npm - @abtnode/router-provider - Versions diffs - 1.17.8-beta-20260119-102944-6ba93a16 → 1.17.8-beta-20260125-093329-64b43854 - Mend

@abtnode/router-provider 1.17.8-beta-20260119-102944-6ba93a16 → 1.17.8-beta-20260125-093329-64b43854

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/nginx/index.js CHANGED Viewed

@@ -76,7 +76,9 @@ const {
 const REQUIRED_MODULES = [{ configName: 'with-stream', moduleBinaryName: 'ngx_stream_module.so' }];
 // convert wildcard domain and ipDnsDomain template to regex
-const parseServerName = (domain) => {
+const parseServerName = (domain, options = {}) => {
+  const { captureSubdomain = false } = options;
   // ipDnsDomain template
   if (domain.includes(SLOT_FOR_IP_DNS_SITE)) {
     const name = domain.replace(/\./g, '\\.').replace(SLOT_FOR_IP_DNS_SITE, '\\d+-\\d+-\\d+-\\d+');
@@ -86,9 +88,17 @@ const parseServerName = (domain) => {
   // wildcard domain
   if (domain.startsWith('*.')) {
     const name = domain.replace('*', '').replace(/\./g, '\\.');
+    // For sub-service, capture subdomain as Nginx variable
+    if (captureSubdomain) {
+      return `~^(?<subdomain>.+)${name}$`;
+    }
+    // Default wildcard match (existing behavior)
     return `~.+${name}$`;
   }
+  // Single domain - return as is
   return domain;
 };
@@ -305,10 +315,13 @@ class NginxProvider extends BaseProvider {
           // Process system sites in main conf
           // eslint-disable-next-line no-restricted-syntax
           for (const site of systemSites) {
-            const { domain, port, rules, blockletDid } = site;
+            const { domain, port, rules, blockletDid, type } = site;
             const certificate = findCertificate(certificates, domain);
-            const parsedServerName = parseServerName(domain);
+            // For sub-service sites, enable subdomain capture in server_name
+            const parsedServerName = parseServerName(domain, {
+              captureSubdomain: type === ROUTING_RULE_TYPES.SUB_SERVICE,
+            });
             if (!parsedServerName) {
               logger.warn('invalid site, empty server name:', { site: JSON.stringify(site), domain, parsedServerName });
               // eslint-disable-next-line no-continue
@@ -526,9 +539,13 @@ class NginxProvider extends BaseProvider {
         try {
           // eslint-disable-next-line no-restricted-syntax
           for (const site of sites) {
-            const { domain, rules, port, serviceType } = site;
+            const { domain, rules, port, serviceType, type } = site;
             const certificate = findCertificate(certificates, domain);
-            const parsedServerName = parseServerName(domain);
+            // For sub-service sites, enable subdomain capture in server_name
+            const parsedServerName = parseServerName(domain, {
+              captureSubdomain: type === ROUTING_RULE_TYPES.SUB_SERVICE,
+            });
             if (!parsedServerName) {
               logger.warn('invalid site, empty server name:', { site: JSON.stringify(site), domain, parsedServerName });
@@ -772,6 +789,12 @@ class NginxProvider extends BaseProvider {
       return;
     }
+    // Check for sub-service type (dynamic subdomain static serving)
+    if (type === ROUTING_RULE_TYPES.SUB_SERVICE) {
+      this._addSubServiceLocation(args);
+      return;
+    }
     // Check for static serving (public static blocklets served directly by Nginx)
     if (type === ROUTING_RULE_TYPES.BLOCKLET && args.staticRoot) {
       this._addStaticLocation(args);
@@ -967,6 +990,39 @@ class NginxProvider extends BaseProvider {
     this._addSecurityHeaders(location, serviceType);
   }
+  _addSubServiceLocation({ server, prefix, staticRoot, serverName, commonHeaders, serviceType }) {
+    // Check if this is a wildcard domain (starts with *.）
+    // For wildcard domains: use $subdomain variable from server_name regex capture
+    // For single domains: serve files directly from staticRoot
+    const isWildcardDomain = serverName && serverName.includes('(?<subdomain>.+)');
+    if (isWildcardDomain) {
+      // For wildcard sub-service, use root with $subdomain variable
+      // The $subdomain variable comes from server_name ~^(?<subdomain>.+)\.domain$
+      server._add('root', `${staticRoot}/$subdomain`);
+    } else {
+      // For single domain sub-service, serve files directly from staticRoot
+      server._add('root', staticRoot);
+    }
+    server._add('location', prefix);
+    const location = this._getLastLocation(server);
+    // SPA fallback: try exact file, directory with index, then /index.html, finally 404
+    location._add('try_files', '$uri $uri/ /index.html =404');
+    // Cache control for static assets
+    location._add('expires', '30d');
+    location._add('add_header', 'Cache-Control "public, max-age=2592000"');
+    // Security headers
+    location._add('add_header', 'X-Content-Type-Options "nosniff"');
+    // Add common response headers
+    this._addCommonResHeaders(location, commonHeaders);
+    this._addSecurityHeaders(location, serviceType);
+  }
   _addRedirectTypeLocation({ server, url, redirectCode, prefix, suffix, serviceType }) {
     const cleanUrl = trimEndSlash(url);
     server._add('location', `${concatPath(prefix, suffix)}`);
@@ -1070,7 +1126,7 @@ class NginxProvider extends BaseProvider {
     location._addVerbatimBlock('if ($query_string)', 'set $abt_query_string "?$query_string";');
   }
-  _addDefaultLocations({ server, daemonPort, serverName }) {
+  _addDefaultLocations({ server, daemonPort, serverName, skipDefaultRoot = false }) {
     if (!server) {
       throw new Error('server is required');
     }
@@ -1079,7 +1135,10 @@ class NginxProvider extends BaseProvider {
       throw new Error('daemonPort is required');
     }
-    server._add('root', this.getRelativeConfigDir(this.wwwDir));
+    // For sub-service sites, skip default root as it will be set with $subdomain variable
+    if (!skipDefaultRoot) {
+      server._add('root', this.getRelativeConfigDir(this.wwwDir));
+    }
     server._addVerbatimBlock('if ($access_blocked)', 'return 403;');
     this._addHostBlockWhitelistServer({ server, serverName });
@@ -1362,7 +1421,9 @@ class NginxProvider extends BaseProvider {
   _addHttpServer({ locations = [], serverName, conf, port, daemonPort, commonHeaders, blockletDid, serviceType }) {
     const httpServerUnit = this._addHttpServerUnit({ conf, serverName, port });
-    this._addDefaultLocations({ server: httpServerUnit, daemonPort, serverName });
+    // Skip default root for subService sites
+    const skipDefaultRoot = locations.some((x) => x.type === ROUTING_RULE_TYPES.SUB_SERVICE);
+    this._addDefaultLocations({ server: httpServerUnit, daemonPort, serverName, skipDefaultRoot });
     // eslint-disable-next-line max-len
     locations.forEach((x) => this._addReverseProxy({ server: httpServerUnit, ...x, serverName, commonHeaders, blockletDid, serviceType })); // prettier-ignore
   }
@@ -1385,7 +1446,9 @@ class NginxProvider extends BaseProvider {
     const httpServerUnit = this._addHttpServerUnit({ conf, serverName });
     httpServerUnit._add('return', '307 https://$host$request_uri'); // redirect to https if has https
-    this._addDefaultLocations({ server: httpsServerUnit, daemonPort, serverName });
+    // Check if any location is SUB_SERVICE type, if so skip default root
+    const hasSubService = locations.some((x) => x.type === ROUTING_RULE_TYPES.SUB_SERVICE);
+    this._addDefaultLocations({ server: httpsServerUnit, daemonPort, serverName, skipDefaultRoot: hasSubService });
     // eslint-disable-next-line max-len
     locations.forEach((x) => this._addReverseProxy({ server: httpsServerUnit, ...x, serverName, commonHeaders, blockletDid, serviceType })); // prettier-ignore
   }

package/lib/util.js CHANGED Viewed

@@ -23,10 +23,44 @@ const decideHttpPort = (port) => port || process.env.ABT_NODE_HTTP_PORT || DEFAU
 const decideHttpsPort = (port) => port || process.env.ABT_NODE_HTTPS_PORT || DEFAULT_HTTPS_PORT;
 const findCertificate = (certs, domain) => {
-  const results = certs
-    .filter((cert) => [cert.domain, ...(cert.sans || [])].some((d) => checkDomainMatch(d, domain)))
-    .sort((d1) => (d1.domain[0] === '*' ? 1 : -1)); // will first match a.b.com, then *.b.com
-  return results[0];
+  const lowerDomain = domain.toLowerCase();
+  // First try exact match (highest priority)
+  // Note: Domain matching should be case-insensitive per DNS standards
+  for (const cert of certs) {
+    const certDomains = [cert.domain, ...(cert.sans || [])].map((d) => d.toLowerCase());
+    if (certDomains.includes(lowerDomain)) {
+      return cert;
+    }
+  }
+  // Then try wildcard match
+  // Note: wildcard cert *.example.com should match foo.example.com
+  // but should NOT match example.com itself (per SSL/TLS standards)
+  const domainParts = domain.split('.');
+  for (const cert of certs) {
+    const certDomains = [cert.domain, ...(cert.sans || [])];
+    for (const certDomain of certDomains) {
+      // Skip wildcard certs that would incorrectly match the base domain
+      // e.g., *.staging.myvibe.so should not match staging.myvibe.so
+      if (certDomain.startsWith('*.')) {
+        const certBaseParts = certDomain.substring(2).split('.');
+        // If domain has same or fewer parts than cert base, it's the base domain or shorter
+        // Wildcard should only match domains with more parts (subdomains)
+        if (domainParts.length <= certBaseParts.length) {
+          continue; // eslint-disable-line no-continue
+        }
+      }
+      if (checkDomainMatch(certDomain, domain)) {
+        return cert;
+      }
+    }
+  }
+  return undefined;
 };
 const trimEndSlash = (str) => {
@@ -64,6 +98,7 @@ const formatRoutingTable = (routingTable) => {
     if (!sites[domain]) {
       sites[domain] = {
         domain,
+        type: site.type,
         blockletDid: site.blockletDid,
         rules: [],
         port: site.port,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@abtnode/router-provider",
-  "version": "1.17.8-beta-20260119-102944-6ba93a16",
+  "version": "1.17.8-beta-20260125-093329-64b43854",
   "description": "Routing engine implementations for abt node",
   "author": "polunzh <polunzh@gmail.com>",
   "homepage": "https://github.com/ArcBlock/blocklet-server#readme",
@@ -30,14 +30,14 @@
     "url": "https://github.com/ArcBlock/blocklet-server/issues"
   },
   "dependencies": {
-    "@abtnode/constant": "1.17.8-beta-20260119-102944-6ba93a16",
-    "@abtnode/db-cache": "1.17.8-beta-20260119-102944-6ba93a16",
-    "@abtnode/logger": "1.17.8-beta-20260119-102944-6ba93a16",
-    "@abtnode/router-templates": "1.17.8-beta-20260119-102944-6ba93a16",
-    "@abtnode/util": "1.17.8-beta-20260119-102944-6ba93a16",
+    "@abtnode/constant": "1.17.8-beta-20260125-093329-64b43854",
+    "@abtnode/db-cache": "1.17.8-beta-20260125-093329-64b43854",
+    "@abtnode/logger": "1.17.8-beta-20260125-093329-64b43854",
+    "@abtnode/router-templates": "1.17.8-beta-20260125-093329-64b43854",
+    "@abtnode/util": "1.17.8-beta-20260125-093329-64b43854",
     "@arcblock/http-proxy": "^1.19.1",
     "@arcblock/is-valid-domain": "^1.0.5",
-    "@ocap/util": "^1.28.5",
+    "@ocap/util": "^1.28.6",
     "axios": "^1.7.9",
     "debug": "^4.4.1",
     "fast-glob": "^3.3.2",
@@ -60,5 +60,5 @@
     "bluebird": "^3.7.2",
     "fs-extra": "^11.2.0"
   },
-  "gitHead": "52d0430ade8bad2dbc91251b6183d152116fee0f"
+  "gitHead": "241254785bda907be2296228869b4fc9c1679a6b"
 }