✨ Use authcore idtoken for email verification

likecoin · Jul 23, 2024 · f40fca2 · f40fca2
1 parent 9e683b0
commit f40fca2
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 13 deletions.
diff --git a/functions/.env.civic-liker b/functions/.env.civic-liker
@@ -16,3 +16,7 @@ ARWEAVE_ENDPOINT=https://arweave.net
 IPFS_VIEW_GATEWAY_URL=https://ipfs.io/ipfs
 AIRTABLE_CMS_BASE_ID=appdrA6ruqhPRRFQj
 AIRTABLE_CMS_TABLE_ID=tblYTTj9AkyKAi8Md
+AUTHCORE_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEErdiPZuoZVaPr/iKOquepAtnGrAI
+q3wuANrwUjyvFJeOztAbPKAc+CjP+jJZ4UjEQl/PoIwZZDgOWMeYe0pO6Q==
+-----END PUBLIC KEY-----"
diff --git a/functions/.env.civic-liker-develop b/functions/.env.civic-liker-develop
@@ -17,3 +17,7 @@ ARWEAVE_ENDPOINT=https://arweave.net
 IPFS_VIEW_GATEWAY_URL=https://ipfs.io/ipfs
 AIRTABLE_CMS_BASE_ID=appFqs8fP9s6ufPEr
 AIRTABLE_CMS_TABLE_ID=tblv1oj3gGQJFlRaw
+AUTHCORE_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKY6MShC7UrSkekyczKKvZQXuxFKD
+Rd0DEgV6r9XeDAZoYPPTvgx3oNBTatFJjSOJ/qRrBbqvbZDiPOLpJ7vlaQ==
+-----END PUBLIC KEY-----"
diff --git a/functions/api/config/config.js b/functions/api/config/config.js
@@ -26,4 +26,6 @@ config.AIRTABLE_API_SECRET = process.env.AIRTABLE_API_SECRET;
 config.AIRTABLE_CMS_BASE_ID = process.env.AIRTABLE_CMS_BASE_ID;
 config.AIRTABLE_CMS_TABLE_ID = process.env.AIRTABLE_CMS_TABLE_ID;
 
+config.AUTHCORE_PUBLIC_KEY = process.env.AUTHCORE_PUBLIC_KEY;
+
 module.exports = config;
diff --git a/src/pages/auth/redirect.vue b/src/pages/auth/redirect.vue
@@ -26,7 +26,7 @@ export default {
     const { error, method, code } = this.$route.query;
     if (method && code) {
       try {
-        const { user } = await this.handleConnectorRedirect({
+        const { user, idToken } = await this.handleConnectorRedirect({
           method,
           params: { code },
         });
@@ -39,6 +39,7 @@ export default {
             await this.walletUpdateEmail({
               email: user?.primary_email,
               verify: user?.primary_email_verified,
+              authcoreIdToken: idToken,
             });
           } catch (error) {
             console.error(error);

diff --git a/src/server/api/routes/users/v2/email.js b/src/server/api/routes/users/v2/email.js
@@ -1,6 +1,7 @@
 // eslint-disable-next-line import/no-extraneous-dependencies
 const querystring = require('querystring');
 const { Router } = require('express');
+const jwt = require('jsonwebtoken');
 const { v4: uuidv4 } = require('uuid');
 const { getBasicV2Template } = require('@likecoin/edm');
 const {
@@ -17,7 +18,10 @@ const { isValidFollowee } = require('../../../util/cosmos');
 const {
   VERIFICATION_EMAIL_RESEND_COOLDOWN_IN_MS,
 } = require('../../../constant');
-const { EXTERNAL_URL } = require('../../../../config/config');
+const {
+  EXTERNAL_URL,
+  AUTHCORE_PUBLIC_KEY,
+} = require('../../../../config/config');
 
 const router = Router();
 
@@ -32,10 +36,22 @@ router.post('/email', authenticateV2Login, async (req, res, next) => {
       claiming_token: claimingToken,
       verify = '1',
     } = req.query;
+    const { authcoreIdToken } = req.body;
     if (!email) {
       res.status(400).send('MISSING_EMAIL');
       return;
     }
+    let isVerified = false;
+    if (authcoreIdToken && AUTHCORE_PUBLIC_KEY) {
+      const payload = jwt.verify(authcoreIdToken, AUTHCORE_PUBLIC_KEY);
+      const {
+        email: authcoreEmail,
+        email_verified: authcoreEmailVerified,
+      } = payload;
+      if (email === authcoreEmail && authcoreEmailVerified) {
+        isVerified = true;
+      }
+    }
     const token = uuidv4();
     await db.runTransaction(async t => {
       const userRef = walletUserCollection.doc(user);
@@ -51,6 +67,7 @@ router.post('/email', authenticateV2Login, async (req, res, next) => {
       }
       const { emailUnconfirmed, emailLastUpdatedTs } = userDoc.data();
       if (
+        !isVerified &&
         emailUnconfirmed === email &&
         emailLastUpdatedTs &&
         Date.now() - emailLastUpdatedTs.toMillis() <
@@ -59,11 +76,24 @@ router.post('/email', authenticateV2Login, async (req, res, next) => {
         throw new Error('EMAIL_UPDATE_IN_COOLDOWN');
       }
 
-      await t.update(userRef, {
-        emailUnconfirmed: email,
-        emailVerifyToken: token,
-        emailLastUpdatedTs: FieldValue.serverTimestamp(),
-      });
+      await t.update(
+        userRef,
+        isVerified
+          ? {
+              email,
+              emailUnconfirmed: FieldValue.delete(),
+              emailVerifyToken: FieldValue.delete(),
+              notification: {
+                transfer: true,
+                purchasePrice: 0,
+              },
+            }
+          : {
+              emailUnconfirmed: email,
+              emailVerifyToken: token,
+              emailLastUpdatedTs: FieldValue.serverTimestamp(),
+            }
+      );
     });
     const qsPayload = { wallet: user };
     if (isValidFollowee(user, followee)) {
@@ -76,7 +106,7 @@ router.post('/email', authenticateV2Login, async (req, res, next) => {
     }
     // We would set verify to 0 if authcore email is not verified
     // to prevent spamming user with verification email
-    const shouldSendVerificationEmail = verify !== '0';
+    const shouldSendVerificationEmail = !isVerified && verify !== '0';
     if (shouldSendVerificationEmail) {
       const verificationURL = `${EXTERNAL_URL}/settings/email/verify/${token}?${querystring.stringify(
         qsPayload
@@ -93,7 +123,7 @@ router.post('/email', authenticateV2Login, async (req, res, next) => {
         html: body,
       });
     }
-    res.sendStatus(200);
+    res.json({ email, isVerified });
   } catch (error) {
     switch (error.message) {
       case 'EMAIL_ALREADY_BEEN_USED_BY_OTHER_USER':

diff --git a/src/server/config/config.js b/src/server/config/config.js
@@ -29,4 +29,6 @@ config.AIRTABLE_API_SECRET = process.env.AIRTABLE_API_SECRET;
 config.AIRTABLE_CMS_BASE_ID = process.env.AIRTABLE_CMS_BASE_ID;
 config.AIRTABLE_CMS_TABLE_ID = process.env.AIRTABLE_CMS_TABLE_ID;
 
+config.AUTHCORE_PUBLIC_KEY = process.env.AUTHCORE_PUBLIC_KEY;
+
 module.exports = config;
diff --git a/src/store/modules/wallet.js b/src/store/modules/wallet.js
@@ -964,20 +964,38 @@ const actions = {
   },
   async walletUpdateEmail(
     { commit },
-    { email, verify = true, followee, classId, paymentId, claimingToken }
+    {
+      authcoreIdToken,
+      email,
+      verify = true,
+      followee,
+      classId,
+      paymentId,
+      claimingToken,
+    }
   ) {
     try {
-      await this.$api.$post(
+      const data = await this.$api.$post(
         postUserV2WalletEmail({
           email,
           followee,
           classId,
           paymentId,
           claimingToken,
           verify,
-        })
+        }),
+        {
+          authcoreIdToken,
+        }
       );
-      commit(WALLET_SET_USER_INFO, { emailUnconfirmed: email });
+      const payload = {};
+      if (data.isVerified) {
+        payload.email = email;
+        payload.emailUnconfirmed = '';
+      } else {
+        payload.emailUnconfirmed = email;
+      }
+      commit(WALLET_SET_USER_INFO, payload);
     } catch (error) {
       // eslint-disable-next-line no-console
       console.error(error);