scandic/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46ebbbba8f73a8c53fbfd95c2d88de2c12394f17
web/server/routers/partners/sas/otp/verify/verifyOtp.ts
Joakim Jäderberg 46ebbbba8f Merged in feature/sas-login (pull request #1256) 
First steps towards the SAS partnership

* otp flow now pretends to do the linking

* Update LinkAccountForm header

* Update redirect times

* Clean up comments

* Set maxAge on sas cookies

* make all SAS routes protected

* Merge remote-tracking branch 'refs/remotes/origin/feature/sas-login' into feature/sas-login

* Require auth for sas link flow

* Fix resend otp

* Add error support to OneTimePasswordForm

* Add Sentry to SAS error boundary

* Move SAS_REQUEST_OTP_STATE_STORAGE_COOKIE_NAME

* Add missing translations

* Merge branch 'master' of bitbucket.org:scandic-swap/web into feature/sas-login

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* Add TooManyCodesError component

* Refactor GenericError to support new errors

* Add FailedAttemptsError

* remove removed component <VWOScript/>

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* remove local cookie-bot reference

* Fix sas campaign logo scaling

* feature toggle the SAS stuff

* Merge branch 'feature/sas-login' of bitbucket.org:scandic-swap/web into feature/sas-login

* fix: use env vars for SAS endpoints


Approved-by: Linus Flood
2025-02-05 14:43:14 +00:00

97 lines
2.4 KiB
TypeScript
Raw Blame History

import { TRPCError } from "@trpc/server"
import { cookies } from "next/headers"
import { z } from "zod"
import { env } from "@/env/server"
import { protectedProcedure } from "@/server/trpc"
import { getSasToken } from "../../getSasToken"
import { getOTPState } from "../getOTPState"
import {
parseSASVerifyOtpError,
type VerifyOtpGeneralError,
} from "./verifyOtpError"
const inputSchema = z.object({
otp: z.string(),
})
const outputSchema = z.object({
status: z.string(), // TODO: Change to enum
referenceId: z.string().uuid(),
databaseUUID: z.string().uuid().optional(),
})
export const verifyOtp = protectedProcedure
.input(inputSchema)
.output(outputSchema)
.mutation(async function ({ ctx, input }) {
const sasAuthToken = getSasToken()
if (!sasAuthToken) {
// TODO: Should we verify that the SAS token isn't expired?
throw createError("AUTH_TOKEN_NOT_FOUND")
}
const verifyResponse = await fetchVerifyOtp(input)
console.log(
"[SAS] verifyOTP",
verifyResponse.status,
verifyResponse.statusText
)
if (!verifyResponse.ok) {
const errorBody = await verifyResponse.json()
console.error("[SAS] verifyOTP error", errorBody)
throw createError(errorBody)
}
console.log("[SAS] verifyOTP success")
const verifyData = await verifyResponse.json()
console.log("[SAS] verifyOTP data", verifyData)
const response = outputSchema.parse(verifyData)
console.log("[SAS] verifyOTP responding", response)
return response
})
async function fetchVerifyOtp(input: z.infer<typeof inputSchema>) {
const sasAuthToken = getSasToken()
const { referenceId, databaseUUID } = getOTPState()
return await fetch(
`${env.SAS_API_ENDPOINT}/api/scandic-partnership/customer/verify-otp`,
{
method: "POST",
headers: {
"Content-Type": "application/json",
"Ocp-Apim-Subscription-Key": env.SAS_OCP_APIM,
Authorization: `Bearer ${sasAuthToken}`,
},
body: JSON.stringify({
referenceId: referenceId,
otpCode: input.otp,
databaseUUID: databaseUUID,
}),
}
)
}
function createError(
errorBody:
| {
status: string
error: string
errorCode: number
databaseUUID: string
}
| Error
| VerifyOtpGeneralError
): TRPCError {
const errorInfo = parseSASVerifyOtpError(errorBody)
return new TRPCError({
code: "BAD_REQUEST",
cause: errorInfo,
})
}
Reference in New Issue View Git Blame Copy Permalink