Merge pull request #125 from humanity-cash/fix/validators

Fix/validators

api/src/middlewares/index.ts

@@ -20,11 +20,6 @@ export const verifyRequest: express.RequestHandler = async (
       try {
         const verifyResponse = await verifyCognitoToken(authHeader);
         if (verifyResponse?.success) {
-          /** Extract user Id from token
-            const id = verifyResponse.token.username;
-            request.userId = id;
-            console.log(`Verified ${id} successfully`);
-          */
           next();
         } else {
           response

api/src/router/admin/index.ts

@@ -8,11 +8,13 @@ admin.post("/admin/pause", verifyRequest, controller.adminPause);
 admin.post("/admin/unpause", verifyRequest, controller.adminUnpause);
 admin.post(
   "/admin/transfer/controller",
+  verifyRequest,
   validator.transferOwnerController,
   controller.transferControllerOwner
 );
 admin.post(
   "/admin/transfer/user",
+  verifyRequest,
   validator.transferOwnerUser,
   controller.transferWalletOwner
 );

api/src/router/user/index.ts

@@ -1,73 +1,107 @@
 import express from "express";
+import { verifyRequest } from "src/middlewares";
 import * as controller from "./controller";
 import * as validators from "./validators";
 
 const user = express();
 
 // Get and create user(s)
 user.get("/users", controller.getAllUsers);
-user.post("/users", validators.createUser, controller.createUser);
+user.post(
+  "/users",
+  verifyRequest,
+  validators.createUser,
+  controller.createUser
+);
 user.get("/users/:id", validators.getUser, controller.getUser); // User dwolla info
 user.get("/users/email/:email", controller.getUserByEmail); // User database info
 
 // Get and create deposit(s) for a user
 user.get("/users/:id/deposit", validators.getUser, controller.getDeposits);
-user.post("/users/:id/deposit", validators.deposit, controller.deposit);
+user.post(
+  "/users/:id/deposit",
+  verifyRequest,
+  validators.deposit,
+  controller.deposit
+);
 
 // Get and create withdrawal(s) for a user
 user.get("/users/:id/withdraw", validators.getUser, controller.getWithdrawals);
-user.post("/users/:id/withdraw", validators.withdraw, controller.withdraw);
+user.post(
+  "/users/:id/withdraw",
+  verifyRequest,
+  validators.withdraw,
+  controller.withdraw
+);
 
 // Get and create transfer(s) for a user
 user.get("/users/:id/transfer", validators.getUser, controller.getTransfers);
-user.post("/users/:id/transfer", validators.transfer, controller.transferTo);
+user.post(
+  "/users/:id/transfer",
+  verifyRequest,
+  validators.transfer,
+  controller.transferTo
+);
 
 // Get Dwolla iav-token for a user (via POST)
-user.post("/users/:id/iav-token", validators.getUser, controller.getIAVToken);
+user.post(
+  "/users/:id/iav-token",
+  verifyRequest,
+  validators.getUser,
+  controller.getIAVToken
+);
 
 // Get funding sources for a user
 user.get(
   "/users/:id/funding-sources",
+  verifyRequest,
   validators.getUser,
   controller.getFundingSources
 );
 
 // Get and close notifications for a user
 user.get(
   "/users/:id/notifications",
+  verifyRequest,
   validators.getUser,
   controller.getNotifications
 );
+
 user.delete(
   "/users/:id/notifications/:notificationId",
+  verifyRequest,
   validators.notifications,
   controller.closeNotification
 );
 
 // Add Customer account to existing Business account
 user.post(
   "/users/:id/customer",
+  verifyRequest,
   validators.addCustomer,
   controller.addCustomer
 );
 
 // Add Business account to existing Customer account
 user.post(
   "/users/:id/business",
+  verifyRequest,
   validators.addBusiness,
   controller.addBusiness
 );
 
 // Update existing Customer Account
 user.put(
   "/users/:id/customer/profile",
+  verifyRequest,
   validators.updateCustomerProfile,
   controller.updateCustomerProfile
 );
 
 // Update existing Business Account
 user.put(
   "/users/:id/business/profile",
+  verifyRequest,
   validators.updateBusinessProfile,
   controller.updateBusinessProfile
 );

api/src/router/user/validators.ts

@@ -1,5 +1,5 @@
 import { body, param } from "express-validator";
-import { mwVaildator, verifyRequest } from "src/middlewares";
+import { mwVaildator } from "src/middlewares";
 
 const idInParams = [param("id").notEmpty(), mwVaildator];
 const notificationIdInParams = [
@@ -8,7 +8,6 @@ const notificationIdInParams = [
 ];
 
 export const createUser = [
-  verifyRequest,
   body("consent").isBoolean(),
   body("email").isEmail(),
   body("type").isString(), // 'customer' | 'business'
@@ -45,23 +44,13 @@ export const createUser = [
   mwVaildator,
 ];
 
-export const notifications = [
-  verifyRequest,
-  ...idInParams,
-  ...notificationIdInParams,
-];
+export const notifications = [...idInParams, ...notificationIdInParams];
 
-export const getUser = [verifyRequest, ...idInParams];
+export const getUser = [...idInParams];
 
-export const deposit = [
-  verifyRequest,
-  ...idInParams,
-  body("amount").isString(),
-  mwVaildator,
-];
+export const deposit = [...idInParams, body("amount").isString(), mwVaildator];
 
 export const addCustomer = [
-  verifyRequest,
   ...idInParams,
   body("customer.tag").isString(),
   body("customer.avatar").isString(),
@@ -76,15 +65,13 @@ export const addCustomer = [
 ];
 
 export const updateCustomerProfile = [
-  verifyRequest,
   ...idInParams,
   body("customer.tag").isString(),
   body("customer.avatar").isString(),
   mwVaildator,
 ];
 
 export const updateBusinessProfile = [
-  verifyRequest,
   ...idInParams,
   body("business.story").isString(),
   body("business.tag").isString(),
@@ -99,7 +86,6 @@ export const updateBusinessProfile = [
 ];
 
 export const addBusiness = [
-  verifyRequest,
   ...idInParams,
   body("business.story").isString(),
   body("business.tag").isString(),
@@ -124,15 +110,9 @@ export const addBusiness = [
   mwVaildator,
 ];
 
-export const withdraw = [
-  verifyRequest,
-  ...idInParams,
-  body("amount").isString(),
-  mwVaildator,
-];
+export const withdraw = [...idInParams, body("amount").isString(), mwVaildator];
 
 export const transfer = [
-  verifyRequest,
   ...idInParams,
   body("toUserId").isString(),
   body("amount").isString(),