@abtnode/core 1.6.20 → 1.6.21

package/lib/blocklet/manager/disk.js

@@ -20,7 +20,7 @@ const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
 const downloadFile = require('@abtnode/util/lib/download-file');
 const Lock = require('@abtnode/util/lib/lock');
 const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
-const { BLOCKLET_PURCHASE_NFT_TYPE } = require('@abtnode/constant');
+const { VC_TYPE_BLOCKLET_PURCHASE } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const {
@@ -90,6 +90,7 @@ const {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
+  verifyPurchase,
 } = require('../../util/blocklet');
 const states = require('../../states');
 const BlockletRegistry = require('../registry');
@@ -197,6 +198,20 @@ class BlockletManager extends BaseBlockletManager {
     throw new Error('Unknown source');
   }
 
+  /**
+   * @param {String} rootDid
+   * @param {String} mountPoint
+   * @param {Boolean} context.blockletPurchaseVerified
+   *
+   * installFromUrl
+   * @param {String} url
+   *
+   * InstallFromUpload
+   * @param {Object} file
+   * @param {String} did for diff upload
+   * @param {String} diffVersion for diff upload
+   * @param {Array} deleteSet for diff upload
+   */
   async installComponent({ rootDid, mountPoint, url, file, did, diffVersion, deleteSet }, context = {}) {
     logger.debug('start install component', { rootDid, mountPoint, url });
 
@@ -244,8 +259,8 @@ class BlockletManager extends BaseBlockletManager {
     // FIXME: 这里的 trustedIssuers 相当于相信任何 VC，需要想更安全的方法
     verifyPresentation({ presentation: vcPresentation, trustedIssuers: [get(vc, 'issuer.id')], challenge });
 
-    if (!vc.type.includes(BLOCKLET_PURCHASE_NFT_TYPE)) {
-      throw new Error(`Expect ${BLOCKLET_PURCHASE_NFT_TYPE} VC type`);
+    if (!vc.type.includes(VC_TYPE_BLOCKLET_PURCHASE)) {
+      throw new Error(`Expect ${VC_TYPE_BLOCKLET_PURCHASE} VC type`);
     }
 
     const blockletUrl = get(vc, 'credentialSubject.purchased.blocklet.url');
@@ -1372,23 +1387,21 @@ class BlockletManager extends BaseBlockletManager {
 
     const registryUrl = registry || (await states.node.getBlockletRegistry());
     const info = await BlockletRegistry.getRegistryMeta(registryUrl);
-    const blocklet = await this.registry.getBlocklet(did, registryUrl);
-    if (!blocklet) {
+    const meta = await this.registry.getBlocklet(did, registryUrl);
+    if (!meta) {
       throw new Error('Can not install blocklet that not found in registry');
     }
 
-    const state = await states.blocklet.getBlocklet(blocklet.did);
+    const state = await states.blocklet.getBlocklet(meta.did);
     if (state) {
       throw new Error('Can not install an already installed blocklet');
     }
 
-    if (isFreeBlocklet(blocklet) === false && !context.blockletPurchaseVerified) {
-      throw new Error('Can not install a non-free blocklet directly');
-    }
+    verifyPurchase(meta, context);
 
     // install
     return this._install({
-      meta: blocklet,
+      meta,
       source: BlockletSource.registry,
       deployedFrom: info.cdnUrl || registryUrl,
       context,
@@ -1442,6 +1455,8 @@ class BlockletManager extends BaseBlockletManager {
       throw new Error('The blocklet cannot be a component');
     }
 
+    verifyPurchase(meta, context);
+
     const newChildren = await parseChildren(blocklet.meta, {
       children: [
         {

package/lib/index.js

@@ -147,7 +147,7 @@ function ABTNode(options) {
     getCertificates,
     getSitesFromSnapshot,
     getRoutingCrons,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
   } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager });
 
   const teamManager = new TeamManager({ nodeDid: options.nodeDid, dataDirs, states });
@@ -318,7 +318,7 @@ function ABTNode(options) {
     takeRoutingSnapshot,
     getSitesFromSnapshot,
     ensureDashboardRouting,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
 
     addDomainAlias: routerManager.addDomainAlias.bind(routerManager),
     deleteDomainAlias: routerManager.deleteDomainAlias.bind(routerManager),

package/lib/migrations/1.6.21-rename-ip-echo-domain.js

@@ -0,0 +1,27 @@
+const yaml = require('js-yaml');
+const fs = require('fs');
+const set = require('lodash/set');
+const omit = require('lodash/omit');
+const { DEFAULT_WILDCARD_CERT_HOST, DEFAULT_DID_DOMAIN, DEFAULT_DID_REGISTRY } = require('@abtnode/constant');
+
+module.exports = async ({ states, printInfo, configFile }) => {
+  printInfo('Try to rename dashboardDomain to ipWildcardDomain in db...');
+
+  let info = await states.node.read();
+  set(info, 'routing.ipWildcardDomain', info.routing.dashboardDomain);
+  set(info, 'routing.wildcardCertHost', DEFAULT_WILDCARD_CERT_HOST);
+  set(info, 'didDomain', DEFAULT_DID_DOMAIN);
+  set(info, 'didRegistry', DEFAULT_DID_REGISTRY);
+  info = omit(info, 'routing.dashboardDomain');
+
+  await states.node.updateNodeInfo(info);
+
+  let rawConfig = yaml.safeLoad(fs.readFileSync(configFile).toString());
+  set(rawConfig, 'node.routing.ipWildcardDomain', info.routing.ipWildcardDomain);
+  set(rawConfig, 'node.routing.wildcardCertHost', DEFAULT_WILDCARD_CERT_HOST);
+  set(rawConfig, 'node.didDomain', DEFAULT_DID_DOMAIN);
+  set(rawConfig, 'node.didRegistry', DEFAULT_DID_REGISTRY);
+  rawConfig = omit(rawConfig, 'node.routing.dashboardDomain');
+  fs.writeFileSync(configFile, yaml.dump(rawConfig));
+  printInfo(`> Persist new config to file: ${configFile}`);
+};

package/lib/router/helper.js

@@ -419,6 +419,13 @@ const decompressCertificates = async (source, dest) => {
   return dest;
 };
 
+const joinCertDownUrl = (baseUrl, name) => joinUrl(baseUrl, '/certs', name);
+
+const getIpEchoCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'ip-abtnet-io.tar.gz');
+const getDidDomainCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'did-abtnet-io.tar.gz');
+const getDownloadCertBaseUrl = (info) =>
+  process.env.ABT_NODE_WILDCARD_CERT_HOST || get(info, 'routing.wildcardCertHost', '');
+
 module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager }) {
   const nodeState = states.node;
   const blockletState = states.blocklet;
@@ -428,46 +435,13 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   // site level duplication detection
   const hasRuleByPrefix = (site, value) => site.rules.find((x) => x.isProtected && get(x, 'from.pathPrefix') === value);
 
-  const updateDashboardCertificate = async ({ checkExpire = true }) => {
-    const info = await nodeState.read();
-    const provider = getProviderFromNodeInfo(info);
-    if (provider === ROUTER_PROVIDER_NONE) {
-      return;
-    }
-
-    const https = get(info, 'routing.https', true);
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
-    const certDownloadAddress =
-      process.env.ABT_NODE_DASHBOARD_CERT_DOWN_URL || get(info, 'routing.dashboardCertDownloadAddress', '');
-    if (!https || !dashboardDomain || !certDownloadAddress) {
-      return;
-    }
-
-    if (checkExpire) {
-      try {
-        const cert = await routerManager.findCertificateByDomain(dashboardDomain);
-        if (!cert) {
-          return;
-        }
-
-        const now = Date.now();
-        const certInfo = getHttpsCertInfo(cert.certificate);
-        if (certInfo.validTo - now >= CERTIFICATE_EXPIRES_OFFSET) {
-          logger.info('skip dashboard certificate update before not expired');
-          return;
-        }
-      } catch (err) {
-        logger.error('failed to check dashboard certificate expiration', { error: err });
-        return;
-      }
-    }
-
+  const downloadCert = async ({ domain, url }) => {
     const destFolder = getTmpDirectory(path.join(`certificate-${Date.now()}`));
     try {
       const filename = path.join(destFolder, 'certificate.tar.gz');
       fs.ensureDirSync(destFolder);
 
-      await downloadFile(certDownloadAddress, filename);
+      await downloadFile(url, filename);
       await decompressCertificates(filename, destFolder);
 
       const certificateFilePath = path.join(destFolder, 'cert.pem');
@@ -485,7 +459,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       const privateKey = fs.readFileSync(privateKeyFilePath).toString();
 
       await certManager.upsertByDomain({
-        domain: dashboardDomain,
+        domain,
         privateKey,
         certificate,
         isProtected: true,
@@ -499,23 +473,68 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     }
   };
 
-  const ensureDashboardCertificate = async () => {
+  const updateCert = async (domain, url) => {
+    try {
+      const cert = await routerManager.findCertificateByDomain(domain);
+      if (!cert) {
+        return;
+      }
+
+      const now = Date.now();
+      const certInfo = getHttpsCertInfo(cert.certificate);
+      if (certInfo.validTo - now >= CERTIFICATE_EXPIRES_OFFSET) {
+        logger.info('skip dashboard certificate update before not expired', { domain, url });
+        return;
+      }
+
+      await downloadCert({
+        domain,
+        url,
+      });
+    } catch (err) {
+      logger.error('failed to check dashboard certificate expiration', { error: err, domain, url });
+    }
+  };
+
+  const updateDashboardCertificates = async () => {
     const info = await nodeState.read();
-    const downloadUrl = get(info, 'routing.dashboardCertDownloadAddress', '');
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
-    if (!dashboardDomain || !downloadUrl) {
-      throw new Error('dashboardCertDownloadAddress and dashboardDomain are not found in the routing configs');
+    const provider = getProviderFromNodeInfo(info);
+    if (provider === ROUTER_PROVIDER_NONE) {
+      return;
     }
 
-    const cert = await certManager.getByDomain(dashboardDomain);
-    if (cert) {
-      return { status: 'existed' };
+    const https = get(info, 'routing.https', true);
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
+    const didDomain = info.didDomain;
+    const certDownloadAddress = getDownloadCertBaseUrl(info);
+    if (!https || !certDownloadAddress) {
+      return;
     }
 
-    logger.debug('downloading dashboard ip-domain certificate', { url: downloadUrl, dashboardDomain });
-    await updateDashboardCertificate({ checkExpire: false });
-    logger.debug('downloaded dashboard ip-domain certificate', { url: downloadUrl, dashboardDomain });
-    return { status: 'downloaded' };
+    await updateCert(ipWildcardDomain, getIpEchoCertDownloadUrl(certDownloadAddress));
+    await updateCert(`*.${didDomain}`, getDidDomainCertDownloadUrl(certDownloadAddress));
+  };
+
+  const ensureWildcardCerts = async () => {
+    const info = await nodeState.read();
+    const didDomain = info.didDomain;
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
+
+    const ensureDomainCert = async (domain, url) => {
+      const cert = await certManager.getByDomain(domain);
+      if (!cert) {
+        await downloadCert({
+          domain,
+          url,
+        });
+      }
+    };
+
+    const certBaseUrl = getDownloadCertBaseUrl(info);
+    await Promise.all([
+      ensureDomainCert(ipWildcardDomain, getIpEchoCertDownloadUrl(certBaseUrl)),
+      ensureDomainCert(`*.${didDomain}`, getDidDomainCertDownloadUrl(certBaseUrl)),
+    ]);
   };
 
   const upsertSiteRule = async ({ site, rule }, context) => {
@@ -658,9 +677,9 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
         return domainAlias === item;
       });
 
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
     const didDomain = `${info.did.toLowerCase()}.${info.didDomain}`;
-    let dashboardAliasDomains = [dashboardDomain, didDomain];
+    let dashboardAliasDomains = [ipWildcardDomain, didDomain];
 
     dashboardAliasDomains = dashboardAliasDomains
       .filter((item) => item && !isExistsInAlias(item))
@@ -1388,7 +1407,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     getSitesFromSnapshot,
     getCertificates,
     checkDomain,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
     addWellknownSite,
     upsertSiteRule,
 
@@ -1396,7 +1415,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       {
         name: 'update-dashboard-certificate',
         time: '0 1 */6 * * *', // refetch on 0:00, 6:00, etc.
-        fn: () => updateDashboardCertificate({ checkExpire: true }),
+        fn: () => updateDashboardCertificates(),
         options: { runOnInit: true },
       },
       {

package/lib/router/index.js

@@ -60,12 +60,12 @@ const getRoutingTable = ({ sites, nodeInfo }) => {
   let routingTable = Router.formatSites(sites);
   routingTable = expandSites(routingTable);
 
-  // put dashboardDomain to last, to let blockletDomain match first
+  // put ipWildcardDomain to last, to let blockletDomain match first
   // e.g.
-  //  dashboardDomain: 192-168-3-2.ip.abtnet.io
+  //  ipWildcardDomain: 192-168-3-2.ip.abtnet.io
   //  blockletDomain: static-demo-xxx-192-168-3-2.ip.abtnet.io
-  const dashboardDomain = get(nodeInfo, 'routing.dashboardDomain', '');
-  const index = routingTable.findIndex((x) => x.domain === dashboardDomain);
+  const ipWildcardDomain = get(nodeInfo, 'routing.ipWildcardDomain', '');
+  const index = routingTable.findIndex((x) => x.domain === ipWildcardDomain);
   if (index > -1) {
     routingTable.push(...routingTable.splice(index, 1));
   }
@@ -219,11 +219,11 @@ Router.formatSites = (sites = []) => {
 
 Router.flattenSitesToRules = (sites = [], info = {}) => {
   const result = [];
-  const dashboardDomain = get(info, 'routing.dashboardDomain', DEFAULT_DASHBOARD_DOMAIN);
+  const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', DEFAULT_DASHBOARD_DOMAIN);
   sites.forEach((site) => {
     const aliases = (site.domainAliases || [])
       .map((x) => (typeof x === 'string' ? x : x.value))
-      .filter((x) => x !== dashboardDomain)
+      .filter((x) => x !== ipWildcardDomain)
       .filter(Boolean);
 
     if (Array.isArray(site.rules) && site.rules.length > 0) {

package/lib/states/node.js

@@ -92,7 +92,7 @@ class NodeState extends BaseState {
           mode,
           runtimeConfig,
           ownerNft,
-          launcherInfo,
+          launcher,
           didRegistry,
           didDomain,
           enablePassportIssuance = true,
@@ -128,7 +128,7 @@ class NodeState extends BaseState {
                 runtimeConfig,
                 ownerNft,
                 diskAlertThreshold: DISK_ALERT_THRESHOLD_PERCENT,
-                launcherInfo: launcherInfo || undefined,
+                launcher: launcher || undefined,
                 didRegistry,
                 didDomain,
                 enablePassportIssuance,
@@ -162,7 +162,8 @@ class NodeState extends BaseState {
   // FIXME: 这个接口比较危险，可能会修改一些本不应该修改的字段，后续需要考虑改进
   async updateNodeInfo(entity = {}) {
     const record = await this.read();
-    const updateResult = await this.update(record._id, { $set: omit(entity, ['ownerNft']) });
+
+    const updateResult = await this.update(record._id, { $set: omit(entity, ['ownerNft', 'sk']) });
     this.emit('node.updated', updateResult, record);
     return updateResult;
   }

package/lib/util/blocklet.js

@@ -42,7 +42,7 @@ const validateBlockletEntry = require('@blocklet/meta/lib/entry');
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 const { validateMeta, fixAndValidateService } = require('@blocklet/meta/lib/validate');
-const { forEachBlocklet } = require('@blocklet/meta/lib/util');
+const { forEachBlocklet, isFreeBlocklet } = require('@blocklet/meta/lib/util');
 
 const { validate: validateEngine, get: getEngine } = require('../blocklet/manager/engine');
 
@@ -951,7 +951,7 @@ const getRuntimeInfo = async (appId) => {
 
 /**
  * merge services
- * from meta.children[].mountPoints[].services
+ * from meta.children[].mountPoints[].services, meta.children[].services
  * to childrenMeta[].interfaces[].services
  *
  * @param {array<child>|object{children:array}} source e.g. [<config>] or { children: [<config>] }
@@ -993,6 +993,23 @@ const mergeMeta = (source, childrenMeta = []) => {
         childInterface.services = services;
       }
     });
+
+    if (config.services) {
+      const childInterface = findWebInterface(childMeta);
+      if (childInterface) {
+        // merge
+        const services = childInterface.services || [];
+        config.services.forEach((x) => {
+          const index = services.findIndex((y) => y.name === x.name);
+          if (index >= 0) {
+            services.splice(index, 1, x);
+          } else {
+            services.push(x);
+          }
+        });
+        childInterface.services = services;
+      }
+    }
   });
 };
 
@@ -1117,6 +1134,18 @@ const needBlockletDownload = (blocklet, oldBlocklet) => {
   return true;
 };
 
+const verifyPurchase = (meta, opts = {}) => {
+  if (opts.blockletPurchaseVerified) {
+    return true;
+  }
+
+  if (isFreeBlocklet(meta)) {
+    return true;
+  }
+
+  throw new Error('Can not install a non-free blocklet directly');
+};
+
 module.exports = {
   forEachBlocklet,
   getBlockletMetaFromUrl,
@@ -1152,4 +1181,5 @@ module.exports = {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
+  verifyPurchase,
 };

package/lib/util/index.js

@@ -373,7 +373,7 @@ const getBaseUrls = async (node, ips) => {
   if (info.routing.provider !== ROUTER_PROVIDER_NONE && info.routing.snapshotHash && info.routing.adminPath) {
     const sites = await node.getSitesFromSnapshot();
 
-    const { dashboardDomain } = info.routing;
+    const { ipWildcardDomain } = info.routing;
     const adminPath = normalizePathPrefix(info.routing.adminPath);
     const tmpHttpPort = getPort(httpPort, DEFAULT_HTTP_PORT);
 
@@ -383,12 +383,12 @@ const getBaseUrls = async (node, ips) => {
       };
     });
 
-    if (dashboardDomain) {
-      const site = sites.find((c) => (c.domainAliases || []).find((item) => item.value === dashboardDomain));
+    if (ipWildcardDomain) {
+      const site = sites.find((c) => (c.domainAliases || []).find((item) => item.value === ipWildcardDomain));
       if (site) {
-        const httpInfo = await getHttpInfo(dashboardDomain);
+        const httpInfo = await getHttpInfo(ipWildcardDomain);
         const httpsUrls = availableIps.map((ip) => ({
-          url: `${httpInfo.protocol}://${transformIPToDomain(ip)}.${dashboardDomain.substring(2)}${
+          url: `${httpInfo.protocol}://${transformIPToDomain(ip)}.${ipWildcardDomain.substring(2)}${
             httpInfo.port
           }${adminPath}`,
         }));

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.20",
+  "version": "1.6.21",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,22 +19,22 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/certificate-manager": "1.6.20",
-    "@abtnode/constant": "1.6.20",
-    "@abtnode/cron": "1.6.20",
-    "@abtnode/db": "1.6.20",
-    "@abtnode/logger": "1.6.20",
-    "@abtnode/queue": "1.6.20",
-    "@abtnode/rbac": "1.6.20",
-    "@abtnode/router-provider": "1.6.20",
-    "@abtnode/static-server": "1.6.20",
-    "@abtnode/timemachine": "1.6.20",
-    "@abtnode/util": "1.6.20",
+    "@abtnode/certificate-manager": "1.6.21",
+    "@abtnode/constant": "1.6.21",
+    "@abtnode/cron": "1.6.21",
+    "@abtnode/db": "1.6.21",
+    "@abtnode/logger": "1.6.21",
+    "@abtnode/queue": "1.6.21",
+    "@abtnode/rbac": "1.6.21",
+    "@abtnode/router-provider": "1.6.21",
+    "@abtnode/static-server": "1.6.21",
+    "@abtnode/timemachine": "1.6.21",
+    "@abtnode/util": "1.6.21",
     "@arcblock/did": "^1.14.13",
     "@arcblock/event-hub": "1.14.13",
     "@arcblock/pm2-events": "^0.0.5",
     "@arcblock/vc": "^1.14.13",
-    "@blocklet/meta": "1.6.20",
+    "@blocklet/meta": "1.6.21",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.2.2",
     "@nedb/multi": "^1.2.2",
@@ -75,5 +75,5 @@
     "express": "^4.17.1",
     "jest": "^27.4.5"
   },
-  "gitHead": "e695a9fa4e2cbf7fcef554be3309090c37919d94"
+  "gitHead": "864ae21711c119948475057a1f634fd7d16ae91a"
 }