Implement phone verification service

server/src/core/app.ts

@@ -5,6 +5,7 @@ import { DonationDistributionService } from './distribution';
 import { StatsService } from './stat';
 import { DistributionReportService } from './distribution-report';
 import { BulkMessageService } from './bulk-messaging';
+import { VerificationService } from './phone-verification';
 
 export interface App {
   users: UserService;
@@ -13,6 +14,7 @@ export interface App {
   donationDistributions: DonationDistributionService;
   stats: StatsService;
   distributionReports: DistributionReportService;
+  phoneVerification: VerificationService;
   bulkMessages: BulkMessageService;
 };
 

server/src/core/bootstrap.ts

@@ -14,6 +14,7 @@ import { Statistics } from './stat';
 import { DistributionReports } from './distribution-report';
 import { Links, BitlyLinkShortener } from './link-generator';
 import { BulkMessages, DefaultMessageContextFactory } from './bulk-messaging';
+import { PhoneVerification } from './phone-verification';
 
 export async function bootstrap(config: AppConfig): Promise<App> {
   const client = await getDbConnection(config.dbUri);
@@ -66,6 +67,7 @@ export async function bootstrap(config: AppConfig): Promise<App> {
     apiKey: config.atApiKey,
     sender: config.atSmsSender
   });
+
   const emailProvider = new SendGridEmailProvider({
     apiKey: config.sendgridApiKey,
     emailSender: config.emailSender
@@ -94,6 +96,13 @@ export async function bootstrap(config: AppConfig): Promise<App> {
     links
   });
 
+  const phoneVerification = new PhoneVerification(db, { 
+    smsProvider,
+    users,
+    links,
+    eventBus
+  });
+
   const messageContextFactory = new DefaultMessageContextFactory({
     baseUrl: config.webappBaseUrl,
     linkGenerator: links
@@ -108,12 +117,14 @@ export async function bootstrap(config: AppConfig): Promise<App> {
   await users.createIndexes();
   await transactions.createIndexes();
   await invitations.createIndexes();
+  await phoneVerification.createIndexes();
 
   return {
     users,
     transactions,
     invitations,
     donationDistributions,
+    phoneVerification,
     stats,
     distributionReports,
     bulkMessages

server/src/core/error.ts

@@ -51,6 +51,7 @@ export type ErrorCode =
   | 'loginFailed'
   | 'invalidToken'
   | 'resourceNotFound'
+  | 'phoneVerificationRecordNotFound'
   | 'uniquenessFailed'
   | 'paymentRequestFailed'
   | 'b2cRequestFailed'
@@ -70,6 +71,8 @@ export type ErrorCode =
   | 'messageDeliveryFailed'
   | 'emailDeliveryFailed'
   | 'linkShorteningFailed'
+  | 'phoneAlreadyVerified'
+  | 'invalidPhoneVerificationCode'
   /**
    * This error should only be thrown when a transaction fails
    * because the user's transactions are blocked (based on the transactionsBlockedReason field)
@@ -180,4 +183,16 @@ export function createTransactionRejectedError(message: string = messages.ERROR_
 
 export function createInsufficientFundsError(message: string) {
   return createAppError(message, 'insufficientFunds');
+}
+
+export function createPhoneVerificationRecordNotFoundError(message: string) {
+  return createAppError(message, 'phoneVerificationRecordNotFound');
+}
+
+export function createPhoneAlreadyVerifiedError(message: string) {
+  return createAppError(message, 'phoneAlreadyVerified');
+}
+
+export function createInvalidPhoneVerificationCodeError(message: string) {
+  return createAppError(message, 'invalidPhoneVerificationCode');
 }

server/src/core/event/event-name.ts

@@ -1,5 +1,4 @@
 const USER_INVITATION_CREATED = 'userInvitationCreated';
 const TRANSACTION_COMPLETED = 'transactionCompleted';
 
-export { USER_INVITATION_CREATED };
-export { TRANSACTION_COMPLETED };
+export { USER_INVITATION_CREATED, TRANSACTION_COMPLETED };

server/src/core/invitation/invitation-service.ts

@@ -1,7 +1,7 @@
 import { Db, Collection } from 'mongodb';
 import { generateId } from '../util';
 import { Invitation, DbInvitation, InvitationCreateArgs, InvitationService, InvitationStatus } from './types';
-import { createDbOpFailedError, rethrowIfAppError, createResourceNotFoundError, AppError } from '../error';
+import { createDbOpFailedError, rethrowIfAppError, createResourceNotFoundError } from '../error';
 import * as validators from './validator';
 import * as messages from '../messages';
 

server/src/core/link-generator/link-generator-service.ts

@@ -52,9 +52,18 @@ export class Links implements LinkGeneratorService {
     const link = `${this.args.baseUrl}?donate=1&${encodedQuery}`;
 
     if (shorten) {
-      return this.args.shortener.shortenLink(link);
+      return await this.args.shortener.shortenLink(link);
     }
 
     return link;
   }
+
+  async getPhoneVerificationLink(id: string, shorten: boolean = true): Promise<string> {
+    const link: string = `${this.args.baseUrl}/verifications/phone/${id}`;
+    if (shorten) {
+      return await this.args.shortener.shortenLink(link);
+    }
+
+    return link;
+  }
 }

server/src/core/message/message.ts

@@ -51,6 +51,10 @@ export function createMonthlyDistributionReportEmailMessageForOccasionalDonor(do
           </p>`;
 }
 
+export function createPhoneVerificationSms(code: number, verificationLink: string): string {
+  return `Social Relief verification code: ${code}.`
+}
+
 function beneficiariesAndAmountReceived(beneficiaries: User[], receivedAmount: number[], type: MessageType): string {
   if (type === 'sms') {
     return beneficiariesAndAmountReceivedForSms(beneficiaries, receivedAmount);

server/src/core/messages.ts

@@ -28,4 +28,7 @@ export const ERROR_REFUND_REQUEST_REJECTED = 'Refund request rejected';
 export const ERROR_USER_BLOCKED_FROM_TRANSACTIONS = 'User is blocked from making transactions at the moment.';
 export const ERROR_NO_BALANCE_FOR_REFUNDS = 'No available balance to request for refund.';
 export const ERROR_TRANSACTION_REJECTED = 'Transaction rejected';
+export const ERROR_PHONE_VERIFICATION_RECORD_NOT_FOUND = 'Phone verification record not found';
+export const ERROR_PHONE_ALREADY_VERIFIED = 'Phone already verified';
+export const ERROR_INVALID_PHONE_VERIFICATION_CODE = 'Invalid phone verification code';
 

server/src/core/phone-verification/index.ts

@@ -0,0 +1,2 @@
+export { VerificationService } from './types';
+export * from './phone-verification-service';

server/src/core/phone-verification/phone-verification-service.ts

@@ -0,0 +1,229 @@
+import { Db, Collection } from 'mongodb';
+import { generateId, generatePhoneVerificationCode } from '../util';
+import { VerificationRecord, VerificationService } from './types';
+import { UserService, User } from '../user';
+import { SmsProvider } from '../sms';
+import { Links } from '../link-generator';
+import { createPhoneVerificationSms } from '../message';
+import { createDbOpFailedError, rethrowIfAppError, 
+         createPhoneVerificationRecordNotFoundError, 
+         createPhoneAlreadyVerifiedError, isMongoDuplicateKeyError,
+         createUniquenessFailedError, createInvalidPhoneVerificationCodeError  } from '../error';
+import * as messages from '../messages';
+import { EventBus, Event } from '../event';
+import * as validators from './validator';
+
+const COLLECTION = 'phone-verifications';
+const SAFE_PHONE_VERIFICATION_RECORD_PROJECTION = { 
+  _id: 1,
+  phone: 1,
+  isVerified: 1,
+  createdAt: 1,
+  updatedAt: 1
+};
+
+export interface PhoneVerificationRecord extends VerificationRecord {
+  phone: string,
+}
+
+export interface DbPhoneVerificationRecord extends PhoneVerificationRecord {
+  /**
+   * A 6-digit unique code
+   */ 
+  code: number,
+}
+
+export interface PhoneVerificationArgs {
+  smsProvider: SmsProvider;
+  users: UserService;
+  links: Links;
+  eventBus: EventBus;
+}
+
+export interface PhoneVerificationRecordCreateArgs {
+  id: string,
+  code: number;
+  phone: string;
+}
+
+export class PhoneVerification implements VerificationService {
+  private db: Db;
+  private collection: Collection<PhoneVerificationRecord>;
+  private indexesCreated: boolean;
+  private args: PhoneVerificationArgs;
+
+  constructor(db: Db, args: PhoneVerificationArgs) {
+    this.db = db;
+    this.collection = this.db.collection(COLLECTION);
+    this.args = args;
+    this.indexesCreated = false;
+  }
+
+  async create(phone: string): Promise<PhoneVerificationRecord> {
+    validators.validatesCreate(phone);
+    try {
+      const id = generateId(); // id to be given to the phone verification record
+      const code = generatePhoneVerificationCode();
+      await this.sendVerificationSms(phone, id, code);
+
+      const now = new Date();
+      const record: DbPhoneVerificationRecord = { 
+        _id: id,
+        code,
+        phone,
+        isVerified: false,
+        createdAt: now,
+        updatedAt: now,
+      }
+
+      const res = await this.collection.insertOne(record);
+      return res.ops[0];
+    }
+    catch (e) {
+      rethrowIfAppError(e);
+
+      if (isMongoDuplicateKeyError(e, phone)) {
+        throw createUniquenessFailedError(messages.ERROR_PHONE_ALREADY_IN_USE);
+      }
+
+      throw createDbOpFailedError(e.message);
+    }
+  }
+
+  public async getById(id: string): Promise<PhoneVerificationRecord> {
+    try {
+      const record = await this.collection.findOne(
+        { _id: id }, 
+        { projection: SAFE_PHONE_VERIFICATION_RECORD_PROJECTION }
+      );
+
+      if (!record) {
+        throw createPhoneVerificationRecordNotFoundError(messages.ERROR_PHONE_VERIFICATION_RECORD_NOT_FOUND);
+      }
+
+      else if (record.isVerified) {
+        throw createPhoneAlreadyVerifiedError(messages.ERROR_PHONE_ALREADY_VERIFIED);
+      }
+
+      return record;
+    }
+    catch (e) {
+      rethrowIfAppError(e);
+      throw createDbOpFailedError(e.message);
+    }
+  }
+
+  async createIndexes(): Promise<void> {
+    if (this.indexesCreated) return;
+
+    try {
+      // unique phone index
+      await this.collection.createIndex({ 'phone': 1 }, { unique: true, sparse: false });
+
+      this.indexesCreated = true;
+    }
+    catch (e) {
+      throw createDbOpFailedError(e.message);
+    }
+  }
+
+  async sendVerificationSms(phone: string, id: string, code:  number): Promise<void> {
+    try {
+      const link = await this.args.links.getPhoneVerificationLink(id);
+      const smsMessage = createPhoneVerificationSms(code, link);
+      await this.args.smsProvider.sendSms(phone, smsMessage);
+      this.createIndexes();
+    }
+    catch(e) {
+      console.error("Error occured: ", e.message);
+      rethrowIfAppError(e);
+      throw createDbOpFailedError(e.message);
+    }
+  }
+
+  public async confirmVerificationCode(id: string, code: number): Promise<PhoneVerificationRecord> {
+    validators.validatesConfirmVerificationCode({ recordId: id, code});
+    try {
+      let record = await this.collection.findOne(
+        { _id: id }, 
+        { projection: SAFE_PHONE_VERIFICATION_RECORD_PROJECTION }
+      );
+
+      if (!record) {
+        throw createPhoneVerificationRecordNotFoundError(messages.ERROR_PHONE_VERIFICATION_RECORD_NOT_FOUND);
+      }
+
+      else if (record.isVerified) {
+        throw createPhoneAlreadyVerifiedError(messages.ERROR_PHONE_ALREADY_VERIFIED);
+      }
+
+      else {
+        record = await this.collection.findOne(
+          { _id: id, code }, 
+          { projection: SAFE_PHONE_VERIFICATION_RECORD_PROJECTION }
+        );
+
+        if (!record) {
+          throw createInvalidPhoneVerificationCodeError(messages.ERROR_INVALID_PHONE_VERIFICATION_CODE);
+        }
+
+        const result = await this.collection.findOneAndUpdate(
+          { _id: id },
+          {
+            $set: { isVerified: true },
+            $currentDate: { updatedAt: true }, 
+          },
+          { upsert: true, returnOriginal: false }
+        );
+
+        const user = await this.args.users.getByPhone(result.value.phone);
+        await this.args.users.verifyUser(user);
+        return result.value;
+      }
+    }
+    catch(e) {
+      console.error("Error occured: ", e.message);
+      rethrowIfAppError(e);
+      throw createDbOpFailedError(e.message);
+    }
+  }
+
+  async resendVerificationCode(id: string): Promise<PhoneVerificationRecord> {
+    validators.validatesResendVerificationCode(id);
+    try {
+      const record = await this.collection.findOne(
+        { _id: id, isVerified: false }, 
+        { projection: SAFE_PHONE_VERIFICATION_RECORD_PROJECTION }
+      );
+
+      if (!record) {
+        throw createPhoneVerificationRecordNotFoundError(messages.ERROR_PHONE_VERIFICATION_RECORD_NOT_FOUND);
+      }
+
+      else if (record.isVerified) {
+        throw createPhoneAlreadyVerifiedError(messages.ERROR_PHONE_ALREADY_VERIFIED);
+      }
+
+      else {
+        const newCode = generatePhoneVerificationCode();
+        await this.sendVerificationSms(record.phone, id, newCode);
+
+        const result = await this.collection.findOneAndUpdate(
+          { _id: id },
+          {
+            $set: { code: newCode },
+            $currentDate: { updatedAt: true }, 
+          },
+          { upsert: true, returnOriginal: false }
+        );
+
+        return result.value;
+      }
+    }
+    catch(e) {
+      console.error("Error occured: ", e.message);
+      rethrowIfAppError(e);
+      throw createDbOpFailedError(e.message);
+    }
+  }
+}