npm - @abtnode/core - Versions diffs - 1.7.9 → 1.7.12 - Mend

@abtnode/core 1.7.9 → 1.7.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/lib/api/node.js +7 -1
package/lib/api/team.js +2 -2
package/lib/blocklet/manager/disk.js +153 -91
package/lib/blocklet/registry.js +6 -2
package/lib/cert.js +14 -0
package/lib/event.js +9 -0
package/lib/index.js +41 -9
package/lib/migrations/1.7.12-blocklet-meta.js +51 -0
package/lib/router/index.js +8 -1
package/lib/router/manager.js +3 -3
package/lib/states/README.md +31 -1
package/lib/states/audit-log.js +382 -0
package/lib/states/blocklet.js +9 -7
package/lib/states/index.js +3 -0
package/lib/states/node.js +8 -0
package/lib/util/blocklet.js +103 -45
package/lib/util/index.js +37 -7
package/lib/util/ip.js +6 -0
package/lib/util/rpc.js +16 -0
package/lib/util/ua.js +54 -0
package/lib/util/upgrade.js +3 -15
package/lib/validators/node.js +13 -0
package/package.json +21 -21
package/lib/util/service.js +0 -81

package/lib/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 const fs = require('fs');
 const path = require('path');
 const md5 = require('@abtnode/util/lib/md5');
+const formatContext = require('@abtnode/util/lib/format-context');
 const Cron = require('@abtnode/cron');
 const logger = require('@abtnode/logger')('@abtnode/core');
@@ -10,6 +11,7 @@ const {
   fromBlockletSource,
   toBlockletSource,
 } = require('@blocklet/meta/lib/constants');
+const { getServiceMetas } = require('@blocklet/meta/lib/service');
 const { listProviders } = require('@abtnode/router-provider');
 const { DEFAULT_CERTIFICATE_EMAIL, EVENTS } = require('@abtnode/constant');
@@ -29,14 +31,13 @@ const IP = require('./util/ip');
 const DomainStatus = require('./util/domain-status');
 const Upgrade = require('./util/upgrade');
 const resetNode = require('./util/reset-node');
-const { getServices } = require('./util/service');
 const DiskMonitor = require('./util/disk-monitor');
 const createQueue = require('./queue');
 const createEvents = require('./event');
 const pm2Events = require('./blocklet/manager/pm2-events');
 const { createStateReadyQueue, createStateReadyHandler } = require('./util/ready');
 const { getSysInfo, SysInfoEmitter } = require('./util/sysinfo');
-const { toStatus, fromStatus, ensureDataDirs, getQueueConcurrencyByMem } = require('./util');
+const { toStatus, fromStatus, ensureDataDirs, getQueueConcurrencyByMem, getStateCrons } = require('./util');
 /**
  * @param {object} options
@@ -243,9 +244,9 @@ function ABTNode(options) {
     getNodeInfo: nodeAPI.getInfo.bind(nodeAPI),
     getNodeEnv: nodeAPI.getEnv.bind(nodeAPI),
     updateNodeInfo: nodeAPI.updateNodeInfo.bind(nodeAPI),
-    addBlockletRegistry: nodeAPI.addRegistry.bind(nodeAPI),
-    deleteBlockletRegistry: nodeAPI.deleteRegistry.bind(nodeAPI),
-    selectBlockletRegistry: nodeAPI.selectRegistry.bind(nodeAPI),
+    addBlockletStore: nodeAPI.addRegistry.bind(nodeAPI),
+    deleteBlockletStore: nodeAPI.deleteRegistry.bind(nodeAPI),
+    selectBlockletStore: nodeAPI.selectRegistry.bind(nodeAPI),
     cleanupDirtyUpgradeState: states.node.cleanupDirtyUpgradeState.bind(states.node),
     addNodeOwner: states.node.addNodeOwner.bind(states.node),
     updateNodeRouting,
@@ -253,6 +254,9 @@ function ABTNode(options) {
     resetNode: (params, context) =>
       resetNode({ params, context, blockletManager, routerManager, takeRoutingSnapshot, teamManager, certManager }),
+    // Gateway
+    updateGateway: nodeAPI.updateGateway.bind(nodeAPI),
     // Team && Access control
     // Invitation
@@ -314,6 +318,10 @@ function ABTNode(options) {
     readNotifications: states.notification.read.bind(states.notification),
     unreadNotifications: states.notification.unread.bind(states.notification),
+    // AuditLog
+    createAuditLog: (params) => states.auditLog.create(params, instance),
+    getAuditLogs: states.auditLog.find.bind(states.auditLog),
     // Routing
     routerManager,
     addRoutingSite: routerManager.addRoutingSite.bind(routerManager),
@@ -339,7 +347,7 @@ function ABTNode(options) {
     handleRouting,
     certManager,
-    updateNginxHttpsCert: certManager.update.bind(certManager), // TODO: 重命名：updateCert
+    updateCertificate: certManager.update.bind(certManager),
     getCertificates,
     addCertificate: certManager.add.bind(certManager),
     deleteCertificate: certManager.remove.bind(certManager),
@@ -377,7 +385,7 @@ function ABTNode(options) {
     endSession: (params, context) => states.session.end(params.id, context),
     // Services
-    getServices: (params, context) => getServices({ stringifySchema: true }, context),
+    getServices: (params, context) => getServiceMetas({ stringifySchema: true }, context),
     // Utilities: moved here because some deps require native build
     getSysInfo,
@@ -397,6 +405,7 @@ function ABTNode(options) {
         ...getRoutingCrons(),
         ...blockletManager.getCrons(),
         DiskMonitor.getCron(),
+        ...getStateCrons(states),
       ],
       onError: (error, name) => {
         states.notification.create({
@@ -410,22 +419,45 @@ function ABTNode(options) {
     });
   };
+  const createCLILog = (action) => {
+    instance
+      .createAuditLog(
+        {
+          action,
+          args: {},
+          context: formatContext({
+            user: { fullName: 'CLI', role: 'self', did: options.nodeDid },
+            headers: { 'user-agent': 'CLI' },
+          }),
+          result: null,
+        },
+        instance
+      )
+      .catch(console.error);
+  };
   if (options.daemon) {
-    certManager.start(); // 启动证书服务
+    // 启动证书服务
+    certManager
+      .start()
+      .then(() => logger.info('start certificate manager service successfully'))
+      .catch((error) => logger.error('start certificate manager service failed', { error }));
     if (process.env.NODE_ENV === 'development') {
       initCron();
     } else {
       // We should only respond to pm2 events when node is alive
-      events.on(EVENTS.NODE_STARTED, async () => {
+      events.on(EVENTS.NODE_STARTED, () => {
         pm2Events.resume();
         initCron();
+        createCLILog('startServer');
       });
     }
   }
   events.on(EVENTS.NODE_STOPPED, () => {
     pm2Events.pause();
+    createCLILog('stopServer');
   });
   return Object.assign(events, {

package/lib/migrations/1.7.12-blocklet-meta.js ADDED Viewed

@@ -0,0 +1,51 @@
+/* eslint-disable no-continue */
+/* eslint-disable no-await-in-loop */
+/* eslint-disable no-underscore-dangle */
+module.exports = async ({ states, printInfo }) => {
+  printInfo('Try to update blocklet server to 1.7.12...');
+  const blocklets = await states.blocklet.getBlocklets();
+  for (const blocklet of blocklets) {
+    let changed = false;
+    if (!blocklet.meta.bundleDid) {
+      blocklet.meta.bundleDid = blocklet.meta.did;
+      blocklet.meta.bundleName = blocklet.meta.name;
+      changed = true;
+    }
+    (blocklet.children || []).forEach((child) => {
+      if (!child.meta.bundleDid) {
+        child.meta.bundleDid = child.meta.did;
+        child.meta.bundleName = child.meta.name;
+        changed = true;
+      }
+    });
+    if (changed) {
+      await states.blocklet.updateBlocklet(blocklet.meta.did, { meta: blocklet.meta, children: blocklet.children });
+      printInfo(`Blocklet meta in blocklet.db updated: ${blocklet.meta.did}`);
+    }
+  }
+  const blockletExtras = await states.blockletExtras.find({});
+  for (const extra of blockletExtras) {
+    let changed = false;
+    const children = await states.blockletExtras.getSettings(extra.did, 'children', []);
+    (children || []).forEach((child) => {
+      if (!child.meta.bundleDid) {
+        child.meta.bundleDid = child.meta.did;
+        child.meta.bundleName = child.meta.name;
+        changed = true;
+      }
+    });
+    if (changed) {
+      await states.blockletExtras.setSettings(extra.did, { children });
+      printInfo(`Blocklet dynamic component meta in blocklet_extra.db updated: ${extra.did}`);
+    }
+  }
+};

package/lib/router/index.js CHANGED Viewed

@@ -8,6 +8,7 @@ const {
   DEFAULT_IP_DOMAIN,
   BLOCKLET_PROXY_PATH_PREFIX,
   BLOCKLET_SITE_GROUP_SUFFIX,
+  GATEWAY_REQ_LIMIT,
 } = require('@abtnode/constant');
 const { BLOCKLET_UI_INTERFACES } = require('@blocklet/meta/lib/constants');
 const logger = require('@abtnode/logger')('@abtnode/core:router');
@@ -107,12 +108,18 @@ class Router {
     logger.info('updateRoutingTable routingTable:', { routingTable: this.routingTable });
     logger.info('updateRoutingTable certificates:', { certificates: certificates.map((item) => item.domain) });
+    const requestLimit = nodeInfo.routing.requestLimit || { enable: false, rate: GATEWAY_REQ_LIMIT.min };
+    if (requestLimit.enabled) {
+      requestLimit.maxInstantRate = requestLimit.rate >= 20 ? 20 : requestLimit.rate + 20;
+    }
     await this.provider.update({
       routingTable: this.routingTable,
       certificates,
-      globalHeaders: headers,
+      commonHeaders: headers,
       services,
       nodeInfo: pick(nodeInfo, ['name', 'version', 'port', 'mode', 'enableWelcomePage', 'routing']),
+      requestLimit,
     });
   }

package/lib/router/manager.js CHANGED Viewed

@@ -222,7 +222,7 @@ class RouterManager extends EventEmitter {
     }
     // let custom domain in front of protected domain
-    const domainAliases = [{ value: domainAlias, isProtected: false }, ...dbSite.domainAliases];
+    const domainAliases = [{ value: domainAlias, isProtected: false }, ...(dbSite.domainAliases || [])];
     const updateResult = await states.site.update({ _id: id }, { $set: { domainAliases } });
     logger.debug('add domain alias update result', { id, updateResult, domainAlias });
@@ -420,7 +420,7 @@ class RouterManager extends EventEmitter {
   }
   async getMatchedCert(domain) {
-    const certs = await this.certManager.getAll();
+    const certs = await this.certManager.getAllNormal();
     const matchedCert = certs.find((cert) => this.isCertMatchedDomain(cert, domain));
     if (matchedCert) {
@@ -546,7 +546,7 @@ class RouterManager extends EventEmitter {
       getRoutingParams: async () => ({
         sites: await ensureLatestInfo(sites),
         certificates,
-        globalHeaders: get(info, 'routing.headers', {}),
+        commonHeaders: get(info, 'routing.headers', {}),
         services: [], // TODO: do we need to add some item here?
         nodeInfo: info,
       }),

package/lib/states/README.md CHANGED Viewed

@@ -1,3 +1,33 @@
 # State DB
-All ABT Node states are managed by files in this folder.
+All Blocklet Server states are managed by files in this folder.
+## blocklet
+- `meta` meta of bundle _defined in @blocklet/meta/schema_
+  - `did`, `name`: component id, default from source meta, can be changed before install
+  - `title`, `description`: component info, default from source meta, can be changed before install
+  - `bundleDdid`, `bundleName`: bundle id, copy from source meta
+  - `version`: component version
+  - `price`: used for charging
+  - `logo`: component logo
+  - `logoUrl`: component logo (from store)
+  - `interfaces`: for resolving: runtime port; service config; web base prefix; api base prefix
+  - `environments`: component environment
+  - `scripts`: for hook of component lifecycle
+  - `engine`, `timeout`, `group`, `main`: related to process startup
+  - `dist`: bundle source
+- `source`: type of bundle source
+- `deployedFrom`: information of bundle source
+- `sourceUrl`: url of bundle source
+- `appDid`: app instance id _app only_
+- `status`, `startedAt`, `installedAt`, `stoppedAt` app status
+- `deletedAt` _component only_
+- `mode` app mode
+- `ports` runtime port resolved from meta
+  - `<ENV_NAME>`: `<port number>`
+- `environments[]`: env variables generated by server, e.g. BLOCKLET_APP_SK, BLOCKLET_APP_DID
+  - `<key>`: `<value>`
+- `children`: component of app, same structure as parent, can be nested
+- `mountPoint` mount path of web site. _component only_
+- `dynamic` is dynamically added. _component only_

package/lib/states/audit-log.js ADDED Viewed

@@ -0,0 +1,382 @@
+/* eslint-disable no-async-promise-executor */
+const pick = require('lodash/pick');
+const get = require('lodash/get');
+const { getDisplayName } = require('@blocklet/meta/lib/util');
+const { BLOCKLET_SITE_GROUP_SUFFIX } = require('@abtnode/constant');
+const logger = require('@abtnode/logger')('@abtnode/core:states:audit-log');
+const BaseState = require('./base');
+const { parse } = require('../util/ua');
+const { lookup } = require('../util/ip');
+const getServerInfo = (info) => `[${info.name}](${info.routing.adminPath}/settings/about)`;
+const getBlockletInfo = (blocklet, info) => `[${getDisplayName(blocklet)} v${blocklet.meta.version}](${info.routing.adminPath}/blocklets/${blocklet.meta.did})`; // prettier-ignore
+const expandTeam = async (teamDid, info, node) => {
+  if (!teamDid) {
+    return '';
+  }
+  if (teamDid === info.did) {
+    return getServerInfo(info);
+  }
+  const { blocklet } = node.states;
+  const doc = await blocklet.getBlocklet(teamDid);
+  return doc ? getBlockletInfo(doc, info) : '';
+};
+const expandSite = async (siteId, info, node) => {
+  if (!siteId) {
+    return '';
+  }
+  const { blocklet, site } = node.states;
+  const doc = await site.findOne({ _id: siteId });
+  if (!doc) {
+    return '';
+  }
+  if (doc.domain === '*') {
+    return 'default site';
+  }
+  if (doc.domain === '') {
+    return getServerInfo(info);
+  }
+  if (doc.domain.endsWith(BLOCKLET_SITE_GROUP_SUFFIX)) {
+    const tmp = await blocklet.getBlocklet(doc.domain.replace(BLOCKLET_SITE_GROUP_SUFFIX, ''));
+    return tmp ? getBlockletInfo(tmp, info) : '';
+  }
+  return '';
+};
+const expandUser = async (teamDid, userDid, passportId, info, node) => {
+  if (!teamDid || !userDid) {
+    return ['', ''];
+  }
+  const user = await node.getUser({ teamDid, user: { did: userDid } });
+  if (!user) {
+    return ['', ''];
+  }
+  const passport = user.passports.find((x) => x.id === passportId);
+  if (teamDid === info.did) {
+    return [`[${user.fullName}](${info.routing.adminPath}/team/members)`, passport ? passport.name : ''];
+  }
+  return [`[${user.fullName}](${info.routing.adminPath}/blocklets/${teamDid}/members)`, passport ? passport.name : ''];
+};
+/**
+ * Create log content in markdown format
+ *
+ * @param {string} action - GraphQL query/mutation name
+ * @param {object} args - GraphQL arguments
+ * @param {object} context - request context: user, ip, user-agent, etc.
+ * @param {object} result - GraphQL resolve result
+ * @param {object} info - server info
+ * @param {object} node - server instance
+ * @return {string} the generated markdown source
+ */
+const getLogContent = async (action, args, context, result, info, node) => {
+  const [team, site, [user, passport]] = await Promise.all([
+    expandTeam(args.teamDid, info, node),
+    expandSite(args.id, info, node),
+    expandUser(args.teamDid, args.userDid || get(args, 'user.did') || args.ownerDid, args.passportId, info, node),
+  ]);
+  switch (action) {
+    // blocklets
+    case 'installBlocklet':
+      return `installed blocklet ${getBlockletInfo(result, info)} from ${result.deployedFrom}`;
+    case 'startBlocklet':
+      return `started blocklet ${getBlockletInfo(result, info)}`;
+    case 'restartBlocklet':
+      return `restarted blocklet ${getBlockletInfo(result, info)}`;
+    case 'reloadBlocklet':
+      return `reloaded blocklet ${getBlockletInfo(result, info)}`;
+    case 'stopBlocklet':
+      return `stopped blocklet ${getBlockletInfo(result, info)}`;
+    case 'resetBlocklet':
+      return `reset blocklet ${getBlockletInfo(result, info)} data and config`;
+    case 'deleteBlocklet':
+      return `removed blocklet ${getBlockletInfo(result, info)} ${args.keepData ? 'but kept its data and config' : 'and its data and config'}`; // prettier-ignore
+    case 'installComponent':
+      return `added component from ${args.file ? 'Upload' : args.url} at **${args.mountPoint}** to ${getBlockletInfo(result, info)}`; // prettier-ignore
+    case 'deleteComponent':
+      return `removed component ${args.did} from blocklet ${getBlockletInfo(result, info)}`;
+    case 'configBlocklet':
+      return `updated following ${args.childDid ? `child ${args.childDid}` : ''} config for blocklet ${getBlockletInfo(result, info)}:\n${args.configs.map(x => `- ${x.key}: ${x.value}\n`)}`; // prettier-ignore
+    case 'upgradeBlocklet':
+      return `upgraded blocklet ${getBlockletInfo(result, info)} to v${result.meta.version}`;
+    case 'updateChildBlocklets':
+      return `upgraded components for blocklet ${getBlockletInfo(result, info)}`;
+    // store
+    case 'addBlockletStore':
+      return `added blocklet store ${args.url}`;
+    case 'deleteBlockletStore':
+      return `removed blocklet store ${args.url}`;
+    case 'selectBlockletStore':
+      return `selected blocklet store ${args.url}`;
+    // teams: members/passports
+    case 'addUser':
+      if (args.passport) {
+        return `${args.reason} and received **${args.passport.name}** passport from ${team}`;
+      }
+      return `joined team ${team} by ${args.reason}`;
+    case 'updateUser':
+      return `${args.reason} and received **${args.passport.name}** passport from ${team}`;
+    case 'configWhoCanAccess':
+      return `updated access control policy to **${args.value}** for ${team} when ${args.reason}`;
+    case 'configPassportIssuance':
+      return `${args.enabled ? 'enabled' : 'disabled'} passport issuance for ${team}`;
+    case 'createPassportIssuance':
+      return `issued **${args.name}** passport to ${user} for ${team}, issuance id: ${result.id}`;
+    case 'processPassportIssuance':
+      return `claimed passport **${args.name}** from ${team}, issuance id: ${args.sessionId}`;
+    case 'revokeUserPassport':
+      return `revoked **${passport}** passport of user ${user} for ${team}`;
+    case 'enableUserPassport':
+      return `enabled **${passport}** passport of user ${user} for ${team}`;
+    case 'updateUserApproval':
+      return `${args.user.approved ? 'enabled' : 'disabled'} user ${user} for ${team}`;
+    case 'deletePassportIssuance':
+      return `removed passport issuance ${args.sessionId} from ${team}`;
+    case 'createInvitation':
+      return `created member invitation(${result.inviteId}: ${args.remark}) with **${args.role}** passport for ${team}`; // prettier-ignore
+    case 'deleteInvitation':
+      return `removed unused member invitation(${args.inviteId}) from ${team}`;
+    case 'createRole':
+      return `created passport ${args.name}(${args.title}) for ${team}`;
+    case 'updateRole':
+      return `updated passport ${args.role.name}(${args.role.title}) for ${team}`;
+    case 'updatePermissionsForRole':
+      return `granted following permissions to passport ${args.roleName} for ${team}: \n${args.grantNames.map(x => `- ${x}`).join('\n')}`; // prettier-ignore
+    case 'configTrustedPassports':
+      if (args.trustedPassports.length === 0) {
+        return `removed all trusted passport issuers for ${team}`;
+      }
+      return `updated trusted passport issuers to following for ${team}: \n${args.trustedPassports.map(x => `- ${x.remark}: ${x.issuerDid}`).join('\n')}`; // prettier-ignore
+    // accessKeys
+    case 'createAccessKey':
+      return `created access key ${result.accessKeyId} with passport ${args.passport}: ${args.remark}`;
+    case 'updateAccessKey':
+      return `updated access key ${result.accessKeyId} with following changes:\n - passport: ${args.passport}\n - remark: ${args.remark}`; // prettier-ignore
+    case 'deleteAccessKey':
+      return `deleted access key ${args.accessKeyId}`; // prettier-ignore
+    // integrations
+    case 'createWebHook':
+      return `added integration ${result._id}: \n- type: ${args.type}\n${args.params.map(x => `- ${x.name}: ${x.value}`).join('\n')}`; // prettier-ignore
+    case 'deleteWebHook':
+      return `deleted integration ${args.id}`;
+    // server
+    case 'updateNodeInfo':
+      return `updated basic server settings: \n${Object.keys(args).map(x => `- ${x}: ${args[x]}`).join('\n')}`; // prettier-ignore
+    case 'upgradeNodeVersion':
+      return `triggered server upgrade to ${info.nextVersion}`;
+    case 'startServer':
+      return 'server was started';
+    case 'stopServer':
+      return 'server was stopped';
+    // certificates
+    case 'addCertificate':
+      return `added certificate #${args.id}, domain ${result.domain}`;
+    case 'deleteCertificate':
+      return `deleted certificate #${args.id}`;
+    case 'updateCertificate':
+      return `updated certificate #${args.id}`;
+    case 'issueLetsEncryptCert':
+      return `tried to issue lets encrypt certificate for domain **${args.domain}**, ticket: ${result._id}`;
+    // router
+    case 'addDomainAlias':
+      return `added extra domain **${args.domainAlias}** to ${site}`; // prettier-ignore
+    case 'deleteDomainAlias':
+      return `removed extra domain **${args.domainAlias}** from ${site}`; // prettier-ignore
+    case 'updateGateway': {
+      let message = args.requestLimit.enabled ? `status: enabled, rate: ${args.requestLimit.rate}` : 'status: disabled';
+      message = `update gateway. ${message}`;
+      return message;
+    }
+    default:
+      return action;
+  }
+};
+const getLogCategory = (action) => {
+  switch (action) {
+    // blocklets
+    case 'installBlocklet':
+    case 'installComponent':
+    case 'startBlocklet':
+    case 'restartBlocklet':
+    case 'reloadBlocklet':
+    case 'stopBlocklet':
+    case 'resetBlocklet':
+    case 'deleteBlocklet':
+    case 'deleteComponent':
+    case 'configBlocklet':
+    case 'upgradeBlocklet':
+    case 'updateChildBlocklets':
+      return 'blocklet';
+    // store
+    case 'addBlockletStore':
+    case 'deleteBlockletStore':
+    case 'selectBlockletStore':
+      return 'server';
+    // teams: members/passports
+    case 'addUser':
+    case 'updateUser':
+    case 'configWhoCanAccess':
+    case 'processPassportIssuance':
+    case 'configPassportIssuance':
+    case 'createPassportIssuance':
+    case 'deletePassportIssuance':
+    case 'revokeUserPassport':
+    case 'enableUserPassport':
+    case 'updateUserApproval':
+    case 'createInvitation':
+    case 'deleteInvitation':
+    case 'createRole':
+    case 'updateRole':
+    case 'updatePermissionsForRole':
+    case 'configTrustedPassports':
+      return 'team';
+    // accessKeys
+    case 'createAccessKey':
+    case 'updateAccessKey':
+    case 'deleteAccessKey':
+      return 'security';
+    // integrations
+    case 'createWebHook':
+    case 'deleteWebHook':
+      return 'integrations';
+    // server
+    case 'updateNodeInfo':
+    case 'upgradeNodeVersion':
+    case 'startServer':
+    case 'stopServer':
+      return 'server';
+    // certificates
+    case 'addCertificate':
+    case 'deleteCertificate':
+    case 'updateCertificate':
+    case 'issueLetsEncryptCert':
+      return 'certificates';
+    case 'updateGateway':
+      return 'gateway';
+    default:
+      return '';
+  }
+};
+class AuditLogState extends BaseState {
+  constructor(baseDir, options = {}) {
+    super(baseDir, { filename: 'audit-log.db', ...options });
+  }
+  /**
+   * Create new audit log
+   *
+   * @param {string} action the api name
+   * @param {object} args the api args
+   * @param {object} result the api result
+   * @param {object} context the log context
+   * {
+      protocol: 'http',
+      user: {
+        meta: 'profile',
+        fullName: 'wangshijun',
+        email: 'shijun@arcblock.io',
+        type: 'profile',
+        did: 'z1jq5bGF64wnZiy29EbRyuQqUxmRHmSdt1Q',
+        pk: 'zHTcKwgi9DK8US8QQY9K7wQ3qF79CtrWYn6BYAgTQUeVQ',
+        passports: [ [Object] ],
+        approved: true,
+        locale: 'en',
+        firstLoginAt: '2022-04-27T22:55:51.788Z',
+        lastLoginAt: '2022-04-27T22:55:51.788Z',
+        _id: 'dvOIJJVUJHGxnWBU',
+        createdAt: '2022-04-27T22:55:51.789Z',
+        updatedAt: '2022-04-27T22:55:51.789Z',
+        role: 'owner',
+        passportId: 'z2iTzSDhwGQFtYXeya8kqCyXro1tRkwUuwN6K'
+      },
+      url: '/api/gql?locale=en',
+      query: { locale: 'en' },
+      hostname: '192.168.123.236',
+      port: 0,
+      ip: '127.0.0.1'
+    }
+   * @return {object} new doc
+   */
+  create({ action, args, context, result }, node) {
+    return new Promise(async (resolve) => {
+      // Do not store secure configs in audit log
+      if (Array.isArray(args.configs)) {
+        args.configs.forEach((x) => {
+          if (x.secure) {
+            x.value = '******';
+          }
+        });
+      }
+      try {
+        const { ip, ua, user } = context;
+        const [info, geoInfo, uaInfo] = await Promise.all([node.states.node.read(), lookup(ip), parse(ua)]);
+        const data = await this.asyncDB.insert({
+          scope: args.teamDid || info.did, // server or blocklet did
+          action,
+          category: await getLogCategory(action, args, context, result, info, node),
+          content: (await getLogContent(action, args, context, result, info, node)).trim(),
+          actor: pick(user.actual || user, ['did', 'fullName', 'role']),
+          extra: args,
+          env: pick(uaInfo, ['browser', 'os', 'device']),
+          geo: pick(geoInfo || { country: '', city: '' }, ['country', 'city']),
+          ip,
+          ua,
+        });
+        logger.info('create', data);
+        return resolve(data);
+      } catch (err) {
+        logger.error('create error', { error: err, action, args, context });
+        return resolve(null);
+      }
+    });
+  }
+  async find({ scope, category, paging } = {}) {
+    const conditions = {};
+    if (scope) {
+      conditions.scope = scope;
+    }
+    if (category) {
+      conditions.category = category;
+    }
+    return this.paginate(conditions, { createdAt: -1 }, { pageSize: 20, ...paging });
+  }
+}
+module.exports = AuditLogState;