add: verification of web3 user email on server (#59)

.env.dev

@@ -23,3 +23,4 @@ SKIP_EMAIL_VERIFICATION=true
 SKIP_FACE_RECO=false
 ALLOW_FACE_RECO_DUPS=true
 ROLLBAR_TOKEN=
+WEB3_SITE_URL=https://w3.gooddollar.org

.env.example

@@ -37,4 +37,5 @@ SKIP_EMAIL_VERIFICATION=true
 SKIP_FACE_RECO=false
 ALLOW_FACE_RECO_DUPS=false
 ## Token for rollbar logging service
-ROLLBAR_TOKEN=
+ROLLBAR_TOKEN=
+WEB3_SITE_URL=https://w3.gooddollar.org

.env.test

@@ -20,7 +20,7 @@ FACE_RECO_SERVER1=https://good-face-reco.herokuapp.com
 FACE_RECO_SERVER=http://localhost:3002
 ZOOM_API_URL=https://api.zoomauth.com/api/v1/biometrics
 ZOOM_TOKEN=dmm5F80v71kkNcm3inG3DcAUadIlE5K4
-ZOOM_MIN_MATCH_LEVEL=1 
+ZOOM_MIN_MATCH_LEVEL=1
 MAUTIC_URL=https://go.gooddollar.org/api
 MAUTIC_TOKEN=NjdlZmE4NmEwNjA3OTBiNTQ1ZmVjMDEyMzgxZjkxYTQyZDc4N2M5MThiOTFjN2Q0Y2U5ODhjNjU1NzNhYTU4ZA
 SKIP_EMAIL_VERIFICATION=true
@@ -29,3 +29,4 @@ SKIP_FACE_RECO=false
 ALLOW_FACE_RECO_DUPS=false
 NEW_RELIC_LICENSE_KEY=ab380edbf4e6210529f4aa2513445e7f75672594
 JWT_PASS=G00DDAPP
+WEB3_SITE_URL=https://w3.gooddollar.org

src/server/server.config.js

@@ -265,6 +265,12 @@ const conf = convict({
     format: '*',
     env: 'ROLLBAR_TOKEN',
     default: undefined
+  },
+  web3SiteUrl: {
+    doc: 'Web3 site url',
+    format: '*',
+    env: 'WEB3_SITE_URL',
+    default: undefined
   }
 })
 

src/server/verification/verificationAPI.js

@@ -3,6 +3,7 @@ import { Router } from 'express'
 import passport from 'passport'
 import _ from 'lodash'
 import multer from 'multer'
+import crossFetch from 'cross-fetch'
 import type { LoggedUser, StorageAPI, UserRecord, VerificationAPI } from '../../imports/types'
 import AdminWallet from '../blockchain/AdminWallet'
 import { onlyInEnv, wrapAsync } from '../utils/helpers'
@@ -282,6 +283,63 @@ const setup = (app: Router, verifier: VerificationAPI, storage: StorageAPI) => {
       res.json({ ok: 1, attestation: signedEmail })
     })
   )
+
+  /**
+   * @api {get} /verify/w3/email Verify email to be equal with email provided by token from web3
+   * @apiName Web3 Email Verify
+   * @apiGroup Verification
+   *
+   * @apiParam {String} email
+   * @apiParam {String} token
+   *
+   * @apiSuccess {Number} ok
+   * @ignore
+   */
+  app.post(
+    '/verify/w3/email',
+    passport.authenticate('jwt', { session: false }),
+    wrapAsync(async (req, res, next) => {
+      const log = req.log.child({ from: 'verificationAPI - verify/w3/email' })
+
+      const { body } = req
+      const email: string = body.email
+      const token: string = body.token
+
+      log.debug('received email, web3 token', email, token)
+
+      let _w3User
+
+      try {
+        _w3User = await crossFetch(`${conf.web3SiteUrl}/api/wl/user`, {
+          method: 'GET',
+          headers: {
+            Authorization: token
+          }
+        }).then(res => res.json())
+      } catch (e) {}
+
+      let status = 422
+      const responsePayload = {
+        ok: -1,
+        message: 'Invalid web3 token'
+      }
+
+      if (_w3User) {
+        const w3User = _w3User.data
+
+        if (w3User.email === email) {
+          responsePayload.ok = 1
+          delete responsePayload.message
+
+          status = 200
+        } else {
+          responsePayload.message = 'Wrong email used'
+        }
+      }
+
+      res.status(status).json(responsePayload)
+    })
+  )
 }
 
 export default setup