revert allowing everyone to sign up for cards

interledger · Jan 9, 2025 · b440c53 · b440c53
1 parent e10e684
commit b440c53
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 14 deletions.
diff --git a/packages/wallet/backend/src/auth/service.ts b/packages/wallet/backend/src/auth/service.ts
@@ -7,6 +7,7 @@ import { getRandomToken, hashToken } from '@/utils/helpers'
 import { EmailService } from '@/email/service'
 import { Logger } from 'winston'
 import { Unauthorized, NotVerified, BadRequest } from '@shared/backend'
+import { GateHubClient } from '@/gatehub/client'
 
 interface resendVerifyEmailArgs {
   email: string
@@ -34,6 +35,7 @@ export class AuthService implements IAuthService {
   constructor(
     private userService: UserService,
     private emailService: EmailService,
+    private gateHubClient: GateHubClient,
     private logger: Logger,
     private env: Env
   ) {}
@@ -50,6 +52,15 @@ export class AuthService implements IAuthService {
       this.env.NODE_ENV === 'production' &&
       this.env.GATEHUB_ENV === 'production'
     ) {
+      const existingManagedUsers = await this.gateHubClient.getManagedUsers()
+      const gateHubUser = existingManagedUsers.find(
+        (user) => user.email === email
+      )
+
+      if (!gateHubUser) {
+        throw new Error('You are not allowed to sign up.')
+      }
+
       if (!acceptedCardTerms) {
         throw new BadRequest(
           'Additional terms and condition should be accepted'

diff --git a/packages/wallet/backend/src/card/controller.ts b/packages/wallet/backend/src/card/controller.ts
@@ -1,5 +1,10 @@
 import { Request, Response, NextFunction } from 'express'
-import { BadRequest, Controller, NotFound } from '@shared/backend'
+import {
+  BadRequest,
+  Controller,
+  InternalServerError,
+  NotFound
+} from '@shared/backend'
 import { CardService } from '@/card/service'
 import { toSuccessResponse } from '@shared/backend'
 import {
@@ -24,6 +29,7 @@ import {
   getTokenForPinChange
 } from './validation'
 import { UserService } from '@/user/service'
+import { Logger } from 'winston'
 
 export interface ICardController {
   getCardsByCustomer: Controller<ICardResponse[]>
@@ -41,7 +47,8 @@ export interface ICardController {
 export class CardController implements ICardController {
   constructor(
     private cardService: CardService,
-    private userService: UserService
+    private userService: UserService,
+    private logger: Logger
   ) {}
 
   public getCardsByCustomer = async (
@@ -53,8 +60,10 @@ export class CardController implements ICardController {
       const customerId = req.session.user.customerId
 
       if (!customerId) {
-        res.status(200).json(toSuccessResponse([]))
-        return
+        this.logger.error(
+          `Customer id was not found on session object for user ${req.session.user.id}`
+        )
+        throw new InternalServerError()
       }
 
       const cards = await this.cardService.getCardsByCustomer(

diff --git a/packages/wallet/backend/src/gatehub/service.ts b/packages/wallet/backend/src/gatehub/service.ts
@@ -367,14 +367,14 @@ export class GateHubService {
     userId: string,
     userEmail: string,
     walletAddressPublicName: string
-  ): Promise<string | undefined> {
+  ): Promise<string> {
     const existingManagedUsers = await this.gateHubClient.getManagedUsers()
     // Managed user will always be found here since this check is also performed on sign up
     const gateHubUser = existingManagedUsers.find(
       (gateHubUser) => gateHubUser.email === userEmail
     )
     if (!gateHubUser) {
-      return
+      throw new Error(`GateHub user with email ${userEmail} not found`)
     }
 
     const customerId = gateHubUser.meta.meta.customerId

diff --git a/packages/wallet/backend/src/user/service.ts b/packages/wallet/backend/src/user/service.ts
@@ -138,7 +138,12 @@ export class UserService implements IUserService {
       )
 
       if (!gateHubUser) {
-        gateHubUser = await this.gateHubClient.createManagedUser(user.email)
+        // This shouldn't really happen when GATEHUB_ENV=production because we
+        // already created all managed users.
+        this.logger.error(
+          `Could not find GateHub managed user with email: ${user.email})`
+        )
+        throw new Error('Could not find GateHub managed user')
       }
     } else {
       gateHubUser = await this.gateHubClient.createManagedUser(user.email)

diff --git a/packages/wallet/backend/tests/cards/controller.test.ts b/packages/wallet/backend/tests/cards/controller.test.ts
@@ -5,7 +5,7 @@ import {
   MockResponse
 } from 'node-mocks-http'
 import { CardController } from '@/card/controller'
-import { BadRequest } from '@shared/backend'
+import { BadRequest, InternalServerError } from '@shared/backend'
 import {
   ICardDetailsResponse,
   ICardLimitRequest,
@@ -153,12 +153,10 @@ describe('CardController', () => {
         })
       })
 
-      expect(res.statusCode).toBe(200)
-      expect(res._getJSONData()).toEqual({
-        success: true,
-        message: 'SUCCESS',
-        result: []
-      })
+      expect(next).toHaveBeenCalled()
+      const error = next.mock.calls[0][0]
+      expect(error).toBeInstanceOf(InternalServerError)
+      expect(res.statusCode).toBe(500)
     })
   })