@abtnode/core 1.4.12 → 1.5.1

package/lib/api/team.js

@@ -601,24 +601,20 @@ class TeamAPI extends EventEmitter {
     const rbac = await this.getRBAC(did);
 
     const oldPermissions = await this.getPermissions({ teamDid: did });
-    await Promise.all(
-      (oldPermissions || []).map(async ({ name, isProtected }) => {
-        if (isProtected) {
-          await rbac.removePermission(name);
-        }
-      })
-    );
 
     await Promise.all(
       (interfaces || []).map(async ({ name, type }) => {
+        const permissionName = genPermissionName(name);
         if (type === 'web') {
-          await rbac.createPermission({
-            name: genPermissionName(name),
-            description: `Access resources under the ${name} interface`,
-            extra: {
-              isProtected: true,
-            },
-          });
+          if (!oldPermissions.some((x) => x.name === permissionName)) {
+            await rbac.createPermission({
+              name: permissionName,
+              description: `Access resources under the ${name} interface`,
+              extra: {
+                isProtected: true,
+              },
+            });
+          }
         }
       })
     );

package/lib/blocklet/manager/disk.js

@@ -34,6 +34,7 @@ const {
   fromBlockletSource,
 } = require('@blocklet/meta/lib/constants');
 const util = require('../../util');
+const getAccessibleExternalNodeIp = require('../../util/get-accessible-external-node-ip');
 const {
   forEachBlocklet,
   getBlockletDirs,
@@ -900,7 +901,8 @@ class BlockletManager extends BaseBlockletManager {
         // Put shorter url first
         return a.from.pathPrefix.length < b.from.pathPrefix ? 1 : -1;
       });
-      blocklet.interfaces = getBlockletInterfaces({ blocklet, context, nodeInfo, sites: routingRules });
+      const nodeIp = await getAccessibleExternalNodeIp(nodeInfo);
+      blocklet.interfaces = getBlockletInterfaces({ blocklet, context, nodeInfo, sites: routingRules, nodeIp });
 
       try {
         const { appId } = blocklet.meta.group === BlockletGroup.gateway ? blocklet.children[0].env : blocklet.env;

package/lib/index.js

@@ -129,7 +129,6 @@ function ABTNode(options) {
     getRoutingSites,
     getSnapshotSites,
     ensureDashboardRouting,
-    ensureIpDnsRouting,
     ensureBlockletRouting,
     ensureBlockletRoutingForUpgrade,
     removeBlockletRouting,
@@ -305,7 +304,6 @@ function ABTNode(options) {
     takeRoutingSnapshot,
     getSitesFromSnapshot,
     ensureDashboardRouting,
-    ensureIpDnsRouting,
 
     addDomainAlias: routerManager.addDomainAlias.bind(routerManager),
     deleteDomainAlias: routerManager.deleteDomainAlias.bind(routerManager),

package/lib/migrations/1.5.0-site.js

@@ -0,0 +1,34 @@
+const { SLOT_FOR_IP_DNS_SITE } = require('@abtnode/constant');
+
+module.exports = async ({ states, node, printInfo }) => {
+  printInfo('Migrate ip dns site for blocklet...');
+
+  const sites = await states.site.getSites();
+  let changed = false;
+
+  // remove system blocklet site of ip-dns-domain if ip is not 888-888-888-888. e.g. static-demo-abc-192-168-3-28.ip.abtnet.io
+  // keep system blocklet site of ip-dns-domain only if ip is 888-888-888-888. e.g. static-demo-abc-888-888-888-888.ip.abtnet.io
+  for (const site of sites) {
+    if (site.isProtected) {
+      const ipRegex = /\w{3}-(\d+-\d+-\d+-\d+)\.ip\.abtnet\.io$/;
+      const match = ipRegex.exec(site.domain);
+      if (match) {
+        if (match[1] !== SLOT_FOR_IP_DNS_SITE) {
+          // eslint-disable-next-line no-await-in-loop
+          await states.site.remove({ _id: site.id });
+          printInfo(`Delete site: ${site.domain}`);
+          changed = true;
+        }
+      }
+    }
+  }
+
+  if (changed) {
+    await node.takeRoutingSnapshot({
+      message: 'Migrate ip dns site for blocklet',
+      dryRun: false,
+      handleRouting: false,
+    });
+    printInfo('Take routing snapshot');
+  }
+};

package/lib/router/helper.js

@@ -24,7 +24,6 @@ const {
   ROUTING_RULE_TYPES,
   CERTIFICATE_EXPIRES_OFFSET,
   CERTIFICATE_EXPIRES_WARNING_OFFSET,
-  DEFAULT_DASHBOARD_DOMAIN,
   DEFAULT_DAEMON_PORT,
 } = require('@abtnode/constant');
 const {
@@ -45,7 +44,6 @@ const {
   getWellknownSitePort,
 } = require('../util');
 const { getServicesFromBlockletInterface } = require('../util/service');
-const { getAccessibleIp, getAccessibleIpDnsDomainForNode } = require('../util/get-accessible-ip');
 const getIpDnsDomainForBlocklet = require('../util/get-ip-dns-domain-for-blocklet');
 
 const Router = require('./index');
@@ -132,6 +130,27 @@ const attachInterfaceUrls = async ({ sites = [], context }) => {
   });
 };
 
+const addCorsToSite = (site, rawUrl) => {
+  if (!site || !rawUrl) {
+    return;
+  }
+  try {
+    const url = new URL(rawUrl);
+    if (!Array.isArray(site.corsAllowedOrigins)) {
+      site.corsAllowedOrigins = [];
+    }
+
+    if (!site.corsAllowedOrigins.includes(url.hostname)) {
+      site.corsAllowedOrigins.push(url.hostname);
+    }
+  } catch (err) {
+    // Do nothing
+  }
+};
+
+const isBasicSite = (domain) =>
+  [DOMAIN_FOR_INTERNAL_SITE, DOMAIN_FOR_IP_SITE, DOMAIN_FOR_DEFAULT_SITE, DOMAIN_FOR_IP_SITE_REGEXP].includes(domain);
+
 const ensureLatestNodeInfo = async (sites = [], { withDefaultCors = true } = {}) => {
   const info = await states.node.read();
   return sites.map((site) => {
@@ -152,26 +171,11 @@ const ensureLatestNodeInfo = async (sites = [], { withDefaultCors = true } = {})
       site.domain = DOMAIN_FOR_IP_SITE_REGEXP;
 
       if (withDefaultCors) {
-        const addDefaultCors = (rawUrl) => {
-          if (!rawUrl) {
-            return;
-          }
-          try {
-            const url = new URL(rawUrl);
-            if (!Array.isArray(site.corsAllowedOrigins)) {
-              site.corsAllowedOrigins = [];
-            }
-
-            site.corsAllowedOrigins.push(url.hostname);
-          } catch (err) {
-            // Do nothing
-          }
-        };
         // Allow CORS from "Install on ABT Node"
-        addDefaultCors(info.registerUrl);
+        addCorsToSite(site, info.registerUrl);
 
         // Allow CORS from "Web Wallet"
-        addDefaultCors(info.webWalletUrl);
+        addCorsToSite(site, info.webWalletUrl);
       }
     }
 
@@ -214,14 +218,7 @@ const ensureWellknownRule = async (sites) => {
 
   for (const site of tempSites) {
     // 不向 default site & ip site & wellknown site 添加 wellknown rule
-    const isBasicSite = [
-      DOMAIN_FOR_INTERNAL_SITE,
-      DOMAIN_FOR_IP_SITE,
-      DOMAIN_FOR_DEFAULT_SITE,
-      DOMAIN_FOR_IP_SITE_REGEXP,
-    ].includes(site.domain);
-
-    if (!isBasicSite) {
+    if (!isBasicSite(site.domain)) {
       const isExists = site.rules.find((x) => x.from.pathPrefix === WELLKNOWN_PATH_PREFIX);
 
       if (!isExists) {
@@ -241,9 +238,21 @@ const ensureWellknownRule = async (sites) => {
   return tempSites;
 };
 
+const ensureCorsForWebWallet = async (sites) => {
+  const info = await states.node.read();
+  for (const site of sites) {
+    if (!isBasicSite(site.domain)) {
+      // Allow CORS from "Web Wallet"
+      addCorsToSite(site, info.webWalletUrl);
+    }
+  }
+  return sites;
+};
+
 const ensureLatestInfo = async (sites = [], { withDefaultCors = true } = {}) => {
   let result = await ensureLatestNodeInfo(sites, { withDefaultCors });
   result = await ensureWellknownRule(result);
+  result = await ensureCorsForWebWallet(result);
   return ensureLatestInterfaceInfo(result);
 };
 
@@ -321,27 +330,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   const httpsCertState = states.certificate;
   const notification = states.notification;
 
-  let _nodeDomainRequest = null; // singleton of node-domain-request
-  const _getIpDnsDomainForNode = ({ nodeInfo = {} } = {}) => {
-    const timeout = process.env.NODE_ENV === 'test' ? 500 : 5000;
-    if (_nodeDomainRequest) {
-      return _nodeDomainRequest;
-    }
-
-    const req = getAccessibleIpDnsDomainForNode({ nodeInfo, timeout });
-    _nodeDomainRequest = req;
-
-    req
-      .then(() => {
-        _nodeDomainRequest = null;
-      })
-      .catch(() => {
-        _nodeDomainRequest = null;
-      });
-
-    return req;
-  };
-
   // site level duplication detection
   const hasRuleByPrefix = (site, value) => site.rules.find((x) => x.isProtected && get(x, 'from.pathPrefix') === value);
 
@@ -580,13 +568,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   const _ensureBlockletSites = async (blocklet, sites, nodeInfo, context = {}) => {
     const interfaces = (blocklet.meta.interfaces || []).filter((x) => x.type === BLOCKLET_INTERFACE_TYPE_WEB);
 
-    const nodeDomain = await _getIpDnsDomainForNode({ nodeInfo });
-
-    if (!nodeDomain) {
-      logger.error('IpDnsDomain of abtnode does not found');
-      return false;
-    }
-
     const getPrefix = (str) => {
       if (!str || str === '*') {
         return '/';
@@ -596,34 +577,57 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
 
     const changes = await Promise.all(
       interfaces.map(async (x) => {
-        let changed = false; // if state db changed
+        const domain = getIpDnsDomainForBlocklet(blocklet, x);
+        const pathPrefix = getPrefix(x.prefix);
+        const rule = {
+          from: { pathPrefix },
+          to: {
+            port: findInterfacePortByName(blocklet, x.name),
+            did: blocklet.meta.did,
+            type: ROUTING_RULE_TYPES.BLOCKLET,
+            interfaceName: x.name, // root blocklet interface
+          },
+          isProtected: true,
+        };
 
-        const domain = getIpDnsDomainForBlocklet(blocklet, x, nodeDomain);
+        let changed = false; // if state db changed
 
-        if (!(await states.site.domainExists(domain))) {
+        const exist = await states.site.findOne({ domain });
+        if (!exist) {
           await routerManager.addRoutingSite(
             {
               site: {
                 domain,
                 isProtected: true,
-                rules: [
-                  {
-                    from: { pathPrefix: getPrefix(x.prefix) },
-                    to: {
-                      port: findInterfacePortByName(blocklet, x.name),
-                      did: blocklet.meta.did,
-                      type: ROUTING_RULE_TYPES.BLOCKLET,
-                      interfaceName: x.name, // root blocklet interface
-                    },
-                    isProtected: true,
-                  },
-                ],
+                rules: [rule],
               },
               skipCheckDynamicBlacklist: true,
             },
             context
           );
+          logger.info('add routing site', { site: domain });
 
+          changed = true;
+        } else {
+          const existRule = (exist.rules || []).find((y) => get(y, 'from.pathPrefix') === pathPrefix);
+          if (existRule) {
+            await routerManager.updateRoutingRule({
+              id: exist.id,
+              rule: {
+                ...rule,
+                id: exist.id,
+              },
+              skipProtectedRuleChecking: true,
+            });
+            logger.info('update routing rule for site', { site: domain });
+          } else {
+            await routerManager.addRoutingRule({
+              id: exist.id,
+              rule,
+              skipProtectedRuleChecking: true,
+            });
+            logger.info('add routing rule for site', { site: domain });
+          }
           changed = true;
         }
 
@@ -773,14 +777,13 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   };
 
   const _removeBlockletSites = async (blocklet, nodeInfo, context = {}) => {
-    const nodeDomain = await _getIpDnsDomainForNode({ nodeInfo });
     const interfaces = (blocklet.meta.interfaces || []).filter((x) => x.type === BLOCKLET_INTERFACE_TYPE_WEB);
 
     const changes = await Promise.all(
       interfaces.map(async (x) => {
         let changed = false;
 
-        const domain = getIpDnsDomainForBlocklet(blocklet, x, nodeDomain);
+        const domain = getIpDnsDomainForBlocklet(blocklet, x);
 
         const site = await states.site.findOne({ domain });
         if (
@@ -824,46 +827,44 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
 
     const sites = await siteState.getSites();
 
-    const changes = await Promise.all([
-      _ensureBlockletRulesForDashboardSite(blocklet, sites, nodeInfo, context),
+    const tasks = [
       _ensureBlockletRulesForWellknownSite(blocklet, sites, context),
       _ensureBlockletSites(blocklet, sites, nodeInfo, context),
-    ]);
+    ];
+
+    if (nodeInfo.mode === NODE_MODES.DEBUG || ['e2e', 'test'].includes(process.env.NODE_ENV)) {
+      logger.info('Add blocklet endpoint in dashboard site', {
+        nodeMode: nodeInfo.mode,
+        NODE_ENV: process.env.NODE_ENV,
+      });
+      tasks.push(_ensureBlockletRulesForDashboardSite(blocklet, sites, nodeInfo, context));
+    }
+
+    const changes = await Promise.all(tasks);
 
     return changes.some(Boolean);
   };
 
   /**
-   * Update routing for blocklet when blocklet is upgraded
-   * This function should be called after `ensureDashboardRouting`
+   * remove custom rules of blocklet in old interface does not exist
+   * update custom rules of blocklet
    *
    * @returns {boolean} if routing changed
    */
-  const ensureBlockletRoutingForUpgrade = async (blocklet, context = {}) => {
-    const nodeInfo = await nodeState.read();
-    const provider = getProviderFromNodeInfo(nodeInfo);
-    if (provider === ROUTER_PROVIDER_NONE) {
-      return false;
-    }
-
+  const ensureBlockletCustomRouting = async (blocklet) => {
     const interfaces = (blocklet.meta.interfaces || []).filter((x) => x.type === BLOCKLET_INTERFACE_TYPE_WEB);
     const hasInterface = (name) => interfaces.some((x) => x.name === name);
-
-    // If no interfaces found, all routing rules should be removed, this rarely happens, but this logic is needed
-    if (interfaces.length === 0) {
-      return routerManager.deleteRoutingRulesItemByDid({ did: blocklet.meta.did }, context);
-    }
-
-    // First, we need ensure system rules for blocklet on dashboard site
-    let changed = await ensureBlockletRouting(blocklet, context);
-
-    // Then, we need to remove rules whose corresponding interface is not there any more
     const sites = await siteState.getRulesByDid(blocklet.meta.did);
+    let changed = false;
+
     for (const site of sites) {
       const rulesToRemove = [];
       const rulesToUpdate = [];
+
+      // get rule to remove and to update
       for (const rule of site.rules) {
         if (
+          rule.isProtected ||
           rule.to.type !== ROUTING_RULE_TYPES.BLOCKLET ||
           !rule.to.interfaceName ||
           rule.to.did !== blocklet.meta.did
@@ -874,103 +875,77 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
 
         if (hasInterface(rule.to.interfaceName) === false) {
           rulesToRemove.push(rule.id);
-        }
-
-        if (rule.to.type === ROUTING_RULE_TYPES.BLOCKLET && rule.id === rule.groupId && !rule.isProtected) {
+        } else {
           rulesToUpdate.push(rule);
         }
       }
 
+      // update rule
       for (const rule of rulesToUpdate) {
         // eslint-disable-next-line no-await-in-loop
         await routerManager.updateRoutingRule({ id: site.id, rule });
         changed = true;
       }
 
-      if (rulesToRemove.length === 0) {
-        // eslint-disable-next-line no-continue
-        continue;
-      }
-
-      try {
-        // eslint-disable-next-line no-await-in-loop
-        await states.site.update(
-          { _id: site.id },
-          { $set: { rules: site.rules.filter((x) => rulesToRemove.includes(x.id) === false) } }
-        );
-        changed = true;
-        logger.info('remove routing rule since interface does not exist', { rulesToRemove, did: blocklet.meta.did });
-      } catch (err) {
-        logger.error('failed to remove routing rule since interface does not exist', {
-          rulesToRemove,
-          did: blocklet.meta.did,
-          error: err,
-        });
+      // delete rule
+      if (rulesToRemove.length > 0) {
+        try {
+          // eslint-disable-next-line no-await-in-loop
+          await states.site.update(
+            { _id: site.id },
+            { $set: { rules: site.rules.filter((x) => rulesToRemove.includes(x.id) === false) } }
+          );
+          changed = true;
+          logger.info('remove routing rule since interface does not exist', { rulesToRemove, did: blocklet.meta.did });
+        } catch (err) {
+          logger.error('failed to remove routing rule since interface does not exist', {
+            rulesToRemove,
+            did: blocklet.meta.did,
+            error: err,
+          });
+        }
       }
     }
 
-    await _removeBlockletSites(blocklet, nodeInfo, context);
-
     return changed;
   };
 
   /**
-   * Remove routing for blocklet
+   * Update routing for blocklet when blocklet is upgraded
+   * This function should be called after `ensureDashboardRouting`
    *
    * @returns {boolean} if routing changed
    */
-  const removeBlockletRouting = async (blocklet, context = {}) => {
+  const ensureBlockletRoutingForUpgrade = async (blocklet, context = {}) => {
     const nodeInfo = await nodeState.read();
+    const provider = getProviderFromNodeInfo(nodeInfo);
+    if (provider === ROUTER_PROVIDER_NONE) {
+      return false;
+    }
 
-    const ruleChanged = await routerManager.deleteRoutingRulesItemByDid({ did: blocklet.meta.did }, context);
-    const siteChanged = await _removeBlockletSites(blocklet, nodeInfo, context);
+    await routerManager.deleteRoutingRulesItemByDid(
+      { did: blocklet.meta.did, ruleFilter: (x) => x.isProtected },
+      context
+    );
+    await ensureBlockletCustomRouting(blocklet, context);
+    await ensureBlockletRouting(blocklet, context);
 
-    return ruleChanged || siteChanged;
+    // Always return true to trigger update of provider
+    return true;
   };
 
   /**
-   * Refresh ip of in ip-dns-domain if ip changed
+   * Remove routing for blocklet
+   *
+   * @returns {boolean} if routing changed
    */
-  const ensureIpDnsRouting = async (context = {}, output) => {
+  const removeBlockletRouting = async (blocklet, context = {}) => {
     const nodeInfo = await nodeState.read();
-    const sites = await siteState.getSites();
-
-    const ip = await getAccessibleIp(nodeInfo);
-    if (!ip) {
-      logger.error('Cannot get get accessible ip for this node');
-      return false;
-    }
-
-    const formattedIp = ip.replace(/\./g, '-');
-    const suffix = DEFAULT_DASHBOARD_DOMAIN.replace(/^\*/, '');
-    const domainSuffixRegex = new RegExp(`(\\d+-\\d+-\\d+-\\d+)${suffix.replace(/\./g, '\\.')}$`); // xxx-xxx-xxx-xxx.ip.abtnet.io
-    const domainSuffix = `${formattedIp}${suffix}`;
-
-    const changes = [];
-
-    sites.forEach((x) => {
-      const match = domainSuffixRegex.exec(x.domain);
-      if (match && match[1] !== formattedIp) {
-        const domain = x.domain.replace(domainSuffixRegex, domainSuffix);
-        changes.push({ id: x.id, domain });
-      }
-    });
-
-    if (changes.length) {
-      for (const change of changes) {
-        // eslint-disable-next-line no-await-in-loop
-        await siteState.update({ _id: change.id }, { $set: { domain: change.domain } });
-        if (typeof output === 'function') {
-          output(`Blocklet endpoint was updated: ${change.domain}`);
-        }
-      }
 
-      const hash = await takeRoutingSnapshot({ message: 'ensure ip dns routing rules', dryRun: false }, context);
-      logger.info('take routing snapshot on ensure dashboard routing rules', { changes, hash });
-      return true;
-    }
+    const ruleChanged = await routerManager.deleteRoutingRulesItemByDid({ did: blocklet.meta.did }, context);
+    const siteChanged = await _removeBlockletSites(blocklet, nodeInfo, context);
 
-    return false;
+    return ruleChanged || siteChanged;
   };
 
   async function readRoutingSites() {
@@ -1138,8 +1113,14 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     return result;
   };
 
+  /**
+   * @param {string} message
+   * @param {boolean} dryRun
+   * @param {boolean} handleRouting if NOT dryRun and handleRouting is true, will run handleRouting() after update routing
+   * @returns
+   */
   // eslint-disable-next-line no-unused-vars
-  const takeRoutingSnapshot = async ({ message, dryRun = true }, context = {}) => {
+  const takeRoutingSnapshot = async ({ message, dryRun = true, handleRouting: handle = true }, context = {}) => {
     const msg = decodeURIComponent(message);
 
     if (!msg) {
@@ -1158,8 +1139,10 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     if (!dryRun) {
       const nodeInfo = await nodeState.read();
       const result = await nodeState.updateNodeRouting({ ...nodeInfo.routing, snapshotHash: hash });
-      await handleRouting(nodeInfo);
-      logger.debug('takeRoutingSnapshot', { dryRun, result });
+      if (handle) {
+        await handleRouting(nodeInfo);
+      }
+      logger.debug('takeRoutingSnapshot', { dryRun, result, handleRouting: handle });
     }
 
     return hash;
@@ -1282,7 +1265,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     getCertificates,
     getSitesFromSnapshot,
     checkDomain,
-    ensureIpDnsRouting,
 
     getRoutingCrons: () => [
       {

package/lib/router/index.js

@@ -48,6 +48,23 @@ const mergeAllowedOrigins = (domain, allowedOrigins) => {
   return origins;
 };
 
+const getRoutingTable = ({ sites, nodeInfo }) => {
+  let routingTable = Router.formatSites(sites);
+  routingTable = expandSites(routingTable);
+
+  // put dashboardDomain to last, to let blockletDomain match first
+  // e.g.
+  //  dashboardDomain: 192-168-3-2.ip.abtnet.io
+  //  blockletDomain: static-demo-xxx-192-168-3-2.ip.abtnet.io
+  const dashboardDomain = get(nodeInfo, 'routing.dashboardDomain', '');
+  const index = routingTable.findIndex((x) => x.domain === dashboardDomain);
+  if (index > -1) {
+    routingTable.push(...routingTable.splice(index, 1));
+  }
+
+  return routingTable;
+};
+
 class Router {
   /**
    * Router
@@ -77,12 +94,13 @@ class Router {
 
     logger.info('updateRoutingTable sites:', { sites });
 
-    this.routingTable = Router.formatSites(sites);
+    this.routingTable = getRoutingTable({ sites, nodeInfo });
+
     logger.info('updateRoutingTable routingTable:', { routingTable: this.routingTable });
     logger.info('updateRoutingTable certificates:', { certificates: certificates.map((item) => item.domain) });
 
     await this.provider.update({
-      routingTable: expandSites(this.routingTable),
+      routingTable: this.routingTable,
       certificates,
       globalHeaders: headers,
       services,
@@ -218,5 +236,6 @@ Router.flattenSitesToRules = (sites = [], info = {}) => {
 };
 
 Router._expandSites = expandSites; // eslint-disable-line no-underscore-dangle
+Router._getRoutingTable = getRoutingTable; // eslint-disable-line no-underscore-dangle
 
 module.exports = Router;

package/lib/states/blocklet.js

@@ -1,6 +1,7 @@
 /* eslint-disable no-await-in-loop */
 /* eslint-disable function-paren-newline */
 /* eslint-disable no-underscore-dangle */
+const omit = require('lodash/omit');
 const uniq = require('lodash/uniq');
 const detectPort = require('detect-port');
 const Lock = require('@abtnode/util/lib/lock');
@@ -128,8 +129,6 @@ class BlockletState extends BaseState {
             // get ports
             await lock.acquire();
 
-            delete meta.htmlAst;
-
             const ports = await this.getBlockletPorts({ interfaces: sanitized.interfaces || [] });
 
             const children = await this.fillChildrenPorts(this.getChildrenFromMetas(childrenMeta), {
@@ -140,7 +139,7 @@ class BlockletState extends BaseState {
             this.db.insert(
               {
                 mode,
-                meta: sanitized,
+                meta: omit(sanitized, ['htmlAst']),
                 status,
                 source,
                 deployedFrom,
@@ -177,13 +176,15 @@ class BlockletState extends BaseState {
           }
 
           try {
+            fixPerson(meta);
+            fixInterfaces(meta);
+            const sanitized = validateBlockletMeta(meta);
+
             // get ports
             await lock.acquire();
 
-            delete meta.htmlAst;
-
             const ports = await this.getBlockletPorts({
-              interfaces: meta.interfaces || [],
+              interfaces: sanitized.interfaces || [],
               skipOccupiedCheckPorts: getExternalPortsFromMeta(doc.meta),
             });
             Object.keys(ports).forEach((p) => {
@@ -197,7 +198,7 @@ class BlockletState extends BaseState {
             // add to db
             const newDoc = await this.updateById(doc._id, {
               $set: {
-                meta,
+                meta: omit(sanitized, ['htmlAst']),
                 source,
                 deployedFrom,
                 children,
@@ -205,6 +206,7 @@ class BlockletState extends BaseState {
               },
             });
             lock.release();
+            this.emit('upgrade', newDoc);
             resolve(newDoc);
           } catch (err) {
             lock.release();

package/lib/team/manager.js

@@ -38,12 +38,14 @@ class TeamManager extends EventEmitter {
 
   async init() {
     // listen blocklet state
-    this.states.blocklet.on('add', ({ meta: { did } }) => {
-      this.cache[did] = {
-        rbac: null,
-        user: null,
-        session: null,
-      };
+    ['add', 'upgrade'].forEach((event) => {
+      this.states.blocklet.on(event, ({ meta: { did } }) => {
+        this.cache[did] = {
+          rbac: null,
+          user: null,
+          session: null,
+        };
+      });
     });
 
     this.states.blocklet.on('remove', ({ meta: { did } }) => {

package/lib/util/blocklet.js

@@ -223,25 +223,36 @@ const ensureBlockletExpanded = async (meta, appDir) => {
 const getRootSystemEnvironments = (blocklet, nodeInfo) => {
   const { did, name, title, description } = blocklet.meta;
   let wallet;
-  let blockletAppSK;
-  let blockletAppId;
+  let appSk;
+  let appId;
+  let appName = title || name;
+  let appDescription = description || '';
 
   if (process.env.NODE_ENV !== 'test') {
-    const result = getBlockletInfo(blocklet, nodeInfo.sk);
+    const keys = Object.keys(BLOCKLET_CONFIGURABLE_KEY);
+    const result = getBlockletInfo(
+      {
+        meta: blocklet.meta,
+        environments: keys.map((key) => ({ key, value: blocklet.configObj[key] })).filter((x) => x.value),
+      },
+      nodeInfo.sk
+    );
     wallet = result.wallet;
-    blockletAppSK = toHex(wallet.secretKey);
-    blockletAppId = wallet.toAddress();
+    appSk = toHex(wallet.secretKey);
+    appId = wallet.toAddress();
+    appName = appName || result.name;
+    appDescription = appDescription || result.description;
   } else {
-    blockletAppSK = 'AppSK:FIXME:WalletWorksFailedInJest';
-    blockletAppId = 'AppID:FIXME:WalletWorksFailedInJest';
+    appSk = 'AppSK:FIXME:WalletWorksFailedInJest';
+    appId = 'AppID:FIXME:WalletWorksFailedInJest';
   }
 
   return {
     BLOCKLET_DID: did,
-    BLOCKLET_APP_SK: blockletAppSK,
-    BLOCKLET_APP_ID: blockletAppId,
-    BLOCKLET_APP_NAME: title || name,
-    BLOCKLET_APP_DESCRIPTION: description,
+    BLOCKLET_APP_SK: appSk,
+    BLOCKLET_APP_ID: appId,
+    BLOCKLET_APP_NAME: appName,
+    BLOCKLET_APP_DESCRIPTION: appDescription,
   };
 };
 
@@ -269,10 +280,7 @@ const getOverwrittenEnvironments = (blocklet, nodeInfo) => {
   const { wallet } = getBlockletInfo(
     {
       meta: blocklet.meta,
-      environments: keys.map((key) => ({
-        key,
-        value: blocklet.configObj[key] || blocklet.environmentObj[key],
-      })),
+      environments: keys.map((key) => ({ key, value: blocklet.configObj[key] })).filter((x) => x.value),
     },
     nodeInfo.sk
   );

package/lib/util/get-accessible-external-node-ip.js

@@ -0,0 +1,41 @@
+const joinUrl = require('url-join');
+const axios = require('@abtnode/util/lib/axios');
+const { DEFAULT_DASHBOARD_DOMAIN, DEFAULT_ADMIN_PATH } = require('@abtnode/constant');
+const { get: getIp } = require('./ip');
+
+const getNodeDomain = (ip) => (ip ? DEFAULT_DASHBOARD_DOMAIN.replace(/^\*/, ip.replace(/\./g, '-')) : '');
+
+let accessibleIp = null; // cache
+
+const timeout = process.env.NODE_ENV === 'test' ? 500 : 5000;
+
+// check if node dashboard https endpoint return 2xx
+// FIXME: check connected by wellknown endpoint
+const checkConnected = async ({ ip, nodeInfo }) => {
+  const { adminPath = DEFAULT_ADMIN_PATH } = nodeInfo.routing || {};
+  const origin = `https://${getNodeDomain(ip)}`;
+  const endpoint = joinUrl(origin, adminPath);
+  await axios.get(endpoint, { timeout });
+};
+
+/**
+ * Get accessible external ip of abtnode
+ */
+const getAccessibleExternalNodeIp = async (nodeInfo) => {
+  const { external } = await getIp();
+
+  if (accessibleIp === external) {
+    return accessibleIp;
+  }
+
+  try {
+    await checkConnected({ ip: external, nodeInfo });
+    accessibleIp = external;
+  } catch {
+    accessibleIp = null;
+  }
+
+  return accessibleIp;
+};
+
+module.exports = getAccessibleExternalNodeIp;

package/lib/util/get-ip-dns-domain-for-blocklet.js

@@ -1,14 +1,17 @@
 const slugify = require('slugify');
+const { DEFAULT_IP_DNS_DOMAIN_SUFFIX, SLOT_FOR_IP_DNS_SITE } = require('@abtnode/constant');
 
 const formatName = (name) => slugify(name.replace(/^[@./-]/, '').replace(/[@./]/g, '-'));
 
 const hiddenInterfaceNames = ['public', 'publicUrl'];
 
-const getIpDnsDomainForBlocklet = (blocklet, blockletInterface, nodeIpDnsDomain) => {
+const getIpDnsDomainForBlocklet = (blocklet, blockletInterface) => {
   const nameSuffix = blocklet.meta.did.slice(-3).toLowerCase();
   const iName = hiddenInterfaceNames.includes(blockletInterface.name) ? '' : blockletInterface.name.toLowerCase();
 
-  return `${formatName(blocklet.meta.name)}-${nameSuffix}${iName ? '-' : ''}${iName}-${nodeIpDnsDomain}`;
+  return `${formatName(blocklet.meta.name)}-${nameSuffix}${
+    iName ? '-' : ''
+  }${iName}-${SLOT_FOR_IP_DNS_SITE}.${DEFAULT_IP_DNS_DOMAIN_SUFFIX}`;
 };
 
 module.exports = getIpDnsDomainForBlocklet;

package/lib/util/index.js

@@ -27,6 +27,8 @@ const {
   DEFAULT_HTTP_PORT,
   DEFAULT_HTTPS_PORT,
   ROUTING_RULE_TYPES,
+  SLOT_FOR_IP_DNS_SITE,
+  DEFAULT_IP_DNS_DOMAIN_SUFFIX,
 } = require('@abtnode/constant');
 
 const DEFAULT_WELLKNOWN_PORT = 8088;
@@ -71,34 +73,42 @@ const getInterfaceUrl = ({ baseUrl, url, version }) => {
 
 const trimSlash = (str = '') => str.replace(/^\/+/, '').replace(/\/+$/, '');
 
-const getBlockletHost = ({ domain, context }) => {
+const getBlockletHost = ({ domain, context, nodeIp }) => {
+  const { protocol, port } = context || {};
+
   if (domain === DOMAIN_FOR_DEFAULT_SITE) {
     return '';
   }
 
   let tmpDomain = domain;
   if ([DOMAIN_FOR_IP_SITE, DOMAIN_FOR_IP_SITE_REGEXP].includes(domain) || !domain) {
-    tmpDomain = context.hostname;
+    tmpDomain = context.hostname || '';
   }
 
-  if (!context.port) {
-    return tmpDomain;
+  if (tmpDomain.includes(SLOT_FOR_IP_DNS_SITE)) {
+    const ipRegex = /\d+[-.]\d+[-.]\d+[-.]\d+/;
+    const match = ipRegex.exec(context.hostname);
+    if (match) {
+      const ip = match[0].replace(/\./g, '-');
+      tmpDomain = tmpDomain.replace(SLOT_FOR_IP_DNS_SITE, ip);
+    } else if (nodeIp) {
+      tmpDomain = tmpDomain.replace(SLOT_FOR_IP_DNS_SITE, nodeIp.replace(/\./g, '-'));
+    }
   }
 
-  const tmpPort = Number(context.port);
-  if (context.protocol === 'https') {
-    if (tmpPort === 443) {
-      return tmpDomain; // 不展示 https 中的 443 端口
-    }
+  if (!port) {
+    return tmpDomain;
+  }
 
-    return '';
+  if (protocol === 'https' && Number(port) === 443) {
+    return tmpDomain; // 不展示 https 中的 443 端口
   }
 
-  if (tmpPort === 80) {
+  if (Number(port) === 80) {
     return tmpDomain; // 不展示 http 中的 80 端
   }
 
-  return `${tmpDomain}:${context.port}`;
+  return `${tmpDomain}:${port}`;
 };
 
 /**
@@ -145,15 +155,19 @@ const getAuthConfig = (rule, blocklet) => {
   return auth.config;
 };
 
-const getBlockletBaseUrls = ({ routingEnabled = false, port, sites = [], context = {}, blocklet }) => {
-  const protocol = 'http'; // TODO: 这里固定为 http, 因为判断 url 是不是 https 和证书相关，这里实现的话比较复杂
+const getBlockletBaseUrls = ({ routingEnabled = false, port, sites = [], context = {}, blocklet, nodeIp }) => {
   let baseUrls = [];
 
   if (routingEnabled && Array.isArray(sites) && sites.length > 0) {
     baseUrls = sites
       .map((site) => {
-        const host = getBlockletHost({ domain: site.from.domain, context });
+        const host = getBlockletHost({ domain: site.from.domain, context, nodeIp });
         if (host) {
+          let protocol = 'http'; // TODO: 这里固定为 http, 因为判断 url 是不是 https 和证书相关，这里实现的话比较复杂
+          if (host.includes(DEFAULT_IP_DNS_DOMAIN_SUFFIX)) {
+            protocol = 'https';
+          }
+
           return {
             ruleId: site.id,
             baseUrl: `${protocol}://${host}/${trimSlash(site.from.pathPrefix)}`,
@@ -167,14 +181,14 @@ const getBlockletBaseUrls = ({ routingEnabled = false, port, sites = [], context
       .filter(Boolean);
   }
 
-  if (!baseUrls.length && isIp(context.hostname) && protocol !== 'https') {
-    baseUrls = [{ baseUrl: `${protocol}://${context.hostname}:${port}` }];
+  if (!baseUrls.length && isIp(context.hostname)) {
+    baseUrls = [{ baseUrl: `http://${context.hostname}:${port}` }];
   }
 
   return baseUrls;
 };
 
-const getBlockletInterfaces = ({ blocklet, context, nodeInfo, sites }) => {
+const getBlockletInterfaces = ({ blocklet, context, nodeInfo, sites, nodeIp }) => {
   const interfaces = [];
   (blocklet.meta.interfaces || []).forEach((x) => {
     if (x.port && x.port.external) {
@@ -202,6 +216,7 @@ const getBlockletInterfaces = ({ blocklet, context, nodeInfo, sites }) => {
         }),
         context,
         blocklet,
+        nodeIp,
       });
 
       baseUrls.forEach(({ baseUrl, ruleId, interfaceName, authConfig }) => {

package/lib/util/upgrade.js

@@ -140,7 +140,11 @@ const doUpgrade = async (session) => {
     await goNextState(NODE_UPGRADE_PROGRESS.COMPLETE);
     await sleep(5000);
     await states.node.updateNodeInfo({ nextVersion: '', version: to, upgradeSessionId: '' });
-    await states.node.exitMode(NODE_MODES.MAINTENANCE);
+    try {
+      await states.node.exitMode(NODE_MODES.MAINTENANCE);
+    } catch (error) {
+      logger.error('Failed to exit maintenance mode', { error });
+    }
   }
   await lock.release();
 };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.4.12",
+  "version": "1.5.1",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,26 +19,26 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.4.12",
-    "@abtnode/cron": "1.4.12",
-    "@abtnode/event-hub": "1.4.12",
-    "@abtnode/logger": "1.4.12",
-    "@abtnode/queue": "1.4.12",
-    "@abtnode/rbac": "1.4.12",
-    "@abtnode/router-provider": "1.4.12",
-    "@abtnode/static-server": "1.4.12",
-    "@abtnode/timemachine": "1.4.12",
-    "@abtnode/util": "1.4.12",
-    "@arcblock/did": "^1.13.8",
+    "@abtnode/constant": "1.5.1",
+    "@abtnode/cron": "1.5.1",
+    "@abtnode/event-hub": "1.5.1",
+    "@abtnode/logger": "1.5.1",
+    "@abtnode/queue": "1.5.1",
+    "@abtnode/rbac": "1.5.1",
+    "@abtnode/router-provider": "1.5.1",
+    "@abtnode/static-server": "1.5.1",
+    "@abtnode/timemachine": "1.5.1",
+    "@abtnode/util": "1.5.1",
+    "@arcblock/did": "^1.13.20",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "^1.13.8",
-    "@blocklet/meta": "1.4.12",
+    "@arcblock/vc": "^1.13.20",
+    "@blocklet/meta": "1.5.1",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.1.0",
     "@nedb/multi": "^1.1.0",
-    "@ocap/mcrypto": "^1.13.8",
-    "@ocap/util": "^1.13.8",
-    "@ocap/wallet": "^1.13.8",
+    "@ocap/mcrypto": "^1.13.20",
+    "@ocap/util": "^1.13.20",
+    "@ocap/wallet": "^1.13.20",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.21.4",
     "axon": "^2.0.3",
@@ -72,5 +72,5 @@
     "express": "^4.17.1",
     "jest": "^26.4.2"
   },
-  "gitHead": "677dcef3be9130feeca3334d475202a5e11a7323"
+  "gitHead": "8219f2128aaa199a52c100e6c90ea4a90d15ad15"
 }

package/lib/util/get-accessible-ip.js

@@ -1,42 +0,0 @@
-const joinUrl = require('url-join');
-const axios = require('@abtnode/util/lib/axios');
-const getIp = require('@abtnode/util/lib/get-ip');
-const { DEFAULT_DASHBOARD_DOMAIN, DEFAULT_ADMIN_PATH } = require('@abtnode/constant');
-
-const getNodeDomain = (ip) => (ip ? DEFAULT_DASHBOARD_DOMAIN.replace(/^\*/, ip.replace(/\./g, '-')) : '');
-
-const getAccessibleIp = async ({ nodeInfo = {}, timeout = 5000 } = {}) => {
-  const { adminPath = DEFAULT_ADMIN_PATH } = nodeInfo.routing || {};
-
-  // check if node dashboard https endpoint return 2xx
-  // FIXME: check connected by wellknown endpoint
-  const checkConnected = async ({ ip }) => {
-    const origin = `https://${getNodeDomain(ip)}`;
-    const endpoint = joinUrl(origin, adminPath);
-    await axios.get(endpoint, { timeout });
-  };
-
-  const { internal, external } = await getIp({ timeout });
-
-  if (!external) {
-    return internal;
-  }
-
-  try {
-    await checkConnected({ ip: external });
-    return external;
-  } catch {
-    return internal;
-  }
-};
-
-const getAccessibleIpDnsDomainForNode = async ({ nodeInfo = {}, timeout = 5000 } = {}) => {
-  const accessibleIp = await getAccessibleIp({ nodeInfo, timeout });
-
-  return getNodeDomain(accessibleIp);
-};
-
-module.exports = {
-  getAccessibleIp,
-  getAccessibleIpDnsDomainForNode,
-};