@blocklet/sdk 1.16.54-beta-20251017-133309-7d40faa6 → 1.16.54-beta-20251023-041534-36eec6b9

package/lib/security/index.js

@@ -7,7 +7,7 @@ exports.verifyResponse = exports.signResponse = exports.decrypt = exports.encryp
 const crypto_1 = __importDefault(require("crypto"));
 const aes_legacy_1 = __importDefault(require("@ocap/mcrypto/lib/crypter/aes-legacy"));
 const security_1 = require("@blocklet/meta/lib/security");
-const wallet_1 = __importDefault(require("../wallet"));
+const wallet_1 = require("../wallet");
 const AES = { default: aes_legacy_1.default }.default;
 const encrypt = (message, password, salt) => {
     const _password = password || process.env.BLOCKLET_APP_EK;
@@ -27,9 +27,9 @@ const decrypt = (message, password, salt) => {
     return AES.decrypt(message, crypto_1.default.pbkdf2Sync(_password, _salt, 256, 32, 'sha512').toString('hex'));
 };
 exports.decrypt = decrypt;
-const signResponse = (data) => (0, security_1.signResponse)(data, (0, wallet_1.default)());
+const signResponse = (data) => (0, security_1.signResponse)(data, (0, wallet_1.getWallet)());
 exports.signResponse = signResponse;
-const verifyResponse = (data) => (0, security_1.verifyResponse)(data, (0, wallet_1.default)());
+const verifyResponse = (data) => (0, security_1.verifyResponse)(data, (0, wallet_1.getWallet)());
 exports.verifyResponse = verifyResponse;
 exports.default = {
     encrypt,

package/lib/service/blocklet.d.ts

@@ -1,5 +1,6 @@
 import Client from '@blocklet/server-js';
 import { LOGIN_PROVIDER } from '@blocklet/constant';
+import { AxiosHeaders } from 'axios';
 type PartialDeep<T> = {
     [K in keyof T]?: T[K] extends object ? PartialDeep<T[K]> : T[K];
 };
@@ -14,7 +15,9 @@ declare class BlockletService {
     constructor(httpEndpoint?: string);
 }
 interface BlockletService {
-    login: (params: object) => Promise<{
+    login: (params: object, options?: {
+        headers: AxiosHeaders;
+    }) => Promise<{
         user: Object;
         token: string;
         refreshToken: string;
@@ -94,4 +97,4 @@ interface BlockletService {
     configBlocklet(params: OmitDid<Client.RequestConfigBlockletInput>): Promise<Client.ResponseBlocklet>;
     configNavigations(params: OmitDid<Client.RequestConfigNavigationsInput>): Promise<Client.ResponseBlocklet>;
 }
-export = BlockletService;
+export { BlockletService };

package/lib/service/blocklet.js

@@ -35,6 +35,8 @@ var __importStar = (this && this.__importStar) || (function () {
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BlockletService = void 0;
 /* eslint-disable prettier/prettier */
 /* eslint-disable max-classes-per-file */
 /* eslint-disable @typescript-eslint/indent */
@@ -47,9 +49,9 @@ const constant_2 = require("@blocklet/constant");
 const util_2 = require("@blocklet/meta/lib/util");
 const security_1 = require("@blocklet/meta/lib/security");
 const error_1 = require("@blocklet/error");
-const check_blocklet_env_1 = __importDefault(require("../util/check-blocklet-env"));
+const check_blocklet_env_1 = require("../util/check-blocklet-env");
 const version_1 = require("../version");
-const wallet_1 = __importDefault(require("../wallet"));
+const wallet_1 = require("../wallet");
 const service_api_1 = __importDefault(require("../util/service-api"));
 const parse_docker_endpoint_1 = require("../util/parse-docker-endpoint");
 const { WELLKNOWN_SERVICE_PATH_PREFIX, USER_AVATAR_URL_PREFIX, USER_AVATAR_PATH_PREFIX } = constant_1.default;
@@ -64,18 +66,17 @@ const fixAvatar = (user) => {
 };
 class BlockletClient extends server_js_1.default {
     constructor(httpEndpoint) {
-        (0, check_blocklet_env_1.default)();
+        (0, check_blocklet_env_1.checkBlockletEnvironment)();
         super(httpEndpoint || `http://${(0, parse_docker_endpoint_1.getServerHost)()}:${process.env.ABT_NODE_PORT}/api/gql`.trim(), `BlockletSDK/${VERSION}`);
-        const wallet = (0, wallet_1.default)();
+        const wallet = wallet_1.getWallet.getAccessWallet();
         this.setAuthAccessKey({
             accessKeyId: wallet.address,
-            // for backward compatibility
             accessKeySecret: (0, util_1.toBuffer)(wallet.secretKey),
             type: 'sha256',
         });
     }
-    _getAuthHeaders() {
-        const headers = super._getAuthHeaders();
+    async _getAuthHeaders() {
+        const headers = await super._getAuthHeaders();
         // BLOCKLET_DID is always same as BLOCKLET_APP_PID in structV2 application
         headers['x-access-blocklet'] = process.env.BLOCKLET_DID;
         headers['x-access-component'] = process.env.BLOCKLET_COMPONENT_DID;
@@ -229,9 +230,11 @@ class BlockletService {
             const fn = client[api];
             this[api] = apiFnMap[api] ? apiFnMap[api](fn) : apiFallback(fn);
         });
-        this.login = async (data) => {
+        this.login = async (data, options) => {
             try {
-                const { data: resData } = await service_api_1.default.post('/api/user/login', data);
+                const { data: resData } = await service_api_1.default.post('/api/user/login', data, {
+                    headers: options?.headers,
+                });
                 if (resData?.user) {
                     fixAvatar(resData.user);
                 }
@@ -281,7 +284,7 @@ class BlockletService {
             return (0, util_2.findComponentByIdV2)(blocklet, did);
         };
         this.getVault = async () => {
-            const wallet = wallet_1.default.getPermanentWallet();
+            const wallet = wallet_1.getWallet.getPermanentWallet();
             const { blocklet } = await this.getBlocklet();
             return (0, security_1.verifyVault)(blocklet.vaults, wallet.address);
         };
@@ -353,4 +356,4 @@ class BlockletService {
         });
     }
 }
-module.exports = BlockletService;
+exports.BlockletService = BlockletService;

package/lib/service/eventbus.d.ts

@@ -1,5 +1,5 @@
 import { TEvent } from '../types/event';
-export declare const subscribe: (cb: (event: TEvent) => any | Promise<any>) => void;
+export declare const subscribe: (cb: (event: TEvent) => any | Promise<any>) => Promise<void>;
 export declare const unsubscribe: (cb: (event: TEvent) => any | Promise<any>) => void;
 export declare const publish: (name: string, event: {
     id?: string;
@@ -7,7 +7,7 @@ export declare const publish: (name: string, event: {
     data: any;
 }) => Promise<any>;
 declare const _default: {
-    subscribe: (cb: (event: TEvent) => any | Promise<any>) => void;
+    subscribe: (cb: (event: TEvent) => any | Promise<any>) => Promise<void>;
     unsubscribe: (cb: (event: TEvent) => any | Promise<any>) => void;
     publish: (name: string, event: {
         id?: string;

package/lib/service/eventbus.js

@@ -1,16 +1,13 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.publish = exports.unsubscribe = exports.subscribe = void 0;
 const util_1 = require("@blocklet/meta/lib/util");
 const notification_1 = require("./notification");
-const check_blocklet_env_1 = __importDefault(require("../util/check-blocklet-env"));
+const check_blocklet_env_1 = require("../util/check-blocklet-env");
 const send_notification_1 = require("../util/send-notification");
 const event_1 = require("../validators/event");
-const subscribe = (cb) => {
-    (0, notification_1.ensureClient)();
+const subscribe = async (cb) => {
+    await (0, notification_1.ensureClient)();
     notification_1._eventBus.on('event', cb);
 };
 exports.subscribe = subscribe;
@@ -19,8 +16,8 @@ const unsubscribe = (cb) => {
 };
 exports.unsubscribe = unsubscribe;
 const publish = async (name, event) => {
-    (0, check_blocklet_env_1.default)();
-    (0, notification_1.ensureClient)();
+    (0, check_blocklet_env_1.checkBlockletEnvironment)();
+    await (0, notification_1.ensureClient)();
     const payload = {
         id: event.id || (0, util_1.nanoid)(),
         time: event.time || new Date().toISOString(),

package/lib/service/notification.d.ts

@@ -3,7 +3,7 @@ import { TNotification, TNotificationInput, TSendOptions } from '../types/notifi
 type $TSFixMe = any;
 export declare const getSender: () => {
     appDid: string;
-    appSk: string;
+    wallet: import("@ocap/wallet").WalletObject<string>;
 };
 /**
  *
@@ -29,11 +29,12 @@ declare const doSendMail: (receiver: string | string[], notification: TNotificat
  */
 export declare const broadcast: (notification: TNotificationInput, options?: TSendOptions) => Promise<any>;
 export declare const _eventBus: EventEmitter<[never]>;
-export declare const ensureClient: () => void;
-export declare const on: (event: string, cb?: $TSFixMe) => EventEmitter<[never]>;
+export declare const _emitter: EventEmitter<[never]>;
+export declare const ensureClient: () => Promise<void>;
+export declare const on: (event: string, cb?: $TSFixMe) => Promise<EventEmitter<[never]>>;
 export declare const off: any;
 export declare const _message: {
-    on: (event: string, cb: $TSFixMe) => EventEmitter<[never]>;
+    on: (event: string, cb: $TSFixMe) => Promise<EventEmitter<[never]>>;
     off: any;
 };
 export { doSendToUser as sendToUser };
@@ -44,10 +45,10 @@ declare const _default: {
     sendToRelay: (topic: string, event: string, data: any) => Promise<any>;
     sendToMail: (receiver: string | string[], notification: TNotification, options?: TSendOptions) => Promise<any>;
     broadcast: (notification: TNotificationInput, options?: TSendOptions) => Promise<any>;
-    on: (event: string, cb?: $TSFixMe) => EventEmitter<[never]>;
+    on: (event: string, cb?: $TSFixMe) => Promise<EventEmitter<[never]>>;
     off: any;
     _message: {
-        on: (event: string, cb: $TSFixMe) => EventEmitter<[never]>;
+        on: (event: string, cb: $TSFixMe) => Promise<EventEmitter<[never]>>;
         off: any;
     };
 };

package/lib/service/notification.js

@@ -36,7 +36,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendToRelay = exports.sendToMail = exports.sendToUser = exports._message = exports.off = exports.on = exports.ensureClient = exports._eventBus = exports.broadcast = exports.getSender = void 0;
+exports.sendToRelay = exports.sendToMail = exports.sendToUser = exports._message = exports.off = exports.on = exports.ensureClient = exports._emitter = exports._eventBus = exports.broadcast = exports.getSender = void 0;
 /* eslint-disable @typescript-eslint/naming-convention */
 const Jwt = __importStar(require("@arcblock/jwt"));
 const debug_1 = __importDefault(require("debug"));
@@ -45,18 +45,21 @@ const ws_1 = require("@arcblock/ws");
 const util_1 = require("@blocklet/meta/lib/util");
 const channel_1 = require("@blocklet/meta/lib/channel");
 const constant_1 = require("@blocklet/constant");
-const check_blocklet_env_1 = __importDefault(require("../util/check-blocklet-env"));
+const check_blocklet_env_1 = require("../util/check-blocklet-env");
 const send_notification_1 = require("../util/send-notification");
 const constants_1 = require("../util/constants");
-const wallet_1 = __importStar(require("../wallet"));
+const wallet_1 = require("../wallet");
 const notification_1 = require("../validators/notification");
 const parse_docker_endpoint_1 = require("../util/parse-docker-endpoint");
 const debug = (0, debug_1.default)('@blocklet/sdk:notification');
 const getSender = () => {
-    const wallet = (0, wallet_1.default)();
+    const wallet = (0, wallet_1.getWallet)();
+    const accessKeyWallet = (0, wallet_1.getAccessWallet)();
     return {
+        // appDid is used by the server to identify the blocklet
         appDid: wallet.address,
-        appSk: wallet.secretKey,
+        // wallet is used for signing on the client side and verification on the server side
+        wallet: accessKeyWallet,
     };
 };
 exports.getSender = getSender;
@@ -70,19 +73,19 @@ exports.getSender = getSender;
  */
 // eslint-disable-next-line require-await
 const doSendToUser = async (receiver, notification, options) => {
-    (0, check_blocklet_env_1.default)();
+    (0, check_blocklet_env_1.checkBlockletEnvironment)();
     return (0, send_notification_1.sendToUser)(receiver, notification, (0, exports.getSender)(), options, 'send-to-user');
 };
 exports.sendToUser = doSendToUser;
 // eslint-disable-next-line require-await
 const doSendToRelay = async (topic, event, data) => {
-    (0, check_blocklet_env_1.default)();
+    (0, check_blocklet_env_1.checkBlockletEnvironment)();
     return (0, send_notification_1.sendToRelay)(topic, event, data, (0, exports.getSender)());
 };
 exports.sendToRelay = doSendToRelay;
 // eslint-disable-next-line require-await
 const doSendMail = async (receiver, notification, options) => {
-    (0, check_blocklet_env_1.default)();
+    (0, check_blocklet_env_1.checkBlockletEnvironment)();
     return (0, send_notification_1.sendToUser)(receiver, notification, (0, exports.getSender)(), options, 'send-to-mail');
 };
 exports.sendToMail = doSendMail;
@@ -99,7 +102,7 @@ exports.sendToMail = doSendMail;
  */
 // eslint-disable-next-line require-await
 const broadcast = async (notification, options = {}) => {
-    (0, check_blocklet_env_1.default)();
+    (0, check_blocklet_env_1.checkBlockletEnvironment)();
     const sender = (0, exports.getSender)();
     const { channel = (0, channel_1.getAppPublicChannel)(sender.appDid) } = options;
     const { event = 'message' } = options;
@@ -110,6 +113,7 @@ const noop = () => { };
 const emitter = new node_events_1.EventEmitter();
 const messageEmitter = new node_events_1.EventEmitter();
 exports._eventBus = new node_events_1.EventEmitter(); // for event bus
+exports._emitter = emitter; // export internal emitter for testing
 const emitError = (error) => {
     messageEmitter.emit('error', error);
     emitter.emit('error', error);
@@ -125,30 +129,30 @@ const joinChannelErrorHandler = (name, type, emitters) => (err) => {
     (emitters || [emitter]).forEach((x) => x.emit('error', { message: msg }));
 };
 let client = null;
-const initClient = () => {
+const initClient = async () => {
     if (!client) {
         ensureErrorListener();
-        const wallet = (0, wallet_1.getPermanentWallet)();
+        const accessWallet = (0, wallet_1.getAccessWallet)();
         const componentDid = process.env.BLOCKLET_COMPONENT_DID;
-        const { address: did, publicKey: pk, secretKey: sk } = wallet;
-        const url = `ws://${(0, parse_docker_endpoint_1.getServerHost)()}:${process.env.ABT_NODE_SERVICE_PORT}${constants_1.SERVICE_PREFIX}`;
-        const token = () => Jwt.sign(did, sk, {});
+        const appDid = process.env.BLOCKLET_APP_PID;
+        const { publicKey: pk } = accessWallet;
+        // Generate one token and reuse it for connection and all channels
+        const token = await accessWallet.signJWT({});
+        // Build URL with query parameters directly
+        const baseUrl = `ws://${(0, parse_docker_endpoint_1.getServerHost)()}:${process.env.ABT_NODE_SERVICE_PORT}${constants_1.SERVICE_PREFIX}/websocket`;
+        const url = `${baseUrl}?token=${encodeURIComponent(token)}&pk=${encodeURIComponent(pk)}`;
         client = new ws_1.WsClient(url, {
             heartbeatIntervalMs: 10 * 1000,
-            params: () => ({
-                token: token(),
-                pk,
-            }),
         });
         client.connect();
-        const messageChannel = client.channel(did, () => ({ token: token(), pk }));
-        const appPublicChannel = client.channel((0, channel_1.getAppPublicChannel)(did), () => ({ token: token(), pk }));
-        const componentChannel = client.channel((0, channel_1.getComponentChannel)(did, componentDid), () => ({
-            token: token(),
+        const messageChannel = client.channel(accessWallet.address, () => ({ token, pk }));
+        const appPublicChannel = client.channel((0, channel_1.getAppPublicChannel)(appDid), () => ({ token, pk }));
+        const componentChannel = client.channel((0, channel_1.getComponentChannel)(appDid, componentDid), () => ({
+            token,
             pk,
             apiKey: process.env.BLOCKLET_COMPONENT_API_KEY,
         }));
-        const eventBusChannel = client.channel((0, channel_1.getEventBusChannel)(did), () => ({ token: token(), pk }));
+        const eventBusChannel = client.channel((0, channel_1.getEventBusChannel)(appDid), () => ({ token, pk }));
         messageChannel
             .join()
             .receive('error', joinChannelErrorHandler('message channel', 'error', [messageEmitter, emitter]))
@@ -237,24 +241,24 @@ const initClient = () => {
         });
     }
 };
-const ensureClient = () => {
+const ensureClient = async () => {
     if (process.env.BLOCKLET_MODE === 'test') {
         return;
     }
     if (!client) {
-        initClient();
+        await initClient();
     }
 };
 exports.ensureClient = ensureClient;
-const on = (event, cb) => {
-    (0, exports.ensureClient)();
+const on = async (event, cb) => {
+    await (0, exports.ensureClient)();
     return emitter.on(event, cb);
 };
 exports.on = on;
 exports.off = emitter.off.bind(emitter);
 exports._message = {
-    on: (event, cb) => {
-        (0, exports.ensureClient)();
+    on: async (event, cb) => {
+        await (0, exports.ensureClient)();
         return messageEmitter.on(event, cb);
     },
     off: messageEmitter.off.bind(messageEmitter),

package/lib/service/signature.d.ts

@@ -0,0 +1,27 @@
+import { SerializedWallet } from '@ocap/wallet';
+import { DIDTypeArg } from '@arcblock/did';
+import { EncodingType } from '@ocap/util';
+export interface RemoteSignResponse {
+    signature: string;
+    publicKey?: string;
+}
+export interface RemoteSignJWTResponse {
+    token: string;
+    publicKey?: string;
+}
+export interface RemoteSignETHResponse {
+    signature: string;
+    publicKey?: string;
+}
+export interface RemoteSignOptions {
+    keyType?: 'sk' | 'psk';
+    type?: DIDTypeArg;
+    doSign?: boolean;
+    version?: string;
+    encoding?: EncodingType;
+    hashBeforeSign?: boolean;
+}
+export declare function remoteSign(payload: unknown, options?: RemoteSignOptions): Promise<RemoteSignResponse>;
+export declare function remoteSignJWT(payload: unknown, options?: any): Promise<RemoteSignJWTResponse>;
+export declare function remoteSignETH(data: string, options?: RemoteSignOptions): Promise<RemoteSignETHResponse>;
+export declare function remoteDeriveWallet(sub: string, type?: any, index?: number, options?: RemoteSignOptions): Promise<SerializedWallet>;

package/lib/service/signature.js

@@ -0,0 +1,112 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.remoteSign = remoteSign;
+exports.remoteSignJWT = remoteSignJWT;
+exports.remoteSignETH = remoteSignETH;
+exports.remoteDeriveWallet = remoteDeriveWallet;
+const axios_1 = __importDefault(require("axios"));
+const env_1 = require("@blocklet/env");
+const debug_1 = __importDefault(require("debug"));
+const omit_1 = __importDefault(require("lodash/omit"));
+const error_1 = require("@blocklet/error");
+const constants_1 = require("../util/constants");
+const parse_docker_endpoint_1 = require("../util/parse-docker-endpoint");
+const debug = (0, debug_1.default)('@blocklet/sdk:remote-sign');
+const { serverVersion } = env_1.blockletEnv;
+const signClient = axios_1.default.create({
+    proxy: false,
+    baseURL: `http://${(0, parse_docker_endpoint_1.getServerHost)()}:${process.env.ABT_NODE_SERVICE_PORT}${constants_1.SERVICE_PREFIX}`,
+    timeout: 30 * 1000,
+    headers: {
+        'User-Agent': `BlockletSDK/${serverVersion}`,
+        'x-blocklet-server-version': serverVersion,
+        'x-blocklet-did': process.env.BLOCKLET_DID,
+        'x-component-did': process.env.BLOCKLET_COMPONENT_DID,
+    },
+});
+const ensureRemoteContext = () => {
+    const { BLOCKLET_DID, BLOCKLET_REAL_DID, BLOCKLET_COMPONENT_API_KEY } = process.env;
+    if (!BLOCKLET_DID || !BLOCKLET_REAL_DID) {
+        throw new Error('Missing blocklet runtime context for remote signing: require BLOCKLET_DID and BLOCKLET_REAL_DID');
+    }
+    if (!BLOCKLET_COMPONENT_API_KEY) {
+        throw new Error('Missing BLOCKLET_COMPONENT_API_KEY for remote signing');
+    }
+    return { apiKey: BLOCKLET_COMPONENT_API_KEY, did: BLOCKLET_DID, realDid: BLOCKLET_REAL_DID };
+};
+const normalizePayload = (payload) => {
+    if (Buffer.isBuffer(payload)) {
+        return {
+            __type: 'buffer',
+            data: payload.toString('hex'),
+        };
+    }
+    return payload;
+};
+const getPayloadInfo = (payload) => {
+    if (payload !== undefined) {
+        if (typeof payload === 'string') {
+            return { payloadPreview: payload.substring(0, 100), payloadType: 'string' };
+        }
+        if (Buffer.isBuffer(payload)) {
+            return { payloadPreview: `Buffer(${payload.length} bytes)`, payloadType: 'Buffer' };
+        }
+        if (typeof payload === 'object') {
+            const preview = JSON.stringify(payload).substring(0, 100);
+            return { payloadPreview: preview, payloadType: 'object' };
+        }
+    }
+    return {};
+};
+/**
+ * Generic remote signing API caller
+ * @param endpoint - API endpoint (e.g., '/api/sign', '/api/sign/jwt')
+ * @param requestBody - Request body to send
+ * @returns API response data
+ */
+async function callRemoteSignAPI(endpoint, requestBody) {
+    const { apiKey } = ensureRemoteContext();
+    const startTime = Date.now();
+    // Prepare payload preview for logging (avoid logging sensitive data)
+    const payloadInfo = getPayloadInfo(requestBody.payload);
+    debug(`Remote Sign API call started: ${endpoint}`, {
+        ...payloadInfo,
+        body: (0, omit_1.default)(requestBody, 'payload'),
+    });
+    try {
+        const { data } = await signClient.post(endpoint, {
+            ...requestBody,
+            apiKey,
+        });
+        const duration = Date.now() - startTime;
+        debug(`Remote Sign API call succeeded: ${endpoint} in ${duration}`, {
+            responseKeys: Object.keys(data),
+        });
+        return data;
+    }
+    catch (error) {
+        const duration = Date.now() - startTime;
+        const message = (0, error_1.formatError)(error);
+        debug(`Remote Sign API call failed: ${endpoint} in ${duration}`, {
+            message,
+        });
+        throw new Error(`Remote signing API request failed: ${message}`);
+    }
+}
+function remoteSign(payload, options) {
+    const normalized = normalizePayload(payload);
+    return callRemoteSignAPI('/api/sign', { payload: normalized, options });
+}
+function remoteSignJWT(payload, options) {
+    return callRemoteSignAPI('/api/sign/jwt', { payload, options });
+}
+function remoteSignETH(data, options) {
+    const { hashBeforeSign, ...restOptions } = options || {};
+    return callRemoteSignAPI('/api/sign/eth', { data, hashBeforeSign, options: restOptions });
+}
+function remoteDeriveWallet(sub, type, index, options) {
+    return callRemoteSignAPI('/api/sign/derive', { sub, type, index, options });
+}

package/lib/util/app-info.d.ts

@@ -17,9 +17,9 @@ export declare function getBlockletInfoSimple(getBlocklet?: () => Promise<ABTNod
     federated: import("@blocklet/server-js").FederatedConfig;
     appPid: string;
     blocklet: import("@blocklet/server-js").BlockletState;
+    version: string;
     description: string;
     name: string;
-    version: string;
 } | {
     version: any;
     name: string;

package/lib/util/app-info.js

@@ -9,7 +9,7 @@ exports.getAppInfo = getAppInfo;
 exports.getMemberAppInfo = getMemberAppInfo;
 const ufo_1 = require("ufo");
 const util_1 = require("@blocklet/meta/lib/util");
-const info_1 = __importDefault(require("@blocklet/meta/lib/info"));
+const info_1 = require("@blocklet/meta/lib/info");
 const constant_1 = require("@abtnode/constant");
 const pick_1 = __importDefault(require("lodash/pick"));
 const login_1 = require("./login");
@@ -40,7 +40,7 @@ async function getBlockletInfoSimple(getBlocklet) {
     // 适用于 service 中获取 blocklet 信息
     if (getBlocklet && getBlocklet instanceof Function) {
         const blocklet = await getBlocklet();
-        const blockletInfo = (0, info_1.default)(blocklet, undefined, {
+        const blockletInfo = (0, info_1.getBlockletInfo)(blocklet, undefined, {
             returnWallet: false,
         });
         return {

package/lib/util/check-blocklet-env.d.ts

@@ -1,2 +1,2 @@
 declare const checkBlockletEnvironment: () => void;
-export = checkBlockletEnvironment;
+export { checkBlockletEnvironment };

package/lib/util/check-blocklet-env.js

@@ -1,11 +1,13 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkBlockletEnvironment = void 0;
 const checkBlockletEnvironment = () => {
     const envNames = [
         'BLOCKLET_APP_ID',
         'BLOCKLET_APP_NAME',
         'BLOCKLET_APP_DESCRIPTION',
-        'BLOCKLET_APP_SK',
         'BLOCKLET_DID',
+        'BLOCKLET_APP_EK',
         'ABT_NODE_DID',
         'ABT_NODE_PK',
         'ABT_NODE_PORT',
@@ -17,4 +19,4 @@ const checkBlockletEnvironment = () => {
         }
     });
 };
-module.exports = checkBlockletEnvironment;
+exports.checkBlockletEnvironment = checkBlockletEnvironment;

package/lib/util/component-api.js

@@ -7,20 +7,24 @@ const axios_1 = __importDefault(require("axios"));
 const env_1 = require("@blocklet/env");
 const qs_1 = __importDefault(require("qs"));
 const verify_sign_1 = require("./verify-sign");
+const { serverVersion } = env_1.blockletEnv;
 const componentApi = axios_1.default.create({
     timeout: 60 * 1000,
     headers: {
-        'User-Agent': `BlockletSDK/${env_1.serverVersion}`,
-        'x-blocklet-server-version': env_1.serverVersion,
+        'User-Agent': `BlockletSDK/${serverVersion}`,
+        'x-blocklet-server-version': serverVersion,
     },
     paramsSerializer: (params) => qs_1.default.stringify(params),
 });
-componentApi.interceptors.request.use((config) => {
-    const { sig, exp, iat, version } = (0, verify_sign_1.getSignData)({
+componentApi.interceptors.request.use(async (config) => {
+    const { sig, exp, iat, version } = await (0, verify_sign_1.getSignData)({
         data: config.data,
         method: config.method,
         params: config.params,
         url: config.url,
+    }, {
+        // Compatible with previous version where APP_ASK does not exist
+        appSk: process.env.BLOCKLET_APP_ASK || process.env.BLOCKLET_APP_SK,
     });
     config.headers['x-component-did'] = process.env.BLOCKLET_COMPONENT_DID;
     config.headers['x-component-sig'] = sig;

package/lib/util/csrf.d.ts

@@ -1,5 +1,10 @@
 import type { LiteralUnion } from 'type-fest';
 export declare function hmac(secretKey: string, message: string, algorithm?: LiteralUnion<'md5' | 'sha256', string>): string;
+/**
+ * Get CSRF secret key with smart fallback strategy
+ * @returns CSRF secret key
+ */
+export declare function getCsrfSecret(): string;
 /**
  * 生成 CSRF Token
  * @param secretKey 服务器密钥（必填，需保密）

package/lib/util/csrf.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.hmac = hmac;
+exports.getCsrfSecret = getCsrfSecret;
 exports.sign = sign;
 exports.verify = verify;
 const crypto_1 = require("crypto");
@@ -8,6 +9,14 @@ function hmac(secretKey, message, algorithm = 'md5') {
     const hmacFunc = (0, crypto_1.createHmac)(algorithm, secretKey);
     return hmacFunc.update(message).digest('base64url');
 }
+/**
+ * Get CSRF secret key with smart fallback strategy
+ * @returns CSRF secret key
+ */
+function getCsrfSecret() {
+    // Compatible with previous version where APP_ASK does not exist
+    return process.env.BLOCKLET_APP_ASK || process.env.BLOCKLET_APP_SK;
+}
 /**
  * 生成 CSRF Token
  * @param secretKey 服务器密钥（必填，需保密）

package/lib/util/jest-setup.js

@@ -8,14 +8,15 @@ exports.default = setupJest;
 const os_1 = __importDefault(require("os"));
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
-const parse_1 = __importDefault(require("@blocklet/meta/lib/parse"));
+const parse_1 = require("@blocklet/meta/lib/parse");
 const mcrypto_1 = require("@ocap/mcrypto");
 const wallet_1 = require("@ocap/wallet");
+const did_ext_1 = require("@arcblock/did-ext");
 function setupJest() {
     try {
         const dir = process.cwd();
         const wallet = (0, wallet_1.fromRandom)({ role: mcrypto_1.types.RoleType.ROLE_APPLICATION });
-        const meta = (0, parse_1.default)(dir, { ensureComponentStore: false });
+        const meta = (0, parse_1.parse)(dir, { ensureComponentStore: false });
         const tmpDir = path_1.default.join(os_1.default.tmpdir(), meta.did);
         if (fs_1.default.existsSync(tmpDir) === false) {
             fs_1.default.mkdirSync(tmpDir, { recursive: true });
@@ -29,13 +30,17 @@ function setupJest() {
         process.env.BLOCKLET_COMPONENT_DID = meta.did;
         process.env.BLOCKLET_DATA_DIR = path_1.default.join(tmpDir, wallet.address);
         process.env.BLOCKLET_LOG_DIR = path_1.default.join(tmpDir, wallet.address);
-        process.env.BLOCKLET_APP_SK = wallet.secretKey;
-        process.env.BLOCKLET_APP_PSK = wallet.secretKey;
+        // process.env.BLOCKLET_APP_SK = wallet.secretKey;
+        // process.env.BLOCKLET_APP_PSK = wallet.secretKey;
+        process.env.BLOCKLET_APP_PK = wallet.publicKey;
+        process.env.BLOCKLET_APP_PPK = wallet.publicKey;
         process.env.BLOCKLET_APP_ID = wallet.address;
         process.env.BLOCKLET_APP_PID = wallet.address;
         process.env.BLOCKLET_APP_IDS = wallet.address;
         process.env.BLOCKLET_APP_NAME = meta.title;
         process.env.BLOCKLET_APP_DESCRIPTION = meta.description;
+        process.env.BLOCKLET_APP_EK = (0, did_ext_1.fromAppDid)(meta.did, process.env.ABT_NODE_PK, undefined, 1).secretKey;
+        process.env.BLOCKLET_APP_ASK = (0, did_ext_1.fromAppDid)(meta.did, process.env.ABT_NODE_PK, undefined, 1).secretKey;
         process.env.BLOCKLET_APP_URL = 'http://192.168.0.10:3030';
         process.env.BLOCKLET_MOUNT_POINTS = JSON.stringify([
             {