@abtnode/core 1.8.67 → 1.8.68-beta-500af7e5

package/lib/states/blocklet.js

@@ -28,6 +28,7 @@ const lock = new Lock('blocklet-port-assign-lock');
 
 const isHex = (str) => /^0x[0-9a-f]+$/i.test(str);
 const getMaxPort = (ports = {}) => Math.max(Object.values(ports).map(Number));
+const getConditions = (did) => [{ 'meta.did': did }, { appDid: did }, { appPid: did }];
 
 const getExternalPortsFromMeta = (meta) =>
   (meta.interfaces || []).map((x) => x.port && x.port.external).filter(Boolean);
@@ -48,7 +49,16 @@ const formatBlocklet = (blocklet, phase, dek) => {
       return;
     }
 
-    ['BLOCKLET_APP_SK'].forEach((key) => {
+    (b.migratedFrom || []).forEach((x) => {
+      if (phase === 'onUpdate' && isHex(x.appSk) === true) {
+        x.appSk = security.encrypt(x.appSk, b.meta.did, dek);
+      }
+      if (phase === 'onRead' && isHex(x.appSk) === false) {
+        x.appSk = security.decrypt(x.appSk, b.meta.did, dek);
+      }
+    });
+
+    ['BLOCKLET_APP_SK', 'BLOCKLET_APP_PSK'].forEach((key) => {
       const env = b.environments.find((x) => x.key === key);
       if (!env) {
         return;
@@ -98,7 +108,7 @@ class BlockletState extends BaseState {
         resolve(null);
       }
 
-      this.findOne({ $or: [{ 'meta.did': did }, { appDid: did }] }, (err, doc) => {
+      this.findOne({ $or: getConditions(did) }, (err, doc) => {
         if (err) {
           return reject(err);
         }
@@ -114,7 +124,7 @@ class BlockletState extends BaseState {
         resolve(null);
       }
 
-      this.findOne({ $or: [{ 'meta.did': did }, { appDid: did }] }, (err, doc) => {
+      this.findOne({ $or: getConditions(did) }, (err, doc) => {
         if (err) {
           return reject(err);
         }
@@ -130,7 +140,7 @@ class BlockletState extends BaseState {
         resolve(null);
       }
 
-      this.findOne({ $or: [{ 'meta.did': did }, { appDid: did }] }, { status: 1 }, (err, doc) => {
+      this.findOne({ $or: getConditions(did) }, { status: 1 }, (err, doc) => {
         if (err) {
           return reject(err);
         }
@@ -146,7 +156,7 @@ class BlockletState extends BaseState {
         resolve(false);
       }
 
-      this.count({ $or: [{ 'meta.did': did }, { appDid: did }] }, (err, count) => {
+      this.count({ $or: getConditions(did) }, (err, count) => {
         if (err) {
           return reject(err);
         }
@@ -199,6 +209,9 @@ class BlockletState extends BaseState {
     deployedFrom = '',
     mode = BLOCKLET_MODES.PRODUCTION,
     children: rawChildren = [],
+    appPid = null, // the permanent appDid, which will not change after initial set
+    migratedFrom = [], // the complete migrate history
+    externalSk = false, // whether sk is managed by some party beside server, such as did-wallet
   } = {}) {
     return this.getBlocklet(meta.did).then(
       (exist) =>
@@ -229,6 +242,7 @@ class BlockletState extends BaseState {
 
             const data = {
               appDid: null, // will updated later when updating blocklet environments
+              appPid,
               mode,
               meta: sanitized,
               status,
@@ -237,6 +251,8 @@ class BlockletState extends BaseState {
               ports,
               environments: [],
               children,
+              migratedFrom,
+              externalSk,
             };
 
             // add to db

package/lib/states/node.js

@@ -124,7 +124,7 @@ class NodeState extends BaseState {
                 routing,
                 docker,
                 mode,
-                enableWelcomePage: true,
+                enableWelcomePage: mode !== NODE_MODES.SERVERLESS,
                 runtimeConfig,
                 ownerNft,
                 diskAlertThreshold: DISK_ALERT_THRESHOLD_PERCENT,
@@ -310,7 +310,10 @@ class NodeState extends BaseState {
   }
 
   async updateGateway(gateway) {
-    const [, nodeInfo] = await this.update({}, { $set: { 'routing.requestLimit': gateway.requestLimit } });
+    const [, nodeInfo] = await this.update(
+      {},
+      { $set: { 'routing.requestLimit': gateway.requestLimit, 'routing.cacheEnabled': gateway.cacheEnabled } }
+    );
 
     this.emit(EVENTS.RELOAD_GATEWAY, nodeInfo);
 

package/lib/util/blocklet.js

@@ -31,7 +31,12 @@ const getFolderSize = require('@abtnode/util/lib/get-folder-size');
 const normalizePathPrefix = require('@abtnode/util/lib/normalize-path-prefix');
 const hashFiles = require('@abtnode/util/lib/hash-files');
 const isPathPrefixEqual = require('@abtnode/util/lib/is-path-prefix-equal');
-const { BLOCKLET_MAX_MEM_LIMIT_IN_MB, BLOCKLET_STORE, BLOCKLET_INSTALL_TYPE } = require('@abtnode/constant');
+const {
+  BLOCKLET_MAX_MEM_LIMIT_IN_MB,
+  BLOCKLET_STORE,
+  BLOCKLET_INSTALL_TYPE,
+  BLOCKLET_STORE_DEV,
+} = require('@abtnode/constant');
 const formatBackSlash = require('@abtnode/util/lib/format-back-slash');
 
 const SCRIPT_ENGINES_WHITE_LIST = ['npm', 'npx', 'pnpm', 'yarn'];
@@ -89,6 +94,7 @@ const {
   validateBlockletMeta,
   prettyURL,
   getNFTState,
+  templateReplace,
 } = require('./index');
 
 const getComponentConfig = (meta) => meta.components || meta.children;
@@ -235,12 +241,12 @@ const getComponentDirs = (
 const fillBlockletConfigs = (blocklet, configs) => {
   blocklet.configs = configs || [];
   blocklet.configObj = blocklet.configs.reduce((acc, x) => {
-    acc[x.key] = x.value;
+    acc[x.key] = templateReplace(x.value, blocklet);
     return acc;
   }, {});
   blocklet.environments = blocklet.environments || [];
   blocklet.environmentObj = blocklet.environments.reduce((acc, x) => {
-    acc[x.key] = x.value;
+    acc[x.key] = templateReplace(x.value, blocklet);
     return acc;
   }, {});
 };
@@ -299,10 +305,16 @@ const getAppSystemEnvironments = (blocklet, nodeInfo) => {
     })}`;
   }
 
+  const isMigrated = Array.isArray(blocklet.migratedFrom) && blocklet.migratedFrom.length > 0;
+  const appPid = blocklet.appPid || appId;
+  const appPsk = isMigrated ? blocklet.migratedFrom[0].appSk : appSk;
+
   return {
     BLOCKLET_DID: did,
     BLOCKLET_APP_SK: appSk,
     BLOCKLET_APP_ID: appId,
+    BLOCKLET_APP_PSK: appPsk, // permanent sk even the blocklet has been migrated
+    BLOCKLET_APP_PID: appPid, // permanent did even the blocklet has been migrated
     BLOCKLET_APP_NAME: appName,
     BLOCKLET_APP_DESCRIPTION: appDescription,
     BLOCKLET_APP_URL: appUrl,
@@ -835,7 +847,7 @@ const parseChildrenFromMeta = async (src, context = {}) => {
 };
 
 const validateBlocklet = (blocklet) =>
-  forEachBlocklet(blocklet, (b) => {
+  forEachBlocklet(blocklet, async (b) => {
     isRequirementsSatisfied(b.meta.requirements);
     validateEngine(getBlockletEngineNameByPlatform(b.meta));
   });
@@ -1400,12 +1412,14 @@ const getBlocklet = async ({
 
   blocklet.settings.storeList = blocklet.settings.storeList || [];
 
-  if (!blocklet.settings.storeList.find((x) => x.url === BLOCKLET_STORE.url)) {
-    blocklet.settings.storeList.unshift({
-      ...BLOCKLET_STORE,
-      protected: true,
-    });
-  }
+  [BLOCKLET_STORE_DEV, BLOCKLET_STORE].forEach((store) => {
+    if (!blocklet.settings.storeList.find((x) => x.url === store.url)) {
+      blocklet.settings.storeList.unshift({
+        ...store,
+        protected: true,
+      });
+    }
+  });
 
   // app site
   blocklet.site = await states.site.findOneByBlocklet(blocklet.meta.did);
@@ -1547,11 +1561,63 @@ const createDataArchive = (dataDir, fileName) => {
   });
 };
 
+const isBlockletAppSkUsed = ({ environments, migratedFrom = [] }, appSk) => {
+  const isUsedInEnv = environments.find((e) => e.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK)?.value === appSk;
+  const isUsedInHistory = migratedFrom.some((x) => x.appSk === appSk);
+  return isUsedInEnv || isUsedInHistory;
+};
+
+const isRotatingAppSk = (newConfigs, oldConfigs, externalSk) => {
+  const newSk = newConfigs.find((x) => BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK === x.key);
+  if (!newSk) {
+    // If no newSk found, we are not rotating the appSk
+    return false;
+  }
+
+  const oldSk = oldConfigs.find((x) => BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK === x.key);
+  if (!oldSk) {
+    // If we have no oldSk, we are setting the initial appSk for external managed apps
+    // If we have no oldSk, but we are not external managed apps, we are rotating the appSk
+    return !externalSk;
+  }
+
+  // Otherwise, we must be rotating the appSk
+  // eslint-disable-next-line sonarjs/prefer-single-boolean-return
+  if (oldSk.value !== newSk.value) {
+    return true;
+  }
+
+  return false;
+};
+
+const isRotatingAppDid = (newConfigs, oldConfigs, externalSk) => {
+  if (isRotatingAppSk(newConfigs, oldConfigs, externalSk)) {
+    return true;
+  }
+
+  const newType = newConfigs.find((x) => BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_WALLET_TYPE === x.key);
+  const oldType = oldConfigs.find((x) => BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_WALLET_TYPE === x.key);
+  if (!newType) {
+    return false;
+  }
+
+  if (!oldType) {
+    return true;
+  }
+
+  // eslint-disable-next-line sonarjs/prefer-single-boolean-return
+  if (oldType !== newType) {
+    return true;
+  }
+
+  return false;
+};
+
 /**
  * this function has side effect on config.value
  * @param {{ key: string, value?: string }} config
  */
-const validateAppConfig = async (config, blockletDid, states) => {
+const validateAppConfig = async (config, states) => {
   const x = config;
 
   // sk should be force secured while other app prop should not be secured
@@ -1569,15 +1635,10 @@ const validateAppConfig = async (config, blockletDid, states) => {
         }
       }
 
-      // Ensure sk is not used by other blocklets, otherwise we may encounter appDid collision
+      // Ensure sk is not used by existing blocklets, otherwise we may encounter appDid collision
       const blocklets = await states.blocklet.getBlocklets({});
-      const others = blocklets.filter((b) => b.meta.did !== blockletDid);
-      if (
-        others.some(
-          (b) => b.environments.find((e) => e.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK).value === x.value
-        )
-      ) {
-        throw new Error('Invalid custom blocklet secret key: already used by another blocklet');
+      if (blocklets.some((b) => isBlockletAppSkUsed(b, x.value))) {
+        throw new Error('Invalid custom blocklet secret key: already used by existing blocklet');
       }
     } else {
       delete x.value;
@@ -1690,6 +1751,32 @@ const checkDuplicateMountPoint = (blocklet, mountPoint) => {
   }
 };
 
+const validateStore = (nodeInfo, storeUrl) => {
+  if (nodeInfo.mode !== 'serverless') {
+    return;
+  }
+
+  const inStoreList = nodeInfo.blockletRegistryList.find((item) => {
+    const itemURLObj = new URL(item.url);
+    const storeUrlObj = new URL(storeUrl);
+
+    return itemURLObj.host === storeUrlObj.host;
+  });
+
+  if (!inStoreList) {
+    throw new Error('Must be installed from the compliant blocklet store list');
+  }
+};
+
+const validateInServerless = ({ blockletMeta }) => {
+  const { interfaces } = blockletMeta;
+  const externalPortInterfaces = (interfaces || []).filter((item) => !!item.port?.external);
+
+  if (externalPortInterfaces.length > 0) {
+    throw new Error('Blocklets with exposed ports cannot be installed');
+  }
+};
+
 module.exports = {
   consumeServerlessNFT,
   forEachBlocklet,
@@ -1735,6 +1822,11 @@ module.exports = {
   getConfigFromPreferences,
   createDataArchive,
   validateAppConfig,
+  isBlockletAppSkUsed,
+  isRotatingAppSk,
+  isRotatingAppDid,
   checkDuplicateAppSk,
   checkDuplicateMountPoint,
+  validateStore,
+  validateInServerless,
 };

package/lib/util/index.js

@@ -27,6 +27,7 @@ const {
   DEFAULT_HTTP_PORT,
   DEFAULT_HTTPS_PORT,
   SLOT_FOR_IP_DNS_SITE,
+  NODE_MODES,
 } = require('@abtnode/constant');
 
 const DEFAULT_WELLKNOWN_PORT = 8088;
@@ -452,6 +453,27 @@ const prettyURL = (url, isHttps = true) => {
   return isHttps ? `https://${url}` : `http://${url}`;
 };
 
+const templateReplace = (str, vars = {}) => {
+  if (typeof str === 'string') {
+    return str.replace(/{([.\w]+)}/g, (m, key) => get(vars, key));
+  }
+
+  return str;
+};
+
+const isGatewayCacheEnabled = (info) => {
+  if (info.mode === NODE_MODES.DEBUG) {
+    return false;
+  }
+
+  const cacheEnabled = get(info, 'routing.cacheEnabled');
+  if (typeof cacheEnabled === 'boolean') {
+    return cacheEnabled;
+  }
+
+  return true;
+};
+
 const lib = {
   validateOwner,
   getProviderFromNodeInfo,
@@ -489,6 +511,8 @@ const lib = {
   getNFTState,
   getServerDidDomain,
   prettyURL,
+  templateReplace,
+  isGatewayCacheEnabled,
 };
 
 module.exports = lib;

package/lib/validators/node.js

@@ -52,6 +52,7 @@ const updateGatewaySchema = Joi.object({
       .when('requestLimit.enabled', { is: true, then: Joi.required() }),
     ipHeader: Joi.string().allow('').trim(),
   }),
+  cacheEnabled: Joi.bool().optional().default(true),
 });
 
 module.exports = {

package/lib/webhook/index.js

@@ -5,7 +5,7 @@ const checkURLAccessible = require('@abtnode/util/lib/url-evaluation/check-acces
 const { EVENTS } = require('@abtnode/constant');
 const WebHookSender = require('./sender');
 const WalletSender = require('./sender/wallet');
-const createQueue = require('../queue');
+const createQueue = require('../util/queue');
 const IP = require('../util/ip');
 const states = require('../states');
 const { getBaseUrls } = require('../util');

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.67",
+  "version": "1.8.68-beta-500af7e5",
   "description": "",
   "main": "lib/index.js",
   "files": [
@@ -19,33 +19,33 @@
   "author": "wangshijun <wangshijun2010@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/auth": "1.8.67",
-    "@abtnode/certificate-manager": "1.8.67",
-    "@abtnode/constant": "1.8.67",
-    "@abtnode/cron": "1.8.67",
-    "@abtnode/db": "1.8.67",
-    "@abtnode/logger": "1.8.67",
-    "@abtnode/queue": "1.8.67",
-    "@abtnode/rbac": "1.8.67",
-    "@abtnode/router-provider": "1.8.67",
-    "@abtnode/static-server": "1.8.67",
-    "@abtnode/timemachine": "1.8.67",
-    "@abtnode/util": "1.8.67",
-    "@arcblock/did": "1.18.42",
+    "@abtnode/auth": "1.8.68-beta-500af7e5",
+    "@abtnode/certificate-manager": "1.8.68-beta-500af7e5",
+    "@abtnode/constant": "1.8.68-beta-500af7e5",
+    "@abtnode/cron": "1.8.68-beta-500af7e5",
+    "@abtnode/db": "1.8.68-beta-500af7e5",
+    "@abtnode/logger": "1.8.68-beta-500af7e5",
+    "@abtnode/queue": "1.8.68-beta-500af7e5",
+    "@abtnode/rbac": "1.8.68-beta-500af7e5",
+    "@abtnode/router-provider": "1.8.68-beta-500af7e5",
+    "@abtnode/static-server": "1.8.68-beta-500af7e5",
+    "@abtnode/timemachine": "1.8.68-beta-500af7e5",
+    "@abtnode/util": "1.8.68-beta-500af7e5",
+    "@arcblock/did": "1.18.57",
     "@arcblock/did-motif": "^1.1.10",
-    "@arcblock/did-util": "1.18.42",
-    "@arcblock/event-hub": "1.18.42",
-    "@arcblock/jwt": "^1.18.42",
+    "@arcblock/did-util": "1.18.57",
+    "@arcblock/event-hub": "1.18.57",
+    "@arcblock/jwt": "^1.18.57",
     "@arcblock/pm2-events": "^0.0.5",
-    "@arcblock/vc": "1.18.42",
-    "@blocklet/constant": "1.8.67",
-    "@blocklet/meta": "1.8.67",
-    "@blocklet/sdk": "1.8.67",
-    "@did-space/client": "^0.1.66",
+    "@arcblock/vc": "1.18.57",
+    "@blocklet/constant": "1.8.68-beta-500af7e5",
+    "@blocklet/meta": "1.8.68-beta-500af7e5",
+    "@blocklet/sdk": "1.8.68-beta-500af7e5",
+    "@did-space/client": "0.1.87-beta-1",
     "@fidm/x509": "^1.2.1",
-    "@ocap/mcrypto": "1.18.42",
-    "@ocap/util": "1.18.42",
-    "@ocap/wallet": "1.18.42",
+    "@ocap/mcrypto": "1.18.57",
+    "@ocap/util": "1.18.57",
+    "@ocap/wallet": "1.18.57",
     "@slack/webhook": "^5.0.4",
     "archiver": "^5.3.1",
     "axios": "^0.27.2",
@@ -72,7 +72,6 @@
     "pm2": "^5.2.0",
     "semver": "^7.3.8",
     "shelljs": "^0.8.5",
-    "slugify": "^1.6.5",
     "ssri": "^8.0.1",
     "stream-throttle": "^0.1.3",
     "stream-to-promise": "^3.0.0",
@@ -90,5 +89,5 @@
     "express": "^4.18.2",
     "jest": "^27.5.1"
   },
-  "gitHead": "543dbadffd29dc4f096261e136a2a306885d6508"
+  "gitHead": "9070621373f317a10ff0d289323bf725e30d3521"
 }