@abtnode/core 1.8.66-beta-ff281dd5 → 1.8.66-beta-7f4224af

package/lib/blocklet/manager/disk.js

@@ -15,20 +15,18 @@ const { isNFTExpired, getNftExpirationDate } = require('@abtnode/util/lib/nft');
 const didDocument = require('@abtnode/util/lib/did-document');
 const { sign } = require('@arcblock/jwt');
 const { isValid: isValidDid } = require('@arcblock/did');
-const { verifyPresentation } = require('@arcblock/vc');
 const { toSvg: createDidLogo } =
   process.env.NODE_ENV !== 'test' ? require('@arcblock/did-motif') : require('@arcblock/did-motif/dist/did-motif.cjs');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 const sleep = require('@abtnode/util/lib/sleep');
 
 const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
-const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
 const {
-  VC_TYPE_BLOCKLET_PURCHASE,
   WHO_CAN_ACCESS,
   SERVER_ROLES,
   WHO_CAN_ACCESS_PREFIX_ROLES,
   BLOCKLET_INSTALL_TYPE,
+  NODE_MODES,
 } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
@@ -111,6 +109,8 @@ const {
   validateAppConfig,
   checkDuplicateAppSk,
   checkDuplicateMountPoint,
+  validateStore,
+  validateInServerless,
 } = require('../../util/blocklet');
 const StoreUtil = require('../../util/store');
 const states = require('../../states');
@@ -242,6 +242,8 @@ class BlockletManager extends BaseBlockletManager {
    *  did: string;
    *  title: string;
    *  description: string;
+   *  storeUrl: string;
+   *  blockletSecretKey: string;
    *  sync: boolean = false; // download synchronously, not use queue
    *  delay: number; // push download task to queue after a delay
    *  downloadTokenList: Array<{did: string, token: string}>;
@@ -346,6 +348,12 @@ class BlockletManager extends BaseBlockletManager {
     logger.debug('start install component', { rootDid, mountPoint, url });
 
     if (file) {
+      // TODO: 如何触发这种场景？
+      const info = await states.node.read();
+      if (info.mode === NODE_MODES.SERVERLESS) {
+        throw new Error("Can't install component in serverless-mode server via upload");
+      }
+
       return this._installComponentFromUpload({
         rootDid,
         mountPoint,
@@ -359,6 +367,11 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     if (url) {
+      const info = await states.node.read();
+      if (info.mode === NODE_MODES.SERVERLESS) {
+        validateStore(info, url);
+      }
+
       return this._installComponentFromUrl({
         rootDid,
         mountPoint,
@@ -430,25 +443,6 @@ class BlockletManager extends BaseBlockletManager {
     return { isInstalled: !!blocklet, isRunning, blockletDid, isExternal };
   }
 
-  async installBlockletFromVc({ vcPresentation, challenge }, context) {
-    logger.info('Install from vc');
-    const vc = getVcFromPresentation(vcPresentation);
-
-    // FIXME: 这里的 trustedIssuers 相当于相信任何 VC，需要想更安全的方法
-    verifyPresentation({ presentation: vcPresentation, trustedIssuers: [get(vc, 'issuer.id')], challenge });
-
-    if (!vc.type.includes(VC_TYPE_BLOCKLET_PURCHASE)) {
-      throw new Error(`Expect ${VC_TYPE_BLOCKLET_PURCHASE} VC type`);
-    }
-
-    const blockletUrl = get(vc, 'credentialSubject.purchased.blocklet.url');
-    const urlObject = new URL(blockletUrl);
-    const did = get(vc, 'credentialSubject.purchased.blocklet.id');
-    const registry = urlObject.origin;
-
-    return this._installFromStore({ did, registry }, context);
-  }
-
   async start({ did, throwOnError, checkHealthImmediately = false, e2eMode = false }, context) {
     logger.info('start blocklet', { did });
     // should check blocklet integrity
@@ -2173,6 +2167,11 @@ class BlockletManager extends BaseBlockletManager {
 
     // install from store if url is a store url
     const { inStore, registryUrl, blockletDid: bundleDid } = await StoreUtil.parseSourceUrl(url, controller);
+
+    const nodeInfo = await states.node.read();
+
+    await validateStore(nodeInfo, registryUrl);
+
     if (inStore) {
       const exist = await states.blocklet.getBlocklet(blockletDid);
       if (exist) {
@@ -2788,6 +2787,11 @@ class BlockletManager extends BaseBlockletManager {
 
     validateBlockletMeta(meta, { ensureDist: true });
 
+    const info = await states.node.read();
+    if (info.mode === NODE_MODES.SERVERLESS) {
+      validateInServerless({ blockletMeta: meta });
+    }
+
     const { name, did, version } = meta;
 
     const oldExtraState = await states.blockletExtras.findOne({ did: meta.did });

package/lib/index.js

@@ -192,7 +192,6 @@ function ABTNode(options) {
 
     // Blocklet manager
     installBlocklet: blockletManager.install.bind(blockletManager),
-    installBlockletFromVc: blockletManager.installBlockletFromVc.bind(blockletManager),
     installComponent: blockletManager.installComponent.bind(blockletManager),
     startBlocklet: blockletManager.start.bind(blockletManager),
     stopBlocklet: blockletManager.stop.bind(blockletManager),

package/lib/router/helper.js

@@ -518,7 +518,7 @@ module.exports = function getRouterHelpers({ dataDirs, routingSnapshot, routerMa
 
     const ensureDomainCert = async (domain, url) => {
       const cert = await certManager.getByDomain(domain);
-      if (!cert) {
+      if (!cert || get(cert, 'meta.validTo') <= Date.now()) {
         await downloadCert({
           domain,
           url,

package/lib/states/node.js

@@ -124,7 +124,7 @@ class NodeState extends BaseState {
                 routing,
                 docker,
                 mode,
-                enableWelcomePage: true,
+                enableWelcomePage: mode !== NODE_MODES.SERVERLESS,
                 runtimeConfig,
                 ownerNft,
                 diskAlertThreshold: DISK_ALERT_THRESHOLD_PERCENT,

package/lib/util/blocklet.js

@@ -31,7 +31,12 @@ const getFolderSize = require('@abtnode/util/lib/get-folder-size');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const hashFiles = require('@abtnode/util/lib/hash-files');
 const isPathPrefixEqual = require('@abtnode/util/lib/is-path-prefix-equal');
-const { BLOCKLET_MAX_MEM_LIMIT_IN_MB, BLOCKLET_STORE, BLOCKLET_INSTALL_TYPE } = require('@abtnode/constant');
+const {
+  BLOCKLET_MAX_MEM_LIMIT_IN_MB,
+  BLOCKLET_STORE,
+  BLOCKLET_INSTALL_TYPE,
+  BLOCKLET_STORE_DEV,
+} = require('@abtnode/constant');
 const formatBackSlash = require('@abtnode/util/lib/format-back-slash');
 
 const SCRIPT_ENGINES_WHITE_LIST = ['npm', 'npx', 'pnpm', 'yarn'];
@@ -835,7 +840,7 @@ const parseChildrenFromMeta = async (src, context = {}) => {
 };
 
 const validateBlocklet = (blocklet) =>
-  forEachBlocklet(blocklet, (b) => {
+  forEachBlocklet(blocklet, async (b) => {
     isRequirementsSatisfied(b.meta.requirements);
     validateEngine(getBlockletEngineNameByPlatform(b.meta));
   });
@@ -1400,12 +1405,14 @@ const getBlocklet = async ({
 
   blocklet.settings.storeList = blocklet.settings.storeList || [];
 
-  if (!blocklet.settings.storeList.find((x) => x.url === BLOCKLET_STORE.url)) {
-    blocklet.settings.storeList.unshift({
-      ...BLOCKLET_STORE,
-      protected: true,
-    });
-  }
+  [BLOCKLET_STORE_DEV, BLOCKLET_STORE].forEach((store) => {
+    if (!blocklet.settings.storeList.find((x) => x.url === store.url)) {
+      blocklet.settings.storeList.unshift({
+        ...store,
+        protected: true,
+      });
+    }
+  });
 
   // app site
   blocklet.site = await states.site.findOneByBlocklet(blocklet.meta.did);
@@ -1690,6 +1697,32 @@ const checkDuplicateMountPoint = (blocklet, mountPoint) => {
   }
 };
 
+const validateStore = (nodeInfo, storeUrl) => {
+  if (nodeInfo.mode !== 'serverless') {
+    return;
+  }
+
+  const inStoreList = nodeInfo.blockletRegistryList.find((item) => {
+    const itemURLObj = new URL(item.url);
+    const storeUrlObj = new URL(storeUrl);
+
+    return itemURLObj.host === storeUrlObj.host;
+  });
+
+  if (!inStoreList) {
+    throw new Error('Must be installed from the compliant blocklet store list');
+  }
+};
+
+const validateInServerless = ({ blockletMeta }) => {
+  const { interfaces } = blockletMeta;
+  const externalPortInterfaces = (interfaces || []).filter((item) => !!item.port?.external);
+
+  if (externalPortInterfaces.length > 0) {
+    throw new Error('Blocklets with exposed ports cannot be installed');
+  }
+};
+
 module.exports = {
   consumeServerlessNFT,
   forEachBlocklet,
@@ -1737,4 +1770,6 @@ module.exports = {
   validateAppConfig,
   checkDuplicateAppSk,
   checkDuplicateMountPoint,
+  validateStore,
+  validateInServerless,
 };

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.66-beta-ff281dd5",
+  "version": "1.8.66-beta-7f4224af",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,33 +19,33 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/auth": "1.8.66-beta-ff281dd5",
-    "@abtnode/certificate-manager": "1.8.66-beta-ff281dd5",
-    "@abtnode/constant": "1.8.66-beta-ff281dd5",
-    "@abtnode/cron": "1.8.66-beta-ff281dd5",
-    "@abtnode/db": "1.8.66-beta-ff281dd5",
-    "@abtnode/logger": "1.8.66-beta-ff281dd5",
-    "@abtnode/queue": "1.8.66-beta-ff281dd5",
-    "@abtnode/rbac": "1.8.66-beta-ff281dd5",
-    "@abtnode/router-provider": "1.8.66-beta-ff281dd5",
-    "@abtnode/static-server": "1.8.66-beta-ff281dd5",
-    "@abtnode/timemachine": "1.8.66-beta-ff281dd5",
-    "@abtnode/util": "1.8.66-beta-ff281dd5",
-    "@arcblock/did": "1.18.42",
+    "@abtnode/auth": "1.8.66-beta-7f4224af",
+    "@abtnode/certificate-manager": "1.8.66-beta-7f4224af",
+    "@abtnode/constant": "1.8.66-beta-7f4224af",
+    "@abtnode/cron": "1.8.66-beta-7f4224af",
+    "@abtnode/db": "1.8.66-beta-7f4224af",
+    "@abtnode/logger": "1.8.66-beta-7f4224af",
+    "@abtnode/queue": "1.8.66-beta-7f4224af",
+    "@abtnode/rbac": "1.8.66-beta-7f4224af",
+    "@abtnode/router-provider": "1.8.66-beta-7f4224af",
+    "@abtnode/static-server": "1.8.66-beta-7f4224af",
+    "@abtnode/timemachine": "1.8.66-beta-7f4224af",
+    "@abtnode/util": "1.8.66-beta-7f4224af",
+    "@arcblock/did": "1.18.47",
     "@arcblock/did-motif": "^1.1.10",
-    "@arcblock/did-util": "1.18.42",
-    "@arcblock/event-hub": "1.18.42",
-    "@arcblock/jwt": "^1.18.42",
+    "@arcblock/did-util": "1.18.47",
+    "@arcblock/event-hub": "1.18.47",
+    "@arcblock/jwt": "^1.18.47",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "1.18.42",
-    "@blocklet/constant": "1.8.66-beta-ff281dd5",
-    "@blocklet/meta": "1.8.66-beta-ff281dd5",
-    "@blocklet/sdk": "1.8.66-beta-ff281dd5",
+    "@arcblock/vc": "1.18.47",
+    "@blocklet/constant": "1.8.66-beta-7f4224af",
+    "@blocklet/meta": "1.8.66-beta-7f4224af",
+    "@blocklet/sdk": "1.8.66-beta-7f4224af",
     "@did-space/client": "^0.1.73",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.18.42",
-    "@ocap/util": "1.18.42",
-    "@ocap/wallet": "1.18.42",
+    "@ocap/mcrypto": "1.18.47",
+    "@ocap/util": "1.18.47",
+    "@ocap/wallet": "1.18.47",
     "@slack/webhook": "^5.0.4",
     "archiver": "^5.3.1",
     "axios": "^0.27.2",
@@ -90,5 +90,5 @@
     "express": "^4.18.2",
     "jest": "^27.5.1"
   },
-  "gitHead": "92edfc81679a4749b30a7f8195d487afa148e26b"
+  "gitHead": "72d418f63ecb76b1d5d62edbcc5f336cb62bf308"
 }