@blocklet/meta 1.8.13 → 1.8.16

package/lib/info.js

@@ -12,17 +12,20 @@ module.exports = (state, nodeSk, { returnWallet = true } = {}) => {
 
   const customDescription = envs.find((x) => x.key === 'BLOCKLET_APP_DESCRIPTION');
   const customPassportColor = envs.find((x) => x.key === 'BLOCKLET_PASSPORT_COLOR');
+  const customAppUrl = envs.find((x) => x.key === 'BLOCKLET_APP_URL');
 
   const { did } = state.meta;
   const name = getDisplayName(state);
   const description = get(customDescription, 'value', state.meta.description);
   const passportColor = get(customPassportColor, 'value', 'auto');
+  const appUrl = get(customAppUrl, 'value', '');
 
   if (!returnWallet) {
     return {
       did,
       name,
       description,
+      appUrl,
     };
   }
 
@@ -54,6 +57,7 @@ module.exports = (state, nodeSk, { returnWallet = true } = {}) => {
     name,
     description,
     passportColor,
+    appUrl,
     wallet,
   };
 };

package/lib/parse-navigation.js

@@ -140,7 +140,7 @@ const doParseNavigation = (navigation, blocklet, prefix = '/', _level = 1) => {
           }
 
           if (childNav.role) {
-            item.role = item.icon || childNav.role;
+            item.role = item.role || childNav.role;
           }
 
           if (childNav.section) {
@@ -151,6 +151,8 @@ const doParseNavigation = (navigation, blocklet, prefix = '/', _level = 1) => {
           result.push(item);
         } else {
           // child declares multiple menus
+          const groupSection = childNavigation[0].section || [];
+
           const list = doParseNavigation(
             childNavigation,
             child,
@@ -161,6 +163,11 @@ const doParseNavigation = (navigation, blocklet, prefix = '/', _level = 1) => {
           if (_level === 1) { // eslint-disable-line
             // primary menu
             const item = cloneDeep(itemProto);
+
+            if (groupSection.length) {
+              item.section = item.section || groupSection;
+            }
+
             item.items = list;
             result.push({
               ...item,

package/lib/payment/index.js

@@ -0,0 +1,7 @@
+const v1 = require('./v1');
+const v2 = require('./v2');
+
+module.exports = {
+  createNftFactoryItx: v1.createNftFactoryItx, // for backward compatibility
+  v2,
+};

package/lib/{payment.js → payment/v1.js}

@@ -3,7 +3,7 @@ const joinURL = require('url-join');
 const { BN } = require('@ocap/util');
 const { isValidFactory } = require('@ocap/asset');
 const { toFactoryAddress } = require('@arcblock/did-util');
-const { getBlockletPurchaseTemplate } = require('./nft-templates');
+const { getBlockletPurchaseTemplate } = require('../nft-templates');
 
 const createShareContract = ({ tokens = [], shares = [] }) => {
   const zeroBN = new BN(0);

package/lib/payment/v2.js

@@ -0,0 +1,619 @@
+/* eslint-disable no-await-in-loop */
+const crypto = require('crypto');
+const debug = require('debug')('@blocklet/meta:payment');
+const joinURL = require('url-join');
+const axios = require('axios');
+const stableStringify = require('json-stable-stringify');
+const get = require('lodash/get');
+const pick = require('lodash/pick');
+const cloneDeep = require('lodash/cloneDeep');
+const { BN, fromTokenToUnit, fromUnitToToken } = require('@ocap/util');
+const { isValidFactory } = require('@ocap/asset');
+const { fromPublicKey } = require('@ocap/wallet');
+const { toFactoryAddress } = require('@arcblock/did-util');
+const { toTypeInfo } = require('@arcblock/did');
+const { BLOCKLET_STORE_META_PATH } = require('@abtnode/constant');
+const { getBlockletPurchaseTemplate } = require('../nft-templates');
+const { validateMeta } = require('../validate');
+const { isComponentBlocklet, isFreeComponent, isFreeBlocklet } = require('../util');
+const { getBlockletMetaFromUrls, getSourceUrlsFromConfig } = require('../util-meta');
+
+const VERSION = '2.0.0';
+
+const ZeroBN = new BN(0);
+const defaultDecimals = 1e6; // we only support 6 decimals on share ratio
+const defaultDecimalsBN = new BN(defaultDecimals);
+
+const safeMul = (a, b) =>
+  Number(
+    fromUnitToToken(
+      fromTokenToUnit(a)
+        .mul(new BN(b * defaultDecimals))
+        .div(defaultDecimalsBN)
+    )
+  );
+
+const md5 = (str) => crypto.createHash('md5').update(str).digest('hex');
+
+const getStoreInfo = async (url) => {
+  const storeMetaUrl = joinURL(new URL(url).origin, BLOCKLET_STORE_META_PATH);
+  const { data: info } = await axios.get(storeMetaUrl, { timeout: 8000 });
+  return info;
+};
+
+/**
+ * @typedef {{
+ *   meta: Object
+ *   storeInfo: Object
+ *   storeUrl: string
+ *   children: Array<Component>
+ * }} Component
+ *
+ * @param {BlockletMeta} inputMeta
+ * @param {{
+ *   ancestors: Array<{BlockletMeta}>
+ *   bundles: {
+ *     <bundleName>: <storeId>
+ *   }
+ * }} context
+ *
+ * @returns {Array<Component>}
+ */
+const _getComponents = async (inputMeta, context = {}) => {
+  // FIXME 是否需要验证: 在同一个链上; 重复的 component
+  const { ancestors = [], bundles = {} } = context;
+
+  // check ancestor length
+  if (ancestors.length > 40) {
+    throw new Error('The depth of component should not exceed 40');
+  }
+
+  const configs = inputMeta.children || [];
+
+  if (!configs || !configs.length) {
+    return [];
+  }
+
+  const children = [];
+
+  for (const config of configs) {
+    // get component meta
+    const urls = getSourceUrlsFromConfig(config);
+    let meta;
+    let url;
+    try {
+      const res = await getBlockletMetaFromUrls(urls, {
+        returnUrl: true,
+        validateFn: (m) => validateMeta(m),
+        ensureTarball: false,
+      });
+      meta = res.meta;
+      url = res.url;
+    } catch (err) {
+      throw new Error(`Failed get component meta: ${config.title || config.name}: ${err.message}`);
+    }
+
+    // check is component
+    if (!isComponentBlocklet(meta)) {
+      throw new Error(`The blocklet cannot be a component: ${meta.title}`);
+    }
+
+    // check circular dependencies
+    if (ancestors.map((x) => x.meta?.did).indexOf(meta.did) > -1) {
+      throw new Error('Blocklet components have circular dependencies');
+    }
+
+    // generate child
+    const child = {
+      meta,
+    };
+
+    // child store info
+    if (config.source.store) {
+      const storeInfo = await getStoreInfo(url);
+
+      // check uniq bundle did in different stores
+      if (!bundles[child.meta.did]) {
+        bundles[child.meta.did] = storeInfo.id;
+      } else if (bundles[child.meta.did] !== storeInfo.id) {
+        throw new Error('Bundles with the same did cannot in different stores');
+      }
+
+      child.storeInfo = storeInfo;
+      child.storeUrl = new URL(url).origin;
+    }
+
+    // child children
+    child.children = await _getComponents(meta, {
+      ancestors: [...ancestors, { meta }],
+      bundles,
+    });
+
+    children.push(child);
+  }
+
+  return children;
+};
+
+/**
+ * @typedef {{
+ *   id: string
+ *   pk: string
+ *   url: string
+ *   components: Array<{did: string, version: string}>
+ * }} Store
+ * @param {Array<Component>} components
+ * @param {Array<Store>} _stores
+ * @returns {Array<Store>}
+ */
+const _getStores = (components, _stores = []) => {
+  for (const { meta, storeInfo, storeUrl, children } of components) {
+    if (storeInfo && (!isFreeBlocklet(meta) || !isFreeComponent(meta))) {
+      const store = _stores.find((x) => x.id === storeInfo.id);
+      if (!store) {
+        _stores.push({
+          id: storeInfo.id,
+          pk: storeInfo.pk,
+          url: storeUrl,
+          components: [{ did: meta.did, version: meta.version }],
+        });
+      } else if (!store.components.some((x) => x.did === meta.did && x.version === meta.version)) {
+        store.components.push({ did: meta.did, version: meta.version });
+      }
+    }
+
+    if (children && children.length > 0) {
+      _getStores(children, _stores);
+    }
+  }
+
+  return _stores;
+};
+
+const getComponents = async (inputMeta) => {
+  const components = await _getComponents(inputMeta);
+  const stores = await _getStores(components);
+  return { components, stores };
+};
+
+const getPriceTokens = async (meta, ocapClient) => {
+  const priceTokens = cloneDeep(get(meta, 'payment.price', []));
+  for (const token of priceTokens) {
+    // eslint-disable-next-line no-await-in-loop
+    const { state } = await ocapClient.getTokenState({ address: token.address });
+    if (!state) {
+      throw new Error(`Token specified in blocklet meta was not found on chain: ${token.address}`);
+    }
+
+    token.decimal = state.decimal;
+  }
+  return priceTokens;
+};
+
+const getChildShare = (childMeta, parentPrice) => {
+  if (!childMeta?.payment?.componentPrice) {
+    return 0;
+  }
+
+  const priceList = childMeta.payment.componentPrice;
+
+  let price = 0;
+
+  for (const { type, value, parentPriceRange } of priceList) {
+    const isDefault = !parentPriceRange || !parentPriceRange.length;
+    const skip = isDefault && price !== 0;
+    const inRange =
+      isDefault || (parentPriceRange && parentPrice >= parentPriceRange[0] && parentPrice <= parentPriceRange[1]);
+
+    if (!skip && inRange) {
+      if (type === 'fixed') {
+        price = value;
+      } else if (type === 'percentage') {
+        price = safeMul(parentPrice, value);
+      }
+    }
+  }
+
+  return price;
+};
+
+/**
+ * @returns {Array<{
+ *   tokenAddress: string
+ *   accountAddress: string
+ *   amount: BN
+ * }>}
+ */
+const getTokenTransfers = ({ priceToken, shares = [], components = [] }) => {
+  // check share
+  const shareSum = shares.reduce((sum, x) => sum + x.value, 0);
+  if (shareSum > 1) {
+    throw new Error('payment.share invalid: share sum should not be greater than 1');
+  }
+
+  const { value: price } = priceToken;
+
+  let parentShareBN = fromTokenToUnit(price, priceToken.decimal);
+
+  const contracts = [];
+
+  for (const child of components) {
+    if (!isFreeComponent(child.meta)) {
+      // // check same token
+      const [token] = child.meta.payment.price || [];
+      if (token && token.address !== priceToken.address) {
+        throw new Error(
+          `component price token is not same with app price token: ${child.meta.title || child.meta.name}`
+        );
+      }
+
+      const childShare = getChildShare(child.meta, price);
+
+      parentShareBN = parentShareBN.sub(fromTokenToUnit(childShare, priceToken.decimal));
+
+      if (parentShareBN.lt(ZeroBN)) {
+        throw new Error('Price is not enough for component sharing');
+      }
+
+      const componentContracts = getTokenTransfers({
+        priceToken: { ...priceToken, value: childShare },
+        shares: child.meta.payment.share,
+        components: child.children || [],
+      });
+
+      contracts.push(...componentContracts);
+    }
+  }
+
+  shares.forEach(({ name, address: accountAddress, value: ratio }) => {
+    contracts.push({
+      tokenAddress: priceToken.address,
+      accountName: name,
+      accountAddress,
+      amount: parentShareBN.mul(new BN(ratio * defaultDecimals)).div(defaultDecimalsBN),
+    });
+  });
+
+  const mergedContracts = [];
+
+  contracts.forEach((x) => {
+    const index = mergedContracts.findIndex(
+      (y) => y.tokenAddress === x.tokenAddress && y.accountAddress === x.accountAddress
+    );
+    if (index > -1) {
+      mergedContracts[index].amount = mergedContracts[index].amount.add(x.amount);
+    } else {
+      mergedContracts.push(x);
+    }
+  });
+
+  return mergedContracts;
+};
+
+const getContract = async ({ meta, priceTokens, components }) => {
+  const shares = meta.payment.share || [];
+
+  const [priceToken] = priceTokens;
+
+  const contracts = getTokenTransfers({ priceToken, shares, components });
+
+  const code = contracts
+    .map((x) => `transferToken('${x.tokenAddress}','${x.accountAddress}','${x.amount.toString()}')`)
+    .join(';\n');
+
+  const shareList = contracts.map((x) => ({
+    ...x,
+    amount: fromUnitToToken(x.amount, priceToken.decimal),
+  }));
+
+  return {
+    code,
+    shares: shareList,
+  };
+};
+
+/**
+ * we need to ensure that blocklet purchase factory does not change across changes
+ *
+ * @typedef {{
+ *   data: {
+ *     type: 'json'
+ *     value: {
+ *       did: string
+ *       url: string
+ *       name: string
+ *       version: string
+ *       payment: {
+ *         version: string
+ *       }
+ *       stores: Array<{
+ *         signer: string
+ *         pk: string
+ *         signature: string
+ *         components: Array<{did: string, version: string}>
+ *         paymentIntegrity: string
+ *       }>
+ *     }
+ *   }
+ * }} Itx
+ * @returns {Itx}
+ */
+const _createNftFactoryItx = ({ meta, issuers, serviceUrl, storeSignatures, factoryInput, contract }) => {
+  const factoryOutput = getBlockletPurchaseTemplate(serviceUrl);
+  const itx = {
+    name: meta.title || meta.name,
+    description: `Purchase NFT factory for blocklet ${meta.name}`,
+    settlement: 'instant',
+    limit: 0,
+    trustedIssuers: issuers,
+    input: factoryInput,
+    output: {
+      issuer: '{{ctx.issuer.id}}',
+      parent: '{{ctx.factory}}',
+      moniker: 'BlockletPurchaseNFT',
+      readonly: true,
+      transferrable: false,
+      data: factoryOutput,
+    },
+    data: {
+      type: 'json',
+      value: {
+        did: meta.did,
+        url: joinURL(serviceUrl, `/blocklet/${meta.did}`),
+        name: meta.name,
+        version: meta.version,
+        payment: {
+          version: VERSION,
+        },
+        stores: storeSignatures.map((x) => pick(x, ['signer', 'pk', 'signature', 'components', 'paymentIntegrity'])),
+      },
+    },
+    hooks: [
+      {
+        name: 'mint',
+        type: 'contract',
+        hook: contract,
+      },
+    ],
+  };
+
+  itx.address = toFactoryAddress(itx);
+
+  isValidFactory(itx, true);
+
+  return itx;
+};
+
+const getFactoryInput = (inputTokens, { formatToken = true } = {}) => {
+  const tokens = cloneDeep(inputTokens);
+  tokens.forEach((token) => {
+    if (formatToken) {
+      token.value = fromTokenToUnit(token.value, token.decimal).toString();
+    }
+    delete token.decimal;
+  });
+  return {
+    tokens,
+    assets: [],
+    variables: [],
+  };
+};
+
+const getPaymentIntegrity = async ({ contract, factoryInput, storeComponents, meta, client, storeId }) => {
+  if (!contract && !factoryInput && !storeComponents) {
+    const priceTokens = await getPriceTokens(meta, client);
+    const { components, stores } = await getComponents(meta);
+    const store = stores.find((x) => x.id === storeId);
+
+    // eslint-disable-next-line no-param-reassign
+    contract = (await getContract({ meta, components, priceTokens })).code;
+    // eslint-disable-next-line no-param-reassign
+    factoryInput = await getFactoryInput(priceTokens);
+    // eslint-disable-next-line no-param-reassign
+    storeComponents = store?.components || [];
+  }
+
+  const paymentData = {
+    factoryInput,
+    contract,
+    components: storeComponents || [],
+  };
+
+  const integrity = md5(stableStringify(paymentData));
+
+  return integrity;
+};
+
+const getStoreSignatures = async ({ meta, stores, factoryInput, contract }) => {
+  const storeSignatures = [];
+  for (const store of stores) {
+    const { id, url, pk, components: storeComponents } = store;
+
+    const paymentIntegrity = await getPaymentIntegrity({ factoryInput, contract, storeComponents });
+
+    /**
+     * protocol: /api/payment/signature
+     * method: POST
+     * body: { blockletMeta, paymentIntegrity, paymentVersion }
+     * return: { signer, pk, signature}
+     */
+    const { data: res } = await axios.post(
+      `${url}/api/payment/signature`,
+      {
+        blockletMeta: meta,
+        paymentIntegrity,
+        paymentVersion: VERSION,
+      },
+      { timeout: 20000 }
+    );
+
+    if (res.signer !== id) {
+      throw new Error('store signature: store id does not match');
+    }
+
+    if (res.pk !== pk) {
+      throw new Error('store signature: store pk does not match');
+    }
+
+    // verify sig
+    const type = toTypeInfo(id);
+    const wallet = fromPublicKey(pk, type);
+    const verifyRes = wallet.verify(paymentIntegrity, res.signature);
+    if (verifyRes !== true) {
+      throw new Error('verify store signature failed');
+    }
+
+    storeSignatures.push({
+      signer: res.signer,
+      pk: res.pk,
+      signature: res.signature,
+      components: storeComponents,
+      paymentIntegrity,
+      storeUrl: url,
+    });
+  }
+
+  return {
+    storeSignatures,
+  };
+};
+
+/**
+ * Used by CLI and Store to independent compute factory itx
+ *
+ * @param {{
+ *   blockletMeta: BlockletMeta,
+ *   ocapClient: OcapClient,
+ *   issuers: Array<string>,
+ *   storeUrl: string,
+ * }}
+ * @returns {{
+ *   itx: Itx
+ *   store: Array<{id, url}>
+ *   shares: Array<{
+ *     accountName: string
+ *     accountAddress: DID
+ *     tokenAddress: DID
+ *     amount: string|number,
+ *   }>
+ * }}
+ */
+const createNftFactoryItx = async ({ blockletMeta, ocapClient, issuers, storeUrl }) => {
+  const priceTokens = await getPriceTokens(blockletMeta, ocapClient);
+  const { components, stores } = await getComponents(blockletMeta);
+
+  const factoryInput = getFactoryInput(priceTokens);
+  const { code: contract, shares } = await getContract({
+    meta: blockletMeta,
+    client: ocapClient,
+    priceTokens,
+    components,
+  });
+
+  const { storeSignatures } = await getStoreSignatures({
+    meta: blockletMeta,
+    client: ocapClient,
+    priceTokens,
+    components,
+    stores,
+    factoryInput,
+    contract,
+  });
+
+  return {
+    itx: _createNftFactoryItx({
+      meta: blockletMeta,
+      issuers,
+      serviceUrl: storeUrl,
+      priceTokens,
+      components,
+      stores,
+      storeSignatures,
+      factoryInput,
+      contract,
+    }),
+    stores: storeSignatures.map((x) => ({ id: x.signer, url: x.storeUrl })),
+    shares,
+  };
+};
+
+/**
+ * Used by Store before generating payment signature
+ *
+ * @param {{
+ *   integrity: string,
+ *   blockletMeta: BlockletMeta,
+ *   ocapClient: OcapClient,
+ *   storeId: string
+ * }}
+ * @returns {string} integrity
+ */
+const verifyPaymentIntegrity = async ({ integrity: expected, blockletMeta, ocapClient, storeId }) => {
+  const actual = await getPaymentIntegrity({ meta: blockletMeta, client: ocapClient, storeId });
+
+  if (actual !== expected) {
+    throw new Error('verify payment integrity failed');
+  }
+
+  return expected;
+};
+
+/**
+ * Used by Store before generating downloadToken
+ *
+ * @param {{
+ *   {FactoryState} factoryState
+ *   {Wallet} signerWallet
+ * }}
+ *
+ * @returns {{
+ *   components: Array<{did: string, version: string}>
+ * }}
+ */
+const verifyNftFactory = async ({ factoryState, signerWallet }) => {
+  const data = JSON.parse(factoryState?.data?.value);
+  const stores = data?.stores || [];
+  const store = stores.find((x) => x.signer === signerWallet.address);
+
+  if (!store) {
+    throw new Error(
+      `Signer does not found in factory. factory: ${factoryState.address}, signer: ${signerWallet.address}`
+    );
+  }
+
+  const c = factoryState.hooks.find((x) => x.type === 'contract');
+  const { components } = store;
+
+  // Token 的字段和 factory 中的字段不一致
+  const factoryInput = getFactoryInput(
+    factoryState.input.tokens.map((x) => pick(x, ['address', 'value'])),
+    { formatToken: false }
+  );
+
+  const integrity = await getPaymentIntegrity({
+    contract: c.hook,
+    factoryInput,
+    storeComponents: components,
+  });
+
+  if (signerWallet.sign(integrity) !== store.signature) {
+    debug(store, factoryInput, integrity, components, c.hook);
+    throw new Error(`verify nft factory failed: ${factoryState.address}`);
+  }
+
+  return { components };
+};
+
+module.exports = {
+  createNftFactoryItx,
+  verifyPaymentIntegrity,
+  verifyNftFactory,
+  version: VERSION,
+  _test: {
+    getPriceTokens,
+    getFactoryInput,
+    getPaymentIntegrity,
+    getComponents,
+    getContract,
+  },
+};

package/lib/schema.js

@@ -307,15 +307,16 @@ const createBlockletSchema = (
 
     // Set the price and share of the blocklet
     payment: Joi.object({
-      // How much price required to purchase this block
+      // Currently only supports 1 token
       price: Joi.array()
-        .max(4)
+        .max(1)
         .items(
           Joi.object({
             value: Joi.number().greater(0).required(),
             address: Joi.DID().required(), // token address
           })
-        ),
+        )
+        .default([]),
       // List of beneficiaries that share the token earns from blocklet purchase
       // If left empty, blocklet publish workflow will enforce both the developer and the registry account
       // If not, the blocklet publish workflow will enforce the registry account
@@ -331,6 +332,7 @@ const createBlockletSchema = (
             value: Joi.number().greater(0).max(1).required(),
           })
         )
+        .default([])
         .custom((value) => {
           // If share is not empty, the total value should be 1
           if (value.length === 0) {
@@ -342,6 +344,35 @@ const createBlockletSchema = (
           }
           return value;
         }, 'invalid blocklet share'),
+      componentPrice: Joi.array()
+        .items(
+          Joi.object({
+            parentPriceRange: Joi.array()
+              .items(Joi.number())
+              // FIXME
+              // 1. 有重叠的区间时
+              // 2. 区间不连续时
+              // 3. 区间边界
+              .custom((value, helper) => {
+                if (value.length !== 2) {
+                  return helper.message('length of range should be 2');
+                }
+
+                if (value[0] < 0) {
+                  return helper.message('the first value should not less than 0 in range');
+                }
+
+                if (value[1] <= value[0]) {
+                  return helper.message('the second value should greater than the first value in range');
+                }
+
+                return value;
+              }),
+            type: Joi.string().valid('fixed', 'percentage').required(),
+            value: Joi.number().greater(0).required(),
+          })
+        )
+        .single(),
     }).default({ price: [], share: [] }),
 
     keywords: Joi.alternatives()
@@ -468,6 +499,7 @@ const createBlockletSchema = (
     // NOTE: following fields only exist in blocklet server and cannot be set manually
     bundleName: Joi.string(),
     bundleDid: Joi.DID().trim(),
+    storeId: Joi.string(),
   }).options({ stripUnknown: true, noDefaults: false, ...schemaOptions });
 };
 

package/lib/util-meta.js

@@ -0,0 +1,173 @@
+const fs = require('fs');
+const axios = require('axios');
+const any = require('promise.any');
+const joinUrl = require('url-join');
+
+const { BLOCKLET_STORE_API_BLOCKLET_PREFIX } = require('@abtnode/constant');
+
+const toBlockletDid = require('./did');
+const { validateMeta, fixAndValidateService } = require('./validate');
+
+const validateUrl = async (url, expectedHttpResTypes = ['application/json', 'text/plain']) => {
+  const parsed = new URL(url);
+  const { protocol, pathname } = parsed;
+
+  // file
+  if (protocol.startsWith('file')) {
+    const decoded = decodeURIComponent(pathname);
+    if (!fs.existsSync(decoded)) {
+      throw new Error(`File does not exist: ${decoded}`);
+    }
+    return true;
+  }
+
+  // http(s)
+  if (protocol.startsWith('http')) {
+    let res;
+
+    try {
+      res = await axios({ url, method: 'HEAD', timeout: 1000 * 10 });
+    } catch (err) {
+      throw new Error(`Cannot get content-type from ${url}: ${err.message}`);
+    }
+
+    if (
+      res.headers['content-type'] &&
+      expectedHttpResTypes.some((x) => res.headers['content-type'].includes(x)) === false
+    ) {
+      throw new Error(`Unexpected content-type from ${url}: ${res.headers['content-type']}`);
+    }
+
+    return true;
+  }
+
+  throw new Error(`Invalid url protocol: ${protocol.replace(/:$/, '')}`);
+};
+
+const validateBlockletMeta = (meta, opts = {}) => {
+  fixAndValidateService(meta);
+  return validateMeta(meta, opts);
+};
+
+const getBlockletMetaByUrl = async (url) => {
+  const { protocol, pathname } = new URL(url);
+
+  if (protocol.startsWith('file')) {
+    const decoded = decodeURIComponent(pathname);
+    if (!fs.existsSync(decoded)) {
+      throw new Error(`File does not exist: ${decoded}`);
+    }
+    const d = await fs.promises.readFile(decoded);
+    const meta = JSON.parse(d);
+    return meta;
+  }
+
+  if (protocol.startsWith('http')) {
+    const { data: meta } = await axios({ url, method: 'GET', timeout: 1000 * 20 });
+    if (Object.prototype.toString.call(meta) !== '[object Object]') {
+      throw new Error('Url is not valid');
+    }
+    return meta;
+  }
+
+  throw new Error(`Invalid url protocol: ${protocol.replace(/:$/, '')}`);
+};
+
+const getBlockletMetaFromUrl = async (
+  url,
+  { validateFn = validateBlockletMeta, returnUrl = false, ensureTarball = true, logger } = {}
+) => {
+  const meta = await getBlockletMetaByUrl(url);
+  delete meta.htmlAst;
+
+  const newMeta = validateFn(meta, { ensureDist: true });
+
+  if (ensureTarball) {
+    try {
+      const { href } = new URL(newMeta.dist.tarball, url);
+      const tarball = decodeURIComponent(href);
+
+      try {
+        await validateUrl(tarball, ['application/octet-stream', 'application/x-gzip']);
+      } catch (error) {
+        if (!error.message.startsWith('Cannot get content-type')) {
+          throw error;
+        }
+      }
+
+      newMeta.dist.tarball = tarball;
+    } catch (err) {
+      const msg = `Invalid blocklet meta: dist.tarball is not a valid url ${err.message}`;
+
+      if (logger) {
+        logger.error(msg);
+      }
+
+      throw new Error(msg);
+    }
+  }
+
+  if (returnUrl) {
+    return { meta: newMeta, url };
+  }
+
+  return newMeta;
+};
+
+const getBlockletMetaFromUrls = async (urls, { validateFn, returnUrl = false, ensureTarball = true, logger } = {}) => {
+  try {
+    const res = await any(
+      urls.map((url) => getBlockletMetaFromUrl(url, { validateFn, returnUrl, ensureTarball, logger }))
+    );
+    return res;
+  } catch (err) {
+    let { message } = err;
+    if (Array.isArray(err.errors)) {
+      message = err.errors.map((x) => x.message).join(', ');
+    }
+
+    if (logger) {
+      logger.error('failed get blocklet meta', { urls, message });
+    }
+
+    throw new Error(message);
+  }
+};
+
+/**
+ * @param {*} config defined in childrenSchema in blocklet meta schema
+ */
+const getSourceUrlsFromConfig = (config) => {
+  if (config.source) {
+    if (config.source.url) {
+      return [config.source.url].flat();
+    }
+
+    const { store, version, name } = config.source;
+    return [store]
+      .flat()
+      .map((x) =>
+        joinUrl(
+          x,
+          BLOCKLET_STORE_API_BLOCKLET_PREFIX,
+          toBlockletDid(name),
+          !version || version === 'latest' ? '' : version,
+          'blocklet.json'
+        )
+      );
+  }
+
+  if (config.resolved) {
+    return [config.resolved];
+  }
+
+  throw new Error('Invalid child config');
+};
+
+module.exports = {
+  validateUrl,
+  getBlockletMetaByUrl,
+  getBlockletMetaFromUrl,
+  getBlockletMetaFromUrls,
+  getSourceUrlsFromConfig,
+};

package/lib/util.js

@@ -259,6 +259,18 @@ const isFreeBlocklet = (meta) => {
   return priceList.every((x) => x === 0);
 };
 
+const isFreeComponent = (meta) => {
+  if (!meta.payment) {
+    return true;
+  }
+
+  if (!meta.payment.componentPrice) {
+    return true;
+  }
+
+  return !meta.payment.componentPrice.length;
+};
+
 const isComponentBlocklet = (meta) => {
   return get(meta, 'capabilities.component') !== false;
 };
@@ -428,6 +440,7 @@ const urlFriendly = (name) => slugify(name.replace(/^[@./-]/, '').replace(/[@./_
 
 module.exports = {
   isFreeBlocklet,
+  isFreeComponent,
   isComponentBlocklet,
   forEachBlocklet,
   forEachBlockletSync,

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.13",
+  "version": "1.8.16",
   "description": "Library to parse/validate/fix blocklet meta",
   "main": "lib/index.js",
   "files": [
@@ -18,17 +18,18 @@
   "author": "wangshijun <wangshijun2020@gmail.com> (http://github.com/wangshijun)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.8.13",
-    "@abtnode/util": "1.8.13",
-    "@arcblock/did": "1.17.15",
-    "@arcblock/did-ext": "1.17.15",
-    "@arcblock/did-util": "1.17.15",
-    "@arcblock/jwt": "1.17.15",
-    "@ocap/asset": "1.17.15",
-    "@ocap/mcrypto": "1.17.15",
-    "@ocap/util": "1.17.15",
-    "@ocap/wallet": "1.17.15",
+    "@abtnode/constant": "1.8.16",
+    "@abtnode/util": "1.8.16",
+    "@arcblock/did": "1.17.17",
+    "@arcblock/did-ext": "1.17.17",
+    "@arcblock/did-util": "1.17.17",
+    "@arcblock/jwt": "1.17.17",
+    "@ocap/asset": "1.17.17",
+    "@ocap/mcrypto": "1.17.17",
+    "@ocap/util": "1.17.17",
+    "@ocap/wallet": "1.17.17",
     "ajv": "^8.11.0",
+    "axios": "^0.27.2",
     "cjk-length": "^1.0.0",
     "debug": "^4.3.4",
     "fs-extra": "^10.1.0",
@@ -39,12 +40,18 @@
     "js-yaml": "^4.1.0",
     "json-stable-stringify": "^1.0.1",
     "lodash": "^4.17.21",
+    "promise.any": "^2.0.4",
     "slugify": "^1.6.5",
     "url-join": "^4.0.1",
     "validate-npm-package-name": "^3.0.0"
   },
   "devDependencies": {
+    "body-parser": "^1.20.0",
+    "compression": "^1.7.4",
+    "detect-port": "^1.3.0",
+    "expand-tilde": "^2.0.2",
+    "express": "^4.18.1",
     "jest": "^27.5.1"
   },
-  "gitHead": "028f33d8a3a4f999456bfe8e7bd2e1a53b664b47"
+  "gitHead": "2605cf6ebf2a0c3bb5524cb0f1385ad565fd85d6"
 }