./ensure-blocklet-running');
 const { transformNotification } = require('../../util/notification');
 const { generateUserUpdateData } = require('../../util/user');
 const { blockletThemeSchema } = require('../../validators/theme');
-const checkDNS = require('../../util/check-dns.js');
 const { removeDockerNetwork } = require('../../util/docker/docker-network.js');
 const parseDockerName = require('../../util/docker/parse-docker-name.js');
 
@@ -341,6 +341,7 @@ class DiskBlockletManager extends BaseBlockletManager {
     nodeAPI,
     teamAPI,
     certManager,
+    routerManager,
   }) {
     super();
 
@@ -358,6 +359,7 @@ class DiskBlockletManager extends BaseBlockletManager {
     this.resendNotificationQueue = resendNotificationQueue;
     this.teamManager = teamManager;
     this.certManager = certManager;
+    this.routerManager = routerManager;
     /**
      * @type {import('../../api/node')}
      */
@@ -443,7 +445,7 @@ class DiskBlockletManager extends BaseBlockletManager {
               title,
               description,
               action: `/blocklets/${did}/overview`,
-              blockletDashboardAction: '/.well-known/service/admin/blocklets',
+              blockletDashboardAction: `${WELLKNOWN_SERVICE_PATH_PREFIX}/admin/blocklets`,
               entityType: 'blocklet',
               entityId: did,
               severity,
@@ -1482,7 +1484,7 @@ class DiskBlockletManager extends BaseBlockletManager {
       entityId: newBlocklet.meta.did,
       severity: 'success',
       action: `/blocklets/${newBlocklet.meta.did}/components`,
-      blockletDashboardAction: '/.well-known/service/admin/components',
+      blockletDashboardAction: `${WELLKNOWN_SERVICE_PATH_PREFIX}/admin/components`,
     });
 
     this.emit(BlockletEvents.componentRemoved, {
@@ -1664,6 +1666,12 @@ class DiskBlockletManager extends BaseBlockletManager {
       throw new Error('configs list is not an array');
     }
 
+    // 对用户输入的配置进行 XSS 清理
+    const sanitizedConfigs = newConfigs.map((c) => ({
+      ...c,
+      value: sanitizeTag(c.value),
+    }));
+
     const tmpDids = Array.isArray(did) ? did : [did];
     const [rootDid, childDid] = tmpDids;
     const rootMetaDid = await states.blocklet.getBlockletMetaDid(rootDid);
@@ -1682,7 +1690,7 @@ class DiskBlockletManager extends BaseBlockletManager {
 
     const configObj = {};
     const ignoredKeys = [];
-    for (const x of newConfigs) {
+    for (const x of sanitizedConfigs) {
       if (['CHAIN_TYPE', 'BLOCKLET_APP_CHAIN_TYPE'].includes(x.key)) {
         throw new Error(`${x.key} should not be changed`);
       } else if (x.custom === true) {
@@ -1715,7 +1723,7 @@ class DiskBlockletManager extends BaseBlockletManager {
       configObj[x.key] = x.value;
     }
 
-    const finalConfigs = newConfigs.filter((x) => !ignoredKeys.includes(x.key));
+    const finalConfigs = sanitizedConfigs.filter((x) => !ignoredKeys.includes(x.key));
     const willAppSkChange = isRotatingAppSk(finalConfigs, blocklet.configs, blocklet.externalSk);
 
     // NOTICE: cannot use appDid as did param because appDid will become old appDid in alsoKnownAs and cannot get blocklet by the old appDid
@@ -2348,12 +2356,18 @@ class DiskBlockletManager extends BaseBlockletManager {
 
     await Promise.all(
       customAliases.map(async (alias) => {
-        const dns = await checkDNS(alias.value, cnameDomain?.value);
+        const dns = await this.routerManager.checkDomainDNS(alias.value, cnameDomain?.value);
         logger.info('dns info', { dns });
         if (!dns.isDnsResolved || !dns.isCnameMatch) {
           return;
         }
 
+        const foundCert = await this.routerManager.getHttpsCert({ domain: alias.value });
+        logger.info('cron check dns global certificate', { foundCert: !!foundCert, domain: alias.value });
+        if (foundCert) {
+          return;
+        }
+
         if (!alias.certificateId) {
           logger.info('cron check dns no certificate');
           await issueCert(alias);
@@ -3513,7 +3527,7 @@ class DiskBlockletManager extends BaseBlockletManager {
     };
 
     const action = `/blocklets/${did}/components?checkUpdate=1`;
-    const blockletDashboardAction = '/.well-known/service/admin/components?checkUpdate=1';
+    const blockletDashboardAction = `${WELLKNOWN_SERVICE_PATH_PREFIX}/admin/components?checkUpdate=1`;
     const users = await this.teamManager.getOwnerAndAdminUsers(did, 1);
     const nodeInfo = await states.node.read();
     const { wallet } = getBlockletInfo(blocklet, nodeInfo.sk);
@@ -4067,7 +4081,7 @@ class DiskBlockletManager extends BaseBlockletManager {
               deployedFrom || fromBlockletSource(source)
             })`,
             action: `/blocklets/${did}/overview`,
-            blockletDashboardAction: '/.well-known/service/admin/blocklets',
+            blockletDashboardAction: `${WELLKNOWN_SERVICE_PATH_PREFIX}/admin/blocklets`,
             entityType: 'blocklet',
             entityId: did,
             severity: 'success',
@@ -4308,7 +4322,7 @@ class DiskBlockletManager extends BaseBlockletManager {
             componentDids
           )} is ${actionName} successfully for ${title}`,
           action: `/blocklets/${did}/overview`,
-          blockletDashboardAction: '/.well-known/service/admin/blocklets',
+          blockletDashboardAction: `${WELLKNOWN_SERVICE_PATH_PREFIX}/admin/blocklets`,
           entityType: 'blocklet',
           entityId: did,
           severity: 'success',
@@ -5162,7 +5176,7 @@ class DiskBlockletManager extends BaseBlockletManager {
   async getDomainDNS({ teamDid, domain }) {
     const blocklet = await this.getBlocklet(teamDid);
     const cnameDomain = (get(blocklet, 'site.domainAliases') || []).find((item) => isDidDomain(item.value));
-    return checkDNS(domain, cnameDomain?.value);
+    return this.routerManager.checkDomainDNS(domain, cnameDomain?.value);
   }
 }
 

package/lib/blocklet/migration-dist/migration.cjs

@@ -287,6 +287,8 @@ const EVENTS = {
   RELOAD_GATEWAY: 'gateway.reload',
   NOTIFICATION_CREATE_QUEUED: 'notification.create.queued',
   UPDATE_DOMAIN_ALIAS: 'router.domain.alias.updated',
+
+  WEBHOOK_ATTEMPT: 'webhook.attempt',
 };
 
 const WHO_CAN_ACCESS = Object.freeze({
@@ -752,6 +754,7 @@ module.exports = Object.freeze({
     // FIXME: 梁柱, 下面两个 get 接口, 可以不开放但是前端需要根据情况取消获取这两个接口的调用
     getBlockletRuntimeHistory: true,
     checkDomains: true,
+    isDidDomain: true,
   },
   // 这些接口可以跳过 ACCESS VERIFY
   SKIP_ACCESS_VERIFY_METHODS: {
@@ -38885,7 +38888,7 @@ module.exports = require("zlib");
 /***/ ((module) => {
 
 "use strict";
-module.exports = /*#__PURE__*/JSON.parse('{"name":"@abtnode/core","publishConfig":{"access":"public"},"version":"1.16.43","description":"","main":"lib/index.js","files":["lib"],"scripts":{"lint":"eslint tests lib --ignore-pattern \'tests/assets/*\'","lint:fix":"eslint --fix tests lib","test":"node tools/jest.js","coverage":"npm run test -- --coverage"},"keywords":[],"author":"wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)","license":"Apache-2.0","dependencies":{"@abtnode/analytics":"1.16.43","@abtnode/auth":"1.16.43","@abtnode/certificate-manager":"1.16.43","@abtnode/client":"1.16.43","@abtnode/constant":"1.16.43","@abtnode/cron":"1.16.43","@abtnode/docker-utils":"1.16.43","@abtnode/logger":"1.16.43","@abtnode/models":"1.16.43","@abtnode/queue":"1.16.43","@abtnode/rbac":"1.16.43","@abtnode/router-provider":"1.16.43","@abtnode/static-server":"1.16.43","@abtnode/timemachine":"1.16.43","@abtnode/util":"1.16.43","@arcblock/did":"1.20.11","@arcblock/did-auth":"1.20.11","@arcblock/did-ext":"1.20.11","@arcblock/did-motif":"^1.1.13","@arcblock/did-util":"1.20.11","@arcblock/event-hub":"1.20.11","@arcblock/jwt":"1.20.11","@arcblock/pm2-events":"^0.0.5","@arcblock/validator":"1.20.11","@arcblock/vc":"1.20.11","@blocklet/constant":"1.16.43","@blocklet/did-space-js":"^1.0.56","@blocklet/env":"1.16.43","@blocklet/error":"^0.2.4","@blocklet/meta":"1.16.43","@blocklet/resolver":"1.16.43","@blocklet/sdk":"1.16.43","@blocklet/store":"1.16.43","@blocklet/theme":"^2.13.55","@fidm/x509":"^1.2.1","@ocap/mcrypto":"1.20.11","@ocap/util":"1.20.11","@ocap/wallet":"1.20.11","@slack/webhook":"^5.0.4","archiver":"^7.0.1","axios":"^1.7.9","axon":"^2.0.3","chalk":"^4.1.2","cross-spawn":"^7.0.3","dayjs":"^1.11.13","deep-diff":"^1.0.2","detect-port":"^1.5.1","envfile":"^7.1.0","escape-string-regexp":"^4.0.0","fast-glob":"^3.3.2","filesize":"^10.1.1","flat":"^5.0.2","fs-extra":"^11.2.0","get-port":"^5.1.1","hasha":"^5.2.2","is-base64":"^1.1.0","is-cidr":"4","is-ip":"3","is-url":"^1.2.4","joi":"17.12.2","joi-extension-semver":"^5.0.0","js-yaml":"^4.1.0","kill-port":"^2.0.1","lodash":"^4.17.21","lru-cache":"^11.0.2","node-stream-zip":"^1.15.0","p-all":"^3.0.0","p-limit":"^3.1.0","p-map":"^4.0.0","p-retry":"^4.6.2","p-wait-for":"^3.2.0","rate-limiter-flexible":"^5.0.5","read-last-lines":"^1.8.0","semver":"^7.6.3","sequelize":"^6.35.0","shelljs":"^0.8.5","slugify":"^1.6.6","ssri":"^8.0.1","stream-throttle":"^0.1.3","stream-to-promise":"^3.0.0","systeminformation":"^5.23.3","tail":"^2.2.4","tar":"^6.1.11","transliteration":"^2.3.5","ua-parser-js":"^1.0.2","ufo":"^1.5.3","uuid":"^9.0.1","valid-url":"^1.0.9","which":"^2.0.2","xbytes":"^1.8.0"},"devDependencies":{"expand-tilde":"^2.0.2","express":"^4.18.2","jest":"^29.7.0","unzipper":"^0.10.11"},"gitHead":"e5764f753181ed6a7c615cd4fc6682aacf0cb7cd"}');
+module.exports = /*#__PURE__*/JSON.parse('{"name":"@abtnode/core","publishConfig":{"access":"public"},"version":"1.16.43","description":"","main":"lib/index.js","files":["lib"],"scripts":{"lint":"eslint tests lib --ignore-pattern \'tests/assets/*\'","lint:fix":"eslint --fix tests lib","test":"node tools/jest.js","coverage":"npm run test -- --coverage"},"keywords":[],"author":"wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)","license":"Apache-2.0","dependencies":{"@abtnode/analytics":"1.16.43","@abtnode/auth":"1.16.43","@abtnode/certificate-manager":"1.16.43","@abtnode/client":"1.16.43","@abtnode/constant":"1.16.43","@abtnode/cron":"1.16.43","@abtnode/docker-utils":"1.16.43","@abtnode/logger":"1.16.43","@abtnode/models":"1.16.43","@abtnode/queue":"1.16.43","@abtnode/rbac":"1.16.43","@abtnode/router-provider":"1.16.43","@abtnode/static-server":"1.16.43","@abtnode/timemachine":"1.16.43","@abtnode/util":"1.16.43","@arcblock/did":"1.20.12","@arcblock/did-auth":"1.20.12","@arcblock/did-ext":"1.20.12","@arcblock/did-motif":"^1.1.13","@arcblock/did-util":"1.20.12","@arcblock/event-hub":"1.20.12","@arcblock/jwt":"1.20.12","@arcblock/pm2-events":"^0.0.5","@arcblock/validator":"1.20.12","@arcblock/vc":"1.20.12","@blocklet/constant":"1.16.43","@blocklet/did-space-js":"^1.0.57","@blocklet/env":"1.16.43","@blocklet/error":"^0.2.5","@blocklet/meta":"1.16.43","@blocklet/resolver":"1.16.43","@blocklet/sdk":"1.16.43","@blocklet/store":"1.16.43","@blocklet/theme":"^2.13.61","@fidm/x509":"^1.2.1","@ocap/mcrypto":"1.20.12","@ocap/util":"1.20.12","@ocap/wallet":"1.20.12","@slack/webhook":"^5.0.4","archiver":"^7.0.1","axios":"^1.7.9","axon":"^2.0.3","chalk":"^4.1.2","cross-spawn":"^7.0.3","dayjs":"^1.11.13","deep-diff":"^1.0.2","detect-port":"^1.5.1","envfile":"^7.1.0","escape-string-regexp":"^4.0.0","fast-glob":"^3.3.2","filesize":"^10.1.1","flat":"^5.0.2","fs-extra":"^11.2.0","get-port":"^5.1.1","hasha":"^5.2.2","is-base64":"^1.1.0","is-cidr":"4","is-ip":"3","is-url":"^1.2.4","joi":"17.12.2","joi-extension-semver":"^5.0.0","js-yaml":"^4.1.0","kill-port":"^2.0.1","lodash":"^4.17.21","lru-cache":"^11.0.2","node-stream-zip":"^1.15.0","p-all":"^3.0.0","p-limit":"^3.1.0","p-map":"^4.0.0","p-retry":"^4.6.2","p-wait-for":"^3.2.0","rate-limiter-flexible":"^5.0.5","read-last-lines":"^1.8.0","semver":"^7.6.3","sequelize":"^6.35.0","shelljs":"^0.8.5","slugify":"^1.6.6","ssri":"^8.0.1","stream-throttle":"^0.1.3","stream-to-promise":"^3.0.0","systeminformation":"^5.23.3","tail":"^2.2.4","tar":"^6.1.11","transliteration":"^2.3.5","ua-parser-js":"^1.0.2","ufo":"^1.5.3","uuid":"^9.0.1","valid-url":"^1.0.9","which":"^2.0.2","xbytes":"^1.8.0"},"devDependencies":{"expand-tilde":"^2.0.2","express":"^4.18.2","jest":"^29.7.0","unzipper":"^0.10.11"},"gitHead":"e5764f753181ed6a7c615cd4fc6682aacf0cb7cd"}');
 
 /***/ }),
 

package/lib/blocklet/webhook/index.js

@@ -2,7 +2,9 @@ const pick = require('lodash/pick');
 const pickBy = require('lodash/pickBy');
 const get = require('lodash/get');
 const { EventEmitter } = require('events');
-const { API_VERSION } = require('./util');
+const { EVENTS } = require('@abtnode/constant');
+const { API_VERSION, STATUS } = require('./util');
+const endpointQueueInit = require('./queues');
 
 const DEFAULT_PAGE = 1;
 const DEFAULT_PAGE_SIZE = 10;
@@ -25,6 +27,9 @@ class WebhooksAPI extends EventEmitter {
 
     this.cache = new Map();
     this.TTL = 5 * 60 * 1000;
+
+    const { webhookEndpointQueue } = endpointQueueInit.init({ states, teamManager });
+    this.webhookEndpointQueue = webhookEndpointQueue;
   }
 
   async getUserInfo(userDid, teamDid, serverDid) {
@@ -161,6 +166,46 @@ class WebhooksAPI extends EventEmitter {
     const list = await webhookAttemptState.list(page, pageSize, where);
     return list;
   }
+
+  async retryWebhookAttempt({ eventId, webhookId, attemptId, teamDid }, context) {
+    const { webhookAttemptState } = await this.teamManager.getWebhookState(teamDid);
+
+    const result = await webhookAttemptState.insert({
+      eventId,
+      webhookId,
+      status: STATUS.PENDING,
+      retryCount: 1,
+      responseStatus: 200,
+      responseBody: {},
+      triggeredBy: getUserDid(context),
+      triggeredFrom: attemptId,
+    });
+
+    const emitResult = async () => {
+      return {
+        teamDid,
+        ...(await webhookAttemptState.findOne({ eventId, webhookId, id: result.id })),
+      };
+    };
+
+    this.webhookEndpointQueue.push({
+      eventId,
+      webhookId,
+      appDid: teamDid,
+      attemptId: result.id,
+      triggeredBy: getUserDid(context),
+      triggeredFrom: attemptId,
+    });
+
+    this.webhookEndpointQueue.on('finished', async () => {
+      this.emit(EVENTS.WEBHOOK_ATTEMPT, { ...(await emitResult()) });
+    });
+    this.webhookEndpointQueue.on('failed', async () => {
+      this.emit(EVENTS.WEBHOOK_ATTEMPT, { ...(await emitResult()) });
+    });
+
+    return result;
+  }
 }
 
 module.exports = WebhooksAPI;

package/lib/blocklet/webhook/queues.js

@@ -3,13 +3,19 @@ const axios = require('@abtnode/util/lib/axios');
 const { Op } = require('sequelize');
 
 const createQueue = require('../../util/queue');
-const { getWebhookJobId } = require('./util');
+const { getWebhookJobId, STATUS } = require('./util');
 
 const MAX_RETRY_COUNT = 2; // 重试一次
 const AXIOS_TIMEOUT = 1000 * 60 * 3;
 
 const createWebhookEndpointQueue = ({ states, teamManager }) => {
   // https://stripe.com/docs/webhooks
+  /**
+   *
+   * @param {*} job eventId: event.id, webhookId: webhook.id, appDid: job.appDid, attemptId?:string
+   *
+   * @returns
+   */
   const handleWebhookEndpoint = async (job) => {
     logger.info('handle webhook endpoint', job);
 
@@ -48,14 +54,31 @@ const createWebhookEndpointQueue = ({ states, teamManager }) => {
       // verify similar to component call, but supports external urls
       const response = await axios.post(webhook.url, event.request, { timeout: AXIOS_TIMEOUT });
 
-      await webhookAttemptState.insert({
-        eventId: event.id,
-        webhookId: webhook.id,
-        status: 'succeeded',
-        responseStatus: response.status,
-        responseBody: response.data || {},
-        retryCount,
-      });
+      if (job.attemptId) {
+        await webhookAttemptState.update(
+          { id: job.attemptId },
+          {
+            status: STATUS.SUCCEEDED,
+            responseStatus: response.status,
+            responseBody: response.data || {},
+            retryCount,
+            triggeredBy: job.triggeredBy,
+            triggeredFrom: job.triggeredFrom,
+          }
+        );
+      } else {
+        await webhookAttemptState.insert({
+          eventId: event.id,
+          webhookId: webhook.id,
+          status: STATUS.SUCCEEDED,
+          responseStatus: response.status,
+          responseBody: response.data || {},
+          retryCount,
+          triggeredBy: job.triggeredBy,
+          triggeredFrom: job.triggeredFrom,
+        });
+      }
+
       logger.info('WebhookAttempt created successfully', { eventId: event.id, webhookId: webhook.id });
 
       const newPendingCount = Math.max(0, event.pendingWebhooks - 1);
@@ -66,14 +89,31 @@ const createWebhookEndpointQueue = ({ states, teamManager }) => {
     } catch (err) {
       logger.warn('webhook attempt error', { ...job, retryCount, message: err.message });
 
-      await webhookAttemptState.insert({
-        eventId: event.id,
-        webhookId: webhook.id,
-        status: 'failed',
-        responseStatus: err.response?.status || 500,
-        responseBody: err.response?.data || {},
-        retryCount,
-      });
+      if (job.attemptId) {
+        await webhookAttemptState.update(
+          { id: job.attemptId },
+          {
+            status: STATUS.FAILED,
+            responseStatus: err.response?.status || 500,
+            responseBody: err.response?.data || {},
+            retryCount,
+            triggeredBy: job.triggeredBy,
+            triggeredFrom: job.triggeredFrom,
+          }
+        );
+      } else {
+        await webhookAttemptState.insert({
+          eventId: event.id,
+          webhookId: webhook.id,
+          status: STATUS.FAILED,
+          responseStatus: err.response?.status || 500,
+          responseBody: err.response?.data || {},
+          retryCount,
+          triggeredBy: job.triggeredBy,
+          triggeredFrom: job.triggeredFrom,
+        });
+      }
+
       logger.info('Failed WebhookAttempt created', { eventId: event.id, webhookId: webhook.id });
 
       // reschedule next attempt

package/lib/blocklet/webhook/util.js

@@ -6,7 +6,14 @@ const getWebhookJobId = (eventId, webhookId) => {
   return md5([eventId, webhookId].join('-'));
 };
 
+const STATUS = {
+  SUCCEEDED: 'succeeded',
+  FAILED: 'failed',
+  PENDING: 'pending',
+};
+
 module.exports = {
   API_VERSION,
+  STATUS,
   getWebhookJobId,
 };

package/lib/event/index.js

@@ -19,6 +19,7 @@ const {
   DEFAULT_DID_DOMAIN,
   WELLKNOWN_BLOCKLET_ADMIN_PATH,
   TEST_STORE_URL,
+  WELLKNOWN_SERVICE_PATH_PREFIX,
 } = require('@abtnode/constant');
 const { joinURL } = require('ufo');
 const { encode } = require('@abtnode/util/lib/base32');
@@ -65,6 +66,7 @@ module.exports = ({
   node,
   nodeRuntimeMonitor,
   daemon,
+  webhookManager,
 }) => {
   const nodeState = states.node;
   const nodeMonitSender = new NodeMonitSender({ node });
@@ -561,6 +563,10 @@ module.exports = ({
     eventHub.broadcast(name, data);
   });
 
+  listen(webhookManager, EVENTS.WEBHOOK_ATTEMPT, (name, data) => {
+    onEvent(name, data, true);
+  });
+
   listen(nodeState, BlockletEvents.purchaseChange, onEvent);
   nodeState.on(EVENTS.ROUTING_UPDATED, (nodeInfo) => onEvent(EVENTS.ROUTING_UPDATED, { routing: nodeInfo.routing }));
   nodeState.once(EVENTS.NODE_ADDED_OWNER, () => downloadAddedBlocklet());
@@ -706,7 +712,7 @@ module.exports = ({
       actions: [
         {
           name: translation.viewYourAccount,
-          link: joinURL(origin, '/.well-known/service/user/settings'),
+          link: joinURL(origin, `${WELLKNOWN_SERVICE_PATH_PREFIX}/user/settings`),
         },
       ],
     };

package/lib/index.js

@@ -280,6 +280,7 @@ function ABTNode(options) {
     nodeAPI,
     teamAPI,
     certManager,
+    routerManager,
   });
   blockletManager.setMaxListeners(0);
   const securityAPI = new SecurityAPI({ teamManager, blockletManager });
@@ -752,6 +753,7 @@ function ABTNode(options) {
     getWebhookEndpoints: webhookAPI.getWebhookEndpoints.bind(webhookAPI),
     getWebhookEndpoint: webhookAPI.getWebhookEndpoint.bind(webhookAPI),
     getWebhookAttempts: webhookAPI.getWebhookAttempts.bind(webhookAPI),
+    retryWebhookAttempt: webhookAPI.retryWebhookAttempt.bind(webhookAPI),
 
     // passport
     createPassportLog: passportAPI.createPassportLog.bind(passportAPI),
@@ -798,6 +800,7 @@ function ABTNode(options) {
     nodeRuntimeMonitor: nodeAPI.runtimeMonitor,
     daemon: options.daemon,
     handleBlockletWafChange,
+    webhookManager: webhookAPI,
   });
 
   const webhook = WebHook({ events, dataDirs, instance, teamManager });

package/lib/router/manager.js

@@ -4,6 +4,7 @@
  * Router manager is the business logic layer of router related, includes:
  * RoutingRuleState, HttpsCertState
  */
+const https = require('https');
 const path = require('path');
 const os = require('os');
 const dns = require('dns');
@@ -22,7 +23,7 @@ const { getProvider } = require('@abtnode/router-provider');
 const checkDomainMatch = require('@abtnode/util/lib/check-domain-match');
 const { isDidDomain, isCustomDomain } = require('@abtnode/util/lib/url-evaluation');
 const { isTopLevelDomain } = require('@abtnode/util/lib/domain');
-const { EVENTS } = require('@abtnode/constant');
+const { EVENTS, WELLKNOWN_PING_PREFIX } = require('@abtnode/constant');
 const {
   DOMAIN_FOR_IP_SITE,
   DOMAIN_FOR_DEFAULT_SITE,
@@ -342,12 +343,41 @@ class RouterManager extends EventEmitter {
 
     if (issueCert) {
       const didDomain = doc.domainAliases.find((x) => isDidDomain(x.value));
-      const dnsValue = await checkDNS(domain, didDomain?.value);
-      const shouldSkipCertIssue = isCustomDomain(domain) && (!dnsValue.isDnsResolved || !dnsValue.isCnameMatch);
+      const [dnsValue, cert] = await Promise.all([
+        this.checkDomainDNS(domain, didDomain?.value),
+        this.getHttpsCert({ domain }),
+      ]);
+
+      // 自定义域名如果 DNS 未解析成功 或 CNAME 不匹配 或 已配置证书，则不自动颁发证书
+      const shouldSkipCertIssue =
+        isCustomDomain(domain) && (!dnsValue.isDnsResolved || !dnsValue.isCnameMatch || !!cert);
+
+      if (shouldSkipCertIssue) {
+        const reasonFn = () => {
+          if (cert) {
+            return 'cert already exists';
+          }
+
+          if (!dnsValue.isDnsResolved) {
+            return 'DNS not resolved';
+          }
 
-      if (!shouldSkipCertIssue) {
+          if (!dnsValue.isCnameMatch) {
+            return 'CNAME not match';
+          }
+
+          return 'unknown reason';
+        };
+
+        logger.info('skip cert issue for domain alias', {
+          cert,
+          domain,
+          dnsValue,
+          reason: reasonFn(),
+        });
+      } else {
         this.certManager
-          .issue({ domain, did, siteId: id, inBlockletSetup }, { delay: 5000 })
+          .issue({ domain, did, siteId: id, inBlockletSetup }, { delay: 3000 })
           .then(() => {
             logger.info('issue cert for domain alias', { domain, did });
           })
@@ -635,6 +665,63 @@ class RouterManager extends EventEmitter {
     return null;
   }
 
+  checkDomainDNS(domain, cnameDomain) {
+    try {
+      if (isCustomDomain(domain)) {
+        return checkDNS(domain, cnameDomain);
+      }
+
+      return Promise.resolve({
+        isDnsResolved: true,
+        hasCname: true,
+        cnameRecords: [cnameDomain],
+        isCnameMatch: true,
+      });
+    } catch (error) {
+      logger.error('check domain dns error', error?.message);
+      return Promise.resolve({
+        isDnsResolved: false,
+        hasCname: false,
+        cnameRecords: [],
+        isCnameMatch: false,
+      });
+    }
+  }
+
+  async getHttpsCert({ domain }) {
+    const matchedCert = await this.getMatchedCert(domain);
+
+    if (matchedCert) {
+      return matchedCert;
+    }
+
+    return new Promise((resolve) => {
+      const req = https.request(
+        { host: domain, path: WELLKNOWN_PING_PREFIX, method: 'GET', timeout: 1000 * 10 },
+        (res) => {
+          try {
+            const data = res.socket.getPeerCertificate();
+            const cert = {
+              issuer: {
+                countryName: data.issuer.C,
+                organizationName: data.issuer.O,
+                commonName: data.issuer.CN,
+              },
+              validFrom: data.valid_from,
+              validTo: data.valid_to,
+            };
+            resolve(cert);
+          } catch {
+            resolve(null);
+          }
+        }
+      );
+
+      req.on('error', () => resolve(null));
+      req.end();
+    });
+  }
+
   isCertMatchedDomain(cert, domain = '') {
     return [cert.domain, ...(cert.sans || [])].some((d) => checkDomainMatch(d, domain));
   }

package/lib/router/monitor.js

@@ -1,3 +1,4 @@
+const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { createLogWatcher } = require('./watcher');
 
 // Function to parse the log entry and extract relevant information
@@ -36,7 +37,7 @@ function parseLogEntry(line, check = true) {
       logEntry.status <= 599 &&
       logEntry.request.includes('/.well-known/did.json') === false &&
       logEntry.request.includes('/websocket') === false &&
-      logEntry.request.includes('/.well-known/service/health') === false
+      logEntry.request.includes(`${WELLKNOWN_SERVICE_PATH_PREFIX}/health`) === false
     ) {
       console.warn(`5xx request detected: ${logEntry.host}`, line);
       return logEntry;

package/lib/states/audit-log.js

@@ -515,6 +515,8 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `Delete Blocklet Webhook(${result.id})`;
     case 'ensureBlockletRunning':
       return `${result.title}:\n* ${result.description}`;
+    case 'retryWebhookAttempt':
+      return `Retry Webhook Attempt(${args.attemptId})`;
 
     case 'addUploadEndpoint':
       return `Create Upload Endpoint(${args.url})`;
@@ -657,6 +659,7 @@ const getLogCategory = (action) => {
     case 'createWebhookEndpoint':
     case 'updateWebhookEndpoint':
     case 'deleteWebhookEndpoint':
+    case 'retryWebhookAttempt':
       return 'integrations';
 
     // server

package/lib/util/domain-status.js

@@ -1,11 +1,9 @@
-const https = require('https');
 const { EventEmitter } = require('events');
 const logger = require('@abtnode/logger')('@abtnode/domain-status');
-const { EVENTS, WELLKNOWN_PING_PREFIX } = require('@abtnode/constant');
+const { EVENTS } = require('@abtnode/constant');
 const { BlockletEvents } = require('@blocklet/constant');
-const { isCustomDomain, isDidDomain } = require('@abtnode/util/lib/url-evaluation');
+const { isDidDomain } = require('@abtnode/util/lib/url-evaluation');
 const { checkDomainDNS } = require('./index');
-const checkDNS = require('./check-dns');
 
 const dnsStatusStore = Object.create(null);
 
@@ -48,71 +46,6 @@ class DomainStatus extends EventEmitter {
     this.states = states;
   }
 
-  async getHttpsCert(domain) {
-    const matchedCert = await this.routerManager.getMatchedCert(domain);
-
-    if (matchedCert) {
-      return matchedCert;
-    }
-
-    return new Promise((resolve) => {
-      const req = https.request(
-        {
-          host: domain,
-          path: WELLKNOWN_PING_PREFIX,
-          method: 'GET',
-          timeout: 1000 * 10,
-        },
-        (res) => {
-          try {
-            const data = res.socket.getPeerCertificate();
-            const cert = {
-              issuer: {
-                countryName: data.issuer.C,
-                organizationName: data.issuer.O,
-                commonName: data.issuer.CN,
-              },
-              validFrom: data.valid_from,
-              validTo: data.valid_to,
-            };
-            resolve(cert);
-          } catch {
-            resolve(null);
-          }
-        }
-      );
-
-      req.on('error', () => {
-        resolve(null);
-      });
-
-      req.end();
-    });
-  }
-
-  checkDomainDNS(domain, cnameDomain) {
-    try {
-      if (isCustomDomain(domain)) {
-        return checkDNS(domain, cnameDomain);
-      }
-
-      return Promise.resolve({
-        isDnsResolved: true,
-        hasCname: true,
-        cnameRecords: [cnameDomain],
-        isCnameMatch: true,
-      });
-    } catch (error) {
-      logger.error('check domain dns error', error?.message);
-      return Promise.resolve({
-        isDnsResolved: false,
-        hasCname: false,
-        cnameRecords: [],
-        isCnameMatch: false,
-      });
-    }
-  }
-
   async checkDomainsStatus({ domains, did } = {}) {
     if (did) {
       // eslint-disable-next-line no-param-reassign
@@ -122,8 +55,12 @@ class DomainStatus extends EventEmitter {
     const cnameDomain = domains.find((x) => isDidDomain(x));
 
     (domains || []).forEach((domain) => {
-      Promise.all([this.getHttpsCert(domain), checkDomainDnsWrapper(domain), this.checkDomainDNS(domain, cnameDomain)])
-        .then(([matchedCert, dns, dnsResolve]) => {
+      Promise.all([
+        this.routerManager.getHttpsCert({ domain }),
+        this.routerManager.checkDomainDNS(domain, cnameDomain),
+        checkDomainDnsWrapper(domain),
+      ])
+        .then(([matchedCert, dnsResolve, dns]) => {
           const eventData = {
             domain,
             matchedCert,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.44-beta-20250529-223630-10e16ac8",
+  "version": "1.16.44-beta-20250603-231026-30a9d27f",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,44 +19,44 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/analytics": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/auth": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/certificate-manager": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/client": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/constant": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/cron": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/docker-utils": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/logger": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/models": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/queue": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/rbac": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/router-provider": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/static-server": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/timemachine": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@abtnode/util": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@arcblock/did": "1.20.11",
-    "@arcblock/did-auth": "1.20.11",
-    "@arcblock/did-ext": "1.20.11",
+    "@abtnode/analytics": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/auth": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/certificate-manager": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/client": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/constant": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/cron": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/docker-utils": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/logger": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/models": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/queue": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/rbac": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/router-provider": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/static-server": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/timemachine": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@abtnode/util": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@arcblock/did": "1.20.12",
+    "@arcblock/did-auth": "1.20.12",
+    "@arcblock/did-ext": "1.20.12",
     "@arcblock/did-motif": "^1.1.13",
-    "@arcblock/did-util": "1.20.11",
-    "@arcblock/event-hub": "1.20.11",
-    "@arcblock/jwt": "1.20.11",
+    "@arcblock/did-util": "1.20.12",
+    "@arcblock/event-hub": "1.20.12",
+    "@arcblock/jwt": "1.20.12",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/validator": "1.20.11",
-    "@arcblock/vc": "1.20.11",
-    "@blocklet/constant": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/did-space-js": "^1.0.56",
-    "@blocklet/env": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/error": "^0.2.4",
-    "@blocklet/meta": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/resolver": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/sdk": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/store": "1.16.44-beta-20250529-223630-10e16ac8",
-    "@blocklet/theme": "^2.13.55",
+    "@arcblock/validator": "1.20.12",
+    "@arcblock/vc": "1.20.12",
+    "@blocklet/constant": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/did-space-js": "^1.0.57",
+    "@blocklet/env": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/error": "^0.2.5",
+    "@blocklet/meta": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/resolver": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/sdk": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/store": "1.16.44-beta-20250603-231026-30a9d27f",
+    "@blocklet/theme": "^2.13.61",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.20.11",
-    "@ocap/util": "1.20.11",
-    "@ocap/wallet": "1.20.11",
+    "@ocap/mcrypto": "1.20.12",
+    "@ocap/util": "1.20.12",
+    "@ocap/wallet": "1.20.12",
     "@slack/webhook": "^5.0.4",
     "archiver": "^7.0.1",
     "axios": "^1.7.9",
@@ -116,5 +116,5 @@
     "jest": "^29.7.0",
     "unzipper": "^0.10.11"
   },
-  "gitHead": "381ba5459e32dd7bc94f7ea62df65b72644d6d16"
+  "gitHead": "c76d07121652516f178de4188d8694fc130767b8"
 }