@abtnode/core 1.8.68 → 1.8.69-beta-e0666d0d

package/lib/blocklet/downloader/bundle-downloader.js

@@ -2,6 +2,7 @@ const { EventEmitter } = require('events');
 const fs = require('fs-extra');
 const { fileURLToPath } = require('url');
 const path = require('path');
+const pick = require('lodash/pick');
 const cloneDeep = require('lodash/cloneDeep');
 const { toBase58 } = require('@ocap/util');
 
@@ -161,7 +162,11 @@ class BundleDownloader extends EventEmitter {
       }
       ctrlStore[rootDid].set(did, cancelCtrl);
 
-      const headers = context.headers ? cloneDeep(context.headers) : {};
+      const headers = pick(context.headers ? cloneDeep(context.headers) : {}, [
+        'x-server-did',
+        'x-server-public-key',
+        'x-server-signature',
+      ]);
       const exist = (context.downloadTokenList || []).find((x) => x.did === did);
       if (exist) {
         headers['x-download-token'] = exist.token;

package/lib/blocklet/manager/disk.js

@@ -4,6 +4,7 @@ const fs = require('fs-extra');
 const path = require('path');
 const flat = require('flat');
 const get = require('lodash/get');
+const merge = require('lodash/merge');
 const pick = require('lodash/pick');
 const cloneDeep = require('lodash/cloneDeep');
 const semver = require('semver');
@@ -15,20 +16,18 @@ const { isNFTExpired, getNftExpirationDate } = require('@abtnode/util/lib/nft');
 const didDocument = require('@abtnode/util/lib/did-document');
 const { sign } = require('@arcblock/jwt');
 const { isValid: isValidDid } = require('@arcblock/did');
-const { verifyPresentation } = require('@arcblock/vc');
 const { toSvg: createDidLogo } =
   process.env.NODE_ENV !== 'test' ? require('@arcblock/did-motif') : require('@arcblock/did-motif/dist/did-motif.cjs');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 const sleep = require('@abtnode/util/lib/sleep');
 
 const logger = require('@abtnode/logger')('@abtnode/core:blocklet:manager');
-const { getVcFromPresentation } = require('@abtnode/util/lib/vc');
 const {
-  VC_TYPE_BLOCKLET_PURCHASE,
   WHO_CAN_ACCESS,
   SERVER_ROLES,
   WHO_CAN_ACCESS_PREFIX_ROLES,
   BLOCKLET_INSTALL_TYPE,
+  NODE_MODES,
 } = require('@abtnode/constant');
 
 const getBlockletEngine = require('@blocklet/meta/lib/engine');
@@ -49,7 +48,7 @@ const getComponentProcessId = require('@blocklet/meta/lib/get-component-process-
 const toBlockletDid = require('@blocklet/meta/lib/did');
 const { validateMeta } = require('@blocklet/meta/lib/validate');
 const { update: updateMetaFile } = require('@blocklet/meta/lib/file');
-const { titleSchema, mountPointSchema, environmentNameSchema } = require('@blocklet/meta/lib/schema');
+const { titleSchema, updateMountPointSchema, environmentNameSchema } = require('@blocklet/meta/lib/schema');
 const hasReservedKey = require('@blocklet/meta/lib/has-reserved-key');
 const Lock = require('@abtnode/util/lib/lock');
 
@@ -111,6 +110,10 @@ const {
   validateAppConfig,
   checkDuplicateAppSk,
   checkDuplicateMountPoint,
+  validateStore,
+  validateInServerless,
+  isRotatingAppSk,
+  isRotatingAppDid,
 } = require('../../util/blocklet');
 const StoreUtil = require('../../util/store');
 const states = require('../../states');
@@ -193,13 +196,14 @@ class BlockletManager extends BaseBlockletManager {
   /**
    * @param {*} dataDirs generate by ../../util:getDataDirs
    */
-  constructor({ dataDirs, startQueue, installQueue, daemon = false, teamManager }) {
+  constructor({ dataDirs, startQueue, installQueue, backupQueue, daemon = false, teamManager }) {
     super();
 
     this.dataDirs = dataDirs;
     this.installDir = dataDirs.blocklets;
     this.startQueue = startQueue;
     this.installQueue = installQueue;
+    this.backupQueue = backupQueue;
     this.teamManager = teamManager;
 
     // cached installed blocklets for performance
@@ -242,6 +246,8 @@ class BlockletManager extends BaseBlockletManager {
    *  did: string;
    *  title: string;
    *  description: string;
+   *  storeUrl: string;
+   *  appSk: string;
    *  sync: boolean = false; // download synchronously, not use queue
    *  delay: number; // push download task to queue after a delay
    *  downloadTokenList: Array<{did: string, token: string}>;
@@ -264,6 +270,7 @@ class BlockletManager extends BaseBlockletManager {
 
     const info = await states.node.read();
 
+    // Note: if you added new header here, please change core/state/lib/blocklet/downloader/bundle-downloader.js to use that header
     context.headers = Object.assign(context?.headers || {}, {
       'x-server-did': info.did,
       'x-server-public-key': info.pk,
@@ -278,28 +285,31 @@ class BlockletManager extends BaseBlockletManager {
       context.startImmediately = !!params.startImmediately;
     }
 
+    const { appSk } = params;
+
     if (type === BLOCKLET_INSTALL_TYPE.URL) {
       const { url, controller, sync, delay } = params;
-      return this._installFromUrl({ url, controller, sync, delay }, context);
+      return this._installFromUrl({ url, controller, sync, delay, appSk }, context);
     }
 
     if (type === BLOCKLET_INSTALL_TYPE.UPLOAD) {
       const { file, did, diffVersion, deleteSet } = params;
-      return this._installFromUpload({ file, did, diffVersion, deleteSet, context });
+      return this._installFromUpload({ file, did, diffVersion, deleteSet, appSk }, context);
     }
 
     if (type === BLOCKLET_INSTALL_TYPE.STORE) {
       const { did, controller, sync, delay, storeUrl } = params;
-      return this._installFromStore({ did, controller, sync, delay, storeUrl }, context);
+      return this._installFromStore({ did, controller, sync, delay, storeUrl, appSk }, context);
     }
 
     if (type === BLOCKLET_INSTALL_TYPE.CREATE) {
-      return this._installFromCreate({ title: params.title, description: params.description }, context);
+      const { title, description } = params;
+      return this._installFromCreate({ title, description, appSk }, context);
     }
 
     if (type === BLOCKLET_INSTALL_TYPE.RESTORE) {
-      const { url, blockletSecretKey } = params;
-      return this._installFromBackup({ url, blockletSecretKey }, context);
+      const { url } = params;
+      return this._installFromBackup({ url, appSk }, context);
     }
 
     // should not be here
@@ -343,10 +353,16 @@ class BlockletManager extends BaseBlockletManager {
     },
     context = {}
   ) {
-    const mountPoint = await mountPointSchema.validateAsync(tmpMountPoint);
+    const mountPoint = await updateMountPointSchema.validateAsync(tmpMountPoint);
     logger.debug('start install component', { rootDid, mountPoint, url });
 
     if (file) {
+      // TODO: 如何触发这种场景？
+      const info = await states.node.read();
+      if (info.mode === NODE_MODES.SERVERLESS) {
+        throw new Error("Can't install component in serverless-mode server via upload");
+      }
+
       return this._installComponentFromUpload({
         rootDid,
         mountPoint,
@@ -360,6 +376,11 @@ class BlockletManager extends BaseBlockletManager {
     }
 
     if (url) {
+      const info = await states.node.read();
+      if (info.mode === NODE_MODES.SERVERLESS) {
+        validateStore(info, url);
+      }
+
       return this._installComponentFromUrl({
         rootDid,
         mountPoint,
@@ -431,25 +452,6 @@ class BlockletManager extends BaseBlockletManager {
     return { isInstalled: !!blocklet, isRunning, blockletDid, isExternal };
   }
 
-  async installBlockletFromVc({ vcPresentation, challenge }, context) {
-    logger.info('Install from vc');
-    const vc = getVcFromPresentation(vcPresentation);
-
-    // FIXME: 这里的 trustedIssuers 相当于相信任何 VC，需要想更安全的方法
-    verifyPresentation({ presentation: vcPresentation, trustedIssuers: [get(vc, 'issuer.id')], challenge });
-
-    if (!vc.type.includes(VC_TYPE_BLOCKLET_PURCHASE)) {
-      throw new Error(`Expect ${VC_TYPE_BLOCKLET_PURCHASE} VC type`);
-    }
-
-    const blockletUrl = get(vc, 'credentialSubject.purchased.blocklet.url');
-    const urlObject = new URL(blockletUrl);
-    const did = get(vc, 'credentialSubject.purchased.blocklet.id');
-    const registry = urlObject.origin;
-
-    return this._installFromStore({ did, registry }, context);
-  }
-
   async start({ did, throwOnError, checkHealthImmediately = false, e2eMode = false }, context) {
     logger.info('start blocklet', { did });
     // should check blocklet integrity
@@ -608,32 +610,65 @@ class BlockletManager extends BaseBlockletManager {
   }
 
   /**
-   *
-   *
-   * @param {import('@abtnode/client').BackupToSpacesParams} input
+   * FIXME: @wangshijun create audit log for this
+   * @param {import('@abtnode/client').RequestBackupToSpacesInput} input
    * @memberof BlockletManager
    */
-  async backupToSpaces(input) {
-    const spacesBackup = new SpacesBackup(input);
+  // eslint-disable-next-line no-unused-vars
+  async backupToSpaces({ appPid }, context) {
+    // add to queue
+    // const ticket = this.backupQueue.push({
+    //   entity: 'blocklet',
+    //   action: 'backup-to-space',
+    //   appPid,
+    //   context,
+    // });
+
+    // ticket.on('failed', async (err) => {
+    //   logger.error('backup failed', { entity: 'blocklet', appPid, error: err });
+    //   this.emit('blocklet.backup.failed', { appPid, err });
+    //   this._createNotification(appPid, {
+    //     title: 'Blocklet Backup Failed',
+    //     description: `Blocklet backup failed with error: ${err.message || 'queue exception'}`,
+    //     entityType: 'blocklet',
+    //     entityId: appPid,
+    //     severity: 'error',
+    //   });
+    // });
+
+    const userDid = context.user.did;
+    const { referrer } = context;
+
+    const spacesBackup = new SpacesBackup({ appPid, event: this, userDid, referrer });
+    this.emit(BlockletEvents.backupProgress, { appPid, message: 'Start backup...', progress: 10, completed: false });
     await spacesBackup.backup();
+    this.emit(BlockletEvents.backupProgress, { appPid, completed: true, progress: 100 });
   }
 
   /**
-   *
-   *
+   * FIXME: @linchen support cancel
+   * FIXME: @wangshijun create audit log for this
    * @param {import('@abtnode/client').RequestRestoreFromSpacesInput} input
    * @memberof BlockletManager
    */
-  async restoreFromSpaces(input) {
-    const spacesRestore = new SpacesRestore(input);
-    await spacesRestore.restore();
+  // eslint-disable-next-line no-unused-vars
+  async restoreFromSpaces(input, context) {
+    this.emit(BlockletEvents.restoreProgress, { appDid: input.appDid, message: 'Start restore...', completed: false });
+
+    const userDid = context.user.did;
+    const { referrer } = context;
+
+    const spacesRestore = new SpacesRestore({ ...input, event: this, userDid, referrer });
+    const params = await spacesRestore.restore();
 
-    // FIXME: 需要改成队列执行，本次失败，下次还需要重试，页面刷新后也能知道最新的状态
+    this.emit(BlockletEvents.restoreProgress, { appDid: input.appDid, message: 'Installing blocklet...' });
     await this._installFromBackup({
-      url: `file://${spacesRestore.blockletRestoreDir}`,
-      blockletSecretKey: spacesRestore.blockletWallet.secretKey,
+      url: `file://${spacesRestore.restoreDir}`,
       moveDir: true,
+      ...merge(...params),
     });
+
+    this.emit(BlockletEvents.restoreProgress, { appDid: input.appDid, completed: true });
   }
 
   async restart({ did }, context) {
@@ -1003,8 +1038,9 @@ class BlockletManager extends BaseBlockletManager {
     return blocklets;
   }
 
+  // CAUTION: this method currently only support config by blocklet.meta.did
   // eslint-disable-next-line no-unused-vars
-  async config({ did, configs: newConfigs, skipHook }, context) {
+  async config({ did, configs: newConfigs, skipHook, skipDidDocument }, context) {
     if (!Array.isArray(newConfigs)) {
       throw new Error('configs list is not an array');
     }
@@ -1034,7 +1070,7 @@ class BlockletManager extends BaseBlockletManager {
           throw new Error(`Cannot set ${x.key} to child blocklet`);
         }
 
-        await validateAppConfig(x, rootDid, states);
+        await validateAppConfig(x, states);
       } else if (!BLOCKLET_CONFIGURABLE_KEY[x.key] && !isPreferenceKey(x)) {
         if (!(blocklet.meta.environments || []).some((y) => y.name === x.key)) {
           // forbid unknown format key
@@ -1057,14 +1093,31 @@ class BlockletManager extends BaseBlockletManager {
       });
     }
 
+    const willAppSkChange = isRotatingAppSk(newConfigs, blocklet.configs, blocklet.externalSk);
+    const willAppDidChange = isRotatingAppDid(newConfigs, blocklet.configs, blocklet.externalSk);
+
     // update db
     await states.blockletExtras.setConfigs(dids, newConfigs);
 
-    const isSkOrWalletTypeChanged = newConfigs.find((item) =>
-      [BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK, BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_WALLET_TYPE].includes(item.key)
-    );
+    if (willAppSkChange) {
+      const info = await states.node.read();
+      const { wallet } = getBlockletInfo(blocklet, info.sk);
+      const migratedFrom = Array.isArray(blocklet.migratedFrom) ? blocklet.migratedFrom : [];
+      await states.blocklet.updateBlocklet(rootDid, {
+        migratedFrom: [
+          ...migratedFrom,
+          { appSk: wallet.secretKey, appDid: wallet.address, at: new Date().toISOString() },
+        ],
+      });
+    }
 
-    if (isSkOrWalletTypeChanged) {
+    // Reload nginx to make sure did-space can embed content from this app
+    if (newConfigs.find((x) => x.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SPACE_ENDPOINT)?.value) {
+      this.emit(BlockletEvents.spaceConnected, blocklet);
+    }
+
+    // FIXME: @zhenqiang best way to handle the did document: allow all appDids to resolve
+    if (willAppDidChange && !skipDidDocument) {
       await this._updateDidDocument(blocklet);
     }
 
@@ -1198,7 +1251,7 @@ class BlockletManager extends BaseBlockletManager {
   }
 
   async updateComponentMountPoint({ did, rootDid: inputRootDid, mountPoint: tmpMountPoint }, context) {
-    const mountPoint = await mountPointSchema.validateAsync(tmpMountPoint);
+    const mountPoint = await updateMountPointSchema.validateAsync(tmpMountPoint);
 
     const blocklet = await states.blocklet.getBlocklet(inputRootDid);
 
@@ -1679,13 +1732,13 @@ class BlockletManager extends BaseBlockletManager {
    *  /blocklet.json
    *  /blocklet_extras.json
    * @see Blocklet 端到端备份方案的设计与实现（一期） https://team.arcblock.io/comment/discussions/e62084d5-fafa-489e-91d5-defcd6e93223
-   * @param {{ url: string, blockletSecretKey: string, moveDir: boolean}} [{ url }={}]
+   * @param {{ url: string, appSk: string, moveDir: boolean}} [{ url }={}]
    * @param {Record<string, string>} [context={}]
    * @return {Promise<any>}
    * @memberof BlockletManager
    */
-  async _installFromBackup({ url, blockletSecretKey, moveDir } = {}, context = {}) {
-    return installFromBackup({ url, blockletSecretKey, moveDir, context, manager: this, states });
+  async _installFromBackup({ url, appSk, moveDir } = {}, context = {}) {
+    return installFromBackup({ url, appSk, moveDir, context, manager: this, states });
   }
 
   async ensureBlocklet(did, opts = {}) {
@@ -2067,6 +2120,14 @@ class BlockletManager extends BaseBlockletManager {
     // put BLOCKLET_APP_ID at root level for indexing
     blocklet.appDid = appSystemEnvironments.BLOCKLET_APP_ID;
 
+    if (!Array.isArray(blocklet.migratedFrom)) {
+      blocklet.migratedFrom = [];
+    }
+    // This can only be set once, can be used for indexing, will not change ever
+    if (!blocklet.appPid) {
+      blocklet.appPid = appSystemEnvironments.BLOCKLET_APP_PID;
+    }
+
     // update state to db
     return states.blocklet.updateBlocklet(did, blocklet);
   }
@@ -2084,17 +2145,18 @@ class BlockletManager extends BaseBlockletManager {
    *
    * @param {{
    *  did: string;
-   *  registry: string;
    *  sync: boolean;
    *  delay: number;
    *  controller: Controller;
+   *  appSk: string;
+   *  storeUrl: string;
    * }} params
    * @param {*} context
    * @return {*}
    * @memberof BlockletManager
    */
   async _installFromStore(params, context) {
-    const { did, storeUrl, sync, delay, controller } = params;
+    const { did, storeUrl, sync, delay, controller, appSk } = params;
 
     logger.debug('start install blocklet', { did });
     if (!isValidDid(did)) {
@@ -2138,6 +2200,7 @@ class BlockletManager extends BaseBlockletManager {
       sync,
       delay,
       controller,
+      appSk,
       context,
     });
   }
@@ -2154,13 +2217,14 @@ class BlockletManager extends BaseBlockletManager {
    *  sync: boolean;
    *  delay: number;
    *  controller: Controller;
+   *  appSk: string;
    * }} params
    * @param {{}} context
    * @return {*}
    * @memberof BlockletManager
    */
   async _installFromUrl(params, context) {
-    const { url, sync, delay, controller } = params;
+    const { url, sync, delay, controller, appSk } = params;
 
     logger.debug('start install blocklet', { url });
 
@@ -2174,13 +2238,18 @@ class BlockletManager extends BaseBlockletManager {
 
     // install from store if url is a store url
     const { inStore, registryUrl, blockletDid: bundleDid } = await StoreUtil.parseSourceUrl(url, controller);
+
+    const nodeInfo = await states.node.read();
+
+    await validateStore(nodeInfo, registryUrl);
+
     if (inStore) {
       const exist = await states.blocklet.getBlocklet(blockletDid);
       if (exist) {
         return this.upgrade({ did: blockletDid, storeUrl: registryUrl, sync, delay }, context);
       }
 
-      return this._installFromStore({ did: bundleDid, storeUrl: registryUrl, controller, sync, delay }, context);
+      return this._installFromStore({ did: bundleDid, storeUrl: registryUrl, controller, sync, delay, appSk }, context);
     }
 
     const meta = ensureMeta(bundleMeta, { name: blockletName, did: blockletDid });
@@ -2206,6 +2275,7 @@ class BlockletManager extends BaseBlockletManager {
       sync,
       delay,
       controller,
+      appSk,
       context,
     });
   }
@@ -2310,7 +2380,7 @@ class BlockletManager extends BaseBlockletManager {
     );
   }
 
-  async _installFromCreate({ title, description }, context = {}) {
+  async _installFromCreate({ title, description, appSk }, context = {}) {
     logger.debug('create blocklet', { title, description });
 
     await joi.string().label('title').max(20).required().validateAsync(title);
@@ -2338,11 +2408,9 @@ class BlockletManager extends BaseBlockletManager {
     };
     const meta = validateMeta(rawMeta);
 
-    await states.blocklet.addBlocklet({
-      meta,
-      source: BlockletSource.custom,
-    });
+    await states.blocklet.addBlocklet({ meta, source: BlockletSource.custom, externalSk: !!appSk });
     await this._setConfigsFromMeta(did);
+    await this._setAppSk(did, appSk);
 
     // check duplicate appSk
     await checkDuplicateAppSk({ did, states });
@@ -2382,7 +2450,7 @@ class BlockletManager extends BaseBlockletManager {
     return { cwd, tarFile };
   }
 
-  async _installFromUpload({ file, did, diffVersion, deleteSet, context }) {
+  async _installFromUpload({ file, did, diffVersion, deleteSet, appSk }, context) {
     logger.info('install blocklet', { from: 'upload file' });
     const { tarFile } = await this._downloadFromUpload(file);
 
@@ -2474,12 +2542,14 @@ class BlockletManager extends BaseBlockletManager {
       source: BlockletSource.upload,
       deployedFrom: `Upload by ${context.user.fullName}`,
       children,
+      externalSk: !!appSk,
     });
 
     const action = 'install';
     const oldState = { extraState: oldExtraState };
     try {
       await this._setConfigsFromMeta(meta.did);
+      await this._setAppSk(appSk);
       await validateBlocklet(blocklet);
 
       // check duplicate appSk
@@ -2776,6 +2846,7 @@ class BlockletManager extends BaseBlockletManager {
    *  meta: {}; // blocklet meta
    *  source: number; // example: BlockletSource.registry,
    *  deployedFrom: string;
+   *  appSk: string;
    *  context: {}
    *  sync: boolean = false;
    *  delay: number;
@@ -2785,10 +2856,15 @@ class BlockletManager extends BaseBlockletManager {
    * @memberof BlockletManager
    */
   async _install(params) {
-    const { meta, source, deployedFrom, context, sync, delay, controller } = params;
+    const { meta, source, deployedFrom, context, sync, delay, controller, appSk } = params;
 
     validateBlockletMeta(meta, { ensureDist: true });
 
+    const info = await states.node.read();
+    if (info.mode === NODE_MODES.SERVERLESS) {
+      validateInServerless({ blockletMeta: meta });
+    }
+
     const { name, did, version } = meta;
 
     const oldExtraState = await states.blockletExtras.findOne({ did: meta.did });
@@ -2801,6 +2877,7 @@ class BlockletManager extends BaseBlockletManager {
         source,
         deployedFrom,
         children,
+        externalSk: !!appSk,
       });
 
       await validateBlocklet(blocklet);
@@ -2808,6 +2885,7 @@ class BlockletManager extends BaseBlockletManager {
       await states.blockletExtras.addMeta({ did, meta: { did, name }, controller });
 
       await this._setConfigsFromMeta(did);
+      await this._setAppSk(did, appSk);
 
       // check duplicate appSk
       await checkDuplicateAppSk({ did, states });
@@ -3405,12 +3483,31 @@ class BlockletManager extends BaseBlockletManager {
     }
   }
 
+  async _setAppSk(did, appSk, context) {
+    if (process.env.NODE_ENV === 'production' && !appSk) {
+      throw new Error(`appSk for blocklet ${did} is required`);
+    }
+
+    if (appSk) {
+      await this.config(
+        {
+          did,
+          configs: [{ key: 'BLOCKLET_APP_SK', value: appSk, secure: true }],
+          skipHook: true,
+          skipDidDocument: true,
+        },
+        context
+      );
+    }
+  }
+
   async _findNextCustomBlockletName(leftTimes = 10) {
     if (leftTimes <= 0) {
       throw new Error('Generate custom blocklet did too many times');
     }
     const number = await states.node.increaseCustomBlockletNumber();
     const name = `custom-${number}`;
+    // MEMO: 空壳 APP可以保留原有的 did 生成逻辑
     const did = toBlockletDid(name);
     const blocklet = await states.blocklet.getBlocklet(did);
     if (blocklet) {

package/lib/blocklet/manager/helper/install-from-backup.js

@@ -2,7 +2,7 @@ const fs = require('fs-extra');
 const path = require('path');
 const omit = require('lodash/omit');
 
-const { forEachBlockletSync } = require('@blocklet/meta/lib/util');
+const { forEachBlockletSync, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 
 const { BLOCKLET_CONFIGURABLE_KEY } = require('@blocklet/constant');
@@ -19,7 +19,7 @@ const { validateBlocklet, checkDuplicateAppSk, getAppDirs } = require('../../../
  * }} param0
  * @returns
  */
-module.exports = async ({ url, blockletSecretKey, moveDir, context = {}, states, manager } = {}) => {
+module.exports = async ({ url, appSk, moveDir, context = {}, states, manager } = {}) => {
   // TODO: support more url schema feature (http, did-spaces)
   if (!url.startsWith('file://')) {
     throw new Error('url must starts with file://');
@@ -71,17 +71,17 @@ module.exports = async ({ url, blockletSecretKey, moveDir, context = {}, states,
     throw new Error('blocklet is already exist');
   }
 
-  if (blockletSecretKey) {
+  if (appSk) {
     extra.configs = extra.configs || [];
     const skConfig = extra.configs.find((x) => x.key === BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK);
     if (skConfig) {
-      skConfig.value = blockletSecretKey;
+      skConfig.value = appSk;
       skConfig.secure = true;
       skConfig.shared = false;
     } else {
       extra.configs.push({
         key: BLOCKLET_CONFIGURABLE_KEY.BLOCKLET_APP_SK,
-        value: blockletSecretKey,
+        value: appSk,
         secure: true,
         shared: false,
       });
@@ -90,8 +90,9 @@ module.exports = async ({ url, blockletSecretKey, moveDir, context = {}, states,
 
   // validate appDid
   const nodeInfo = await states.node.read();
+  const appIdList = getBlockletAppIdList(state);
   const { wallet } = getBlockletInfo({ meta: state.meta, configs: extra.configs, environments: [] }, nodeInfo.sk);
-  if (state.appDid !== wallet.address) {
+  if (appIdList.includes(wallet.address) === false) {
     throw new Error('blocklet appDid is different from the previous one');
   }
   await checkDuplicateAppSk({ sk: wallet.secretKey, states });

package/lib/blocklet/storage/backup/audit-log.js

@@ -19,8 +19,8 @@ class AuditLogBackup extends BaseBackup {
       scope: this.blocklet.meta.did,
     });
 
-    removeSync(join(this.blockletBackupDir, this.filename));
-    outputJsonSync(join(this.blockletBackupDir, this.filename), auditLogs);
+    removeSync(join(this.backupDir, this.filename));
+    outputJsonSync(join(this.backupDir, this.filename), auditLogs);
   }
 }
 

package/lib/blocklet/storage/backup/base.js

@@ -1,6 +1,5 @@
 class BaseBackup {
   /**
-   *
    * @type {import('./spaces').SpaceBackupInput}
    * @memberof BaseBackup
    */
@@ -18,15 +17,15 @@ class BaseBackup {
    * @type {string}
    * @memberof BaseBackup
    */
-  blockletBackupDir;
+  backupDir;
 
   /**
    *
    * @description spaces 的 endpoint
-   * @type {import('@ocap/wallet').WalletObject}
+   * @type {import('./spaces').SecurityContext}
    * @memberof BaseBackup
    */
-  blockletWallet;
+  securityContext;
 
   /**
    *
@@ -34,7 +33,7 @@ class BaseBackup {
    * @type {string}
    * @memberof BaseBackup
    */
-  serverDataDir;
+  serverDir;
 
   constructor(input) {
     this.input = input;
@@ -48,9 +47,9 @@ class BaseBackup {
    */
   ensureParams(spacesBackup) {
     this.blocklet = spacesBackup.blocklet;
-    this.serverDataDir = spacesBackup.serverDataDir;
-    this.blockletBackupDir = spacesBackup.blockletBackupDir;
-    this.blockletWallet = spacesBackup.blockletWallet;
+    this.serverDir = spacesBackup.serverDir;
+    this.backupDir = spacesBackup.backupDir;
+    this.securityContext = spacesBackup.securityContext;
   }
 
   async export() {