diff --git a/.env.dev b/.env.dev index af3c5550..a2fc6597 100644 --- a/.env.dev +++ b/.env.dev @@ -23,3 +23,4 @@ SKIP_EMAIL_VERIFICATION=true SKIP_FACE_RECO=false ALLOW_FACE_RECO_DUPS=true ROLLBAR_TOKEN= +WEB3_SITE_URL=https://w3.gooddollar.org diff --git a/.env.example b/.env.example index 23b52509..a42e9ea9 100644 --- a/.env.example +++ b/.env.example @@ -37,4 +37,5 @@ SKIP_EMAIL_VERIFICATION=true SKIP_FACE_RECO=false ALLOW_FACE_RECO_DUPS=false ## Token for rollbar logging service -ROLLBAR_TOKEN= \ No newline at end of file +ROLLBAR_TOKEN= +WEB3_SITE_URL=https://w3.gooddollar.org diff --git a/.env.test b/.env.test index 7210491d..ae71aee8 100644 --- a/.env.test +++ b/.env.test @@ -20,7 +20,7 @@ FACE_RECO_SERVER1=https://good-face-reco.herokuapp.com FACE_RECO_SERVER=http://localhost:3002 ZOOM_API_URL=https://api.zoomauth.com/api/v1/biometrics ZOOM_TOKEN=dmm5F80v71kkNcm3inG3DcAUadIlE5K4 -ZOOM_MIN_MATCH_LEVEL=1 +ZOOM_MIN_MATCH_LEVEL=1 MAUTIC_URL=https://go.gooddollar.org/api MAUTIC_TOKEN=NjdlZmE4NmEwNjA3OTBiNTQ1ZmVjMDEyMzgxZjkxYTQyZDc4N2M5MThiOTFjN2Q0Y2U5ODhjNjU1NzNhYTU4ZA SKIP_EMAIL_VERIFICATION=true @@ -29,3 +29,4 @@ SKIP_FACE_RECO=false ALLOW_FACE_RECO_DUPS=false NEW_RELIC_LICENSE_KEY=ab380edbf4e6210529f4aa2513445e7f75672594 JWT_PASS=G00DDAPP +WEB3_SITE_URL=https://w3.gooddollar.org diff --git a/src/server/server.config.js b/src/server/server.config.js index 8eb855b3..7501ad4f 100644 --- a/src/server/server.config.js +++ b/src/server/server.config.js @@ -265,6 +265,12 @@ const conf = convict({ format: '*', env: 'ROLLBAR_TOKEN', default: undefined + }, + web3SiteUrl: { + doc: 'Web3 site url', + format: '*', + env: 'WEB3_SITE_URL', + default: undefined } }) diff --git a/src/server/verification/verificationAPI.js b/src/server/verification/verificationAPI.js index b56dddb9..0891db7c 100644 --- a/src/server/verification/verificationAPI.js +++ b/src/server/verification/verificationAPI.js @@ -3,6 +3,7 @@ import { Router } from 'express' import passport from 'passport' import _ from 'lodash' import multer from 'multer' +import crossFetch from 'cross-fetch' import type { LoggedUser, StorageAPI, UserRecord, VerificationAPI } from '../../imports/types' import AdminWallet from '../blockchain/AdminWallet' import { onlyInEnv, wrapAsync } from '../utils/helpers' @@ -282,6 +283,63 @@ const setup = (app: Router, verifier: VerificationAPI, storage: StorageAPI) => { res.json({ ok: 1, attestation: signedEmail }) }) ) + + /** + * @api {get} /verify/w3/email Verify email to be equal with email provided by token from web3 + * @apiName Web3 Email Verify + * @apiGroup Verification + * + * @apiParam {String} email + * @apiParam {String} token + * + * @apiSuccess {Number} ok + * @ignore + */ + app.post( + '/verify/w3/email', + passport.authenticate('jwt', { session: false }), + wrapAsync(async (req, res, next) => { + const log = req.log.child({ from: 'verificationAPI - verify/w3/email' }) + + const { body } = req + const email: string = body.email + const token: string = body.token + + log.debug('received email, web3 token', email, token) + + let _w3User + + try { + _w3User = await crossFetch(`${conf.web3SiteUrl}/api/wl/user`, { + method: 'GET', + headers: { + Authorization: token + } + }).then(res => res.json()) + } catch (e) {} + + let status = 422 + const responsePayload = { + ok: -1, + message: 'Invalid web3 token' + } + + if (_w3User) { + const w3User = _w3User.data + + if (w3User.email === email) { + responsePayload.ok = 1 + delete responsePayload.message + + status = 200 + } else { + responsePayload.message = 'Wrong email used' + } + } + + res.status(status).json(responsePayload) + }) + ) } export default setup