Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various API Fixes #1538

Merged
merged 12 commits into from
Sep 13, 2023
Merged

Various API Fixes #1538

merged 12 commits into from
Sep 13, 2023

Conversation

0xemc
Copy link
Collaborator

@0xemc 0xemc commented Sep 11, 2023
edited
Loading

Description
This PR refines the user registration and update process in the Carbonmark API. It adds checks for JWT_SECRET, improves error messages and adds pattern validation for user handles.

Changes

  • Added JWT_SECRET environment variable check
  • Improved error messages for user registration
  • Added pattern validation for user handles
  • Added tests for user creation and update endpoints
  • Updated Firebase admin import
  • Added ability to disable authentication during testing

@0xemc 0xemc had a problem deploying to Preview – carbonmark-api September 11, 2023 22:24 — with GitHub Actions Failure
@vercel
Copy link

vercel bot commented Sep 11, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
carbonmark ✅ Ready (Inspect) Visit Preview Sep 13, 2023 10:41pm
carbonmark-api ✅ Ready (Inspect) Visit Preview Sep 13, 2023 10:41pm
demo-integration ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 13, 2023 10:41pm
klimadao-app ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 13, 2023 10:41pm
klimadao-site ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 13, 2023 10:41pm
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
carbonmark-data ⬜️ Ignored (Inspect) Visit Preview Sep 13, 2023 10:41pm

Atmosfearful
Atmosfearful requested changes Sep 11, 2023
View reviewed changes
carbonmark-api/src/plugins/bearer.ts Outdated Show resolved Hide resolved
carbonmark-api/test/routes/users/create.test.ts Outdated Show resolved Hide resolved
carbonmark-api/src/plugins/bearer.ts Show resolved Hide resolved
@0xemc 0xemc had a problem deploying to Preview – carbonmark-api September 11, 2023 22:43 — with GitHub Actions Failure
@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 12, 2023 02:21 — with GitHub Actions Inactive
sprrwhwk
sprrwhwk reviewed Sep 12, 2023
View reviewed changes
carbonmark-api/src/routes/users/create.ts Outdated
Comment on lines 85 to 105
if (user.exists) {
return reply.code(403).send({
code: 403,
error: "This user is already registered!",
error: "This wallet address is already registered!",
});
}

// Check if the handle already exists in our database
const usersRef = fastify.firebase.firestore().collection("users");

const userSnapshot = await usersRef
.where("handle", "==", handle.toLowerCase())
.limit(1)
.get();
// If no documents are found, return a 404 error

if (!userSnapshot.empty) {
return reply.code(403).send({
code: 403,
error: "This user is already registered!",
error: "A user with this handle is already registered!",
});
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find these checks a little confusing:

  • user.exists == true => wallet already registered
  • !userSnapshot.empty == true => user with this handle is already registered

Especially since the former checks explicitly if user.exists

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see why, in the first case we're confirming that no Document in firebase exists with that wallet (this is the primary key).

In the second we want to make sure that no one is creating a new account with a new address (primary key) but using a handle that someone else has already set on their Document.

Does that make sense?

@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 12, 2023 19:46 — with GitHub Actions Inactive
@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 12, 2023 19:47 — with GitHub Actions Inactive
@0xemc 0xemc requested a review from sprrwhwk September 12, 2023 19:51
@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 13, 2023 06:42 — with GitHub Actions Inactive
@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 13, 2023 21:47 — with GitHub Actions Inactive
Atmosfearful
Atmosfearful requested changes Sep 13, 2023
View reviewed changes
carbonmark-api/src/routes/users/post.ts Outdated
.firestore()
.collection("users")
.doc(wallet.toUpperCase())
.set(createData);

// If the document is successfully created, return the request body
return reply.send(request.body);
return reply.send(document);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a document it is actually a WriteResult interface. Don't think we want to return that.

it may make more sense to return createData rather than request.body however that is out of scope for this PR

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, reverted to request body for now

carbonmark-api/src/routes/users/put.ts Outdated
@@ -21,6 +21,19 @@ const handler = (fastify: FastifyInstance) =>
profileImgUrl && profileImgUrl.length ? profileImgUrl : null,
};

// Check if the handle already exists in our database
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we only want to do this for POST (new user creation). PUT is for edits, this will incorrectly throw for all edits because the handle already exists.

Actually this draws my attention to an existing mistake in this PUT endpoint-- we shouldn't pass handle to firestore.update()-- the original requirement was to not support handle changes after profile creation

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough, updated and removed handle.

@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 13, 2023 22:27 — with GitHub Actions Inactive
@0xemc 0xemc temporarily deployed to Preview – carbonmark-api September 13, 2023 22:29 — with GitHub Actions Inactive
@Atmosfearful Atmosfearful merged commit 3751d80 into staging Sep 13, 2023
10 checks passed
@Atmosfearful Atmosfearful deleted the emc/fix/various-fixes branch September 13, 2023 23:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Atmosfearful Atmosfearful Atmosfearful approved these changes

@sprrwhwk sprrwhwk Awaiting requested review from sprrwhwk

Assignees
No one assigned
Labels
None yet
Projects
Sprint Planning
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@0xemc @Atmosfearful @sprrwhwk