actual-server/app-plaid.js
2022-03-31 13:19:08 -04:00

394 lines
8.7 KiB
JavaScript

const express = require('express');
const uuid = require('uuid');
const fetch = require('node-fetch');
const plaid = require('plaid');
const { middleware: connectDb } = require('./db');
const { handleError } = require('./util/handle-error');
const { validateSubscribedUser } = require('./util/validate-user');
const config = require('./config');
const app = express();
let plaidClient;
function init() {
plaidClient = new plaid.Client({
clientID: config.plaid.client_id,
secret: config.plaid.secret,
env: config.plaid.env,
options: { version: '2019-05-29' }
});
}
async function validateToken(req, res) {
let { token } = req.body;
let rows = await req.runQuery(
'SELECT * FROM webTokens WHERE token_id = $1',
[token],
true
);
if (rows.length === 0) {
res.send(JSON.stringify({ status: 'error', reason: 'not-found' }));
return null;
}
// Tokens are only valid for 10 minutes
let validTime = 1000 * 60 * 10;
let row = rows[0];
let timeCreated = JSON.parse(row.time_created);
if (Date.now() - timeCreated >= validTime) {
res.send(JSON.stringify({ status: 'error', reason: 'expired' }));
return null;
}
return row;
}
app.post(
'/create-web-token',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let token = uuid.v4();
await req.runQuery('DELETE FROM webTokens WHERE user_id = $1', [user.id]);
await req.runQuery(
'INSERT INTO webTokens (user_id, token_id, time_created) VALUES ($1, $2, $3)',
[user.id, token, Date.now()]
);
res.send(
JSON.stringify({
status: 'ok',
data: token
})
);
})
);
app.post(
'/validate-web-token',
connectDb,
handleError(async (req, res) => {
let token = await validateToken(req, res);
if (!token) {
return;
}
res.send(JSON.stringify({ status: 'ok' }));
})
);
app.post(
'/put-web-token-contents',
connectDb,
handleError(async (req, res) => {
let token = await validateToken(req, res);
if (!token) {
return;
}
let { data } = req.body;
await req.runQuery(
'UPDATE webTokens SET contents = $1 WHERE token_id = $2',
[JSON.stringify(data), token.token_id]
);
res.send(
JSON.stringify({
status: 'ok',
data: null
})
);
})
);
app.post(
'/get-web-token-contents',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let token = await validateToken(req, res);
if (!token) {
return;
}
let rows = await req.runQuery(
'SELECT * FROM webTokens WHERE user_id = $1 AND token_id = $2',
[user.id, token.token_id],
true
);
if (rows.length === 0) {
res.send(
JSON.stringify({
status: 'error',
reason: 'not-found'
})
);
}
res.send(
JSON.stringify({
status: 'ok',
data: JSON.parse(rows[0].contents)
})
);
})
);
app.post(
'/make_link_token',
connectDb,
handleError(async (req, res) => {
let token = await validateToken(req, res);
if (!token) {
return;
}
let result = await plaidClient.createLinkToken({
user: {
client_user_id: token.user_id
},
client_name: 'Actual',
products: ['transactions'],
country_codes: ['US'],
language: 'en'
});
res.send(JSON.stringify({ status: 'ok', data: result.link_token }));
})
);
app.post(
'/handoff_public_token',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let { item_id, public_token } = req.body;
let url = config.plaid.env + '/item/public_token/exchange';
let resData = await fetch(url, {
method: 'POST',
body: JSON.stringify({
client_id: config.plaid.client_id,
secret: config.plaid.secret,
public_token: public_token
}),
headers: {
'Content-Type': 'application/json',
'User-Agent': 'Actual Budget'
}
}).then(res => res.json());
await req.runQuery(
'INSERT INTO access_tokens (item_id, user_id, access_token) VALUES ($1, $2, $3)',
[item_id, user.id, resData.access_token]
);
res.send(JSON.stringify({ status: 'ok' }));
})
);
app.post(
'/remove-access-token',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let { item_id } = req.body;
const rows = await req.runQuery(
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
[user.id, item_id],
true
);
if (rows.length === 0) {
throw new Error('access token not found');
}
const { access_token } = rows[0];
const url = config.plaid.env + '/item/remove';
const resData = await fetch(url, {
method: 'POST',
body: JSON.stringify({
client_id: config.plaid.client_id,
secret: config.plaid.secret,
access_token: access_token
}),
headers: {
'Content-Type': 'application/json',
'User-Agent': 'Actual Budget'
}
}).then(res => res.json());
if (resData.removed !== true) {
console.log('[Error] Item not removed: ' + access_token.slice(0, 3));
}
await req.runQuery(
'UPDATE access_tokens SET deleted = TRUE WHERE access_token = $1',
[access_token]
);
res.send(
JSON.stringify({
status: 'ok',
data: resData
})
);
})
);
app.post(
'/accounts',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
const { item_id } = req.body;
const rows = await req.runQuery(
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
[user.id, item_id],
true
);
if (rows.length === 0) {
throw new Error('access token not found');
}
const { access_token } = rows[0];
const url = config.plaid.env + '/accounts/get';
const resData = await fetch(url, {
method: 'POST',
body: JSON.stringify({
client_id: config.plaid.client_id,
secret: config.plaid.secret,
access_token: access_token
}),
headers: {
'Content-Type': 'application/json',
'User-Agent': 'Actual Budget'
}
}).then(res => res.json());
res.send(
JSON.stringify({
status: 'ok',
data: resData
})
);
})
);
app.post(
'/transactions',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let { item_id, start_date, end_date, account_id, count, offset } = req.body;
let resData;
const rows = await req.runQuery(
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2 AND deleted = FALSE',
[user.id, item_id],
true
);
if (rows.length === 0) {
res.status(400);
res.send('access-token-not-found');
return;
}
const { access_token } = rows[0];
const url = config.plaid.env + '/transactions/get';
resData = await fetch(url, {
method: 'POST',
body: JSON.stringify({
client_id: config.plaid.client_id,
secret: config.plaid.secret,
access_token: access_token,
start_date: start_date,
end_date: end_date,
options: {
account_ids: [account_id],
count: count,
offset: offset
}
}),
headers: {
'Content-Type': 'application/json',
'User-Agent': 'Actual Budget'
}
}).then(res => res.json());
res.send(
JSON.stringify({
status: 'ok',
data: resData
})
);
})
);
app.post(
'/make-public-token',
connectDb,
handleError(async (req, res) => {
let user = await validateSubscribedUser(req, res);
if (!user) {
return;
}
let { item_id } = req.body;
const rows = await req.runQuery(
'SELECT * FROM access_tokens WHERE user_id = $1 AND item_id = $2',
[user.id, item_id],
true
);
if (rows.length === 0) {
throw new Error('access token not found');
}
const { access_token } = rows[0];
let result = await plaidClient.createLinkToken({
user: {
client_user_id: user.id
},
client_name: 'Actual',
country_codes: ['US'],
language: 'en',
access_token: access_token
});
res.send(
JSON.stringify({
status: 'ok',
data: result
})
);
})
);
module.exports.handlers = app;
module.exports.init = init;