394 lines
8.7 KiB
JavaScript
394 lines
8.7 KiB
JavaScript
const express = require('express');
|
|
const uuid = require('uuid');
|
|
const fetch = require('node-fetch');
|
|
const plaid = require('plaid');
|
|
const { middleware: connectDb } = require('./db');
|
|
const { handleError } = require('./util/handle-error');
|
|
const { validateSubscribedUser } = require('./util/validate-user');
|
|
const config = require('./config');
|
|
|
|
const app = express();
|
|
|
|
let plaidClient;
|
|
function init() {
|
|
plaidClient = new plaid.Client({
|
|
clientID: config.plaid.client_id,
|
|
secret: config.plaid.secret,
|
|
env: config.plaid.env,
|
|
options: { version: '2019-05-29' }
|
|
});
|
|
}
|
|
|
|
async function validateToken(req, res) {
|
|
let { token } = req.body;
|
|
let rows = await req.runQuery(
|
|
'SELECT * FROM webTokens WHERE token_id = $1',
|
|
[token],
|
|
true
|
|
);
|
|
if (rows.length === 0) {
|
|
res.send(JSON.stringify({ status: 'error', reason: 'not-found' }));
|
|
return null;
|
|
}
|
|
|
|
// Tokens are only valid for 10 minutes
|
|
let validTime = 1000 * 60 * 10;
|
|
let row = rows[0];
|
|
let timeCreated = JSON.parse(row.time_created);
|
|
|
|
if (Date.now() - timeCreated >= validTime) {
|
|
res.send(JSON.stringify({ status: 'error', reason: 'expired' }));
|
|
return null;
|
|
}
|
|
|
|
return row;
|
|
}
|
|
|
|
app.post(
|
|
'/create-web-token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
|
|
let token = uuid.v4();
|
|
await req.runQuery('DELETE FROM webTokens WHERE user_id = $1', [user.id]);
|
|
await req.runQuery(
|
|
'INSERT INTO webTokens (user_id, token_id, time_created) VALUES ($1, $2, $3)',
|
|
[user.id, token, Date.now()]
|
|
);
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: token
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/validate-web-token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let token = await validateToken(req, res);
|
|
if (!token) {
|
|
return;
|
|
}
|
|
|
|
res.send(JSON.stringify({ status: 'ok' }));
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/put-web-token-contents',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let token = await validateToken(req, res);
|
|
if (!token) {
|
|
return;
|
|
}
|
|
|
|
let { data } = req.body;
|
|
|
|
await req.runQuery(
|
|
'UPDATE webTokens SET contents = $1 WHERE token_id = $2',
|
|
[JSON.stringify(data), token.token_id]
|
|
);
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: null
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/get-web-token-contents',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
|
|
let token = await validateToken(req, res);
|
|
if (!token) {
|
|
return;
|
|
}
|
|
|
|
let rows = await req.runQuery(
|
|
'SELECT * FROM webTokens WHERE user_id = $1 AND token_id = $2',
|
|
[user.id, token.token_id],
|
|
true
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'error',
|
|
reason: 'not-found'
|
|
})
|
|
);
|
|
}
|
|
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: JSON.parse(rows[0].contents)
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/make_link_token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let token = await validateToken(req, res);
|
|
if (!token) {
|
|
return;
|
|
}
|
|
|
|
let result = await plaidClient.createLinkToken({
|
|
user: {
|
|
client_user_id: token.user_id
|
|
},
|
|
client_name: 'Actual',
|
|
products: ['transactions'],
|
|
country_codes: ['US'],
|
|
language: 'en'
|
|
});
|
|
res.send(JSON.stringify({ status: 'ok', data: result.link_token }));
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/handoff_public_token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
let { item_id, public_token } = req.body;
|
|
|
|
let url = config.plaid.env + '/item/public_token/exchange';
|
|
let resData = await fetch(url, {
|
|
method: 'POST',
|
|
body: JSON.stringify({
|
|
client_id: config.plaid.client_id,
|
|
secret: config.plaid.secret,
|
|
public_token: public_token
|
|
}),
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'User-Agent': 'Actual Budget'
|
|
}
|
|
}).then(res => res.json());
|
|
|
|
await req.runQuery(
|
|
'INSERT INTO access_tokens (item_id, user_id, access_token) VALUES ($1, $2, $3)',
|
|
[item_id, user.id, resData.access_token]
|
|
);
|
|
|
|
res.send(JSON.stringify({ status: 'ok' }));
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/remove-access-token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
let { item_id } = req.body;
|
|
|
|
const rows = await req.runQuery(
|
|
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
|
|
[user.id, item_id],
|
|
true
|
|
);
|
|
if (rows.length === 0) {
|
|
throw new Error('access token not found');
|
|
}
|
|
const { access_token } = rows[0];
|
|
|
|
const url = config.plaid.env + '/item/remove';
|
|
const resData = await fetch(url, {
|
|
method: 'POST',
|
|
body: JSON.stringify({
|
|
client_id: config.plaid.client_id,
|
|
secret: config.plaid.secret,
|
|
access_token: access_token
|
|
}),
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'User-Agent': 'Actual Budget'
|
|
}
|
|
}).then(res => res.json());
|
|
|
|
if (resData.removed !== true) {
|
|
console.log('[Error] Item not removed: ' + access_token.slice(0, 3));
|
|
}
|
|
|
|
await req.runQuery(
|
|
'UPDATE access_tokens SET deleted = TRUE WHERE access_token = $1',
|
|
[access_token]
|
|
);
|
|
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: resData
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/accounts',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
const { item_id } = req.body;
|
|
|
|
const rows = await req.runQuery(
|
|
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
|
|
[user.id, item_id],
|
|
true
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
throw new Error('access token not found');
|
|
}
|
|
const { access_token } = rows[0];
|
|
|
|
const url = config.plaid.env + '/accounts/get';
|
|
const resData = await fetch(url, {
|
|
method: 'POST',
|
|
body: JSON.stringify({
|
|
client_id: config.plaid.client_id,
|
|
secret: config.plaid.secret,
|
|
access_token: access_token
|
|
}),
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'User-Agent': 'Actual Budget'
|
|
}
|
|
}).then(res => res.json());
|
|
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: resData
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/transactions',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
let { item_id, start_date, end_date, account_id, count, offset } = req.body;
|
|
|
|
let resData;
|
|
|
|
const rows = await req.runQuery(
|
|
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2 AND deleted = FALSE',
|
|
[user.id, item_id],
|
|
true
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
res.status(400);
|
|
res.send('access-token-not-found');
|
|
return;
|
|
}
|
|
|
|
const { access_token } = rows[0];
|
|
|
|
const url = config.plaid.env + '/transactions/get';
|
|
resData = await fetch(url, {
|
|
method: 'POST',
|
|
body: JSON.stringify({
|
|
client_id: config.plaid.client_id,
|
|
secret: config.plaid.secret,
|
|
access_token: access_token,
|
|
start_date: start_date,
|
|
end_date: end_date,
|
|
options: {
|
|
account_ids: [account_id],
|
|
count: count,
|
|
offset: offset
|
|
}
|
|
}),
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'User-Agent': 'Actual Budget'
|
|
}
|
|
}).then(res => res.json());
|
|
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: resData
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
app.post(
|
|
'/make-public-token',
|
|
connectDb,
|
|
handleError(async (req, res) => {
|
|
let user = await validateSubscribedUser(req, res);
|
|
if (!user) {
|
|
return;
|
|
}
|
|
let { item_id } = req.body;
|
|
|
|
const rows = await req.runQuery(
|
|
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
|
|
[user.id, item_id],
|
|
true
|
|
);
|
|
|
|
if (rows.length === 0) {
|
|
throw new Error('access token not found');
|
|
}
|
|
const { access_token } = rows[0];
|
|
|
|
let result = await plaidClient.createLinkToken({
|
|
user: {
|
|
client_user_id: user.id
|
|
},
|
|
client_name: 'Actual',
|
|
country_codes: ['US'],
|
|
language: 'en',
|
|
access_token: access_token
|
|
});
|
|
|
|
res.send(
|
|
JSON.stringify({
|
|
status: 'ok',
|
|
data: result
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
module.exports.handlers = app;
|
|
module.exports.init = init;
|