@abtnode/webapp 1.8.63-beta-c51e554d → 1.8.63-beta-b0b23c2b

package/api/gql/config.js

@@ -0,0 +1,392 @@
+/* eslint-disable no-await-in-loop */
+const verifyTeam = require('./middlewares/verify-team');
+const verifyBlocklet = require('./middlewares/verify-blocklet');
+const createAuditLog = require('./middlewares/create-audit-log');
+const installBlocklet = require('./middlewares/install-blocklet');
+const getBlockletList = require('./middlewares/get-blocklet-list');
+
+const wrap = ([permissions, dataKeys, handler, preHooks = [], postHooks = [], action, node]) => {
+  return {
+    permissions,
+    dataKeys,
+    handler: new Proxy(handler, {
+      async apply(target, ctx, args) {
+        const [input, context] = args;
+        // run pre hooks: should abort the request when any hook throws
+        for (let i = 0; i < preHooks.length; i++) {
+          await Reflect.apply(preHooks[i], ctx, [input, context, node, action]);
+        }
+
+        // run handler
+        const result = await Reflect.apply(target, ctx, args);
+
+        // run post hooks: should not effect the request when any hook throws
+        for (let i = 0; i < postHooks.length; i++) {
+          Reflect.apply(postHooks[i], ctx, [input, context, node, action, result]);
+        }
+
+        return result;
+      },
+    }),
+  };
+};
+
+/**
+ * { <gql_api>: [permissions, gql_api_return_key, gql_api_handler] }
+ */
+const genConfig = node => {
+  const configs = {
+    // Blocklet registry
+    getBlockletMeta: [['query_blocklets'], 'meta', node.getBlockletMeta],
+
+    // Blocklet manager
+    getBlocklet: [['query_blocklets', 'query_blocklet'], 'blocklet', node.getBlocklet, [verifyBlocklet]],
+    getBlocklets: [['query_blocklets'], 'blocklets', node.getBlocklets, [getBlockletList]],
+    getBlockletDiff: [['query_blocklets', 'query_blocklet'], 'blockletDiff', node.getBlockletDiff, [verifyBlocklet]],
+    getBlockletRuntimeHistory: [
+      ['query_blocklets', 'query_blocklet'],
+      'history',
+      node.getBlockletRuntimeHistory,
+      [verifyBlocklet],
+    ],
+
+    getLatestBlockletVersion: [
+      ['query_blocklets', 'query_blocklet'],
+      'data',
+      node.getLatestBlockletVersion,
+      [verifyBlocklet],
+    ],
+    getBlockletMetaFromUrl: [[], ['meta', 'isFree', 'inStore', 'registryUrl'], node.getBlockletMetaFromUrl],
+    getBlockletByBundle: [
+      ['query_blocklets'],
+      ['blockletDid', 'isExternal', 'isInstalled', 'isRunning'],
+      node.getBlockletByBundle,
+      [verifyBlocklet],
+    ],
+    installBlocklet: [['mutate_blocklets'], 'blocklet', node.installBlocklet, [installBlocklet]],
+    installBlockletFromVc: [['mutate_blocklets'], 'blocklet', node.installBlockletFromVc, []],
+    installComponent: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.installComponent,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    startBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.startBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    stopBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.stopBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    reloadBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.reloadBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    restartBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.restartBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    deleteBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.deleteBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    deleteComponent: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.deleteComponent,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    cancelDownloadBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.cancelDownloadBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    upgradeBlocklet: [['mutate_blocklets', 'mutate_blocklet'], 'blocklet', node.upgradeBlocklet, [verifyBlocklet]],
+    configBlocklet: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.configBlocklet,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    checkComponentsForUpdates: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'preUpdateInfo',
+      node.checkComponentsForUpdates,
+      [verifyBlocklet],
+    ],
+    upgradeComponents: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.upgradeComponents,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    configPublicToStore: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.configPublicToStore,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    configNavigations: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.configNavigations,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    updateWhoCanAccess: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.updateWhoCanAccess,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    updateComponentTitle: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.updateComponentTitle,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    updateComponentMountPoint: [
+      ['mutate_blocklets', 'mutate_blocklet'],
+      'blocklet',
+      node.updateComponentMountPoint,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+
+    // Team Access Control
+    getRoles: [['query_team'], 'roles', node.getRoles, [verifyTeam]],
+    createRole: [['mutate_team'], 'role', node.createRole, [verifyTeam], [createAuditLog]],
+    updateRole: [['mutate_team'], 'role', node.updateRole, [verifyTeam], [createAuditLog]],
+    deleteRole: [['mutate_team'], 'success', node.deleteRole, [verifyTeam], [createAuditLog]],
+
+    getPermissions: [['query_team'], 'permissions', node.getPermissions, [verifyTeam]],
+    createPermission: [['mutate_team'], 'permission', node.createPermission, [verifyTeam], [createAuditLog]],
+    updatePermission: [['mutate_team'], 'role', node.updatePermission, [verifyTeam], [createAuditLog]],
+    deletePermission: [['mutate_team'], 'success', node.deletePermission, [verifyTeam], [createAuditLog]],
+
+    grantPermissionForRole: [['mutate_team'], 'success', node.grantPermissionForRole, [verifyTeam], [createAuditLog]],
+    revokePermissionFromRole: [
+      ['mutate_team'],
+      'success',
+      node.revokePermissionFromRole,
+      [verifyTeam],
+      [createAuditLog],
+    ],
+    updatePermissionsForRole: [['mutate_team'], 'role', node.updatePermissionsForRole, [verifyTeam], [createAuditLog]],
+    getPermissionsByRole: [['query_team'], 'permissions', node.getPermissionsByRole, [verifyTeam]],
+    hasPermission: [['query_team'], 'result', node.hasPermission, [verifyTeam]],
+
+    // Team User
+    getUsers: [['query_team'], ['users', 'paging'], node.getUsers, [verifyTeam]],
+    getUser: [['query_team'], 'user', node.getUser, [verifyTeam]],
+    getUsersCountPerRole: [['query_team'], 'counts', node.getUsersCountPerRole, [verifyTeam]],
+    getOwner: [['query_team'], 'user', node.getOwner, [verifyTeam]],
+    removeUser: [['mutate_team'], 'user', node.removeUser, [verifyTeam], [createAuditLog]],
+    updateUserApproval: [['mutate_team'], 'user', node.updateUserApproval, [verifyTeam], [createAuditLog]],
+    updateUserRole: [['mutate_team'], 'user', node.updateUserRole, [verifyTeam], [createAuditLog]],
+    getInvitations: [['query_team'], 'invitations', node.getInvitations, [verifyTeam]],
+    createMemberInvitation: [
+      ['mutate_team'],
+      'inviteInfo',
+      node.createMemberInvitation,
+      [verifyTeam],
+      [createAuditLog],
+    ],
+    createTransferInvitation: [
+      ['mutate_team'],
+      'inviteInfo',
+      node.createTransferInvitation,
+      [verifyTeam],
+      [createAuditLog],
+    ],
+    deleteInvitation: [['mutate_team'], 'invitation', node.deleteInvitation, [verifyTeam], [createAuditLog]],
+
+    // Team Passport
+    getPassportIssuances: [['query_team'], 'list', node.getPassportIssuances, [verifyTeam]],
+    createPassportIssuance: [['mutate_team'], 'info', node.createPassportIssuance, [verifyTeam], [createAuditLog]],
+    deletePassportIssuance: [
+      ['mutate_team'],
+      'invitation',
+      node.deletePassportIssuance,
+      [verifyTeam],
+      [createAuditLog],
+    ],
+    issuePassportToUser: [['mutate_team'], 'user', node.issuePassportToUser, [verifyTeam], [createAuditLog]],
+    revokeUserPassport: [['mutate_team'], 'user', node.revokeUserPassport, [verifyTeam], [createAuditLog]],
+    enableUserPassport: [['mutate_team'], 'user', node.enableUserPassport, [verifyTeam], [createAuditLog]],
+    configTrustedPassports: [['mutate_team'], 'info', node.configTrustedPassports, [verifyTeam], [createAuditLog]],
+    configPassportIssuance: [['mutate_team'], 'info', node.configPassportIssuance, [verifyTeam], [createAuditLog]],
+
+    // Team Settings
+    addBlockletStore: [['mutate_team'], 'info', node.addBlockletStore, [verifyTeam], [createAuditLog]],
+    deleteBlockletStore: [['mutate_team'], 'info', node.deleteBlockletStore, [verifyTeam], [createAuditLog]],
+
+    // Access Keys
+    getAccessKeys: [['query_accessKey'], 'list', node.getAccessKeys],
+    createAccessKey: [['mutate_accessKey'], 'data', node.createAccessKey, [], [createAuditLog]],
+    deleteAccessKey: [['mutate_accessKey'], 'data', node.deleteAccessKey, [], [createAuditLog]],
+    updateAccessKey: [['mutate_accessKey'], 'data', node.updateAccessKey, [], [createAuditLog]],
+
+    // Router
+    getRoutingSites: [['query_router'], 'sites', node.getRoutingSites],
+    getRoutingProviders: [['query_router'], 'providers', node.getRoutingProviders],
+
+    addRoutingSite: [['mutate_router'], 'site', node.addRoutingSite, [], [createAuditLog]],
+    deleteRoutingSite: [['mutate_router'], 'site', node.deleteRoutingSite, [], [createAuditLog]],
+    updateRoutingSite: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.updateRoutingSite,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+
+    addRoutingRule: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.addRoutingRule,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    updateRoutingRule: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.updateRoutingRule,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    deleteRoutingRule: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.deleteRoutingRule,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+
+    addDomainAlias: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.addDomainAlias,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+    deleteDomainAlias: [
+      ['mutate_router', 'mutate_blocklet'],
+      'site',
+      node.deleteDomainAlias,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+
+    // Router Snapshots
+    getRoutingSnapshots: [['query_router'], 'snapshots', node.getRoutingSnapshots],
+    getSnapshotSites: [['query_router'], 'sites', node.getSnapshotSites],
+    takeRoutingSnapshot: [['query_router'], 'hash', node.takeRoutingSnapshot],
+
+    checkDomains: [['query_router', 'query_blocklet'], 'result', node.checkDomains, [verifyBlocklet]],
+    findCertificateByDomain: [
+      ['query_router', 'query_blocklet'],
+      'cert',
+      node.findCertificateByDomain,
+      [verifyBlocklet],
+    ],
+
+    // Router Certificates
+    getCertificates: [['query_router', 'query_certificate'], 'certificates', node.getCertificates],
+    addCertificate: [['mutate_router', 'mutate_certificate'], 'certificate', node.addCertificate, [], [createAuditLog]],
+    updateCertificate: [
+      ['mutate_router', 'mutate_certificate'],
+      'certificate',
+      node.updateCertificate,
+      [],
+      [createAuditLog],
+    ],
+    deleteCertificate: [
+      ['mutate_router', 'mutate_certificate'],
+      'certificate',
+      node.deleteCertificate,
+      [],
+      [createAuditLog],
+    ],
+    issueLetsEncryptCert: [
+      ['mutate_certificate', 'mutate_blocklet'],
+      'certificate',
+      node.issueLetsEncryptCert,
+      [verifyBlocklet],
+      [createAuditLog],
+    ],
+
+    // Gateway
+    updateGateway: [['mutate_node'], 'gateway', node.updateGateway, [], [createAuditLog]],
+
+    // Node
+    getNodeInfo: [[], 'info', node.getNodeInfo],
+    getNodeEnv: [['query_node'], 'info', node.getNodeEnv],
+    updateNodeInfo: [['mutate_node'], 'info', node.updateNodeInfo, [], [createAuditLog]],
+    updateNodeRouting: [['mutate_node'], 'info', node.updateNodeRouting, [], [createAuditLog]],
+    upgradeNodeVersion: [['mutate_node'], 'sessionId', node.upgradeNodeVersion, [], [createAuditLog]],
+    restartServer: [['mutate_node'], 'sessionId', node.restartServer, [], [createAuditLog]],
+    checkNodeVersion: [['query_node'], 'version', node.checkNodeVersion],
+    resetNode: [['mutate_node'], 'info', node.resetNode],
+    getDelegationState: [[], 'state', node.getDelegationState],
+    // why use query_node: any member in server can reset node status to running
+    resetNodeStatus: [['query_node'], 'info', node.resetNodeStatus],
+    getNodeRuntimeHistory: [['query_node'], 'history', node.getNodeRuntimeHistory],
+
+    // Node Session
+    getSession: [['query_session'], 'session', node.getSession],
+    startSession: [['mutate_session'], 'session', node.startSession],
+    updateSession: [['mutate_session'], 'session', node.updateSession],
+    endSession: [['mutate_session'], 'session', node.endSession],
+
+    // Notifications
+    getNotifications: [['query_notification'], ['list', 'paging'], node.getNotifications],
+    readNotifications: [['mutate_notification'], 'numAffected', node.readNotifications],
+    unreadNotifications: [['mutate_notification'], 'numAffected', node.unreadNotifications],
+
+    // Webhook
+    getWebHooks: [['query_webhook'], 'webhooks', node.getWebHooks],
+    createWebHook: [['mutate_webhook'], 'webhook', node.createWebHook, [], [createAuditLog]],
+    deleteWebHook: [['mutate_webhook'], 'data', node.deleteWebHook, [], [createAuditLog]],
+    getWebhookSenders: [['query_webhook'], 'senders', node.getWebhookSenders],
+    sendTestMessage: [['mutate_webhook'], 'data', node.sendTestMessage],
+
+    // Audit logs
+    getAuditLogs: [['query_node', 'query_blocklet'], ['list', 'paging'], node.getAuditLogs, [verifyBlocklet]],
+  };
+
+  return Object.freeze(
+    Object.keys(configs).reduce((acc, k) => {
+      const [permissions, dataKeys, handler, preHooks = [], postHooks = []] = configs[k];
+      acc[k] = wrap([permissions, dataKeys, handler, preHooks, postHooks, k, node]);
+      return acc;
+    }, {})
+  );
+};
+
+module.exports = genConfig;

package/api/gql/index.js

@@ -0,0 +1,102 @@
+/* eslint-disable default-param-last */
+const cloneDeep = require('lodash/cloneDeep');
+const { graphqlHTTP } = require('express-graphql');
+const GraphQLUpload = require('graphql-upload/GraphQLUpload.js');
+const { makeExecutableSchema } = require('@graphql-tools/schema');
+const { wipeSensitiveData, fixBlockletStatus } = require('@blocklet/meta/lib/util');
+const formatContext = require('@abtnode/util/lib/format-context');
+const schemaSource = require('@abtnode/schema');
+const logger = require('@abtnode/logger')('@abtnode/gql');
+const genConfig = require('./config');
+
+const wrapResolver = async ({ name, dataKeys, callback }) => {
+  const t = Date.now();
+  try {
+    const result = await callback();
+
+    const resultsMap = {};
+    if (Array.isArray(dataKeys)) {
+      dataKeys.forEach(dataKey => {
+        resultsMap[dataKey] = result[dataKey];
+      });
+    } else {
+      resultsMap[dataKeys] = result;
+    }
+
+    if (dataKeys === 'blocklet') {
+      const d = cloneDeep(result);
+      fixBlockletStatus(d);
+      resultsMap[dataKeys] = wipeSensitiveData(d);
+    }
+
+    if (dataKeys === 'blocklets') {
+      resultsMap[dataKeys] = cloneDeep(result || []).map(blocklet => {
+        fixBlockletStatus(blocklet);
+        return wipeSensitiveData(blocklet);
+      });
+    }
+
+    // performance metrics
+    const ms = Date.now() - t;
+    if (ms > 2000) {
+      logger.warn('graphql resolver latency', { api: name, time: `${ms}ms` });
+    }
+
+    return {
+      code: 'ok',
+      ...resultsMap,
+    };
+    /* istanbul ignore next */
+  } catch (error) {
+    logger.error('graphql resolver error', { error });
+    throw error;
+  }
+};
+
+/**
+ * @param {object} configs { <api>: { dataKeys, handler } }
+ * @param {boolean} graphiql
+ */
+const createMiddleware = (configs = {}, graphiql = true) => {
+  /* istanbul ignore next */
+  const specials = {
+    addRoutingSite: input => ({ site: input }),
+  };
+
+  const resolvers = Object.entries(configs).reduce((acc, [api, { dataKeys, handler }]) => {
+    if (specials[api]) {
+      acc[api] = ({ input } = {}, ctx) =>
+        wrapResolver({ name: api, dataKeys, callback: () => handler(specials[api](input), formatContext(ctx)) });
+    } else {
+      acc[api] = ({ input } = {}, ctx) =>
+        wrapResolver({ name: api, dataKeys, callback: () => handler(input, formatContext(ctx)) });
+    }
+
+    return acc;
+  }, {});
+
+  return graphqlHTTP({
+    schema: makeExecutableSchema({
+      typeDefs: schemaSource,
+      resolvers: {
+        Upload: GraphQLUpload,
+      },
+    }),
+    customFormatErrorFn: error => {
+      logger.error('graphql error', { error });
+      return {
+        message: error.message,
+        locations: error.locations,
+        stack: error.stack ? error.stack.split('\n') : [],
+        path: error.path,
+      };
+    },
+    rootValue: resolvers,
+    graphiql,
+  });
+};
+
+module.exports = createMiddleware;
+module.exports.wrapResolver = wrapResolver;
+module.exports.formatContext = formatContext;
+module.exports.genConfig = genConfig;

package/api/gql/middlewares/create-audit-log.js

@@ -0,0 +1,3 @@
+module.exports = (args, context, node, action, result) => {
+  node.createAuditLog({ action, args, context, result }).catch(err => console.error('create audit log error', err));
+};

package/api/gql/middlewares/get-blocklet-list.js

@@ -0,0 +1,14 @@
+const { SERVER_ROLES } = require('@abtnode/constant');
+
+module.exports = (input, context) => {
+  const { role } = context.user;
+
+  if (role === SERVER_ROLES.EXTERNAL_BLOCKLETS_MANAGER) {
+    input.filter = 'external-only';
+    return;
+  }
+
+  if (role !== SERVER_ROLES.OWNER) {
+    input.filter = 'external-excluded';
+  }
+};

package/api/gql/middlewares/install-blocklet.js

@@ -0,0 +1,13 @@
+/* eslint-disable no-unused-vars */
+// const { SERVER_ROLES } = require('@abtnode/constant');
+
+// Currently this middleware is not used
+module.exports = (input, context) => {
+  // const { did, role, controller } = context.user;
+  // if (role === SERVER_ROLES.EXTERNAL_BLOCKLET_CONTROLLER) {
+  //   input.controller = {
+  //     ...controller,
+  //     id: did,
+  //   };
+  // }
+};

package/api/gql/middlewares/verify-blocklet.js

@@ -0,0 +1,21 @@
+const { isBlockletRole } = require('@abtnode/constant');
+
+module.exports = ({ did, rootDid, scope, teamDid }, context) => {
+  const { role, blockletDid } = context.user;
+
+  let id;
+  if (rootDid) {
+    id = rootDid;
+  } else if (teamDid) {
+    id = teamDid;
+  } else if (scope) {
+    // e.g. scope is blocklet did in getAuditLog
+    id = scope;
+  } else if (did) {
+    id = Array.isArray(did) ? did[0] : did;
+  }
+
+  if (isBlockletRole(role) && blockletDid !== id) {
+    throw new Error("You cannot request other blocklet's data");
+  }
+};

package/api/gql/middlewares/verify-team.js

@@ -0,0 +1,9 @@
+const { isBlockletRole } = require('@abtnode/constant');
+
+module.exports = ({ teamDid }, context) => {
+  const { role, blockletDid } = context.user;
+
+  if (isBlockletRole(role) && blockletDid !== teamDid) {
+    throw new Error("You cannot request other blocklet's data");
+  }
+};