@moneypot/hub 1.2.7 → 1.3.0-dev.10

package/dist/src/pg-versions/005-hash-chain.sql

@@ -0,0 +1,84 @@
+CREATE TABLE hub.hash_chain (
+  id            uuid PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
+  user_id       uuid NOT NULL REFERENCES hub.user(id),
+  experience_id uuid NOT NULL REFERENCES hub.experience(id),
+  casino_id     uuid NOT NULL REFERENCES hub.casino(id),
+  client_seed   text NOT NULL,
+  active        boolean NOT NULL,
+
+  max_iteration int NOT NULL check (max_iteration > 0),
+  current_iteration int NOT NULL check (current_iteration between 0 and max_iteration)
+);
+
+-- TODO: Should probably index current_iteration
+-- CREATE INDEX hash_chain_current_iteration_idx ON hub.hash_chain(current_iteration);
+
+CREATE INDEX hash_chain_user_id_idx ON hub.hash_chain(user_id);
+CREATE INDEX hash_chain_experience_id_idx ON hub.hash_chain(experience_id);
+CREATE INDEX hash_chain_casino_id_idx ON hub.hash_chain(casino_id);
+
+-- Ensure only one active hash_chain per user per experience per casino
+CREATE UNIQUE INDEX active_hash_chain_idx
+  ON hub.hash_chain (user_id, experience_id, casino_id)
+  WHERE active = true;
+
+CREATE TYPE hub.hash_kind AS ENUM (
+  'TERMINAL', -- max iteration hash (e.g. iteration 1000)
+  'INTERMEDIATE', -- intermediate hash (e.g. iteration 1-999)
+  'PREIMAGE' -- preimage hash (always iteration 0)
+);
+
+-- this is the base table for all bets events
+CREATE TABLE hub.hash (
+  id            uuid PRIMARY KEY DEFAULT hub_hidden.uuid_generate_v7(),
+  kind          hub.hash_kind NOT NULL,
+  hash_chain_id uuid NOT NULL REFERENCES hub.hash_chain(id),
+  iteration     int NOT NULL check (iteration >= 0),    -- which Nth value from the hash chain it is
+  digest        bytea NOT NULL,   -- the actual hash we got from hash chain server
+  metadata      jsonb NOT NULL DEFAULT '{}' -- operator can store game-specific tags
+);
+
+CREATE INDEX hash_hash_chain_id_idx ON hub.hash(hash_chain_id);
+
+-- Ensure iterations are unique per hash_chain to avoid dupe mistakes
+CREATE UNIQUE INDEX hash_hash_chain_id_iteration_idx ON hub.hash(hash_chain_id, iteration);
+
+-- Ensure a hash_chain only has of each end-type hash
+CREATE UNIQUE INDEX hash_chain_terminal_hash_idx ON hub.hash (hash_chain_id)
+  WHERE kind = 'TERMINAL';
+CREATE UNIQUE INDEX hash_chain_preimage_hash_idx ON hub.hash (hash_chain_id)
+  WHERE kind = 'PREIMAGE';
+
+-- GRANTS
+
+GRANT SELECT ON TABLE hub.hash_chain TO app_postgraphile;
+GRANT SELECT ON TABLE hub.hash TO app_postgraphile;
+
+-- RLS
+ALTER TABLE hub.hash_chain ENABLE ROW LEVEL SECURITY;
+ALTER TABLE hub.hash ENABLE ROW LEVEL SECURITY;
+
+CREATE POLICY select_hash_chain ON hub.hash_chain FOR SELECT USING (
+  -- Operator can see all rows
+  hub_hidden.is_operator() OR
+  -- User can see their own rows
+  (
+    user_id = hub_hidden.current_user_id() AND
+    experience_id = hub_hidden.current_experience_id() AND
+    casino_id = hub_hidden.current_casino_id()
+  )
+);
+
+CREATE POLICY select_hash ON hub.hash FOR SELECT USING (
+  -- Operator can see all rows
+  hub_hidden.is_operator() OR
+  -- User can see their own rows by checking the associated hash_chain
+  EXISTS (
+    SELECT 1 
+    FROM hub.hash_chain 
+    WHERE hub.hash_chain.id = hub.hash.hash_chain_id
+      AND hub.hash_chain.user_id = hub_hidden.current_user_id()
+      AND hub.hash_chain.experience_id = hub_hidden.current_experience_id()
+      AND hub.hash_chain.casino_id = hub_hidden.current_casino_id()
+  )
+);

package/dist/src/pg-versions/006-outcome-bet.sql

@@ -0,0 +1,63 @@
+drop table if exists hub.outcome_bet cascade;
+drop type if exists hub.outcome cascade;
+
+create type hub.outcome as (
+    weight float,
+    profit float
+);
+
+create table hub.outcome_bet (
+    id           uuid primary key default hub_hidden.uuid_generate_v7(),
+
+    -- Operator-given kind like "WHEEL", "PLINKO", 
+    -- Probably not worth using a postgres enum here since they are not flexible.
+    kind         text not null,
+
+    user_id       uuid not null references hub.user(id),
+    experience_id uuid not null references hub.experience(id),
+    casino_id     uuid not null references hub.casino(id),
+
+    -- provably fair hash chain
+    hash_chain_id uuid not null references hub.hash_chain(id),
+
+    currency_key text not null,
+    wager        float not null,
+
+    -- -1 = lose wager, -2 = lose 2x wager
+    -- 0.5 = 1.5x wager, 1 = 2x wager
+    -- In other words, a multiplier in a game might say "2.5x", 
+    -- but the profit is multiplier-1 = 1.5 profit
+    profit       float not null,
+
+    -- null when no outcomes saved
+    outcome_idx  smallint null check (outcome_idx between 0 and array_length(outcomes,1)-1),
+    outcomes     hub.outcome[] not null default '{}',
+
+    -- Operator-provided data per bet
+    metadata     jsonb not null default '{}',
+
+    foreign key (currency_key, casino_id) references hub.currency(key, casino_id)
+);
+
+create index outcome_bet_user_id_idx on hub.outcome_bet(user_id);
+create index outcome_bet_experience_id_idx on hub.outcome_bet(experience_id);
+create index outcome_bet_casino_id_idx on hub.outcome_bet(casino_id);
+create index outcome_bet_kind_idx on hub.outcome_bet(kind);
+create index outcome_bet_hash_chain_id_idx on hub.outcome_bet(hash_chain_id);
+
+-- GRANT
+
+grant select on hub.outcome_bet to app_postgraphile;
+
+-- RLS
+
+alter table hub.outcome_bet enable row level security;
+
+create policy select_outcome_bet on hub.outcome_bet for select using (
+    hub_hidden.is_operator() or
+    (
+        user_id = hub_hidden.current_user_id() and
+        experience_id = hub_hidden.current_experience_id() and
+        casino_id = hub_hidden.current_casino_id()
+    )
+);

package/dist/src/plugins/hub-authenticate.js

@@ -1,6 +1,6 @@
 import { GraphQLError } from "graphql";
 import { gql, makeExtendSchemaPlugin } from "postgraphile/utils";
-import { assert, is } from "tsafe";
+import { assert } from "tsafe";
 import { GET_USER_FROM_USER_TOKEN } from "../graphql-queries.js";
 import { exactlyOneRow, maybeOneRow } from "../db/util.js";
 import { createGraphqlClient } from "../graphql-client.js";
@@ -9,6 +9,18 @@ import { superuserPool, withPgPoolTransaction, } from "../db/index.js";
 import { logger } from "../logger.js";
 import * as jwtService from "../services/jwt-service.js";
 import { extractGraphQLErrorInfo, isGraphQLError } from "../GraphQLError.js";
+import { z } from "zod";
+const BaseUrlSchema = z
+    .string()
+    .refine((val) => URL.canParse(val), "Base URL must be a valid url")
+    .transform((val) => new URL(val))
+    .refine((val) => val.protocol === "http:" || val.protocol === "https:", "Base URL must use http or https protocol")
+    .refine((val) => val.pathname === "/" && val.search === "" && val.hash === "", "Base URL must have no path, query, nor hash")
+    .transform((val) => val.toString().replace(/\/$/, ""));
+const InputSchema = z.object({
+    casinoBaseUrl: BaseUrlSchema,
+    userToken: z.string().min(1, "User token required"),
+});
 export const HubAuthenticatePlugin = makeExtendSchemaPlugin(() => {
     return {
         typeDefs: gql `
@@ -38,9 +50,18 @@ export const HubAuthenticatePlugin = makeExtendSchemaPlugin(() => {
                 hubAuthenticate(_, { $input }) {
                     try {
                         const $context = context();
-                        const $success = sideEffect([$input, $context], ([input, context]) => {
+                        const $success = sideEffect([$input, $context], ([rawInput, context]) => {
                             return withPgPoolTransaction(superuserPool, async (pgClient) => {
-                                assert(is(input));
+                                let input;
+                                try {
+                                    input = InputSchema.parse(rawInput);
+                                }
+                                catch (e) {
+                                    if (e instanceof z.ZodError) {
+                                        throw new GraphQLError(e.errors[0].message);
+                                    }
+                                    throw e;
+                                }
                                 const { userToken: jwt, casinoBaseUrl } = input;
                                 const casino = await pgClient
                                     .query({

package/dist/src/plugins/hub-make-outcome-bet.d.ts

@@ -0,0 +1,84 @@
+import { z } from "zod";
+import { Result } from "../util.js";
+declare const OutcomeSchema: z.ZodObject<{
+    weight: z.ZodNumber;
+    profit: z.ZodNumber;
+}, "strict", z.ZodTypeAny, {
+    weight: number;
+    profit: number;
+}, {
+    weight: number;
+    profit: number;
+}>;
+declare const InputSchema: z.ZodObject<{
+    kind: z.ZodString;
+    wager: z.ZodNumber;
+    currency: z.ZodString;
+    outcomes: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodObject<{
+        weight: z.ZodNumber;
+        profit: z.ZodNumber;
+    }, "strict", z.ZodTypeAny, {
+        weight: number;
+        profit: number;
+    }, {
+        weight: number;
+        profit: number;
+    }>, "many">, {
+        weight: number;
+        profit: number;
+    }[], {
+        weight: number;
+        profit: number;
+    }[]>, {
+        weight: number;
+        profit: number;
+    }[], {
+        weight: number;
+        profit: number;
+    }[]>;
+    hashChainId: z.ZodString;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+}, "strict", z.ZodTypeAny, {
+    currency: string;
+    kind: string;
+    hashChainId: string;
+    wager: number;
+    outcomes: {
+        weight: number;
+        profit: number;
+    }[];
+    metadata?: Record<string, any> | undefined;
+}, {
+    currency: string;
+    kind: string;
+    hashChainId: string;
+    wager: number;
+    outcomes: {
+        weight: number;
+        profit: number;
+    }[];
+    metadata?: Record<string, any> | undefined;
+}>;
+type Input = z.infer<typeof InputSchema>;
+type Outcome = z.infer<typeof OutcomeSchema>;
+type FinalizeMetadataData = {
+    wager: number;
+    currencyKey: string;
+    clientSeed: string;
+    hash: Uint8Array;
+    outcomes: Outcome[];
+    outcomeIdx: number;
+};
+export type OutcomeBetConfig = {
+    houseEdge: number;
+    saveOutcomes: boolean;
+    initializeMetadataFromUntrustedUserInput?: (input: Input) => Result<Record<string, any>, string>;
+    finalizeMetadata?: (validatedMetadata: Record<string, any>, data: FinalizeMetadataData) => Record<string, any>;
+};
+export type OutcomeBetConfigMap<BetKind extends string> = {
+    [betKind in BetKind]: OutcomeBetConfig;
+};
+export declare function MakeOutcomeBetPlugin<BetKind extends string>({ betConfigs }: {
+    betConfigs: OutcomeBetConfigMap<BetKind>;
+}): GraphileConfig.Plugin;
+export {};