@abtnode/core 1.8.61 → 1.8.63-beta-c51e554d

package/lib/api/team.js

@@ -595,7 +595,13 @@ class TeamAPI extends EventEmitter {
   async getPassportIssuances({ teamDid, ownerDid }) {
     const state = await this.getSessionState(teamDid);
 
-    const list = await state.find({ type: 'passport-issuance', ownerDid });
+    const query = { type: 'passport-issuance' };
+
+    if (ownerDid) {
+      query.ownerDid = ownerDid;
+    }
+
+    const list = await state.find(query);
 
     return list.map((d) => ({
       // eslint-disable-next-line no-underscore-dangle

package/lib/blocklet/extras.js

@@ -146,7 +146,22 @@ const parseConfigs = ({ data, did, dek }) => {
   return data;
 };
 
+const encryptConfigs = ({ data, did, dek }) => {
+  const enableSecurity = dek && did;
+
+  if (enableSecurity && Array.isArray(data)) {
+    data.forEach((x) => {
+      if (x.secure) {
+        x.value = security.encrypt(x.value, did, dek);
+      }
+    });
+  }
+
+  return data;
+};
+
 module.exports = {
   mergeConfigs,
   parseConfigs,
+  encryptConfigs,
 };

package/lib/blocklet/manager/disk.js

@@ -31,6 +31,7 @@ const {
   WHO_CAN_ACCESS,
   SERVER_ROLES,
   WHO_CAN_ACCESS_PREFIX_ROLES,
+  BLOCKLET_INSTALL_TYPE,
 } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
@@ -104,7 +105,7 @@ const {
   getDiskInfo,
   getUpdateMetaList,
   getRuntimeEnvironments,
-  getSourceFromInstallParams,
+  getTypeFromInstallParams,
   parseChildrenFromMeta,
   checkDuplicateComponents,
   getDiffFiles,
@@ -118,6 +119,7 @@ const {
   consumeServerlessNFT,
   validateAppConfig,
   checkDuplicateAppSk,
+  checkDuplicateMountPoint,
 } = require('../../util/blocklet');
 const StoreUtil = require('../../util/store');
 const states = require('../../states');
@@ -132,6 +134,7 @@ const handleInstanceInStore = require('../../util/public-to-store');
 const { getNFTState, getServerDidDomain } = require('../../util');
 const { BlockletRuntimeMonitor } = require('../../monitor/blocklet-runtime-monitor');
 const getHistoryList = require('../../monitor/get-history-list');
+const installFromBackup = require('./helper/install-from-backup');
 
 const {
   isInProgress,
@@ -252,6 +255,7 @@ class BlockletManager extends BaseBlockletManager {
    *  downloadTokenList: Array<{did: string, token: string}>;
    *  startImmediately: boolean;
    *  controller: Controller
+   *  type: BLOCKLET_INSTALL_TYPE
    * }} params
    * @param {{
    *  [key: string]: any
@@ -273,32 +277,37 @@ class BlockletManager extends BaseBlockletManager {
     });
     context.downloadTokenList = params.downloadTokenList || [];
 
-    const source = getSourceFromInstallParams(params);
+    const type = getTypeFromInstallParams(params);
     if (typeof context.startImmediately === 'undefined') {
       context.startImmediately = !!params.startImmediately;
     }
 
-    if (source === BlockletSource.url) {
+    if (type === BLOCKLET_INSTALL_TYPE.URL) {
       const { url, controller, sync, delay } = params;
       return this._installFromUrl({ url, controller, sync, delay }, context);
     }
 
-    if (source === BlockletSource.upload) {
+    if (type === BLOCKLET_INSTALL_TYPE.UPLOAD) {
       const { file, did, diffVersion, deleteSet } = params;
       return this._installFromUpload({ file, did, diffVersion, deleteSet, context });
     }
 
-    if (source === BlockletSource.registry) {
+    if (type === BLOCKLET_INSTALL_TYPE.STORE) {
       const { did, controller, sync, delay, storeUrl } = params;
       return this._installFromStore({ did, controller, sync, delay, storeUrl }, context);
     }
 
-    if (source === BlockletSource.custom) {
+    if (type === BLOCKLET_INSTALL_TYPE.CREATE) {
       return this._installFromCreate({ title: params.title, description: params.description }, context);
     }
 
+    if (type === BLOCKLET_INSTALL_TYPE.RESTORE) {
+      const { url, blockletSecretKey } = params;
+      return this._installFromBackup({ url, blockletSecretKey }, context);
+    }
+
     // should not be here
-    throw new Error('Unknown source');
+    throw new Error('Unknown type');
   }
 
   /**
@@ -1144,20 +1153,26 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     const rootDid = blocklet.meta.did;
+    const isRootComponent = !did;
 
-    const { children } = blocklet;
-    const component = children.find((x) => x.meta.did === did);
-
+    const component = isRootComponent ? blocklet : blocklet.children.find((x) => x.meta.did === did);
     if (!component) {
       throw new Error('component does not exist');
     }
 
-    if (!component.dynamic) {
+    if (!isRootComponent && !component.dynamic) {
       throw new Error('cannot update mountPoint of non-dynamic component');
     }
 
+    if (isRootComponent && component.group === BlockletGroup.gateway) {
+      throw new Error('cannot update mountPoint of gateway blocklet');
+    }
+
+    checkDuplicateMountPoint(blocklet, mountPoint);
+
     component.mountPoint = mountPoint;
-    await states.blocklet.updateBlocklet(rootDid, { children });
+
+    await states.blocklet.updateBlocklet(rootDid, { mountPoint: blocklet.mountPoint, children: blocklet.children });
 
     this.emit(BlockletEvents.upgraded, { blocklet, context: { ...context, createAuditLog: false } }); // trigger router refresh
 
@@ -1594,6 +1609,19 @@ class BlockletManager extends BaseBlockletManager {
     return blocklet;
   }
 
+  /**
+   * backup 目录结构
+   *  /blocklets/<name1>version>
+   *  /blocklets/<name2>version>
+   *  /blocklets/<name3>version>
+   *  /data
+   *  /blocklet.json
+   *  /blocklet_extras.json
+   */
+  async _installFromBackup({ url, blockletSecretKey, moveDir } = {}, context = {}) {
+    return installFromBackup({ url, blockletSecretKey, moveDir, context, manager: this, states });
+  }
+
   async ensureBlocklet(did, opts = {}) {
     return getBlocklet({ ...opts, states, dataDirs: this.dataDirs, did });
   }
@@ -1698,10 +1726,10 @@ class BlockletManager extends BaseBlockletManager {
         }));
       }
 
-      if (!fromCache) {
-        // app runtime info, app status
-        blocklet.appRuntimeInfo = this.runtimeMonitor.getRuntimeInfo(blocklet.meta.did);
+      // app runtime info, app status
+      blocklet.appRuntimeInfo = this.runtimeMonitor.getRuntimeInfo(blocklet.meta.did);
 
+      if (!fromCache) {
         // app disk info, component runtime info, component status, component engine
         await forEachBlocklet(blocklet, async (component, { level }) => {
           component.engine = getEngine(getBlockletEngineNameByPlatform(component.meta)).describe();

package/lib/blocklet/manager/helper/install-from-backup.js

@@ -0,0 +1,160 @@
+const fs = require('fs-extra');
+const path = require('path');
+const omit = require('lodash/omit');
+
+const { forEachBlockletSync } = require('@blocklet/meta/lib/util');
+const getBlockletInfo = require('@blocklet/meta/lib/info');
+
+const { BLOCKLET_CONFIGURABLE_KEY } = require('@blocklet/constant');
+
+const logger = require('@abtnode/logger')('@abtnode/core:install-from-backup');
+
+const { validateBlocklet, checkDuplicateAppSk, getAppDirs } = require('../../../util/blocklet');
+
+module.exports = async ({ url, blockletSecretKey, moveDir, context = {}, states, manager } = {}) => {
+  // TODO: support more url schema feature (http, did-spaces)
+  if (!url.startsWith('file://')) {
+    throw new Error('url must starts with file://');
+  }
+
+  const dir = url.replace('file://', '');
+
+  if (!dir || !fs.existsSync(dir)) {
+    throw new Error(`dir(${dir}) does not exist`);
+  }
+
+  // parse data from source dir
+
+  const srcBundleDirs = await getAppDirs(path.join(dir, 'blocklets'));
+  if (!srcBundleDirs.length) {
+    throw new Error(`bundle dirs does not found in ${dir}`);
+  }
+
+  const srcDataDir = path.join(dir, 'data');
+
+  /** @type {import('@abtnode/client').BlockletState} */
+  const state = omit(fs.readJSONSync(path.join(dir, 'blocklet.json')), [
+    '_id',
+    'createdAt',
+    'updatedAt',
+    'installedAt',
+    'startedAt',
+  ]);
+
+  const extra = omit(fs.readJSONSync(path.join(dir, 'blocklet-extras.json')), ['_id', 'createdAt', 'updatedAt']);
+
+  if (state.meta.did !== extra.did) {
+    throw new Error('did does not match in blocklet.json and blocklet_extra.json');
+  }
+
+  forEachBlockletSync(state, (component) => {
+    delete component.status;
+    delete component.ports;
+    delete component.environments;
+  });
+
+  const { meta } = state;
+
+  await validateBlocklet({ meta });
+
+  const { did, name: appName } = meta;
+
+  // FIXME: meta.did and meta.name should be dynamic created when installing multiple blocklet is supported
+  const existState = await states.blocklet.hasBlocklet(did);
+  if (existState) {
+    logger.error('blocklet is already exist', { did });
+    throw new Error('blocklet is already exist');
+  }
+
+  if (blockletSecretKey) {
+    extra.configs = extra.configs || [];
+    const skConfig = extra.configs.find((x) => x.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK);
+    if (skConfig) {
+      skConfig.value = blockletSecretKey;
+    } else {
+      extra.configs.push({
+        key: BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK,
+        value: blockletSecretKey,
+        secure: true,
+        shared: false,
+      });
+    }
+  }
+
+  // validate appDid
+  const nodeInfo = await states.node.read();
+  const { wallet } = getBlockletInfo({ meta: state.meta, configs: extra.configs, environments: [] }, nodeInfo.sk);
+  if (state.appDid !== wallet.address) {
+    throw new Error('blocklet appDid is different from the previous one');
+  }
+  await checkDuplicateAppSk({ sk: wallet.secretKey, states });
+
+  states.blockletExtras.encryptSecurityData({ data: extra, rootDid: extra.did });
+
+  logger.info('installFromBackup', { srcBundleDirs, srcDataDir });
+
+  try {
+    // copy extra
+    const existExtra = await states.blockletExtras.find({ did });
+    if (existExtra) {
+      // 如果数据存在, 当前视为脏数据, 直接删除
+      // FIXME 另一个人的数据可能被删除. 修复方式: 动态生成 meta.did 或通过 blocklet sk 生成 meta.did
+      // FIXME 简单粗暴的删掉数据可能不是理想的方式，需要考虑旧数据存在时, 如何与新数据 merge
+      logger.error('old extra state exists and will be force removed', { existExtra });
+      await states.blockletExtras.remove({ did });
+    }
+    await states.blockletExtras.insert(extra);
+    logger.info('blocklet extra is copied successfully');
+
+    // add blocklet
+    await states.blocklet.addBlocklet(state);
+    logger.info('blocklet state is added successfully');
+
+    // copy bundle
+    // 假设相同名称的应用，肯定是同一个应用
+    // 假设版本号相同时, 应用不会变更
+    // FIXME: blocklet bundle name/did 不是唯一的. 修改 blocklet bundle name/did 生成方式 使 name/bundle 唯一
+    await Promise.all(
+      srcBundleDirs.map(async ({ key: bundleName, dir: srcDir }) => {
+        const installDir = path.join(manager.dataDirs.blocklets, bundleName);
+        if (fs.existsSync(installDir)) {
+          logger.info(`${bundleName} is already exist`);
+          return;
+        }
+
+        fs.mkdirSync(installDir, { recursive: true });
+        if (moveDir) {
+          await fs.move(srcDir, installDir, { overwrite: true });
+        } else {
+          await fs.copy(srcDir, installDir);
+        }
+        logger.info(`bundle  is ${moveDir ? 'moved' : 'copied'} successfully`, { installDir });
+      })
+    );
+
+    // FIXME same as copy extra
+    const dataDir = path.join(manager.dataDirs.data, appName);
+    if (fs.existsSync(dataDir)) {
+      logger.error('old data exists and will be force removed', { dataDir });
+      await fs.remove(dataDir);
+    }
+    fs.mkdirSync(dataDir, { recursive: true });
+    if (fs.existsSync(srcDataDir)) {
+      if (moveDir) {
+        await fs.move(srcDataDir, dataDir, { overwrite: true });
+      } else {
+        await fs.copy(srcDataDir, dataDir);
+      }
+      logger.info(`data is ${moveDir ? 'moved' : 'copied'} successfully`);
+    }
+  } catch (error) {
+    logger.error('installFromBackup failed', { error });
+
+    await manager._rollback('install', did);
+
+    throw error;
+  }
+
+  logger.info('start install blocklet', { did });
+  return manager._installBlocklet({ did, context });
+};

package/lib/router/helper.js

@@ -258,13 +258,19 @@ const ensureWellknownRule = async (sites) => {
       if (blockletRules.length) {
         // get pathPrefix for blocklet-service
         const rootBlockletRule = blockletRules.find((x) => x.to.did === x.to.componentId);
-        const pathPrefix = joinUrl(rootBlockletRule?.from?.pathPrefix || '/', WELLKNOWN_SERVICE_PATH_PREFIX);
+
+        const servicePathPrefix = joinUrl(
+          // rootBlockletRule?.from?.pathPrefix is for backwards compatibility
+          // rootBlockletRule?.from?.groupPathPrefix 在旧的场景中可能不为 '/' (blocklet 只能挂载在 relative prefix 下)
+          rootBlockletRule?.from?.groupPathPrefix || rootBlockletRule?.from?.pathPrefix || '/',
+          WELLKNOWN_SERVICE_PATH_PREFIX
+        );
 
         // requests for /.well-known/service will stay in blocklet-service and never proxy back to blocklet
         // so any rule is ok to be cloned
-        if (!site.rules.some((x) => x.from.pathPrefix === pathPrefix)) {
+        if (!site.rules.some((x) => x.from.pathPrefix === servicePathPrefix)) {
           const rule = cloneDeep(rootBlockletRule || blockletRules[0]);
-          rule.from.pathPrefix = pathPrefix;
+          rule.from.pathPrefix = servicePathPrefix;
           rule.isProtected = true;
           site.rules.push(rule);
         }
@@ -275,6 +281,25 @@ const ensureWellknownRule = async (sites) => {
   return tempSites;
 };
 
+const ensureBlockletDid = async (sites) => {
+  const info = await states.node.read();
+
+  return (sites || []).map((site) => {
+    if (site.domain === DOMAIN_FOR_INTERNAL_SITE) {
+      return site;
+    }
+
+    if ([DOMAIN_FOR_IP_SITE, DOMAIN_FOR_DEFAULT_SITE, DOMAIN_FOR_IP_SITE_REGEXP].includes(site.domain)) {
+      site.blockletDid = info.did;
+      return site;
+    }
+
+    site.blockletDid = site.domain.replace(BLOCKLET_SITE_GROUP_SUFFIX, '');
+
+    return site;
+  });
+};
+
 const ensureCorsForWebWallet = async (sites) => {
   const info = await states.node.read();
   for (const site of sites) {
@@ -300,8 +325,10 @@ const filterSitesForRemovedBlocklets = async (sites = []) => {
 
 const ensureLatestInfo = async (sites = [], { withDefaultCors = true } = {}) => {
   let result = await ensureLatestNodeInfo(sites, { withDefaultCors });
+  result = await ensureBlockletDid(result);
   result = await ensureWellknownRule(result);
   result = await ensureCorsForWebWallet(result);
+
   return ensureLatestInterfaceInfo(result);
 };
 

package/lib/router/manager.js

@@ -11,6 +11,7 @@ const get = require('lodash/get');
 const { EventEmitter } = require('events');
 const uuid = require('uuid');
 const isUrl = require('is-url');
+const joinUrl = require('url-join');
 const cloneDeep = require('lodash/cloneDeep');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const logger = require('@abtnode/logger')('@abtnode/core:router:manager');
@@ -570,7 +571,8 @@ class RouterManager extends EventEmitter {
     rule.groupId = rule.id;
     rule.from.pathPrefix = normalizePathPrefix(rule.from.pathPrefix);
     if (rule.to.type === ROUTING_RULE_TYPES.BLOCKLET) {
-      rule.from.groupPathPrefix = rule.from.pathPrefix;
+      // pathPrefix of root blocklet maybe changed to another prefix than '/', so use old groupPathPrefix first
+      rule.from.groupPathPrefix = rule.from.groupPathPrefix || rule.from.pathPrefix;
       rule.to.componentId = rule.to.did;
     }
     if (rule.to.url) {
@@ -580,18 +582,32 @@ class RouterManager extends EventEmitter {
 
   /**
    * get all rules to be add or update to site from root rule
-   * @param {*} rule
+   * @param {*} rootRule
    */
-  async getRulesForMutation(rule) {
-    if (rule.to.type !== ROUTING_RULE_TYPES.BLOCKLET) {
-      return [rule];
+  async getRulesForMutation(rootRule) {
+    if (rootRule.to.type !== ROUTING_RULE_TYPES.BLOCKLET) {
+      return [rootRule];
     }
 
     const rules = [];
-    let occupied = false;
 
     // get child rules
-    const blocklet = await states.blocklet.getBlocklet(rule.to.did);
+    const blocklet = await states.blocklet.getBlocklet(rootRule.to.did);
+
+    // blocklet may be mounted in relative prefix (for old usage), so blockletPrefix may not be '/'
+    // blocklet prefix is the origin pathPrefix in rootRule
+    const blockletPrefix = normalizePathPrefix(rootRule.from.pathPrefix);
+
+    // root component's mountPoint may not be '/'
+    const rootComponentPrefix = joinUrl(blockletPrefix, blocklet.mountPoint || '/');
+    rootRule.from.pathPrefix = normalizePathPrefix(rootComponentPrefix);
+
+    const isOccupiable = blocklet.meta.group === BlockletGroup.gateway;
+
+    if (!isOccupiable) {
+      rules.push(rootRule);
+    }
+
     forEachChildSync(blocklet, (component, { id, ancestors }) => {
       if (component.meta.group === BlockletGroup.gateway) {
         return;
@@ -611,38 +627,40 @@ class RouterManager extends EventEmitter {
         return;
       }
 
-      const pathPrefix = path.join(rule.from.pathPrefix, ...ancestors.map((x) => x.mountPoint || ''), mountPoint);
-      const isRootPath = normalizePathPrefix(pathPrefix) === normalizePathPrefix(rule.from.pathPrefix);
-      if (isRootPath) {
-        occupied = true;
+      const pathPrefix = path.join(
+        blockletPrefix,
+        // level 1 component should be independent with root component
+        ...ancestors.slice(1).map((x) => x.mountPoint || ''),
+        mountPoint
+      );
+
+      const occupied = normalizePathPrefix(pathPrefix) === normalizePathPrefix(rootRule.from.pathPrefix);
+
+      if (occupied && !isOccupiable) {
+        return;
       }
 
       // if is root path, child rule become root rule
       const childRule = {
-        id: isRootPath ? rule.id : uuid.v4(),
-        groupId: rule.id,
+        id: occupied ? rootRule.id : uuid.v4(),
+        groupId: rootRule.id,
         from: {
           pathPrefix: normalizePathPrefix(pathPrefix),
-          groupPathPrefix: rule.from.pathPrefix,
+          groupPathPrefix: blockletPrefix,
         },
         to: {
           type: ROUTING_RULE_TYPES.BLOCKLET,
           port: findInterfacePortByName(component, childWebInterface.name),
-          did: rule.to.did, // root component did
-          interfaceName: rule.to.interfaceName, // root component interface
+          did: rootRule.to.did, // root component did
+          interfaceName: rootRule.to.interfaceName, // root component interface
           componentId: id,
         },
-        isProtected: isRootPath ? rule.isProtected : true,
+        isProtected: occupied ? rootRule.isProtected : true,
       };
 
       rules.push(childRule);
     });
 
-    // get root rule
-    if (!occupied && blocklet.meta.group !== BlockletGroup.gateway) {
-      rules.push(rule);
-    }
-
     return rules;
   }
 }

package/lib/states/blocklet-extras.js

@@ -9,7 +9,7 @@ const dayjs = require('dayjs');
 
 const BaseState = require('./base');
 
-const { mergeConfigs, parseConfigs } = require('../blocklet/extras');
+const { mergeConfigs, parseConfigs, encryptConfigs } = require('../blocklet/extras');
 const { validateAddMeta, validateExpiredInfo } = require('../validators/blocklet-extra');
 
 const noop = (k) => (v) => v[k];
@@ -214,6 +214,34 @@ class BlockletExtrasState extends BaseState {
       expiredAt: { $exists: true, $lte: now.subtract(EXPIRED_BLOCKLET_DATA_RETENTION_DAYS, 'days').toISOString() },
     });
   }
+
+  encryptSecurityData({ data, _rootDid } = {}) {
+    if (!data) {
+      return data;
+    }
+
+    const { dek } = this.config;
+
+    if (!dek) {
+      return data;
+    }
+
+    const did = _rootDid || data.did;
+
+    if (!did) {
+      throw new Error('data.did does not exist');
+    }
+
+    encryptConfigs({ data: data.configs, did, dek });
+
+    if (Array.isArray(data.children)) {
+      for (const child of data.children) {
+        this.encryptSecurityData({ data: child, _rootDid: did });
+      }
+    }
+
+    return data;
+  }
 }
 
 module.exports = BlockletExtrasState;

package/lib/util/blocklet.js

@@ -31,8 +31,7 @@ const getFolderSize = require('@abtnode/util/lib/get-folder-size');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const hashFiles = require('@abtnode/util/lib/hash-files');
 const isPathPrefixEqual = require('@abtnode/util/lib/is-path-prefix-equal');
-const { BLOCKLET_MAX_MEM_LIMIT_IN_MB, BLOCKLET_STORE } = require('@abtnode/constant');
-const { BLOCKLET_PREFERENCE_FILE, BLOCKLET_PREFERENCE_PREFIX } = require('@blocklet/constant');
+const { BLOCKLET_MAX_MEM_LIMIT_IN_MB, BLOCKLET_STORE, BLOCKLET_INSTALL_TYPE } = require('@abtnode/constant');
 const formatBackSlash = require('@abtnode/util/lib/format-back-slash');
 
 const SCRIPT_ENGINES_WHITE_LIST = ['npm', 'npx', 'pnpm', 'yarn'];
@@ -50,6 +49,8 @@ const {
   BLOCKLET_CONFIGURABLE_KEY,
   BLOCKLET_DYNAMIC_PATH_PREFIX,
   fromBlockletStatus,
+  BLOCKLET_PREFERENCE_FILE,
+  BLOCKLET_PREFERENCE_PREFIX,
 } = require('@blocklet/constant');
 const verifyMultiSig = require('@blocklet/meta/lib/verify-multi-sig');
 const validateBlockletEntry = require('@blocklet/meta/lib/entry');
@@ -926,6 +927,59 @@ const verifyIntegrity = async ({ file, integrity: expected }) => {
   return true;
 };
 
+/**
+ * @param {string} installDir
+ * @returns {Array<{ key: <[scope/]name/version>, dir: appDir }>}
+ */
+const getAppDirs = async (installDir) => {
+  const appDirs = [];
+
+  const getNextLevel = (level, name) => {
+    if (level === 'root') {
+      if (name.startsWith('@')) {
+        return 'scope';
+      }
+      return 'name';
+    }
+    if (level === 'scope') {
+      return 'name';
+    }
+    if (level === 'name') {
+      return 'version';
+    }
+    throw new Error(`Invalid level ${level}`);
+  };
+
+  const fillAppDirs = async (dir, level = 'root') => {
+    if (level === 'version') {
+      appDirs.push({
+        key: formatBackSlash(path.relative(installDir, dir)),
+        dir,
+      });
+
+      return;
+    }
+
+    const nextDirs = [];
+    for (const x of await fs.promises.readdir(dir)) {
+      if (!fs.lstatSync(path.join(dir, x)).isDirectory()) {
+        logger.error('pruneBlockletBundle: invalid file in bundle storage', { dir, file: x });
+        // eslint-disable-next-line no-continue
+        continue;
+      }
+      nextDirs.push(x);
+    }
+
+    for (const x of nextDirs) {
+      await fillAppDirs(path.join(dir, x), getNextLevel(level, x));
+    }
+  };
+
+  await fillAppDirs(installDir, 'root');
+
+  return appDirs;
+};
+
 const pruneBlockletBundle = async ({ blocklets, installDir, blockletSettings }) => {
   for (const blocklet of blocklets) {
     if (
@@ -961,53 +1015,10 @@ const pruneBlockletBundle = async ({ blocklets, installDir, blockletSettings })
     }
   }
 
-  // appDirs: [{ key: <[scope/]name/version>, dir: appDir }]
-  const appDirs = [];
-
   // fill appDirs
+  let appDirs = [];
   try {
-    // @return root/scope/bundle/version
-    const getNextLevel = (level, name) => {
-      if (level === 'root') {
-        if (name.startsWith('@')) {
-          return 'scope';
-        }
-        return 'bundle';
-      }
-      if (level === 'scope') {
-        return 'bundle';
-      }
-      if (level === 'bundle') {
-        return 'version';
-      }
-      throw new Error(`Invalid level ${level}`);
-    };
-
-    const fillAppDirs = async (dir, level = 'root') => {
-      if (level === 'version') {
-        appDirs.push({
-          key: formatBackSlash(path.relative(installDir, dir)),
-          dir,
-        });
-
-        return;
-      }
-
-      const nextDirs = [];
-      for (const x of await fs.promises.readdir(dir)) {
-        if (!fs.lstatSync(path.join(dir, x)).isDirectory()) {
-          logger.error('pruneBlockletBundle: invalid file in bundle storage', { dir, file: x });
-          // eslint-disable-next-line no-continue
-          continue;
-        }
-        nextDirs.push(x);
-      }
-
-      for (const x of nextDirs) {
-        await fillAppDirs(path.join(dir, x), getNextLevel(level, x));
-      }
-    };
-    await fillAppDirs(installDir, 'root');
+    appDirs = await getAppDirs(installDir);
   } catch (error) {
     logger.error('fill app dirs failed', { error });
   }
@@ -1197,24 +1208,34 @@ const getUpdateMetaList = (oldBlocklet = {}, newBlocklet = {}) => {
   return res;
 };
 
-const getSourceFromInstallParams = (params) => {
+/**
+ * @returns BLOCKLET_INSTALL_TYPE
+ */
+const getTypeFromInstallParams = (params) => {
+  if (params.type) {
+    if (!Object.values(BLOCKLET_INSTALL_TYPE).includes(params.type)) {
+      throw new Error(`Can only install blocklet from ${Object.values(BLOCKLET_INSTALL_TYPE).join('/')}`);
+    }
+    return params.type;
+  }
+
   if (params.url) {
-    return BlockletSource.url;
+    return BLOCKLET_INSTALL_TYPE.URL;
   }
 
   if (params.file) {
-    return BlockletSource.upload;
+    return BLOCKLET_INSTALL_TYPE.UPLOAD;
   }
 
   if (params.did) {
-    return BlockletSource.registry;
+    return BLOCKLET_INSTALL_TYPE.STORE;
   }
 
   if (params.title && params.description) {
-    return BlockletSource.custom;
+    return BLOCKLET_INSTALL_TYPE.CREATE;
   }
 
-  throw new Error('Can only install blocklet from store/url/upload/custom');
+  throw new Error(`Can only install blocklet from ${Object.values(BLOCKLET_INSTALL_TYPE).join('/')}`);
 };
 
 const checkDuplicateComponents = (components = []) => {
@@ -1599,25 +1620,32 @@ const validateAppConfig = async (config, blockletDid, states) => {
   }
 };
 
-const checkDuplicateAppSk = async ({ did, states }) => {
-  const nodeInfo = await states.node.read();
-  const blocklets = await states.blocklet.getBlocklets({});
-  const blocklet = await states.blocklet.getBlocklet(did);
-  const configs = await states.blockletExtras.getConfigs([did]);
+const checkDuplicateAppSk = async ({ sk, did, states }) => {
+  if (!sk && !did) {
+    throw new Error('sk and did is empty');
+  }
 
-  const { wallet } = getBlockletInfo(
-    {
-      meta: blocklet.meta,
-      environments: (configs || []).filter((x) => x.value),
-    },
-    nodeInfo.sk
-  );
+  let appSk = sk;
+  if (!sk) {
+    const nodeInfo = await states.node.read();
+    const blocklet = await states.blocklet.getBlocklet(did);
+    const configs = await states.blockletExtras.getConfigs([did]);
+    const { wallet } = getBlockletInfo(
+      {
+        meta: blocklet.meta,
+        environments: (configs || []).filter((x) => x.value),
+      },
+      nodeInfo.sk
+    );
+    appSk = wallet.secretKey;
+  }
 
-  const others = blocklets.filter((b) => b.meta.did !== did);
+  const blocklets = await states.blocklet.getBlocklets({});
+  const others = did ? blocklets.filter((b) => b.meta.did !== did) : blocklets;
 
   const exist = others.find((b) => {
     const item = (b.environments || []).find((e) => e.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK);
-    return item?.value === toHex(wallet.secretKey);
+    return item?.value === toHex(appSk);
   });
 
   if (exist) {
@@ -1625,6 +1653,19 @@ const checkDuplicateAppSk = async ({ did, states }) => {
   }
 };
 
+const checkDuplicateMountPoint = (blocklet, mountPoint) => {
+  const err = new Error(`cannot add duplicate mount point, ${mountPoint || '/'} already exist`);
+  if (normalizePathPrefix(blocklet.mountPoint) === normalizePathPrefix(mountPoint)) {
+    throw err;
+  }
+
+  for (const component of blocklet.children || []) {
+    if (normalizePathPrefix(component.mountPoint) === normalizePathPrefix(mountPoint)) {
+      throw err;
+    }
+  }
+};
+
 module.exports = {
   consumeServerlessNFT,
   forEachBlocklet,
@@ -1650,13 +1691,14 @@ module.exports = {
   expandTarball,
   verifyIntegrity,
   statusMap,
+  getAppDirs,
   pruneBlockletBundle,
   getDiskInfo,
   getRuntimeInfo,
   mergeMeta,
   fixAndVerifyMetaFromStore,
   getUpdateMetaList,
-  getSourceFromInstallParams,
+  getTypeFromInstallParams,
   findWebInterface,
   checkDuplicateComponents,
   getDiffFiles,
@@ -1670,4 +1712,5 @@ module.exports = {
   createDataArchive,
   validateAppConfig,
   checkDuplicateAppSk,
+  checkDuplicateMountPoint,
 };

package/lib/validators/router.js

@@ -47,7 +47,7 @@ const ruleSchema = {
     port: Joi.number().label('port').port().when('type', { is: ROUTING_RULE_TYPES.BLOCKLET, then: Joi.required() }),
     url: Joi.string().label('url').when('type', { is: ROUTING_RULE_TYPES.REDIRECT, then: Joi.required() }),
     redirectCode: Joi.alternatives()
-      .try(301, 302)
+      .try(301, 302, 307, 308)
       .label('redirect code')
       .when('type', { is: ROUTING_RULE_TYPES.REDIRECT, then: Joi.required() }),
     interfaceName: Joi.string() // root interface
@@ -81,7 +81,7 @@ const ruleSchema = {
 const corsSchema = Joi.array()
   .items(
     Joi.string().domain({ minDomainSegments: 1, tlds: false }),
-    Joi.string().valid(DOMAIN_FOR_DEFAULT_SITE),
+    Joi.string().valid(DOMAIN_FOR_DEFAULT_SITE, '__none__'),
     Joi.string().ip()
   )
   .min(1)

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.61",
+  "version": "1.8.63-beta-c51e554d",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,18 +19,18 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/auth": "1.8.61",
-    "@abtnode/certificate-manager": "1.8.61",
-    "@abtnode/constant": "1.8.61",
-    "@abtnode/cron": "1.8.61",
-    "@abtnode/db": "1.8.61",
-    "@abtnode/logger": "1.8.61",
-    "@abtnode/queue": "1.8.61",
-    "@abtnode/rbac": "1.8.61",
-    "@abtnode/router-provider": "1.8.61",
-    "@abtnode/static-server": "1.8.61",
-    "@abtnode/timemachine": "1.8.61",
-    "@abtnode/util": "1.8.61",
+    "@abtnode/auth": "1.8.63-beta-c51e554d",
+    "@abtnode/certificate-manager": "1.8.63-beta-c51e554d",
+    "@abtnode/constant": "1.8.63-beta-c51e554d",
+    "@abtnode/cron": "1.8.63-beta-c51e554d",
+    "@abtnode/db": "1.8.63-beta-c51e554d",
+    "@abtnode/logger": "1.8.63-beta-c51e554d",
+    "@abtnode/queue": "1.8.63-beta-c51e554d",
+    "@abtnode/rbac": "1.8.63-beta-c51e554d",
+    "@abtnode/router-provider": "1.8.63-beta-c51e554d",
+    "@abtnode/static-server": "1.8.63-beta-c51e554d",
+    "@abtnode/timemachine": "1.8.63-beta-c51e554d",
+    "@abtnode/util": "1.8.63-beta-c51e554d",
     "@arcblock/did": "1.18.36",
     "@arcblock/did-motif": "^1.1.10",
     "@arcblock/did-util": "1.18.36",
@@ -38,9 +38,9 @@
     "@arcblock/jwt": "^1.18.36",
     "@arcblock/pm2-events": "^0.0.5",
     "@arcblock/vc": "1.18.36",
-    "@blocklet/constant": "1.8.61",
-    "@blocklet/meta": "1.8.61",
-    "@blocklet/sdk": "1.8.61",
+    "@blocklet/constant": "1.8.63-beta-c51e554d",
+    "@blocklet/meta": "1.8.63-beta-c51e554d",
+    "@blocklet/sdk": "1.8.63-beta-c51e554d",
     "@fidm/x509": "^1.2.1",
     "@ocap/mcrypto": "1.18.36",
     "@ocap/util": "1.18.36",
@@ -85,5 +85,5 @@
     "express": "^4.18.2",
     "jest": "^27.5.1"
   },
-  "gitHead": "f68ac14c2074400d392e2171d328f12dbd2e64cb"
+  "gitHead": "9913ed7968dfab63d6549201a5a98f9819fcfac6"
 }