@abtnode/core 1.8.14 → 1.8.17

package/lib/api/team.js

@@ -1,13 +1,35 @@
 const { EventEmitter } = require('events');
 const pick = require('lodash/pick');
+const joinUrl = require('url-join');
+
 const logger = require('@abtnode/logger')('@abtnode/core:api:team');
-const { ROLES, genPermissionName, EVENTS, WHO_CAN_ACCESS, PASSPORT_STATUS } = require('@abtnode/constant');
+const {
+  ROLES,
+  genPermissionName,
+  EVENTS,
+  WHO_CAN_ACCESS,
+  PASSPORT_STATUS,
+  WELLKNOWN_SERVICE_PATH_PREFIX,
+} = require('@abtnode/constant');
 const { isValid: isValidDid } = require('@arcblock/did');
 const { BlockletEvents } = require('@blocklet/meta/lib/constants');
+const { sendToUser } = require('@blocklet/sdk/lib/util/send-notification');
+const {
+  createPassportVC,
+  createPassport,
+  upsertToPassports,
+  createUserPassport,
+} = require('@abtnode/auth/lib/passport');
+const { getPassportStatusEndpoint } = require('@abtnode/auth/lib/auth');
+const getBlockletInfo = require('@blocklet/meta/lib/info');
+const { parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
+
 const { validateTrustedPassportIssuers } = require('../validators/trusted-passport');
 const { validateCreateRole, validateUpdateRole } = require('../validators/role');
 const { validateCreatePermission, validateUpdatePermission } = require('../validators/permission');
 
+const { getBlocklet } = require('../util/blocklet');
+
 const MAX_USER_PAGE_SIZE = 100;
 
 const validateReservedRole = (role) => {
@@ -17,19 +39,53 @@ const validateReservedRole = (role) => {
   return true;
 };
 
+const sendPassportVcNotification = ({ userDid, appWallet: wallet, locale, vc }) => {
+  try {
+    const receiver = userDid;
+    const sender = { appDid: wallet.address, appSk: wallet.secretKey };
+    const message = {
+      title: {
+        en: 'Receive a Passport',
+        zh: '获得通行证',
+      }[locale],
+      body: {
+        en: 'You got a passport',
+        zh: '你获得了一张通行证',
+      }[locale],
+      attachments: [
+        {
+          type: 'vc',
+          data: {
+            credential: vc,
+            tag: vc.credentialSubject.passport.name,
+          },
+        },
+      ],
+    };
+
+    sendToUser(receiver, message, sender, process.env.ABT_NODE_SERVICE_PORT).catch((error) => {
+      logger.error('Failed send passport vc to wallet', { error });
+    });
+  } catch (error) {
+    logger.error('Failed send passport vc to wallet', { error });
+  }
+};
+
 class TeamAPI extends EventEmitter {
   /**
    *
    * @param {object} states abtnode core StateDB
    */
-  constructor({ teamManager, states }) {
+  constructor({ teamManager, states, dataDirs }) {
     super();
 
     this.notification = states.notification;
     this.node = states.node;
+    this.states = states;
     this.memberInviteExpireTime = 1000 * 3600 * 24 * 30; // 30 days
     this.serverInviteExpireTime = 1000 * 3600; // 1 hour
     this.teamManager = teamManager;
+    this.dataDirs = dataDirs;
   }
 
   // User && Invitation
@@ -223,6 +279,72 @@ class TeamAPI extends EventEmitter {
     return doc;
   }
 
+  async issuePassportToUser({ teamDid, userDid, role: roleName, notify = true }, context = {}) {
+    const { locale = 'en' } = context;
+
+    const userState = await this.getUserState(teamDid);
+    const user = await userState.getUser(userDid);
+
+    if (!user) {
+      throw new Error(`user does not exist: ${userDid}`);
+    }
+
+    if (!user.approved) {
+      throw new Error(`the user is revoked: ${userDid}`);
+    }
+
+    const rbac = await this.getRBAC(teamDid);
+    const role = await rbac.getRole(roleName);
+
+    if (!role) {
+      throw new Error(`passport does not exist: ${roleName}`);
+    }
+
+    // create vc
+    const blocklet = await getBlocklet({ did: teamDid, states: this.states, dataDirs: this.dataDirs });
+    const nodeInfo = await this.node.read();
+    const blockletInfo = getBlockletInfo(blocklet, nodeInfo.sk);
+    const { wallet, passportColor, appUrl, name: issuerName } = blockletInfo;
+
+    const vc = createPassportVC({
+      issuerName,
+      issuerWallet: wallet,
+      ownerDid: userDid,
+      passport: await createPassport({
+        role,
+      }),
+      endpoint: getPassportStatusEndpoint({
+        baseUrl: joinUrl(appUrl, WELLKNOWN_SERVICE_PATH_PREFIX),
+        userDid,
+        teamDid,
+      }),
+      ownerProfile: {
+        ...user,
+        avatar: await parseUserAvatar(user.avatar, { dataDir: blocklet.env.dataDir }),
+      },
+      preferredColor: passportColor,
+    });
+
+    // write passport to db
+    const passport = createUserPassport(vc, { role: role.name });
+    user.passports = upsertToPassports(user.passports || [], passport);
+    await this.updateUser({
+      teamDid,
+      user: {
+        did: user.did,
+        pk: user.pk,
+        passports: user.passports,
+      },
+    });
+
+    // send vc to wallet
+    if (notify) {
+      sendPassportVcNotification({ userDid, appWallet: wallet, locale, vc });
+    }
+
+    return user;
+  }
+
   async revokeUserPassport({ teamDid, userDid, passportId } = {}) {
     if (!passportId) {
       throw new Error('Revoked passport should not be empty');

package/lib/blocklet/manager/base.js

@@ -8,6 +8,8 @@ class BaseBlockletManager extends EventEmitter {
   constructor() {
     super();
 
+    this.setMaxListeners(100);
+
     // HACK: do not emit any events from CLI
     if (isCLI() && process.env.NODE_ENV !== 'test') {
       this.emit = (name) => logger.debug('stopped blocklet manager event in CLI', name);

package/lib/blocklet/manager/disk.js

@@ -36,7 +36,6 @@ const {
   forEachBlocklet,
   forEachChild,
   getComponentId,
-  getComponentName,
   getComponentBundleId,
 } = require('@blocklet/meta/lib/util');
 const getComponentProcessId = require('@blocklet/meta/lib/get-component-process-id');
@@ -73,9 +72,7 @@ const {
   getFromCache: getAccessibleExternalNodeIp,
 } = require('../../util/get-accessible-external-node-ip');
 const {
-  getComponentDirs,
   getBlockletMetaFromUrl,
-  fillBlockletConfigs,
   ensureBlockletExpanded,
   getAppSystemEnvironments,
   getComponentSystemEnvironments,
@@ -104,6 +101,7 @@ const {
   needBlockletDownload,
   findAvailableDid,
   ensureMeta,
+  getBlocklet,
 } = require('../../util/blocklet');
 const { parseSourceUrl } = require('../../util/registry');
 const states = require('../../states');
@@ -217,7 +215,7 @@ class BlockletManager extends BaseBlockletManager {
    * @param {{
    *  url: string;
    *  sync: boolean = false;
-   *  downloadToken: string;
+   *  downloadTokenList: Array<{did: string, token: string};
    * }} params
    * @param {{
    *  [key: string]: any
@@ -228,20 +226,16 @@ class BlockletManager extends BaseBlockletManager {
   async install(params, context = {}) {
     logger.debug('install blocklet', { params, context });
 
-    if (params.downloadToken) {
-      const info = await states.node.read();
+    const info = await states.node.read();
 
-      context.headers = Object.assign(context?.headers || {}, {
-        'x-server-did': info.did,
-        'x-download-token': params.downloadToken,
-        // FIXME: 先保证兼容性,后续删除
-        'x-server-publick-key': info.pk,
-        'x-server-public-key': info.pk,
-        'x-server-signature': sign(info.did, info.sk, {
-          exp: (Date.now() + 5 * 60 * 1000) / 1000,
-        }),
-      });
-    }
+    context.headers = Object.assign(context?.headers || {}, {
+      'x-server-did': info.did,
+      'x-server-public-key': info.pk,
+      'x-server-signature': sign(info.did, info.sk, {
+        exp: (Date.now() + 5 * 60 * 1000) / 1000,
+      }),
+    });
+    context.downloadTokenList = params.downloadTokenList || [];
 
     const source = getSourceFromInstallParams(params);
     if (typeof context.startImmediately === 'undefined') {
@@ -289,7 +283,7 @@ class BlockletManager extends BaseBlockletManager {
    * @param {ConfigEntry} configs pre configs
    */
   async installComponent(
-    { rootDid, mountPoint, url, file, did, diffVersion, deleteSet, title, name, configs, downloadToken },
+    { rootDid, mountPoint, url, file, did, diffVersion, deleteSet, title, name, configs, downloadTokenList },
     context = {}
   ) {
     logger.debug('start install component', { rootDid, mountPoint, url });
@@ -308,7 +302,7 @@ class BlockletManager extends BaseBlockletManager {
         did,
         name,
         configs,
-        downloadToken,
+        downloadTokenList,
       });
     }
 
@@ -1298,49 +1292,8 @@ class BlockletManager extends BaseBlockletManager {
     return rootBlocklet;
   }
 
-  async ensureBlocklet(did, { e2eMode = false, validateEnv = true, throwOnNotExist = true } = {}) {
-    if (!isValidDid(did)) {
-      throw new Error(`Blocklet did is invalid: ${did}`);
-    }
-
-    const blocklet = await states.blocklet.getBlocklet(did);
-    if (!blocklet) {
-      if (throwOnNotExist) {
-        throw new Error(`Can not find blocklet in database by did ${did}`);
-      }
-      return null;
-    }
-
-    // app settings
-    const settings = await states.blockletExtras.getSettings(blocklet.meta.did);
-    blocklet.trustedPassports = get(settings, 'trustedPassports') || [];
-    blocklet.enablePassportIssuance = get(settings, 'enablePassportIssuance', true);
-    blocklet.settings = settings || {};
-
-    // app site
-    blocklet.site = await this.getSiteByDid(blocklet.meta.did);
-
-    await forEachBlocklet(blocklet, async (component, { id, level, ancestors }) => {
-      // component env
-      component.env = {
-        id,
-        name: getComponentName(component, ancestors),
-        processId: getComponentProcessId(component, ancestors),
-        ...getComponentDirs(component, {
-          dataDirs: this.dataDirs,
-          ensure: true,
-          validate: validateEnv,
-          ancestors,
-          e2eMode: level === 0 ? e2eMode : false,
-        }),
-      };
-
-      // component config
-      const configs = await states.blockletExtras.getConfigs([...ancestors.map((x) => x.meta.did), component.meta.did]);
-      fillBlockletConfigs(component, configs);
-    });
-
-    return blocklet;
+  async ensureBlocklet(did, opts = {}) {
+    return getBlocklet({ ...opts, states, dataDirs: this.dataDirs, did });
   }
 
   async hasBlocklet({ did }) {
@@ -1889,7 +1842,7 @@ class BlockletManager extends BaseBlockletManager {
     name: inputName,
     did: inputDid,
     configs,
-    downloadToken,
+    downloadTokenList,
   }) {
     const blocklet = await this._getBlockletForInstallation(rootDid);
     if (!blocklet) {
@@ -1909,14 +1862,12 @@ class BlockletManager extends BaseBlockletManager {
         ...context,
         headers: {
           'x-server-did': info.did,
-          'x-download-token': downloadToken,
-          // FIXME: 先保证兼容性,后续删除
-          'x-server-publick-key': info.pk,
           'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
         },
+        downloadTokenList: downloadTokenList || [],
       };
     }
 
@@ -2482,14 +2433,12 @@ class BlockletManager extends BaseBlockletManager {
         ...context,
         headers: {
           'x-server-did': info.did,
-          'x-download-token': blocklet?.tokens?.paidBlockletDownloadToken,
-          // FIXME: 先保证兼容性,后续删除
-          'x-server-publick-key': info.pk,
           'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
         },
+        downloadTokenList: blocklet?.tokens?.downloadTokenList || [],
       };
     }
 
@@ -2726,10 +2675,10 @@ class BlockletManager extends BaseBlockletManager {
       // Update dynamic component meta in blocklet settings
       await this._ensureDynamicChildrenInSettings(blocklet);
 
-      if (context?.headers?.['x-download-token']) {
+      if (context?.downloadTokenList?.length) {
         await states.blocklet.updateBlocklet(did, {
           tokens: {
-            paidBlockletDownloadToken: context.headers['x-download-token'],
+            downloadTokenList: context.downloadTokenList,
           },
         });
       }
@@ -2968,7 +2917,13 @@ class BlockletManager extends BaseBlockletManager {
       }
       ctrlStore[rootDid].set(did, cancelCtrl);
 
-      await downloadFile(url, path.join(cwd, tarballName), { cancelCtrl }, context);
+      const headers = context.headers ? cloneDeep(context.headers) : {};
+      const exist = (context.downloadTokenList || []).find((x) => x.did === did);
+      if (exist) {
+        headers['x-download-token'] = exist.token;
+      }
+
+      await downloadFile(url, path.join(cwd, tarballName), { cancelCtrl }, { ...context, headers });
 
       if (ctrlStore[rootDid]) {
         ctrlStore[rootDid].delete(did);

package/lib/index.js

@@ -163,7 +163,7 @@ function ABTNode(options) {
   } = getRouterHelpers({ dataDirs, routingSnapshot, routerManager, blockletManager, certManager });
 
   const nodeAPI = new NodeAPI(states.node);
-  const teamAPI = new TeamAPI({ states, teamManager });
+  const teamAPI = new TeamAPI({ states, teamManager, dataDirs });
 
   blockletManager.getRoutingRulesByDid = getRoutingRulesByDid;
   blockletManager.getSiteByDid = getSiteByDid;
@@ -298,6 +298,8 @@ function ABTNode(options) {
     // Passport
     revokeUserPassport: teamAPI.revokeUserPassport.bind(teamAPI),
     enableUserPassport: teamAPI.enableUserPassport.bind(teamAPI),
+    issuePassportToUser: teamAPI.issuePassportToUser.bind(teamAPI),
+
     createPassportIssuance: teamAPI.createPassportIssuance.bind(teamAPI),
     getPassportIssuances: teamAPI.getPassportIssuances.bind(teamAPI),
     getPassportIssuance: teamAPI.getPassportIssuance.bind(teamAPI),
@@ -311,13 +313,13 @@ function ABTNode(options) {
     verifyChallenge: states.challenge.verify.bind(states.challenge),
 
     // Notifications
-    getNotifications: states.notification.find.bind(states.notification),
+    getNotifications: states.notification.findPaginated.bind(states.notification),
     readNotifications: states.notification.read.bind(states.notification),
     unreadNotifications: states.notification.unread.bind(states.notification),
 
     // AuditLog
     createAuditLog: (params) => states.auditLog.create(params, instance),
-    getAuditLogs: states.auditLog.find.bind(states.auditLog),
+    getAuditLogs: states.auditLog.findPaginated.bind(states.auditLog),
 
     // Routing
     routerManager,
@@ -392,7 +394,6 @@ function ABTNode(options) {
 
   const events = createEvents({
     blockletManager,
-    blockletRegistry,
     ensureBlockletRouting,
     ensureBlockletRoutingForUpgrade,
     removeBlockletRouting,

package/lib/states/access-key.js

@@ -19,13 +19,15 @@ const validatePassport = (passport) => {
 const getUserName = (context) => get(context, 'user.fullName', '');
 
 class AccessKeyState extends BaseState {
-  constructor(baseDir, options = {}) {
-    super(baseDir, { filename: 'access_key.db', ...options });
-
-    this.db.ensureIndex({ fieldName: 'accessKeyId', unique: true }, (error) => {
-      if (error) {
-        logger.error('ensure unique index failed', { error });
-      }
+  constructor(baseDir, config = {}) {
+    super(baseDir, { filename: 'access_key.db', ...config });
+
+    this.onReady(() => {
+      this.ensureIndex({ fieldName: 'accessKeyId', unique: true }, (error) => {
+        if (error) {
+          logger.error('ensure unique index failed', { error });
+        }
+      });
     });
   }
 
@@ -48,7 +50,7 @@ class AccessKeyState extends BaseState {
     data.createdBy = getUserName(context);
     data.updatedBy = getUserName(context);
 
-    const doc = await this.asyncDB.insert(data);
+    const doc = await this.insert(data);
     return {
       ...doc,
       accessKeySecret: toBase58(wallet.secretKey),
@@ -67,7 +69,7 @@ class AccessKeyState extends BaseState {
     if (!accessKeyId) {
       throw new Error('accessKeyId should not be empty');
     }
-    const doc = await this.asyncDB.findOne({ accessKeyId });
+    const doc = await this.findOne({ accessKeyId });
     return doc;
   }
 
@@ -82,7 +84,7 @@ class AccessKeyState extends BaseState {
     if (!accessKeyId) {
       throw new Error('accessKeyId should not be empty');
     }
-    const doc = await this.asyncDB.findOne({ accessKeyId });
+    const doc = await this.findOne({ accessKeyId });
     if (!doc) {
       throw new Error(`Access Key Id ${accessKeyId} does not exist`);
     }
@@ -92,7 +94,7 @@ class AccessKeyState extends BaseState {
     doc.passport = passport;
     doc.updatedBy = getUserName(context);
 
-    await this.asyncDB.update({ accessKeyId }, { $set: doc });
+    await super.update({ accessKeyId }, { $set: doc });
     return doc;
   }
 
@@ -101,12 +103,12 @@ class AccessKeyState extends BaseState {
     if (!accessKeyId) {
       throw new Error('accessKeyId should not be empty');
     }
-    const doc = await this.asyncDB.findOne({ accessKeyId });
+    const doc = await this.findOne({ accessKeyId });
     if (!doc) {
       throw new Error(`Access Key Id ${accessKeyId} does not exist`);
     }
     doc.lastUsedAt = new Date();
-    await this.asyncDB.update({ accessKeyId }, { $set: doc });
+    await super.update({ accessKeyId }, { $set: doc });
     return doc;
   }
 
@@ -116,7 +118,7 @@ class AccessKeyState extends BaseState {
     if (!accessKeyId) {
       throw new Error('accessKeyId should not be empty');
     }
-    const num = await this.asyncDB.remove({ accessKeyId });
+    const num = await super.remove({ accessKeyId });
     if (num <= 0) {
       throw new Error(`Access Key Id ${accessKeyId} does not exist`);
     }

package/lib/states/audit-log.js

@@ -3,7 +3,7 @@ const pick = require('lodash/pick');
 const get = require('lodash/get');
 const joinUrl = require('url-join');
 const { getDisplayName } = require('@blocklet/meta/lib/util');
-const { BLOCKLET_SITE_GROUP_SUFFIX } = require('@abtnode/constant');
+const { BLOCKLET_SITE_GROUP_SUFFIX, NODE_SERVICES } = require('@abtnode/constant');
 const logger = require('@abtnode/logger')('@abtnode/core:states:audit-log');
 
 const BaseState = require('./base');
@@ -177,6 +177,8 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `updated trusted passport issuers to following for ${team}: \n${args.trustedPassports.map(x => `- ${x.remark}: ${x.issuerDid}`).join('\n')}`; // prettier-ignore
     case 'delegateTransferNFT':
       return `${args.owner} ${args.reason}`;
+    case 'issuePassportToUser':
+      return `issued **${args.role}** passport to ${user}`;
 
     // accessKeys
     case 'createAccessKey':
@@ -344,9 +346,15 @@ const getScope = (args = {}) => {
   return null;
 };
 
+const fixActor = (actor) => {
+  if ([NODE_SERVICES.AUTH_SERVICE, 'blocklet'].includes(actor?.role)) {
+    actor.role = '';
+  }
+};
+
 class AuditLogState extends BaseState {
-  constructor(baseDir, options = {}) {
-    super(baseDir, { filename: 'audit-log.db', ...options });
+  constructor(baseDir, config = {}) {
+    super(baseDir, { filename: 'audit-log.db', ...config });
   }
 
   /**
@@ -399,7 +407,9 @@ class AuditLogState extends BaseState {
         const { ip, ua, user } = context;
         const [info, uaInfo] = await Promise.all([node.states.node.read(), parse(ua)]);
 
-        const data = await this.asyncDB.insert({
+        fixActor(user);
+
+        const data = await this.insert({
           scope: getScope(args) || info.did, // server or blocklet did
           action,
           category: await getLogCategory(action, args, context, result, info, node),
@@ -420,7 +430,7 @@ class AuditLogState extends BaseState {
     });
   }
 
-  async find({ scope, category, paging } = {}) {
+  async findPaginated({ scope, category, paging } = {}) {
     const conditions = {};
     if (scope) {
       conditions.scope = scope;
@@ -429,7 +439,7 @@ class AuditLogState extends BaseState {
       conditions.category = category;
     }
 
-    return this.paginate(conditions, { createdAt: -1 }, { pageSize: 20, ...paging });
+    return super.paginate(conditions, { createdAt: -1 }, { pageSize: 20, ...paging });
   }
 }
 

package/lib/states/base.js

@@ -4,8 +4,8 @@ const logger = require('@abtnode/logger')('@abtnode/core:states');
 const { isCLI } = require('../util');
 
 class BaseState extends DB {
-  constructor(baseDir, options) {
-    super(baseDir, options);
+  constructor(baseDir, config) {
+    super(baseDir, config);
 
     // HACK: do not emit any events from CLI
     if (isCLI() && process.env.NODE_ENV !== 'test') {

package/lib/states/blocklet-extras.js

@@ -12,8 +12,8 @@ const { mergeConfigs, parseConfigs } = require('../blocklet/extras');
 const noop = (k) => (v) => v[k];
 
 class BlockletExtrasState extends BaseState {
-  constructor(baseDir, options = {}) {
-    super(baseDir, { filename: 'blocklet_extras.db', ...options });
+  constructor(baseDir, config = {}) {
+    super(baseDir, { filename: 'blocklet_extras.db', ...config });
 
     this.extras = [
       // environment
@@ -82,10 +82,10 @@ class BlockletExtrasState extends BaseState {
       // eslint-disable-next-line no-param-reassign
       dids = [].concat(dids);
       const [rootDid, ...childDids] = dids;
-      const { dek } = this.options;
+      const { dek } = this.config;
       const { name, afterGet = noop('data') } = extra;
 
-      let item = await this.asyncDB.findOne({ did: rootDid });
+      let item = await this.findOne({ did: rootDid });
       while (item && childDids.length) {
         const did = childDids.shift();
         item = (item.children || []).find((x) => x.did === did);
@@ -104,9 +104,9 @@ class BlockletExtrasState extends BaseState {
       // eslint-disable-next-line no-param-reassign
       dids = [].concat(dids);
       const [rootDid, ...childDids] = dids;
-      const { dek } = this.options;
+      const { dek } = this.config;
       const { name, beforeSet = noop('cur') } = extra;
-      const exist = await this.asyncDB.findOne({ did: rootDid });
+      const exist = await this.findOne({ did: rootDid });
 
       const item = exist || { did: rootDid };
       let component = item;
@@ -126,7 +126,7 @@ class BlockletExtrasState extends BaseState {
       component[name] = newData;
 
       if (!exist) {
-        await this.asyncDB.insert(item);
+        await this.insert(item);
         logger.info('create extra success', { name, dids });
       } else {
         await this.update(item._id, item);
@@ -143,7 +143,7 @@ class BlockletExtrasState extends BaseState {
       dids = [].concat(dids);
       const [rootDid, ...childDids] = dids;
       const { name } = extra;
-      const item = await this.asyncDB.findOne({ did: rootDid });
+      const item = await this.findOne({ did: rootDid });
 
       if (!item) {
         return null;
@@ -170,9 +170,9 @@ class BlockletExtrasState extends BaseState {
 
   generateListFn(extra) {
     return async () => {
-      const { dek } = this.options;
+      const { dek } = this.config;
       const { name, afterGet = noop('data') } = extra;
-      const docs = await this.asyncDB.find({});
+      const docs = await this.find({});
       const list = docs
         .filter((x) => x[name])
         .map((x) => ({