@riocrypto/common-server 1.0.2702 → 1.0.2705
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/clients/cluster-client.d.ts +8 -3
- package/build/clients/cluster-client.js +21 -1
- package/build/middlewares/authorize.d.ts +1 -0
- package/build/middlewares/authorize.js +26 -1
- package/build/models/auth.d.ts +19 -3
- package/build/models/auth.js +37 -1
- package/build/models/telegram-session.d.ts +2 -0
- package/build/models/telegram-session.js +3 -0
- package/package.json +2 -2
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Quote, Fiat, Crypto, BitsoBankAccount, Side, Country, Order, CryptoAddress, BankAccount, AuthRole, Auth, ImportOrderData, TreasuryProvider, FXProvider, EmarketsFXTrade, ExternalTradingAlgorithm, ExternalTrade, ExternalTradeType, ExternalTradingProvider, ExternalTradingAlgorithmType, STPMXNWithdrawal, AuthPermission, DeferredPaymentType, TwoWaySettlementType, OrderType, EmarketsSettlementType, EmarketsOrderType, BulkBankPayout, BulkCryptoPayout, BulkBankPayment, BulkCryptoPayment, OrderStatus, TWAPSession, TransnetworkFXTrade, TransnetworkSettlementType, TransnetworkOrderType } from "@riocrypto/common";
|
|
1
|
+
import { Quote, Fiat, Crypto, BitsoBankAccount, Side, Country, Order, CryptoAddress, BankAccount, AuthRole, Auth, ImportOrderData, TreasuryProvider, FXProvider, EmarketsFXTrade, ExternalTradingAlgorithm, ExternalTrade, ExternalTradeType, ExternalTradingProvider, ExternalTradingAlgorithmType, STPMXNWithdrawal, AuthPermission, DeferredPaymentType, TwoWaySettlementType, OrderType, EmarketsSettlementType, EmarketsOrderType, BulkBankPayout, BulkCryptoPayout, BulkBankPayment, BulkCryptoPayment, OrderStatus, TWAPSession, TransnetworkFXTrade, TransnetworkSettlementType, TransnetworkOrderType, AuthMethod } from "@riocrypto/common";
|
|
2
2
|
import { STPMXNWithdrawalDoc } from "../models/STP-mxn-withdrawal";
|
|
3
3
|
declare class ClusterClient {
|
|
4
4
|
private baseUrl;
|
|
@@ -59,8 +59,8 @@ declare class ClusterClient {
|
|
|
59
59
|
checkBankPayment(orderId: string): Promise<void>;
|
|
60
60
|
checkCryptoPayment(orderId: string): Promise<void>;
|
|
61
61
|
createBitsoBankAccount(userId: string): Promise<BitsoBankAccount>;
|
|
62
|
-
createAuthWithoutRegistration({ phoneNumber, firstName, lastName, role, permissions, telegramUsername, telegramUserId, slackUsername, email, }: {
|
|
63
|
-
phoneNumber
|
|
62
|
+
createAuthWithoutRegistration({ phoneNumber, firstName, lastName, role, permissions, telegramUsername, telegramUserId, slackUsername, email, authMethod, }: {
|
|
63
|
+
phoneNumber?: string;
|
|
64
64
|
firstName: string;
|
|
65
65
|
lastName: string;
|
|
66
66
|
role?: AuthRole;
|
|
@@ -69,6 +69,7 @@ declare class ClusterClient {
|
|
|
69
69
|
telegramUserId?: string;
|
|
70
70
|
slackUsername?: string;
|
|
71
71
|
email: string;
|
|
72
|
+
authMethod?: AuthMethod;
|
|
72
73
|
}): Promise<Auth>;
|
|
73
74
|
getLiquidityAvailable(): Promise<{
|
|
74
75
|
buy: number;
|
|
@@ -91,6 +92,10 @@ declare class ClusterClient {
|
|
|
91
92
|
hasAuthenticatorEnabled: boolean;
|
|
92
93
|
}>;
|
|
93
94
|
verifyCode(phoneNumber: string, code?: string, authenticatorCode?: string): Promise<void>;
|
|
95
|
+
sendEmailVerificationCode(email: string): Promise<{
|
|
96
|
+
hasAuthenticatorEnabled: boolean;
|
|
97
|
+
}>;
|
|
98
|
+
verifyEmailCode(email: string, code: string): Promise<void>;
|
|
94
99
|
sendVerificationEmail(userId: string, country?: Country): Promise<void>;
|
|
95
100
|
registerFXTrade(orderId: string, provider: FXProvider, amount: number, price: number): Promise<void>;
|
|
96
101
|
generateInvoice(orderId: string): Promise<void>;
|
|
@@ -192,7 +192,7 @@ class ClusterClient {
|
|
|
192
192
|
return response.data;
|
|
193
193
|
});
|
|
194
194
|
}
|
|
195
|
-
createAuthWithoutRegistration({ phoneNumber, firstName, lastName, role, permissions, telegramUsername, telegramUserId, slackUsername, email, }) {
|
|
195
|
+
createAuthWithoutRegistration({ phoneNumber, firstName, lastName, role, permissions, telegramUsername, telegramUserId, slackUsername, email, authMethod, }) {
|
|
196
196
|
return __awaiter(this, void 0, void 0, function* () {
|
|
197
197
|
const response = yield this.axios.post(`${this.baseUrl}/api/auth/unregistered`, {
|
|
198
198
|
phoneNumber,
|
|
@@ -201,6 +201,7 @@ class ClusterClient {
|
|
|
201
201
|
role,
|
|
202
202
|
email,
|
|
203
203
|
permissions,
|
|
204
|
+
authMethod,
|
|
204
205
|
telegram: {
|
|
205
206
|
username: telegramUsername,
|
|
206
207
|
telegramUserId: telegramUserId,
|
|
@@ -301,6 +302,25 @@ class ClusterClient {
|
|
|
301
302
|
});
|
|
302
303
|
});
|
|
303
304
|
}
|
|
305
|
+
sendEmailVerificationCode(email) {
|
|
306
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
307
|
+
const response = yield this.axios.post(`${this.baseUrl}/api/auth/email/send-verification`, { email }, {
|
|
308
|
+
headers: {
|
|
309
|
+
"x-cluster-api-key": this.clusterApiKey,
|
|
310
|
+
},
|
|
311
|
+
});
|
|
312
|
+
return response.data;
|
|
313
|
+
});
|
|
314
|
+
}
|
|
315
|
+
verifyEmailCode(email, code) {
|
|
316
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
317
|
+
yield this.axios.post(`${this.baseUrl}/api/auth/email/verify`, { email, code }, {
|
|
318
|
+
headers: {
|
|
319
|
+
"x-cluster-api-key": this.clusterApiKey,
|
|
320
|
+
},
|
|
321
|
+
});
|
|
322
|
+
});
|
|
323
|
+
}
|
|
304
324
|
sendVerificationEmail(userId, country) {
|
|
305
325
|
return __awaiter(this, void 0, void 0, function* () {
|
|
306
326
|
yield this.axios.post(`${this.baseUrl}/api/kyc/email`, {
|
|
@@ -21,7 +21,7 @@ const apiKey_1 = require("../services/apiKey");
|
|
|
21
21
|
const secret_manager_client_1 = require("../clients/secret-manager-client");
|
|
22
22
|
const admin_auth_1 = require("../models/admin-auth");
|
|
23
23
|
const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(void 0, void 0, void 0, function* () {
|
|
24
|
-
var _a, _b;
|
|
24
|
+
var _a, _b, _c;
|
|
25
25
|
// Prepare promises for parallel execution
|
|
26
26
|
const promises = [];
|
|
27
27
|
// Check for cluster API key - only if needed
|
|
@@ -175,6 +175,28 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
|
|
|
175
175
|
}))());
|
|
176
176
|
}
|
|
177
177
|
}
|
|
178
|
+
// Check for AuthMissing2FA token - only if needed
|
|
179
|
+
if (authorizationTypes.includes(common_1.AuthorizationType.AuthMissing2FA)) {
|
|
180
|
+
const authMissing2FAToken = (_c = req.cookies) === null || _c === void 0 ? void 0 : _c.authMissing2FAToken;
|
|
181
|
+
if (authMissing2FAToken) {
|
|
182
|
+
promises.push((() => __awaiter(void 0, void 0, void 0, function* () {
|
|
183
|
+
try {
|
|
184
|
+
const AUTH_MISSING_2FA_SECRET = yield secret_manager_client_1.secretManagerClient.getSecretValue("AUTH_MISSING_2FA_SECRET");
|
|
185
|
+
if (!AUTH_MISSING_2FA_SECRET) {
|
|
186
|
+
return;
|
|
187
|
+
}
|
|
188
|
+
const payload = jsonwebtoken_1.default.verify(authMissing2FAToken, AUTH_MISSING_2FA_SECRET);
|
|
189
|
+
const Auth = yield (0, auth_1.buildAuth)(mongoose);
|
|
190
|
+
const auth = yield Auth.findById(payload.id);
|
|
191
|
+
if (auth && !auth.isDisabled) {
|
|
192
|
+
req.auth = auth;
|
|
193
|
+
req.isAuthMissing2FA = true;
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
catch (err) { }
|
|
197
|
+
}))());
|
|
198
|
+
}
|
|
199
|
+
}
|
|
178
200
|
// Wait for all promises to complete
|
|
179
201
|
yield Promise.all(promises);
|
|
180
202
|
// Check authorization results and proceed if authorized
|
|
@@ -184,6 +206,9 @@ const authorize = (req, res, next, mongoose, authorizationTypes) => __awaiter(vo
|
|
|
184
206
|
(authorizationTypes.includes(common_1.AuthorizationType.GenesisAdmin) &&
|
|
185
207
|
req.validGenisisAdminKey) ||
|
|
186
208
|
(authorizationTypes.includes(common_1.AuthorizationType.Auth) && req.auth) ||
|
|
209
|
+
(authorizationTypes.includes(common_1.AuthorizationType.AuthMissing2FA) &&
|
|
210
|
+
req.auth &&
|
|
211
|
+
req.isAuthMissing2FA) ||
|
|
187
212
|
(authorizationTypes.includes(common_1.AuthorizationType.AdminAuth) &&
|
|
188
213
|
req.adminAuth) ||
|
|
189
214
|
((authorizationTypes.includes(common_1.AuthorizationType.User) ||
|
package/build/models/auth.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { APIKey, AuthRole, SecurityQuestion, AuthPermission } from "@riocrypto/common";
|
|
1
|
+
import { APIKey, AuthMethod, AuthRole, SecurityQuestion, AuthPermission } from "@riocrypto/common";
|
|
2
2
|
import { Mongoose, Model, Document } from "mongoose";
|
|
3
3
|
interface AuthAttrs {
|
|
4
|
-
phoneNumber
|
|
4
|
+
phoneNumber?: string;
|
|
5
5
|
password?: string;
|
|
6
6
|
email?: string;
|
|
7
7
|
missingRegistration?: boolean;
|
|
@@ -28,9 +28,17 @@ interface AuthAttrs {
|
|
|
28
28
|
secondLastName?: string;
|
|
29
29
|
role?: AuthRole;
|
|
30
30
|
permissions?: AuthPermission[];
|
|
31
|
+
emailVerified?: boolean;
|
|
32
|
+
emailVerifiedAt?: Date;
|
|
33
|
+
emailVerificationCode?: string;
|
|
34
|
+
emailVerificationExpires?: Date;
|
|
35
|
+
emailVerificationAttempts?: number;
|
|
36
|
+
authMethod?: AuthMethod;
|
|
37
|
+
twoFactorConfigured?: boolean;
|
|
38
|
+
twoFactorMethod?: string;
|
|
31
39
|
}
|
|
32
40
|
interface AuthDoc extends Document {
|
|
33
|
-
phoneNumber
|
|
41
|
+
phoneNumber?: string;
|
|
34
42
|
password?: string;
|
|
35
43
|
email?: string;
|
|
36
44
|
missingRegistration?: boolean;
|
|
@@ -57,6 +65,14 @@ interface AuthDoc extends Document {
|
|
|
57
65
|
secondLastName?: string;
|
|
58
66
|
role?: AuthRole;
|
|
59
67
|
permissions?: AuthPermission[];
|
|
68
|
+
emailVerified?: boolean;
|
|
69
|
+
emailVerifiedAt?: Date;
|
|
70
|
+
emailVerificationCode?: string;
|
|
71
|
+
emailVerificationExpires?: Date;
|
|
72
|
+
emailVerificationAttempts?: number;
|
|
73
|
+
authMethod?: AuthMethod;
|
|
74
|
+
twoFactorConfigured?: boolean;
|
|
75
|
+
twoFactorMethod?: string;
|
|
60
76
|
}
|
|
61
77
|
interface AuthModel extends Model<AuthDoc> {
|
|
62
78
|
build(attrs: AuthAttrs): AuthDoc;
|
package/build/models/auth.js
CHANGED
|
@@ -19,7 +19,6 @@ const buildAuth = (mongoose) => {
|
|
|
19
19
|
const AuthSchema = new mongoose.Schema({
|
|
20
20
|
phoneNumber: {
|
|
21
21
|
type: String,
|
|
22
|
-
required: true,
|
|
23
22
|
},
|
|
24
23
|
email: {
|
|
25
24
|
type: String,
|
|
@@ -110,6 +109,32 @@ const buildAuth = (mongoose) => {
|
|
|
110
109
|
},
|
|
111
110
|
},
|
|
112
111
|
],
|
|
112
|
+
emailVerified: {
|
|
113
|
+
type: Boolean,
|
|
114
|
+
},
|
|
115
|
+
emailVerifiedAt: {
|
|
116
|
+
type: Date,
|
|
117
|
+
},
|
|
118
|
+
emailVerificationCode: {
|
|
119
|
+
type: String,
|
|
120
|
+
},
|
|
121
|
+
emailVerificationExpires: {
|
|
122
|
+
type: Date,
|
|
123
|
+
},
|
|
124
|
+
emailVerificationAttempts: {
|
|
125
|
+
type: Number,
|
|
126
|
+
default: 0,
|
|
127
|
+
},
|
|
128
|
+
authMethod: {
|
|
129
|
+
type: String,
|
|
130
|
+
},
|
|
131
|
+
twoFactorConfigured: {
|
|
132
|
+
type: Boolean,
|
|
133
|
+
default: false,
|
|
134
|
+
},
|
|
135
|
+
twoFactorMethod: {
|
|
136
|
+
type: String,
|
|
137
|
+
},
|
|
113
138
|
}, {
|
|
114
139
|
toJSON: {
|
|
115
140
|
transform(doc, ret) {
|
|
@@ -123,6 +148,9 @@ const buildAuth = (mongoose) => {
|
|
|
123
148
|
if (ret.authenticator && ret.authenticator.secret) {
|
|
124
149
|
delete ret.authenticator.secret;
|
|
125
150
|
}
|
|
151
|
+
delete ret.emailVerificationCode;
|
|
152
|
+
delete ret.emailVerificationExpires;
|
|
153
|
+
delete ret.emailVerificationAttempts;
|
|
126
154
|
for (let apiKey of ret.apiKeys) {
|
|
127
155
|
delete apiKey.value;
|
|
128
156
|
}
|
|
@@ -148,6 +176,14 @@ const buildAuth = (mongoose) => {
|
|
|
148
176
|
AuthSchema.statics.build = (attrs) => {
|
|
149
177
|
return new Auth(attrs);
|
|
150
178
|
};
|
|
179
|
+
AuthSchema.index({ email: 1 }, {
|
|
180
|
+
unique: true,
|
|
181
|
+
partialFilterExpression: { email: { $type: "string" } },
|
|
182
|
+
});
|
|
183
|
+
AuthSchema.index({ phoneNumber: 1 }, {
|
|
184
|
+
unique: true,
|
|
185
|
+
partialFilterExpression: { phoneNumber: { $type: "string" } },
|
|
186
|
+
});
|
|
151
187
|
const Auth = mongoose.model("Auth", AuthSchema);
|
|
152
188
|
return Auth;
|
|
153
189
|
};
|
|
@@ -10,6 +10,7 @@ interface TelegramSessionAttrs {
|
|
|
10
10
|
state: string;
|
|
11
11
|
authId?: string;
|
|
12
12
|
hasAuthenticatorEnabled?: boolean;
|
|
13
|
+
isEmailAuth?: boolean;
|
|
13
14
|
quoteInputs?: {
|
|
14
15
|
fiat?: Fiat;
|
|
15
16
|
crypto?: Crypto;
|
|
@@ -38,6 +39,7 @@ interface TelegramSessionDoc extends mongoose.Document {
|
|
|
38
39
|
state: string;
|
|
39
40
|
authId?: string;
|
|
40
41
|
hasAuthenticatorEnabled?: boolean;
|
|
42
|
+
isEmailAuth?: boolean;
|
|
41
43
|
quoteInputs?: {
|
|
42
44
|
fiat?: Fiat;
|
|
43
45
|
crypto?: Crypto;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@riocrypto/common-server",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2705",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "./build/index.js",
|
|
6
6
|
"types": "./build/index.d.ts",
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
"@google-cloud/secret-manager": "^5.3.0",
|
|
29
29
|
"@google-cloud/storage": "^6.9.5",
|
|
30
30
|
"@hyperdx/node-opentelemetry": "^0.7.0",
|
|
31
|
-
"@riocrypto/common": "^1.0.
|
|
31
|
+
"@riocrypto/common": "^1.0.2504",
|
|
32
32
|
"@types/express": "^4.17.13",
|
|
33
33
|
"axios": "^1.7.4",
|
|
34
34
|
"crypto-js": "^4.2.0",
|