All Vote Validation (Except Signature)

[apbendi]

• Validate token ownership
• Validate each token is qualified
• Validate each token has not already voted
• Validate all qualifying tokens are voting
• Validate each account can only vote once

Run npm test. Should not require any migrations. Run npm run dev Should work with seamlessly with the UI w/o modifications.

Closes #9

[mds1]

All tests pass, but I did get an issue when using it on the frontend. Submitting a vote failed with the error message Tokens not held by voting account <tokenId>. It seems the problem is that !accountTokenIds.includes(tokenId) compares the wrong values:

• accountTokenIds contains the unique IDs of the NFTs
• tokenId is the token's event ID, which is passed from the frontend as part of the vote data

Let me know how you want to resolve this, as it seems there are a few different options here.

---

Also one small thing is that some of the error messages are a bit confusing. Two examples:

• "Token not held by voting account 1234" would be more clear as "Token 1234 is not held by voting account"
• "Token not qualified to vote in this poll 8019" would be more clear as "Token 8019 is not qualified to vote in this poll"

Similarly, with "Account or token cannot vote twice" perhaps we should specify the offending token ID?

[apbendi]

tokenId is the token's event ID, which is passed from the frontend as part of the vote data

Unless I've gotten myself confused and I'm thinking of it wrong, I think this has to be the ID of the NFT coming from the front end. The user might, for example, own two tokens from the same event. And we would want to identify the tokens by their NFT Id to ensure no specific token has ever voted twice. Does that make sense? Apologies if I ever communicated that wrong to you in the past. Entirely possible I did.

Should be a pretty easy fix on the frontend, right? The poap API hands back both the token & event Ids. Mind pushing a commit that updates it?

Also one small thing is that some of the error messages are a bit confusing.

Good call, I will update this.

Similarly, with "Account or token cannot vote twice" perhaps we should specify the offending token ID?

Yes, this would be better, but because of the way I've structured this check (using one big query) it would take some logic changes that I don't think are worth it for now.

[mds1]

Unless I've gotten myself confused and I'm thinking of it wrong, I think this has to be the ID of the NFT coming from the front end. The user might, for example, own two tokens from the same event. And we would want to identify the tokens by their NFT Id to ensure no specific token has ever voted twice. Does that make sense? Apologies if I ever communicated that wrong to you in the past. Entirely possible I did.

Should be a pretty easy fix on the frontend, right? The poap API hands back both the token & event Ids. Mind pushing a commit that updates it?

Ah, didn't realize you could have (or would want to count) multiple tokens from one event. I was using event ID on the front end to match it up with qualifying events, but since it's not necessarily one token per event then this would undercount votes.

Will push an update in a few minutes where voteData.token_ids is the unique ID instead

[apbendi]

Will push an update in a few minutes where voteData.token_ids is the unique ID instead

Great, thanks! Just pushed a commit with better error messages. If all looks good and the frontend is working, feel free to merge 👍