Merge pull request #2497 from hollaex/testnet

Testnet

server/api/controllers/broker.js

@@ -90,7 +90,7 @@ const createBrokerPair = (req, res) => {
 		spread,
 	})
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			publisher.publish(INIT_CHANNEL, JSON.stringify({ type: 'refreshInit' }));
 			return res.json(data);
 		})
@@ -207,7 +207,7 @@ function updateBrokerPair(req, res) {
 
 	toolsLib.broker.updateBrokerPair(id, req.swagger.params.data.value)
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			publisher.publish(INIT_CHANNEL, JSON.stringify({ type: 'refreshInit' }));
 			return res.json(data);
 		})
@@ -230,7 +230,7 @@ function deleteBrokerPair(req, res) {
 
 	toolsLib.broker.deleteBrokerPair(req.swagger.params.data.value.id)
 		.then(() => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			publisher.publish(INIT_CHANNEL, JSON.stringify({ type: 'refreshInit' }));
 			return res.json({ message: 'Successfully deleted broker pair.' });
 		})

server/api/controllers/deposit.js

@@ -60,7 +60,7 @@ const getAdminDeposits = (req, res) => {
 		}
 	)
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
 			if (format.value === 'csv') {
 				res.setHeader('Content-disposition', `attachment; filename=${toolsLib.getKitConfig().api_name}-users-deposits.csv`);
 				res.set('Content-Type', 'text/csv');

server/api/controllers/order.js

@@ -352,7 +352,7 @@ const getAdminOrders = (req, res) => {
 	if (format.value && req.auth.scopes.indexOf(ROLES.ADMIN) === -1 && !user_id.value) {
 		return res.status(403).json({ message: API_KEY_NOT_PERMITTED });
 	}
-	toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
+	toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
 	let promiseQuery;
 
 	if (user_id.value) {
@@ -427,7 +427,7 @@ const adminCancelOrder = (req, res) => {
 		}
 	})
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], { userId, order_id });
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], { userId, order_id });
 			return res.json(data);
 		})
 		.catch((err) => {

server/api/controllers/otp.js

@@ -104,7 +104,7 @@ const deactivateOtpAdmin = (req, res) => {
 
 	toolsLib.user.deactivateUserOtpById(user_id)
 		.then(() => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			return res.json({ message: 'Success' });
 		})
 		.catch((err) => {

server/api/controllers/stake.js

@@ -109,7 +109,7 @@ const createExchangeStakes = (req, res) => {
 		user_id: req.auth.sub.id
 	})
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			publisher.publish(INIT_CHANNEL, JSON.stringify({ type: 'refreshInit' }));
 			return res.json(data);
 		})
@@ -165,7 +165,7 @@ loggerStake.verbose(req.uuid, 'controllers/stake/updateExchangeStakes/auth', req
 		disclaimer,
 		status
 	);
-	const auditInfo = { userEmail: req?.auth?.sub?.email, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
+	const auditInfo = { userEmail: req?.auth?.sub?.email, sessionId: req?.session_id, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
 	toolsLib.stake.updateExchangeStakePool(id, {
 		name,
 		currency,
@@ -207,7 +207,7 @@ const deleteExchangeStakes = (req, res) => {
 
 	toolsLib.stake.updateExchangeStakePool(req.swagger.params.data.value.id, { status: 'terminated' })
 		.then(() => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			publisher.publish(INIT_CHANNEL, JSON.stringify({ type: 'refreshInit' }));
 			return res.json({ message: 'Successfully deleted stake pool.' });
 		})

server/api/controllers/tier.js

@@ -22,7 +22,7 @@ const postTier = (req, res) => {
 
 	toolsLib.tier.createTier(level, name, icon, description, fees, note)
 		.then((tier) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params?.data?.value);
 			loggerTier.info(req.uuid, 'controllers/tier/postTier new tier created', level);
 			return res.json(tier);
 		})
@@ -45,7 +45,7 @@ const putTier = (req, res) => {
 		native_currency_limit
 	};
 
-	const auditInfo = { userEmail: req?.auth?.sub?.email, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
+	const auditInfo = { userEmail: req?.auth?.sub?.email, sessionId: req?.session_id, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
 	toolsLib.tier.updateTier(level, updateData, auditInfo)
 		.then((tier) => {
 			loggerTier.info(req.uuid, 'controllers/tier/putTier tier updated', level);
@@ -71,7 +71,7 @@ const updatePairFees = (req, res) => {
 		'controllers/tier/updatePairFees pair',
 		pair
 	);
-	const auditInfo = { userEmail: req?.auth?.sub?.email, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
+	const auditInfo = { userEmail: req?.auth?.sub?.email, sessionId: req?.session_id, apiPath: req?.swagger?.apiPath, method: req?.swagger?.operationPath?.[2] };
 	toolsLib.tier.updatePairFees(pair, fees, auditInfo)
 		.then(() => {
 			loggerTier.info(

server/api/controllers/trade.js

@@ -121,7 +121,7 @@ const getAdminTrades = (req, res) => {
 	if (format.value && req.auth.scopes.indexOf(ROLES.ADMIN) === -1) {
 		return res.status(403).json({ message: API_KEY_NOT_PERMITTED });
 	}
-	toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
+	toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
 	let promiseQuery;
 
 	if (user_id.value) {

server/api/controllers/withdrawal.js

@@ -335,7 +335,7 @@ const getAdminWithdrawals = (req, res) => {
 		}
 	)
 		.then((data) => {
-			toolsLib.user.createAuditLog(req?.auth?.sub?.email, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
+			toolsLib.user.createAuditLog({ email: req?.auth?.sub?.email, session_id: req?.session_id }, req?.swagger?.apiPath, req?.swagger?.operationPath?.[2], req?.swagger?.params);
 			if (format.value === 'csv') {
 				res.setHeader('Content-disposition', `attachment; filename=${toolsLib.getKitConfig().api_name}-users-deposits.csv`);
 				res.set('Content-Type', 'text/csv');

server/api/swagger/swagger.js

@@ -4,7 +4,7 @@ const definition = {
 	swagger: '2.0',
 	info: {
 		title: 'HollaEx Kit',
-		version: '2.9.0'
+		version: '2.9.1'
 	},
 	host: 'api.hollaex.com',
 	basePath: '/v2',

server/constants.js

@@ -646,7 +646,7 @@ exports.EXCHANGE_PLAN_PRICE_SOURCE = {
 
 //STAKE CONSTANTS START
 
-exports.STAKE_SUPPORTED_PLANS = ['crypto', 'fiat', 'boost', 'enterprise'];
+exports.STAKE_SUPPORTED_PLANS = ['fiat', 'boost', 'enterprise'];
 
 //STAKE CONSTANTS END
 

server/db/migrations/20231122100754-add-session-id-audit.js

@@ -0,0 +1,14 @@
+'use strict';
+
+const TABLE = 'Audits';
+const COLUMN = 'session_id';
+
+module.exports = {
+	up: (queryInterface, Sequelize) =>
+		queryInterface.addColumn(TABLE, COLUMN, {
+			type: Sequelize.INTEGER,
+			allowNull: true
+		}),
+	down: (queryInterface, Sequelize) =>
+		queryInterface.removeColumn(TABLE, COLUMN)
+};

server/db/models/audit.js

@@ -16,6 +16,10 @@ module.exports = function (sequelize, DataTypes) {
 				type: DataTypes.STRING,
 				allowNull: false
 			},
+			session_id: {
+				type: DataTypes.INTEGER,
+				allowNull: true
+			},
 			user_id: {
 				type: DataTypes.INTEGER,
 				allowNull: true,

server/messages.js

@@ -257,4 +257,5 @@ exports.NO_ORACLE_PRICE_FOUND = 'There is no price for asset for rewarding in Or
 exports.REWARD_CURRENCY_CANNOT_BE_SAME = 'Reward currency cannot be same as the main currency';
 exports.CANNOT_CHANGE_ADMIN_EMAIL = 'Cannot change admin email';
 exports.EMAIL_IS_SAME = 'New email cannot be same as the existing one';
-exports.EMAIL_EXISTS = 'This email already exists';
+exports.EMAIL_EXISTS = 'This email already exists';
+exports.CANNOT_CHANGE_DELETED_EMAIL = 'Cannot change deleted email';

server/package.json

@@ -1,5 +1,5 @@
 {
-	"version": "2.9.0",
+	"version": "2.9.1",
 	"private": false,
 	"description": "HollaEx Kit",
 	"keywords": [

server/tools/dbs/changeEmail.js

@@ -7,7 +7,8 @@ const {
 	PROVIDE_VALID_EMAIL,
 	USER_NOT_FOUND,
 	EMAIL_IS_SAME,
-	EMAIL_EXISTS
+	EMAIL_EXISTS,
+	CANNOT_CHANGE_DELETED_EMAIL
 } = require('../../messages');
 const { isEmail } = require('validator');
 const { sendEmail } = require('../../mail');
@@ -49,6 +50,10 @@ const changeEmail = async () => {
 		if (userEmail === newEmail) {
 			throw new Error(EMAIL_IS_SAME);
 		}
+
+		if (userEmail.includes('_deleted')) {
+			throw new Error(CANNOT_CHANGE_DELETED_EMAIL);
+		}
 
 		const isExists = await User.findOne({
 			where: {

server/utils/hollaex-tools-lib/tools/common.js

@@ -205,10 +205,10 @@ const updateKitConfigSecrets = (data = {}, scopes, auditInfo) => {
 			}
 			const { createAuditLog } = require('./user');
 			if (updatedKitConfig?.kit && Object.keys(updatedKitConfig?.kit).length > 0) {
-				createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedKitConfig.kit, status.dataValues.kit);
+				createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedKitConfig.kit, status.dataValues.kit);
 			}
 			if (updatedKitConfig?.secrets && Object.keys(updatedKitConfig?.secrets).length > 0) {
-				createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedKitConfig.secrets, status.dataValues.secrets);
+				createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedKitConfig.secrets, status.dataValues.secrets);
 			}
 			return status.update(updatedKitConfig, {
 				fields: [
@@ -713,7 +713,7 @@ const updateKitUserMeta = async (name, data = {
 		}
 	});
 	const { createAuditLog } = require('./user');
-	createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedUserMeta, existingUserMeta);
+	createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedUserMeta, existingUserMeta);
 	publisher.publish(
 		CONFIGURATION_CHANNEL,
 		JSON.stringify({

server/utils/hollaex-tools-lib/tools/order.js

@@ -363,7 +363,7 @@ const updateQuickTradeConfig = async ({ symbol, type, active }, auditInfo) => {
 		type,
 		active
 	};
-	createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, quickTradeData.dataValues, updatedConfig);
+	createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, quickTradeData.dataValues, updatedConfig);
 	return quickTradeData.update(updatedConfig, { fields: ['type', 'active'], returning: true });
 };
 

server/utils/hollaex-tools-lib/tools/security.js

@@ -597,7 +597,8 @@ const verifyBearerTokenMiddleware = (req, authOrSecDef, token, cb, isSocket = fa
 					}
 
 					try {
-						await verifySession(tokenString);
+						const session = await verifySession(tokenString);
+						if (session) req.session_id = session.id;
 					} catch (err) {
 						return sendError(err.message);
 					}
@@ -738,7 +739,8 @@ const verifyBearerTokenExpressMiddleware = (scopes = BASE_SCOPES) => (req, res,
 				}
 
 				try {
-					await verifySession(tokenString);
+					const session = await verifySession(tokenString);
+					if (session) req.session_id = session.id;
 				} catch (err) {
 					return sendError(err.message);
 				}
@@ -929,6 +931,8 @@ const verifySession = async (token) => {
 		const expirationInSeconds = getExpirationDateInSeconds(updatedSession.dataValues.expiry_date);
 		client.setexAsync(updatedSession.dataValues.token, expirationInSeconds, JSON.stringify(updatedSession.dataValues));
 	}
+
+	return session;
 }
 
 const findSession = async (token) => {

server/utils/hollaex-tools-lib/tools/stake.js

@@ -434,7 +434,7 @@ const updateExchangeStakePool = async (id, data, auditInfo) => {
 
 	validateExchangeStake(updatedStakePool);
 
-    createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedStakePool, stakePool.dataValues);
+    createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedStakePool, stakePool.dataValues);
 
 	return stakePool.update(updatedStakePool, {
 		fields: [

server/utils/hollaex-tools-lib/tools/tier.js

@@ -123,7 +123,7 @@ const updateTier = (level, updateData, auditInfo) => {
 			if (isBoolean(updateData.native_currency_limit)) {
 				newData.native_currency_limit = updateData.native_currency_limit;
 			}
-			createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, newData, tier.dataValues);
+			createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, newData, tier.dataValues);
 			return tier.update(newData);
 		})
 		.then((tier) => {
@@ -171,7 +171,7 @@ const updatePairFees = (pair, fees, auditInfo) => {
 			updatedFees.maker[pair] = fees[level].maker;
 			updatedFees.taker[pair] = fees[level].taker;
 
-			createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedFees, tier.dataValues.fees);
+			createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedFees, tier.dataValues.fees);
 
 			return tier.update(
 				{ fees: updatedFees },

server/utils/hollaex-tools-lib/tools/user.js

@@ -57,6 +57,7 @@ const {
 	CANNOT_CHANGE_ADMIN_EMAIL,
 	EMAIL_IS_SAME,
 	EMAIL_EXISTS,
+	CANNOT_CHANGE_DELETED_EMAIL,
 	SERVICE_NOT_SUPPORTED
 } = require(`${SERVER_PATH}/messages`);
 const { publisher, client } = require('./database/redis');
@@ -1190,7 +1191,7 @@ const updateUserNote = (userId, note, auditInfo) => {
 			if (!user) {
 				throw new Error(USER_NOT_FOUND);
 			}
-			createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, note, user.note);
+			createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, note, user.note);
 			return user.update({ note }, { fields: ['note'] });
 		});
 };
@@ -1214,7 +1215,7 @@ const updateUserDiscount = (userId, discount, auditInfo) => {
 		})
 		.then(([previousDiscountRate, user]) => {
 			if (user.discount > previousDiscountRate) {
-				createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, user.discount, previousDiscountRate);
+				createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, user.discount, previousDiscountRate);
 				sendEmail(
 					MAILTYPE.DISCOUNT_UPDATE,
 					user.email,
@@ -1462,7 +1463,7 @@ const getValues = (data, prevData) => {
 
 const createAuditLog = (subject, adminEndpoint, method, data = {}, prevData = null) => {
 	try {
-		if (!subject) return;
+		if (!subject?.email) return;
 
 		const methodDescriptions = {
 			get: 'viewed',
@@ -1496,7 +1497,8 @@ const createAuditLog = (subject, adminEndpoint, method, data = {}, prevData = nu
 		}
 
 		return getModel('audit').create({
-			subject,
+			subject: subject.email,
+			session_id: subject?.session_id,
 			description,
 			user_id,
 			timestamp: new Date(),
@@ -1814,7 +1816,7 @@ const updateUserMeta = async (id, givenMeta = {}, opts = { overwrite: null }, au
 	const updatedUser = await user.update({
 		meta: updatedUserMeta
 	});
-	createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updatedUserMeta, user.meta);
+	createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updatedUserMeta, user.meta);
 	return pick(updatedUser, 'id', 'email', 'meta');
 };
 
@@ -2017,7 +2019,7 @@ const updateUserInfo = async (userId, data = {}, auditInfo) => {
 		{ fields: Object.keys(updateData) }
 	);
 
-	createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, updateData, oldValues);
+	createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, updateData, oldValues);
 	return omitUserFields(user.dataValues);
 };
 
@@ -2142,6 +2144,7 @@ const revokeExchangeUserSession = async (sessionId, userId = null) => {
 	});
 
 	delete updatedSession.dataValues.token;
+	updatedSession.dataValues.user_id = session.login.user_id;
 	return updatedSession.dataValues;
 };
 
@@ -2307,6 +2310,10 @@ const changeKitUserEmail = async (userId, newEmail, auditInfo) => {
 		throw new Error(EMAIL_IS_SAME);
 	}
 
+	if (userEmail.includes('_deleted')) {
+		throw new Error(CANNOT_CHANGE_DELETED_EMAIL);
+	}
+
 	const isExists = await dbQuery.findOne('user', {
 		where: {
 			email: newEmail
@@ -2327,7 +2334,7 @@ const changeKitUserEmail = async (userId, newEmail, auditInfo) => {
 		{ email: newEmail },
 		{ fields: ['email'], returning: true }
 	);
-	createAuditLog(auditInfo.userEmail, auditInfo.apiPath, auditInfo.method, { user_id: userId, email: userEmail  }, { user_id: userId, email: newEmail });
+	createAuditLog({ email: auditInfo.userEmail, session_id: auditInfo.sessionId }, auditInfo.apiPath, auditInfo.method, { user_id: userId, email: userEmail  }, { user_id: userId, email: newEmail });
 	sendEmail(
 		MAILTYPE.ALERT,
 		null,

version

@@ -1 +1 @@
-2.9.0
+2.9.1