npm - @abtnode/core - Versions diffs - 1.17.5-beta-20251209-090953-3a59e7ac → 1.17.5-beta-20251214-122206-29056e8c - Mend

@abtnode/core 1.17.5-beta-20251209-090953-3a59e7ac → 1.17.5-beta-20251214-122206-29056e8c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/lib/api/team.js +71 -3
package/lib/blocklet/manager/disk.js +51 -40
package/lib/blocklet/manager/helper/blue-green-get-componentids.js +11 -16
package/lib/blocklet/manager/helper/blue-green-start-blocklet.js +118 -82
package/lib/blocklet/migration-dist/migration.cjs +1 -1
package/lib/migrations/index.js +4 -4
package/lib/monitor/blocklet-runtime-monitor.js +3 -5
package/lib/states/audit-log.js +34 -9
package/lib/states/blocklet-child.js +193 -0
package/lib/states/blocklet-extras.js +63 -1
package/lib/states/blocklet.js +292 -11
package/lib/states/index.js +4 -1
package/lib/states/notification.js +4 -2
package/lib/util/blocklet.js +112 -42
package/lib/util/migration-sqlite-to-postgres.js +240 -6
package/package.json +39 -39
package/lib/blocklet/manager/helper/blue-green-update-blocklet-status.js +0 -18

package/lib/states/audit-log.js CHANGED Viewed

@@ -11,6 +11,7 @@ const isString = require('lodash/isString');
 const mapValues = require('lodash/mapValues');
 const map = require('lodash/map');
 const omit = require('lodash/omit');
+const { Joi } = require('@arcblock/validator');
 const { joinURL } = require('ufo');
 const { Op } = require('sequelize');
 const { getDisplayName } = require('@blocklet/meta/lib/util');
@@ -22,6 +23,8 @@ const BaseState = require('./base');
 const { parse } = require('../util/ua');
 const { getScope } = require('../util/audit-log');
+const emailSchema = Joi.string().email().required();
 const getServerInfo = (info) =>
   `[${info.name}](${joinURL(process.env.NODE_ENV === 'production' ? info.routing.adminPath : '', '/settings/about')})`;
 /**
@@ -232,15 +235,26 @@ const getTaggingInfo = async (args, node, info) => {
 /**
  * 隐藏私密信息，主要字段有
  * 1. email
+ * 2. password
  */
-const hidePrivateInfo = (result) => {
-  const emailRegex =
-    /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+const hidePrivateInfo = (result, fields = []) => {
+  // 默认需要隐藏的字段（不区分大小写匹配）
+  const defaultFields = ['email', 'password'];
+  // 合并默认字段和自定义字段
+  const sensitiveFields = [...defaultFields, ...fields].map((f) => f.toLowerCase());
+  // 检查字段名是否需要隐藏
+  const isSensitiveField = (key) => {
+    if (!key) return false;
+    const lowerKey = key.toLowerCase();
+    return sensitiveFields.some((field) => lowerKey.includes(field));
+  };
   const processValue = (value, key) => {
-    // 如果字段名包含 email 或值是邮箱格式，则隐藏
-    if ((key && /email/i.test(key)) || (isString(value) && emailRegex.test(value))) {
-      return '***';
+    // 如果字段名匹配敏感字段，则隐藏
+    // 使用反引号包裹，以代码样式显示星号，避免被 Markdown 渲染为加粗/斜体
+    if (isSensitiveField(key) || (isString(value) && !emailSchema.validate(value).error)) {
+      return '`***`';
     }
     // 递归处理对象
@@ -351,8 +365,19 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `blocklet ${getBlockletInfo(result, info)} audit federated login member ${args.memberPid} with status: ${
         args.status
       }`;
-    case 'configNotification':
-      return `updated following notification setting: ${args.notification}`;
+    case 'configNotification': {
+      const { notification } = args;
+      const notificationObject = JSON.parse(notification || '{}');
+      const resultObj = {};
+      if (notificationObject.email) {
+        resultObj.email = hidePrivateInfo(notificationObject.email, ['from', 'host', 'password']);
+      }
+      if (notificationObject.push) {
+        resultObj.push = hidePrivateInfo(notificationObject.push);
+      }
+      return `updated following notification setting: ${JSON.stringify(resultObj)}`;
+    }
     case 'updateComponentTitle':
       return `update component title to **${args.title}**`;
     case 'updateComponentMountPoint':
@@ -1031,7 +1056,7 @@ class AuditLogState extends BaseState {
           componentDid: context?.user?.componentDid || null,
         });
-        logger.info('create', data);
+        logger.info('create', { action, userDid: actor.did, componentDid: context?.user?.componentDid || null });
         return resolve(data);
       } catch (err) {
         logger.error('create error', { error: err, action, args, context });

package/lib/states/blocklet-child.js ADDED Viewed

@@ -0,0 +1,193 @@
+/* eslint-disable no-underscore-dangle */
+const { BlockletStatus } = require('@blocklet/constant');
+const BaseState = require('./base');
+/**
+ * @extends BaseState<import('@abtnode/models').BlockletChildState>
+ */
+class BlockletChildState extends BaseState {
+  constructor(model, config = {}) {
+    super(model, config);
+  }
+  /**
+   * Get children by parent blocklet ID
+   * @param {string} parentBlockletId - The parent blocklet ID
+   * @returns {Promise<Array>} - Array of children
+   */
+  async getChildrenByParentId(parentBlockletId) {
+    if (!parentBlockletId) {
+      return [];
+    }
+    const children = await this.find({ parentBlockletId }, {}, { createdAt: 1 });
+    return children || [];
+  }
+  /**
+   * Delete children by parent blocklet ID
+   * @param {string} parentBlockletId - The parent blocklet ID
+   * @returns {Promise<number>} - Number of deleted children
+   */
+  deleteByParentId(parentBlockletId) {
+    if (!parentBlockletId) {
+      return 0;
+    }
+    return this.remove({ parentBlockletId });
+  }
+  async updateChildStatusRunning(parentBlockletId, childDid, isGreen, additionalUpdates = {}) {
+    const now = new Date();
+    const baseUpdates = {
+      ...additionalUpdates,
+      updatedAt: now,
+      startedAt: now,
+      stoppedAt: null,
+    };
+    if (isGreen) {
+      // 绿环境启动成功 -> 绿 running，蓝 stopped
+      await this.update(
+        { parentBlockletId, childDid },
+        {
+          $set: {
+            ...baseUpdates,
+            greenStatus: BlockletStatus.running,
+            status: BlockletStatus.stopped,
+          },
+        }
+      );
+    } else {
+      // 蓝环境启动成功 -> 蓝 running，绿 stopped
+      await this.update(
+        { parentBlockletId, childDid },
+        {
+          $set: {
+            ...baseUpdates,
+            greenStatus: BlockletStatus.stopped,
+            status: BlockletStatus.running,
+          },
+        }
+      );
+    }
+  }
+  async updateChildStatusError(parentBlockletId, childDid, isGreen, additionalUpdates = {}) {
+    const now = new Date();
+    const baseUpdates = {
+      ...additionalUpdates,
+      updatedAt: now,
+    };
+    if (isGreen) {
+      // 绿环境启动失败
+      await this.update(
+        { parentBlockletId, childDid },
+        {
+          $set: {
+            ...baseUpdates,
+            greenStatus: BlockletStatus.error,
+          },
+        }
+      );
+    } else {
+      // 蓝环境启动失败
+      await this.update(
+        { parentBlockletId, childDid },
+        {
+          $set: {
+            ...baseUpdates,
+            status: BlockletStatus.error,
+          },
+        }
+      );
+    }
+  }
+  /**
+   * Update child status only (without overwriting other fields)
+   * Used by setBlockletStatus to avoid race conditions in multi-process environments
+   * @param {string} parentBlockletId - The parent blocklet ID
+   * @param {string} childDid - The child DID
+   * @param {Object} options - Update options
+   * @param {number} options.status - The blue status to set
+   * @param {number} options.greenStatus - The green status to set
+   * @param {boolean} options.isGreen - Whether to update green status
+   * @param {boolean} options.isGreenAndBlue - Whether to update both statuses
+   * @param {string} options.operator - The operator
+   * @returns {Promise<Object>} - Updated child
+   */
+  async updateChildStatus(
+    parentBlockletId,
+    childDid,
+    { status, isGreen = false, isGreenAndBlue = false, operator } = {}
+  ) {
+    if (!parentBlockletId || !childDid) {
+      return null;
+    }
+    const updates = {
+      updatedAt: new Date(),
+      inProgressStart: Date.now(),
+    };
+    if (operator) {
+      updates.operator = operator;
+    }
+    if (isGreenAndBlue) {
+      updates.status = status;
+      updates.greenStatus = status;
+    } else if (isGreen) {
+      updates.greenStatus = status;
+    } else {
+      updates.status = status;
+    }
+    if (status === BlockletStatus.running) {
+      updates.startedAt = new Date();
+      updates.stoppedAt = null;
+    } else if (status === BlockletStatus.stopped) {
+      updates.startedAt = null;
+      updates.stoppedAt = new Date();
+    }
+    const [, [updated]] = await this.update({ parentBlockletId, childDid }, { $set: updates });
+    return updated;
+  }
+  /**
+   * Update child ports only (without affecting status fields)
+   * Used by refreshBlockletPorts to avoid overwriting status during concurrent operations
+   * @param {string} parentBlockletId - The parent blocklet ID
+   * @param {string} childDid - The child DID
+   * @param {Object} ports - The ports to set (for blue environment)
+   * @param {Object} greenPorts - The green ports to set (for green environment)
+   * @returns {Promise<Object>} - Updated child
+   */
+  async updateChildPorts(parentBlockletId, childDid, { ports, greenPorts } = {}) {
+    if (!parentBlockletId || !childDid) {
+      return null;
+    }
+    const updates = {
+      updatedAt: new Date(),
+    };
+    if (ports !== undefined) {
+      updates.ports = ports;
+    }
+    if (greenPorts !== undefined) {
+      updates.greenPorts = greenPorts;
+    }
+    // Only update if there's something to update
+    if (Object.keys(updates).length <= 1) {
+      return null;
+    }
+    const [, [updated]] = await this.update({ parentBlockletId, childDid }, { $set: updates });
+    return updated;
+  }
+}
+module.exports = BlockletChildState;

package/lib/states/blocklet-extras.js CHANGED Viewed

@@ -5,12 +5,20 @@ const logger = require('@abtnode/logger')('@abtnode/core:states:blocklet-extras'
 const camelCase = require('lodash/camelCase');
 const get = require('lodash/get');
 const { CustomError } = require('@blocklet/error');
+const security = require('@abtnode/util/lib/security');
+const cloneDeep = require('@abtnode/util/lib/deep-clone');
 const BaseState = require('./base');
 const { mergeConfigs, parseConfigs, encryptConfigs } = require('../blocklet/extras');
 const { validateAddMeta } = require('../validators/blocklet-extra');
+// settings 中需要加密的字段路径
+const SETTINGS_SECURE_FIELDS = ['notification.email.password'];
+// 加密数据的前缀标记，用于识别数据是否已加密
+const ENCRYPTED_PREFIX = 'ENC:';
 const noop = (k) => (v) => v[k];
 /**
@@ -31,15 +39,69 @@ class BlockletExtrasState extends BaseState {
       // setting
       {
         name: 'settings',
-        beforeSet: ({ old, cur }) => {
+        beforeSet: ({ old, cur, did, dek }) => {
           const merged = { ...old, ...cur };
           Object.keys(merged).forEach((key) => {
             if (merged[key] === undefined || merged[key] === null) {
               delete merged[key];
             }
           });
+          // 对敏感字段进行加密
+          const enableSecurity = dek && did;
+          if (enableSecurity) {
+            SETTINGS_SECURE_FIELDS.forEach((fieldPath) => {
+              const value = get(merged, fieldPath);
+              // 只加密 cur 中传入的新值，避免重复加密已存储的旧值
+              const newValue = get(cur, fieldPath);
+              if (newValue !== undefined && value) {
+                const keys = fieldPath.split('.');
+                let target = merged;
+                for (let i = 0; i < keys.length - 1; i++) {
+                  target = target[keys[i]];
+                }
+                // 添加前缀标记，用于识别已加密的数据
+                const encrypted = ENCRYPTED_PREFIX + security.encrypt(String(value), did, dek);
+                target[keys[keys.length - 1]] = encrypted;
+              }
+            });
+          }
           return merged;
         },
+        afterGet: ({ data, did, dek }) => {
+          if (!data) {
+            return data;
+          }
+          // 对敏感字段进行解密
+          const enableSecurity = dek && did;
+          if (enableSecurity) {
+            const result = cloneDeep(data);
+            SETTINGS_SECURE_FIELDS.forEach((fieldPath) => {
+              const value = get(result, fieldPath);
+              // 只有带有加密前缀的数据才需要解密，未加密的历史数据保持原值
+              if (value && typeof value === 'string' && value.startsWith(ENCRYPTED_PREFIX)) {
+                try {
+                  const keys = fieldPath.split('.');
+                  let target = result;
+                  for (let i = 0; i < keys.length - 1; i++) {
+                    target = target[keys[i]];
+                  }
+                  // 去掉前缀后解密
+                  const encryptedValue = value.slice(ENCRYPTED_PREFIX.length);
+                  target[keys[keys.length - 1]] = security.decrypt(encryptedValue, did, dek);
+                } catch {
+                  // 解密失败，保持原值（去掉前缀）
+                  logger.warn('Failed to decrypt settings field', { fieldPath });
+                }
+              }
+            });
+            return result;
+          }
+          return data;
+        },
       },
     ];