@abtnode/core 1.6.6 → 1.6.7

package/lib/cert.js

@@ -0,0 +1,116 @@
+const { EventEmitter } = require('events');
+const CertificateManager = require('@abtnode/certificate-manager/sdk/manager');
+const logger = require('@abtnode/logger')('@abtnode/core:cert');
+const states = require('./states');
+
+const onCertExpired = async (cert) => {
+  logger.info('send certificate expire notification', { domain: cert.domain });
+  states.notification.create({
+    title: 'SSL Certificate Expired',
+    description: `Your SSL certificate for domain ${cert.domain} has expired, please update it in Blocklet Server`,
+    severity: 'error',
+    entityType: 'certificate',
+    entityId: cert.id,
+  });
+};
+
+const onCertAboutExpire = (cert) => {
+  logger.info('send certificate about-expire notification', { domain: cert.domain });
+  states.notification.create({
+    title: 'SSL Certificate Expire Warning',
+    description: `Your SSL certificate for domain ${cert.domain} will expire in ${
+      cert.expireInDays
+    } days (on ${new Date(cert.validTo).toLocaleString()}), please remember to update it in Blocklet Server`,
+    severity: 'warning',
+    entityType: 'certificate',
+    entityId: cert.id, // eslint-disable-line no-underscore-dangle
+  });
+};
+
+const onCertIssued = (cert) => {
+  states.notification.create({
+    title: 'Certificate Issued',
+    description: `The ${cert.domain} certificate is issued successfully`,
+    severity: 'success',
+    entityType: 'certificate',
+    entityId: cert.id,
+  });
+};
+
+class Cert extends EventEmitter {
+  constructor({ maintainerEmail, dataDir }) {
+    super();
+
+    this.manager = new CertificateManager({ maintainerEmail, dataDir });
+
+    this.manager.on('cert.issued', (cert) => {
+      this.emit('cert.issued', cert);
+      onCertIssued(cert);
+    });
+
+    this.manager.on('cert.expired', onCertExpired);
+    this.manager.on('cert.about_to_expire', onCertAboutExpire);
+  }
+
+  start() {
+    return this.manager.start();
+  }
+
+  static fixCertificate(entity) {
+    // Hack: this logic exists because gql does not allow line breaks in arg values
+    entity.privateKey = entity.privateKey.split('|').join('\n');
+    entity.certificate = entity.certificate.split('|').join('\n');
+  }
+
+  getAll() {
+    return this.manager.getAll();
+  }
+
+  getAllNormal() {
+    return this.manager.getAllNormal();
+  }
+
+  getByDomain(domain) {
+    return this.manager.getByDomain(domain);
+  }
+
+  async add(data) {
+    if (!data.certificate || !data.privateKey) {
+      throw new Error('certificate and privateKey is required');
+    }
+
+    Cert.fixCertificate(data);
+
+    await this.manager.add(data);
+    logger.info('add certificate result', { name: data.name });
+    this.emit('cert.added', data);
+  }
+
+  async issue({ domain }) {
+    logger.info(`generate certificate for ${domain}`);
+
+    return this.manager.issue(domain);
+  }
+
+  async upsertByDomain(data) {
+    return this.manager.upsertByDomain(data);
+  }
+
+  async update(data) {
+    return this.manager.update(data.id, { name: data.name, public: data.public });
+  }
+
+  async remove({ id }) {
+    await this.manager.remove(id);
+    logger.info('delete certificate', { id });
+    this.emit('cert.removed');
+
+    return {};
+  }
+
+  async addWithoutValidations(data) {
+    return this.manager.addWithoutValidations(data);
+  }
+}
+
+module.exports = Cert;

package/lib/index.js

@@ -11,6 +11,7 @@ const {
   toBlockletSource,
 } = require('@blocklet/meta/lib/constants');
 const { listProviders } = require('@abtnode/router-provider');
+const { DEFAULT_CERTIFICATE_EMAIL } = require('@abtnode/constant');
 
 const RoutingSnapshot = require('./states/routing-snapshot');
 const BlockletRegistry = require('./blocklet/registry');
@@ -22,6 +23,7 @@ const NodeAPI = require('./api/node');
 const TeamAPI = require('./api/team');
 const WebHook = require('./webhook');
 const states = require('./states');
+const Cert = require('./cert');
 
 const IP = require('./util/ip');
 const DomainStatus = require('./util/domain-status');
@@ -108,7 +110,11 @@ function ABTNode(options) {
   // Initialize storage
   states.init(dataDirs, options);
 
-  const routerManager = new RouterManager();
+  const certManager = new Cert({
+    maintainerEmail: DEFAULT_CERTIFICATE_EMAIL,
+    dataDir: dataDirs.certManagerModule,
+  });
+  const routerManager = new RouterManager({ certManager });
   const routingSnapshot = new RoutingSnapshot({
     baseDir: dataDirs.core,
     getRoutingData: async () => {
@@ -117,7 +123,6 @@ function ABTNode(options) {
       return { sites };
     },
   });
-
   const blockletRegistry = new BlockletRegistry();
   const blockletManager = new BlockletManager({
     dataDirs,
@@ -127,6 +132,8 @@ function ABTNode(options) {
     daemon: options.daemon,
   });
 
+  certManager.start(); // 启动证书服务
+
   const {
     handleRouting,
     getRoutingRulesByDid,
@@ -141,10 +148,10 @@ function ABTNode(options) {
     getCertificates,
     getSitesFromSnapshot,
     getRoutingCrons,
-  } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager });
+    ensureDashboardCertificate,
+  } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager });
 
   const teamManager = new TeamManager({ nodeDid: options.nodeDid, dataDirs, states });
-
   const nodeAPI = new NodeAPI(states.node, blockletRegistry);
   const teamAPI = new TeamAPI({ states, teamManager });
 
@@ -311,6 +318,7 @@ function ABTNode(options) {
     takeRoutingSnapshot,
     getSitesFromSnapshot,
     ensureDashboardRouting,
+    ensureDashboardCertificate,
 
     addDomainAlias: routerManager.addDomainAlias.bind(routerManager),
     deleteDomainAlias: routerManager.deleteDomainAlias.bind(routerManager),
@@ -319,11 +327,13 @@ function ABTNode(options) {
     checkDomains: domainStatus.checkDomainsStatus.bind(domainStatus),
     handleRouting,
 
-    updateNginxHttpsCert: routerManager.updateNginxHttpsCert.bind(routerManager),
+    certManager,
+    updateNginxHttpsCert: certManager.update.bind(certManager), // TODO: 重命名：updateCert
     getCertificates,
-    addCertificate: routerManager.addCertificate.bind(routerManager),
-    deleteCertificate: routerManager.deleteCertificate.bind(routerManager),
-    findCertificateByDomain: routerManager.findCertificateByDomain.bind(routerManager),
+    addCertificate: certManager.add.bind(certManager),
+    deleteCertificate: certManager.remove.bind(certManager),
+    findCertificateByDomain: certManager.getByDomain.bind(certManager),
+    issueLetsEncryptCert: certManager.issue.bind(certManager),
 
     // Access Key
     getAccessKeys: states.accessKey.list.bind(states.accessKey),

package/lib/migrations/1.6.7-certificate.js

@@ -0,0 +1,30 @@
+module.exports = async ({ states, node, printInfo }) => {
+  printInfo('Migrate certificates...');
+  const certs = await states.certificate.find(
+    {},
+    {
+      domain: 1,
+      privateKey: 1,
+      certificate: 1,
+      createdAt: 1,
+      updatedAt: 1,
+    }
+  );
+
+  const tasks = certs.map((cert) => {
+    const data = {
+      _id: cert.id,
+      domain: cert.domain,
+      privateKey: cert.privateKey,
+      certificate: cert.certificate,
+      createdAt: cert.createdAt,
+      updatedAt: cert.updatedAt,
+      source: 'lets_encrypt',
+      status: 'generated',
+    };
+
+    return node.certManager.addWithoutValidations(data);
+  });
+
+  await Promise.all(tasks);
+};

package/lib/router/helper.js

@@ -21,15 +21,13 @@ const {
   NAME_FOR_WELLKNOWN_SITE,
   DEFAULT_HTTP_PORT,
   DEFAULT_HTTPS_PORT,
-  DAY_IN_MS,
   NODE_MODES,
   ROUTING_RULE_TYPES,
   CERTIFICATE_EXPIRES_OFFSET,
-  CERTIFICATE_EXPIRES_WARNING_OFFSET,
-  DEFAULT_DAEMON_PORT,
   DEFAULT_SERVICE_PATH,
   SLOT_FOR_IP_DNS_SITE,
   BLOCKLET_SITE_GROUP_SUFFIX,
+  WELLKNOWN_ACME_CHALLENGE_PREFIX,
 } = require('@abtnode/constant');
 const {
   BLOCKLET_DYNAMIC_PATH_PREFIX,
@@ -403,11 +401,10 @@ const decompressCertificates = async (source, dest) => {
   return dest;
 };
 
-module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager }) {
+module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager }) {
   const nodeState = states.node;
   const blockletState = states.blocklet;
   const siteState = states.site;
-  const httpsCertState = states.certificate;
   const notification = states.notification;
 
   // site level duplication detection
@@ -468,58 +465,105 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       const certificate = fs.readFileSync(certificateFilePath).toString();
       const privateKey = fs.readFileSync(privateKeyFilePath).toString();
 
-      await routerManager.updateNginxHttpsCert({ domain: dashboardDomain, privateKey, certificate, isProtected: true });
+      await certManager.upsertByDomain({
+        domain: dashboardDomain,
+        privateKey,
+        certificate,
+        isProtected: true,
+      });
       logger.info('dashboard certificate updated');
     } catch (error) {
-      logger.error('Update dashboard certificate failed', { error });
+      logger.error('update dashboard certificate failed', { error });
+      throw error;
     } finally {
       fs.removeSync(destFolder);
     }
   };
 
+  const ensureDashboardCertificate = async () => {
+    const info = await nodeState.read();
+    const downloadUrl = get(info, 'routing.dashboardCertDownloadAddress', '');
+    const dashboardDomain = get(info, 'routing.dashboardDomain', '');
+    if (!dashboardDomain || !downloadUrl) {
+      throw new Error('dashboardCertDownloadAddress and dashboardDomain are not found in the routing configs');
+    }
+
+    const cert = await certManager.getByDomain(dashboardDomain);
+    if (cert) {
+      return { status: 'existed' };
+    }
+
+    logger.debug('downloading certificate', { url: downloadUrl, dashboardDomain });
+    await updateDashboardCertificate({ checkExpire: false });
+    logger.debug('downloading certificate', { url: downloadUrl, dashboardDomain });
+    return { status: 'downloaded' };
+  };
+
   const addWellknownSite = async (sites, context) => {
     const site = (sites || []).find((x) => x.name === NAME_FOR_WELLKNOWN_SITE);
 
     try {
-      const pathPrefix = joinUrl(WELLKNOWN_PATH_PREFIX, '/did.json');
+      const info = await nodeState.read();
+      const proxyTarget = {
+        port: info.port,
+        type: ROUTING_RULE_TYPES.GENERAL_PROXY,
+        interfaceName: BLOCKLET_INTERFACE_WELLKNOWN,
+      };
+
       const didResolverWellknownRule = {
-        from: { pathPrefix },
-        to: {
-          port: DEFAULT_DAEMON_PORT,
-          type: ROUTING_RULE_TYPES.GENERAL_PROXY,
-          interfaceName: BLOCKLET_INTERFACE_WELLKNOWN,
-        },
+        from: { pathPrefix: joinUrl(WELLKNOWN_PATH_PREFIX, '/did.json') },
+        to: proxyTarget,
+      };
+
+      const acmeChallengeWellknownRule = {
+        from: { pathPrefix: WELLKNOWN_ACME_CHALLENGE_PREFIX },
+        to: proxyTarget,
       };
 
       if (site) {
-        if (site.rules.find((r) => r.from.pathPrefix === normalizePathPrefix(pathPrefix))) {
-          return false;
+        let changed = false;
+        const exists = (prefix) => !!site.rules.find((r) => r.from.pathPrefix === normalizePathPrefix(prefix));
+
+        if (!exists(didResolverWellknownRule.from.pathPrefix)) {
+          await routerManager.addRoutingRule(
+            {
+              id: site.id,
+              rule: didResolverWellknownRule,
+            },
+            context
+          );
+          changed = true;
         }
 
-        await routerManager.addRoutingRule(
-          {
-            id: site.id,
-            rule: didResolverWellknownRule,
-          },
-          context
-        );
-      } else {
-        await routerManager.addRoutingSite(
-          {
-            site: {
-              domain: DOMAIN_FOR_INTERNAL_SITE,
-              port: await getWellknownSitePort(),
-              name: NAME_FOR_WELLKNOWN_SITE,
-              rules: [didResolverWellknownRule],
-              isProtected: true,
+        if (!exists(acmeChallengeWellknownRule.from.pathPrefix)) {
+          await routerManager.addRoutingRule(
+            {
+              id: site.id,
+              rule: acmeChallengeWellknownRule,
             },
-            skipCheckDynamicBlacklist: true,
-            skipValidation: true,
-          },
-          context
-        );
+            context
+          );
+          changed = true;
+        }
+
+        return changed;
       }
 
+      await routerManager.addRoutingSite(
+        {
+          site: {
+            domain: DOMAIN_FOR_INTERNAL_SITE,
+            port: await getWellknownSitePort(),
+            name: NAME_FOR_WELLKNOWN_SITE,
+            rules: [didResolverWellknownRule, acmeChallengeWellknownRule],
+            isProtected: true,
+          },
+          skipCheckDynamicBlacklist: true,
+          skipValidation: true,
+        },
+        context
+      );
+
       return true;
     } catch (err) {
       console.error('add well-known site failed:', err);
@@ -533,7 +577,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
    *
    * @returns {boolean} if routing changed
    */
-  const ensureDashboardRouting = async (context = {}, output) => {
+  const ensureDashboardRouting = async (context = {}) => {
     const info = await nodeState.read();
 
     const provider = getProviderFromNodeInfo(info);
@@ -618,18 +662,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       updatedResult.push(wellknownRes);
     }
 
-    // Download dashboard certificates if not exists
-    const certDownloadAddress = get(info, 'routing.dashboardCertDownloadAddress', '');
-    if (dashboardDomain && certDownloadAddress) {
-      const cert = await routerManager.findCertificateByDomain(dashboardDomain);
-      if (!cert) {
-        await updateDashboardCertificate({ checkExpire: false });
-        if (typeof output === 'function') {
-          output('Dashboard HTTPS certificate was downloaded successfully!');
-        }
-      }
-    }
-
     if (updatedResult.length) {
       const hash = await takeRoutingSnapshot({ message: 'ensure dashboard routing rules', dryRun: false }, context);
       logger.info('take routing snapshot on ensure dashboard routing rules', { updatedResult, hash });
@@ -1068,9 +1100,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
             sites = await ensureAuthService(sites, blockletManager);
             sites = await ensureServiceRule(sites);
 
-            const certificates = httpsEnabled
-              ? await httpsCertState.find({ type: providerName }, { domain: 1, certificate: 1, privateKey: 1 })
-              : [];
+            const certificates = httpsEnabled ? await certManager.getAllNormal() : [];
 
             return {
               sites,
@@ -1093,9 +1123,9 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
         },
       });
 
-      routerManager.on('router.certificate.add', () => routers[providerName].restart());
-      routerManager.on('router.certificate.updated', () => routers[providerName].restart());
-      routerManager.on('router.certificate.remove', () => routers[providerName].restart());
+      certManager.on('cert.added', () => routers[providerName].restart());
+      certManager.on('cert.removed', () => routers[providerName].restart());
+      certManager.on('cert.issued', () => routers[providerName].restart());
 
       await routers[providerName].start();
     }
@@ -1257,18 +1287,21 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
   };
 
   const getCertificates = async () => {
-    const certificates = await httpsCertState.find();
+    const certificates = await certManager.getAll();
     const sites = await getSitesFromSnapshot();
+
+    const isMatch = (cert, domain) =>
+      domain !== DOMAIN_FOR_DEFAULT_SITE && domain && routerManager.isCertMatchedDomain(cert, domain);
+
     return certificates.map((cert) => {
       cert.matchedSites = [];
       sites.forEach((site) => {
-        if (
-          site.domain !== DOMAIN_FOR_DEFAULT_SITE &&
-          site.domain &&
-          routerManager.isCertMatchedDomain(cert, site.domain)
-        ) {
-          cert.matchedSites.push({ id: site.id, domain: site.domain });
-        }
+        const domains = [site.domain, ...(site.domainAliases || []).map((x) => x.value)];
+        domains.forEach((domain) => {
+          if (isMatch(cert, domain)) {
+            cert.matchedSites.push({ id: site.id, domain });
+          }
+        });
       });
 
       return cert;
@@ -1281,42 +1314,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     return { domain, isHttps: !!matchedCert, matchedCert };
   };
 
-  const checkCertificatesExpiration = async () => {
-    const now = Date.now();
-
-    const certificates = await getCertificates();
-    for (let i = 0; i < certificates.length; i++) {
-      const cert = certificates[i];
-      const alreadyExpired = now >= cert.validTo;
-      const aboutToExpire = cert.validTo - now > 0 && cert.validTo - now < CERTIFICATE_EXPIRES_WARNING_OFFSET;
-
-      if (alreadyExpired) {
-        logger.info('send certificate expire notification', { domain: cert.domain });
-        notification.create({
-          title: 'SSL Certificate Expired',
-          description: `Your SSL certificate for domain ${cert.domain} has expired, please update it in Blocklet Server`,
-          severity: 'error',
-          entityType: 'certificate',
-          entityId: cert._id, // eslint-disable-line no-underscore-dangle
-        });
-      } else if (aboutToExpire) {
-        logger.info('send certificate about-expire notification', { domain: cert.domain });
-        const expireInDays = Math.ceil((cert.validTo - now) / DAY_IN_MS);
-        notification.create({
-          title: 'SSL Certificate Expire Warning',
-          description: `Your SSL certificate for domain ${
-            cert.domain
-          } will expire in ${expireInDays} days (on ${new Date(
-            cert.validTo
-          ).toLocaleString()}), please remember to update it in Blocklet Server`,
-          severity: 'warning',
-          entityType: 'certificate',
-          entityId: cert._id, // eslint-disable-line no-underscore-dangle
-        });
-      }
-    }
-  };
-
   return {
     ensureDashboardRouting,
     ensureBlockletRouting,
@@ -1328,9 +1325,10 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
     takeRoutingSnapshot,
     getRoutingSites,
     getSnapshotSites,
-    getCertificates,
     getSitesFromSnapshot,
+    getCertificates,
     checkDomain,
+    ensureDashboardCertificate,
 
     getRoutingCrons: () => [
       {
@@ -1339,12 +1337,6 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
         fn: () => updateDashboardCertificate({ checkExpire: true }),
         options: { runOnInit: true },
       },
-      {
-        name: 'check-certificate-expiration',
-        time: '0 0 9 * * *', // check on 09:00 every day
-        fn: checkCertificatesExpiration,
-        options: { runOnInit: false },
-      },
       {
         name: 'rotate-log-files',
         time: '5 0 0 * * *', // rotate at 05:00 every day

package/lib/router/manager.js

@@ -70,8 +70,9 @@ const normalizeRedirectUrl = (url) => {
 };
 
 class RouterManager extends EventEmitter {
-  constructor() {
+  constructor({ certManager }) {
     super();
+    this.certManager = certManager;
 
     // HACK: do not emit any events from CLI
     if (isCLI()) {
@@ -366,7 +367,7 @@ class RouterManager extends EventEmitter {
       domain,
     });
     logger.info('add certificate result', { domain: newCert.domain });
-    this.emit('router.certificate.add', { type: 'nginx', data: newCert });
+    this.emit('cert.added', { type: 'nginx', data: newCert });
   }
 
   // eslint-disable-next-line no-unused-vars
@@ -379,7 +380,7 @@ class RouterManager extends EventEmitter {
     const removeResult = await states.certificate.remove({ _id: id });
 
     logger.info('delete certificate', { removeResult, domain: tmpCert.domain });
-    this.emit('router.certificate.remove', { type: 'nginx', data: { domain: tmpCert.domain } });
+    this.emit('cert.removed', { type: 'nginx', data: { domain: tmpCert.domain } });
     return {};
   }
 
@@ -389,7 +390,7 @@ class RouterManager extends EventEmitter {
     this.fixCertificate(entity);
     this.validateCertificate(entity, entity.domain);
     const dbEntity = await states.certificate.upsert(entity);
-    this.emit('router.certificate.updated', { type: 'nginx', data: dbEntity });
+    this.emit('cert.issued', { type: 'nginx', data: dbEntity });
   }
 
   findCertificateByDomain(domain) {
@@ -451,7 +452,7 @@ class RouterManager extends EventEmitter {
   }
 
   async getMatchedCert(domain) {
-    const certs = await states.certificate.find();
+    const certs = await this.certManager.getAll();
     const matchedCert = certs.find((cert) => this.isCertMatchedDomain(cert, domain));
 
     if (matchedCert) {

package/lib/states/base.js

@@ -1,234 +1,17 @@
-const fs = require('fs');
-const path = require('path');
-const util = require('util');
-const { EventEmitter } = require('events');
-const cloneDeep = require('lodash/cloneDeep');
-const DataStore =
-  process.env.NODE_ENV === 'test' ? require('@nedb/core') : require('@nedb/multi')(Number(process.env.NEDB_MULTI_PORT));
+const DB = require('@abtnode/db');
 const logger = require('@abtnode/logger')('@abtnode/core:states');
 
 const { isCLI } = require('../util');
 
-class BaseState extends EventEmitter {
+class BaseState extends DB {
   constructor(baseDir, options) {
-    super();
+    super(baseDir, options);
 
     // HACK: do not emit any events from CLI
     if (isCLI() && process.env.NODE_ENV !== 'test') {
       this.emit = (name) => logger.debug('stopped state db event in CLI', name);
     }
-
-    const dbOptions = options.db || {};
-    this.filename = path.join(baseDir, options.filename);
-    this.options = Object.freeze(cloneDeep(options));
-    this.db = new DataStore({
-      filename: this.filename,
-      timestampData: true,
-      ...dbOptions,
-    });
-
-    logger.info('initialized', { filename: this.filename });
-
-    this.ready = false;
-    this.readyCallbacks = [];
-    this.db.loadDatabase((err) => {
-      if (err) {
-        logger.error(`failed to load disk database ${this.filename}`, { error: err });
-        console.error(err);
-      } else {
-        this.ready = true;
-        if (this.readyCallbacks.length) {
-          this.readyCallbacks.forEach((x) => x());
-        }
-      }
-    });
-
-    this.asyncDB = new Proxy(this.db, {
-      get(target, property) {
-        if (typeof target[property] === 'function') {
-          return util
-            .promisify((...args) => {
-              const cb = args[args.length - 1];
-              const rest = args.slice(0, args.length - 1);
-
-              target[property](...rest, (err, ...result) => {
-                if (err) {
-                  return cb(err);
-                }
-
-                if (result.length === 1) {
-                  return cb(null, result[0]);
-                }
-
-                return cb(null, result);
-              });
-            })
-            .bind(target);
-        }
-
-        return target[property];
-      },
-    });
-  }
-
-  onReady(cb) {
-    if (this.ready) {
-      cb();
-    } else {
-      this.readyCallbacks.push(cb);
-    }
-  }
-
-  createNotification(payload) {
-    if (this.notification && typeof this.notification.create === 'function') {
-      this.notification.create(payload);
-    }
-  }
-
-  paginate(conditions, sort, paging) {
-    const { pageSize: size = 20, page = 1 } = paging || {};
-    const pageSize = Math.min(100, size);
-
-    return new Promise((resolve, reject) => {
-      this.db
-        .find(conditions)
-        .sort(sort)
-        .exec((err, docs) => {
-          if (err) {
-            return reject(err);
-          }
-
-          const pageCount = Math.ceil(docs.length / pageSize);
-          const total = docs.length;
-          const skip = (page - 1) * pageSize;
-          const list = docs.slice(skip, skip + pageSize);
-
-          list.forEach((doc) => {
-            // eslint-disable-next-line no-underscore-dangle
-            doc.id = doc._id;
-          });
-
-          return resolve({
-            list,
-            paging: {
-              total,
-              pageSize,
-              pageCount,
-              page,
-            },
-          });
-        });
-    });
-  }
-
-  async updateById(id, updates, options = {}) {
-    const [, doc] = await this.asyncDB.update({ _id: id }, updates, {
-      multi: false,
-      upsert: false,
-      returnUpdatedDocs: true,
-      ...options,
-    });
-
-    return doc;
-  }
-
-  update(...args) {
-    if (args.length === 0) {
-      throw new Error('param is required by update method');
-    }
-
-    if (typeof args[0] === 'string') {
-      return this.updateById(...args);
-    }
-
-    return this.asyncDB.update(args[0], args[1], { returnUpdatedDocs: true, ...(args[2] || {}) });
-  }
-
-  count(conditions = {}) {
-    return new Promise((resolve, reject) => {
-      this.db.count(conditions, (err, num) => {
-        if (err) {
-          return reject(err);
-        }
-
-        return resolve(num);
-      });
-    });
-  }
-
-  remove(conditions = {}, options = { multi: false }) {
-    return new Promise((resolve, reject) => {
-      this.db.remove(conditions, options, (err, num) => {
-        if (err) {
-          return reject(err);
-        }
-
-        return resolve(num);
-      });
-    });
-  }
-
-  reset() {
-    fs.unlinkSync(this.filename);
-  }
-
-  find(...args) {
-    if (args.length === 0) {
-      return this.asyncDB.find({});
-    }
-
-    return this.asyncDB.find(...args);
-  }
-
-  findOne(...args) {
-    if (args.length === 0) {
-      return this.asyncDB.findOne({});
-    }
-
-    return this.asyncDB.findOne(...args);
-  }
-
-  insert(...args) {
-    return this.asyncDB.insert(...args);
-  }
-
-  compactDatafile() {
-    this.db.persistence.compactDatafile((err) => {
-      if (err) {
-        console.error(`failed to compact datafile: ${this.filename}`, err);
-      }
-    });
   }
 }
 
-/**
- * Rename _id field name to id, this method has side effects
- * @param {object} entities
- */
-const renameIdFiledName = (entities, from = '_id', to = 'id') => {
-  /* eslint-disable  no-underscore-dangle, no-param-reassign */
-
-  if (!entities) {
-    return entities;
-  }
-
-  const mapEntity = (entity) => {
-    if (entity[from]) {
-      entity[to] = entity[from];
-      delete entity[from];
-    }
-  };
-
-  if (!Array.isArray(entities)) {
-    mapEntity(entities);
-    return entities;
-  }
-
-  entities.forEach(mapEntity);
-
-  return entities;
-};
-
-BaseState.renameIdFiledName = renameIdFiledName;
-
 module.exports = BaseState;

package/lib/states/index.js

@@ -1,4 +1,4 @@
-const BaseState = require('./base');
+const stateFactory = require('@abtnode/db/lib/factory');
 const NodeState = require('./node');
 const ChallengeState = require('./challenge');
 const BlockletState = require('./blocklet');
@@ -12,8 +12,6 @@ const SessionState = require('./session');
 const ExtrasState = require('./blocklet-extras');
 const CacheState = require('./cache');
 
-const states = {};
-
 const init = (dataDirs, options) => {
   const notificationState = new NotificationState(dataDirs.core, options);
   const nodeState = new NodeState(dataDirs.core, options, dataDirs, notificationState);
@@ -28,7 +26,7 @@ const init = (dataDirs, options) => {
   const extrasState = new ExtrasState(dataDirs.core, options);
   const cacheState = new CacheState(dataDirs.core, options);
 
-  Object.assign(states, {
+  return {
     node: nodeState,
     blocklet: blockletState,
     notification: notificationState,
@@ -41,22 +39,7 @@ const init = (dataDirs, options) => {
     session: sessionState,
     blockletExtras: extrasState,
     cache: cacheState,
-  });
+  };
 };
 
-module.exports = new Proxy(
-  {},
-  {
-    get(target, prop) {
-      if (prop === 'init') {
-        return init;
-      }
-
-      if (states[prop] instanceof BaseState) {
-        return states[prop];
-      }
-
-      throw new Error(`State ${String(prop)} may not be initialized`);
-    },
-  }
-);
+module.exports = stateFactory(init);

package/lib/states/node.js

@@ -1,4 +1,5 @@
 /* eslint-disable no-underscore-dangle */
+const semver = require('semver');
 const omit = require('lodash/omit');
 const isEqual = require('lodash/isEqual');
 const isEmpty = require('lodash/isEmpty');
@@ -163,7 +164,7 @@ class NodeState extends BaseState {
 
   cleanupDirtyUpgradeState() {
     return this.read().then((doc) => {
-      if (doc.nextVersion === doc.version) {
+      if (doc.nextVersion && semver.lte(doc.nextVersion, doc.version)) {
         const updates = { nextVersion: '', upgradeSessionId: '' };
 
         // FIXME: this may cause the node exit some mode unexpectedly if it is not being upgraded

package/lib/util/index.js

@@ -332,6 +332,8 @@ const getDataDirs = (dataDir) => ({
   tmp: path.join(dataDir, 'tmp'),
   blocklets: path.join(dataDir, 'blocklets'),
   services: path.join(dataDir, 'services'),
+  modules: path.join(dataDir, 'modules'),
+  certManagerModule: path.join(dataDir, 'modules', 'certificate-manager'),
 });
 
 // Ensure data dir for Blocklet Server exists

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.6",
+  "version": "1.6.7",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,26 +19,28 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.6.6",
-    "@abtnode/cron": "1.6.6",
-    "@abtnode/logger": "1.6.6",
-    "@abtnode/queue": "1.6.6",
-    "@abtnode/rbac": "1.6.6",
-    "@abtnode/router-provider": "1.6.6",
-    "@abtnode/static-server": "1.6.6",
-    "@abtnode/timemachine": "1.6.6",
-    "@abtnode/util": "1.6.6",
-    "@arcblock/did": "^1.13.77",
-    "@arcblock/event-hub": "1.13.77",
+    "@abtnode/certificate-manager": "1.6.7",
+    "@abtnode/constant": "1.6.7",
+    "@abtnode/cron": "1.6.7",
+    "@abtnode/db": "1.6.7",
+    "@abtnode/logger": "1.6.7",
+    "@abtnode/queue": "1.6.7",
+    "@abtnode/rbac": "1.6.7",
+    "@abtnode/router-provider": "1.6.7",
+    "@abtnode/static-server": "1.6.7",
+    "@abtnode/timemachine": "1.6.7",
+    "@abtnode/util": "1.6.7",
+    "@arcblock/did": "^1.13.79",
+    "@arcblock/event-hub": "1.13.79",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "^1.13.77",
-    "@blocklet/meta": "1.6.6",
+    "@arcblock/vc": "^1.13.79",
+    "@blocklet/meta": "1.6.7",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.2.2",
     "@nedb/multi": "^1.2.2",
-    "@ocap/mcrypto": "^1.13.77",
-    "@ocap/util": "^1.13.77",
-    "@ocap/wallet": "^1.13.77",
+    "@ocap/mcrypto": "^1.13.79",
+    "@ocap/util": "^1.13.79",
+    "@ocap/wallet": "^1.13.79",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.21.4",
     "axon": "^2.0.3",
@@ -51,7 +53,7 @@
     "is-base64": "^1.1.0",
     "is-ip": "^3.1.0",
     "is-url": "^1.2.4",
-    "joi": "^17.4.0",
+    "joi": "^17.5.0",
     "js-yaml": "^3.14.0",
     "lodash": "^4.17.21",
     "lru-cache": "^6.0.0",
@@ -71,7 +73,7 @@
     "compression": "^1.7.4",
     "expand-tilde": "^2.0.2",
     "express": "^4.17.1",
-    "jest": "^27.3.1"
+    "jest": "^27.4.5"
   },
-  "gitHead": "59b5e0b6f2f0e8e27aa4a50722866beda6f91b84"
+  "gitHead": "d681c03a398e3c7d4dbc878db93b2ab778dded81"
 }