From d00cb00ada1b8cd875c949b2fd4f58a5395e9428 Mon Sep 17 00:00:00 2001 From: Diego Alzate Date: Wed, 7 Aug 2024 12:33:06 +0100 Subject: [PATCH 1/3] add wallet poc routes --- package.json | 1 + pnpm-lock.yaml | 131 +++++++++++++++++++++++++++++++++++++++++++ src/handlers/auth.ts | 89 ++++++++++++++++++++++++++++- src/routers/auth.ts | 11 +++- src/services/auth.ts | 47 ++++++++++++++++ src/types/auth.ts | 7 ++- 6 files changed, 281 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index bbc85fa8..274a953e 100644 --- a/package.json +++ b/package.json @@ -63,6 +63,7 @@ "pino": "^9.2.0", "pino-http": "^10.2.0", "pino-pretty": "^11.2.1", + "siwe": "^2.3.2", "zod": "^3.22.4" } } \ No newline at end of file diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 953cbc73..4ee034fc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -38,6 +38,9 @@ importers: pino-pretty: specifier: ^11.2.1 version: 11.2.1 + siwe: + specifier: ^2.3.2 + version: 2.3.2(ethers@6.13.2) zod: specifier: ^3.22.4 version: 3.23.8 @@ -105,6 +108,9 @@ importers: packages: + '@adraffy/ens-normalize@1.10.1': + resolution: {integrity: sha512-96Z2IP3mYmF1Xg2cDm8f1gWGf/HUVedQ3FMifV4kG/PQ4yEP51xDtRAEfhVNt5f/uzpNkZHwWQuUcu6D6K+Ekw==} + '@ampproject/remapping@2.3.0': resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==} engines: {node: '>=6.0.0'} @@ -857,6 +863,17 @@ packages: '@ngneat/falso@7.2.0': resolution: {integrity: sha512-283EXBFd05kCbGuGSXgmvhCsQYEYzvD/eJaE7lxd05qRB0tgREvZX7TRlJ1KSp8nHxoK6Ws029G1Y30mt4IVAA==} + '@noble/curves@1.2.0': + resolution: {integrity: sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw==} + + '@noble/hashes@1.3.2': + resolution: {integrity: sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ==} + engines: {node: '>= 16'} + + '@noble/hashes@1.4.0': + resolution: {integrity: sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg==} + engines: {node: '>= 16'} + '@nodelib/fs.scandir@2.1.5': resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} engines: {node: '>= 8'} @@ -922,6 +939,21 @@ packages: '@sinonjs/fake-timers@10.3.0': resolution: {integrity: sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA==} + '@spruceid/siwe-parser@2.1.2': + resolution: {integrity: sha512-d/r3S1LwJyMaRAKQ0awmo9whfXeE88Qt00vRj91q5uv5ATtWIQEGJ67Yr5eSZw5zp1/fZCXZYuEckt8lSkereQ==} + + '@stablelib/binary@1.0.1': + resolution: {integrity: sha512-ClJWvmL6UBM/wjkvv/7m5VP3GMr9t0osr4yVgLZsLCOz4hGN9gIAFEqnJ0TsSMAN+n840nf2cHZnA5/KFqHC7Q==} + + '@stablelib/int@1.0.1': + resolution: {integrity: sha512-byr69X/sDtDiIjIV6m4roLVWnNNlRGzsvxw+agj8CIEazqWGOQp2dTYgQhtyVXV9wpO6WyXRQUzLV/JRNumT2w==} + + '@stablelib/random@1.0.2': + resolution: {integrity: sha512-rIsE83Xpb7clHPVRlBj8qNe5L8ISQOzjghYQm/dZ7VaM2KHYwMW5adjQjrzTZCchFnNCNhkwtnOBa9HTMJCI8w==} + + '@stablelib/wipe@1.0.1': + resolution: {integrity: sha512-WfqfX/eXGiAd3RJe4VU2snh/ZPwtSjLG4ynQ/vYzvghTh7dHFcI1wl+nrkWG6lGhukOxOsUHfv8dUXr58D0ayg==} + '@types/accepts@1.3.7': resolution: {integrity: sha512-Pay9fq2lM2wXPWbteBsRAGiWH2hig4ZE2asK+mm7kUzlxRTfL961rj89I6zV/E3PcIkDqyuBEcMxFT7rccugeQ==} @@ -997,6 +1029,9 @@ packages: '@types/node@17.0.45': resolution: {integrity: sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==} + '@types/node@18.15.13': + resolution: {integrity: sha512-N+0kuo9KgrUQ1Sn/ifDXsvg0TTleP7rIy4zOBGECxAljqvqfqpTfzx0Q1NUedOixRMBfe2Whhb056a42cWs26Q==} + '@types/node@20.12.12': resolution: {integrity: sha512-eWLDGF/FOSPtAvEqeRAQ4C8LSA7M1I7i0ky1I8U7kD1J5ITyW3AsRhQrKVoWf5pFKZ2kILsEGJhsI9r93PYnOw==} @@ -1118,6 +1153,9 @@ packages: engines: {node: '>=0.4.0'} hasBin: true + aes-js@4.0.0-beta.5: + resolution: {integrity: sha512-G965FqalsNyrPqgEGON7nIx1e/OVENSgiEIzyC63haUMuvNnwIgIjMs52hlTCKhkBny7A2ORNlfY9Zu+jmGk1Q==} + aggregate-error@3.1.0: resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==} engines: {node: '>=8'} @@ -1149,6 +1187,9 @@ packages: resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==} engines: {node: '>= 8'} + apg-js@4.4.0: + resolution: {integrity: sha512-fefmXFknJmtgtNEXfPwZKYkMFX4Fyeyz+fNF6JWp87biGOPslJbCBVU158zvKRZfHBKnJDy8CMM40oLFGkXT8Q==} + append-transform@2.0.0: resolution: {integrity: sha512-7yeyCEurROLQJFv5Xj4lEGTy0borxepjFv1g22oAdqFu//SrAlDl1O1Nxx15SH1RoliUml6p8dwJW9jvZughhg==} engines: {node: '>=8'} @@ -1782,6 +1823,10 @@ packages: resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==} engines: {node: '>= 0.6'} + ethers@6.13.2: + resolution: {integrity: sha512-9VkriTTed+/27BGuY1s0hf441kqwHJ1wtN2edksEtiRvXx+soxRX3iSXTfFqq2+YwrOqbDoTHjIhQnjJRlzKmg==} + engines: {node: '>=14.0.0'} + event-emitter@0.3.5: resolution: {integrity: sha512-D9rRn9y7kLPnJ+hMq7S/nhvoKwwvVJahBi2BPmx3bvbsEdK3W9ii8cBSGjP+72/LnM4n6fo3+dkCX5FeTQruXA==} @@ -3097,6 +3142,11 @@ packages: sisteransi@1.0.5: resolution: {integrity: sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==} + siwe@2.3.2: + resolution: {integrity: sha512-aSf+6+Latyttbj5nMu6GF3doMfv2UYj83hhwZgUF20ky6fTS83uVhkQABdIVnEuS8y1bBdk7p6ltb9SmlhTTlA==} + peerDependencies: + ethers: ^5.6.8 || ^6.0.8 + slash@3.0.0: resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==} engines: {node: '>=8'} @@ -3270,6 +3320,9 @@ packages: esbuild: optional: true + tslib@2.4.0: + resolution: {integrity: sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==} + tslib@2.6.2: resolution: {integrity: sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==} @@ -3364,6 +3417,9 @@ packages: resolution: {integrity: sha512-/EH/sDgxU2eGxajKdwLCDmQ4FWq+kpi3uCmBGpw1xJtnAxEjlD8j8PEiGWpCIMIs3ciNAgH0d3TTJiUkYzyZjA==} engines: {node: '>=10.12.0'} + valid-url@1.0.9: + resolution: {integrity: sha512-QQDsV8OnSf5Uc30CKSwG9lnhMPe6exHtTXLRYX8uMwKENy640pU+2BgBL0LRbDh/eYRahNCS7aewCx0wf3NYVA==} + validate-npm-package-license@3.0.4: resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==} @@ -3430,6 +3486,18 @@ packages: resolution: {integrity: sha512-7KxauUdBmSdWnmpaGFg+ppNjKF8uNLry8LyzjauQDOVONfFLNKrKvQOxZ/VuTIcS/gge/YNahf5RIIQWTSarlg==} engines: {node: ^12.13.0 || ^14.15.0 || >=16.0.0} + ws@8.17.1: + resolution: {integrity: sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: '>=5.0.2' + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + xtend@4.0.2: resolution: {integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==} engines: {node: '>=0.4'} @@ -3469,6 +3537,8 @@ packages: snapshots: + '@adraffy/ens-normalize@1.10.1': {} + '@ampproject/remapping@2.3.0': dependencies: '@jridgewell/gen-mapping': 0.3.5 @@ -4168,6 +4238,14 @@ snapshots: seedrandom: 3.0.5 uuid: 8.3.2 + '@noble/curves@1.2.0': + dependencies: + '@noble/hashes': 1.3.2 + + '@noble/hashes@1.3.2': {} + + '@noble/hashes@1.4.0': {} + '@nodelib/fs.scandir@2.1.5': dependencies: '@nodelib/fs.stat': 2.0.5 @@ -4285,6 +4363,26 @@ snapshots: dependencies: '@sinonjs/commons': 3.0.1 + '@spruceid/siwe-parser@2.1.2': + dependencies: + '@noble/hashes': 1.4.0 + apg-js: 4.4.0 + uri-js: 4.4.1 + valid-url: 1.0.9 + + '@stablelib/binary@1.0.1': + dependencies: + '@stablelib/int': 1.0.1 + + '@stablelib/int@1.0.1': {} + + '@stablelib/random@1.0.2': + dependencies: + '@stablelib/binary': 1.0.1 + '@stablelib/wipe': 1.0.1 + + '@stablelib/wipe@1.0.1': {} + '@types/accepts@1.3.7': dependencies: '@types/node': 20.12.12 @@ -4389,6 +4487,8 @@ snapshots: '@types/node@17.0.45': {} + '@types/node@18.15.13': {} + '@types/node@20.12.12': dependencies: undici-types: 5.26.5 @@ -4541,6 +4641,8 @@ snapshots: acorn@8.11.3: {} + aes-js@4.0.0-beta.5: {} + aggregate-error@3.1.0: dependencies: clean-stack: 2.2.0 @@ -4574,6 +4676,8 @@ snapshots: normalize-path: 3.0.0 picomatch: 2.3.1 + apg-js@4.4.0: {} + append-transform@2.0.0: dependencies: default-require-extensions: 3.0.1 @@ -5328,6 +5432,19 @@ snapshots: etag@1.8.1: {} + ethers@6.13.2: + dependencies: + '@adraffy/ens-normalize': 1.10.1 + '@noble/curves': 1.2.0 + '@noble/hashes': 1.3.2 + '@types/node': 18.15.13 + aes-js: 4.0.0-beta.5 + tslib: 2.4.0 + ws: 8.17.1 + transitivePeerDependencies: + - bufferutil + - utf-8-validate + event-emitter@0.3.5: dependencies: d: 1.0.2 @@ -6875,6 +6992,14 @@ snapshots: sisteransi@1.0.5: {} + siwe@2.3.2(ethers@6.13.2): + dependencies: + '@spruceid/siwe-parser': 2.1.2 + '@stablelib/random': 1.0.2 + ethers: 6.13.2 + uri-js: 4.4.1 + valid-url: 1.0.9 + slash@3.0.0: {} sonic-boom@4.0.1: @@ -7060,6 +7185,8 @@ snapshots: babel-jest: 29.7.0(@babel/core@7.24.5) esbuild: 0.19.12 + tslib@2.4.0: {} + tslib@2.6.2: {} tsx@4.16.2: @@ -7159,6 +7286,8 @@ snapshots: '@types/istanbul-lib-coverage': 2.0.6 convert-source-map: 2.0.0 + valid-url@1.0.9: {} + validate-npm-package-license@3.0.4: dependencies: spdx-correct: 3.2.0 @@ -7242,6 +7371,8 @@ snapshots: imurmurhash: 0.1.4 signal-exit: 3.0.7 + ws@8.17.1: {} + xtend@4.0.2: {} y18n@4.0.3: {} diff --git a/src/handlers/auth.ts b/src/handlers/auth.ts index c939b635..01e858f6 100644 --- a/src/handlers/auth.ts +++ b/src/handlers/auth.ts @@ -1,10 +1,12 @@ import type { Request, Response } from 'express'; import { SemaphoreSignaturePCDPackage } from '@pcd/semaphore-signature-pcd'; import * as schema from '../db/schema'; -import { createOrSignInPCD } from '../services/auth'; -import { verifyUserSchema } from '../types'; +import { createOrSignInPCD, createOrSignInSIWE } from '../services/auth'; +import { verifySIWEUserSchema, verifyZupassUserSchema } from '../types'; import { NodePgDatabase } from 'drizzle-orm/node-postgres'; import { logger } from '../utils/logger'; +import { generateNonce, SiweMessage } from 'siwe'; +import { eq } from 'drizzle-orm'; export function destroySessionHandler() { return function (req: Request, res: Response) { @@ -16,7 +18,7 @@ export function destroySessionHandler() { export function verifyPCDHandler(dbPool: NodePgDatabase) { return async function (req: Request, res: Response) { try { - const body = verifyUserSchema.safeParse(req.body); + const body = verifyZupassUserSchema.safeParse(req.body); if (!body.success) { logger.error(`[ERROR] ${body.error.errors}`); @@ -67,3 +69,84 @@ export function verifyPCDHandler(dbPool: NodePgDatabase) { } }; } + +export function getSIWENonceHandler() { + return function (req: Request, res: Response) { + res.setHeader('Content-Type', 'text/plain'); + const nonce = generateNonce(); + req.session.nonce = nonce; + res.send(nonce); + }; +} + +export function verifySIWEHandler(dbPool: NodePgDatabase) { + return async function (req: Request, res: Response) { + const body = verifySIWEUserSchema.safeParse(req.body); + + if (!body.success) { + logger.error(`[ERROR] ${body.error.errors}`); + res.status(400).send({ + errors: body.error.errors, + }); + return; + } + + const siweMessage = new SiweMessage(body.data.message); + + try { + await siweMessage.verify({ signature: body.data.signature, nonce: req.session.nonce }); + + // create or sign in user + try { + const user = await createOrSignInSIWE(dbPool, { + address: siweMessage.address, + chainId: siweMessage.chainId.toString(), + }); + + req.session.userId = user.id; + await req.session.save(); + return res.status(200).send({ data: user }); + } catch (e) { + logger.error(`[ERROR] ${e}`); + res.status(401).send(); + return; + } + } catch { + res.send(false); + } + }; +} + +export function getSIWESessionHandler(dbPool: NodePgDatabase) { + return async function (req: Request, res: Response) { + const userId = req.session.userId; + + if (!userId) { + return res.status(401).send(); + } + + const user = await dbPool.query.users.findFirst({ + where: eq(schema.users.id, userId), + with: { + federatedCredential: true, + }, + }); + + if (!user) { + return res.status(401).send(); + } + + const [chaindId, address] = user.federatedCredential?.subject?.split(':') ?? []; + + if (!chaindId || !address) { + return res.status(401).send(); + } + + return res.status(200).send({ + data: { + chainId: chaindId, + address, + }, + }); + }; +} diff --git a/src/routers/auth.ts b/src/routers/auth.ts index e17dd6ac..8eda7806 100644 --- a/src/routers/auth.ts +++ b/src/routers/auth.ts @@ -1,11 +1,20 @@ import type * as schema from '../db/schema'; import { default as express } from 'express'; -import { destroySessionHandler, verifyPCDHandler } from '../handlers/auth'; +import { + destroySessionHandler, + getSIWENonceHandler, + getSIWESessionHandler, + verifyPCDHandler, + verifySIWEHandler, +} from '../handlers/auth'; import { NodePgDatabase } from 'drizzle-orm/node-postgres'; const router = express.Router(); export function authRouter({ dbPool }: { dbPool: NodePgDatabase }) { router.post('/zupass/verify', verifyPCDHandler(dbPool)); + router.get('/siwe/nonce', getSIWENonceHandler()); + router.post('/siwe/verify', verifySIWEHandler(dbPool)); + router.get('/siwe/session', getSIWESessionHandler(dbPool)); router.post('/logout', destroySessionHandler()); return router; } diff --git a/src/services/auth.ts b/src/services/auth.ts index 5958048e..3b2def4b 100644 --- a/src/services/auth.ts +++ b/src/services/auth.ts @@ -54,3 +54,50 @@ export async function createOrSignInPCD( return user; } } + +export async function createOrSignInSIWE( + dbPool: NodePgDatabase, + data: { chainId: string; address: string }, +): Promise { + // check if there is a federated credential with the same subject + const federatedCredential: schema.FederatedCredential[] = await dbPool + .select() + .from(schema.federatedCredentials) + .where(eq(schema.federatedCredentials.subject, `${data.chainId}:${data.address}`)); + + if (federatedCredential.length === 0) { + // create user + try { + const user: schema.User[] = await dbPool.insert(schema.users).values({}).returning(); + + if (!user[0]?.id) { + throw new Error('Failed to create user'); + } + + await dbPool.insert(schema.federatedCredentials).values({ + userId: user[0]?.id, + provider: 'ethereum', + subject: `${data.chainId}:${data.address}`, + }); + + return user[0]; + } catch (error: unknown) { + // repeated subject_provider unique key + logger.error(`error creating user: ${error}`); + throw new Error('User already exists'); + } + } else { + if (!federatedCredential[0]) { + throw new Error('expected federated credential to exist'); + } + const user = await dbPool.query.users.findFirst({ + where: eq(schema.users.id, federatedCredential[0].userId), + }); + + if (!user) { + throw new Error('User not found'); + } + + return user; + } +} diff --git a/src/types/auth.ts b/src/types/auth.ts index cae81b5c..e9e42628 100644 --- a/src/types/auth.ts +++ b/src/types/auth.ts @@ -1,7 +1,12 @@ import { z } from 'zod'; -export const verifyUserSchema = z.object({ +export const verifyZupassUserSchema = z.object({ pcd: z.string(), email: z.string(), uuid: z.string(), }); + +export const verifySIWEUserSchema = z.object({ + message: z.string(), + signature: z.string(), +}); From c155edfbdee104617496e5e066122005e7370a74 Mon Sep 17 00:00:00 2001 From: Diego Alzate Date: Wed, 7 Aug 2024 19:34:44 +0100 Subject: [PATCH 2/3] create access rules for white and black listing --- migrations/0030_sleepy_moira_mactaggert.sql | 11 + migrations/meta/0030_snapshot.json | 1794 +++++++++++++++++++ migrations/meta/_journal.json | 7 + src/db/schema/access-rules.ts | 19 + src/db/schema/index.ts | 1 + src/services/access-rules.ts | 48 + src/services/auth.ts | 19 + 7 files changed, 1899 insertions(+) create mode 100644 migrations/0030_sleepy_moira_mactaggert.sql create mode 100644 migrations/meta/0030_snapshot.json create mode 100644 src/db/schema/access-rules.ts create mode 100644 src/services/access-rules.ts diff --git a/migrations/0030_sleepy_moira_mactaggert.sql b/migrations/0030_sleepy_moira_mactaggert.sql new file mode 100644 index 00000000..49fff28e --- /dev/null +++ b/migrations/0030_sleepy_moira_mactaggert.sql @@ -0,0 +1,11 @@ +CREATE TABLE IF NOT EXISTS "access_rules" ( + "id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL, + "provider" varchar(256), + "subject" varchar(256), + "is_allowed" boolean DEFAULT false, + "created_at" timestamp DEFAULT now() NOT NULL, + "updated_at" timestamp DEFAULT now() NOT NULL, + CONSTRAINT "provider_subject_idx" UNIQUE("provider","subject") +); +--> statement-breakpoint +CREATE INDEX IF NOT EXISTS "is_allowed_idx" ON "access_rules" ("is_allowed"); \ No newline at end of file diff --git a/migrations/meta/0030_snapshot.json b/migrations/meta/0030_snapshot.json new file mode 100644 index 00000000..554aec2c --- /dev/null +++ b/migrations/meta/0030_snapshot.json @@ -0,0 +1,1794 @@ +{ + "id": "5e2b34b3-dee2-405d-b036-6c1189cef571", + "prevId": "284a39cb-1ea5-435f-abb0-33fe38b1d7e1", + "version": "6", + "dialect": "postgresql", + "tables": { + "public.access_rules": { + "name": "access_rules", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "provider": { + "name": "provider", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "subject": { + "name": "subject", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "is_allowed": { + "name": "is_allowed", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "is_allowed_idx": { + "name": "is_allowed_idx", + "columns": [ + "is_allowed" + ], + "isUnique": false + } + }, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "provider_subject_idx": { + "name": "provider_subject_idx", + "nullsNotDistinct": false, + "columns": [ + "provider", + "subject" + ] + } + } + }, + "public.comments": { + "name": "comments", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "option_id": { + "name": "option_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "value": { + "name": "value", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "comments_user_id_users_id_fk": { + "name": "comments_user_id_users_id_fk", + "tableFrom": "comments", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "comments_option_id_options_id_fk": { + "name": "comments_option_id_options_id_fk", + "tableFrom": "comments", + "tableTo": "options", + "columnsFrom": [ + "option_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.cycles": { + "name": "cycles", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "event_id": { + "name": "event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "start_at": { + "name": "start_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true + }, + "end_at": { + "name": "end_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true + }, + "status": { + "name": "status", + "type": "varchar(20)", + "primaryKey": false, + "notNull": false, + "default": "'UPCOMING'" + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": { + "status_idx": { + "name": "status_idx", + "columns": [ + "status" + ], + "isUnique": false + } + }, + "foreignKeys": { + "cycles_event_id_events_id_fk": { + "name": "cycles_event_id_events_id_fk", + "tableFrom": "cycles", + "tableTo": "events", + "columnsFrom": [ + "event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.events": { + "name": "events", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "require_approval": { + "name": "require_approval", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "description": { + "name": "description", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "link": { + "name": "link", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "registration_description": { + "name": "registration_description", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "fields": { + "name": "fields", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "image_url": { + "name": "image_url", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "event_display_rank": { + "name": "event_display_rank", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.federated_credentials": { + "name": "federated_credentials", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "provider": { + "name": "provider", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "subject": { + "name": "subject", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "federated_credentials_user_id_users_id_fk": { + "name": "federated_credentials_user_id_users_id_fk", + "tableFrom": "federated_credentials", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "provider_subject_idx": { + "name": "provider_subject_idx", + "nullsNotDistinct": false, + "columns": [ + "provider", + "subject" + ] + } + } + }, + "public.group_categories": { + "name": "group_categories", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "event_id": { + "name": "event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "user_can_create": { + "name": "user_can_create", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "user_can_view": { + "name": "user_can_view", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "required": { + "name": "required", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "group_categories_event_id_events_id_fk": { + "name": "group_categories_event_id_events_id_fk", + "tableFrom": "group_categories", + "tableTo": "events", + "columnsFrom": [ + "event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.groups": { + "name": "groups", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "name": { + "name": "name", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "secret": { + "name": "secret", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "group_category_id": { + "name": "group_category_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "groups_group_category_id_group_categories_id_fk": { + "name": "groups_group_category_id_group_categories_id_fk", + "tableFrom": "groups", + "tableTo": "group_categories", + "columnsFrom": [ + "group_category_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "groups_secret_unique": { + "name": "groups_secret_unique", + "nullsNotDistinct": false, + "columns": [ + "secret" + ] + } + } + }, + "public.users": { + "name": "users", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "username": { + "name": "username", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "first_name": { + "name": "first_name", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "last_name": { + "name": "last_name", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "email": { + "name": "email", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "telegram": { + "name": "telegram", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "users_username_unique": { + "name": "users_username_unique", + "nullsNotDistinct": false, + "columns": [ + "username" + ] + }, + "users_email_unique": { + "name": "users_email_unique", + "nullsNotDistinct": false, + "columns": [ + "email" + ] + }, + "users_telegram_unique": { + "name": "users_telegram_unique", + "nullsNotDistinct": false, + "columns": [ + "telegram" + ] + } + } + }, + "public.registrations": { + "name": "registrations", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "event_id": { + "name": "event_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "group_id": { + "name": "group_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "status": { + "name": "status", + "type": "varchar", + "primaryKey": false, + "notNull": false, + "default": "'DRAFT'" + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "registrations_user_id_users_id_fk": { + "name": "registrations_user_id_users_id_fk", + "tableFrom": "registrations", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "registrations_event_id_events_id_fk": { + "name": "registrations_event_id_events_id_fk", + "tableFrom": "registrations", + "tableTo": "events", + "columnsFrom": [ + "event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "registrations_group_id_groups_id_fk": { + "name": "registrations_group_id_groups_id_fk", + "tableFrom": "registrations", + "tableTo": "groups", + "columnsFrom": [ + "group_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.questions": { + "name": "questions", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "cycle_id": { + "name": "cycle_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true + }, + "sub_title": { + "name": "sub_title", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "vote_model": { + "name": "vote_model", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true, + "default": "'COCM'" + }, + "show_score": { + "name": "show_score", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "user_can_create": { + "name": "user_can_create", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "fields": { + "name": "fields", + "type": "jsonb", + "primaryKey": false, + "notNull": true, + "default": "'{}'::jsonb" + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "questions_cycle_id_cycles_id_fk": { + "name": "questions_cycle_id_cycles_id_fk", + "tableFrom": "questions", + "tableTo": "cycles", + "columnsFrom": [ + "cycle_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.registration_field_options": { + "name": "registration_field_options", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "registration_field_id": { + "name": "registration_field_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "registration_field_options_registration_field_id_registration_fields_id_fk": { + "name": "registration_field_options_registration_field_id_registration_fields_id_fk", + "tableFrom": "registration_field_options", + "tableTo": "registration_fields", + "columnsFrom": [ + "registration_field_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.options": { + "name": "options", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "registration_id": { + "name": "registration_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "group_id": { + "name": "group_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "question_id": { + "name": "question_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "title": { + "name": "title", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true + }, + "sub_title": { + "name": "sub_title", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "show": { + "name": "show", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "vote_score": { + "name": "vote_score", + "type": "numeric", + "primaryKey": false, + "notNull": true, + "default": "'0.0'" + }, + "funding_request": { + "name": "funding_request", + "type": "numeric", + "primaryKey": false, + "notNull": false, + "default": "'0.0'" + }, + "data": { + "name": "data", + "type": "jsonb", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "options_user_id_users_id_fk": { + "name": "options_user_id_users_id_fk", + "tableFrom": "options", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "options_registration_id_registrations_id_fk": { + "name": "options_registration_id_registrations_id_fk", + "tableFrom": "options", + "tableTo": "registrations", + "columnsFrom": [ + "registration_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "options_group_id_groups_id_fk": { + "name": "options_group_id_groups_id_fk", + "tableFrom": "options", + "tableTo": "groups", + "columnsFrom": [ + "group_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "options_question_id_questions_id_fk": { + "name": "options_question_id_questions_id_fk", + "tableFrom": "options", + "tableTo": "questions", + "columnsFrom": [ + "question_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.votes": { + "name": "votes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "option_id": { + "name": "option_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "question_id": { + "name": "question_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "num_of_votes": { + "name": "num_of_votes", + "type": "integer", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "votes_user_id_users_id_fk": { + "name": "votes_user_id_users_id_fk", + "tableFrom": "votes", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "votes_option_id_options_id_fk": { + "name": "votes_option_id_options_id_fk", + "tableFrom": "votes", + "tableTo": "options", + "columnsFrom": [ + "option_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "votes_question_id_questions_id_fk": { + "name": "votes_question_id_questions_id_fk", + "tableFrom": "votes", + "tableTo": "questions", + "columnsFrom": [ + "question_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.registration_fields": { + "name": "registration_fields", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "event_id": { + "name": "event_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "name": { + "name": "name", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "varchar", + "primaryKey": false, + "notNull": false + }, + "type": { + "name": "type", + "type": "varchar", + "primaryKey": false, + "notNull": true, + "default": "'TEXT'" + }, + "required": { + "name": "required", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "fields_display_rank": { + "name": "fields_display_rank", + "type": "integer", + "primaryKey": false, + "notNull": false + }, + "character_limit": { + "name": "character_limit", + "type": "integer", + "primaryKey": false, + "notNull": false, + "default": 0 + }, + "for_group": { + "name": "for_group", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "for_user": { + "name": "for_user", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "registration_fields_event_id_events_id_fk": { + "name": "registration_fields_event_id_events_id_fk", + "tableFrom": "registration_fields", + "tableTo": "events", + "columnsFrom": [ + "event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.registration_data": { + "name": "registration_data", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "registration_id": { + "name": "registration_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "registration_field_id": { + "name": "registration_field_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "value": { + "name": "value", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "registration_data_registration_id_registrations_id_fk": { + "name": "registration_data_registration_id_registrations_id_fk", + "tableFrom": "registration_data", + "tableTo": "registrations", + "columnsFrom": [ + "registration_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "registration_data_registration_field_id_registration_fields_id_fk": { + "name": "registration_data_registration_field_id_registration_fields_id_fk", + "tableFrom": "registration_data", + "tableTo": "registration_fields", + "columnsFrom": [ + "registration_field_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.users_to_groups": { + "name": "users_to_groups", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "group_id": { + "name": "group_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "group_category_id": { + "name": "group_category_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "users_to_groups_user_id_users_id_fk": { + "name": "users_to_groups_user_id_users_id_fk", + "tableFrom": "users_to_groups", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "users_to_groups_group_id_groups_id_fk": { + "name": "users_to_groups_group_id_groups_id_fk", + "tableFrom": "users_to_groups", + "tableTo": "groups", + "columnsFrom": [ + "group_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "users_to_groups_group_category_id_group_categories_id_fk": { + "name": "users_to_groups_group_category_id_group_categories_id_fk", + "tableFrom": "users_to_groups", + "tableTo": "group_categories", + "columnsFrom": [ + "group_category_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.user_attributes": { + "name": "user_attributes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "attribute_key": { + "name": "attribute_key", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "attribute_value": { + "name": "attribute_value", + "type": "varchar", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "user_attributes_user_id_users_id_fk": { + "name": "user_attributes_user_id_users_id_fk", + "tableFrom": "user_attributes", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.likes": { + "name": "likes", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "comment_id": { + "name": "comment_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "likes_user_id_users_id_fk": { + "name": "likes_user_id_users_id_fk", + "tableFrom": "likes", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "likes_comment_id_comments_id_fk": { + "name": "likes_comment_id_comments_id_fk", + "tableFrom": "likes", + "tableTo": "comments", + "columnsFrom": [ + "comment_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.notification_types": { + "name": "notification_types", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "value": { + "name": "value", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": {}, + "compositePrimaryKeys": {}, + "uniqueConstraints": { + "notification_types_value_unique": { + "name": "notification_types_value_unique", + "nullsNotDistinct": false, + "columns": [ + "value" + ] + } + } + }, + "public.users_to_notifications": { + "name": "users_to_notifications", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "user_id": { + "name": "user_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "notification_type_id": { + "name": "notification_type_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "active": { + "name": "active", + "type": "boolean", + "primaryKey": false, + "notNull": true, + "default": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "users_to_notifications_user_id_users_id_fk": { + "name": "users_to_notifications_user_id_users_id_fk", + "tableFrom": "users_to_notifications", + "tableTo": "users", + "columnsFrom": [ + "user_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "users_to_notifications_notification_type_id_notification_types_id_fk": { + "name": "users_to_notifications_notification_type_id_notification_types_id_fk", + "tableFrom": "users_to_notifications", + "tableTo": "notification_types", + "columnsFrom": [ + "notification_type_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.questions_to_group_categories": { + "name": "questions_to_group_categories", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "question_id": { + "name": "question_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "group_category_id": { + "name": "group_category_id", + "type": "uuid", + "primaryKey": false, + "notNull": true + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "questions_to_group_categories_question_id_questions_id_fk": { + "name": "questions_to_group_categories_question_id_questions_id_fk", + "tableFrom": "questions_to_group_categories", + "tableTo": "questions", + "columnsFrom": [ + "question_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + }, + "questions_to_group_categories_group_category_id_group_categories_id_fk": { + "name": "questions_to_group_categories_group_category_id_group_categories_id_fk", + "tableFrom": "questions_to_group_categories", + "tableTo": "group_categories", + "columnsFrom": [ + "group_category_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + }, + "public.nav_links": { + "name": "nav_links", + "schema": "", + "columns": { + "id": { + "name": "id", + "type": "uuid", + "primaryKey": true, + "notNull": true, + "default": "gen_random_uuid()" + }, + "title": { + "name": "title", + "type": "varchar(256)", + "primaryKey": false, + "notNull": true + }, + "description": { + "name": "description", + "type": "varchar(1024)", + "primaryKey": false, + "notNull": false + }, + "link": { + "name": "link", + "type": "varchar(256)", + "primaryKey": false, + "notNull": false + }, + "start_at": { + "name": "start_at", + "type": "timestamp", + "primaryKey": false, + "notNull": false + }, + "end_at": { + "name": "end_at", + "type": "timestamp", + "primaryKey": false, + "notNull": false + }, + "active": { + "name": "active", + "type": "boolean", + "primaryKey": false, + "notNull": false, + "default": false + }, + "event_id": { + "name": "event_id", + "type": "uuid", + "primaryKey": false, + "notNull": false + }, + "created_at": { + "name": "created_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + }, + "updated_at": { + "name": "updated_at", + "type": "timestamp", + "primaryKey": false, + "notNull": true, + "default": "now()" + } + }, + "indexes": {}, + "foreignKeys": { + "nav_links_event_id_events_id_fk": { + "name": "nav_links_event_id_events_id_fk", + "tableFrom": "nav_links", + "tableTo": "events", + "columnsFrom": [ + "event_id" + ], + "columnsTo": [ + "id" + ], + "onDelete": "no action", + "onUpdate": "no action" + } + }, + "compositePrimaryKeys": {}, + "uniqueConstraints": {} + } + }, + "enums": {}, + "schemas": {}, + "_meta": { + "columns": {}, + "schemas": {}, + "tables": {} + } +} \ No newline at end of file diff --git a/migrations/meta/_journal.json b/migrations/meta/_journal.json index 4f733424..f1959bc0 100644 --- a/migrations/meta/_journal.json +++ b/migrations/meta/_journal.json @@ -211,6 +211,13 @@ "when": 1722437706757, "tag": "0029_mushy_vermin", "breakpoints": true + }, + { + "idx": 30, + "version": "6", + "when": 1723055190498, + "tag": "0030_sleepy_moira_mactaggert", + "breakpoints": true } ] } \ No newline at end of file diff --git a/src/db/schema/access-rules.ts b/src/db/schema/access-rules.ts new file mode 100644 index 00000000..1627533d --- /dev/null +++ b/src/db/schema/access-rules.ts @@ -0,0 +1,19 @@ +import { boolean, index, pgTable, timestamp, unique, uuid, varchar } from 'drizzle-orm/pg-core'; + +export const accessRules = pgTable( + 'access_rules', + { + id: uuid('id').primaryKey().defaultRandom(), + provider: varchar('provider', { length: 256 }), + subject: varchar('subject', { length: 256 }), + isAllowed: boolean('is_allowed').default(false), + createdAt: timestamp('created_at').notNull().defaultNow(), + updatedAt: timestamp('updated_at').notNull().defaultNow(), + }, + (t) => ({ + providerSubjectIndex: unique('provider_subject_idx').on(t.provider, t.subject), + isAllowedIndex: index('is_allowed_idx').on(t.isAllowed), + }), +); + +export type AccessRule = typeof accessRules.$inferSelect; diff --git a/src/db/schema/index.ts b/src/db/schema/index.ts index 587e00b2..6c6b95cd 100644 --- a/src/db/schema/index.ts +++ b/src/db/schema/index.ts @@ -19,3 +19,4 @@ export * from './users-to-notifications'; export * from './group-categories'; export * from './questions-to-group-categories'; export * from './nav-links'; +export * from './access-rules'; diff --git a/src/services/access-rules.ts b/src/services/access-rules.ts new file mode 100644 index 00000000..311b7de6 --- /dev/null +++ b/src/services/access-rules.ts @@ -0,0 +1,48 @@ +import { NodePgDatabase } from 'drizzle-orm/node-postgres'; +import * as schema from '../db/schema'; +import { and, eq } from 'drizzle-orm'; + +export async function checkAccessRules( + dbPool: NodePgDatabase, + data: { provider: string; subject: string }, +) { + const whiteListEntry = await dbPool + .select() + .from(schema.accessRules) + .where( + and( + eq(schema.accessRules.provider, data.provider), + eq(schema.accessRules.subject, data.subject), + ), + ) + .limit(1); + + if (whiteListEntry.length > 0) { + return true; + } + + // check if there is a whitelist + const whiteListRows = await dbPool.select().from(schema.accessRules).limit(1); + + if (whiteListRows.length > 0) { + return false; + } + + // check if there is a black list + const blackListEntry = await dbPool + .select() + .from(schema.accessRules) + .where( + and( + eq(schema.accessRules.provider, data.provider), + eq(schema.accessRules.subject, data.subject), + ), + ) + .limit(1); + + if (blackListEntry.length > 0) { + return false; + } + + return true; +} diff --git a/src/services/auth.ts b/src/services/auth.ts index 3b2def4b..6a991fea 100644 --- a/src/services/auth.ts +++ b/src/services/auth.ts @@ -2,11 +2,21 @@ import { NodePgDatabase } from 'drizzle-orm/node-postgres'; import * as schema from '../db/schema'; import { eq } from 'drizzle-orm'; import { logger } from '../utils/logger'; +import { checkAccessRules } from './access-rules'; export async function createOrSignInPCD( dbPool: NodePgDatabase, data: { uuid: string; email: string }, ): Promise { + const isAllowed = await checkAccessRules(dbPool, { + provider: 'zupass', + subject: data.uuid, + }); + + if (!isAllowed) { + throw new Error('Access denied'); + } + // check if there is a federated credential with the same subject const federatedCredential: schema.FederatedCredential[] = await dbPool .select() @@ -59,6 +69,15 @@ export async function createOrSignInSIWE( dbPool: NodePgDatabase, data: { chainId: string; address: string }, ): Promise { + const isAllowed = await checkAccessRules(dbPool, { + provider: 'ethereum', + subject: `${data.chainId}:${data.address}`, + }); + + if (!isAllowed) { + throw new Error('Access denied'); + } + // check if there is a federated credential with the same subject const federatedCredential: schema.FederatedCredential[] = await dbPool .select() From 8dd77c62ff6b88884364440c5a7f6d4c0ef633f0 Mon Sep 17 00:00:00 2001 From: Diego Alzate Date: Fri, 9 Aug 2024 13:47:27 +0100 Subject: [PATCH 3/3] fix migrations --- ...leepy_moira_mactaggert.sql => 0030_legal_demogoblin.sql} | 2 +- migrations/meta/0030_snapshot.json | 6 +++--- migrations/meta/_journal.json | 4 ++-- src/db/schema/access-rules.ts | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) rename migrations/{0030_sleepy_moira_mactaggert.sql => 0030_legal_demogoblin.sql} (83%) diff --git a/migrations/0030_sleepy_moira_mactaggert.sql b/migrations/0030_legal_demogoblin.sql similarity index 83% rename from migrations/0030_sleepy_moira_mactaggert.sql rename to migrations/0030_legal_demogoblin.sql index 49fff28e..d46174f0 100644 --- a/migrations/0030_sleepy_moira_mactaggert.sql +++ b/migrations/0030_legal_demogoblin.sql @@ -5,7 +5,7 @@ CREATE TABLE IF NOT EXISTS "access_rules" ( "is_allowed" boolean DEFAULT false, "created_at" timestamp DEFAULT now() NOT NULL, "updated_at" timestamp DEFAULT now() NOT NULL, - CONSTRAINT "provider_subject_idx" UNIQUE("provider","subject") + CONSTRAINT "access_rules_provider_subject_idx" UNIQUE("provider","subject") ); --> statement-breakpoint CREATE INDEX IF NOT EXISTS "is_allowed_idx" ON "access_rules" ("is_allowed"); \ No newline at end of file diff --git a/migrations/meta/0030_snapshot.json b/migrations/meta/0030_snapshot.json index 554aec2c..b5026040 100644 --- a/migrations/meta/0030_snapshot.json +++ b/migrations/meta/0030_snapshot.json @@ -1,5 +1,5 @@ { - "id": "5e2b34b3-dee2-405d-b036-6c1189cef571", + "id": "6ad68a59-6387-4558-ad1d-39ba3a308c0e", "prevId": "284a39cb-1ea5-435f-abb0-33fe38b1d7e1", "version": "6", "dialect": "postgresql", @@ -61,8 +61,8 @@ "foreignKeys": {}, "compositePrimaryKeys": {}, "uniqueConstraints": { - "provider_subject_idx": { - "name": "provider_subject_idx", + "access_rules_provider_subject_idx": { + "name": "access_rules_provider_subject_idx", "nullsNotDistinct": false, "columns": [ "provider", diff --git a/migrations/meta/_journal.json b/migrations/meta/_journal.json index f1959bc0..508702ec 100644 --- a/migrations/meta/_journal.json +++ b/migrations/meta/_journal.json @@ -215,8 +215,8 @@ { "idx": 30, "version": "6", - "when": 1723055190498, - "tag": "0030_sleepy_moira_mactaggert", + "when": 1723207017729, + "tag": "0030_legal_demogoblin", "breakpoints": true } ] diff --git a/src/db/schema/access-rules.ts b/src/db/schema/access-rules.ts index 1627533d..eaf775e9 100644 --- a/src/db/schema/access-rules.ts +++ b/src/db/schema/access-rules.ts @@ -11,7 +11,7 @@ export const accessRules = pgTable( updatedAt: timestamp('updated_at').notNull().defaultNow(), }, (t) => ({ - providerSubjectIndex: unique('provider_subject_idx').on(t.provider, t.subject), + providerSubjectIndex: unique('access_rules_provider_subject_idx').on(t.provider, t.subject), isAllowedIndex: index('is_allowed_idx').on(t.isAllowed), }), );