mirror of
https://github.com/GrassrootsEconomics/cic-dw.git
synced 2024-12-22 10:57:33 +01:00
feat: add admin/auth api (#22)
* feat: add admin/auth api - jwt cookie based auth - /auth - admin/* * add: meta proxy * fix: remove ussd account status from syncer * add: cookie defaults and nuxt init check route * add: pin and address handlers
This commit is contained in:
parent
861af1761d
commit
77f127e14a
18
cmd/init.go
18
cmd/init.go
@ -6,6 +6,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
batch_balance "github.com/grassrootseconomics/cic-go/batch_balance"
|
batch_balance "github.com/grassrootseconomics/cic-go/batch_balance"
|
||||||
|
"github.com/grassrootseconomics/cic-go/meta"
|
||||||
cic_net "github.com/grassrootseconomics/cic-go/net"
|
cic_net "github.com/grassrootseconomics/cic-go/net"
|
||||||
|
|
||||||
"github.com/ethereum/go-ethereum/common"
|
"github.com/ethereum/go-ethereum/common"
|
||||||
@ -40,12 +41,19 @@ type config struct {
|
|||||||
Enabled bool `koan:"enabled"`
|
Enabled bool `koan:"enabled"`
|
||||||
}
|
}
|
||||||
Syncers map[string]string `koanf:"syncers"`
|
Syncers map[string]string `koanf:"syncers"`
|
||||||
|
Meta struct {
|
||||||
|
Endpoint string `koanf:"meta"`
|
||||||
|
}
|
||||||
|
Jwt struct {
|
||||||
|
Secret string `koanf:"secret"`
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type queries struct {
|
type queries struct {
|
||||||
core goyesql.Queries
|
core goyesql.Queries
|
||||||
dashboard goyesql.Queries
|
dashboard goyesql.Queries
|
||||||
public goyesql.Queries
|
public goyesql.Queries
|
||||||
|
admin goyesql.Queries
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadConfig(configFilePath string, k *koanf.Koanf) error {
|
func loadConfig(configFilePath string, k *koanf.Koanf) error {
|
||||||
@ -110,6 +118,10 @@ func loadCicNet(tokenIndex common.Address) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func loadCicMeta(metaEndpoint string) {
|
||||||
|
metaClient = meta.NewCicMeta(metaEndpoint)
|
||||||
|
}
|
||||||
|
|
||||||
func loadBatchBalance(balanceResolver common.Address) error {
|
func loadBatchBalance(balanceResolver common.Address) error {
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
@ -137,10 +149,16 @@ func loadQueries(sqlFilesPath string) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
adminQueries, err := goyesql.ParseFile(fmt.Sprintf("%s/admin.sql", sqlFilesPath))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
preparedQueries = &queries{
|
preparedQueries = &queries{
|
||||||
core: coreQueries,
|
core: coreQueries,
|
||||||
dashboard: dashboardQueries,
|
dashboard: dashboardQueries,
|
||||||
public: publicQueries,
|
public: publicQueries,
|
||||||
|
admin: adminQueries,
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -8,6 +8,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
batch_balance "github.com/grassrootseconomics/cic-go/batch_balance"
|
batch_balance "github.com/grassrootseconomics/cic-go/batch_balance"
|
||||||
|
"github.com/grassrootseconomics/cic-go/meta"
|
||||||
cic_net "github.com/grassrootseconomics/cic-go/net"
|
cic_net "github.com/grassrootseconomics/cic-go/net"
|
||||||
"github.com/grassrootseconomics/cic-go/provider"
|
"github.com/grassrootseconomics/cic-go/provider"
|
||||||
"github.com/hibiken/asynq"
|
"github.com/hibiken/asynq"
|
||||||
@ -28,6 +29,7 @@ var (
|
|||||||
rpcProvider *provider.Provider
|
rpcProvider *provider.Provider
|
||||||
cicnetClient *cic_net.CicNet
|
cicnetClient *cic_net.CicNet
|
||||||
batchBalance *batch_balance.BatchBalance
|
batchBalance *batch_balance.BatchBalance
|
||||||
|
metaClient *meta.CicMeta
|
||||||
rClient asynq.RedisConnOpt
|
rClient asynq.RedisConnOpt
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -59,9 +61,10 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if err := parseRedis(conf.Db.Redis); err != nil {
|
if err := parseRedis(conf.Db.Redis); err != nil {
|
||||||
|
|
||||||
log.Fatal().Err(err).Msg("could not parse redis connection string")
|
log.Fatal().Err(err).Msg("could not parse redis connection string")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
loadCicMeta(conf.Meta.Endpoint)
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"cic-dw/internal/admin"
|
||||||
"cic-dw/internal/dashboard"
|
"cic-dw/internal/dashboard"
|
||||||
"cic-dw/internal/public"
|
"cic-dw/internal/public"
|
||||||
|
|
||||||
@ -21,6 +22,7 @@ func initHTTPServer() *echo.Echo {
|
|||||||
|
|
||||||
dashboard.InitDashboardApi(server, db, preparedQueries.dashboard)
|
dashboard.InitDashboardApi(server, db, preparedQueries.dashboard)
|
||||||
public.InitPublicApi(server, db, batchBalance, cicnetClient, preparedQueries.public)
|
public.InitPublicApi(server, db, batchBalance, cicnetClient, preparedQueries.public)
|
||||||
|
admin.InitAdminApi(server, db, preparedQueries.admin, metaClient, conf.Jwt.Secret)
|
||||||
|
|
||||||
return server
|
return server
|
||||||
}
|
}
|
||||||
|
@ -26,3 +26,9 @@ enabled = true
|
|||||||
cache = "@every 20s"
|
cache = "@every 20s"
|
||||||
ussd = "@every 30s"
|
ussd = "@every 30s"
|
||||||
token = "@every 1m"
|
token = "@every 1m"
|
||||||
|
|
||||||
|
[meta]
|
||||||
|
endpoint = "http://cic-meta-server:8000"
|
||||||
|
|
||||||
|
[jwt]
|
||||||
|
secret = "0xd34db33f"
|
@ -4,7 +4,7 @@ The data warehouse additionally exposes a couple of REST API's (GraphQL planned)
|
|||||||
|
|
||||||
1. Dashboard API (`/dashboard`) - Exposes data for [`cic-dashboard`](https://github.com/grassrootseconomics/cic-dashboard). Most data is expected to be chart/table API specific and usually not human readable.
|
1. Dashboard API (`/dashboard`) - Exposes data for [`cic-dashboard`](https://github.com/grassrootseconomics/cic-dashboard). Most data is expected to be chart/table API specific and usually not human readable.
|
||||||
2. Public API (`/public`) - Exposes public (on-chain only/non-sensitive) data.
|
2. Public API (`/public`) - Exposes public (on-chain only/non-sensitive) data.
|
||||||
3. Internal API (planned)
|
3. Internal Admin API - back office operations
|
||||||
|
|
||||||
Each API is domain separated i.e. separate SQL query files and router control.
|
Each API is domain separated i.e. separate SQL query files and router control.
|
||||||
|
|
||||||
|
2
go.mod
2
go.mod
@ -29,6 +29,7 @@ require (
|
|||||||
github.com/go-redis/redis/v8 v8.11.2 // indirect
|
github.com/go-redis/redis/v8 v8.11.2 // indirect
|
||||||
github.com/go-stack/stack v1.8.0 // indirect
|
github.com/go-stack/stack v1.8.0 // indirect
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
|
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
|
||||||
github.com/golang/protobuf v1.4.3 // indirect
|
github.com/golang/protobuf v1.4.3 // indirect
|
||||||
github.com/google/uuid v1.2.0 // indirect
|
github.com/google/uuid v1.2.0 // indirect
|
||||||
github.com/gorilla/websocket v1.4.2 // indirect
|
github.com/gorilla/websocket v1.4.2 // indirect
|
||||||
@ -41,6 +42,7 @@ require (
|
|||||||
github.com/jackc/pgtype v1.11.0 // indirect
|
github.com/jackc/pgtype v1.11.0 // indirect
|
||||||
github.com/jackc/puddle v1.2.1 // indirect
|
github.com/jackc/puddle v1.2.1 // indirect
|
||||||
github.com/labstack/gommon v0.3.1 // indirect
|
github.com/labstack/gommon v0.3.1 // indirect
|
||||||
|
github.com/mapaiva/vcard-go v1.2.0 // indirect
|
||||||
github.com/mattn/go-colorable v0.1.12 // indirect
|
github.com/mattn/go-colorable v0.1.12 // indirect
|
||||||
github.com/mattn/go-isatty v0.0.14 // indirect
|
github.com/mattn/go-isatty v0.0.14 // indirect
|
||||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||||
|
4
go.sum
4
go.sum
@ -169,6 +169,8 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP
|
|||||||
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
|
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
||||||
github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||||
github.com/golang-module/carbon/v2 v2.1.6 h1:PL7wjvWG+NfUL2hIYOUX68yMi0A9rrCVlJxozldJ1lU=
|
github.com/golang-module/carbon/v2 v2.1.6 h1:PL7wjvWG+NfUL2hIYOUX68yMi0A9rrCVlJxozldJ1lU=
|
||||||
github.com/golang-module/carbon/v2 v2.1.6/go.mod h1:NF5unWf838+pyRY0o+qZdIwBMkFf7w0hmLIguLiEpzU=
|
github.com/golang-module/carbon/v2 v2.1.6/go.mod h1:NF5unWf838+pyRY0o+qZdIwBMkFf7w0hmLIguLiEpzU=
|
||||||
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
|
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
|
||||||
@ -391,6 +393,8 @@ github.com/lmittmann/w3 v0.7.0 h1:z3Z7OeLAQ/oHWK8k5U5SH+G2BD6ZbsdrBktUytDzG78=
|
|||||||
github.com/lmittmann/w3 v0.7.0/go.mod h1:8F9LNaa0D/k68rnCdTtBsMon8ucpvlS9fmPVXp7Uz7M=
|
github.com/lmittmann/w3 v0.7.0/go.mod h1:8F9LNaa0D/k68rnCdTtBsMon8ucpvlS9fmPVXp7Uz7M=
|
||||||
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
|
github.com/mapaiva/vcard-go v1.2.0 h1:w/Jmdow8CDE3T/6SBSTt1HBTDxZmQ39a415hCzElAN8=
|
||||||
|
github.com/mapaiva/vcard-go v1.2.0/go.mod h1:OedyhOJ8gUHmfp6iI3+2bf0kzQetFRpD625G9NCEB6Y=
|
||||||
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
|
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
|
||||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||||
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
|
github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
|
||||||
|
82
internal/admin/api.go
Normal file
82
internal/admin/api.go
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
package admin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt"
|
||||||
|
"github.com/grassrootseconomics/cic-go/meta"
|
||||||
|
"github.com/jackc/pgx/v4/pgxpool"
|
||||||
|
"github.com/labstack/echo/v4"
|
||||||
|
"github.com/nleof/goyesql"
|
||||||
|
)
|
||||||
|
|
||||||
|
type api struct {
|
||||||
|
db *pgxpool.Pool
|
||||||
|
q goyesql.Queries
|
||||||
|
m *meta.CicMeta
|
||||||
|
jwtKey []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
func InitAdminApi(e *echo.Echo, db *pgxpool.Pool, queries goyesql.Queries, metaClient *meta.CicMeta, jwtKey string) {
|
||||||
|
api := newApi(db, queries, metaClient, jwtKey)
|
||||||
|
|
||||||
|
auth := e.Group(("/auth"))
|
||||||
|
g := e.Group("/admin")
|
||||||
|
|
||||||
|
auth.Use(api.dwCoreMiddleware)
|
||||||
|
auth.POST("/login", sendLoginJwtCookie)
|
||||||
|
auth.POST("/logout", sendLogoutCookie)
|
||||||
|
|
||||||
|
g.Use(api.dwCoreMiddleware)
|
||||||
|
g.Use(api.verifyAuthMiddleware)
|
||||||
|
|
||||||
|
g.GET("/check", isLoggedIn)
|
||||||
|
g.GET("/meta-proxy/:address", handleMetaProxy)
|
||||||
|
g.GET("/pin-status", handlePinStatus)
|
||||||
|
g.GET("/phone-2-address/:phone", handlePhone2Address)
|
||||||
|
g.GET("/address-2-phone/:address", handleAddress2Phone)
|
||||||
|
}
|
||||||
|
|
||||||
|
func newApi(db *pgxpool.Pool, queries goyesql.Queries, metaClient *meta.CicMeta, jwtKey string) *api {
|
||||||
|
return &api{
|
||||||
|
db: db,
|
||||||
|
q: queries,
|
||||||
|
m: metaClient,
|
||||||
|
jwtKey: []byte(jwtKey),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *api) dwCoreMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
|
return func(c echo.Context) error {
|
||||||
|
c.Set("api", &api{
|
||||||
|
db: a.db,
|
||||||
|
q: a.q,
|
||||||
|
m: a.m,
|
||||||
|
jwtKey: a.jwtKey,
|
||||||
|
})
|
||||||
|
return next(c)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *api) verifyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
|
return func(c echo.Context) error {
|
||||||
|
cookie, err := c.Cookie("_ge_auth")
|
||||||
|
if err != nil {
|
||||||
|
return c.String(http.StatusForbidden, "auth cookie missing")
|
||||||
|
}
|
||||||
|
|
||||||
|
claims := &jwtClaims{}
|
||||||
|
|
||||||
|
token, err := jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
|
||||||
|
return a.jwtKey, nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return c.String(http.StatusUnauthorized, "jwt validation failed")
|
||||||
|
}
|
||||||
|
if !token.Valid {
|
||||||
|
return c.String(http.StatusUnauthorized, "jwt invalid")
|
||||||
|
}
|
||||||
|
|
||||||
|
return next(c)
|
||||||
|
}
|
||||||
|
}
|
88
internal/admin/auth.go
Normal file
88
internal/admin/auth.go
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
package admin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt"
|
||||||
|
"github.com/labstack/echo/v4"
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
)
|
||||||
|
|
||||||
|
type staff struct {
|
||||||
|
Username string `json:"username"`
|
||||||
|
Password string `json:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type jwtClaims struct {
|
||||||
|
Username string `json:"username"`
|
||||||
|
jwt.StandardClaims
|
||||||
|
}
|
||||||
|
|
||||||
|
func isLoggedIn(c echo.Context) error {
|
||||||
|
return c.String(http.StatusOK, "ok")
|
||||||
|
}
|
||||||
|
|
||||||
|
func sendLoginJwtCookie(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
api = c.Get("api").(*api)
|
||||||
|
|
||||||
|
passwordHash string
|
||||||
|
)
|
||||||
|
|
||||||
|
u := new(staff)
|
||||||
|
if err := c.Bind(u); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := api.db.QueryRow(context.Background(), api.q["get-password-hash"], u.Username).Scan(&passwordHash); err != nil {
|
||||||
|
return c.String(http.StatusNotFound, "username not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(u.Password)); err != nil {
|
||||||
|
return c.String(http.StatusForbidden, "login failed")
|
||||||
|
}
|
||||||
|
|
||||||
|
expiration := time.Now().Add(24 * 7 * time.Hour)
|
||||||
|
|
||||||
|
claims := &jwtClaims{
|
||||||
|
Username: u.Username,
|
||||||
|
StandardClaims: jwt.StandardClaims{
|
||||||
|
ExpiresAt: expiration.Unix(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
|
tokenString, err := jwtToken.SignedString(api.jwtKey)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
cookie := cookieDefaults()
|
||||||
|
cookie.Value = tokenString
|
||||||
|
cookie.Expires = expiration
|
||||||
|
|
||||||
|
c.SetCookie(cookie)
|
||||||
|
return c.String(http.StatusOK, "login successful")
|
||||||
|
}
|
||||||
|
|
||||||
|
func sendLogoutCookie(c echo.Context) error {
|
||||||
|
cookie := cookieDefaults()
|
||||||
|
cookie.MaxAge = -1
|
||||||
|
|
||||||
|
c.SetCookie(cookie)
|
||||||
|
return c.String(http.StatusOK, "logout successful")
|
||||||
|
}
|
||||||
|
|
||||||
|
func cookieDefaults() *http.Cookie {
|
||||||
|
cookie := new(http.Cookie)
|
||||||
|
|
||||||
|
cookie.Name = "_ge_auth"
|
||||||
|
cookie.Path = "/"
|
||||||
|
cookie.SameSite = 3
|
||||||
|
cookie.HttpOnly = true
|
||||||
|
cookie.Secure = false
|
||||||
|
|
||||||
|
return cookie
|
||||||
|
}
|
33
internal/admin/pins.go
Normal file
33
internal/admin/pins.go
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
package admin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/georgysavva/scany/pgxscan"
|
||||||
|
"github.com/labstack/echo/v4"
|
||||||
|
)
|
||||||
|
|
||||||
|
type pinStatusResponse struct {
|
||||||
|
PhoneNumber string `db:"phone_number" json:"phone_number"`
|
||||||
|
FailedPinAttempts int `db:"failed_pin_attempts" json:"failed_pin_attempts"`
|
||||||
|
AccountStatus string `db:"account_status" json:"account_status"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func handlePinStatus(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
api = c.Get("api").(*api)
|
||||||
|
res []pinStatusResponse
|
||||||
|
)
|
||||||
|
|
||||||
|
rows, err := api.db.Query(context.Background(), api.q["pin-status"])
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := pgxscan.ScanAll(&res, rows); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(http.StatusOK, res)
|
||||||
|
}
|
95
internal/admin/user.go
Normal file
95
internal/admin/user.go
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
package admin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"cic-dw/pkg/address"
|
||||||
|
"context"
|
||||||
|
"encoding/base64"
|
||||||
|
"net/http"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/grassrootseconomics/cic-go/meta"
|
||||||
|
"github.com/labstack/echo/v4"
|
||||||
|
"github.com/mapaiva/vcard-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
type metaRes struct {
|
||||||
|
Person meta.PersonResponse `json:"person"`
|
||||||
|
Name string `json:"name"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func handlePhone2Address(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
api = c.Get("api").(*api)
|
||||||
|
phone = c.Param("phone")
|
||||||
|
|
||||||
|
address string
|
||||||
|
)
|
||||||
|
|
||||||
|
if err := api.db.QueryRow(context.Background(), api.q["phone-2-address"], phone).Scan(&address); err != nil {
|
||||||
|
return c.String(http.StatusNotFound, "phone not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.String(http.StatusOK, address)
|
||||||
|
}
|
||||||
|
|
||||||
|
func handleAddress2Phone(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
api = c.Get("api").(*api)
|
||||||
|
|
||||||
|
phone string
|
||||||
|
)
|
||||||
|
|
||||||
|
sarafuAddress, err := address.SarafuAddress(c.Param("address"))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := api.db.QueryRow(context.Background(), api.q["address-2-phone"], sarafuAddress).Scan(&phone); err != nil {
|
||||||
|
return c.String(http.StatusNotFound, "address not found")
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.String(http.StatusOK, phone)
|
||||||
|
}
|
||||||
|
|
||||||
|
func handleMetaProxy(c echo.Context) error {
|
||||||
|
var (
|
||||||
|
api = c.Get("api").(*api)
|
||||||
|
address = c.Param("address")
|
||||||
|
)
|
||||||
|
|
||||||
|
person, err := api.m.GetPersonMetadata(address)
|
||||||
|
if err != nil {
|
||||||
|
if strings.Contains(err.Error(), "404") {
|
||||||
|
return c.String(http.StatusNotFound, "meta resource not found")
|
||||||
|
} else {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
vCard, err := parseVCard(person.VCard)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.JSON(http.StatusOK, &metaRes{
|
||||||
|
Person: person,
|
||||||
|
Name: vCard.FormattedName,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseVCard(encodedVCard string) (vcard.VCard, error) {
|
||||||
|
data, err := base64.StdEncoding.DecodeString(encodedVCard)
|
||||||
|
if err != nil {
|
||||||
|
return vcard.VCard{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
reader := bytes.NewReader(data)
|
||||||
|
|
||||||
|
vCards, err := vcard.GetVCardsByReader(reader)
|
||||||
|
if err != nil {
|
||||||
|
return vcard.VCard{}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
return vCards[0], nil
|
||||||
|
}
|
13
migrations/004_auth.sql
Normal file
13
migrations/004_auth.sql
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
-- Drop static columns on user table
|
||||||
|
ALTER TABLE users DROP COLUMN failed_pin_attempts, DROP COLUMN ussd_account_status;
|
||||||
|
|
||||||
|
-- Staff dashboard auth
|
||||||
|
CREATE TABLE IF NOT EXISTS staff (
|
||||||
|
id INT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
|
||||||
|
username VARCHAR(16) NOT NULL UNIQUE,
|
||||||
|
password_hash VARCHAR(76) NOT NULL
|
||||||
|
)
|
||||||
|
|
||||||
|
---- create above / drop below ----
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS staff;
|
18
queries/admin.sql
Normal file
18
queries/admin.sql
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-- name: get-password-hash
|
||||||
|
SELECT password_hash FROM staff WHERE username = $1;
|
||||||
|
|
||||||
|
-- name: pin-status
|
||||||
|
SELECT phone_number, failed_pin_attempts,
|
||||||
|
CASE STATUS
|
||||||
|
WHEN 1 THEN 'PENDING'
|
||||||
|
WHEN 2 THEN 'ACTIVE'
|
||||||
|
WHEN 3 THEN 'LOCKED'
|
||||||
|
WHEN 4 THEN 'RESET' END AS account_status
|
||||||
|
FROM cic_ussd.account WHERE
|
||||||
|
failed_pin_attempts > 0 OR STATUS = 4;
|
||||||
|
|
||||||
|
--name: phone-2-address
|
||||||
|
SELECT blockchain_address FROM users WHERE phone_number = $1;
|
||||||
|
|
||||||
|
--name: address-2-phone
|
||||||
|
SELECT phone_number FROM users WHERE blockchain_address = $1;
|
@ -7,8 +7,8 @@ WITH current_ussd_cursor AS (
|
|||||||
SELECT id FROM cic_ussd.account WHERE blockchain_address = (SELECT cursor_pos FROM cursors WHERE id = 1)
|
SELECT id FROM cic_ussd.account WHERE blockchain_address = (SELECT cursor_pos FROM cursors WHERE id = 1)
|
||||||
)
|
)
|
||||||
|
|
||||||
INSERT INTO users (phone_number, blockchain_address, date_registered, failed_pin_attempts, ussd_account_status)
|
INSERT INTO users (phone_number, blockchain_address, date_registered)
|
||||||
SELECT cic_ussd.account.phone_number, cic_ussd.account.blockchain_address, cic_ussd.account.created, cic_ussd.account.failed_pin_attempts, cic_ussd.account.status
|
SELECT cic_ussd.account.phone_number, cic_ussd.account.blockchain_address, cic_ussd.account.created
|
||||||
FROM cic_ussd.account WHERE cic_ussd.account.id > (SELECT id FROM current_ussd_cursor) ORDER BY cic_ussd.account.id ASC LIMIT 300;
|
FROM cic_ussd.account WHERE cic_ussd.account.id > (SELECT id FROM current_ussd_cursor) ORDER BY cic_ussd.account.id ASC LIMIT 300;
|
||||||
|
|
||||||
UPDATE cursors SET cursor_pos = (SELECT blockchain_address FROM users ORDER BY id DESC LIMIT 1) WHERE cursors.id = 1;
|
UPDATE cursors SET cursor_pos = (SELECT blockchain_address FROM users ORDER BY id DESC LIMIT 1) WHERE cursors.id = 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user