@abtnode/util 1.16.28-next-5a717317 → 1.16.28

package/lib/async-pm2.js

@@ -1,5 +1,5 @@
 // You must install pm2 as project dependency
-const pm2 = require('pm2'); // eslint-disable-line import/no-extraneous-dependencies
+const pm2 = require('@arcblock/pm2'); // eslint-disable-line import/no-extraneous-dependencies
 const { promisify } = require('util');
 
 const api = [

package/lib/blocklet.js

@@ -1,7 +1,7 @@
 const path = require('path');
 const { createHash } = require('crypto');
 const isUrl = require('is-url');
-const joinURL = require('url-join');
+const { joinURL } = require('ufo');
 const { WELLKNOWN_SERVICE_PATH_PREFIX } = require('@abtnode/constant');
 const { BLOCKLET_CONFIGURABLE_KEY } = require('@blocklet/constant');
 

package/lib/did-document.js

@@ -1,6 +1,6 @@
 const stringify = require('json-stable-stringify');
 const { toBase64, toBase58, toDid } = require('@ocap/util');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const pRetry = require('p-retry');
 const debug = require('debug')('@abtnode/util:did-document');
 const axios = require('./axios');
@@ -52,7 +52,7 @@ const update = ({ id, services, didRegistryUrl, wallet, alsoKnownAs = [], blockl
 
   document.proof = proof;
 
-  return axios.post(joinUrl(didRegistryUrl, '/.well-known/did-resolver/registries'), document, {
+  return axios.post(joinURL(didRegistryUrl, '/.well-known/did-resolver/registries'), document, {
     timeout: 10 * 1000,
     headers: { 'X-Blocklet-Server-Version': blockletServerVersion },
   });

package/lib/did-domain.js

@@ -1,4 +1,4 @@
-const joinURL = require('url-join');
+const { joinURL } = require('ufo');
 
 const axios = require('./axios');
 

package/lib/get-chain-client.js

@@ -1,4 +1,4 @@
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const Client = require('@ocap/client');
 
 // cache ocap clients for smaller memory consumption
@@ -11,7 +11,7 @@ const clients = new Map();
  * @return {import('@ocap/client')}
  */
 const getChainClient = (chainHost) => {
-  const endpoint = joinUrl(chainHost, '/');
+  const endpoint = joinURL(chainHost, '/');
   if (!clients.has(endpoint)) {
     const client = new Client(endpoint);
     clients.set(endpoint, client);

package/lib/security.js

@@ -1,5 +1,12 @@
+const { BLOCKLET_MODES } = require('@blocklet/constant');
 const crypto = require('crypto');
 const AES = require('@ocap/mcrypto/lib/crypter/aes-legacy').default;
+const semver = require('semver');
+const uniq = require('lodash/uniq');
+const { dirname, join, sep } = require('path');
+const resolve = require('resolve/sync');
+const { tmpdir, homedir } = require('os');
+const which = require('which');
 
 const encrypt = (m, s, i) => AES.encrypt(m, crypto.pbkdf2Sync(i, s, 256, 32, 'sha512').toString('hex'));
 const decrypt = (m, s, i) => AES.decrypt(m, crypto.pbkdf2Sync(i, s, 256, 32, 'sha512').toString('hex'));
@@ -36,10 +43,105 @@ const encodeEncryptionKey = (key) => escape(Buffer.from(key).toString('base64'))
 const unescape = (str) => (str + '==='.slice((str.length + 3) % 4)).replace(/-/g, '+').replace(/_/g, '/');
 const decodeEncryptionKey = (str) => new Uint8Array(Buffer.from(unescape(str), 'base64'));
 
+const SAFE_NODE_VERSION = 'v21.6.0';
+const canUseFileSystemIsolateApi = () => semver.gte(process.version, SAFE_NODE_VERSION);
+
+const getPm2Path = () => {
+  try {
+    return resolve('@arcblock/pm2', { basedir: __dirname });
+  } catch (error) {
+    return null;
+  }
+};
+
+/**
+ *
+ * @param {string} executable
+ * @returns
+ */
+function findExecutable(executable) {
+  try {
+    const fullPath = which.sync(executable);
+    return fullPath;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * @description
+ * @param {import('@abtnode/client').BlockletState & { environmentObj: [key: string]: string } } blocklet
+ * @param {true | false} enableFileSystemIsolation
+ * @return {string}
+ */
+const getSecurityNodeOptions = (blocklet, enableFileSystemIsolation = true) => {
+  const options = [];
+
+  if (!canUseFileSystemIsolateApi() || !enableFileSystemIsolation) {
+    return options.join(' ').trim();
+  }
+
+  if (!blocklet) {
+    throw new Error('blocklet is not defined');
+  }
+
+  const pm2Path = getPm2Path();
+  const meiliSearchPath = findExecutable('meilisearch');
+  const blockletCliPath = findExecutable('blocklet');
+
+  options.push(
+    '--experimental-permission',
+    ...[
+      blocklet.environmentObj.BLOCKLET_DATA_DIR, // allow each component to write it's own data
+      blocklet.environmentObj.BLOCKLET_APP_DIR, // allow each component to write it's own source code: for example, to install dependencies
+      blocklet.environmentObj.BLOCKLET_LOG_DIR,
+      blocklet.environmentObj.BLOCKLET_CACHE_DIR,
+      join(blocklet.environmentObj.BLOCKLET_APP_DATA_DIR, '.projects'), // allow all components to access blocklet studio
+      tmpdir(),
+    ].map((dir) => `--allow-fs-write=${dir}`),
+    // @note: sqlite3 需要这个
+    '--allow-addons',
+    // FIXME: 目前我们非常多的应用都依赖使用 child_process 安装 sqlite,所以暂时放行。等 @blocklet/db ready 了，我们把限制再加上，@jianchao
+    '--allow-child-process'
+  );
+
+  // @note: 在正式环境下，用户不应该可以改变运行模式
+  if (
+    blocklet.mode === BLOCKLET_MODES.DEVELOPMENT ||
+    blocklet.environmentObj.BLOCKLET_MODE === BLOCKLET_MODES.DEVELOPMENT
+  ) {
+    options.push('--allow-worker', '--allow-fs-read=*');
+    options.push(`--allow-fs-write=${join(homedir(), '.npm', '_logs')}`);
+  } else {
+    options.push(
+      ...[
+        blocklet.environmentObj.BLOCKLET_LOG_DIR,
+        blocklet.environmentObj.BLOCKLET_CACHE_DIR,
+        blocklet.environmentObj.BLOCKLET_APP_DATA_DIR, // allow all components to read blocklet data
+        dirname(dirname(blocklet.environmentObj.BLOCKLET_APP_DIR)), // allow all components to read source code
+        pm2Path && dirname(dirname(dirname(dirname(pm2Path)))),
+        meiliSearchPath && dirname(dirname(meiliSearchPath)),
+        blockletCliPath && dirname(blockletCliPath),
+        dirname(dirname(process.execPath)),
+        process.cwd(),
+        tmpdir(),
+      ]
+        .filter(Boolean)
+        .filter((x) => x !== sep)
+        .map((dir) => `--allow-fs-read=${dir}`)
+    );
+  }
+
+  return uniq(options).join(' ').trim();
+};
+
 module.exports = {
   encrypt,
   decrypt,
   formatEnv,
   encodeEncryptionKey,
   decodeEncryptionKey,
+  canUseFileSystemIsolateApi,
+  getSecurityNodeOptions,
+  SAFE_NODE_VERSION,
 };

package/lib/strong-axios.js

@@ -1,4 +1,4 @@
-const axios = require('axios');
+const { default: axios } = require('axios');
 const http = require('http');
 const https = require('https');
 const dns = require('dns');

package/lib/url-evaluation/check-accessible-node.js

@@ -1,4 +1,4 @@
-const axios = require('axios');
+const { default: axios } = require('axios');
 
 module.exports = async (url, timeout = 5000) => {
   try {

package/lib/user.js

@@ -1,6 +1,6 @@
 const path = require('path');
 const fs = require('fs-extra');
-const joinUrl = require('url-join');
+const { joinURL } = require('ufo');
 const cloneDeep = require('lodash/cloneDeep');
 
 const {
@@ -30,7 +30,7 @@ const getServerAvatarUrl = (baseUrl, info) => {
     // Do nothing;
   }
 
-  return joinUrl(
+  return joinURL(
     origin,
     process.env.NODE_ENV === 'production' ? info.routing.adminPath : '',
     `/images/node.png?v=${info.version}`
@@ -49,7 +49,7 @@ const getAppAvatarUrl = (baseUrl, size = 80) => {
     // Do nothing;
   }
 
-  return joinUrl(origin, WELLKNOWN_SERVICE_PATH_PREFIX, `/blocklet/logo?imageFilter=convert&f=png&h=${size}`);
+  return joinURL(origin, WELLKNOWN_SERVICE_PATH_PREFIX, `/blocklet/logo?imageFilter=convert&f=png&h=${size}`);
 };
 
 const getUserAvatarUrl = (baseUrl, avatar, info = {}, isServer = false) => {
@@ -76,10 +76,10 @@ const getUserAvatarUrl = (baseUrl, avatar, info = {}, isServer = false) => {
 
   if (isServer) {
     const prefix = process.env.NODE_ENV !== 'development' ? info.routing.adminPath : '';
-    return joinUrl(origin, prefix, USER_AVATAR_PATH_PREFIX, info.did, filename);
+    return joinURL(origin, prefix, USER_AVATAR_PATH_PREFIX, info.did, filename);
   }
 
-  return joinUrl(
+  return joinURL(
     origin,
     WELLKNOWN_SERVICE_PATH_PREFIX,
     USER_AVATAR_PATH_PREFIX,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.28-next-5a717317",
+  "version": "1.16.28",
   "description": "ArcBlock's JavaScript utility",
   "main": "lib/index.js",
   "files": [
@@ -18,16 +18,17 @@
   "author": "polunzh <polunzh@gmail.com> (http://github.com/polunzh)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.28-next-5a717317",
-    "@abtnode/logger": "1.16.28-next-5a717317",
-    "@blocklet/constant": "1.16.28-next-5a717317",
-    "@blocklet/meta": "1.16.28-next-5a717317",
+    "@abtnode/constant": "1.16.28",
+    "@abtnode/logger": "1.16.28",
+    "@arcblock/pm2": "^5.4.0",
+    "@blocklet/constant": "1.16.28",
+    "@blocklet/meta": "1.16.28",
     "@ocap/client": "1.18.123",
     "@ocap/mcrypto": "1.18.123",
     "@ocap/util": "1.18.123",
     "@ocap/wallet": "1.18.123",
     "archiver": "^7.0.1",
-    "axios": "^0.27.2",
+    "axios": "^1.7.2",
     "axios-mock-adapter": "^1.21.2",
     "axon": "^2.0.3",
     "chalk": "^4.1.2",
@@ -53,9 +54,10 @@
     "npm-packlist": "^7.0.4",
     "p-retry": "4.6.1",
     "parallel-transform": "^1.2.0",
-    "pm2": "^5.3.1",
     "public-ip": "^4.0.4",
     "pump": "^3.0.0",
+    "resolve": "^1.22.8",
+    "semver": "^7.6.2",
     "semver-sort": "^1.0.0",
     "shelljs": "^0.8.5",
     "slugify": "^1.6.5",
@@ -66,15 +68,16 @@
     "through2-map": "^3.0.0",
     "to-semver": "^3.0.0",
     "transliteration": "^2.3.5",
-    "url-join": "^4.0.1",
+    "ufo": "^1.5.3",
     "which": "^2.0.2"
   },
   "devDependencies": {
+    "@types/resolve": "^1.20.6",
     "cookie-signature": "^1.0.6",
     "detect-port": "^1.5.1",
     "express": "^4.18.2",
     "fs-extra": "^11.2.0",
     "jest": "^29.7.0"
   },
-  "gitHead": "3624967f9549de3a25a87ed6b20f82519ddb4757"
+  "gitHead": "54db076a7e520bbc260f8cbf0af31dd50b86aef1"
 }