@abtnode/core 1.6.3 → 1.6.4

package/lib/blocklet/extras.js

@@ -1,7 +1,9 @@
 const uniqBy = require('lodash/uniqBy');
+const cloneDeep = require('lodash/cloneDeep');
+const security = require('@abtnode/util/lib/security');
 const { BLOCKLET_CONFIGURABLE_KEY } = require('@blocklet/meta/lib/constants');
 
-const mergeConfigs = (oldConfigs, newConfigs = []) => {
+const mergeConfigs = ({ old: oldConfigs, cur: newConfigs = [], did = '', dek = '' }) => {
   const metaConfigs = (oldConfigs || []).filter((x) => !x.custom);
   const customConfigs = (oldConfigs || []).filter((x) => x.custom);
 
@@ -23,6 +25,14 @@ const mergeConfigs = (oldConfigs, newConfigs = []) => {
     return acc;
   }, {});
 
+  if (dek && did) {
+    newConfigs.forEach((x) => {
+      if (x.secure) {
+        x.value = security.encrypt(x.value, did, dek);
+      }
+    });
+  }
+
   // newConfig 为用户传的,也可以是从环境变量中去读的
   const uniqConfigs = uniqBy(newConfigs, (x) => x.key || x.name);
 
@@ -105,6 +115,21 @@ const mergeConfigs = (oldConfigs, newConfigs = []) => {
   return mergedConfig;
 };
 
+const parseConfigs = ({ data, did, dek }) => {
+  if (dek && did && Array.isArray(data)) {
+    return cloneDeep(data).map((x) => {
+      if (x.secure) {
+        x.value = security.decrypt(x.value, did, dek);
+      }
+
+      return x;
+    });
+  }
+
+  return data;
+};
+
 module.exports = {
   mergeConfigs,
+  parseConfigs,
 };

package/lib/blocklet/manager/disk.js

@@ -23,7 +23,7 @@ const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
 const { BLOCKLET_PURCHASE_NFT_TYPE } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
-const { isFreeBlocklet } = require('@blocklet/meta/lib/payment');
+const { isFreeBlocklet } = require('@blocklet/meta/lib/util');
 const validateBlockletEntry = require('@blocklet/meta/lib/entry');
 const { getRequiredMissingConfigs } = require('@blocklet/meta/lib/util');
 

package/lib/index.js

@@ -1,4 +1,5 @@
-const { listProviders } = require('@abtnode/router-provider');
+const fs = require('fs');
+const path = require('path');
 const md5 = require('@abtnode/util/lib/md5');
 const Cron = require('@abtnode/cron');
 
@@ -9,6 +10,7 @@ const {
   fromBlockletSource,
   toBlockletSource,
 } = require('@blocklet/meta/lib/constants');
+const { listProviders } = require('@abtnode/router-provider');
 
 const RoutingSnapshot = require('./states/routing-snapshot');
 const BlockletRegistry = require('./blocklet/registry');
@@ -53,6 +55,11 @@ function ABTNode(options) {
     throw new Error('Can not initialize ABTNode without dataDir');
   }
 
+  const ekFile = path.join(options.dataDir, '.sock');
+  if (fs.existsSync(ekFile)) {
+    options.dek = fs.readFileSync(ekFile);
+  }
+
   if (typeof options.daemon === 'undefined') {
     options.daemon = false;
   }

package/lib/migrations/1.6.4-security.js

@@ -0,0 +1,43 @@
+/* eslint-disable no-await-in-loop */
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+const yaml = require('js-yaml');
+const cloneDeep = require('lodash/cloneDeep');
+const security = require('@abtnode/util/lib/security');
+
+module.exports = async ({ states, configFile, dataDir }) => {
+  if (process.env.CI) {
+    return;
+  }
+
+  const file = path.join(dataDir, '.sock');
+  if (fs.existsSync(file)) {
+    return;
+  }
+
+  try {
+    fs.writeFileSync(file, crypto.randomBytes(32), { encoding: 'binary', mode: '0600' });
+
+    const config = yaml.safeLoad(fs.readFileSync(configFile).toString(), { json: true });
+    config.node.sk = security.encrypt(config.node.sk, config.node.did, fs.readFileSync(file));
+    fs.writeFileSync(configFile, yaml.dump(config));
+    await states.node.updateNodeInfo({ sk: config.node.sk });
+
+    const items = await states.blockletExtras.find();
+    for (const item of items) {
+      const newConfigs = cloneDeep(item.configs || []).map((c) => {
+        if (c.secure) {
+          c.value = security.encrypt(c.value, item.did, fs.readFileSync(file));
+        }
+
+        return c;
+      });
+
+      await states.blockletExtras.update({ did: item.did }, { $set: { configs: newConfigs } });
+    }
+  } catch (err) {
+    console.error(err);
+    throw err;
+  }
+};

package/lib/router/index.js

@@ -1,4 +1,5 @@
 const get = require('lodash/get');
+const pick = require('lodash/pick');
 const cloneDeep = require('lodash/cloneDeep');
 const {
   DOMAIN_FOR_DEFAULT_SITE,
@@ -9,7 +10,6 @@ const {
   BLOCKLET_SITE_GROUP_SUFFIX,
 } = require('@abtnode/constant');
 const { BLOCKLET_UI_INTERFACES } = require('@blocklet/meta/lib/constants');
-const { pick } = require('lodash');
 const logger = require('@abtnode/logger')('@abtnode/core:router');
 
 const expandSites = (sites = []) => {

package/lib/states/blocklet-extras.js

@@ -6,7 +6,9 @@ const camelCase = require('lodash/camelCase');
 
 const BaseState = require('./base');
 
-const { mergeConfigs } = require('../blocklet/extras');
+const { mergeConfigs, parseConfigs } = require('../blocklet/extras');
+
+const noop = (k) => (v) => v[k];
 
 class BlockletExtrasState extends BaseState {
   constructor(baseDir, options = {}) {
@@ -17,12 +19,13 @@ class BlockletExtrasState extends BaseState {
       {
         name: 'configs',
         beforeSet: mergeConfigs,
+        afterGet: parseConfigs,
       },
 
       // setting
       {
         name: 'settings',
-        beforeSet: (old, cur) => {
+        beforeSet: ({ old, cur }) => {
           const merged = { ...old, ...cur };
           Object.keys(merged).forEach((key) => {
             if (merged[key] === undefined || merged[key] === null) {
@@ -67,22 +70,23 @@ class BlockletExtrasState extends BaseState {
 
   generateGetFn(extra) {
     return async (did) => {
-      const { name } = extra;
+      const { dek } = this.options;
+      const { name, afterGet = noop('data') } = extra;
       const item = await this.asyncDB.findOne({ did });
-      return item ? item[name] : item;
+      return afterGet({ data: item ? item[name] : item, did, dek });
     };
   }
 
   generateSetFn(extra) {
     return async (did, data) => {
-      const { name, beforeSet } = extra;
-      const hasBeforeSet = beforeSet && typeof beforeSet === 'function';
+      const { dek } = this.options;
+      const { name, beforeSet = noop('cur') } = extra;
       const item = await this.asyncDB.findOne({ did });
 
       if (!item) {
         const insertData = {
           did,
-          [name]: hasBeforeSet ? beforeSet(undefined, data) : data,
+          [name]: beforeSet({ old: undefined, cur: data, did, dek }),
         };
 
         const info = await this.asyncDB.insert(insertData);
@@ -93,7 +97,7 @@ class BlockletExtrasState extends BaseState {
       const itemNameValue = item[name];
       const updated = await this.update(item._id, {
         $set: {
-          [name]: hasBeforeSet ? beforeSet(itemNameValue, data) : data,
+          [name]: beforeSet({ old: itemNameValue, cur: data, did, dek }),
         },
       });
       return updated[name];
@@ -132,22 +136,23 @@ class BlockletExtrasState extends BaseState {
 
   generateGetChildFn(extra) {
     return async (did, childDid) => {
-      const { name } = extra;
+      const { dek } = this.options;
+      const { name, afterGet = noop('data') } = extra;
       const item = await this.asyncDB.findOne({ did });
       const children = (item || {}).children || [];
       const subItem = (children || []).find((x) => x.did === childDid);
-      return subItem ? subItem[name] : null;
+      return afterGet({ data: subItem ? subItem[name] : null, did, dek });
     };
   }
 
   generateSetChildFn(extra) {
     return async (did, childDid, data) => {
-      const { name, beforeSet } = extra;
-      const hasBeforeSet = beforeSet && typeof beforeSet === 'function';
+      const { dek } = this.options;
+      const { name, beforeSet = noop('cur') } = extra;
       const item = await this.asyncDB.findOne({ did });
 
       if (!item) {
-        const newData = hasBeforeSet ? beforeSet(undefined, data) : data;
+        const newData = beforeSet({ old: undefined, cur: data, did, dek });
         const insertData = {
           did,
           children: [
@@ -168,7 +173,7 @@ class BlockletExtrasState extends BaseState {
       const subItem = (children || []).find((x) => x.did === childDid);
 
       if (!subItem) {
-        const newData = hasBeforeSet ? beforeSet(undefined, data) : data;
+        const newData = beforeSet({ old: undefined, cur: data, did, dek });
         await this.update(item._id, {
           $addToSet: {
             children: {
@@ -182,7 +187,7 @@ class BlockletExtrasState extends BaseState {
         return newData;
       }
 
-      const newData = hasBeforeSet ? beforeSet(subItem[name], data) : data;
+      const newData = beforeSet({ old: subItem[name], cur: data, did, dek });
 
       children.forEach((x) => {
         if (x.did === childDid) {

package/lib/states/node.js

@@ -2,6 +2,7 @@
 const omit = require('lodash/omit');
 const isEqual = require('lodash/isEqual');
 const isEmpty = require('lodash/isEmpty');
+const security = require('@abtnode/util/lib/security');
 const { isFromPublicKey } = require('@arcblock/did');
 const logger = require('@abtnode/logger')('@abtnode/core:node');
 const { ROUTER_PROVIDER_NONE, NODE_MODES, DISK_ALERT_THRESHOLD_PERCENT } = require('@abtnode/constant');
@@ -58,6 +59,7 @@ class NodeState extends BaseState {
    */
   read() {
     return new Promise((resolve, reject) => {
+      const { nodeDid, dek } = this.options;
       this.db.findOne({ did: this.options.nodeDid }, (err, record) => {
         if (err) {
           // eslint-disable-next-line no-console
@@ -66,6 +68,10 @@ class NodeState extends BaseState {
         }
 
         if (record) {
+          if (dek) {
+            record.sk = security.decrypt(record.sk, record.did, dek);
+          }
+
           return resolve(record);
         }
 
@@ -74,7 +80,6 @@ class NodeState extends BaseState {
           description,
           nodeSk,
           nodePk,
-          nodeDid,
           nodeOwner,
           port,
           version,
@@ -100,7 +105,7 @@ class NodeState extends BaseState {
                 name,
                 description,
                 pk: nodePk,
-                sk: nodeSk,
+                sk: dek ? security.encrypt(nodeSk, nodeDid, dek) : nodeSk,
                 did: nodeDid,
                 initialized,
                 version,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.3",
+  "version": "1.6.4",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,26 +19,26 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.6.3",
-    "@abtnode/cron": "1.6.3",
-    "@abtnode/logger": "1.6.3",
-    "@abtnode/queue": "1.6.3",
-    "@abtnode/rbac": "1.6.3",
-    "@abtnode/router-provider": "1.6.3",
-    "@abtnode/static-server": "1.6.3",
-    "@abtnode/timemachine": "1.6.3",
-    "@abtnode/util": "1.6.3",
-    "@arcblock/did": "^1.13.71",
-    "@arcblock/event-hub": "1.13.71",
+    "@abtnode/constant": "1.6.4",
+    "@abtnode/cron": "1.6.4",
+    "@abtnode/logger": "1.6.4",
+    "@abtnode/queue": "1.6.4",
+    "@abtnode/rbac": "1.6.4",
+    "@abtnode/router-provider": "1.6.4",
+    "@abtnode/static-server": "1.6.4",
+    "@abtnode/timemachine": "1.6.4",
+    "@abtnode/util": "1.6.4",
+    "@arcblock/did": "^1.13.77",
+    "@arcblock/event-hub": "1.13.77",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "^1.13.71",
-    "@blocklet/meta": "1.6.3",
+    "@arcblock/vc": "^1.13.77",
+    "@blocklet/meta": "1.6.4",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.2.2",
     "@nedb/multi": "^1.2.2",
-    "@ocap/mcrypto": "^1.13.71",
-    "@ocap/util": "^1.13.71",
-    "@ocap/wallet": "^1.13.71",
+    "@ocap/mcrypto": "^1.13.77",
+    "@ocap/util": "^1.13.77",
+    "@ocap/wallet": "^1.13.77",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.21.4",
     "axon": "^2.0.3",
@@ -73,5 +73,5 @@
     "express": "^4.17.1",
     "jest": "^27.3.1"
   },
-  "gitHead": "3642ccce1e0ab0e1937e32a7dc119a9763bc21c2"
+  "gitHead": "1c144cb9fb9a9952bc92f25cabbdb47a378cbd24"
 }