@abtnode/core 1.6.20 → 1.6.23

package/lib/blocklet/manager/disk.js

@@ -20,7 +20,7 @@ const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
 const downloadFile = require('@abtnode/util/lib/download-file');
 const Lock = require('@abtnode/util/lib/lock');
 const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
-const { BLOCKLET_PURCHASE_NFT_TYPE } = require('@abtnode/constant');
+const { VC_TYPE_BLOCKLET_PURCHASE } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const {
@@ -90,7 +90,9 @@ const {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
+  verifyPurchase,
 } = require('../../util/blocklet');
+const { parseSourceUrl } = require('../../util/registry');
 const states = require('../../states');
 const BlockletRegistry = require('../registry');
 const BaseBlockletManager = require('./base');
@@ -197,6 +199,20 @@ class BlockletManager extends BaseBlockletManager {
     throw new Error('Unknown source');
   }
 
+  /**
+   * @param {String} rootDid
+   * @param {String} mountPoint
+   * @param {Boolean} context.blockletPurchaseVerified
+   *
+   * installFromUrl
+   * @param {String} url
+   *
+   * InstallFromUpload
+   * @param {Object} file
+   * @param {String} did for diff upload
+   * @param {String} diffVersion for diff upload
+   * @param {Array} deleteSet for diff upload
+   */
   async installComponent({ rootDid, mountPoint, url, file, did, diffVersion, deleteSet }, context = {}) {
     logger.debug('start install component', { rootDid, mountPoint, url });
 
@@ -244,8 +260,8 @@ class BlockletManager extends BaseBlockletManager {
     // FIXME: 这里的 trustedIssuers 相当于相信任何 VC，需要想更安全的方法
     verifyPresentation({ presentation: vcPresentation, trustedIssuers: [get(vc, 'issuer.id')], challenge });
 
-    if (!vc.type.includes(BLOCKLET_PURCHASE_NFT_TYPE)) {
-      throw new Error(`Expect ${BLOCKLET_PURCHASE_NFT_TYPE} VC type`);
+    if (!vc.type.includes(VC_TYPE_BLOCKLET_PURCHASE)) {
+      throw new Error(`Expect ${VC_TYPE_BLOCKLET_PURCHASE} VC type`);
     }
 
     const blockletUrl = get(vc, 'credentialSubject.purchased.blocklet.url');
@@ -658,7 +674,7 @@ class BlockletManager extends BaseBlockletManager {
   /**
    * upgrade blocklet from registry
    */
-  async upgrade({ did, registryUrl }, context) {
+  async upgrade({ did, registryUrl, sync }, context) {
     const blocklet = await states.blocklet.getBlocklet(did);
 
     // TODO: 查看了下目前页面中的升级按钮，都是会传 registryUrl 过来的，这个函数里的逻辑感觉需要在以后做一个简化
@@ -725,6 +741,7 @@ class BlockletManager extends BaseBlockletManager {
       source: BlockletSource.registry,
       deployedFrom: upgradeFromRegistry,
       context,
+      sync,
     });
   }
 
@@ -905,7 +922,6 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     const { did, version } = meta;
-    meta.title = `[DEV] ${meta.title || meta.name}`;
 
     const exist = await states.blocklet.getBlocklet(did);
     if (exist) {
@@ -1364,7 +1380,7 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
-  async _installFromStore({ did, registry }, context) {
+  async _installFromStore({ did, registry, sync }, context) {
     logger.debug('start install blocklet', { did });
     if (!isValidDid(did)) {
       throw new Error('Blocklet did is invalid');
@@ -1372,25 +1388,24 @@ class BlockletManager extends BaseBlockletManager {
 
     const registryUrl = registry || (await states.node.getBlockletRegistry());
     const info = await BlockletRegistry.getRegistryMeta(registryUrl);
-    const blocklet = await this.registry.getBlocklet(did, registryUrl);
-    if (!blocklet) {
+    const meta = await this.registry.getBlocklet(did, registryUrl);
+    if (!meta) {
       throw new Error('Can not install blocklet that not found in registry');
     }
 
-    const state = await states.blocklet.getBlocklet(blocklet.did);
+    const state = await states.blocklet.getBlocklet(meta.did);
     if (state) {
       throw new Error('Can not install an already installed blocklet');
     }
 
-    if (isFreeBlocklet(blocklet) === false && !context.blockletPurchaseVerified) {
-      throw new Error('Can not install a non-free blocklet directly');
-    }
+    verifyPurchase(meta, context);
 
     // install
     return this._install({
-      meta: blocklet,
+      meta,
       source: BlockletSource.registry,
       deployedFrom: info.cdnUrl || registryUrl,
+      sync,
       context,
     });
   }
@@ -1398,6 +1413,16 @@ class BlockletManager extends BaseBlockletManager {
   async _installFromUrl({ url, sync }, context) {
     logger.debug('start install blocklet', { url });
 
+    const { inStore, registryUrl, blockletDid } = await parseSourceUrl(url);
+    if (inStore) {
+      const exist = await states.blocklet.getBlocklet(blockletDid);
+      if (exist) {
+        return this.upgrade({ did: blockletDid, registryUrl }, context);
+      }
+
+      return this._installFromStore({ did: blockletDid, registry: registryUrl }, context);
+    }
+
     const meta = await getBlockletMetaFromUrl(url);
 
     if (!meta) {
@@ -1442,6 +1467,8 @@ class BlockletManager extends BaseBlockletManager {
       throw new Error('The blocklet cannot be a component');
     }
 
+    verifyPurchase(meta, context);
+
     const newChildren = await parseChildren(blocklet.meta, {
       children: [
         {

package/lib/blocklet/registry.js

@@ -1,9 +1,7 @@
-const isBase64 = require('is-base64');
 const { BlockletGroup } = require('@blocklet/meta/lib/constants');
 const joinURL = require('url-join');
 const get = require('lodash/get');
-const pick = require('lodash/pick');
-const { BLOCKLET_STORE_API_PREFIX, BLOCKLET_STORE_META_PATH } = require('@abtnode/constant');
+const { BLOCKLET_STORE_API_PREFIX } = require('@abtnode/constant');
 
 const { name } = require('../../package.json');
 
@@ -15,6 +13,7 @@ const states = require('../states');
 const isRequirementsSatisfied = require('../util/requirement');
 const { fixAndVerifyBlockletMeta } = require('../util/blocklet');
 const { translate } = require('../locales');
+const { validateRegistryURL, getRegistryMeta } = require('../util/registry');
 
 const DEFAULT_REFRESH_INTERVAL = 1 * 60 * 1000;
 const MAX_REFRESH_INTERVAL = 1 * 60 * 1000;
@@ -152,54 +151,8 @@ class BlockletRegistry {
   }
 }
 
-BlockletRegistry.validateRegistryURL = async (registry) => {
-  const url = joinURL(registry, BLOCKLET_STORE_API_PREFIX, `/blocklets.json?__t__=${Date.now()}`);
-  try {
-    const res = await request.get(url);
-    if (Array.isArray(res.data)) {
-      return res.data;
-    }
-
-    logger.error('Blocklet list fetch failed ', { url, data: res.data });
-    throw new Error('blocklet list fetch failed');
-  } catch (error) {
-    logger.error('Blocklet registry refresh failed', { url, error });
-    throw new Error(`Invalid Blocklet Registry URL ${registry}: ${error.message}`);
-  }
-};
-
-BlockletRegistry.getRegistryMeta = async (registry) => {
-  try {
-    const url = joinURL(registry, BLOCKLET_STORE_META_PATH, `?__t__=${Date.now()}`);
-    const { data } = await request.get(url);
-
-    if (!data) {
-      return {};
-    }
+BlockletRegistry.validateRegistryURL = validateRegistryURL;
 
-    const requiredFields = ['name', 'description', 'maintainer'];
-
-    const missingFields = requiredFields.filter((x) => !data[x]);
-    if (missingFields.length > 0) {
-      throw new Error(`the registry missing required information: ${missingFields.join(', ')}`);
-    }
-
-    const result = pick(data, ['id', 'name', 'description', 'maintainer', 'cdnUrl', 'chainHost']);
-    const { logoUrl } = data;
-    if (logoUrl) {
-      if (logoUrl.startsWith('http') === true) {
-        result.logoUrl = logoUrl;
-      } else if (isBase64(logoUrl, { allowMime: true })) {
-        result.logoUrl = logoUrl;
-      } else {
-        result.logoUrl = joinURL(registry, logoUrl);
-      }
-    }
-
-    return result;
-  } catch (err) {
-    throw new Error(`Can not get meta info for registry [${registry}]: ${err.message}`);
-  }
-};
+BlockletRegistry.getRegistryMeta = getRegistryMeta;
 
 module.exports = BlockletRegistry;

package/lib/index.js

@@ -147,7 +147,7 @@ function ABTNode(options) {
     getCertificates,
     getSitesFromSnapshot,
     getRoutingCrons,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
   } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager });
 
   const teamManager = new TeamManager({ nodeDid: options.nodeDid, dataDirs, states });
@@ -318,7 +318,7 @@ function ABTNode(options) {
     takeRoutingSnapshot,
     getSitesFromSnapshot,
     ensureDashboardRouting,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
 
     addDomainAlias: routerManager.addDomainAlias.bind(routerManager),
     deleteDomainAlias: routerManager.deleteDomainAlias.bind(routerManager),

package/lib/migrations/1.6.21-rename-ip-echo-domain.js

@@ -0,0 +1,35 @@
+const yaml = require('js-yaml');
+const fs = require('fs');
+const set = require('lodash/set');
+const omit = require('lodash/omit');
+const {
+  DEFAULT_WILDCARD_CERT_HOST,
+  DEFAULT_DID_DOMAIN,
+  DEFAULT_DID_REGISTRY,
+  DEFAULT_IP_DOMAIN,
+} = require('@abtnode/constant');
+
+module.exports = async ({ states, printInfo, configFile }) => {
+  printInfo('Try to rename dashboardDomain to ipWildcardDomain in db...');
+
+  let info = await states.node.read();
+  set(info, 'routing.ipWildcardDomain', info.routing.dashboardDomain || DEFAULT_IP_DOMAIN);
+  set(info, 'routing.wildcardCertHost', DEFAULT_WILDCARD_CERT_HOST);
+  set(info, 'didDomain', DEFAULT_DID_DOMAIN);
+  set(info, 'didRegistry', DEFAULT_DID_REGISTRY);
+  info = omit(info, 'routing.dashboardDomain');
+
+  await states.node.updateNodeInfo(info);
+
+  if (process.env.NODE_ENV !== 'development') {
+    let rawConfig = yaml.safeLoad(fs.readFileSync(configFile).toString());
+    set(rawConfig, 'node.routing.ipWildcardDomain', info.routing.ipWildcardDomain);
+    set(rawConfig, 'node.routing.wildcardCertHost', DEFAULT_WILDCARD_CERT_HOST);
+    set(rawConfig, 'node.didDomain', DEFAULT_DID_DOMAIN);
+    set(rawConfig, 'node.didRegistry', DEFAULT_DID_REGISTRY);
+    rawConfig = omit(rawConfig, 'node.routing.dashboardDomain');
+    fs.writeFileSync(configFile, yaml.dump(rawConfig));
+  }
+
+  printInfo(`> Persist new config to file: ${configFile}`);
+};

package/lib/migrations/index.js

@@ -132,9 +132,13 @@ const runMigrationScripts = async ({
   for (let i = 0; i < scripts.length; i++) {
     const { script, version } = scripts[i];
     try {
-      const executed = await node.isMigrationExecuted({ script, version });
-      if (executed === false) {
+      if (process.env.NODE_ENV === 'development') {
         pending.push(scripts[i]);
+      } else {
+        const executed = await node.isMigrationExecuted({ script, version });
+        if (executed === false) {
+          pending.push(scripts[i]);
+        }
       }
     } catch (err) {
       printError(`Failed to detect migration script execution status: ${script}, error: ${err.message}`);

package/lib/router/helper.js

@@ -223,6 +223,19 @@ const ensureServiceRule = async (sites) => {
     return site;
   });
 };
+const ensureRootRule = async (sites) => {
+  return sites.map((site) => {
+    if (!isBasicSite(site.domain) && !site.rules.some((x) => x.from.pathPrefix === '/')) {
+      site.rules.push({
+        from: { pathPrefix: '/' },
+        to: {
+          type: ROUTING_RULE_TYPES.NONE,
+        },
+      });
+    }
+    return site;
+  });
+};
 
 const ensureLatestNodeInfo = async (sites = [], { withDefaultCors = true } = {}) => {
   const info = await states.node.read();
@@ -419,6 +432,13 @@ const decompressCertificates = async (source, dest) => {
   return dest;
 };
 
+const joinCertDownUrl = (baseUrl, name) => joinUrl(baseUrl, '/certs', name);
+
+const getIpEchoCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'ip-abtnet-io.tar.gz');
+const getDidDomainCertDownloadUrl = (baseUrl) => joinCertDownUrl(baseUrl, 'did-abtnet-io.tar.gz');
+const getDownloadCertBaseUrl = (info) =>
+  process.env.ABT_NODE_WILDCARD_CERT_HOST || get(info, 'routing.wildcardCertHost', '');
+
 module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager }) {
   const nodeState = states.node;
   const blockletState = states.blocklet;
@@ -428,46 +448,13 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   // site level duplication detection
   const hasRuleByPrefix = (site, value) => site.rules.find((x) => x.isProtected && get(x, 'from.pathPrefix') === value);
 
-  const updateDashboardCertificate = async ({ checkExpire = true }) => {
-    const info = await nodeState.read();
-    const provider = getProviderFromNodeInfo(info);
-    if (provider === ROUTER_PROVIDER_NONE) {
-      return;
-    }
-
-    const https = get(info, 'routing.https', true);
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
-    const certDownloadAddress =
-      process.env.ABT_NODE_DASHBOARD_CERT_DOWN_URL || get(info, 'routing.dashboardCertDownloadAddress', '');
-    if (!https || !dashboardDomain || !certDownloadAddress) {
-      return;
-    }
-
-    if (checkExpire) {
-      try {
-        const cert = await routerManager.findCertificateByDomain(dashboardDomain);
-        if (!cert) {
-          return;
-        }
-
-        const now = Date.now();
-        const certInfo = getHttpsCertInfo(cert.certificate);
-        if (certInfo.validTo - now >= CERTIFICATE_EXPIRES_OFFSET) {
-          logger.info('skip dashboard certificate update before not expired');
-          return;
-        }
-      } catch (err) {
-        logger.error('failed to check dashboard certificate expiration', { error: err });
-        return;
-      }
-    }
-
+  const downloadCert = async ({ domain, url }) => {
     const destFolder = getTmpDirectory(path.join(`certificate-${Date.now()}`));
     try {
       const filename = path.join(destFolder, 'certificate.tar.gz');
       fs.ensureDirSync(destFolder);
 
-      await downloadFile(certDownloadAddress, filename);
+      await downloadFile(url, filename);
       await decompressCertificates(filename, destFolder);
 
       const certificateFilePath = path.join(destFolder, 'cert.pem');
@@ -485,7 +472,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       const privateKey = fs.readFileSync(privateKeyFilePath).toString();
 
       await certManager.upsertByDomain({
-        domain: dashboardDomain,
+        domain,
         privateKey,
         certificate,
         isProtected: true,
@@ -499,23 +486,68 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     }
   };
 
-  const ensureDashboardCertificate = async () => {
+  const updateCert = async (domain, url) => {
+    try {
+      const cert = await routerManager.findCertificateByDomain(domain);
+      if (!cert) {
+        return;
+      }
+
+      const now = Date.now();
+      const certInfo = getHttpsCertInfo(cert.certificate);
+      if (certInfo.validTo - now >= CERTIFICATE_EXPIRES_OFFSET) {
+        logger.info('skip dashboard certificate update before not expired', { domain, url });
+        return;
+      }
+
+      await downloadCert({
+        domain,
+        url,
+      });
+    } catch (err) {
+      logger.error('failed to check dashboard certificate expiration', { error: err, domain, url });
+    }
+  };
+
+  const updateDashboardCertificates = async () => {
     const info = await nodeState.read();
-    const downloadUrl = get(info, 'routing.dashboardCertDownloadAddress', '');
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
-    if (!dashboardDomain || !downloadUrl) {
-      throw new Error('dashboardCertDownloadAddress and dashboardDomain are not found in the routing configs');
+    const provider = getProviderFromNodeInfo(info);
+    if (provider === ROUTER_PROVIDER_NONE) {
+      return;
     }
 
-    const cert = await certManager.getByDomain(dashboardDomain);
-    if (cert) {
-      return { status: 'existed' };
+    const https = get(info, 'routing.https', true);
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
+    const didDomain = info.didDomain;
+    const certDownloadAddress = getDownloadCertBaseUrl(info);
+    if (!https || !certDownloadAddress) {
+      return;
     }
 
-    logger.debug('downloading dashboard ip-domain certificate', { url: downloadUrl, dashboardDomain });
-    await updateDashboardCertificate({ checkExpire: false });
-    logger.debug('downloaded dashboard ip-domain certificate', { url: downloadUrl, dashboardDomain });
-    return { status: 'downloaded' };
+    await updateCert(ipWildcardDomain, getIpEchoCertDownloadUrl(certDownloadAddress));
+    await updateCert(`*.${didDomain}`, getDidDomainCertDownloadUrl(certDownloadAddress));
+  };
+
+  const ensureWildcardCerts = async () => {
+    const info = await nodeState.read();
+    const didDomain = info.didDomain;
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
+
+    const ensureDomainCert = async (domain, url) => {
+      const cert = await certManager.getByDomain(domain);
+      if (!cert) {
+        await downloadCert({
+          domain,
+          url,
+        });
+      }
+    };
+
+    const certBaseUrl = getDownloadCertBaseUrl(info);
+    await Promise.all([
+      ensureDomainCert(ipWildcardDomain, getIpEchoCertDownloadUrl(certBaseUrl)),
+      ensureDomainCert(`*.${didDomain}`, getDidDomainCertDownloadUrl(certBaseUrl)),
+    ]);
   };
 
   const upsertSiteRule = async ({ site, rule }, context) => {
@@ -658,9 +690,9 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
         return domainAlias === item;
       });
 
-    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
+    const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', '');
     const didDomain = `${info.did.toLowerCase()}.${info.didDomain}`;
-    let dashboardAliasDomains = [dashboardDomain, didDomain];
+    let dashboardAliasDomains = [ipWildcardDomain, didDomain];
 
     dashboardAliasDomains = dashboardAliasDomains
       .filter((item) => item && !isExistsInAlias(item))
@@ -1159,6 +1191,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
             sites = await ensureLatestInfo(sites);
             sites = await ensureAuthService(sites, blockletManager);
             sites = await ensureServiceRule(sites);
+            sites = await ensureRootRule(sites);
 
             const certificates = httpsEnabled ? await certManager.getAllNormal() : [];
 
@@ -1388,7 +1421,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     getSitesFromSnapshot,
     getCertificates,
     checkDomain,
-    ensureDashboardCertificate,
+    ensureWildcardCerts,
     addWellknownSite,
     upsertSiteRule,
 
@@ -1396,7 +1429,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       {
         name: 'update-dashboard-certificate',
         time: '0 1 */6 * * *', // refetch on 0:00, 6:00, etc.
-        fn: () => updateDashboardCertificate({ checkExpire: true }),
+        fn: () => updateDashboardCertificates(),
         options: { runOnInit: true },
       },
       {

package/lib/router/index.js

@@ -5,7 +5,7 @@ const {
   DOMAIN_FOR_DEFAULT_SITE,
   DOMAIN_FOR_IP_SITE_REGEXP,
   ROUTING_RULE_TYPES,
-  DEFAULT_DASHBOARD_DOMAIN,
+  DEFAULT_IP_DOMAIN,
   BLOCKLET_PROXY_PATH_PREFIX,
   BLOCKLET_SITE_GROUP_SUFFIX,
 } = require('@abtnode/constant');
@@ -60,12 +60,12 @@ const getRoutingTable = ({ sites, nodeInfo }) => {
   let routingTable = Router.formatSites(sites);
   routingTable = expandSites(routingTable);
 
-  // put dashboardDomain to last, to let blockletDomain match first
+  // put ipWildcardDomain to last, to let blockletDomain match first
   // e.g.
-  //  dashboardDomain: 192-168-3-2.ip.abtnet.io
+  //  ipWildcardDomain: 192-168-3-2.ip.abtnet.io
   //  blockletDomain: static-demo-xxx-192-168-3-2.ip.abtnet.io
-  const dashboardDomain = get(nodeInfo, 'routing.dashboardDomain', '');
-  const index = routingTable.findIndex((x) => x.domain === dashboardDomain);
+  const ipWildcardDomain = get(nodeInfo, 'routing.ipWildcardDomain', '');
+  const index = routingTable.findIndex((x) => x.domain === ipWildcardDomain);
   if (index > -1) {
     routingTable.push(...routingTable.splice(index, 1));
   }
@@ -219,11 +219,11 @@ Router.formatSites = (sites = []) => {
 
 Router.flattenSitesToRules = (sites = [], info = {}) => {
   const result = [];
-  const dashboardDomain = get(info, 'routing.dashboardDomain', DEFAULT_DASHBOARD_DOMAIN);
+  const ipWildcardDomain = get(info, 'routing.ipWildcardDomain', DEFAULT_IP_DOMAIN);
   sites.forEach((site) => {
     const aliases = (site.domainAliases || [])
       .map((x) => (typeof x === 'string' ? x : x.value))
-      .filter((x) => x !== dashboardDomain)
+      .filter((x) => x !== ipWildcardDomain)
       .filter(Boolean);
 
     if (Array.isArray(site.rules) && site.rules.length > 0) {

package/lib/states/blocklet.js

@@ -9,6 +9,7 @@ const detectPort = require('detect-port');
 const Lock = require('@abtnode/util/lib/lock');
 const security = require('@abtnode/util/lib/security');
 const { fixPerson, fixInterfaces } = require('@blocklet/meta/lib/fix');
+const { getDisplayName } = require('@blocklet/meta/lib/util');
 const {
   BlockletStatus,
   BlockletSource,
@@ -25,6 +26,7 @@ const { validateBlockletMeta } = require('../util');
 
 const lock = new Lock('blocklet-port-assign-lock');
 
+const isHex = (str) => /^0x[0-9a-f]+$/i.test(str);
 const getMaxPort = (ports = {}) => Math.max(Object.values(ports).map(Number));
 
 const getExternalPortsFromMeta = (meta) =>
@@ -50,10 +52,10 @@ const formatBlocklet = (blocklet, phase, dek) => {
         if (!env) {
           return;
         }
-        if (phase === 'onUpdate' && env.value.indexOf('0x') === 0) {
+        if (phase === 'onUpdate' && isHex(env.value) === true) {
           env.value = security.encrypt(env.value, b.meta.did, dek);
         }
-        if (phase === 'onRead' && env.value.indexOf('0x') === -1) {
+        if (phase === 'onRead' && isHex(env.value) === false) {
           env.value = security.decrypt(env.value, b.meta.did, dek);
         }
       });
@@ -243,20 +245,17 @@ class BlockletState extends BaseState {
             await this.fillChildrenPorts(children, { oldChildren: doc.children, defaultPort: getMaxPort(ports) });
 
             // add to db
-            const newDoc = await this.updateById(doc._id, {
-              $set: {
-                meta: omit(sanitized, ['htmlAst']),
-                source,
-                deployedFrom,
-                children,
-                ports,
-              },
+            const newDoc = await this.updateBlocklet(meta.did, {
+              meta: omit(sanitized, ['htmlAst']),
+              source,
+              deployedFrom,
+              children,
+              ports,
             });
             lock.release();
 
-            const formatted = formatBlocklet(newDoc, 'onRead', this.options.dek);
-            this.emit('upgrade', formatted);
-            resolve(formatted);
+            this.emit('upgrade', newDoc);
+            resolve(newDoc);
           } catch (err) {
             lock.release();
             reject(err);
@@ -446,8 +445,7 @@ class BlockletState extends BaseState {
       return child;
     });
 
-    await this.update(doc._id, { $set: updates });
-    return formatBlocklet({ ...doc, ...updates }, 'onRead', this.options.dek);
+    return this.updateBlocklet(did, updates);
   }
 
   async fillChildrenPorts(children, { defaultPort = 0, oldChildren } = {}) {
@@ -511,7 +509,7 @@ class BlockletState extends BaseState {
       const { meta, mountPoint, sourceUrl = '', source = '', deployedFrom = '' } = child;
 
       if (!mountPoint) {
-        throw new Error(`mountPoint is required when adding component ${meta.title || meta.name}`);
+        throw new Error(`mountPoint is required when adding component ${getDisplayName(child, true)}`);
       }
 
       if (meta.did === parent.meta.did) {
@@ -542,5 +540,6 @@ class BlockletState extends BaseState {
 }
 
 BlockletState.BlockletStatus = BlockletStatus;
+BlockletState.formatBlocklet = formatBlocklet;
 
 module.exports = BlockletState;

package/lib/states/node.js

@@ -92,7 +92,7 @@ class NodeState extends BaseState {
           mode,
           runtimeConfig,
           ownerNft,
-          launcherInfo,
+          launcher,
           didRegistry,
           didDomain,
           enablePassportIssuance = true,
@@ -128,7 +128,7 @@ class NodeState extends BaseState {
                 runtimeConfig,
                 ownerNft,
                 diskAlertThreshold: DISK_ALERT_THRESHOLD_PERCENT,
-                launcherInfo: launcherInfo || undefined,
+                launcher: launcher || undefined,
                 didRegistry,
                 didDomain,
                 enablePassportIssuance,
@@ -162,7 +162,8 @@ class NodeState extends BaseState {
   // FIXME: 这个接口比较危险，可能会修改一些本不应该修改的字段，后续需要考虑改进
   async updateNodeInfo(entity = {}) {
     const record = await this.read();
-    const updateResult = await this.update(record._id, { $set: omit(entity, ['ownerNft']) });
+
+    const updateResult = await this.update(record._id, { $set: omit(entity, ['ownerNft', 'sk']) });
     this.emit('node.updated', updateResult, record);
     return updateResult;
   }

package/lib/util/blocklet.js

@@ -42,7 +42,7 @@ const validateBlockletEntry = require('@blocklet/meta/lib/entry');
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 const { validateMeta, fixAndValidateService } = require('@blocklet/meta/lib/validate');
-const { forEachBlocklet } = require('@blocklet/meta/lib/util');
+const { forEachBlocklet, isFreeBlocklet, getDisplayName } = require('@blocklet/meta/lib/util');
 
 const { validate: validateEngine, get: getEngine } = require('../blocklet/manager/engine');
 
@@ -951,7 +951,7 @@ const getRuntimeInfo = async (appId) => {
 
 /**
  * merge services
- * from meta.children[].mountPoints[].services
+ * from meta.children[].mountPoints[].services, meta.children[].services
  * to childrenMeta[].interfaces[].services
  *
  * @param {array<child>|object{children:array}} source e.g. [<config>] or { children: [<config>] }
@@ -993,6 +993,23 @@ const mergeMeta = (source, childrenMeta = []) => {
         childInterface.services = services;
       }
     });
+
+    if (config.services) {
+      const childInterface = findWebInterface(childMeta);
+      if (childInterface) {
+        // merge
+        const services = childInterface.services || [];
+        config.services.forEach((x) => {
+          const index = services.findIndex((y) => y.name === x.name);
+          if (index >= 0) {
+            services.splice(index, 1, x);
+          } else {
+            services.push(x);
+          }
+        });
+        childInterface.services = services;
+      }
+    }
   });
 };
 
@@ -1052,7 +1069,7 @@ const checkDuplicateComponents = (dynamicComponents, staticComponents) => {
   if (duplicates.length) {
     throw new Error(
       `Cannot add duplicate component${duplicates.length > 1 ? 's' : ''}: ${duplicates
-        .map((x) => x.meta.title || x.meta.name)
+        .map((x) => getDisplayName(x, true))
         .join(', ')}`
     );
   }
@@ -1117,6 +1134,18 @@ const needBlockletDownload = (blocklet, oldBlocklet) => {
   return true;
 };
 
+const verifyPurchase = (meta, opts = {}) => {
+  if (opts.blockletPurchaseVerified) {
+    return true;
+  }
+
+  if (isFreeBlocklet(meta)) {
+    return true;
+  }
+
+  throw new Error('Can not install a non-free blocklet directly');
+};
+
 module.exports = {
   forEachBlocklet,
   getBlockletMetaFromUrl,
@@ -1152,4 +1181,5 @@ module.exports = {
   getDiffFiles,
   getBundleDir,
   needBlockletDownload,
+  verifyPurchase,
 };

package/lib/util/get-accessible-external-node-ip.js

@@ -1,9 +1,9 @@
 const joinUrl = require('url-join');
 const axios = require('@abtnode/util/lib/axios');
-const { DEFAULT_DASHBOARD_DOMAIN, DEFAULT_ADMIN_PATH } = require('@abtnode/constant');
+const { DEFAULT_IP_DOMAIN, DEFAULT_ADMIN_PATH } = require('@abtnode/constant');
 const { get: getIp } = require('./ip');
 
-const getNodeDomain = (ip) => (ip ? DEFAULT_DASHBOARD_DOMAIN.replace(/^\*/, ip.replace(/\./g, '-')) : '');
+const getNodeDomain = (ip) => (ip ? DEFAULT_IP_DOMAIN.replace(/^\*/, ip.replace(/\./g, '-')) : '');
 
 let cache = null;
 

package/lib/util/get-domain-for-blocklet.js

@@ -1,5 +1,6 @@
 const slugify = require('slugify');
 const { DEFAULT_IP_DNS_DOMAIN_SUFFIX } = require('@abtnode/constant');
+const md5 = require('@abtnode/util/lib/md5');
 
 const SLOT_FOR_IP_DNS_SITE = '888-888-888-888';
 
@@ -17,7 +18,9 @@ const getIpDnsDomainForBlocklet = (blocklet, blockletInterface) => {
 };
 
 const getDidDomainForBlocklet = ({ name, daemonDid, didDomain }) => {
-  return `${formatName(name)}-${daemonDid.toLowerCase()}.${didDomain}`;
+  const prefix = md5(name).substring(0, 8);
+
+  return `${prefix}-${daemonDid.toLowerCase()}.${didDomain}`;
 };
 
 module.exports = { getIpDnsDomainForBlocklet, getDidDomainForBlocklet };

package/lib/util/index.js

@@ -373,7 +373,7 @@ const getBaseUrls = async (node, ips) => {
   if (info.routing.provider !== ROUTER_PROVIDER_NONE && info.routing.snapshotHash && info.routing.adminPath) {
     const sites = await node.getSitesFromSnapshot();
 
-    const { dashboardDomain } = info.routing;
+    const { ipWildcardDomain } = info.routing;
     const adminPath = normalizePathPrefix(info.routing.adminPath);
     const tmpHttpPort = getPort(httpPort, DEFAULT_HTTP_PORT);
 
@@ -383,12 +383,12 @@ const getBaseUrls = async (node, ips) => {
       };
     });
 
-    if (dashboardDomain) {
-      const site = sites.find((c) => (c.domainAliases || []).find((item) => item.value === dashboardDomain));
+    if (ipWildcardDomain) {
+      const site = sites.find((c) => (c.domainAliases || []).find((item) => item.value === ipWildcardDomain));
       if (site) {
-        const httpInfo = await getHttpInfo(dashboardDomain);
+        const httpInfo = await getHttpInfo(ipWildcardDomain);
         const httpsUrls = availableIps.map((ip) => ({
-          url: `${httpInfo.protocol}://${transformIPToDomain(ip)}.${dashboardDomain.substring(2)}${
+          url: `${httpInfo.protocol}://${transformIPToDomain(ip)}.${ipWildcardDomain.substring(2)}${
             httpInfo.port
           }${adminPath}`,
         }));

package/lib/util/registry.js

@@ -0,0 +1,90 @@
+const joinURL = require('url-join');
+const pick = require('lodash/pick');
+const isBase64 = require('is-base64');
+
+const { BLOCKLET_STORE_API_PREFIX, BLOCKLET_STORE_META_PATH } = require('@abtnode/constant');
+
+const { name } = require('../../package.json');
+const logger = require('@abtnode/logger')(`${name}:util:registry`); // eslint-disable-line
+
+const request = require('./request');
+
+const validateRegistryURL = async (registry) => {
+  const url = joinURL(registry, BLOCKLET_STORE_API_PREFIX, `/blocklets.json?__t__=${Date.now()}`);
+  try {
+    const res = await request.get(url);
+    if (Array.isArray(res.data)) {
+      return res.data;
+    }
+
+    logger.error('Blocklet list fetch failed ', { url, data: res.data });
+    throw new Error('blocklet list fetch failed');
+  } catch (error) {
+    logger.error('Blocklet registry refresh failed', { url, error });
+    throw new Error(`Invalid Blocklet Registry URL ${registry}: ${error.message}`);
+  }
+};
+
+const getRegistryMeta = async (registry) => {
+  try {
+    const url = joinURL(registry, BLOCKLET_STORE_META_PATH, `?__t__=${Date.now()}`);
+    const { data } = await request.get(url);
+
+    if (!data) {
+      return {};
+    }
+
+    const requiredFields = ['name', 'description', 'maintainer'];
+
+    const missingFields = requiredFields.filter((x) => !data[x]);
+    if (missingFields.length > 0) {
+      throw new Error(`the registry missing required information: ${missingFields.join(', ')}`);
+    }
+
+    const result = pick(data, ['id', 'name', 'description', 'maintainer', 'cdnUrl', 'chainHost']);
+    const { logoUrl } = data;
+    if (logoUrl) {
+      if (logoUrl.startsWith('http') === true) {
+        result.logoUrl = logoUrl;
+      } else if (isBase64(logoUrl, { allowMime: true })) {
+        result.logoUrl = logoUrl;
+      } else {
+        result.logoUrl = joinURL(registry, logoUrl);
+      }
+    }
+
+    return result;
+  } catch (err) {
+    throw new Error(`Can not get meta info for registry [${registry}]: ${err.message}`);
+  }
+};
+
+const parseSourceUrl = async (url) => {
+  const { origin, pathname } = new URL(url);
+
+  const match = pathname.match(/^\/api\/blocklets\/(\w*)\/blocklet\.json/);
+  if (match) {
+    try {
+      const m = await getRegistryMeta(origin);
+      if (m && m.id) {
+        return {
+          inStore: true,
+          registryUrl: origin,
+          blockletDid: match[1],
+        };
+      }
+    } catch {
+      // meat is not in store, do nothing
+    }
+  }
+
+  return {
+    inStore: false,
+  };
+};
+
+module.exports = {
+  validateRegistryURL,
+  getRegistryMeta,
+  parseSourceUrl,
+};

package/lib/util/service.js

@@ -1,30 +1,15 @@
 const fs = require('fs-extra');
-const { NODE_SERVICES } = require('@abtnode/constant');
-
-const servicesNames = Object.values(NODE_SERVICES);
 
 const getServices = ({ stringifySchema = false } = {}) =>
-  servicesNames
+  ['auth']
     .map((x) => {
-      const service = {};
-
-      // Read service meta
-      try {
-        const packageFile = require.resolve(`${x}/package.json`);
-        const { name, description, version } = fs.readJSONSync(packageFile);
-        service.name = name;
-        service.description = description || name;
-        service.version = version;
-      } catch (err) {
-        return null;
-      }
+      let service;
 
-      // Read service config: optional
       try {
-        const schemaFile = require.resolve(`${x}/api/schema.json`);
-        service.schema = fs.readJSONSync(schemaFile);
+        const metaFile = require.resolve(`@abtnode/blocklet-services/services/${x}/meta.json`);
+        service = fs.readJSONSync(metaFile);
       } catch (err) {
-        service.schema = {};
+        service = {};
       }
 
       if (stringifySchema) {

package/lib/webhook/index.js

@@ -1,13 +1,13 @@
 const logger = require('@abtnode/logger')('@abtnode/core:webhook:index');
-const upperFirst = require('lodash/upperFirst');
 
+const sortPriorityUrl = require('@abtnode/util/lib/sort-priority-url');
 const WebHookSender = require('./sender');
 const createQueue = require('../queue');
 const IP = require('../util/ip');
 const states = require('../states');
 const { getBaseUrls } = require('../util');
 
-const getSlackUrlInfo = (actionPath = '/notifications', urls) => {
+const getSlackUrlInfo = async (actionPath = '/notifications', urls) => {
   const info = [];
 
   if (actionPath && actionPath.startsWith('/blocklet/')) {
@@ -28,29 +28,27 @@ const getSlackUrlInfo = (actionPath = '/notifications', urls) => {
     });
   }
 
-  const httpUrls = urls.filter((x) => x.url.startsWith('http://'));
-  const httpsUrls = urls.filter((x) => x.url.startsWith('https://'));
-
-  const showUrls = httpsUrls.length ? httpsUrls : httpUrls;
-  const elements = [];
-  showUrls.forEach((x) => {
-    const { protocol } = new URL(x.url);
-    const normalized = `${x.url}${actionPath}`.replace(`${protocol}//`, '').replace(/\/+/g, '/');
-    const url = `${protocol}//${normalized}`;
-    elements.push({
-      type: 'button',
-      text: {
-        type: 'plain_text',
-        text: `${upperFirst(x.type)} Address`,
-      },
-      style: 'primary',
-      value: `${upperFirst(x.type)} Address`,
-      url,
-    });
-  });
+  const prioritys = await sortPriorityUrl(urls);
+  const priorityUrl = prioritys[0].url;
+
+  const { protocol } = new URL(priorityUrl);
+  const normalized = `${priorityUrl}${actionPath}`.replace(`${protocol}//`, '').replace(/\/+/g, '/');
+  const url = `${protocol}//${normalized}`;
+
   info.push({
     type: 'actions',
-    elements,
+    elements: [
+      {
+        type: 'button',
+        text: {
+          type: 'plain_text',
+          text: 'Click Me',
+        },
+        style: 'primary',
+        value: 'Click Me',
+        url,
+      },
+    ],
   });
 
   return info;
@@ -66,7 +64,7 @@ module.exports = ({ events, dataDirs, instance }) => {
       const webhookList = await webhookState.list();
       const nodeInfo = await nodeState.read();
       const { internal, external } = await IP.get();
-      const baseUrls = await getBaseUrls(instance, [internal, external]);
+      const baseUrls = await getBaseUrls(instance, [external, internal]);
       const senderFns = {};
 
       if (webhookList.length) {
@@ -79,7 +77,8 @@ module.exports = ({ events, dataDirs, instance }) => {
           const { name } = nodeInfo;
           const options = { ...message, nodeInfo: `*${name}*` };
           if (item.type === 'slack') {
-            options.urlInfo = getSlackUrlInfo(message.action, baseUrls);
+            // eslint-disable-next-line
+            options.urlInfo = await getSlackUrlInfo(message.action, baseUrls);
           }
           try {
             // eslint-disable-next-line

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.20",
+  "version": "1.6.23",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,28 +19,28 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/certificate-manager": "1.6.20",
-    "@abtnode/constant": "1.6.20",
-    "@abtnode/cron": "1.6.20",
-    "@abtnode/db": "1.6.20",
-    "@abtnode/logger": "1.6.20",
-    "@abtnode/queue": "1.6.20",
-    "@abtnode/rbac": "1.6.20",
-    "@abtnode/router-provider": "1.6.20",
-    "@abtnode/static-server": "1.6.20",
-    "@abtnode/timemachine": "1.6.20",
-    "@abtnode/util": "1.6.20",
-    "@arcblock/did": "^1.14.13",
-    "@arcblock/event-hub": "1.14.13",
+    "@abtnode/certificate-manager": "1.6.23",
+    "@abtnode/constant": "1.6.23",
+    "@abtnode/cron": "1.6.23",
+    "@abtnode/db": "1.6.23",
+    "@abtnode/logger": "1.6.23",
+    "@abtnode/queue": "1.6.23",
+    "@abtnode/rbac": "1.6.23",
+    "@abtnode/router-provider": "1.6.23",
+    "@abtnode/static-server": "1.6.23",
+    "@abtnode/timemachine": "1.6.23",
+    "@abtnode/util": "1.6.23",
+    "@arcblock/did": "^1.14.19",
+    "@arcblock/event-hub": "1.14.19",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "^1.14.13",
-    "@blocklet/meta": "1.6.20",
+    "@arcblock/vc": "^1.14.19",
+    "@blocklet/meta": "1.6.23",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.2.2",
     "@nedb/multi": "^1.2.2",
-    "@ocap/mcrypto": "^1.14.13",
-    "@ocap/util": "^1.14.13",
-    "@ocap/wallet": "^1.14.13",
+    "@ocap/mcrypto": "^1.14.19",
+    "@ocap/util": "^1.14.19",
+    "@ocap/wallet": "^1.14.19",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.25.0",
     "axon": "^2.0.3",
@@ -75,5 +75,5 @@
     "express": "^4.17.1",
     "jest": "^27.4.5"
   },
-  "gitHead": "e695a9fa4e2cbf7fcef554be3309090c37919d94"
+  "gitHead": "6c478fb7e2a30b302981b5339f349c69134e022e"
 }