@abtnode/core 1.8.0 → 1.8.3

package/lib/api/node.js

@@ -7,6 +7,7 @@ const isGitpod = require('@abtnode/util/lib/is-gitpod');
 const getFolderSize = require('@abtnode/util/lib/get-folder-size');
 const canPackageReadWrite = require('@abtnode/util/lib/can-pkg-rw');
 const { toDelegateAddress } = require('@arcblock/did-util');
+const { STORE_DETAIL_PAGE_PATH_PREFIX } = require('@abtnode/constant');
 
 const logger = require('@abtnode/logger')('@abtnode/core:api:node');
 
@@ -40,7 +41,19 @@ class NodeAPI {
   // eslint-disable-next-line no-unused-vars
   async addRegistry({ url }, context) {
     logger.info('add registry', { url });
-    const sanitized = sanitizeUrl(url);
+
+    const urlObj = new URL(url);
+    let newUrl = urlObj.origin;
+
+    // if the pathname is store blocklet list or blocklet detail
+    if (urlObj.pathname?.includes(STORE_DETAIL_PAGE_PATH_PREFIX)) {
+      const lastIndex = urlObj.pathname.lastIndexOf(STORE_DETAIL_PAGE_PATH_PREFIX);
+      const pathnamePrefix = urlObj.pathname.substring(0, lastIndex);
+      newUrl = `${newUrl}${pathnamePrefix || ''}`;
+    }
+
+    const sanitized = sanitizeUrl(newUrl);
+
     const info = await this.state.read();
     const exist = info.blockletRegistryList.find((x) => x.url === sanitized);
     if (exist) {

package/lib/blocklet/manager/disk.js

@@ -22,7 +22,7 @@ const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
 const downloadFile = require('@abtnode/util/lib/download-file');
 const Lock = require('@abtnode/util/lib/lock');
 const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
-const { VC_TYPE_BLOCKLET_PURCHASE } = require('@abtnode/constant');
+const { VC_TYPE_BLOCKLET_PURCHASE, WHO_CAN_ACCESS } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const {
@@ -115,6 +115,7 @@ const { getFactoryState } = require('../../util/chain');
 const runMigrationScripts = require('../migration');
 const hooks = require('../hooks');
 const { formatName } = require('../../util/get-domain-for-blocklet');
+const handleInstanceInStore = require('../../util/public-to-store');
 
 const {
   isInProgress,
@@ -216,6 +217,7 @@ class BlockletManager extends BaseBlockletManager {
    * @param {{
    *  url: string;
    *  sync: boolean = false;
+   *  downloadToken: string;
    * }} params
    * @param {{
    *  [key: string]: any
@@ -223,9 +225,24 @@ class BlockletManager extends BaseBlockletManager {
    * @return {*}
    * @memberof BlockletManager
    */
-  async install(params, context) {
+  async install(params, context = {}) {
     logger.debug('install blocklet', { params, context });
 
+    if (params.downloadToken) {
+      const info = await states.node.read();
+
+      context.headers = Object.assign(context?.headers || {}, {
+        'x-server-did': info.did,
+        'x-download-token': params.downloadToken,
+        // FIXME: 先保证兼容性,后续删除
+        'x-server-publick-key': info.pk,
+        'x-server-public-key': info.pk,
+        'x-server-signature': sign(info.did, info.sk, {
+          exp: (Date.now() + 5 * 60 * 1000) / 1000,
+        }),
+      });
+    }
+
     const source = getSourceFromInstallParams(params);
     if (typeof context.startImmediately === 'undefined') {
       context.startImmediately = !!params.startImmediately;
@@ -319,10 +336,12 @@ class BlockletManager extends BaseBlockletManager {
       }
     }
 
+    const { inStore, registryUrl } = await parseSourceUrl(url);
+
     const blocklet = await states.blocklet.getBlocklet(meta.did);
     const isRunning = blocklet ? blocklet.status === BlockletStatus.running : false;
 
-    return { meta, isFree, isInstalled: !!blocklet, isRunning };
+    return { meta, isFree, isInstalled: !!blocklet, isRunning, inStore, registryUrl };
   }
 
   async installBlockletFromVc({ vcPresentation, challenge }, context) {
@@ -423,7 +442,7 @@ class BlockletManager extends BaseBlockletManager {
 
       await this.deleteProcess({ did });
       const res = await states.blocklet.setBlockletStatus(did, BlockletStatus.error);
-      this.emit(BlockletEvents.startFailed, res);
+      this.emit(BlockletEvents.startFailed, { ...res, error: { message: error.message } });
 
       if (throwOnError) {
         throw new Error(description);
@@ -601,7 +620,7 @@ class BlockletManager extends BaseBlockletManager {
   async deleteComponent({ did, rootDid, keepData, keepState }, context) {
     logger.info('delete blocklet component', { did, rootDid, keepData });
 
-    const blocklet = await this.ensureBlocklet(rootDid);
+    const blocklet = await this.ensureBlocklet(rootDid, { validateEnv: false });
     const child = blocklet.children.find((x) => x.meta.did === did);
     if (!child) {
       throw new Error('Component does not exist');
@@ -851,6 +870,37 @@ class BlockletManager extends BaseBlockletManager {
     return newState;
   }
 
+  async configPublicToStore({ did, publicToStore = false }) {
+    const blocklet = await this.ensureBlocklet(did);
+    // publicToStore 由用户传入
+    // handleInstanceInStore 方法写在前面，保证向 store 操作成功后才会更改 blocklet 中的 publicToStore值
+    // handleInstanceInStore 中会校验修改 publicToStore字段 的条件，不符合则会抛错，就不会执行下面更新 publicToStore 的逻辑
+    await handleInstanceInStore(blocklet, { publicToStore });
+    await states.blockletExtras.setSettings(did, { publicToStore });
+
+    const newState = await this.ensureBlocklet(did);
+    return newState;
+  }
+
+  async updateWhoCanAccess({ did, whoCanAccess }) {
+    if (!(await this.hasBlocklet({ did }))) {
+      throw new Error('The blocklet does not exist');
+    }
+
+    if (!Object.values(WHO_CAN_ACCESS).includes(whoCanAccess)) {
+      logger.error(`The value of whoCanAccess is invalid: ${whoCanAccess}`);
+      throw new Error('the value is invalid');
+    }
+
+    await states.blockletExtras.setSettings(did, { whoCanAccess });
+
+    const blocklet = await this.ensureBlocklet(did);
+
+    this.emit(BlockletEvents.updated, { meta: { did: blocklet.meta.did } });
+
+    return blocklet;
+  }
+
   /**
    * upgrade blocklet from registry
    */
@@ -1275,6 +1325,10 @@ class BlockletManager extends BaseBlockletManager {
     return blocklet;
   }
 
+  async hasBlocklet({ did }) {
+    return states.blocklet.hasBlocklet(did);
+  }
+
   async setInitialized({ did, owner }) {
     if (!validateOwner(owner)) {
       throw new Error('Blocklet owner is invalid');
@@ -1495,7 +1549,12 @@ class BlockletManager extends BaseBlockletManager {
 
       preDownloadLock.release();
 
-      this.emit(BlockletEvents.downloadFailed, { meta: did });
+      this.emit(BlockletEvents.downloadFailed, {
+        meta: { did },
+        error: {
+          message: err.message,
+        },
+      });
       states.notification.create({
         title: 'Blocklet Download Failed',
         description: `Blocklet ${name}@${version} download failed with error: ${err.message}`,
@@ -1786,10 +1845,12 @@ class BlockletManager extends BaseBlockletManager {
       throw new Error('Root blocklet does not exist');
     }
 
+    const { inStore } = await parseSourceUrl(url);
+
     const meta = await getBlockletMetaFromUrl(url);
 
-    // 如果是一个付费的blocklet,需要携带token才能下载成功
-    if (!isFreeBlocklet(meta)) {
+    // 如果是一个付费的blocklet,并且url来源为Store, 需要携带token才能下载成功
+    if (!isFreeBlocklet(meta) && inStore) {
       const info = await states.node.read();
 
       // eslint-disable-next-line no-param-reassign
@@ -1798,7 +1859,9 @@ class BlockletManager extends BaseBlockletManager {
         headers: {
           'x-server-did': info.did,
           'x-download-token': downloadToken,
+          // FIXME: 先保证兼容性,后续删除
           'x-server-publick-key': info.pk,
+          'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
@@ -2366,7 +2429,9 @@ class BlockletManager extends BaseBlockletManager {
         headers: {
           'x-server-did': info.did,
           'x-download-token': blocklet?.tokens?.paidBlockletDownloadToken,
+          // FIXME: 先保证兼容性,后续删除
           'x-server-publick-key': info.pk,
+          'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
@@ -2400,7 +2465,11 @@ class BlockletManager extends BaseBlockletManager {
     ticket.on('failed', async (err) => {
       logger.error('queue failed', { entity: 'blocklet', action, did, version, name, error: err });
       await this._rollback(action, did, oldBlocklet);
-      this.emit(`blocklet.${action}.failed`, { did, version, err });
+      const eventNames = {
+        upgrade: BlockletEvents.upgradeFailed,
+        downgrade: BlockletEvents.downgradeFailed,
+      };
+      this.emit(eventNames[action], { blocklet: oldBlocklet, context });
       states.notification.create({
         title: `Blocklet ${capitalize(action)} Failed`,
         description: `Blocklet ${name}@${version} ${action} failed with error: ${err.message || 'queue exception'}`,
@@ -2625,7 +2694,12 @@ class BlockletManager extends BaseBlockletManager {
       logger.error('failed to install blocklet', { name, did, version, error: err });
       try {
         await this._rollback('install', did, oldBlocklet);
-        this.emit(BlockletEvents.installFailed, { meta: { did } });
+        this.emit(BlockletEvents.installFailed, {
+          meta: { did },
+          error: {
+            message: err.message,
+          },
+        });
         states.notification.create({
           title: 'Blocklet Install Failed',
           description: `Blocklet ${meta.name}@${meta.version} install failed with error: ${err.message}`,
@@ -2766,7 +2840,15 @@ class BlockletManager extends BaseBlockletManager {
     } catch (err) {
       const b = await this._rollback(action, did, oldBlocklet);
       logger.error(`failed to ${action} blocklet`, { did, version, name, error: err });
+
       this.emit(BlockletEvents.updated, b);
+
+      const eventNames = {
+        upgrade: BlockletEvents.upgradeFailed,
+        downgrade: BlockletEvents.downgradeFailed,
+      };
+      this.emit(eventNames[action], { blocklet: oldBlocklet, context });
+
       states.notification.create({
         title: `Blocklet ${capitalize(action)} Failed`,
         description: `Blocklet ${name}@${version} ${action} failed with error: ${err.message}`,

package/lib/cert.js

@@ -103,14 +103,16 @@ class Cert extends EventEmitter {
 
   async add(data) {
     if (!data.certificate || !data.privateKey) {
-      throw new Error('certificate and privateKey is required');
+      throw new Error('certificate and privateKey are required');
     }
 
     Cert.fixCertificate(data);
 
-    await this.manager.add(data);
-    logger.info('add certificate result', { name: data.name });
-    this.emit('cert.added', data);
+    const result = await this.manager.add(data);
+    logger.info('add certificate result', { name: result.name });
+    this.emit('cert.added', result);
+
+    return result;
   }
 
   async issue({ domain }) {
@@ -120,7 +122,10 @@ class Cert extends EventEmitter {
   }
 
   async upsertByDomain(data) {
-    return this.manager.upsertByDomain(data);
+    const result = await this.manager.upsertByDomain(data);
+    this.emit('cert.updated', result);
+
+    return result;
   }
 
   async update(data) {

package/lib/event.js

@@ -5,6 +5,7 @@ const { wipeSensitiveData } = require('@blocklet/meta/lib/util');
 const logger = require('@abtnode/logger')('@abtnode/core:event');
 const { BLOCKLET_MODES, BlockletStatus, BlockletSource, BlockletEvents } = require('@blocklet/meta/lib/constants');
 const { EVENTS } = require('@abtnode/constant');
+const handleInstanceInStore = require('./util/public-to-store');
 
 const eventHub =
   process.env.NODE_ENV === 'test' ? require('@arcblock/event-hub/single') : require('@arcblock/event-hub');
@@ -26,6 +27,7 @@ module.exports = ({
   domainStatus,
   teamAPI,
   certManager,
+  node,
 }) => {
   const notificationState = states.notification;
   const nodeState = states.node;
@@ -154,12 +156,66 @@ module.exports = ({
   };
 
   const handleBlockletEvent = async (eventName, payload) => {
+    const blocklet = payload.blocklet || payload;
+
     if ([BlockletEvents.deployed, BlockletEvents.installed].includes(eventName)) {
       await handleBlockletAdd(eventName, payload);
+
+      try {
+        await node.createAuditLog({
+          action: 'installBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: blocklet,
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for installBlocklet', { error });
+      }
     } else if ([BlockletEvents.upgraded, BlockletEvents.downgraded].includes(eventName)) {
       await handleBlockletUpgrade(eventName, payload);
+
+      try {
+        await node.createAuditLog({
+          action: 'upgradeBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: blocklet,
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for upgradeBlocklet', { error });
+      }
     } else if ([BlockletEvents.removed].includes(eventName)) {
       await handleBlockletRemove(eventName, payload);
+    } else if ([BlockletEvents.started].includes(eventName)) {
+      try {
+        const { publicToStore } = blocklet.settings || {};
+        // 如果一个 blocklet 没有设置 publicToStore，启动成功后不应给 store 发请求
+        if (publicToStore) {
+          await handleInstanceInStore(blocklet, { publicToStore });
+        }
+      } catch (error) {
+        logger.error('handleInstanceInStore failed', { error });
+      }
+    } else if ([BlockletEvents.upgradeFailed, BlockletEvents.downgradeFailed].includes(eventName)) {
+      try {
+        await node.createAuditLog({
+          action: 'upgradeBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: {
+            ...blocklet,
+            resultStatus: 'failed',
+          },
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for upgradeBlocklet failed', { error });
+      }
     }
 
     if (payload.blocklet && !payload.meta) {

package/lib/index.js

@@ -174,19 +174,6 @@ function ABTNode(options) {
   onStatesReady(createStateReadyHandler(routingSnapshot));
   const domainStatus = new DomainStatus(routerManager);
 
-  const events = createEvents({
-    blockletManager,
-    blockletRegistry,
-    ensureBlockletRouting,
-    ensureBlockletRoutingForUpgrade,
-    removeBlockletRouting,
-    takeRoutingSnapshot,
-    handleRouting,
-    domainStatus,
-    teamAPI,
-    certManager,
-  });
-
   const isInitialized = async () => {
     const state = await states.node.read();
     return states.node.isInitialized(state);
@@ -226,8 +213,9 @@ function ABTNode(options) {
     getLatestBlockletVersion: blockletManager.getLatestBlockletVersion.bind(blockletManager),
     getBlockletMetaFromUrl: blockletManager.getMetaFromUrl.bind(blockletManager),
     resetBlocklet: blockletManager.reset.bind(blockletManager),
-
     deleteBlockletProcess: blockletManager.deleteProcess.bind(blockletManager),
+    configPublicToStore: blockletManager.configPublicToStore.bind(blockletManager),
+    updateWhoCanAccess: blockletManager.updateWhoCanAccess.bind(blockletManager),
 
     // For diagnose purpose
     syncBlockletStatus: blockletManager.status.bind(blockletManager),
@@ -237,6 +225,7 @@ function ABTNode(options) {
     getBlocklets: blockletManager.list.bind(blockletManager),
     getBlocklet: blockletManager.detail.bind(blockletManager),
     getBlockletDiff: blockletManager.diff.bind(blockletManager),
+    hasBlocklet: blockletManager.hasBlocklet.bind(blockletManager),
     updateAllBlockletEnvironment: blockletManager.updateAllBlockletEnvironment.bind(blockletManager),
     setBlockletInitialized: blockletManager.setInitialized.bind(blockletManager),
 
@@ -317,7 +306,6 @@ function ABTNode(options) {
     processPassportIssuance: teamAPI.processPassportIssuance.bind(teamAPI),
     configTrustedPassports: teamAPI.configTrustedPassports.bind(teamAPI),
     configPassportIssuance: teamAPI.configPassportIssuance.bind(teamAPI),
-    configWhoCanAccess: teamAPI.configWhoCanAccess.bind(teamAPI),
 
     // Challenge
     generateChallenge: states.challenge.generate.bind(states.challenge),
@@ -403,6 +391,20 @@ function ABTNode(options) {
     getRouterProvider,
   };
 
+  const events = createEvents({
+    blockletManager,
+    blockletRegistry,
+    ensureBlockletRouting,
+    ensureBlockletRoutingForUpgrade,
+    removeBlockletRouting,
+    takeRoutingSnapshot,
+    handleRouting,
+    domainStatus,
+    teamAPI,
+    certManager,
+    node: instance,
+  });
+
   const webhook = WebHook({ events, dataDirs, instance });
 
   const initCron = () => {

package/lib/router/helper.js

@@ -434,7 +434,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
         isProtected: true,
       });
 
-      logger.info('dashboard certificate updated');
+      logger.info('dashboard certificate updated', { domain });
     } catch (error) {
       logger.error('update dashboard certificate failed', { error });
       throw error;
@@ -1103,6 +1103,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
       certManager.on('cert.added', () => providers[providerName].reload());
       certManager.on('cert.removed', () => providers[providerName].reload());
       certManager.on('cert.issued', () => providers[providerName].reload());
+      certManager.on('cert.updated', () => providers[providerName].reload());
 
       await providers[providerName].start();
     }

package/lib/router/manager.js

@@ -8,7 +8,6 @@ const path = require('path');
 const os = require('os');
 const fse = require('fs-extra');
 const get = require('lodash/get');
-const { Certificate, PrivateKey } = require('@fidm/x509');
 const { EventEmitter } = require('events');
 const uuid = require('uuid');
 const isUrl = require('is-url');
@@ -564,39 +563,6 @@ class RouterManager extends EventEmitter {
     }
   }
 
-  validateCertificate(cert, domain) {
-    const certificate = Certificate.fromPEM(cert.certificate);
-    const privateKey = PrivateKey.fromPEM(cert.privateKey);
-
-    const data = Buffer.allocUnsafe(100);
-    const signature = privateKey.sign(data, 'sha512');
-    if (!certificate.publicKey.verify(data, signature, 'sha512')) {
-      throw new Error('Invalid certificate: signature verify failed');
-    }
-
-    const certDomain = get(certificate, 'subject.commonName', '');
-    if (domain && domain !== certDomain) {
-      throw new Error('Invalid certificate: domain does not match');
-    }
-
-    const validFrom = get(certificate, 'validFrom', '');
-    if (!validFrom || new Date(validFrom).getTime() > Date.now()) {
-      throw new Error('Invalid certificate: not in valid period');
-    }
-    const validTo = get(certificate, 'validTo', '');
-    if (!validTo || new Date(validTo).getTime() < Date.now()) {
-      throw new Error('Invalid certificate: not in valid period');
-    }
-
-    return certificate;
-  }
-
-  fixCertificate(entity) {
-    // Hack: this logic exists because gql does not allow line breaks in arg values
-    entity.privateKey = entity.privateKey.split('|').join('\n');
-    entity.certificate = entity.certificate.split('|').join('\n');
-  }
-
   fixRootBlockletRule(rule) {
     if (!rule.id) {
       rule.id = uuid.v4();

package/lib/states/audit-log.js

@@ -111,10 +111,17 @@ const getLogContent = async (action, args, context, result, info, node) => {
     case 'configBlocklet':
       return `updated following config for blocklet ${getBlockletInfo(result, info)}:\n${args.configs.map(x => `- ${x.key}: ${x.value}\n`)}`; // prettier-ignore
     case 'upgradeBlocklet':
+      if (result.resultStatus === 'failed') {
+        return `upgrade blocklet failed: ${getBlockletInfo(result, info)}`;
+      }
       return `upgraded blocklet ${getBlockletInfo(result, info)} to v${result.meta.version}`;
     case 'updateChildBlocklets':
       return `upgraded components for blocklet ${getBlockletInfo(result, info)}`;
-
+    case 'configPublicToStore':
+      if (args.publicToStore) {
+        return `set publicToStore to true for blocklet ${getBlockletInfo(result, info)}`;
+      }
+      return `set publicToStore to false for blocklet ${getBlockletInfo(result, info)}`;
     // store
     case 'addBlockletStore':
       return `added blocklet store ${args.url}`;
@@ -137,7 +144,7 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `switched passport to ${args.passport.name} for ${team}`;
     case 'login':
       return `${user} logged in to ${team} with passport ${args.passport.name}`;
-    case 'configWhoCanAccess':
+    case 'updateWhoCanAccess':
       return `updated access control policy to **${args.value}** for ${team} when ${args.reason}`;
     case 'configPassportIssuance':
       return `${args.enabled ? 'enabled' : 'disabled'} passport issuance for ${team}`;
@@ -210,6 +217,14 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `added extra domain **${args.domainAlias}** to ${site}`; // prettier-ignore
     case 'deleteDomainAlias':
       return `removed extra domain **${args.domainAlias}** from ${site}`; // prettier-ignore
+    case 'updateRoutingSite':
+      return `updated site from ${site}`; // prettier-ignore
+    case 'addRoutingRule':
+      return `added routing rule **${args.rule?.from?.pathPrefix}** from ${site}`; // prettier-ignore
+    case 'updateRoutingRule':
+      return `updated routing rule **${args.rule?.from?.pathPrefix}** from ${site}`; // prettier-ignore
+    case 'deleteRoutingRule':
+      return `deleted routing rule from ${site}`; // prettier-ignore
     case 'updateGateway': {
       let message = args.requestLimit.enabled ? `status: enabled, rate: ${args.requestLimit.rate}` : 'status: disabled';
       message = `update gateway. ${message}`;
@@ -237,6 +252,7 @@ const getLogCategory = (action) => {
     case 'configBlocklet':
     case 'upgradeBlocklet':
     case 'updateChildBlocklets':
+    case 'configPublicToStore':
       return 'blocklet';
 
     // store
@@ -307,16 +323,21 @@ const getScope = (args = {}) => {
     return args.teamDid;
   }
 
+  // this param usually means mutating an blockle application
+  if (args.did) {
+    // this param usually means mutating a nested child component
+    if (Array.isArray(args.did)) {
+      return args.did[0];
+    }
+
+    return args.did;
+  }
+
   // this param usually means mutating a child component
   if (args.rootDid) {
     return args.rootDid;
   }
 
-  // this param usually means mutating a nested child component
-  if (Array.isArray(args.did)) {
-    return args.did[0];
-  }
-
   return null;
 };
 

package/lib/states/blocklet.js

@@ -102,6 +102,22 @@ class BlockletState extends BaseState {
     });
   }
 
+  hasBlocklet(did) {
+    return new Promise((resolve, reject) => {
+      if (!did) {
+        resolve(false);
+      }
+
+      this.db.count({ $or: [{ 'meta.did': did }, { appDid: did }] }, (err, count) => {
+        if (err) {
+          return reject(err);
+        }
+
+        return resolve(!!count);
+      });
+    });
+  }
+
   getBlocklets(query = {}, projection) {
     return new Promise((resolve, reject) => {
       this.db

package/lib/states/node.js

@@ -283,6 +283,14 @@ class NodeState extends BaseState {
     return this.updateNodeInfo({ previousMode: '', mode: info.previousMode });
   }
 
+  async setMode(mode) {
+    if (Object.values(NODE_MODES).includes(mode) === false) {
+      throw new Error(`Can not update server to unsupported mode: ${mode}`);
+    }
+
+    return this.updateNodeInfo({ previousMode: '', mode });
+  }
+
   async getEnvironments() {
     return this.read().then((info) => ({
       ABT_NODE: info.version,

package/lib/states/session.js

@@ -10,7 +10,13 @@ class SessionState extends BaseState {
 
     this.db.ensureIndex({ fieldName: 'createdAt' }, (error) => {
       if (error) {
-        logger.error('ensure index failed', { error });
+        logger.error('ensure createdAt index failed', { error });
+      }
+    });
+
+    this.db.ensureIndex({ fieldName: 'expireDate', expireAfterSeconds: 0 }, (error) => {
+      if (error) {
+        logger.error('ensure expireDate index failed', { error });
       }
     });
   }

package/lib/util/blocklet.js

@@ -309,8 +309,10 @@ const getComponentSystemEnvironments = (blocklet) => {
   if (ports) {
     Object.assign(portEnvironments, ports);
   }
+
   return {
     BLOCKLET_REAL_DID: blocklet.env.id,
+    BLOCKLET_REAL_NAME: blocklet.env.name,
     BLOCKLET_DATA_DIR: blocklet.env.dataDir,
     BLOCKLET_LOG_DIR: blocklet.env.logsDir,
     BLOCKLET_CACHE_DIR: blocklet.env.cacheDir,
@@ -328,10 +330,29 @@ const getRuntimeEnvironments = (blocklet, nodeEnvironments, ancestors) => {
     return o;
   }, {});
 
+  // get devEnvironments, when blocklet is in dev mode
+  const devEnvironments =
+    blocklet.mode === BLOCKLET_MODES.DEVELOPMENT
+      ? {
+          BLOCKLET_DEV_MOUNT_POINT: blocklet?.mountPoint || '',
+        }
+      : {};
+
+  const root = (ancestors || [])[0] || blocklet;
+  const ports = {};
+  forEachBlockletSync(root, (x) => {
+    const webInterface = findWebInterface(x);
+    if (webInterface && x.environmentObj[webInterface.port]) {
+      ports[x.environmentObj.BLOCKLET_REAL_NAME] = x.environmentObj[webInterface.port];
+    }
+  });
+
   return {
     ...blocklet.configObj,
     ...getSharedConfigObj(blocklet, ancestors),
     ...blocklet.environmentObj,
+    ...devEnvironments,
+    BLOCKLET_WEB_PORTS: JSON.stringify(ports),
     ...nodeEnvironments,
     ...safeNodeEnvironments,
   };
@@ -405,7 +426,7 @@ const getBlockletMetaFromUrls = async (urls) => {
     const meta = await any(urls.map(getBlockletMetaFromUrl));
     return meta;
   } catch (err) {
-    logger.error('failed get blocklet meta', { urls });
+    logger.error('failed get blocklet meta', { urls, error: err });
     throw new Error('Failed get blocklet meta');
   }
 };
@@ -934,11 +955,6 @@ const pruneBlockletBundle = async ({ blocklets, installDir, blockletSettings })
 
     const fillAppDirs = async (dir, level = 'root') => {
       if (level === 'version') {
-        if (!fs.existsSync(path.join(dir, 'blocklet.yml'))) {
-          logger.error('blocklet.yml does not exist in blocklet bundle dir', { dir });
-          return;
-        }
-
         appDirs.push({
           key: path.relative(installDir, dir),
           dir,

package/lib/util/index.js

@@ -398,7 +398,10 @@ const validateUrl = async (url, expectedHttpResTypes = ['application/json', 'tex
       throw new Error(`Cannot get content-type from ${url}: ${err.message}`);
     }
 
-    if (expectedHttpResTypes.some((x) => res.headers['content-type'].includes(x)) === false) {
+    if (
+      res.headers['content-type'] &&
+      expectedHttpResTypes.some((x) => res.headers['content-type'].includes(x)) === false
+    ) {
       throw new Error(`Unexpected content-type from ${url}: ${res.headers['content-type']}`);
     }
 

package/lib/util/public-to-store.js

@@ -0,0 +1,85 @@
+const { sign } = require('@arcblock/jwt');
+const { BlockletSource } = require('@blocklet/meta/lib/constants');
+const { WHO_CAN_ACCESS } = require('@abtnode/constant');
+const logger = require('@abtnode/logger')('@abtnode/util:public-to-store');
+
+const getWallet = require('@abtnode/util/lib/get-app-wallet');
+const axios = require('@abtnode/util/lib/axios');
+
+const getAppToken = (blocklet) =>
+  sign(blocklet.environmentObj?.BLOCKLET_APP_ID, blocklet.environmentObj?.BLOCKLET_APP_SK);
+
+const getAppId = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_ID;
+
+const getAppSK = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_SK;
+
+const getBlockletDid = (blocklet) => blocklet.meta?.bundleDid;
+
+const getAppUrl = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_URL;
+
+/**
+ * verify manages the permissions of blocklet public instance
+ * @param {*} blocklet
+ * @returns bool
+ */
+const verifyPublicInstance = (blocklet) => {
+  const { whoCanAccess = WHO_CAN_ACCESS.ALL } = blocklet.settings;
+  return blocklet.source === BlockletSource.registry && whoCanAccess === WHO_CAN_ACCESS.ALL;
+};
+
+/**
+ *
+ * @param {*} blocklet
+ * @param {*} {userDid publicToStore}
+ * @returns bool
+ */
+async function handleInstanceInStore(blocklet, { userDid = null, publicToStore = false } = {}) {
+  if (!blocklet) {
+    logger.error('blocklet argument is required');
+    throw new Error('blocklet argument is required');
+  }
+
+  const ownerDid = userDid || blocklet.settings?.owner?.did;
+  if (!ownerDid) {
+    return false;
+  }
+
+  if (!verifyPublicInstance(blocklet)) {
+    logger.error('no permission to set publicInstance');
+    throw new Error('no permission to set publicInstance');
+  }
+
+  const appToken = getAppToken(blocklet);
+  const blockletDid = getBlockletDid(blocklet);
+  const appId = getAppId(blocklet);
+  const appSK = getAppSK(blocklet);
+  const wallet = getWallet(appSK);
+  const body = {
+    appToken,
+    appId,
+    appPK: wallet.publicKey,
+    ownerDid,
+    appUrl: getAppUrl(blocklet),
+    blockletDid,
+  };
+
+  const api = axios.create({ baseURL: blocklet.deployedFrom, timeout: 1000 * 10 });
+  if (!publicToStore) {
+    try {
+      await api.delete(`/api/blocklet-instances/${appId}`, { data: body });
+    } catch (error) {
+      logger.error('failed to delete blocklet instance', { error });
+      throw new Error('failed to delete blocklet instance');
+    }
+  } else {
+    try {
+      await api.put(`/api/blocklet-instances/${appId}`, body);
+    } catch (error) {
+      logger.error('failed to update blocklet instance', { error });
+      throw new Error('failed to delete blocklet instance');
+    }
+  }
+  return true;
+}
+
+module.exports = handleInstanceInStore;

package/lib/validators/router.js

@@ -126,7 +126,7 @@ const updateSite = Joi.object({
     )
     .optional()
     .messages(domainMessages),
-});
+}).unknown();
 
 const addRuleSchema = Joi.object({
   id: Joi.string().required(),

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.0",
+  "version": "1.8.3",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,31 +19,31 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/certificate-manager": "1.8.0",
-    "@abtnode/constant": "1.8.0",
-    "@abtnode/cron": "1.8.0",
-    "@abtnode/db": "1.8.0",
-    "@abtnode/logger": "1.8.0",
-    "@abtnode/queue": "1.8.0",
-    "@abtnode/rbac": "1.8.0",
-    "@abtnode/router-provider": "1.8.0",
-    "@abtnode/static-server": "1.8.0",
-    "@abtnode/timemachine": "1.8.0",
-    "@abtnode/util": "1.8.0",
-    "@arcblock/did": "1.17.0",
+    "@abtnode/certificate-manager": "1.8.3",
+    "@abtnode/constant": "1.8.3",
+    "@abtnode/cron": "1.8.3",
+    "@abtnode/db": "1.8.3",
+    "@abtnode/logger": "1.8.3",
+    "@abtnode/queue": "1.8.3",
+    "@abtnode/rbac": "1.8.3",
+    "@abtnode/router-provider": "1.8.3",
+    "@abtnode/static-server": "1.8.3",
+    "@abtnode/timemachine": "1.8.3",
+    "@abtnode/util": "1.8.3",
+    "@arcblock/did": "1.17.5",
     "@arcblock/did-motif": "^1.1.10",
-    "@arcblock/did-util": "1.17.0",
-    "@arcblock/event-hub": "1.17.0",
-    "@arcblock/jwt": "^1.17.0",
+    "@arcblock/did-util": "1.17.5",
+    "@arcblock/event-hub": "1.17.5",
+    "@arcblock/jwt": "^1.17.5",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "1.17.0",
-    "@blocklet/meta": "1.8.0",
+    "@arcblock/vc": "1.17.5",
+    "@blocklet/meta": "1.8.3",
     "@fidm/x509": "^1.2.1",
-    "@nedb/core": "^1.2.2",
-    "@nedb/multi": "^1.2.2",
-    "@ocap/mcrypto": "1.17.0",
-    "@ocap/util": "1.17.0",
-    "@ocap/wallet": "1.17.0",
+    "@nedb/core": "^1.3.1",
+    "@nedb/multi": "^1.3.1",
+    "@ocap/mcrypto": "1.17.5",
+    "@ocap/util": "1.17.5",
+    "@ocap/wallet": "1.17.5",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.27.2",
     "axon": "^2.0.3",
@@ -81,5 +81,5 @@
     "express": "^4.17.1",
     "jest": "^27.4.5"
   },
-  "gitHead": "6446a85fb33721abc24bb1045d59158e6b96c241"
+  "gitHead": "c734aca7bf1fc03378c3b082d0622b6a540a8bd3"
 }