@blocklet/sdk 1.16.33-beta-20241030-102817-90ad7cd5 → 1.16.33-beta-20241031-073543-49b1ff9b

package/lib/config.js

@@ -120,6 +120,20 @@ const initComponentStore = () => {
 };
 const componentStore = initComponentStore();
 exports.components = componentStore;
+const updateComponentStoreInDocker = (components) => {
+    if (!components || !components.length) {
+        return components;
+    }
+    if (process.env.DOCKER_HOST_SERVER_DIR && process.env.DOCKER_CONTAINER_SERVER_DIR) {
+        const raw = JSON.stringify({ v: components });
+        const nextRaw = raw.replace(new RegExp(process.env.DOCKER_HOST_SERVER_DIR, 'g'), process.env.DOCKER_CONTAINER_SERVER_DIR);
+        const nextComponents = JSON.parse(nextRaw).v;
+        for (let i = 0; i < nextComponents.length; i++) {
+            components[i] = nextComponents[i];
+        }
+    }
+    return components;
+};
 const _handleComponentUpdateOld = (data) => {
     componentStore.splice(0, componentStore.length);
     componentStore.push(...data.components.map((x) => {
@@ -128,6 +142,7 @@ const _handleComponentUpdateOld = (data) => {
         }
         return x;
     }));
+    updateComponentStoreInDocker(componentStore);
 };
 exports._handleComponentUpdateOld = _handleComponentUpdateOld;
 const _setComponentStatus = (components, status) => {
@@ -150,6 +165,8 @@ const _setUpdatedComponents = (components) => {
             componentStore.push({ ...newItem, status: constant_1.BlockletStatus.stopped });
         }
     });
+    updateComponentStoreInDocker(componentStore);
+    updateComponentStoreInDocker(list);
     return list;
 };
 const _handleComponentStarted = (data) => {

package/lib/middlewares/blocklet.js

@@ -1,48 +1,14 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyBlockletSig = void 0;
-const semver_1 = __importDefault(require("semver"));
-const ufo_1 = require("ufo");
-const constant_1 = require("@blocklet/constant");
 const config_1 = require("../config");
 const verify_sign_1 = require("../util/verify-sign");
-const legacyFn = (req) => {
-    const data = req?.body ?? {};
-    const params = req?.query ?? {};
-    return { data, params };
-};
-const defaultFn = (req) => {
-    const now = Math.floor(Date.now() / 1000);
-    const iat = Number(req.get('x-blocklet-sig-iat'));
-    const exp = Number(req.get('x-blocklet-sig-exp'));
-    if (Number.isNaN(iat) || Number.isNaN(exp)) {
-        throw new Error('invalid sig');
-    }
-    if (exp < now) {
-        throw new Error('expired sig');
-    }
-    const data = {
-        iat,
-        exp,
-        body: req.body ?? {},
-        query: req.query ?? {},
-        method: req.method.toLowerCase(),
-        url: (0, ufo_1.parseURL)(req.originalUrl).pathname,
-    };
-    return data;
-};
 const verifyBlockletSig = (req, res, next) => {
     try {
-        const sig = req.get('x-blocklet-sig');
-        const sigVersion = req.get('x-blocklet-sig-version');
+        const { data, sig } = (0, verify_sign_1.getVerifyData)(req, 'blocklet');
         if (!sig) {
             return res.status(400).json({ error: 'Bad Request' });
         }
-        const getData = semver_1.default.gt(semver_1.default.coerce(sigVersion), semver_1.default.coerce(constant_1.SIG_VERSION.V0)) ? defaultFn : legacyFn;
-        const data = getData(req);
         const verified = (0, verify_sign_1.verify)(data, sig);
         if (!verified) {
             return res.status(401).json({ error: 'verify sig failed' });

package/lib/middlewares/component.js

@@ -1,48 +1,14 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifySig = void 0;
-const semver_1 = __importDefault(require("semver"));
-const ufo_1 = require("ufo");
-const constant_1 = require("@blocklet/constant");
 const config_1 = require("../config");
 const verify_sign_1 = require("../util/verify-sign");
-const legacyFn = (req) => {
-    const data = req?.body ?? {};
-    const params = req?.query ?? {};
-    return { data, params };
-};
-const latestFn = (req) => {
-    const now = Math.floor(Date.now() / 1000);
-    const iat = Number(req.get('x-component-sig-iat'));
-    const exp = Number(req.get('x-component-sig-exp'));
-    if (Number.isNaN(iat) || Number.isNaN(exp)) {
-        throw new Error('invalid sig');
-    }
-    if (exp < now) {
-        throw new Error('expired sig');
-    }
-    const data = {
-        iat,
-        exp,
-        body: req.body ?? {},
-        query: req.query ?? {},
-        method: req.method.toLowerCase(),
-        url: (0, ufo_1.parseURL)(req.originalUrl).pathname,
-    };
-    return data;
-};
 const verifySig = (req, res, next) => {
     try {
-        const sig = req.get('x-component-sig');
-        const sigVersion = req.get('x-component-sig-version');
+        const { data, sig } = (0, verify_sign_1.getVerifyData)(req, 'component');
         if (!sig) {
             return res.status(400).json({ error: 'Bad Request' });
         }
-        const getData = semver_1.default.gt(semver_1.default.coerce(sigVersion), semver_1.default.coerce(constant_1.SIG_VERSION.V0)) ? latestFn : legacyFn;
-        const data = getData(req);
         const verified = (0, verify_sign_1.verify)(data, sig);
         if (!verified) {
             return res.status(401).json({ error: 'verify sig failed' });

package/lib/util/component-api.js

@@ -5,8 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const axios_1 = __importDefault(require("axios"));
 const env_1 = require("@blocklet/env");
-const constant_1 = require("@blocklet/constant");
-const ufo_1 = require("ufo");
+const qs_1 = __importDefault(require("qs"));
 const verify_sign_1 = require("./verify-sign");
 const componentApi = axios_1.default.create({
     timeout: 60 * 1000,
@@ -14,23 +13,20 @@ const componentApi = axios_1.default.create({
         'User-Agent': `BlockletSDK/${env_1.serverVersion}`,
         'x-blocklet-server-version': env_1.serverVersion,
     },
+    paramsSerializer: (params) => qs_1.default.stringify(params),
 });
 componentApi.interceptors.request.use((config) => {
-    const iat = Math.floor(Date.now() / 1000);
-    const exp = iat + 60 * 5;
-    const data = {
-        iat,
-        exp,
-    };
-    data.body = config.data ?? {};
-    data.query = config.params ?? {};
-    data.method = config.method.toLowerCase();
-    data.url = (0, ufo_1.parseURL)(config.url).pathname;
+    const { sig, exp, iat, version } = (0, verify_sign_1.getSignData)({
+        data: config.data,
+        method: config.method,
+        params: config.params,
+        url: config.url,
+    });
     config.headers['x-component-did'] = process.env.BLOCKLET_COMPONENT_DID;
-    config.headers['x-component-sig'] = (0, verify_sign_1.sign)(data);
+    config.headers['x-component-sig'] = sig;
     config.headers['x-component-sig-iat'] = iat;
     config.headers['x-component-sig-exp'] = exp;
-    config.headers['x-component-sig-version'] = constant_1.SIG_VERSION.DEFAULT;
+    config.headers['x-component-sig-version'] = version;
     return config;
 });
 exports.default = componentApi;

package/lib/util/service-api.d.ts

@@ -1,5 +1,5 @@
 /**
- * 用于在 SDK 中像 blocklet-service 发起 http 请求
+ * 用于在 SDK 中向 blocklet-service 发起 http 请求
  * 该封装中，会在请求的 header 中增加签名信息，确保安全性（签名信息的验证由 blocklet-service 的接口去做验证）
  */
 declare const axios: import("axios").AxiosInstance;

package/lib/util/service-api.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * 用于在 SDK 中像 blocklet-service 发起 http 请求
+ * 用于在 SDK 中向 blocklet-service 发起 http 请求
  * 该封装中，会在请求的 header 中增加签名信息，确保安全性（签名信息的验证由 blocklet-service 的接口去做验证）
  */
 var __importDefault = (this && this.__importDefault) || function (mod) {
@@ -9,8 +9,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const axios_1 = __importDefault(require("axios"));
 const env_1 = require("@blocklet/env");
-const ufo_1 = require("ufo");
-const constant_1 = require("@blocklet/constant");
 const constants_1 = require("./constants");
 const verify_sign_1 = require("./verify-sign");
 const axios = axios_1.default.create({
@@ -28,22 +26,18 @@ const axios = axios_1.default.create({
     },
 });
 axios.interceptors.request.use((config) => {
-    const iat = Math.floor(Date.now() / 1000);
-    const exp = iat + 60 * 5;
+    const { sig, exp, iat, version } = (0, verify_sign_1.getSignData)({
+        data: config.data,
+        method: config.method,
+        params: config.params,
+        url: config.url,
+    });
     // 同时对 post 和 get 参数做签名，确保同时支持 post get 请求的校验
-    const data = {
-        iat,
-        exp,
-    };
-    data.body = config.data ?? {};
-    data.query = config.params ?? {};
-    data.method = config.method.toLowerCase();
-    data.url = (0, ufo_1.parseURL)(config.url).pathname;
     // 签名使用的是当前 blocklet 的 appSk，固命名为 x-blocklet-sig，以后可做统一使用
-    config.headers['x-blocklet-sig'] = (0, verify_sign_1.sign)(data);
+    config.headers['x-blocklet-sig'] = sig;
     config.headers['x-blocklet-sig-iat'] = iat;
     config.headers['x-blocklet-sig-exp'] = exp;
-    config.headers['x-blocklet-sig-version'] = constant_1.SIG_VERSION.DEFAULT;
+    config.headers['x-blocklet-sig-version'] = version;
     return config;
 });
 exports.default = axios;

package/lib/util/verify-sign.d.ts

@@ -1,4 +1,5 @@
 import { DIDTypeShortcut } from '@arcblock/did';
+import type { Request } from 'express';
 declare const verify: (data: object, sig: string, { type, appSk, appPk, }?: {
     type?: DIDTypeShortcut;
     appSk?: string;
@@ -8,4 +9,20 @@ declare const sign: (data: object, { type, appSk, }?: {
     type?: DIDTypeShortcut;
     appSk?: string;
 }) => string;
-export { verify, sign };
+type SignType = 'component' | 'blocklet';
+declare const getVerifyData: (req: Request, type?: SignType) => {
+    sig: string;
+    data: object;
+};
+declare const getSignData: ({ data, params, method, url, }: {
+    data: object;
+    params: object;
+    method: string;
+    url: string;
+}, signOptions?: object) => {
+    sig: string;
+    iat: number;
+    exp: number;
+    version: string;
+};
+export { verify, sign, getVerifyData, getSignData };

package/lib/util/verify-sign.js

@@ -29,8 +29,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sign = exports.verify = void 0;
+exports.getSignData = exports.getVerifyData = exports.sign = exports.verify = void 0;
 const json_stable_stringify_1 = __importDefault(require("json-stable-stringify"));
+const ufo_1 = require("ufo");
+const constant_1 = require("@blocklet/constant");
+const semver_1 = __importDefault(require("semver"));
+const qs_1 = __importDefault(require("qs"));
 const wallet_1 = __importStar(require("../wallet"));
 const verify = (data, sig, { type, appSk, appPk, } = {}) => {
     try {
@@ -57,3 +61,67 @@ const sign = (data, { type, appSk, } = {}) => {
     return wallet.sign((0, json_stable_stringify_1.default)(data || {}));
 };
 exports.sign = sign;
+const getLatestFn = ({ iat, exp, body, query, method, url, }) => {
+    const now = Math.floor(Date.now() / 1000);
+    if (Number.isNaN(iat) || Number.isNaN(exp)) {
+        throw new Error('invalid sig');
+    }
+    if (exp < now) {
+        throw new Error('expired sig');
+    }
+    const data = {
+        iat,
+        exp,
+        body: body ?? {},
+        query: query ?? {},
+        method: method.toLowerCase(),
+        url: (0, ufo_1.parseURL)(url).pathname,
+    };
+    return data;
+};
+const getLegacyFn = ({ body, query, type = 'component' }) => {
+    // NOTICE: legacy 保持和原来一样，不做 parse 和 stringify 的处理了
+    const data = body ?? {};
+    const params = query ?? {};
+    if (type === 'blocklet') {
+        return { data, params };
+    }
+    return data;
+};
+const getVerifyData = (req, type = 'component') => {
+    const sig = req.get(`x-${type}-sig`);
+    const sigVersion = req.get(`x-${type}-sig-version`) || constant_1.SIG_VERSION.V0;
+    const iat = Number(req.get(`x-${type}-sig-iat`));
+    const exp = Number(req.get(`x-${type}-sig-exp`));
+    // NOTICE: 从 req 拿到的数据是经过 axios 和 JSON.parse 处理过的，所以 body 和 query 不需要再处理了
+    const { body, method, originalUrl: url, query } = req;
+    // FIXME: @zhanghan 2024-11-30 需要移除这个旧的兼容（提升总体的安全性）
+    const data = semver_1.default.gt(semver_1.default.coerce(sigVersion), semver_1.default.coerce(constant_1.SIG_VERSION.V0))
+        ? getLatestFn({ iat, exp, body, query, method, url })
+        : getLegacyFn({ body, query, type });
+    return { sig, data };
+};
+exports.getVerifyData = getVerifyData;
+const getSignData = ({ data, params, method, url, }, signOptions) => {
+    const iat = Math.floor(Date.now() / 1000);
+    const exp = iat + 60 * 5;
+    const signSeed = {
+        iat,
+        exp,
+    };
+    // 此处的数据为了保持和 verify 一致，需要做一次 JSON.parse 和 qs.parse
+    signSeed.body = JSON.parse(JSON.stringify(data ?? {}));
+    // NOTICE: 为了保持和 verify 一致，需要做一次 qs.stringify 和 qs.parse
+    signSeed.query = qs_1.default.parse(qs_1.default.stringify(params ?? {}));
+    signSeed.method = method.toLowerCase();
+    signSeed.url = (0, ufo_1.parseURL)(url).pathname;
+    const sig = sign(signSeed, signOptions);
+    const version = constant_1.SIG_VERSION.DEFAULT;
+    return {
+        sig,
+        iat,
+        exp,
+        version,
+    };
+};
+exports.getSignData = getSignData;

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.33-beta-20241030-102817-90ad7cd5",
+  "version": "1.16.33-beta-20241031-073543-49b1ff9b",
   "description": "graphql client to read/write data on abt node",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -27,20 +27,20 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/client": "1.16.33-beta-20241030-102817-90ad7cd5",
-    "@abtnode/constant": "1.16.33-beta-20241030-102817-90ad7cd5",
-    "@arcblock/did": "1.18.136",
-    "@arcblock/did-auth": "1.18.136",
-    "@arcblock/jwt": "1.18.136",
-    "@arcblock/ws": "1.18.136",
-    "@blocklet/constant": "1.16.33-beta-20241030-102817-90ad7cd5",
-    "@blocklet/env": "1.16.33-beta-20241030-102817-90ad7cd5",
-    "@blocklet/meta": "1.16.33-beta-20241030-102817-90ad7cd5",
+    "@abtnode/client": "1.16.33-beta-20241031-073543-49b1ff9b",
+    "@abtnode/constant": "1.16.33-beta-20241031-073543-49b1ff9b",
+    "@arcblock/did": "1.18.137",
+    "@arcblock/did-auth": "1.18.137",
+    "@arcblock/jwt": "1.18.137",
+    "@arcblock/ws": "1.18.137",
+    "@blocklet/constant": "1.16.33-beta-20241031-073543-49b1ff9b",
+    "@blocklet/env": "1.16.33-beta-20241031-073543-49b1ff9b",
+    "@blocklet/meta": "1.16.33-beta-20241031-073543-49b1ff9b",
     "@did-connect/authenticator": "^2.2.4",
     "@did-connect/handler": "^2.2.4",
     "@nedb/core": "^2.1.5",
-    "@ocap/mcrypto": "1.18.136",
-    "@ocap/wallet": "1.18.136",
+    "@ocap/mcrypto": "1.18.137",
+    "@ocap/wallet": "1.18.137",
     "axios": "^1.7.5",
     "cheerio": "1.0.0-rc.12",
     "debug": "^4.3.7",
@@ -50,6 +50,7 @@
     "jsonwebtoken": "^9.0.0",
     "lodash": "^4.17.21",
     "lru-cache": "^6.0.0",
+    "qs": "^6.13.0",
     "semver": "^7.6.3",
     "sitemap": "^8.0.0",
     "ufo": "^1.5.3",
@@ -77,5 +78,5 @@
     "ts-node": "^10.9.1",
     "typescript": "^5.6.3"
   },
-  "gitHead": "13346a64f33be7432253dc7735f3d6f52878e9ac"
+  "gitHead": "5c2659700928afe90cd739b617aababda6593bdc"
 }