npm - @abtnode/core - Versions diffs - 1.17.8-beta-20260109-075740-5f484e08 → 1.17.8-beta-20260113-015027-32a1cec4 - Mend

@abtnode/core 1.17.8-beta-20260109-075740-5f484e08 → 1.17.8-beta-20260113-015027-32a1cec4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/lib/api/team/access-key-manager.js +104 -0
package/lib/api/team/invitation-manager.js +461 -0
package/lib/api/team/notification-manager.js +189 -0
package/lib/api/team/oauth-manager.js +60 -0
package/lib/api/team/org-crud-manager.js +202 -0
package/lib/api/team/org-manager.js +56 -0
package/lib/api/team/org-member-manager.js +403 -0
package/lib/api/team/org-query-manager.js +126 -0
package/lib/api/team/org-resource-manager.js +186 -0
package/lib/api/team/passport-manager.js +670 -0
package/lib/api/team/rbac-manager.js +335 -0
package/lib/api/team/session-manager.js +540 -0
package/lib/api/team/store-manager.js +198 -0
package/lib/api/team/tag-manager.js +230 -0
package/lib/api/team/user-auth-manager.js +132 -0
package/lib/api/team/user-manager.js +78 -0
package/lib/api/team/user-query-manager.js +299 -0
package/lib/api/team/user-social-manager.js +354 -0
package/lib/api/team/user-update-manager.js +224 -0
package/lib/api/team/verify-code-manager.js +161 -0
package/lib/api/team.js +439 -3287
package/lib/blocklet/manager/disk/auth-manager.js +68 -0
package/lib/blocklet/manager/disk/backup-manager.js +288 -0
package/lib/blocklet/manager/disk/cleanup-manager.js +157 -0
package/lib/blocklet/manager/disk/component-manager.js +83 -0
package/lib/blocklet/manager/disk/config-manager.js +191 -0
package/lib/blocklet/manager/disk/controller-manager.js +64 -0
package/lib/blocklet/manager/disk/delete-reset-manager.js +328 -0
package/lib/blocklet/manager/disk/download-manager.js +96 -0
package/lib/blocklet/manager/disk/env-config-manager.js +311 -0
package/lib/blocklet/manager/disk/federated-manager.js +651 -0
package/lib/blocklet/manager/disk/hook-manager.js +124 -0
package/lib/blocklet/manager/disk/install-component-manager.js +95 -0
package/lib/blocklet/manager/disk/install-core-manager.js +448 -0
package/lib/blocklet/manager/disk/install-download-manager.js +313 -0
package/lib/blocklet/manager/disk/install-manager.js +36 -0
package/lib/blocklet/manager/disk/install-upgrade-manager.js +340 -0
package/lib/blocklet/manager/disk/job-manager.js +467 -0
package/lib/blocklet/manager/disk/lifecycle-manager.js +26 -0
package/lib/blocklet/manager/disk/notification-manager.js +343 -0
package/lib/blocklet/manager/disk/query-manager.js +562 -0
package/lib/blocklet/manager/disk/settings-manager.js +507 -0
package/lib/blocklet/manager/disk/start-manager.js +611 -0
package/lib/blocklet/manager/disk/stop-restart-manager.js +292 -0
package/lib/blocklet/manager/disk/update-manager.js +153 -0
package/lib/blocklet/manager/disk.js +669 -5796
package/lib/blocklet/manager/helper/blue-green-start-blocklet.js +5 -0
package/lib/blocklet/manager/lock.js +18 -0
package/lib/event/index.js +28 -24
package/lib/util/blocklet/app-utils.js +192 -0
package/lib/util/blocklet/blocklet-loader.js +258 -0
package/lib/util/blocklet/config-manager.js +232 -0
package/lib/util/blocklet/did-document.js +240 -0
package/lib/util/blocklet/environment.js +555 -0
package/lib/util/blocklet/health-check.js +449 -0
package/lib/util/blocklet/install-utils.js +365 -0
package/lib/util/blocklet/logo.js +57 -0
package/lib/util/blocklet/meta-utils.js +269 -0
package/lib/util/blocklet/port-manager.js +141 -0
package/lib/util/blocklet/process-manager.js +504 -0
package/lib/util/blocklet/runtime-info.js +105 -0
package/lib/util/blocklet/validation.js +418 -0
package/lib/util/blocklet.js +98 -3066
package/lib/util/wallet-app-notification.js +40 -0
package/package.json +22 -22

package/lib/api/team/rbac-manager.js ADDED Viewed

@@ -0,0 +1,335 @@
+const pick = require('lodash/pick');
+const logger = require('@abtnode/logger')('@abtnode/core:api:team:rbac');
+const { ROLES, genPermissionName } = require('@abtnode/constant');
+const { validateCreateRole, validateUpdateRole } = require('../../validators/role');
+const { validateCreatePermission, validateUpdatePermission } = require('../../validators/permission');
+const validateReservedRole = (role) => {
+  if (Object.values(ROLES).includes(role)) {
+    throw new Error(`The role ${role} is reserved`);
+  }
+  return true;
+};
+/**
+ * Get role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {Object} params.role - Role data
+ * @returns {Promise<Object>}
+ */
+async function getRole(api, { teamDid, role: { name } = {} }) {
+  if (!name) {
+    throw new Error('role name is invalid');
+  }
+  const rbac = await api.getRBAC(teamDid);
+  const role = await rbac.getRole(name);
+  return role ? pick(role, ['name', 'grants', 'title', 'description', 'extra', 'orgId']) : null;
+}
+/**
+ * Create role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.name - Role name
+ * @param {string} params.description - Role description
+ * @param {string} params.title - Role title
+ * @param {string} params.childName - Child name
+ * @param {Array} params.permissions - Permissions
+ * @param {string} params.extra - Extra data (JSON string)
+ * @param {string} params.orgId - Organization ID
+ * @returns {Promise<Object>}
+ */
+async function createRole(api, { teamDid, name, description, title, childName, permissions = [], extra: raw, orgId }) {
+  logger.info('create role', { teamDid, name, description, childName, permissions, raw });
+  const attrs = { name, title, description, childName, permissions, orgId };
+  if (raw) {
+    try {
+      attrs.extra = JSON.parse(raw);
+    } catch (err) {
+      throw new Error('extra should be a valid json string');
+    }
+  }
+  await validateCreateRole(pick(attrs, ['name', 'title', 'description', 'extra']));
+  validateReservedRole(name);
+  const rbac = await api.getRBAC(teamDid);
+  let role;
+  try {
+    role = await rbac.createRole(attrs);
+    return pick(role, ['name', 'title', 'grants', 'description', 'extra', 'orgId']);
+  } catch (err) {
+    if (new RegExp(`Item ${name} already exists`).test(err.message)) {
+      throw new Error(`Id ${name} already exists`);
+    }
+    throw err;
+  }
+}
+/**
+ * Update role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {Object} params.role - Role data
+ * @param {string} params.orgId - Organization ID
+ * @returns {Promise<Object>}
+ */
+async function updateRole(api, { teamDid, role: { name, title, description, extra: raw } = {}, orgId }) {
+  logger.info('update role', { teamDid, name, title, description, raw });
+  const attrs = { name, title, description, orgId };
+  if (raw) {
+    try {
+      attrs.extra = JSON.parse(raw);
+    } catch (err) {
+      throw new Error('extra should be a valid json string');
+    }
+  }
+  await validateUpdateRole(pick(attrs, ['name', 'title', 'description', 'extra']));
+  const rbac = await api.getRBAC(teamDid);
+  const state = await rbac.updateRole(attrs);
+  return pick(state, ['name', 'title', 'grants', 'description', 'extra', 'orgId']);
+}
+/**
+ * Get permissions
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @returns {Promise<Array>}
+ */
+async function getPermissions(api, { teamDid }) {
+  const rbac = await api.getRBAC(teamDid);
+  const permissions = await rbac.getPermissions();
+  return permissions.map((d) => {
+    d.isProtected = !!(d.extra && d.extra.isProtected);
+    return pick(d, ['name', 'description', 'isProtected']);
+  });
+}
+/**
+ * Create permission
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.name - Permission name
+ * @param {string} params.description - Permission description
+ * @returns {Promise<Object>}
+ */
+async function createPermission(api, { teamDid, name, description }) {
+  logger.info('create permissions', { teamDid, name });
+  await validateCreatePermission({ name, description });
+  const rbac = await api.getRBAC(teamDid);
+  const added = await rbac.createPermission({ name, description });
+  return pick(added, ['name', 'description']);
+}
+/**
+ * Update permission
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {Object} params.permission - Permission data
+ * @returns {Promise<Object>}
+ */
+async function updatePermission(api, { teamDid, permission: { name, description } = {} }) {
+  logger.info('update permission', { teamDid, name, description });
+  await validateUpdatePermission({ name, description });
+  const rbac = await api.getRBAC(teamDid);
+  const state = await rbac.updatePermission({ name, description });
+  return pick(state, ['name', 'description']);
+}
+/**
+ * Grant permission to role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.roleName - Role name
+ * @param {string} params.grantName - Grant name
+ * @returns {Promise<boolean>}
+ */
+async function grant(api, { teamDid, roleName, grantName }) {
+  logger.info('grant', { teamDid, roleName, grantName });
+  const rbac = await api.getRBAC(teamDid);
+  await rbac.grant(roleName, grantName);
+  return true;
+}
+/**
+ * Revoke permission from role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.roleName - Role name
+ * @param {string} params.grantName - Grant name
+ * @returns {Promise<boolean>}
+ */
+async function revoke(api, { teamDid, roleName, grantName }) {
+  logger.info('revoke', { teamDid, roleName, grantName });
+  const rbac = await api.getRBAC(teamDid);
+  await rbac.revoke(roleName, grantName);
+  return true;
+}
+/**
+ * Update grants for role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.roleName - Role name
+ * @param {Array} params.grantNames - Grant names
+ * @returns {Promise<Object>}
+ */
+async function updateGrants(api, { teamDid, roleName, grantNames }) {
+  logger.info('update grants', { teamDid, roleName, grantNames });
+  const rbac = await api.getRBAC(teamDid);
+  const role = await rbac.updateGrants(roleName, grantNames);
+  return pick(role, ['name', 'grants', 'title', 'description']);
+}
+/**
+ * Delete role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.name - Role name
+ * @returns {Promise<boolean>}
+ */
+async function deleteRole(api, { teamDid, name }) {
+  logger.info('delete role', { teamDid, name });
+  validateReservedRole(name);
+  const rbac = await api.getRBAC(teamDid);
+  await rbac.removeRole(name);
+  return true;
+}
+/**
+ * Delete permission
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.name - Permission name
+ * @returns {Promise<boolean>}
+ */
+async function deletePermission(api, { teamDid, name }) {
+  logger.info('delete permission', { teamDid, name });
+  const rbac = await api.getRBAC(teamDid);
+  const permission = await rbac.getPermission(name);
+  if (permission.extra && permission.extra.isProtected) {
+    throw new Error(`The permission ${name} is reserved`);
+  }
+  await rbac.removePermission(name);
+  return true;
+}
+/**
+ * Get permissions by role
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {Object} params.role - Role data
+ * @returns {Promise<Array>}
+ */
+async function getPermissionsByRole(api, { teamDid, role }) {
+  const rbac = await api.getRBAC(teamDid);
+  const permissions = await rbac.getScope(role.name, true);
+  return permissions.map((d) => pick(d, ['name', 'description']));
+}
+/**
+ * Check if role has permission
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} params
+ * @param {string} params.teamDid - Team DID
+ * @param {string} params.role - Role name
+ * @param {string} params.permission - Permission name
+ * @returns {Promise<boolean>}
+ */
+async function hasPermission(api, { teamDid, role, permission }) {
+  const rbac = await api.getRBAC(teamDid);
+  const has = await rbac.can(role, ...permission.split('_'));
+  return has;
+}
+/**
+ * Refresh blocklet interface permissions
+ * @param {Object} api - TeamAPI instance
+ * @param {Object} blockletMeta - Blocklet metadata
+ * @returns {Promise<void>}
+ */
+async function refreshBlockletInterfacePermissions(api, blockletMeta) {
+  const { did, interfaces } = blockletMeta;
+  const rbac = await api.getRBAC(did);
+  const oldPermissions = await getPermissions(api, { teamDid: did });
+  await Promise.all(
+    (interfaces || []).map(async ({ name, type }) => {
+      const permissionName = genPermissionName(name);
+      if (type === 'web') {
+        if (!oldPermissions.some((x) => x.name === permissionName)) {
+          await rbac.createPermission({
+            name: permissionName,
+            description: `Access resources under the ${name} interface`,
+            extra: {
+              isProtected: true,
+            },
+          });
+        }
+      }
+    })
+  );
+}
+module.exports = {
+  validateReservedRole,
+  getRole,
+  createRole,
+  updateRole,
+  getPermissions,
+  createPermission,
+  updatePermission,
+  grant,
+  revoke,
+  updateGrants,
+  deleteRole,
+  deletePermission,
+  getPermissionsByRole,
+  hasPermission,
+  refreshBlockletInterfacePermissions,
+};