Add: request to validate the platform password

UNICEFECAR · Jan 30, 2024 · 89657f3 · 89657f3
1 parent 29dbbbb
commit 89657f3
Show file tree

Hide file tree

Showing 8 changed files with 93 additions and 1 deletion.
diff --git a/service/controllers/auth.js b/service/controllers/auth.js
@@ -1,6 +1,7 @@
 import jwt from "jsonwebtoken";
 import { v4 as uuidv4 } from "uuid";
 import { customAlphabet } from "nanoid";
+import bcrypt from "bcryptjs";
 
 import {
   storeRefreshToken,
@@ -13,6 +14,8 @@ import {
   invalidRefreshToken,
   cannotGenerateUserAccessToken,
   emailUsed,
+  invalidPlatformPassword,
+  noPlatformPasswordSet,
 } from "#utils/errors";
 
 import {
@@ -21,6 +24,7 @@ import {
 } from "#utils/helperFunctions";
 import { storeEmailOTP } from "#queries/authOTP";
 import { produceRaiseNotification } from "#utils/kafkaProducers";
+import { getPlatformPasswordQuery } from "#queries/auth";
 
 const JWT_KEY = process.env.JWT_KEY;
 
@@ -185,3 +189,32 @@ export const createEmailOTP = async ({ country, language, email }) => {
     });
   return true;
 };
+
+export const validatePlatformPassword = async ({
+  language,
+  platformPassword,
+}) => {
+  // Get the hashed password value from the database
+  const currentPlatformPassword = await getPlatformPasswordQuery()
+    .then((res) => {
+      if (res.rowCount === 0) {
+        throw noPlatformPasswordSet(language);
+      }
+      return res.rows[0].value;
+    })
+    .catch((err) => {
+      throw err;
+    });
+
+  // Compare it to the password received from the request
+  const validatePassword = await bcrypt.compare(
+    platformPassword,
+    currentPlatformPassword
+  );
+
+  if (!validatePassword) {
+    throw invalidPlatformPassword(language);
+  }
+
+  return { success: true };
+};
diff --git a/service/queries/auth.js b/service/queries/auth.js
@@ -0,0 +1,10 @@
+import { getDBPool } from "#utils/dbConfig";
+
+export const getPlatformPasswordQuery = async () => {
+  return await getDBPool("masterDb").query(
+    `
+            SELECT *
+            FROM platform_password;
+        `
+  );
+};
diff --git a/service/routes/v1/authRouter.js b/service/routes/v1/authRouter.js
@@ -9,9 +9,14 @@ import {
   refreshAccessToken,
   generateAccessToken,
   createEmailOTP,
+  validatePlatformPassword,
 } from "#controllers/auth";
 
-import { emailOTPSchema, refreshAccessTokenSchema } from "#schemas/authSchemas";
+import {
+  emailOTPSchema,
+  refreshAccessTokenSchema,
+  validatePlatformPasswordSchema,
+} from "#schemas/authSchemas";
 
 const router = express.Router();
 
@@ -181,4 +186,21 @@ router.post("/validate-captcha", async (req, res, next) => {
   }
 });
 
+router.post("/validate-platform-password", async (req, res, next) => {
+  /**
+   * #route   POST /user/v1/auth/validate-platform-password
+   * #desc    Validate platform password
+   */
+  const language = req.header("x-language-alpha-2") || "en";
+  const { platformPassword } = req.body;
+
+  return await validatePlatformPasswordSchema
+    .noUnknown(true)
+    .strict()
+    .validate({ platformPassword, language })
+    .then(validatePlatformPassword)
+    .then((result) => res.status(200).send(result))
+    .catch(next);
+});
+
 export { router };
diff --git a/service/schemas/authSchemas.js b/service/schemas/authSchemas.js
@@ -44,3 +44,8 @@ export const emailOTPSchema = yup.object().shape({
   language: yup.string().required(),
   email: yup.string().email().required(),
 });
+
+export const validatePlatformPasswordSchema = yup.object().shape({
+  language: yup.string().required(),
+  platformPassword: yup.string().required(),
+});
diff --git a/service/translations/en.js b/service/translations/en.js
@@ -23,4 +23,6 @@ export default {
     "Too many OTP requests made, please try again soon.",
   invalid_email_otp_error: "Invalid verification code",
   email_otp_expired_error: "Verification code expired",
+  invalid_platform_password_error: "Invalid platform password",
+  no_platform_password_set_error: "No platform password is set",
 };
diff --git a/service/translations/kk.js b/service/translations/kk.js
@@ -24,4 +24,6 @@ export default {
     "Тым көп бір реттік құпия сөз (OTP) сұраулары жасалды, әрекетті кейінірек қайталаңыз.",
   invalid_email_otp_error: "Жарамсыз растау коды",
   email_otp_expired_error: "Растау кодының мерзімі аяқталды",
+  invalid_platform_password_error: "Жарамсыз платформа құпия сөз",
+  no_platform_password_set_error: "Платформа құпия сөз жоқ",
 };
diff --git a/service/translations/ru.js b/service/translations/ru.js
@@ -24,4 +24,6 @@ export default {
     "Сделано слишком много запросов на одноразовый пароль (OTP), повторите попытку позже.",
   invalid_email_otp_error: "Неверный код подтверждения",
   email_otp_expired_error: "Срок действия кода подтверждения истек",
+  invalid_platform_password_error: "Неверный пароль платформы",
+  no_platform_password_set_error: "Пароль платформы не установлен",
 };
diff --git a/service/utils/errors.js b/service/utils/errors.js
@@ -127,3 +127,19 @@ export const emailOTPExpired = (language) => {
   error.status = 404;
   return error;
 };
+
+export const invalidPlatformPassword = (language) => {
+  const error = new Error();
+  error.message = t("invalid_platform_password_error", language);
+  error.name = "INVALID PLATFORM PASSWORD";
+  error.status = 404;
+  return error;
+};
+
+export const noPlatformPasswordSet = (language) => {
+  const error = new Error();
+  error.message = t("no_platform_password_set_error", language);
+  error.name = "NO PLATFORM PASSWORD SET";
+  error.status = 404;
+  return error;
+};