From fdf6c760ea41c6befb6308d651d1621e31572d37 Mon Sep 17 00:00:00 2001
From: Adam Alton <adamalton@gmail.com>
Date: Tue, 31 May 2022 11:19:04 +0100
Subject: [PATCH] chore: fix tags in api user info (#1379)

---
 packages/api/test/scripts/helpers.js | 17 ++++++++++-
 packages/api/test/user.spec.js       | 44 +++++++++++++++++++++++++++-
 packages/db/index.js                 |  4 +--
 3 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/packages/api/test/scripts/helpers.js b/packages/api/test/scripts/helpers.js
index f052bf66f9..b7d589b4e4 100644
--- a/packages/api/test/scripts/helpers.js
+++ b/packages/api/test/scripts/helpers.js
@@ -10,6 +10,7 @@ import { JWT_ISSUER } from '../../src/constants.js'
 import { SALT } from './worker-globals.js'
 import { sha256 } from 'multiformats/hashes/sha2'
 import * as pb from '@ipld/dag-pb'
+import { DBClient } from '@web3-storage/db'
 
 const libp2pKeyCode = 0x72
 const lifetime = 1000 * 60 * 60
@@ -54,7 +55,6 @@ export async function updateNameRecord (privKey, existingRecord, newValue) {
 export function getTestJWT (sub = 'test-magic-issuer', name = 'test-magic-issuer') {
   return JWT.sign({ sub, iss: JWT_ISSUER, iat: 1633957389872, name }, SALT)
 }
-
 /**
  * @param {number} code
  * @returns {Promise<string>}
@@ -63,3 +63,18 @@ export async function randomCid (code = pb.code) {
   const hash = await sha256.digest(Buffer.from(`${Math.random()}`))
   return CID.create(1, code, hash).toString()
 }
+
+/**
+ * Create a new DB client instance from the current environment variables.
+ */
+export function getDBClient () {
+  const token = process.env.PG_REST_JWT
+  const endpoint = process.env.PG_REST_URL
+  if (!token) {
+    throw new Error('missing PG_REST_JWT environment var')
+  }
+  if (!endpoint) {
+    throw new Error('missing PG_REST_URL environment var')
+  }
+  return new DBClient({ token, endpoint, postgres: true })
+}
diff --git a/packages/api/test/user.spec.js b/packages/api/test/user.spec.js
index 7f2ec48b8c..088eaffa8a 100644
--- a/packages/api/test/user.spec.js
+++ b/packages/api/test/user.spec.js
@@ -2,7 +2,7 @@
 import assert from 'assert'
 import fetch from '@web-std/fetch'
 import { endpoint } from './scripts/constants.js'
-import { getTestJWT } from './scripts/helpers.js'
+import { getTestJWT, getDBClient } from './scripts/helpers.js'
 import userUploads from './fixtures/pgrest/get-user-uploads.js'
 
 describe('GET /user/account', () => {
@@ -33,6 +33,48 @@ describe('GET /user/account', () => {
   })
 })
 
+describe('GET /user/info', () => {
+  it('error if not authenticated with magic.link', async () => {
+    const token = await getTestJWT()
+    const res = await fetch(new URL('user/account', endpoint), {
+      headers: { Authorization: `Bearer ${token}` }
+    })
+    assert(!res.ok)
+    assert.strictEqual(res.status, 401)
+  })
+
+  it('error if no auth header', async () => {
+    const res = await fetch(new URL('user/account', endpoint))
+    assert(!res.ok)
+    assert.strictEqual(res.status, 401)
+  })
+
+  it('retrieves user account data', async () => {
+    const db = getDBClient()
+    const token = 'test-magic'
+    const user = await db.getUser('test-magic-issuer')
+    let res, userInfo
+
+    // Set PSA access to true and check response
+    await db.createUserTag(user._id, { tag: 'HasPsaAccess', value: 'true', reason: 'testing' })
+    res = await fetch(new URL('user/info', endpoint), {
+      headers: { Authorization: `Bearer ${token}` }
+    })
+    userInfo = await res.json()
+    assert.strictEqual(userInfo.info._id, user._id)
+    assert.strictEqual(userInfo.info.tags.HasPsaAccess, true)
+
+    // Set PSA access to false and check response
+    await db.createUserTag(user._id, { tag: 'HasPsaAccess', value: 'false', reason: 'testing' })
+    res = await fetch(new URL('user/info', endpoint), {
+      headers: { Authorization: `Bearer ${token}` }
+    })
+    userInfo = await res.json()
+    assert.strictEqual(userInfo.info._id, user._id)
+    assert.strictEqual(userInfo.info.tags.HasPsaAccess, false)
+  })
+})
+
 describe('GET /user/tokens', () => {
   it('error if not authenticated with magic.link', async () => {
     const token = await getTestJWT()
diff --git a/packages/db/index.js b/packages/db/index.js
index ee198ab3cc..a330b2b8a4 100644
--- a/packages/db/index.js
+++ b/packages/db/index.js
@@ -42,7 +42,7 @@ const userQueryWithTags = `
   publicAddress:public_address,
   created:inserted_at,
   updated:updated_at,
-  tags:user_tag_user_id_fkey(user_id,id,tag,value)
+  tags:user_tag_user_id_fkey(user_id,id,tag,value,deleted_at)
 `
 
 const psaPinRequestTableName = 'psa_pin_request'
@@ -173,7 +173,7 @@ export class DBClient {
 
   /**
    * Create a user tag
-   * @param {number} userId
+   * @param {string} userId
    * @param {Object} [tag]
    * @param {string} [tag.tag]
    * @param {string} [tag.value]