@abtnode/core 1.8.2 → 1.8.3

package/lib/blocklet/manager/disk.js

@@ -22,8 +22,7 @@ const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
 const downloadFile = require('@abtnode/util/lib/download-file');
 const Lock = require('@abtnode/util/lib/lock');
 const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
-const handleInstanceInStore = require('@abtnode/util/lib/public-to-store');
-const { VC_TYPE_BLOCKLET_PURCHASE } = require('@abtnode/constant');
+const { VC_TYPE_BLOCKLET_PURCHASE, WHO_CAN_ACCESS } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
 const {
@@ -116,6 +115,7 @@ const { getFactoryState } = require('../../util/chain');
 const runMigrationScripts = require('../migration');
 const hooks = require('../hooks');
 const { formatName } = require('../../util/get-domain-for-blocklet');
+const handleInstanceInStore = require('../../util/public-to-store');
 
 const {
   isInProgress,
@@ -234,7 +234,9 @@ class BlockletManager extends BaseBlockletManager {
       context.headers = Object.assign(context?.headers || {}, {
         'x-server-did': info.did,
         'x-download-token': params.downloadToken,
+        // FIXME: 先保证兼容性,后续删除
         'x-server-publick-key': info.pk,
+        'x-server-public-key': info.pk,
         'x-server-signature': sign(info.did, info.sk, {
           exp: (Date.now() + 5 * 60 * 1000) / 1000,
         }),
@@ -880,6 +882,25 @@ class BlockletManager extends BaseBlockletManager {
     return newState;
   }
 
+  async updateWhoCanAccess({ did, whoCanAccess }) {
+    if (!(await this.hasBlocklet({ did }))) {
+      throw new Error('The blocklet does not exist');
+    }
+
+    if (!Object.values(WHO_CAN_ACCESS).includes(whoCanAccess)) {
+      logger.error(`The value of whoCanAccess is invalid: ${whoCanAccess}`);
+      throw new Error('the value is invalid');
+    }
+
+    await states.blockletExtras.setSettings(did, { whoCanAccess });
+
+    const blocklet = await this.ensureBlocklet(did);
+
+    this.emit(BlockletEvents.updated, { meta: { did: blocklet.meta.did } });
+
+    return blocklet;
+  }
+
   /**
    * upgrade blocklet from registry
    */
@@ -1838,7 +1859,9 @@ class BlockletManager extends BaseBlockletManager {
         headers: {
           'x-server-did': info.did,
           'x-download-token': downloadToken,
+          // FIXME: 先保证兼容性,后续删除
           'x-server-publick-key': info.pk,
+          'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
@@ -2406,7 +2429,9 @@ class BlockletManager extends BaseBlockletManager {
         headers: {
           'x-server-did': info.did,
           'x-download-token': blocklet?.tokens?.paidBlockletDownloadToken,
+          // FIXME: 先保证兼容性,后续删除
           'x-server-publick-key': info.pk,
+          'x-server-public-key': info.pk,
           'x-server-signature': sign(info.did, info.sk, {
             exp: (Date.now() + 5 * 60 * 1000) / 1000,
           }),
@@ -2440,7 +2465,11 @@ class BlockletManager extends BaseBlockletManager {
     ticket.on('failed', async (err) => {
       logger.error('queue failed', { entity: 'blocklet', action, did, version, name, error: err });
       await this._rollback(action, did, oldBlocklet);
-      this.emit(`blocklet.${action}.failed`, { did, version, err });
+      const eventNames = {
+        upgrade: BlockletEvents.upgradeFailed,
+        downgrade: BlockletEvents.downgradeFailed,
+      };
+      this.emit(eventNames[action], { blocklet: oldBlocklet, context });
       states.notification.create({
         title: `Blocklet ${capitalize(action)} Failed`,
         description: `Blocklet ${name}@${version} ${action} failed with error: ${err.message || 'queue exception'}`,
@@ -2811,7 +2840,15 @@ class BlockletManager extends BaseBlockletManager {
     } catch (err) {
       const b = await this._rollback(action, did, oldBlocklet);
       logger.error(`failed to ${action} blocklet`, { did, version, name, error: err });
+
       this.emit(BlockletEvents.updated, b);
+
+      const eventNames = {
+        upgrade: BlockletEvents.upgradeFailed,
+        downgrade: BlockletEvents.downgradeFailed,
+      };
+      this.emit(eventNames[action], { blocklet: oldBlocklet, context });
+
       states.notification.create({
         title: `Blocklet ${capitalize(action)} Failed`,
         description: `Blocklet ${name}@${version} ${action} failed with error: ${err.message}`,

package/lib/event.js

@@ -5,7 +5,7 @@ const { wipeSensitiveData } = require('@blocklet/meta/lib/util');
 const logger = require('@abtnode/logger')('@abtnode/core:event');
 const { BLOCKLET_MODES, BlockletStatus, BlockletSource, BlockletEvents } = require('@blocklet/meta/lib/constants');
 const { EVENTS } = require('@abtnode/constant');
-const handleInstanceInStore = require('@abtnode/util/lib/public-to-store');
+const handleInstanceInStore = require('./util/public-to-store');
 
 const eventHub =
   process.env.NODE_ENV === 'test' ? require('@arcblock/event-hub/single') : require('@arcblock/event-hub');
@@ -27,6 +27,7 @@ module.exports = ({
   domainStatus,
   teamAPI,
   certManager,
+  node,
 }) => {
   const notificationState = states.notification;
   const nodeState = states.node;
@@ -155,22 +156,65 @@ module.exports = ({
   };
 
   const handleBlockletEvent = async (eventName, payload) => {
+    const blocklet = payload.blocklet || payload;
+
     if ([BlockletEvents.deployed, BlockletEvents.installed].includes(eventName)) {
       await handleBlockletAdd(eventName, payload);
+
+      try {
+        await node.createAuditLog({
+          action: 'installBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: blocklet,
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for installBlocklet', { error });
+      }
     } else if ([BlockletEvents.upgraded, BlockletEvents.downgraded].includes(eventName)) {
       await handleBlockletUpgrade(eventName, payload);
+
+      try {
+        await node.createAuditLog({
+          action: 'upgradeBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: blocklet,
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for upgradeBlocklet', { error });
+      }
     } else if ([BlockletEvents.removed].includes(eventName)) {
       await handleBlockletRemove(eventName, payload);
     } else if ([BlockletEvents.started].includes(eventName)) {
       try {
-        const blocklet = await blockletManager.ensureBlocklet(payload.meta.did);
-        const { publicToStore } = blocklet.settings;
+        const { publicToStore } = blocklet.settings || {};
         // 如果一个 blocklet 没有设置 publicToStore，启动成功后不应给 store 发请求
         if (publicToStore) {
           await handleInstanceInStore(blocklet, { publicToStore });
         }
       } catch (error) {
-        logger.error('BlockletEvents started failed', { error });
+        logger.error('handleInstanceInStore failed', { error });
+      }
+    } else if ([BlockletEvents.upgradeFailed, BlockletEvents.downgradeFailed].includes(eventName)) {
+      try {
+        await node.createAuditLog({
+          action: 'upgradeBlocklet',
+          args: {
+            did: blocklet.meta.did,
+          },
+          context: payload.context || {},
+          result: {
+            ...blocklet,
+            resultStatus: 'failed',
+          },
+        });
+      } catch (error) {
+        logger.error('Failed to createAuditLog for upgradeBlocklet failed', { error });
       }
     }
 

package/lib/index.js

@@ -174,19 +174,6 @@ function ABTNode(options) {
   onStatesReady(createStateReadyHandler(routingSnapshot));
   const domainStatus = new DomainStatus(routerManager);
 
-  const events = createEvents({
-    blockletManager,
-    blockletRegistry,
-    ensureBlockletRouting,
-    ensureBlockletRoutingForUpgrade,
-    removeBlockletRouting,
-    takeRoutingSnapshot,
-    handleRouting,
-    domainStatus,
-    teamAPI,
-    certManager,
-  });
-
   const isInitialized = async () => {
     const state = await states.node.read();
     return states.node.isInitialized(state);
@@ -226,9 +213,9 @@ function ABTNode(options) {
     getLatestBlockletVersion: blockletManager.getLatestBlockletVersion.bind(blockletManager),
     getBlockletMetaFromUrl: blockletManager.getMetaFromUrl.bind(blockletManager),
     resetBlocklet: blockletManager.reset.bind(blockletManager),
-    configPublicToStore: blockletManager.configPublicToStore.bind(blockletManager),
-
     deleteBlockletProcess: blockletManager.deleteProcess.bind(blockletManager),
+    configPublicToStore: blockletManager.configPublicToStore.bind(blockletManager),
+    updateWhoCanAccess: blockletManager.updateWhoCanAccess.bind(blockletManager),
 
     // For diagnose purpose
     syncBlockletStatus: blockletManager.status.bind(blockletManager),
@@ -319,7 +306,6 @@ function ABTNode(options) {
     processPassportIssuance: teamAPI.processPassportIssuance.bind(teamAPI),
     configTrustedPassports: teamAPI.configTrustedPassports.bind(teamAPI),
     configPassportIssuance: teamAPI.configPassportIssuance.bind(teamAPI),
-    configWhoCanAccess: teamAPI.configWhoCanAccess.bind(teamAPI),
 
     // Challenge
     generateChallenge: states.challenge.generate.bind(states.challenge),
@@ -405,6 +391,20 @@ function ABTNode(options) {
     getRouterProvider,
   };
 
+  const events = createEvents({
+    blockletManager,
+    blockletRegistry,
+    ensureBlockletRouting,
+    ensureBlockletRoutingForUpgrade,
+    removeBlockletRouting,
+    takeRoutingSnapshot,
+    handleRouting,
+    domainStatus,
+    teamAPI,
+    certManager,
+    node: instance,
+  });
+
   const webhook = WebHook({ events, dataDirs, instance });
 
   const initCron = () => {

package/lib/states/audit-log.js

@@ -111,6 +111,9 @@ const getLogContent = async (action, args, context, result, info, node) => {
     case 'configBlocklet':
       return `updated following config for blocklet ${getBlockletInfo(result, info)}:\n${args.configs.map(x => `- ${x.key}: ${x.value}\n`)}`; // prettier-ignore
     case 'upgradeBlocklet':
+      if (result.resultStatus === 'failed') {
+        return `upgrade blocklet failed: ${getBlockletInfo(result, info)}`;
+      }
       return `upgraded blocklet ${getBlockletInfo(result, info)} to v${result.meta.version}`;
     case 'updateChildBlocklets':
       return `upgraded components for blocklet ${getBlockletInfo(result, info)}`;
@@ -141,7 +144,7 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `switched passport to ${args.passport.name} for ${team}`;
     case 'login':
       return `${user} logged in to ${team} with passport ${args.passport.name}`;
-    case 'configWhoCanAccess':
+    case 'updateWhoCanAccess':
       return `updated access control policy to **${args.value}** for ${team} when ${args.reason}`;
     case 'configPassportIssuance':
       return `${args.enabled ? 'enabled' : 'disabled'} passport issuance for ${team}`;
@@ -214,6 +217,14 @@ const getLogContent = async (action, args, context, result, info, node) => {
       return `added extra domain **${args.domainAlias}** to ${site}`; // prettier-ignore
     case 'deleteDomainAlias':
       return `removed extra domain **${args.domainAlias}** from ${site}`; // prettier-ignore
+    case 'updateRoutingSite':
+      return `updated site from ${site}`; // prettier-ignore
+    case 'addRoutingRule':
+      return `added routing rule **${args.rule?.from?.pathPrefix}** from ${site}`; // prettier-ignore
+    case 'updateRoutingRule':
+      return `updated routing rule **${args.rule?.from?.pathPrefix}** from ${site}`; // prettier-ignore
+    case 'deleteRoutingRule':
+      return `deleted routing rule from ${site}`; // prettier-ignore
     case 'updateGateway': {
       let message = args.requestLimit.enabled ? `status: enabled, rate: ${args.requestLimit.rate}` : 'status: disabled';
       message = `update gateway. ${message}`;
@@ -312,16 +323,21 @@ const getScope = (args = {}) => {
     return args.teamDid;
   }
 
+  // this param usually means mutating an blockle application
+  if (args.did) {
+    // this param usually means mutating a nested child component
+    if (Array.isArray(args.did)) {
+      return args.did[0];
+    }
+
+    return args.did;
+  }
+
   // this param usually means mutating a child component
   if (args.rootDid) {
     return args.rootDid;
   }
 
-  // this param usually means mutating a nested child component
-  if (Array.isArray(args.did)) {
-    return args.did[0];
-  }
-
   return null;
 };
 

package/lib/states/node.js

@@ -283,6 +283,14 @@ class NodeState extends BaseState {
     return this.updateNodeInfo({ previousMode: '', mode: info.previousMode });
   }
 
+  async setMode(mode) {
+    if (Object.values(NODE_MODES).includes(mode) === false) {
+      throw new Error(`Can not update server to unsupported mode: ${mode}`);
+    }
+
+    return this.updateNodeInfo({ previousMode: '', mode });
+  }
+
   async getEnvironments() {
     return this.read().then((info) => ({
       ABT_NODE: info.version,

package/lib/util/blocklet.js

@@ -312,6 +312,7 @@ const getComponentSystemEnvironments = (blocklet) => {
 
   return {
     BLOCKLET_REAL_DID: blocklet.env.id,
+    BLOCKLET_REAL_NAME: blocklet.env.name,
     BLOCKLET_DATA_DIR: blocklet.env.dataDir,
     BLOCKLET_LOG_DIR: blocklet.env.logsDir,
     BLOCKLET_CACHE_DIR: blocklet.env.cacheDir,
@@ -337,11 +338,21 @@ const getRuntimeEnvironments = (blocklet, nodeEnvironments, ancestors) => {
         }
       : {};
 
+  const root = (ancestors || [])[0] || blocklet;
+  const ports = {};
+  forEachBlockletSync(root, (x) => {
+    const webInterface = findWebInterface(x);
+    if (webInterface && x.environmentObj[webInterface.port]) {
+      ports[x.environmentObj.BLOCKLET_REAL_NAME] = x.environmentObj[webInterface.port];
+    }
+  });
+
   return {
     ...blocklet.configObj,
     ...getSharedConfigObj(blocklet, ancestors),
     ...blocklet.environmentObj,
     ...devEnvironments,
+    BLOCKLET_WEB_PORTS: JSON.stringify(ports),
     ...nodeEnvironments,
     ...safeNodeEnvironments,
   };
@@ -415,7 +426,7 @@ const getBlockletMetaFromUrls = async (urls) => {
     const meta = await any(urls.map(getBlockletMetaFromUrl));
     return meta;
   } catch (err) {
-    logger.error('failed get blocklet meta', { urls });
+    logger.error('failed get blocklet meta', { urls, error: err });
     throw new Error('Failed get blocklet meta');
   }
 };

package/lib/util/public-to-store.js

@@ -0,0 +1,85 @@
+const { sign } = require('@arcblock/jwt');
+const { BlockletSource } = require('@blocklet/meta/lib/constants');
+const { WHO_CAN_ACCESS } = require('@abtnode/constant');
+const logger = require('@abtnode/logger')('@abtnode/util:public-to-store');
+
+const getWallet = require('@abtnode/util/lib/get-app-wallet');
+const axios = require('@abtnode/util/lib/axios');
+
+const getAppToken = (blocklet) =>
+  sign(blocklet.environmentObj?.BLOCKLET_APP_ID, blocklet.environmentObj?.BLOCKLET_APP_SK);
+
+const getAppId = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_ID;
+
+const getAppSK = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_SK;
+
+const getBlockletDid = (blocklet) => blocklet.meta?.bundleDid;
+
+const getAppUrl = (blocklet) => blocklet.environmentObj?.BLOCKLET_APP_URL;
+
+/**
+ * verify manages the permissions of blocklet public instance
+ * @param {*} blocklet
+ * @returns bool
+ */
+const verifyPublicInstance = (blocklet) => {
+  const { whoCanAccess = WHO_CAN_ACCESS.ALL } = blocklet.settings;
+  return blocklet.source === BlockletSource.registry && whoCanAccess === WHO_CAN_ACCESS.ALL;
+};
+
+/**
+ *
+ * @param {*} blocklet
+ * @param {*} {userDid publicToStore}
+ * @returns bool
+ */
+async function handleInstanceInStore(blocklet, { userDid = null, publicToStore = false } = {}) {
+  if (!blocklet) {
+    logger.error('blocklet argument is required');
+    throw new Error('blocklet argument is required');
+  }
+
+  const ownerDid = userDid || blocklet.settings?.owner?.did;
+  if (!ownerDid) {
+    return false;
+  }
+
+  if (!verifyPublicInstance(blocklet)) {
+    logger.error('no permission to set publicInstance');
+    throw new Error('no permission to set publicInstance');
+  }
+
+  const appToken = getAppToken(blocklet);
+  const blockletDid = getBlockletDid(blocklet);
+  const appId = getAppId(blocklet);
+  const appSK = getAppSK(blocklet);
+  const wallet = getWallet(appSK);
+  const body = {
+    appToken,
+    appId,
+    appPK: wallet.publicKey,
+    ownerDid,
+    appUrl: getAppUrl(blocklet),
+    blockletDid,
+  };
+
+  const api = axios.create({ baseURL: blocklet.deployedFrom, timeout: 1000 * 10 });
+  if (!publicToStore) {
+    try {
+      await api.delete(`/api/blocklet-instances/${appId}`, { data: body });
+    } catch (error) {
+      logger.error('failed to delete blocklet instance', { error });
+      throw new Error('failed to delete blocklet instance');
+    }
+  } else {
+    try {
+      await api.put(`/api/blocklet-instances/${appId}`, body);
+    } catch (error) {
+      logger.error('failed to update blocklet instance', { error });
+      throw new Error('failed to delete blocklet instance');
+    }
+  }
+  return true;
+}
+
+module.exports = handleInstanceInStore;

package/lib/validators/router.js

@@ -126,7 +126,7 @@ const updateSite = Joi.object({
     )
     .optional()
     .messages(domainMessages),
-});
+}).unknown();
 
 const addRuleSchema = Joi.object({
   id: Joi.string().required(),

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.2",
+  "version": "1.8.3",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,31 +19,31 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/certificate-manager": "1.8.2",
-    "@abtnode/constant": "1.8.2",
-    "@abtnode/cron": "1.8.2",
-    "@abtnode/db": "1.8.2",
-    "@abtnode/logger": "1.8.2",
-    "@abtnode/queue": "1.8.2",
-    "@abtnode/rbac": "1.8.2",
-    "@abtnode/router-provider": "1.8.2",
-    "@abtnode/static-server": "1.8.2",
-    "@abtnode/timemachine": "1.8.2",
-    "@abtnode/util": "1.8.2",
-    "@arcblock/did": "1.17.2",
+    "@abtnode/certificate-manager": "1.8.3",
+    "@abtnode/constant": "1.8.3",
+    "@abtnode/cron": "1.8.3",
+    "@abtnode/db": "1.8.3",
+    "@abtnode/logger": "1.8.3",
+    "@abtnode/queue": "1.8.3",
+    "@abtnode/rbac": "1.8.3",
+    "@abtnode/router-provider": "1.8.3",
+    "@abtnode/static-server": "1.8.3",
+    "@abtnode/timemachine": "1.8.3",
+    "@abtnode/util": "1.8.3",
+    "@arcblock/did": "1.17.5",
     "@arcblock/did-motif": "^1.1.10",
-    "@arcblock/did-util": "1.17.2",
-    "@arcblock/event-hub": "1.17.2",
-    "@arcblock/jwt": "^1.17.2",
+    "@arcblock/did-util": "1.17.5",
+    "@arcblock/event-hub": "1.17.5",
+    "@arcblock/jwt": "^1.17.5",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "1.17.2",
-    "@blocklet/meta": "1.8.2",
+    "@arcblock/vc": "1.17.5",
+    "@blocklet/meta": "1.8.3",
     "@fidm/x509": "^1.2.1",
     "@nedb/core": "^1.3.1",
     "@nedb/multi": "^1.3.1",
-    "@ocap/mcrypto": "1.17.2",
-    "@ocap/util": "1.17.2",
-    "@ocap/wallet": "1.17.2",
+    "@ocap/mcrypto": "1.17.5",
+    "@ocap/util": "1.17.5",
+    "@ocap/wallet": "1.17.5",
     "@slack/webhook": "^5.0.3",
     "axios": "^0.27.2",
     "axon": "^2.0.3",
@@ -81,5 +81,5 @@
     "express": "^4.17.1",
     "jest": "^27.4.5"
   },
-  "gitHead": "fcbe3c97f3825c507ee16714f49bbf8f58c5b59f"
+  "gitHead": "c734aca7bf1fc03378c3b082d0622b6a540a8bd3"
 }