@abtnode/core 1.16.47-beta-20250710-231709-3e5545ec → 1.16.47-beta-20250714-035905-f63c5239
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -559,6 +559,7 @@ module.exports = Object.freeze({
|
|
|
559
559
|
WELLKNOWN_ANALYTICS_PREFIX: '/.well-known/analytics',
|
|
560
560
|
WELLKNOWN_SERVICE_PATH_PREFIX: '/.well-known/service',
|
|
561
561
|
WELLKNOWN_BLOCKLET_ADMIN_PATH: '/.well-known/service/admin',
|
|
562
|
+
WELLKNOWN_BLOCKLET_USER_PATH: '/.well-known/service/user',
|
|
562
563
|
WELLKNOWN_BLOCKLET_HEALTH_PATH: '/.well-known/service/health',
|
|
563
564
|
WELLKNOWN_BLOCKLET_LOGO_PATH: '/.well-known/service/blocklet/logo',
|
|
564
565
|
SLOT_FOR_IP_DNS_SITE: '888-888-888-888',
|
|
@@ -38902,7 +38903,7 @@ module.exports = require("zlib");
|
|
|
38902
38903
|
/***/ ((module) => {
|
|
38903
38904
|
|
|
38904
38905
|
"use strict";
|
|
38905
|
-
module.exports = /*#__PURE__*/JSON.parse('{"name":"@abtnode/core","publishConfig":{"access":"public"},"version":"1.16.46","description":"","main":"lib/index.js","files":["lib"],"scripts":{"lint":"eslint tests lib --ignore-pattern \'tests/assets/*\'","lint:fix":"eslint --fix tests lib","test":"node tools/jest.js","coverage":"npm run test -- --coverage"},"keywords":[],"author":"wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)","license":"Apache-2.0","dependencies":{"@abtnode/analytics":"1.16.46","@abtnode/auth":"1.16.46","@abtnode/certificate-manager":"1.16.46","@abtnode/client":"1.16.46","@abtnode/constant":"1.16.46","@abtnode/cron":"1.16.46","@abtnode/db-cache":"1.16.46","@abtnode/docker-utils":"1.16.46","@abtnode/logger":"1.16.46","@abtnode/models":"1.16.46","@abtnode/queue":"1.16.46","@abtnode/rbac":"1.16.46","@abtnode/router-provider":"1.16.46","@abtnode/static-server":"1.16.46","@abtnode/timemachine":"1.16.46","@abtnode/util":"1.16.46","@arcblock/did":"1.20.15","@arcblock/did-auth":"1.20.15","@arcblock/did-ext":"1.20.15","@arcblock/did-motif":"^1.1.14","@arcblock/did-util":"1.20.15","@arcblock/event-hub":"1.20.15","@arcblock/jwt":"1.20.15","@arcblock/pm2-events":"^0.0.5","@arcblock/validator":"1.20.15","@arcblock/vc":"1.20.15","@blocklet/constant":"1.16.46","@blocklet/did-space-js":"^1.1.
|
|
38906
|
+
module.exports = /*#__PURE__*/JSON.parse('{"name":"@abtnode/core","publishConfig":{"access":"public"},"version":"1.16.46","description":"","main":"lib/index.js","files":["lib"],"scripts":{"lint":"eslint tests lib --ignore-pattern \'tests/assets/*\'","lint:fix":"eslint --fix tests lib","test":"node tools/jest.js","coverage":"npm run test -- --coverage"},"keywords":[],"author":"wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)","license":"Apache-2.0","dependencies":{"@abtnode/analytics":"1.16.46","@abtnode/auth":"1.16.46","@abtnode/certificate-manager":"1.16.46","@abtnode/client":"1.16.46","@abtnode/constant":"1.16.46","@abtnode/cron":"1.16.46","@abtnode/db-cache":"1.16.46","@abtnode/docker-utils":"1.16.46","@abtnode/logger":"1.16.46","@abtnode/models":"1.16.46","@abtnode/queue":"1.16.46","@abtnode/rbac":"1.16.46","@abtnode/router-provider":"1.16.46","@abtnode/static-server":"1.16.46","@abtnode/timemachine":"1.16.46","@abtnode/util":"1.16.46","@arcblock/did":"1.20.15","@arcblock/did-auth":"1.20.15","@arcblock/did-ext":"1.20.15","@arcblock/did-motif":"^1.1.14","@arcblock/did-util":"1.20.15","@arcblock/event-hub":"1.20.15","@arcblock/jwt":"1.20.15","@arcblock/pm2-events":"^0.0.5","@arcblock/validator":"1.20.15","@arcblock/vc":"1.20.15","@blocklet/constant":"1.16.46","@blocklet/did-space-js":"^1.1.6","@blocklet/env":"1.16.46","@blocklet/error":"^0.2.5","@blocklet/meta":"1.16.46","@blocklet/resolver":"1.16.46","@blocklet/sdk":"1.16.46","@blocklet/store":"1.16.46","@blocklet/theme":"^3.0.26","@fidm/x509":"^1.2.1","@ocap/mcrypto":"1.20.15","@ocap/util":"1.20.15","@ocap/wallet":"1.20.15","@slack/webhook":"^5.0.4","archiver":"^7.0.1","axios":"^1.7.9","axon":"^2.0.3","chalk":"^4.1.2","cross-spawn":"^7.0.3","dayjs":"^1.11.13","deep-diff":"^1.0.2","detect-port":"^1.5.1","envfile":"^7.1.0","escape-string-regexp":"^4.0.0","fast-glob":"^3.3.2","filesize":"^10.1.1","flat":"^5.0.2","fs-extra":"^11.2.0","get-port":"^5.1.1","hasha":"^5.2.2","is-base64":"^1.1.0","is-cidr":"4","is-ip":"3","is-url":"^1.2.4","joi":"17.12.2","joi-extension-semver":"^5.0.0","js-yaml":"^4.1.0","kill-port":"^2.0.1","lodash":"^4.17.21","node-stream-zip":"^1.15.0","p-all":"^3.0.0","p-limit":"^3.1.0","p-map":"^4.0.0","p-retry":"^4.6.2","p-wait-for":"^3.2.0","rate-limiter-flexible":"^5.0.5","read-last-lines":"^1.8.0","semver":"^7.6.3","sequelize":"^6.35.0","shelljs":"^0.8.5","slugify":"^1.6.6","ssri":"^8.0.1","stream-throttle":"^0.1.3","stream-to-promise":"^3.0.0","systeminformation":"^5.23.3","tail":"^2.2.4","tar":"^6.1.11","transliteration":"^2.3.5","ua-parser-js":"^1.0.2","ufo":"^1.5.3","uuid":"^9.0.1","valid-url":"^1.0.9","which":"^2.0.2","xbytes":"^1.8.0"},"devDependencies":{"expand-tilde":"^2.0.2","express":"^4.18.2","jest":"^29.7.0","unzipper":"^0.10.11"},"gitHead":"e5764f753181ed6a7c615cd4fc6682aacf0cb7cd"}');
|
|
38906
38907
|
|
|
38907
38908
|
/***/ }),
|
|
38908
38909
|
|
package/lib/states/access-key.js
CHANGED
|
@@ -7,6 +7,7 @@ const { CustomError } = require('@blocklet/error');
|
|
|
7
7
|
const logger = require('@abtnode/logger')('@abtnode/core:states:access-key');
|
|
8
8
|
const BaseState = require('./base');
|
|
9
9
|
const { accessKeySchema, REMARK_MAX_LENGTH } = require('../validators/access-key');
|
|
10
|
+
const { validateOperator, getEndpoint, isUserCenterPath } = require('../util/verify-access-key-user');
|
|
10
11
|
|
|
11
12
|
const validateRemark = (remark) => {
|
|
12
13
|
if (remark && remark.length > REMARK_MAX_LENGTH) {
|
|
@@ -77,7 +78,8 @@ class AccessKeyState extends BaseState {
|
|
|
77
78
|
};
|
|
78
79
|
}
|
|
79
80
|
|
|
80
|
-
findPaginated({ remark, componentDid, resourceId, resourceType, paging } = {}) {
|
|
81
|
+
findPaginated({ remark, componentDid, resourceId, resourceType, paging } = {}, context) {
|
|
82
|
+
validateOperator(context);
|
|
81
83
|
const conditions = {
|
|
82
84
|
where: {},
|
|
83
85
|
};
|
|
@@ -93,6 +95,11 @@ class AccessKeyState extends BaseState {
|
|
|
93
95
|
if (remark) {
|
|
94
96
|
conditions.where.remark = { [Op.like]: `%${remark}%` };
|
|
95
97
|
}
|
|
98
|
+
const pathname = getEndpoint(context);
|
|
99
|
+
const queryCreatedById = isUserCenterPath(pathname) ? context.user.did : '';
|
|
100
|
+
if (queryCreatedById) {
|
|
101
|
+
conditions.where.createdBy = queryCreatedById;
|
|
102
|
+
}
|
|
96
103
|
|
|
97
104
|
return super.paginate(conditions, { createdAt: -1 }, { pageSize: 20, ...paging });
|
|
98
105
|
}
|
|
@@ -126,6 +133,7 @@ class AccessKeyState extends BaseState {
|
|
|
126
133
|
if (!doc) {
|
|
127
134
|
throw new CustomError(404, `Access Key Id ${accessKeyId} does not exist`);
|
|
128
135
|
}
|
|
136
|
+
validateOperator(context, doc.createdBy);
|
|
129
137
|
if (remark !== undefined) {
|
|
130
138
|
doc.remark = remark;
|
|
131
139
|
}
|
|
@@ -161,6 +169,11 @@ class AccessKeyState extends BaseState {
|
|
|
161
169
|
if (!accessKeyId) {
|
|
162
170
|
throw new CustomError(400, 'accessKeyId should not be empty');
|
|
163
171
|
}
|
|
172
|
+
const doc = await this.findOne({ accessKeyId });
|
|
173
|
+
if (!doc) {
|
|
174
|
+
throw new CustomError(404, `Access Key Id ${accessKeyId} does not exist`);
|
|
175
|
+
}
|
|
176
|
+
validateOperator(context, doc.createdBy);
|
|
164
177
|
const num = await super.remove({ accessKeyId });
|
|
165
178
|
if (num <= 0) {
|
|
166
179
|
throw new CustomError(404, `Access Key Id ${accessKeyId} does not exist`);
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
const { CustomError } = require('@blocklet/error');
|
|
2
|
+
const {
|
|
3
|
+
ROLES,
|
|
4
|
+
SERVER_ROLES,
|
|
5
|
+
WELLKNOWN_BLOCKLET_ADMIN_PATH,
|
|
6
|
+
WELLKNOWN_BLOCKLET_USER_PATH,
|
|
7
|
+
} = require('@abtnode/constant');
|
|
8
|
+
|
|
9
|
+
const { parseURL } = require('ufo');
|
|
10
|
+
|
|
11
|
+
const isAdminPath = (pathname) => pathname.startsWith(WELLKNOWN_BLOCKLET_ADMIN_PATH);
|
|
12
|
+
const isUserCenterPath = (pathname) => pathname.startsWith(WELLKNOWN_BLOCKLET_USER_PATH);
|
|
13
|
+
|
|
14
|
+
const getEndpoint = (context) => {
|
|
15
|
+
const { pathname } = parseURL(context.referrer);
|
|
16
|
+
return pathname;
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
const validateOperator = (context, operatorDid) => {
|
|
20
|
+
const { user, hostname, referrer } = context || {};
|
|
21
|
+
|
|
22
|
+
if (!user) {
|
|
23
|
+
throw new CustomError(400, 'Missing user context');
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
const { did, role = '' } = user;
|
|
27
|
+
|
|
28
|
+
// 非 SDK 环境才进行验证
|
|
29
|
+
if (role !== SERVER_ROLES.BLOCKLET_SDK) {
|
|
30
|
+
if (!hostname || !referrer) {
|
|
31
|
+
throw new CustomError(400, 'Missing hostname or referrer context');
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
// eslint-disable-next-line no-useless-catch
|
|
35
|
+
try {
|
|
36
|
+
const pathname = getEndpoint(context);
|
|
37
|
+
|
|
38
|
+
const isAdminUser = [ROLES.ADMIN, ROLES.OWNER, SERVER_ROLES.BLOCKLET_ADMIN, SERVER_ROLES.BLOCKLET_OWNER].includes(
|
|
39
|
+
role
|
|
40
|
+
);
|
|
41
|
+
|
|
42
|
+
if (!isUserCenterPath(pathname) && !isAdminPath(pathname)) {
|
|
43
|
+
throw new CustomError(400, 'Invalid referrer');
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
// 如果请求路径是控制台,那么需要是 admin 用户访问
|
|
47
|
+
if (isAdminPath(pathname) && !isAdminUser) {
|
|
48
|
+
throw new CustomError(403, 'Unauthorized: You cannot access admin page');
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
// 如果请求路径不是控制台,只能访问自己的信息
|
|
52
|
+
if (isUserCenterPath(pathname) && operatorDid && operatorDid !== did) {
|
|
53
|
+
throw new CustomError(403, 'Unauthorized: You cannot view access keys created by other users');
|
|
54
|
+
}
|
|
55
|
+
} catch (err) {
|
|
56
|
+
throw err;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
};
|
|
60
|
+
|
|
61
|
+
module.exports = { validateOperator, getEndpoint, isUserCenterPath, isAdminPath };
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.16.47-beta-
|
|
6
|
+
"version": "1.16.47-beta-20250714-035905-f63c5239",
|
|
7
7
|
"description": "",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -19,22 +19,22 @@
|
|
|
19
19
|
"author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
|
|
20
20
|
"license": "Apache-2.0",
|
|
21
21
|
"dependencies": {
|
|
22
|
-
"@abtnode/analytics": "1.16.47-beta-
|
|
23
|
-
"@abtnode/auth": "1.16.47-beta-
|
|
24
|
-
"@abtnode/certificate-manager": "1.16.47-beta-
|
|
25
|
-
"@abtnode/client": "1.16.47-beta-
|
|
26
|
-
"@abtnode/constant": "1.16.47-beta-
|
|
27
|
-
"@abtnode/cron": "1.16.47-beta-
|
|
28
|
-
"@abtnode/db-cache": "1.16.47-beta-
|
|
29
|
-
"@abtnode/docker-utils": "1.16.47-beta-
|
|
30
|
-
"@abtnode/logger": "1.16.47-beta-
|
|
31
|
-
"@abtnode/models": "1.16.47-beta-
|
|
32
|
-
"@abtnode/queue": "1.16.47-beta-
|
|
33
|
-
"@abtnode/rbac": "1.16.47-beta-
|
|
34
|
-
"@abtnode/router-provider": "1.16.47-beta-
|
|
35
|
-
"@abtnode/static-server": "1.16.47-beta-
|
|
36
|
-
"@abtnode/timemachine": "1.16.47-beta-
|
|
37
|
-
"@abtnode/util": "1.16.47-beta-
|
|
22
|
+
"@abtnode/analytics": "1.16.47-beta-20250714-035905-f63c5239",
|
|
23
|
+
"@abtnode/auth": "1.16.47-beta-20250714-035905-f63c5239",
|
|
24
|
+
"@abtnode/certificate-manager": "1.16.47-beta-20250714-035905-f63c5239",
|
|
25
|
+
"@abtnode/client": "1.16.47-beta-20250714-035905-f63c5239",
|
|
26
|
+
"@abtnode/constant": "1.16.47-beta-20250714-035905-f63c5239",
|
|
27
|
+
"@abtnode/cron": "1.16.47-beta-20250714-035905-f63c5239",
|
|
28
|
+
"@abtnode/db-cache": "1.16.47-beta-20250714-035905-f63c5239",
|
|
29
|
+
"@abtnode/docker-utils": "1.16.47-beta-20250714-035905-f63c5239",
|
|
30
|
+
"@abtnode/logger": "1.16.47-beta-20250714-035905-f63c5239",
|
|
31
|
+
"@abtnode/models": "1.16.47-beta-20250714-035905-f63c5239",
|
|
32
|
+
"@abtnode/queue": "1.16.47-beta-20250714-035905-f63c5239",
|
|
33
|
+
"@abtnode/rbac": "1.16.47-beta-20250714-035905-f63c5239",
|
|
34
|
+
"@abtnode/router-provider": "1.16.47-beta-20250714-035905-f63c5239",
|
|
35
|
+
"@abtnode/static-server": "1.16.47-beta-20250714-035905-f63c5239",
|
|
36
|
+
"@abtnode/timemachine": "1.16.47-beta-20250714-035905-f63c5239",
|
|
37
|
+
"@abtnode/util": "1.16.47-beta-20250714-035905-f63c5239",
|
|
38
38
|
"@arcblock/did": "1.20.15",
|
|
39
39
|
"@arcblock/did-auth": "1.20.15",
|
|
40
40
|
"@arcblock/did-ext": "1.20.15",
|
|
@@ -45,15 +45,15 @@
|
|
|
45
45
|
"@arcblock/pm2-events": "^0.0.5",
|
|
46
46
|
"@arcblock/validator": "1.20.15",
|
|
47
47
|
"@arcblock/vc": "1.20.15",
|
|
48
|
-
"@blocklet/constant": "1.16.47-beta-
|
|
49
|
-
"@blocklet/did-space-js": "^1.1.
|
|
50
|
-
"@blocklet/env": "1.16.47-beta-
|
|
48
|
+
"@blocklet/constant": "1.16.47-beta-20250714-035905-f63c5239",
|
|
49
|
+
"@blocklet/did-space-js": "^1.1.6",
|
|
50
|
+
"@blocklet/env": "1.16.47-beta-20250714-035905-f63c5239",
|
|
51
51
|
"@blocklet/error": "^0.2.5",
|
|
52
|
-
"@blocklet/meta": "1.16.47-beta-
|
|
53
|
-
"@blocklet/resolver": "1.16.47-beta-
|
|
54
|
-
"@blocklet/sdk": "1.16.47-beta-
|
|
55
|
-
"@blocklet/store": "1.16.47-beta-
|
|
56
|
-
"@blocklet/theme": "^3.0.
|
|
52
|
+
"@blocklet/meta": "1.16.47-beta-20250714-035905-f63c5239",
|
|
53
|
+
"@blocklet/resolver": "1.16.47-beta-20250714-035905-f63c5239",
|
|
54
|
+
"@blocklet/sdk": "1.16.47-beta-20250714-035905-f63c5239",
|
|
55
|
+
"@blocklet/store": "1.16.47-beta-20250714-035905-f63c5239",
|
|
56
|
+
"@blocklet/theme": "^3.0.26",
|
|
57
57
|
"@fidm/x509": "^1.2.1",
|
|
58
58
|
"@ocap/mcrypto": "1.20.15",
|
|
59
59
|
"@ocap/util": "1.20.15",
|
|
@@ -116,5 +116,5 @@
|
|
|
116
116
|
"jest": "^29.7.0",
|
|
117
117
|
"unzipper": "^0.10.11"
|
|
118
118
|
},
|
|
119
|
-
"gitHead": "
|
|
119
|
+
"gitHead": "a43d1ab1a83ffd0b0bd0a152679050f946837366"
|
|
120
120
|
}
|