Merge pull request #6 from Apillon/main

Additional backend validations, code cleanup and minor bugfixing
Apillon · Feb 15, 2024 · 389b0a6 · 389b0a6
2 parents 0e0a35d + 84c9dd0
commit 389b0a6
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 13 deletions.
diff --git a/backend/src/config/values.ts b/backend/src/config/values.ts
@@ -80,6 +80,8 @@ export enum ValidatorErrorCode {
   CAPTCHA_NOT_CONFIGURED = 422005,
   CAPTCHA_NOT_PRESENT = 422006,
   CAPTCHA_INVALID = 422007,
+  USER_ALREADY_MINTED = 422008,
+  WALLET_BELONGS_TO_ANOTHER_USER = 422009,
   DATA_MODEL_STATUS_MISSING = 422100,
   DATA_MODEL_INVALID_STATUS = 422101,
 }

diff --git a/backend/src/cron.ts b/backend/src/cron.ts
@@ -7,7 +7,6 @@ import { SmtpSendTemplate } from "./lib/node-mailer";
 import { env } from "./config/env";
 import { generateEmailAirdropToken } from "./lib/jwt";
 import { LogType, writeLog } from "./lib/logger";
-import { LogLevel, Nft } from "@apillon/sdk";
 
 export class Cron {
   private cronJobs: CronJob[] = [];
@@ -56,7 +55,6 @@ export class Cron {
     }
 
     const conn = await mysql.start();
-    await conn.beginTransaction();
 
     try {
       const res = await conn.execute(
@@ -136,7 +134,6 @@ export class Cron {
   async processExpiredClaims() {
     const mysql = await MysqlConnectionManager.getInstance();
     const conn = await mysql.start();
-    await conn.beginTransaction();
 
     try {
       const res = await conn.execute(

diff --git a/backend/src/lib/captcha.ts b/backend/src/lib/captcha.ts
@@ -10,6 +10,7 @@ export type Captcha = { eKey: string; token: string };
  * @returns {Promise<boolean>}
  */
 export async function checkCaptcha(captchaToken: string): Promise<boolean> {
+  //Skip check for local_dev and test environment
   if (
     [AppEnvironment.LOCAL_DEV, AppEnvironment.TEST].includes(
       env.APP_ENV as AppEnvironment
@@ -18,20 +19,16 @@ export async function checkCaptcha(captchaToken: string): Promise<boolean> {
     return true;
   }
 
+  //If captcha is not configured, skip check
   if (!env.CAPTCHA_SECRET) {
-    throwCodeException(ValidatorErrorCode.CAPTCHA_NOT_CONFIGURED);
+    return true;
   }
 
   if (!captchaToken) {
     throwCodeException(ValidatorErrorCode.CAPTCHA_NOT_PRESENT);
   }
 
-  if (
-    env.APP_ENV != AppEnvironment.LOCAL_DEV! &&
-    (await verifyCaptcha(captchaToken))
-  ) {
-    throwCodeException(ValidatorErrorCode.CAPTCHA_INVALID);
-  }
+  await verifyCaptcha(captchaToken);
 
   return true;
 }
@@ -44,7 +41,7 @@ async function verifyCaptcha(
     return (await verify(secret, token)).success;
   } catch (err) {
     console.error("Error verifying captcha!", err);
-    throw err;
+    throwCodeException(ValidatorErrorCode.CAPTCHA_INVALID);
   }
 }
 

diff --git a/backend/src/models/user.ts b/backend/src/models/user.ts
@@ -10,7 +10,7 @@ import { BaseSqlModel, prop } from "./base-sql-model";
 import { stringTrimParser } from "../lib/parsers";
 import { dateParser, integerParser, stringParser } from "@rawmodel/parsers";
 import { Context } from "../context";
-import { SqlError } from "../lib/errors";
+import { ResourceError, SqlError } from "../lib/errors";
 import { getQueryParams, selectAndCountQuery } from "../lib/sql-utils";
 
 export enum AirdropStatus {
@@ -154,6 +154,29 @@ export class User extends BaseSqlModel {
     }
   }
 
+  /**
+   * user wallet validation - Wallet should be used with only one user
+   */
+  public async validateWallet() {
+    const data = await this.db().paramQuery(
+      `
+      SELECT 1
+      FROM user
+      WHERE email <> @email
+      AND wallet = @wallet;
+    `,
+      {
+        email: this.email,
+        wallet: this.wallet,
+      }
+    );
+    if (data && data.length) {
+      throw new ResourceError(
+        ValidatorErrorCode.WALLET_BELONGS_TO_ANOTHER_USER
+      );
+    }
+  }
+
   public async populateByEmail(email: string) {
     const data = await this.db().paramQuery(
       `

diff --git a/backend/src/routes/claim-airdrop.ts b/backend/src/routes/claim-airdrop.ts
@@ -1,6 +1,6 @@
 import { Application } from "express";
 import { NextFunction, Request, Response } from "../http";
-import { RouteErrorCode } from "../config/values";
+import { RouteErrorCode, ValidatorErrorCode } from "../config/values";
 import { ResourceError } from "../lib/errors";
 import { readEmailAirdropToken } from "../lib/jwt";
 import { AirdropStatus, User } from "../models/user";
@@ -57,9 +57,17 @@ export async function resolve(req: Request, res: Response): Promise<void> {
     throw new ResourceError(RouteErrorCode.USER_DOES_NOT_EXIST);
   }
 
+  if (
+    user.airdrop_status == AirdropStatus.WALLET_LINKED ||
+    user.airdrop_status == AirdropStatus.AIRDROP_COMPLETED
+  ) {
+    throw new ResourceError(ValidatorErrorCode.USER_ALREADY_MINTED);
+  }
+
   user.airdrop_status = AirdropStatus.WALLET_LINKED;
   user.wallet = wallet;
 
+  await user.validateWallet();
   await user.update();
 
   const collection = new Nft({