Require verified wallet address when setting up subscription

2022-05-26 10:04:52 +00:00 · 2022-05-26 10:04:52 +00:00 · dc8a7bed2e
parent 50afcfad73
commit dc8a7bed2e
3 changed files with 28 additions and 8 deletions
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@ -149,7 +149,7 @@ paths:
              schema:
                $ref: '#/components/schemas/Signature'
        403:
-          description: User's wallet address is not known
+          description: User's wallet address is not known or not verified
        418:
          description: Blockchain integration is not enabled
  /api/v1/accounts/relationships:
--- a/src/mastodon_api/accounts/views.rs
+++ b/src/mastodon_api/accounts/views.rs
@ -290,7 +290,9 @@ async fn authorize_subscription(
    let current_user = get_current_user(db_client, auth.token()).await?;
    let blockchain_config = config.blockchain.as_ref()
        .ok_or(HttpError::NotSupported)?;
-    let wallet_address = current_user.wallet_address
+    // Wallet address must be public, because subscribers should be able
+    // to verify that payments are actually sent to the recipient.
+    let wallet_address = current_user.public_wallet_address()
        .ok_or(HttpError::PermissionError)?;
    let signature = create_subscription_signature(
        blockchain_config,
--- a/src/models/users/types.rs
+++ b/src/models/users/types.rs
@ -6,15 +6,16 @@ use uuid::Uuid;
 use crate::errors::ValidationError;
 use crate::models::profiles::types::DbActorProfile;

+#[allow(dead_code)]
 #[derive(FromSql)]
 #[postgres(name = "user_account")]
 pub struct DbUser {
-    pub id: Uuid,
-    pub wallet_address: Option<String>,
-    pub password_hash: Option<String>,
-    pub private_key: String,
-    pub invite_code: Option<String>,
-    pub created_at: DateTime<Utc>,
+    id: Uuid,
+    wallet_address: Option<String>,
+    password_hash: Option<String>,
+    private_key: String,
+    invite_code: Option<String>,
+    created_at: DateTime<Utc>,
 }

 // Represents local user
@ -42,6 +43,14 @@ impl User {
            profile: db_profile,
        }
    }
+
+    /// Returns login address if it is verified
+    pub fn public_wallet_address(&self) -> Option<String> {
+        let wallet_address = self.wallet_address.clone()?;
+        let is_verified = self.profile.identity_proofs.clone().into_inner().iter()
+            .any(|proof| proof.issuer.address == wallet_address);
+        if is_verified { Some(wallet_address) } else { None }
+    }
 }

 #[cfg_attr(test, derive(Default))]
@ -76,6 +85,15 @@ pub fn validate_wallet_address(wallet_address: &str) -> Result<(), ValidationErr
 mod tests {
    use super::*;

+    #[test]
+    fn test_public_wallet_address_hidden_by_default() {
+        let user = User {
+            wallet_address: Some("0x1234".to_string()),
+            ..Default::default()
+        };
+        assert_eq!(user.public_wallet_address(), None);
+    }
+
    #[test]
    fn test_validate_local_username() {
        let result_1 = validate_local_username("name_1");