scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in feature/sas-login (pull request #1256)

Browse Source 
First steps towards the SAS partnership

* otp flow now pretends to do the linking

* Update LinkAccountForm header

* Update redirect times

* Clean up comments

* Set maxAge on sas cookies

* make all SAS routes protected

* Merge remote-tracking branch 'refs/remotes/origin/feature/sas-login' into feature/sas-login

* Require auth for sas link flow

* Fix resend otp

* Add error support to OneTimePasswordForm

* Add Sentry to SAS error boundary

* Move SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME

* Add missing translations

* Merge branch 'master' of bitbucket.org:scandic-swap/web into feature/sas-login

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* Add TooManyCodesError component

* Refactor GenericError to support new errors

* Add FailedAttemptsError

* remove removed component <VWOScript/>

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* remove local cookie-bot reference

* Fix sas campaign logo scaling

* feature toggle the SAS stuff

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* fix: use env vars for SAS endpoints


Approved-by: Linus Flood
This commit is contained in:
Joakim Jäderberg
2025-02-05 14:43:14 +00:00
parent e3b1bfc414
commit 46ebbbba8f
62 changed files with 2606 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
server/routers/partners/sas/otp/verify/verifyOtp.ts Normal file
View File

@@ -0,0 +1,96 @@
import { TRPCError } from "@trpc/server"
import { cookies } from "next/headers"
import { z } from "zod"
import { env } from "@/env/server"
import { protectedProcedure } from "@/server/trpc"
import { getSasToken } from "../../getSasToken"
import { getOTPState } from "../getOTPState"
import {
parseSASVerifyOtpError,
type VerifyOtpGeneralError,
} from "./verifyOtpError"
const inputSchema = z.object({
otp: z.string(),
})
const outputSchema = z.object({
status: z.string(), // TODO: Change to enum
referenceId: z.string().uuid(),
databaseUUID: z.string().uuid().optional(),
})
export const verifyOtp = protectedProcedure
.input(inputSchema)
.output(outputSchema)
.mutation(async function ({ ctx, input }) {
const sasAuthToken = getSasToken()
if (!sasAuthToken) {
// TODO: Should we verify that the SAS token isn't expired?
throw createError("AUTH_TOKEN_NOT_FOUND")
}
const verifyResponse = await fetchVerifyOtp(input)
console.log(
"[SAS] verifyOTP",
verifyResponse.status,
verifyResponse.statusText
)
if (!verifyResponse.ok) {
const errorBody = await verifyResponse.json()
console.error("[SAS] verifyOTP error", errorBody)
throw createError(errorBody)
}
console.log("[SAS] verifyOTP success")
const verifyData = await verifyResponse.json()
console.log("[SAS] verifyOTP data", verifyData)
const response = outputSchema.parse(verifyData)
console.log("[SAS] verifyOTP responding", response)
return response
})
async function fetchVerifyOtp(input: z.infer<typeof inputSchema>) {
const sasAuthToken = getSasToken()
const { referenceId, databaseUUID } = getOTPState()
return await fetch(
`${env.SAS_API_ENDPOINT}/api/scandic-partnership/customer/verify-otp`,
{
method: "POST",
headers: {
"Content-Type": "application/json",
"Ocp-Apim-Subscription-Key": env.SAS_OCP_APIM,
Authorization: `Bearer ${sasAuthToken}`,
},
body: JSON.stringify({
referenceId: referenceId,
otpCode: input.otp,
databaseUUID: databaseUUID,
}),
}
)
}
function createError(
errorBody:
| {
status: string
error: string
errorCode: number
databaseUUID: string
}
| Error
| VerifyOtpGeneralError
): TRPCError {
const errorInfo = parseSASVerifyOtpError(errorBody)
return new TRPCError({
code: "BAD_REQUEST",
cause: errorInfo,
})
}

24
server/routers/partners/sas/otp/verify/verifyOtpError.test.ts Normal file
View File

@@ -0,0 +1,24 @@
import { describe, expect, it } from "@jest/globals"
import { parseSASVerifyOtpError } from "./verifyOtpError"
describe("verifyOtpError", () => {
it("parses error with invalid error code", () => {
const error = {
status: "status",
error: "error",
errorCode: "a",
databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
}
const actual = parseSASVerifyOtpError({
status: "status",
error: "error",
errorCode: "a" as unknown as number,
databaseUUID: "9ffefefe-df0e-4229-9792-5ed31bef1db4",
} as any)
expect(actual).toEqual({
errorCode: "UNKNOWN",
})
})
})

57
server/routers/partners/sas/otp/verify/verifyOtpError.ts Normal file
View File

@@ -0,0 +1,57 @@
import { z } from "zod"
export type VerifyOtpResponseError = "OTP_EXPIRED" | "WRONG_OTP" | "UNKNOWN"
const VerifyOtpGeneralError = z.enum(["AUTH_TOKEN_NOT_FOUND", "UNKNOWN"])
export type VerifyOtpGeneralError = z.infer<typeof VerifyOtpGeneralError>
export type VerifyOtpError = {
errorCode: VerifyOtpResponseError | VerifyOtpGeneralError
}
export function parseSASVerifyOtpError(
error: SasOtpVerifyError | {}
): VerifyOtpError {
const parseResult = sasOtpVerifyErrorSchema.safeParse(error)
if (!parseResult.success) {
const generalErrorResult = VerifyOtpGeneralError.safeParse(error)
if (!generalErrorResult.success) {
return {
errorCode: "UNKNOWN",
}
}
return {
errorCode: generalErrorResult.data,
}
}
return {
errorCode: getErrorCodeByNumber(parseResult.data.errorCode),
}
}
const SAS_VERIFY_OTP_ERROR_CODES: {
[key in Exclude<VerifyOtpResponseError, "UNKNOWN">]: number
} = {
OTP_EXPIRED: 1,
WRONG_OTP: 2,
}
const getErrorCodeByNumber = (number: number): VerifyOtpResponseError => {
const v =
Object.entries(SAS_VERIFY_OTP_ERROR_CODES).find(
([_, value]) => value === number
)?.[0] ?? "UNKNOWN"
return v as VerifyOtpResponseError
}
const sasOtpVerifyErrorSchema = z.object({
status: z.string(),
otpExpiration: z.string().datetime(),
error: z.string(),
errorCode: z.number(),
databaseUUID: z.string().uuid(),
})
export type SasOtpVerifyError = z.infer<typeof sasOtpVerifyErrorSchema>