diff --git a/README.md b/README.md index 46183eead5..3f6f5ef55a 100644 --- a/README.md +++ b/README.md @@ -144,9 +144,7 @@ DAG_CARGO_PASSWORD= -# Pinning services api, requires a PSA allow list for authoritzation -# this is the user id in the database -PSA_ALLOW=1 +# Pinning services api, requires a user to have the HasPsaAccess user_tag. ``` Production vars should be set in Github Actions secrets. diff --git a/packages/api/README.md b/packages/api/README.md index 14647baefc..8022df2167 100644 --- a/packages/api/README.md +++ b/packages/api/README.md @@ -51,7 +51,6 @@ wrangler secret put CLUSTER_BASIC_AUTH_TOKEN --env production # Get from nft.sto wrangler secret put CLUSTER_SERVICE --env production # Which cluster should be used. Options 'IpfsCluster' / 'IpfsCluster2' / 'IpfsCluster3' wrangler secret put MAILCHIMP_API_KEY --env production # Get from mailchimp wrangler secret put LOGTAIL_TOKEN --env production # Get from Logtail -wrangler secret put PSA_ALLOW --env production # CSV user ID list, get from 1password vault wrangler secret put METAPLEX_AUTH_TOKEN --env production # User ID meteplex endpoint should use (not required for dev) wrangler secret put S3_REGION --env production # e.g us-east-2 (not required for dev) wrangler secret put S3_ACCESS_KEY_ID --env production # Get from Amazon S3 (not required for dev) diff --git a/packages/api/src/bindings.d.ts b/packages/api/src/bindings.d.ts index a74ee07d1c..66c5cd256e 100644 --- a/packages/api/src/bindings.d.ts +++ b/packages/api/src/bindings.d.ts @@ -24,7 +24,6 @@ declare global { const COMMITHASH: string const MAINTENANCE_MODE: Mode const METAPLEX_AUTH_TOKEN: string - const PSA_ALLOW: string const S3_ENDPOINT: string const S3_REGION: string const S3_ACCESS_KEY_ID: string diff --git a/packages/api/src/utils/db-client.js b/packages/api/src/utils/db-client.js index e5c9940310..025c2a380f 100644 --- a/packages/api/src/utils/db-client.js +++ b/packages/api/src/utils/db-client.js @@ -83,13 +83,15 @@ export class DBClient { magic_link_id, github_id, did, - keys:auth_key_user_id_fkey(user_id,id,name,secret) + keys:auth_key_user_id_fkey(user_id,id,name,secret), tags:user_tag_user_id_fkey(user_id,id,tag,value) ` ) .or(`magic_link_id.eq.${id},github_id.eq.${id},did.eq.${id}`) // @ts-ignore .filter('keys.deleted_at', 'is', null) + // @ts-ignore + .filter('tags.deleted_at', 'is', null) const { data, error, status } = await select.single() diff --git a/packages/api/test/scripts/helpers.js b/packages/api/test/scripts/helpers.js index a92fad99a8..0d0bc845bb 100644 --- a/packages/api/test/scripts/helpers.js +++ b/packages/api/test/scripts/helpers.js @@ -48,6 +48,7 @@ export async function createTestUser({ * @param {number} tag.user_id * @param {string} tag.tag * @param {string} tag.value + * @param {string=} tag.deleted_at * @param {string} tag.inserted_at * @param {string} tag.reason */ @@ -96,13 +97,12 @@ export async function createTestUserWithFixedToken({ secret: token, userId: user.id, }) - await createUserTag({ user_id: user.id, tag: 'HasPsaAccess', value: 'true', reason: '', - inserted_at: '2/22/2022', + inserted_at: new Date().toISOString(), }) await createUserTag({ @@ -110,8 +110,27 @@ export async function createTestUserWithFixedToken({ tag: 'HasAccountRestriction', value: 'false', reason: '', - inserted_at: '2/22/2022', + inserted_at: new Date().toISOString(), + }) + + // Add some deleted tags to ensure our filtering works + await createUserTag({ + user_id: user.id, + tag: 'HasPsaAccess', + value: 'false', + reason: '', + inserted_at: new Date().toISOString(), + deleted_at: new Date().toISOString(), }) + await createUserTag({ + user_id: user.id, + tag: 'HasAccountRestriction', + value: 'true', + reason: '', + inserted_at: new Date().toISOString(), + deleted_at: new Date().toISOString(), + }) + return { token, userId: user.id, githubId: user.github_id } }