Merged in feature/sas-login (pull request #1256)

First steps towards the SAS partnership * otp flow now pretends to do the linking * Update LinkAccountForm header * Update redirect times * Clean up comments * Set maxAge on sas cookies * make all SAS routes protected * Merge remote-tracking branch 'refs/remotes/origin/feature/sas-login' into feature/sas-login * Require auth for sas link flow * Fix resend otp * Add error support to OneTimePasswordForm * Add Sentry to SAS error boundary * Move SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME * Add missing translations * Merge branch 'master' of bitbucket.org:scandic-swap/web into feature/sas-login * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * Add TooManyCodesError component * Refactor GenericError to support new errors * Add FailedAttemptsError * remove removed component <VWOScript/> * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * remove local cookie-bot reference * Fix sas campaign logo scaling * feature toggle the SAS stuff * Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login * fix: use env vars for SAS endpoints Approved-by: Linus Flood
2025-02-05 14:43:14 +00:00
parent e3b1bfc414
commit 46ebbbba8f
62 changed files with 2606 additions and 89 deletions
--- a/server/context.ts
+++ b/server/context.ts
@@ -2,10 +2,10 @@ import { cookies, headers } from "next/headers"
 import { type Session } from "next-auth"
 import { cache } from "react"

-import { Lang } from "@/constants/languages"
-
 import { auth } from "@/auth"

+import type { Lang } from "@/constants/languages"
+
 typeof auth

 type CreateContextOptions = {
--- a/server/index.ts
+++ b/server/index.ts
@@ -2,6 +2,7 @@
 import { bookingRouter } from "./routers/booking"
 import { contentstackRouter } from "./routers/contentstack"
 import { hotelsRouter } from "./routers/hotels"
+import { partnerRouter } from "./routers/partners"
 import { userRouter } from "./routers/user"
 import { router } from "./trpc"

@@ -10,6 +11,7 @@ export const appRouter = router({
  contentstack: contentstackRouter,
  hotel: hotelsRouter,
  user: userRouter,
+  partner: partnerRouter,
 })

 export type AppRouter = typeof appRouter
--- a/server/routers/contentstack/reward/utils.ts
+++ b/server/routers/contentstack/reward/utils.ts
@@ -11,12 +11,13 @@ import { notFound } from "@/server/errors/trpc"
 import { generateLoyaltyConfigTag } from "@/utils/generateTag"

 import {
-type 
-  CmsRewardsResponse,type 
-  CmsRewardsWithRedeemResponse,  validateApiAllTiersSchema,
+  type CmsRewardsResponse,
+  type CmsRewardsWithRedeemResponse,
+  validateApiAllTiersSchema,
  validateApiTierRewardsSchema,
  validateCmsRewardsSchema,
-  validateCmsRewardsWithRedeemSchema} from "./output"
+  validateCmsRewardsWithRedeemSchema,
+} from "./output"

 import type { Lang } from "@/constants/languages"

--- a/server/routers/partners/index.ts
+++ b/server/routers/partners/index.ts
@@ -0,0 +1,5 @@
+import { router } from "@/server/trpc"
+
+import { sasRouter } from "./sas"
+
+export const partnerRouter = router({ sas: sasRouter })
--- a/server/routers/partners/sas/getSasToken.ts
+++ b/server/routers/partners/sas/getSasToken.ts
@@ -0,0 +1,11 @@
+import { cookies } from "next/headers"
+
+import { SAS_TOKEN_STORAGE_KEY } from "@/app/[lang]/(partner)/(sas)/(protected)/sas-x-scandic/sasUtils"
+
+export function getSasToken() {
+  const cookieStore = cookies()
+  const tokenCookie = cookieStore.get(SAS_TOKEN_STORAGE_KEY)
+  const sasAuthToken = tokenCookie?.value
+
+  return sasAuthToken
+}
--- a/server/routers/partners/sas/index.ts
+++ b/server/routers/partners/sas/index.ts
@@ -0,0 +1,7 @@
+import { router } from "@/server/trpc"
+
+import { requestOtp } from "./otp/request/requestOtp"
+import { verifyOtp } from "./otp/verify/verifyOtp"
+import { linkAccount } from "./linkAccount"
+
+export const sasRouter = router({ verifyOtp, requestOtp, linkAccount })
--- a/server/routers/partners/sas/linkAccount.ts
+++ b/server/routers/partners/sas/linkAccount.ts
@@ -0,0 +1,28 @@
+import { z } from "zod"
+
+import { protectedProcedure } from "@/server/trpc"
+
+import { getSasToken } from "./getSasToken"
+
+const outputSchema = z.object({
+  linkingState: z.enum(["linked"]),
+})
+
+export const linkAccount = protectedProcedure
+  .output(outputSchema)
+  .mutation(async function ({ ctx, input }) {
+    const sasAuthToken = getSasToken()
+
+    console.log("[SAS] link account")
+    await timeout(1000)
+    //TODO: Call actual API here
+    console.log("[SAS] link account done")
+
+    return {
+      linkingState: "linked",
+    }
+  })
+
+function timeout(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms))
+}
--- a/server/routers/partners/sas/otp/constants.ts
+++ b/server/routers/partners/sas/otp/constants.ts
@@ -0,0 +1,2 @@
+export const SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME =
+  "sas-x-scandic-request-otp-state"
--- a/server/routers/partners/sas/otp/getOTPState.ts
+++ b/server/routers/partners/sas/otp/getOTPState.ts
@@ -0,0 +1,17 @@
+import { cookies } from "next/headers"
+import { z } from "zod"
+
+import { SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME } from "./constants"
+
+const otpStateSchema = z.object({
+  referenceId: z.string().uuid(),
+  databaseUUID: z.string().uuid(),
+})
+
+export type OtpState = z.infer<typeof otpStateSchema>
+
+export function getOTPState() {
+  const otpState = cookies().get(SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME)
+
+  return otpStateSchema.parse(JSON.parse(otpState?.value ?? "{}"))
+}
--- a/server/routers/partners/sas/otp/request/requestOtp.ts
+++ b/server/routers/partners/sas/otp/request/requestOtp.ts
@@ -0,0 +1,116 @@
+import { TRPCError } from "@trpc/server"
+import { cookies } from "next/headers"
+import { v4 as uuidv4 } from "uuid"
+import { z } from "zod"
+
+import { env } from "@/env/server"
+import { protectedProcedure } from "@/server/trpc"
+
+import { getSasToken } from "../../getSasToken"
+import { SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME } from "../constants"
+import {
+  parseSASRequestOtpError,
+  type RequestOtpGeneralError,
+} from "./requestOtpError"
+
+import type { OtpState } from "../getOTPState"
+
+const inputSchema = z.object({})
+
+const outputSchema = z.object({
+  status: z.string(),
+  referenceId: z.string().uuid(),
+  databaseUUID: z.string().uuid(),
+  otpExpiration: z.number(),
+  otpReceiver: z.string(),
+})
+
+export const requestOtp = protectedProcedure
+  .input(inputSchema)
+  .output(outputSchema)
+  .mutation(async function ({ ctx, input }) {
+    const sasAuthToken = getSasToken()
+
+    if (!sasAuthToken) {
+      // TODO: Should we verify that the SAS token isn't expired?
+      throw createError("AUTH_TOKEN_NOT_FOUND")
+    }
+
+    const tokenResponse = await fetchRequestOtp({ sasAuthToken })
+    console.log(
+      "[SAS] requestOtp",
+      tokenResponse.status,
+      tokenResponse.statusText
+    )
+    if (!tokenResponse.ok) {
+      const errorBody = await tokenResponse.json()
+      console.error("[SAS] requestOtp error", errorBody)
+      throw createError(errorBody)
+    }
+
+    const parseResult = outputSchema.safeParse(await tokenResponse.json())
+    if (!parseResult.success) {
+      throw createError(parseResult.error)
+    }
+
+    setSASOtpCookie(parseResult.data)
+
+    return parseResult.data
+  })
+
+function createError(
+  errorBody:
+    | {
+        status: string
+        error: string
+        errorCode: number
+        databaseUUID: string
+      }
+    | Error
+    | RequestOtpGeneralError
+): TRPCError {
+  const errorInfo = parseSASRequestOtpError(errorBody)
+  console.error("[SAS] createError", errorInfo)
+  return new TRPCError({
+    code: "BAD_REQUEST",
+    cause: errorInfo,
+  })
+}
+
+async function fetchRequestOtp({ sasAuthToken }: { sasAuthToken: string }) {
+  const endpoint = `${env.SAS_API_ENDPOINT}/api/scandic-partnership/customer/send-otp`
+
+  console.log("[SAS]: Requesting OTP")
+
+  return await fetch(endpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Ocp-Apim-Subscription-Key": env.SAS_OCP_APIM,
+      Authorization: `Bearer ${sasAuthToken}`,
+    },
+    body: JSON.stringify({
+      referenceId: uuidv4(),
+    }),
+  })
+}
+
+function setSASOtpCookie({
+  referenceId,
+  databaseUUID,
+}: {
+  referenceId: string
+  databaseUUID: string
+}) {
+  cookies().set(
+    SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME,
+    JSON.stringify({
+      referenceId: referenceId,
+      databaseUUID: databaseUUID,
+    } satisfies OtpState),
+    {
+      httpOnly: true,
+      maxAge: 3600,
+    }
+  )
+}
--- a/server/routers/partners/sas/otp/request/requestOtpError.test.ts
+++ b/server/routers/partners/sas/otp/request/requestOtpError.test.ts
@@ -0,0 +1,37 @@
+import { describe, expect, it } from "@jest/globals"
+
+import { parseSASRequestOtpError } from "./requestOtpError"
+
+describe("requestOtpError", () => {
+  it("parses error with invalid error code", () => {
+    const error = {
+      status: "status",
+      error: "error",
+      errorCode: "a",
+      databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
+    }
+
+    const actual = parseSASRequestOtpError({
+      status: "status",
+      error: "error",
+      errorCode: "a" as unknown as number,
+      databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
+    } as any)
+    expect(actual).toEqual({
+      errorCode: "UNKNOWN",
+    })
+  })
+
+  it("parses error as TOO_MANY_REQUESTS error code", () => {
+    const actual = parseSASRequestOtpError({
+      status: "status",
+      error: "error",
+      errorCode: 10,
+      databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
+      otpExpiration: "2021-09-01T00:00:00Z",
+    })
+    expect(actual).toEqual({
+      errorCode: "TOO_MANY_REQUESTS",
+    })
+  })
+})
--- a/server/routers/partners/sas/otp/request/requestOtpError.ts
+++ b/server/routers/partners/sas/otp/request/requestOtpError.ts
@@ -0,0 +1,61 @@
+import { z } from "zod"
+
+export type RequestOtpResponseError = "TOO_MANY_REQUESTS" | "UNKNOWN"
+
+const requestOtpGeneralError = z.enum([
+  "AUTH_TOKEN_EXPIRED",
+  "AUTH_TOKEN_NOT_FOUND",
+  "UNKNOWN",
+])
+export type RequestOtpGeneralError = z.infer<typeof requestOtpGeneralError>
+
+export type RequestOtpError = {
+  errorCode: RequestOtpResponseError | RequestOtpGeneralError
+}
+export function parseSASRequestOtpError(
+  error: SasOtpRequestError | {}
+): RequestOtpError {
+  const parseResult = sasOtpRequestErrorSchema.safeParse(error)
+  if (!parseResult.success) {
+    const generalErrorResult = requestOtpGeneralError.safeParse(error)
+    if (!generalErrorResult.success) {
+      return {
+        errorCode: "UNKNOWN",
+      }
+    }
+
+    return {
+      errorCode: generalErrorResult.data,
+    }
+  }
+
+  return {
+    errorCode: getErrorCodeByNumber(parseResult.data.errorCode),
+  }
+}
+
+const SAS_REQUEST_OTP_ERROR_CODES: {
+  [key in Exclude<RequestOtpResponseError, "UNKNOWN">]: number
+} = {
+  TOO_MANY_REQUESTS: 10,
+}
+
+const getErrorCodeByNumber = (number: number): RequestOtpResponseError => {
+  const v =
+    Object.entries(SAS_REQUEST_OTP_ERROR_CODES).find(
+      ([_, value]) => value === number
+    )?.[0] ?? "UNKNOWN"
+
+  console.log("[SAS] getErrorCodeByNumber", number, v)
+  return v as RequestOtpResponseError
+}
+
+const sasOtpRequestErrorSchema = z.object({
+  status: z.string(),
+  otpExpiration: z.string().datetime(),
+  error: z.string(),
+  errorCode: z.number(),
+  databaseUUID: z.string().uuid(),
+})
+
+export type SasOtpRequestError = z.infer<typeof sasOtpRequestErrorSchema>
--- a/server/routers/partners/sas/otp/verify/verifyOtp.ts
+++ b/server/routers/partners/sas/otp/verify/verifyOtp.ts
@@ -0,0 +1,96 @@
+import { TRPCError } from "@trpc/server"
+import { cookies } from "next/headers"
+import { z } from "zod"
+
+import { env } from "@/env/server"
+import { protectedProcedure } from "@/server/trpc"
+
+import { getSasToken } from "../../getSasToken"
+import { getOTPState } from "../getOTPState"
+import {
+  parseSASVerifyOtpError,
+  type VerifyOtpGeneralError,
+} from "./verifyOtpError"
+
+const inputSchema = z.object({
+  otp: z.string(),
+})
+
+const outputSchema = z.object({
+  status: z.string(), // TODO: Change to enum
+  referenceId: z.string().uuid(),
+  databaseUUID: z.string().uuid().optional(),
+})
+
+export const verifyOtp = protectedProcedure
+  .input(inputSchema)
+  .output(outputSchema)
+  .mutation(async function ({ ctx, input }) {
+    const sasAuthToken = getSasToken()
+
+    if (!sasAuthToken) {
+      // TODO: Should we verify that the SAS token isn't expired?
+      throw createError("AUTH_TOKEN_NOT_FOUND")
+    }
+
+    const verifyResponse = await fetchVerifyOtp(input)
+    console.log(
+      "[SAS] verifyOTP",
+      verifyResponse.status,
+      verifyResponse.statusText
+    )
+    if (!verifyResponse.ok) {
+      const errorBody = await verifyResponse.json()
+      console.error("[SAS] verifyOTP error", errorBody)
+      throw createError(errorBody)
+    }
+
+    console.log("[SAS] verifyOTP success")
+    const verifyData = await verifyResponse.json()
+    console.log("[SAS] verifyOTP data", verifyData)
+    const response = outputSchema.parse(verifyData)
+    console.log("[SAS] verifyOTP responding", response)
+
+    return response
+  })
+
+async function fetchVerifyOtp(input: z.infer<typeof inputSchema>) {
+  const sasAuthToken = getSasToken()
+  const { referenceId, databaseUUID } = getOTPState()
+
+  return await fetch(
+    `${env.SAS_API_ENDPOINT}/api/scandic-partnership/customer/verify-otp`,
+    {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Ocp-Apim-Subscription-Key": env.SAS_OCP_APIM,
+        Authorization: `Bearer ${sasAuthToken}`,
+      },
+      body: JSON.stringify({
+        referenceId: referenceId,
+        otpCode: input.otp,
+        databaseUUID: databaseUUID,
+      }),
+    }
+  )
+}
+
+function createError(
+  errorBody:
+    | {
+        status: string
+        error: string
+        errorCode: number
+        databaseUUID: string
+      }
+    | Error
+    | VerifyOtpGeneralError
+): TRPCError {
+  const errorInfo = parseSASVerifyOtpError(errorBody)
+
+  return new TRPCError({
+    code: "BAD_REQUEST",
+    cause: errorInfo,
+  })
+}
--- a/server/routers/partners/sas/otp/verify/verifyOtpError.test.ts
+++ b/server/routers/partners/sas/otp/verify/verifyOtpError.test.ts
@@ -0,0 +1,24 @@
+import { describe, expect, it } from "@jest/globals"
+
+import { parseSASVerifyOtpError } from "./verifyOtpError"
+
+describe("verifyOtpError", () => {
+  it("parses error with invalid error code", () => {
+    const error = {
+      status: "status",
+      error: "error",
+      errorCode: "a",
+      databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
+    }
+
+    const actual = parseSASVerifyOtpError({
+      status: "status",
+      error: "error",
+      errorCode: "a" as unknown as number,
+      databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
+    } as any)
+    expect(actual).toEqual({
+      errorCode: "UNKNOWN",
+    })
+  })
+})
--- a/server/routers/partners/sas/otp/verify/verifyOtpError.ts
+++ b/server/routers/partners/sas/otp/verify/verifyOtpError.ts
@@ -0,0 +1,57 @@
+import { z } from "zod"
+
+export type VerifyOtpResponseError = "OTP_EXPIRED" | "WRONG_OTP" | "UNKNOWN"
+
+const VerifyOtpGeneralError = z.enum(["AUTH_TOKEN_NOT_FOUND", "UNKNOWN"])
+export type VerifyOtpGeneralError = z.infer<typeof VerifyOtpGeneralError>
+
+export type VerifyOtpError = {
+  errorCode: VerifyOtpResponseError | VerifyOtpGeneralError
+}
+export function parseSASVerifyOtpError(
+  error: SasOtpVerifyError | {}
+): VerifyOtpError {
+  const parseResult = sasOtpVerifyErrorSchema.safeParse(error)
+  if (!parseResult.success) {
+    const generalErrorResult = VerifyOtpGeneralError.safeParse(error)
+    if (!generalErrorResult.success) {
+      return {
+        errorCode: "UNKNOWN",
+      }
+    }
+
+    return {
+      errorCode: generalErrorResult.data,
+    }
+  }
+
+  return {
+    errorCode: getErrorCodeByNumber(parseResult.data.errorCode),
+  }
+}
+
+const SAS_VERIFY_OTP_ERROR_CODES: {
+  [key in Exclude<VerifyOtpResponseError, "UNKNOWN">]: number
+} = {
+  OTP_EXPIRED: 1,
+  WRONG_OTP: 2,
+}
+
+const getErrorCodeByNumber = (number: number): VerifyOtpResponseError => {
+  const v =
+    Object.entries(SAS_VERIFY_OTP_ERROR_CODES).find(
+      ([_, value]) => value === number
+    )?.[0] ?? "UNKNOWN"
+
+  return v as VerifyOtpResponseError
+}
+
+const sasOtpVerifyErrorSchema = z.object({
+  status: z.string(),
+  otpExpiration: z.string().datetime(),
+  error: z.string(),
+  errorCode: z.number(),
+  databaseUUID: z.string().uuid(),
+})
+
+export type SasOtpVerifyError = z.infer<typeof sasOtpVerifyErrorSchema>
--- a/server/trpc.ts
+++ b/server/trpc.ts
@@ -30,6 +30,10 @@ const t = initTRPC
        ...shape,
        data: {
          ...shape.data,
+          cause:
+            error.cause instanceof ZodError
+              ? undefined
+              : JSON.parse(JSON.stringify(error.cause)),
          zodError:
            error.cause instanceof ZodError ? error.cause.flatten() : null,
        },