[Job Launcher] Crypto payments for whitelisted users (#2594)

* Crypto payments for whitelisted users

* UserId not null in whitelist table

Author: flopez7

packages/apps/job-launcher/server/src/common/guards/whitelist.auth.ts

@@ -0,0 +1,31 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  HttpStatus,
+  Injectable,
+} from '@nestjs/common';
+import { WhitelistService } from '../../modules/whitelist/whitelist.service';
+import { ControlledError } from '../errors/controlled';
+
+@Injectable()
+export class WhitelistAuthGuard implements CanActivate {
+  constructor(private readonly whitelistService: WhitelistService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    const user = request.user;
+
+    if (!user) {
+      throw new ControlledError('User not found.', HttpStatus.UNAUTHORIZED);
+    }
+
+    const isWhitelisted = await this.whitelistService.isUserWhitelisted(
+      user.id,
+    );
+    if (!isWhitelisted) {
+      throw new ControlledError('Unauthorized.', HttpStatus.UNAUTHORIZED);
+    }
+
+    return true;
+  }
+}

packages/apps/job-launcher/server/src/database/database.module.ts

@@ -15,6 +15,7 @@ import { ApiKeyEntity } from '../modules/auth/apikey.entity';
 import { WebhookEntity } from '../modules/webhook/webhook.entity';
 import { LoggerOptions } from 'typeorm';
 import { CronJobEntity } from '../modules/cron-job/cron-job.entity';
+import { WhitelistEntity } from 'src/modules/whitelist/whitelist.entity';
 
 @Module({
   imports: [
@@ -47,6 +48,7 @@ import { CronJobEntity } from '../modules/cron-job/cron-job.entity';
             PaymentEntity,
             WebhookEntity,
             CronJobEntity,
+            WhitelistEntity,
           ],
           // We are using migrations, synchronize should be set to false.
           synchronize: false,

packages/apps/job-launcher/server/src/database/migrations/1728374018070-whitelist.ts

@@ -0,0 +1,29 @@
+import { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class Whitelist1728374018070 implements MigrationInterface {
+  name = 'Whitelist1728374018070';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+            CREATE TABLE "hmt"."whitelist" (
+                "id" SERIAL NOT NULL,
+                "user_id" integer NOT NULL,
+                CONSTRAINT "REL_963f4d9041f735ed614cf1f3ac" UNIQUE ("user_id"),
+                CONSTRAINT "PK_0169bfbd49b0511243f7a068cec" PRIMARY KEY ("id")
+            )
+        `);
+    await queryRunner.query(`
+            ALTER TABLE "hmt"."whitelist"
+            ADD CONSTRAINT "FK_963f4d9041f735ed614cf1f3acf" FOREIGN KEY ("user_id") REFERENCES "hmt"."users"("id") ON DELETE NO ACTION ON UPDATE NO ACTION
+        `);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+            ALTER TABLE "hmt"."whitelist" DROP CONSTRAINT "FK_963f4d9041f735ed614cf1f3acf"
+        `);
+    await queryRunner.query(`
+            DROP TABLE "hmt"."whitelist"
+        `);
+  }
+}

packages/apps/job-launcher/server/src/modules/payment/payment.controller.ts

@@ -30,6 +30,7 @@ import { HEADER_SIGNATURE_KEY } from '../../common/constants';
 import { ControlledError } from '../../common/errors/controlled';
 import { ServerConfigService } from '../../common/config/server-config.service';
 import { RateService } from './rate.service';
+import { WhitelistAuthGuard } from 'src/common/guards/whitelist.auth';
 
 @ApiBearerAuth()
 @UseGuards(JwtAuthGuard)
@@ -128,6 +129,7 @@ export class PaymentController {
     status: 409,
     description: 'Conflict. Conflict with the current state of the server.',
   })
+  @UseGuards(WhitelistAuthGuard)
   @Post('/crypto')
   public async createCryptoPayment(
     @Headers(HEADER_SIGNATURE_KEY) signature: string,

packages/apps/job-launcher/server/src/modules/payment/payment.module.ts

@@ -10,13 +10,15 @@ import { PaymentRepository } from './payment.repository';
 import { HttpModule } from '@nestjs/axios';
 import { Web3Module } from '../web3/web3.module';
 import { RateService } from './rate.service';
+import { WhitelistModule } from '../whitelist/whitelist.module';
 
 @Module({
   imports: [
     HttpModule,
     TypeOrmModule.forFeature([PaymentEntity]),
     ConfigModule,
     Web3Module,
+    WhitelistModule,
     MinioModule.registerAsync({
       imports: [ConfigModule],
       inject: [ConfigService],

packages/apps/job-launcher/server/src/modules/user/user.entity.ts

@@ -8,6 +8,7 @@ import { UserStatus, UserType } from '../../common/enums/user';
 import { PaymentEntity } from '../payment/payment.entity';
 import { JobEntity } from '../job/job.entity';
 import { ApiKeyEntity } from '../auth/apikey.entity';
+import { WhitelistEntity } from '../whitelist/whitelist.entity';
 
 @Entity({ schema: NS, name: 'users' })
 export class UserEntity extends BaseEntity implements IUser {
@@ -37,4 +38,9 @@ export class UserEntity extends BaseEntity implements IUser {
     nullable: true,
   })
   public apiKey: ApiKeyEntity;
+
+  @OneToOne(() => WhitelistEntity, (whitelist) => whitelist.user, {
+    nullable: true,
+  })
+  public whitelist: WhitelistEntity;
 }

packages/apps/job-launcher/server/src/modules/whitelist/whitelist.entity.ts

@@ -0,0 +1,13 @@
+import { NS } from '../../common/constants';
+import { Entity, PrimaryGeneratedColumn, OneToOne, JoinColumn } from 'typeorm';
+import { UserEntity } from '../user/user.entity';
+
+@Entity({ schema: NS, name: 'whitelist' })
+export class WhitelistEntity {
+  @PrimaryGeneratedColumn()
+  id: number;
+
+  @JoinColumn()
+  @OneToOne(() => UserEntity, { nullable: false })
+  public user: UserEntity;
+}

packages/apps/job-launcher/server/src/modules/whitelist/whitelist.module.ts

@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { WhitelistService } from './whitelist.service';
+import { WhitelistEntity } from './whitelist.entity';
+import { WhitelistRepository } from './whitelist.repository';
+
+@Module({
+  imports: [TypeOrmModule.forFeature([WhitelistEntity])],
+  providers: [WhitelistService, WhitelistRepository],
+  exports: [WhitelistService, WhitelistRepository],
+})
+export class WhitelistModule {}

packages/apps/job-launcher/server/src/modules/whitelist/whitelist.repository.ts

@@ -0,0 +1,18 @@
+import { Injectable } from '@nestjs/common';
+import { DataSource } from 'typeorm';
+import { BaseRepository } from '../../database/base.repository';
+import { WhitelistEntity } from './whitelist.entity';
+
+@Injectable()
+export class WhitelistRepository extends BaseRepository<WhitelistEntity> {
+  constructor(private dataSource: DataSource) {
+    super(WhitelistEntity, dataSource);
+  }
+
+  public findOneByUserId(userId: number): Promise<WhitelistEntity | null> {
+    return this.findOne({
+      where: { user: { id: userId } },
+      relations: ['user'],
+    });
+  }
+}

packages/apps/job-launcher/server/src/modules/whitelist/whitelist.service.spec.ts

@@ -0,0 +1,51 @@
+import { Test } from '@nestjs/testing';
+import { WhitelistService } from './whitelist.service';
+import { WhitelistRepository } from './whitelist.repository';
+import { createMock } from '@golevelup/ts-jest';
+
+describe('WhitelistService', () => {
+  let whitelistService: WhitelistService;
+  let whitelistRepository: WhitelistRepository;
+
+  beforeAll(async () => {
+    const moduleRef = await Test.createTestingModule({
+      providers: [
+        WhitelistService,
+        {
+          provide: WhitelistRepository,
+          useValue: createMock<WhitelistRepository>(),
+        },
+      ],
+    }).compile();
+
+    whitelistService = moduleRef.get<WhitelistService>(WhitelistService);
+    whitelistRepository =
+      moduleRef.get<WhitelistRepository>(WhitelistRepository);
+  });
+
+  describe('isUserWhitelisted', () => {
+    it('should return true if user is whitelisted', async () => {
+      const userId = 1;
+      jest
+        .spyOn(whitelistRepository, 'findOneByUserId')
+        .mockResolvedValue({ id: 1, user: { id: userId } as any });
+
+      const result = await whitelistService.isUserWhitelisted(userId);
+
+      expect(whitelistRepository.findOneByUserId).toHaveBeenCalledWith(userId);
+      expect(result).toBe(true);
+    });
+
+    it('should return false if user is not whitelisted', async () => {
+      const userId = 2;
+      jest
+        .spyOn(whitelistRepository, 'findOneByUserId')
+        .mockResolvedValue(null);
+
+      const result = await whitelistService.isUserWhitelisted(userId);
+
+      expect(whitelistRepository.findOneByUserId).toHaveBeenCalledWith(userId);
+      expect(result).toBe(false);
+    });
+  });
+});