@abtnode/util 1.17.3 → 1.17.4-beta-20251201-085909-4ab697bb
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/security.js +32 -13
- package/package.json +6 -6
package/lib/security.js
CHANGED
|
@@ -13,6 +13,9 @@ const { promisify } = require('util');
|
|
|
13
13
|
|
|
14
14
|
const cloneDeep = require('./deep-clone');
|
|
15
15
|
|
|
16
|
+
const PAGES_KIT_DID = 'z8iZiDFg3vkkrPwsiba1TLXy3H9XHzFERsP8o';
|
|
17
|
+
const ARCBLOCK_METRICS_DID = 'z8iZjMn7Hcyh93rKf8PqcSM94XnS8nRqSrPoP';
|
|
18
|
+
|
|
16
19
|
const encrypt = (m, s, i) => AES.encrypt(m, crypto.pbkdf2Sync(i, s, 256, 32, 'sha512').toString('hex'));
|
|
17
20
|
const decrypt = (m, s, i) => AES.decrypt(m, crypto.pbkdf2Sync(i, s, 256, 32, 'sha512').toString('hex'));
|
|
18
21
|
|
|
@@ -74,32 +77,35 @@ function findExecutable(executable) {
|
|
|
74
77
|
}
|
|
75
78
|
|
|
76
79
|
// 缓存 Node.js 版本对应的权限选项
|
|
77
|
-
const
|
|
80
|
+
const nodeStableOptionCache = new Map();
|
|
78
81
|
|
|
79
|
-
|
|
82
|
+
/**
|
|
83
|
+
*
|
|
84
|
+
* @param {string} optionsKey, example: '--permission'
|
|
85
|
+
* @param {string[]} optionsValues, example: ['--permission', '--experimental-permission']
|
|
86
|
+
* @return {Promise<string>}
|
|
87
|
+
*/
|
|
88
|
+
async function getNodeStableOption({ optionsKey, optionsValues }) {
|
|
80
89
|
// @note: 前端加载了整个文件,所以 execAsync 必须在这里创建
|
|
81
90
|
const execAsync = promisify(exec);
|
|
82
91
|
const nodeVersion = process.version;
|
|
92
|
+
const key = `${nodeVersion}.${optionsKey}`;
|
|
83
93
|
|
|
84
94
|
// 检查缓存
|
|
85
|
-
if (
|
|
86
|
-
return
|
|
95
|
+
if (nodeStableOptionCache.has(key)) {
|
|
96
|
+
return nodeStableOptionCache.get(key);
|
|
87
97
|
}
|
|
88
98
|
|
|
89
99
|
try {
|
|
90
100
|
const { stdout } = await execAsync('node -h');
|
|
91
101
|
|
|
92
|
-
|
|
93
|
-
if (
|
|
94
|
-
|
|
95
|
-
} else if (stdout.includes('--experimental-permission')) {
|
|
96
|
-
permissionOption = '--experimental-permission';
|
|
97
|
-
} else {
|
|
98
|
-
throw new Error(`Can not get permission options for this Node.js version: ${nodeVersion}`);
|
|
102
|
+
const permissionOption = optionsValues.find((option) => stdout.includes(option));
|
|
103
|
+
if (!permissionOption) {
|
|
104
|
+
throw new Error(`Can not get permission option: ${optionsKey} for this Node.js version: ${nodeVersion}`);
|
|
99
105
|
}
|
|
100
106
|
|
|
101
107
|
// 缓存结果
|
|
102
|
-
|
|
108
|
+
nodeStableOptionCache.set(key, permissionOption);
|
|
103
109
|
return permissionOption;
|
|
104
110
|
} catch (error) {
|
|
105
111
|
console.error(error);
|
|
@@ -154,6 +160,7 @@ const getSecurityNodeOptions = async (blocklet, enableFileSystemIsolation = true
|
|
|
154
160
|
}
|
|
155
161
|
|
|
156
162
|
const pm2Path = getPm2Path();
|
|
163
|
+
|
|
157
164
|
const meiliSearchPath = findExecutable('meilisearch');
|
|
158
165
|
const meiliSearchPathAlt = '/data/bin/meilisearch';
|
|
159
166
|
const blockletCliPath = findExecutable('blocklet');
|
|
@@ -164,7 +171,10 @@ const getSecurityNodeOptions = async (blocklet, enableFileSystemIsolation = true
|
|
|
164
171
|
process.env.PNPM_HOME ? join(process.env.PNPM_HOME, 'global/') : '',
|
|
165
172
|
];
|
|
166
173
|
|
|
167
|
-
const permissionOption = await
|
|
174
|
+
const permissionOption = await getNodeStableOption({
|
|
175
|
+
optionsKey: '--permission',
|
|
176
|
+
optionsValues: ['--permission', '--experimental-permission'],
|
|
177
|
+
});
|
|
168
178
|
|
|
169
179
|
options.push(
|
|
170
180
|
permissionOption,
|
|
@@ -217,6 +227,15 @@ const getSecurityNodeOptions = async (blocklet, enableFileSystemIsolation = true
|
|
|
217
227
|
.filter((x) => x !== sep)
|
|
218
228
|
.map((dir) => `--allow-fs-read=${join(dir, '/*')}`)
|
|
219
229
|
);
|
|
230
|
+
|
|
231
|
+
// 临时放行 pages-kit 和 arcblock-metrics 的 allow-worker 权限
|
|
232
|
+
if ([PAGES_KIT_DID, ARCBLOCK_METRICS_DID].includes(blocklet?.environmentObj?.BLOCKLET_COMPONENT_DID)) {
|
|
233
|
+
const allowWorkerOption = await getNodeStableOption({
|
|
234
|
+
optionsKey: '--allow-worker',
|
|
235
|
+
optionsValues: ['--allow-worker', '--experimental-worker'],
|
|
236
|
+
});
|
|
237
|
+
options.push(allowWorkerOption);
|
|
238
|
+
}
|
|
220
239
|
}
|
|
221
240
|
|
|
222
241
|
return uniq(options).join(' ').trim();
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.17.
|
|
6
|
+
"version": "1.17.4-beta-20251201-085909-4ab697bb",
|
|
7
7
|
"description": "ArcBlock's JavaScript utility",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -18,14 +18,14 @@
|
|
|
18
18
|
"author": "polunzh <polunzh@gmail.com> (http://github.com/polunzh)",
|
|
19
19
|
"license": "Apache-2.0",
|
|
20
20
|
"dependencies": {
|
|
21
|
-
"@abtnode/constant": "1.17.
|
|
22
|
-
"@abtnode/db-cache": "1.17.
|
|
21
|
+
"@abtnode/constant": "1.17.4-beta-20251201-085909-4ab697bb",
|
|
22
|
+
"@abtnode/db-cache": "1.17.4-beta-20251201-085909-4ab697bb",
|
|
23
23
|
"@arcblock/did": "^1.27.12",
|
|
24
24
|
"@arcblock/event-hub": "^1.27.12",
|
|
25
25
|
"@arcblock/pm2": "^6.0.12",
|
|
26
|
-
"@blocklet/constant": "1.17.
|
|
26
|
+
"@blocklet/constant": "1.17.4-beta-20251201-085909-4ab697bb",
|
|
27
27
|
"@blocklet/error": "^0.3.3",
|
|
28
|
-
"@blocklet/meta": "1.17.
|
|
28
|
+
"@blocklet/meta": "1.17.4-beta-20251201-085909-4ab697bb",
|
|
29
29
|
"@blocklet/xss": "^0.3.10",
|
|
30
30
|
"@ocap/client": "^1.27.12",
|
|
31
31
|
"@ocap/mcrypto": "^1.27.12",
|
|
@@ -90,5 +90,5 @@
|
|
|
90
90
|
"express": "^4.18.2",
|
|
91
91
|
"fs-extra": "^11.2.0"
|
|
92
92
|
},
|
|
93
|
-
"gitHead": "
|
|
93
|
+
"gitHead": "4a76a83d2c47b00686c1c0fdd7b78ffddd728f0e"
|
|
94
94
|
}
|