[OTE-132] new compliance logic for comlink address-related endpoints

[dydxwill]

Changelist

new compliance logic for comlink address-related endpoints

IF the address is in the compliance_status table and has the status CLOSE_ONLY, return data for the endpoint ELSE
IF the address has compliance_status of BLOCKED block access to the endpoint (return 403) ELSE
IF the origin country is restricted geography, block access to the endpoint (return 403) ELSE
return data for the endpoint

Test Plan

unit tested.

Author/Reviewer Checklist

• If this PR has changes that result in a different app state given the same prior state and transaction list, manually add the state-breaking label.
• If the PR has breaking postgres changes to the indexer add the indexer-postgres-breaking label.
• If this PR isn't state-breaking but has changes that modify behavior in PrepareProposal or ProcessProposal, manually add the label proposal-breaking.
• If this PR is one of many that implement a specific feature, manually label them all feature:[feature-name].
• If you wish to for mergify-bot to automatically create a PR to backport your change to a release branch, manually add the label backport/[branch-name].
• Manually add any of the following labels: refactor, chore, bug.

[coderabbitai]

Walkthrough

The updates focus on enhancing compliance checks within a financial application's communication layer, specifically targeting country restrictions based on user addresses. These changes involve integrating compliance-related entities, modifying functions to asynchronously retrieve and handle compliance statuses, and updating test cases to support these modifications. The modifications ensure that the application adheres to regulatory requirements by dynamically checking the user's location and making the necessary adjustments in both the implementation and testing environments.

Changes

File Path	Summary of Changes
.../comlink/__tests__/lib/restrict-countries.test.ts	- Added imports for testConstants and matchedData. - Implemented express-validator mocking. - Updated test cases for async compliance checks.
.../comlink/src/lib/restrict-countries.ts	- Added compliance-related imports. - Modified rejectRestrictedCountries to asynchronously handle compliance status based on user address.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between e8c3ab1 and c566833.

Files selected for processing (2)

• indexer/services/comlink/tests/lib/restrict-countries.test.ts (5 hunks)
• indexer/services/comlink/src/lib/restrict-countries.ts (2 hunks)

Additional comments: 2

indexer/services/comlink/__tests__/lib/restrict-countries.test.ts (2)

• 2-2: Ensure that testConstants is used in the test cases for consistency and maintainability.
• 7-7: The import of matchedData is correctly added to support mocking in the test cases.

[coderabbitai]

Consider removing unused imports if INDEXER_GEOBLOCKED_PAYLOAD is not utilized in this file.

[coderabbitai]

📝 NOTE
This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [22-57]

• Logging with console.log on line 39 should be removed or replaced with a more sophisticated logging mechanism that can be toggled for production environments.
• Ensure that the ComplianceStatusTable.findAll method on lines 40-44 properly handles errors, such as through a try-catch block, to avoid unhandled promise rejections.
• The use of readReplica: true on line 43 suggests read-only operations which is good for performance but ensure that the read replica is up-to-date to avoid stale data issues.

[coderabbitai]

📝 NOTE
This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [24-95]

• The initialization of matchedDataSpy and its usage in test cases is appropriate for mocking the return values of matchedData.
• Using await for rejectRestrictedCountries calls correctly handles the asynchronous nature of the function.
• Ensure that all possible paths and edge cases in rejectRestrictedCountries are covered by tests, including error handling scenarios and compliance status variations.

[coderabbitai]

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between c566833 and 149491d.

Files ignored due to path filters (1)

• indexer/services/comlink/package.json is excluded by: !**/*.json

Files selected for processing (12)

• indexer/services/comlink/tests/helpers/helpers.ts (2 hunks)
• indexer/services/comlink/tests/lib/compliance-and-geo-check.test.ts (1 hunks)
• indexer/services/comlink/src/controllers/api/v4/addresses-controller.ts (4 hunks)
• indexer/services/comlink/src/controllers/api/v4/asset-positions-controller.ts (3 hunks)
• indexer/services/comlink/src/controllers/api/v4/fills-controller.ts (3 hunks)
• indexer/services/comlink/src/controllers/api/v4/historical-block-trading-rewards-controller.ts (2 hunks)
• indexer/services/comlink/src/controllers/api/v4/historical-pnl-controller.ts (2 hunks)
• indexer/services/comlink/src/controllers/api/v4/historical-trading-reward-aggregations-controller.ts (2 hunks)
• indexer/services/comlink/src/controllers/api/v4/orders-controller.ts (4 hunks)
• indexer/services/comlink/src/controllers/api/v4/perpetual-positions-controller.ts (4 hunks)
• indexer/services/comlink/src/controllers/api/v4/transfers-controller.ts (2 hunks)
• indexer/services/comlink/src/lib/compliance-and-geo-check.ts (1 hunks)

Files skipped from review due to trivial changes (1)

• indexer/services/comlink/src/controllers/api/v4/historical-block-trading-rewards-controller.ts

Additional comments: 14

indexer/services/comlink/src/lib/compliance-and-geo-check.ts (3)

• 42-42: The destructuring assignment for address from matchedData(req) assumes address will always be present in the request. Ensure upstream validation or checks guarantee this, otherwise, handle potential undefined cases.
• 43-46: The use of findAll with { address: [address] } as a filter is correct, but ensure that the address variable is sanitized and validated before this point to prevent any potential SQL injection or query manipulation.
• 61-61: The call to isRestrictedCountryHeaders directly uses req.headers without any explicit validation or sanitization of the headers. Ensure that the headers used by isRestrictedCountryHeaders are validated or sanitized upstream.

indexer/services/comlink/__tests__/helpers/helpers.ts (1)

• 29-29: The addition of the headers parameter with a default value of an empty object is a good practice for flexibility in specifying request headers in tests.

indexer/services/comlink/src/controllers/api/v4/historical-trading-reward-aggregations-controller.ts (1)

• 18-23: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The removal of rejectRestrictedCountries middleware from the route configuration is aligned with the PR's objective to enhance compliance logic. Ensure that complianceAndGeoCheck middleware adequately covers the intended compliance checks.

indexer/services/comlink/src/controllers/api/v4/historical-pnl-controller.ts (1)

• 20-20: Replacing complianceCheck with complianceAndGeoCheck middleware is consistent with the PR's objective. Verify that complianceAndGeoCheck provides the necessary compliance validations for the historical PnL endpoint.

indexer/services/comlink/src/controllers/api/v4/transfers-controller.ts (1)

• 26-26: Replacing complianceCheck with complianceAndGeoCheck middleware aligns with the PR's objective. Ensure that complianceAndGeoCheck adequately covers compliance checks for the transfers endpoint.

indexer/services/comlink/src/controllers/api/v4/fills-controller.ts (1)

• 24-24: Replacing complianceCheck with complianceAndGeoCheck middleware is consistent with the PR's objective. Confirm that complianceAndGeoCheck provides the necessary compliance validations for the fills endpoint.

indexer/services/comlink/src/controllers/api/v4/asset-positions-controller.ts (1)

• 28-28: Replacing complianceCheck with complianceAndGeoCheck middleware aligns with the PR's objective. Verify that complianceAndGeoCheck adequately covers compliance checks for the asset positions endpoint.

indexer/services/comlink/src/controllers/api/v4/perpetual-positions-controller.ts (1)

• 32-32: Replacing complianceCheck with complianceAndGeoCheck middleware is consistent with the PR's objective. Ensure that complianceAndGeoCheck provides the necessary compliance validations for the perpetual positions endpoint.

indexer/services/comlink/__tests__/lib/compliance-and-geo-check.test.ts (1)

• 1-1: The test suite for complianceAndGeoCheck middleware is comprehensive, covering various scenarios. Ensure that all new logic paths introduced by complianceAndGeoCheck are adequately tested, including edge cases.

indexer/services/comlink/src/controllers/api/v4/addresses-controller.ts (1)

• 40-40: Replacing complianceCheck with complianceAndGeoCheck middleware in the AddressesController class for address and subaccount validation routes aligns with the PR's objective. Confirm that complianceAndGeoCheck adequately covers compliance checks for these routes.

indexer/services/comlink/src/controllers/api/v4/orders-controller.ts (2)

• 31-31: Ensure complianceAndGeoCheck is correctly implemented and tested, given its critical role in compliance and geographical checks.
• 225-225: Confirm that complianceAndGeoCheck middleware's integration does not introduce any unintended side effects, especially in terms of performance or error handling.

[coderabbitai]

Recommend adding extensive tests for complianceAndGeoCheck to cover various compliance scenarios, including edge cases and error handling.

Would you like assistance in generating these tests?

[coderabbitai]

Using await with req.set(headers) is unnecessary since set does not return a promise. Remove await to avoid confusion.

-    await req.set(headers);
+    req.set(headers);

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	if (Object.keys(headers).length) {
	await req.set(headers);
	}
	if (Object.keys(headers).length) {
	req.set(headers);
	}

[Christopher-Li]

nit: this seems legit

[coderabbitai]

@Christopher-Li: Great, I'm glad you find the suggestion helpful! If you haven't already, please go ahead and apply the change. If there's anything else you need, feel free to ask.

[dydxwill]

it returns a Promise.

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[linear]

OTE-132 implement new geoblocking logic for comlink address-related endpoints

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 149491d and 2c9183b.

Files selected for processing (2)

• indexer/services/comlink/tests/lib/compliance-and-geo-check.test.ts (1 hunks)
• indexer/services/comlink/src/lib/compliance-and-geo-check.ts (1 hunks)

Additional comments: 3

indexer/services/comlink/__tests__/lib/compliance-and-geo-check.test.ts (3)

• 24-25: Mocking of @dydxprotocol-indexer/compliance is done correctly. Ensure that all necessary functions from this package are mocked if they are used in the tests.
• 70-90: The setup and teardown methods are correctly implemented using beforeAll, beforeEach, afterAll, and afterEach hooks. Ensure that dbHelpers.migrate() and dbHelpers.teardown() are correctly implemented to handle database schema migrations and cleanup.

Verification successful

Given the lack of output from the initial scripts, it's necessary to broaden the search to ensure we're not missing any relevant information. Let's attempt a more general search for the usage or definition of dbHelpers.migrate and dbHelpers.teardown without specifying method parameters.

---

The search results confirm the widespread use of dbHelpers.migrate() and dbHelpers.teardown() across various test files, indicating their correct implementation for handling database schema migrations and cleanup as part of the testing setup and teardown process. This aligns with the review comment's verification requirement, suggesting that the setup and teardown methods are correctly implemented.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify the implementation of dbHelpers.migrate() and dbHelpers.teardown()
ast-grep --lang javascript --pattern $'dbHelpers.migrate($_)'
ast-grep --lang javascript --pattern $'dbHelpers.teardown($_)'

Length of output: 126

---

---

Script:

#!/bin/bash
# Broaden the search for dbHelpers.migrate and dbHelpers.teardown
rg "dbHelpers\.migrate"
rg "dbHelpers\.teardown"

Length of output: 14306

* 92-238: The test cases are well-structured and cover various scenarios, including no address in request, address not in database, address not blocked, and address blocked. However, ensure that the mock return values and expected statuses are correctly set up for each test case to accurately reflect the behavior of the `complianceAndGeoCheck` middleware.

[coderabbitai]

Consider grouping imports from the same package together to improve readability.

- import {
-   CountryHeaders,
-   isRestrictedCountryHeaders,
-   INDEXER_GEOBLOCKED_PAYLOAD,
-   INDEXER_COMPLIANCE_BLOCKED_PAYLOAD,
- } from '@dydxprotocol-indexer/compliance';
- import {
-   ComplianceStatus,
-   ComplianceStatusFromDatabase,
-   ComplianceStatusTable,
- } from '@dydxprotocol-indexer/postgres';
+ import { CountryHeaders, isRestrictedCountryHeaders, INDEXER_GEOBLOCKED_PAYLOAD, INDEXER_COMPLIANCE_BLOCKED_PAYLOAD } from '@dydxprotocol-indexer/compliance';
+ import { ComplianceStatus, ComplianceStatusFromDatabase, ComplianceStatusTable } from '@dydxprotocol-indexer/postgres';

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	import {
	CountryHeaders,
	isRestrictedCountryHeaders,
	INDEXER_GEOBLOCKED_PAYLOAD,
	INDEXER_COMPLIANCE_BLOCKED_PAYLOAD,
	} from '@dydxprotocol-indexer/compliance';
	import {
	ComplianceStatus,
	ComplianceStatusFromDatabase,
	ComplianceStatusTable,
	} from '@dydxprotocol-indexer/postgres';
	import express from 'express';
	import { matchedData } from 'express-validator';
	import { AddressRequest, BlockedCode } from '../types';
	import { create4xxResponse } from './helpers';
	import { getIpAddr, isIndexerIp } from './utils';
	import { CountryHeaders, isRestrictedCountryHeaders, INDEXER_GEOBLOCKED_PAYLOAD, INDEXER_COMPLIANCE_BLOCKED_PAYLOAD } from '@dydxprotocol-indexer/compliance';
	import { ComplianceStatus, ComplianceStatusFromDatabase, ComplianceStatusTable } from '@dydxprotocol-indexer/postgres';
	import express from 'express';
	import { matchedData } from 'express-validator';
	import { AddressRequest, BlockedCode } from '../types';
	import { create4xxResponse } from './helpers';
	import { getIpAddr, isIndexerIp } from './utils';

[coderabbitai]

Ensure proper error handling for the asynchronous call to ComplianceStatusTable.findAll. Consider wrapping it in a try-catch block to handle potential database connection issues or query failures.

+ try {
    const updatedStatus: ComplianceStatusFromDatabase[] = await ComplianceStatusTable.findAll(
      { address: [address] },
      [],
      { readReplica: true },
    );
+ } catch (error) {
+   return create4xxResponse(res, 'Error fetching compliance status', 500);
+ }

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	const { address }: AddressRequest = matchedData(req) as AddressRequest;
	if (address !== undefined) {
	const updatedStatus: ComplianceStatusFromDatabase[] = await ComplianceStatusTable.findAll(
	{ address: [address] },
	[],
	{ readReplica: true },
	);
	const { address }: AddressRequest = matchedData(req) as AddressRequest;
	if (address !== undefined) {
	try {
	const updatedStatus: ComplianceStatusFromDatabase[] = await ComplianceStatusTable.findAll(
	{ address: [address] },
	[],
	{ readReplica: true },
	);
	} catch (error) {
	return create4xxResponse(res, 'Error fetching compliance status', 500);
	}

[coderabbitai]

The use of isRestrictedCountryHeaders directly without validation of headers could lead to unexpected behavior if headers are malformed or missing. Consider adding validation for the expected headers before this check.

+ if (!req.headers || typeof req.headers['cf-ipcountry'] !== 'string') {
+   return create4xxResponse(res, 'Missing or invalid country header', 400);
+ }
  if (isRestrictedCountryHeaders(req.headers as CountryHeaders)) {
    return create4xxResponse(
      res,
      INDEXER_GEOBLOCKED_PAYLOAD,
      403,
      { code: BlockedCode.GEOBLOCKED },
    );
  }

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	if (isRestrictedCountryHeaders(req.headers as CountryHeaders)) {
	return create4xxResponse(
	res,
	INDEXER_GEOBLOCKED_PAYLOAD,
	403,
	{ code: BlockedCode.GEOBLOCKED },
	);
	}
	if (!req.headers || typeof req.headers['cf-ipcountry'] !== 'string') {
	return create4xxResponse(res, 'Missing or invalid country header', 400);
	}
	if (isRestrictedCountryHeaders(req.headers as CountryHeaders)) {
	return create4xxResponse(
	res,
	INDEXER_GEOBLOCKED_PAYLOAD,
	403,
	{ code: BlockedCode.GEOBLOCKED },
	);
	}