@blocklet/meta 1.7.7 → 1.7.10

package/lib/file.js

@@ -34,7 +34,7 @@ const update = (file, meta) => {
     meta.specVersion = '1.0.0';
   }
 
-  fs.writeFileSync(file, yaml.safeDump(meta, { sortKeys: false, skipInvalid: true }));
+  fs.writeFileSync(file, yaml.dump(meta, { sortKeys: false, skipInvalid: true }));
 };
 
 module.exports = { list, select, update };

package/lib/parse-navigation.js

@@ -17,7 +17,7 @@ const parseNavigation = (navigation, blocklet, prefix = '/', level = 1) => {
       };
 
       if (nav.link) {
-        item.link = normalizePathPrefix(`${prefix}${nav.link || '/'}`);
+        item.link = nav.link.startsWith('/') ? normalizePathPrefix(`${prefix}${nav.link || '/'}`) : nav.link;
       }
 
       if (level === 1) {

package/lib/parse.js

@@ -50,14 +50,14 @@ const parse = (
   const blockletMetaFileAlt = path.join(dir, BLOCKLET_META_FILE_ALT);
   if (fs.existsSync(blockletMetaFile)) {
     try {
-      result = Object.assign(result, yaml.safeLoad(fs.readFileSync(blockletMetaFile).toString(), { json: true }));
+      result = Object.assign(result, yaml.load(fs.readFileSync(blockletMetaFile).toString(), { json: true }));
       debug(`parse ${blockletMetaFile}`, result);
     } catch (err) {
       console.error(`parse_blocklet_meta from ${BLOCKLET_META_FILE} failed`, err);
     }
   } else if (fs.existsSync(blockletMetaFileAlt)) {
     try {
-      result = Object.assign(result, yaml.safeLoad(fs.readFileSync(blockletMetaFileAlt).toString(), { json: true }));
+      result = Object.assign(result, yaml.load(fs.readFileSync(blockletMetaFileAlt).toString(), { json: true }));
       debug(`parse ${blockletMetaFileAlt}`, result);
     } catch (err) {
       console.error(`parse_blocklet_meta from ${BLOCKLET_META_FILE_ALT} failed`, err);

package/lib/schema.js

@@ -47,6 +47,7 @@ const environmentSchema = Joi.object({
 
 const scriptsSchema = Joi.object({
   dev: Joi.string().trim().min(1),
+  e2eDev: Joi.string().trim().min(1),
   preInstall: Joi.string().trim().min(1),
   postInstall: Joi.string().trim().min(1),
   preDeploy: Joi.string().trim().min(1),
@@ -137,6 +138,7 @@ const personSchema = Joi.object({
 const distSchema = Joi.object({
   tarball: Joi.alternatives().try(Joi.string().uri(), Joi.string()).required(),
   integrity: Joi.string().required(),
+  size: Joi.number().optional(),
 });
 
 const statsSchema = Joi.object({
@@ -181,6 +183,10 @@ const signatureSchema = Joi.object({
   sig: Joi.string().required(),
   excludes: Joi.array().items(Joi.string()).optional(),
   appended: Joi.array().items(Joi.string()).optional(),
+  // delegation token 校验所需字段
+  delegatee: Joi.string(),
+  delegateePk: Joi.string(),
+  delegation: Joi.string(),
 });
 
 const titleSchema = Joi.string()

package/lib/service.js

@@ -0,0 +1,102 @@
+const fs = require('fs-extra');
+const cloneDeep = require('lodash/cloneDeep');
+const Ajv = require('ajv').default;
+
+const { NODE_SERVICES } = require('@abtnode/constant');
+
+const ajv = new Ajv({
+  useDefaults: true,
+  removeAdditional: 'all',
+});
+
+const SERVICES = {};
+
+const setService = (meta) => {
+  const validate = ajv.compile(meta.schema.JSONSchema);
+
+  // parse empty custom config to get default config
+  const defaultConfig = {};
+  validate(defaultConfig);
+
+  SERVICES[meta.name] = {
+    meta,
+    validate,
+    defaultConfig,
+  };
+};
+
+setService(fs.readJSONSync(require.resolve('@abtnode/blocklet-services/configs/auth.json')));
+
+// backward compatible
+SERVICES[NODE_SERVICES.AUTH_SERVICE] = {
+  ...SERVICES[NODE_SERVICES.AUTH],
+  meta: {
+    ...SERVICES[NODE_SERVICES.AUTH].meta,
+    name: NODE_SERVICES.AUTH_SERVICE,
+  },
+};
+
+const getServiceMetas = ({ stringifySchema = false } = {}) => {
+  const list = Object.values(SERVICES).map(({ meta }) => {
+    const data = cloneDeep(meta);
+    if (stringifySchema) {
+      data.schema = JSON.stringify(meta.schema);
+    }
+    return data;
+  });
+
+  return list;
+};
+
+const getService = (serviceName) => {
+  if (!serviceName) {
+    throw new Error('service name should not be empty');
+  }
+
+  const service = SERVICES[serviceName];
+  if (!service) {
+    throw new Error(`service ${serviceName} does not exist`);
+  }
+
+  return service;
+};
+
+const getServiceConfig = (serviceName, customConfig, { validate } = {}) => {
+  const service = getService(serviceName);
+
+  const data = cloneDeep(customConfig || {});
+  // this method may have side effect thar will fill default value to customConfig
+  const valid = service.validate(data || {});
+
+  if (validate && !valid) {
+    const message = service.validate.errors.map((x) => `${x.instancePath} ${x.message}`).join(', ');
+    throw new Error(`Invalid blocklet service config: ${message}`);
+  }
+
+  return data;
+};
+
+const getDefaultServiceConfig = (serviceName) => {
+  const { defaultConfig } = getService(serviceName);
+
+  return defaultConfig;
+};
+
+const findService = (services, name) => {
+  const names = [name];
+
+  // backward compatible
+  if (name === NODE_SERVICES.AUTH) {
+    names.push(NODE_SERVICES.AUTH_SERVICE);
+  }
+
+  return (services || []).find((x) => names.includes(x.name));
+};
+
+module.exports = {
+  getServiceMetas,
+  getServiceConfig,
+  getDefaultServiceConfig,
+  findService,
+  setService,
+};

package/lib/util.js

@@ -1,7 +1,7 @@
 /* eslint-disable no-await-in-loop */
 const get = require('lodash/get');
 
-const { NODE_SERVICES, SLOT_FOR_IP_DNS_SITE } = require('@abtnode/constant');
+const { NODE_SERVICES, SLOT_FOR_IP_DNS_SITE, WHO_CAN_ACCESS } = require('@abtnode/constant');
 
 const { BlockletGroup, fromBlockletStatus, fromBlockletSource, BLOCKLET_INTERFACE_TYPE_WEB } = require('./constants');
 
@@ -204,13 +204,21 @@ const findServiceFromMeta = (meta, ServiceName) => {
   return (webInterface.services || []).find((x) => names.includes(x.name));
 };
 
-const isInvitedUserOnlyInMeta = (blocklet) => {
+const getWhoCanAccess = (blocklet) => {
   if (!blocklet) {
-    return false;
+    return WHO_CAN_ACCESS.ALL;
+  }
+
+  if (get(blocklet, 'settings.whoCanAccess')) {
+    return blocklet.settings.whoCanAccess;
   }
 
   const service = findServiceFromMeta(blocklet.meta, NODE_SERVICES.AUTH);
-  return service && service.config && ['yes', 'not-first'].includes(service.config.invitedUserOnly);
+  if (get(service, 'config.whoCanAccess')) {
+    return service.config.whoCanAccess;
+  }
+
+  return WHO_CAN_ACCESS.ALL;
 };
 
 const replaceSlotToIp = (url, ip) => (url || '').replace(SLOT_FOR_IP_DNS_SITE, (ip || '').replace(/\./g, '-'));
@@ -228,6 +236,6 @@ module.exports = {
   fixBlockletStatus,
   findWebInterface,
   findServiceFromMeta,
-  isInvitedUserOnlyInMeta,
+  getWhoCanAccess,
   replaceSlotToIp,
 };

package/lib/validate.js

@@ -1,14 +1,7 @@
-const Ajv = require('ajv').default;
-const cloneDeep = require('lodash/cloneDeep');
-
 const { createBlockletSchema } = require('./schema');
+const { getServiceConfig } = require('./service');
 
-const fixAndValidateService = (meta, serviceMetas) => {
-  const ajv = new Ajv({
-    useDefaults: true,
-    removeAdditional: 'all',
-  });
-
+const fixAndValidateService = (meta) => {
   if (!meta.interfaces) {
     return meta;
   }
@@ -19,26 +12,7 @@ const fixAndValidateService = (meta, serviceMetas) => {
   meta.interfaces.forEach((d) => {
     if (d.services && d.services.length) {
       d.services.forEach((s) => {
-        const config = cloneDeep(s.config) || {};
-
-        // validate service.config if serviceMetaList is exist
-        if (serviceMetas) {
-          const serviceMeta = serviceMetas.find((x) => x.name === s.name);
-          if (!serviceMeta) {
-            throw new Error(`Invalid blocklet service: ${s.name} does not exist`);
-          }
-
-          const validate = ajv.compile(serviceMeta.schema.JSONSchema);
-          // this method may have side effect thar will fill default value to config
-          const valid = validate(config);
-
-          if (!valid) {
-            const message = validate.errors.map((x) => `${x.dataPath} ${x.message}`).join(', ');
-            throw new Error(`Invalid blocklet service config: ${message}`);
-          }
-        }
-
-        s.config = config;
+        s.config = getServiceConfig(s.name, s.config, { validate: true });
       });
     }
   });

package/lib/verify-multi-sig.js

@@ -1,9 +1,42 @@
-const debug = require('debug')('@blocklet/meta:verifyMultiSig');
-const stableStringify = require('json-stable-stringify');
-const cloneDeep = require('lodash/cloneDeep');
+const get = require('lodash/get');
 const omit = require('lodash/omit');
+const cloneDeep = require('lodash/cloneDeep');
+const stableStringify = require('json-stable-stringify');
 const { toTypeInfo } = require('@arcblock/did');
 const { fromPublicKey } = require('@ocap/wallet');
+const { verify } = require('@arcblock/jwt');
+const { fromBase64 } = require('@ocap/util');
+
+const debug = require('debug')('@blocklet/meta:verifyMultiSig');
+
+function verifyDelegationToken(signature) {
+  if (signature.delegation) {
+    const payload = JSON.parse(fromBase64(signature.delegation.split('.')[1]));
+
+    if (payload.from !== signature.signer) {
+      debug('verify payload.from failed', { payload, signature });
+      return false;
+    }
+
+    if (payload.to !== signature.delegatee) {
+      debug('verify payload.to failed', { payload, signature });
+      return false;
+    }
+
+    if (!get(payload, 'permissions', []).includes('publish_blocklet')) {
+      debug('verify payload.permissions failed', payload);
+      return false;
+    }
+
+    // 验证一下delegation token
+    if (!verify(signature.delegation, signature.pk)) {
+      debug('verify delegation token failed', signature);
+      return false;
+    }
+  }
+
+  return true;
+}
 
 module.exports = (blockletMeta) => {
   const { signatures: tmpSignatures, ...meta } = blockletMeta;
@@ -22,7 +55,19 @@ module.exports = (blockletMeta) => {
 
   for (let i = 0; i < length; i++) {
     const signature = signatures.shift();
-    const { sig, signer, pk } = signature;
+
+    // 验证delegation token
+    if (!verifyDelegationToken(signature)) {
+      return false;
+    }
+
+    const { sig, signer, pk } = signature.delegation
+      ? {
+          sig: signature.sig,
+          signer: signature.delegatee,
+          pk: signature.delegateePk,
+        }
+      : signature;
     delete signature.sig;
     debug('verify', { signer });
 

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.7.7",
+  "version": "1.7.10",
   "description": "Library to parse/validate/fix blocklet meta",
   "main": "lib/index.js",
   "files": [
@@ -18,17 +18,18 @@
   "author": "wangshijun <wangshijun2020@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.7.7",
-    "@abtnode/util": "1.7.7",
-    "@arcblock/did": "^1.16.0",
-    "@arcblock/did-ext": "^1.16.0",
-    "@arcblock/did-util": "^1.16.0",
-    "@arcblock/nft": "^1.16.0",
-    "@ocap/asset": "^1.16.0",
-    "@ocap/mcrypto": "^1.16.0",
-    "@ocap/util": "^1.16.0",
-    "@ocap/wallet": "^1.16.0",
-    "ajv": "^7.0.3",
+    "@abtnode/constant": "1.7.10",
+    "@abtnode/util": "1.7.10",
+    "@arcblock/did": "^1.16.5",
+    "@arcblock/did-ext": "^1.16.5",
+    "@arcblock/did-util": "^1.16.5",
+    "@arcblock/jwt": "^1.16.5",
+    "@arcblock/nft": "^1.16.5",
+    "@ocap/asset": "^1.16.5",
+    "@ocap/mcrypto": "^1.16.5",
+    "@ocap/util": "^1.16.5",
+    "@ocap/wallet": "^1.16.5",
+    "ajv": "^8.11.0",
     "cjk-length": "^1.0.0",
     "debug": "^4.3.3",
     "fs-extra": "^10.0.1",
@@ -36,7 +37,7 @@
     "is-glob": "^4.0.3",
     "joi": "^17.6.0",
     "joi-extension-semver": "^5.0.0",
-    "js-yaml": "^3.14.0",
+    "js-yaml": "^4.1.0",
     "json-stable-stringify": "^1.0.1",
     "lodash": "^4.17.21",
     "url-join": "^4.0.1",
@@ -45,5 +46,5 @@
   "devDependencies": {
     "jest": "^27.4.5"
   },
-  "gitHead": "619db37ea7a91c64a9bf30836a55c70d55325e73"
+  "gitHead": "8eab10fd39b6183a2fa4d2706f52e8b2ecaa059a"
 }