Merge pull request #244 from vechain/mike/api-gw-caching

Refactored lambda to check denylist and then try usercheck, tests also added

Author: Agilulfo1820

.github/workflows/deploy-api-lambda.yaml

@@ -4,7 +4,7 @@ on:
     push:
         branches:
             - main
-        paths: ['lambda/**', '.github/workflows/deploy-api-lambda.yaml']
+        paths: ['lambda/**', '!lambda/tests/**', '.github/workflows/deploy-api-lambda.yaml']
 
 permissions:
     contents: read
@@ -40,4 +40,4 @@ jobs:
                 --region ${{ env.AWS_REGION }} \
                 --capabilities CAPABILITY_IAM \
                 --no-fail-on-empty-changeset \
-                --parameter-overrides "PrivyAppId=${{ secrets.NEXT_PUBLIC_PRIVY_APP_ID }} PrivyAppSecret=${{ secrets.NEXT_PUBLIC_PRIVY_APP_SECRET }}"
+                --parameter-overrides "PrivyAppId=${{ secrets.NEXT_PUBLIC_PRIVY_APP_ID }} PrivyAppSecret=${{ secrets.NEXT_PUBLIC_PRIVY_APP_SECRET }}  UserCheckApiKey=${{ secrets.USERCHECK_API_KEY }}"

.github/workflows/test-lambda.yml

@@ -0,0 +1,28 @@
+name: Lambda Tests
+
+on:
+    pull_request:
+        paths: ['lambda/tests/**', '.github/workflows/test-lambda.yml']
+
+jobs:
+    test:
+        name: Run Tests
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: lambda
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: '20'
+                  cache: 'yarn'
+
+            - name: Install dependencies
+              run: yarn install
+
+            - name: Run tests
+              run: yarn test

lambda/.env.local.json

@@ -1,6 +1,7 @@
 {
-  "GetEmbeddedWalletDetailsFunction": {
-    "PRIVY_APP_ID": "",
-    "PRIVY_APP_SECRET": ""
-  }
+    "GetEmbeddedWalletDetailsFunction": {
+        "PRIVY_APP_ID": "",
+        "PRIVY_APP_SECRET": "",
+        "USERCHECK_API_KEY": ""
+    }
 }

lambda/index.ts

@@ -1,8 +1,10 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import { PrivyClient, User } from '@privy-io/server-auth';
+import axios from 'axios';
 
 // Define types for all identifiers
 type UserIdentifiers = {
+    [key: string]: string | boolean | undefined;
     email?: string;
     google?: string;
     apple?: string;
@@ -12,6 +14,7 @@ type UserIdentifiers = {
     telegram?: string;
     instagram?: string;
     linkedin?: string;
+    isDisposable?: boolean;
 };
 
 // Define social account types for type safety
@@ -26,12 +29,122 @@ type SocialAccountType =
     | 'instagram_oauth'
     | 'linkedin_oauth';
 
+interface LinkedAccount {
+    type: string;
+    email?: string | null;
+    address?: string | null;
+    username?: string | null;
+}
+
+const PRIVY_APP_ID = process.env.PRIVY_APP_ID as string;
+const PRIVY_APP_SECRET = process.env.PRIVY_APP_SECRET as string;
+
+export async function addToDenylist(email: string): Promise<boolean> {
+    const emailDomain = email.split('@')[1];
+    try {
+        const response = await axios.post(`https://auth.privy.io/api/v1/apps/${PRIVY_APP_ID}/denylist`, {
+            type: 'emailDomain',
+            value: emailDomain
+        }, {
+            auth: {
+                username: PRIVY_APP_ID,
+                password: PRIVY_APP_SECRET
+            },
+            headers: {
+                'privy-app-id': PRIVY_APP_ID
+            }
+        });
+        if (response.status === 200) {
+            return true;
+        } else {
+            console.error('Failed to add domain to denylist. API returned error:', response.data);
+            return false;
+        }
+    } catch (error) {
+        console.error('Unexpected error while adding domain to denylist:', error);
+        return false;
+    }
+}
+    
+export async function checkPrivyDenylist(email: string): Promise<boolean> {
+    const emailDomain = email.split('@')[1];
+    try {
+        const response = await axios.get(`https://auth.privy.io/api/v1/apps/${PRIVY_APP_ID}/denylist`, { // Initial request to get the denylist, no cursor query parameter
+            auth: {
+                username: PRIVY_APP_ID,
+                password: PRIVY_APP_SECRET
+            },
+            headers: {
+                'privy-app-id': PRIVY_APP_ID
+            }
+        });
+
+        if (!response.data.data) {
+            return false;
+        }
+
+        const exists = response.data.data.some((dataObject: { value: string }) => dataObject.value === emailDomain);
+        if (exists) {
+            return true;
+        }
+
+        let cursor = response.data?.next_cursor;
+        while (cursor) {
+            const nextResponse = await axios.get(`https://auth.privy.io/api/v1/apps/${PRIVY_APP_ID}/denylist?cursor=${cursor}`, {
+                auth: {
+                    username: PRIVY_APP_ID,
+                    password: PRIVY_APP_SECRET
+                },
+                headers: {
+                    'privy-app-id': PRIVY_APP_ID
+                }
+            });
+
+            const exists = nextResponse.data.data.some((dataObject: { value: string }) => dataObject.value === emailDomain);
+            if (exists) {
+                return true;
+            }
+            cursor = nextResponse.data.next_cursor;
+        }
+        return false;
+    } catch (error) {
+        console.error('Error checking email disposability:', error);
+        return false;
+    }
+}
+
+export async function tryUserCheck(email: string): Promise<boolean> {
+    const USERCHECK_API_KEY = process.env.USERCHECK_API_KEY as string;
+    if (!USERCHECK_API_KEY) {
+        return false;
+    }
+    try {
+        const response = await axios.get(`https://api.usercheck.com/domain/${email.split('@')[1]}`, {
+            headers: {
+                'Authorization': `Bearer ${USERCHECK_API_KEY}`
+            }
+        });
+        if (response.status === 200) {
+            return response.data.disposable;
+        } else if (response.status === 400) {
+            console.error('Error domain is invalid:', response.data);
+            return false;
+        } else { // Should be only status 429
+            console.error('Error too many requests:', response.data);
+            return false;
+        }
+    } catch (error) {
+        console.error('Error checking email disposability:', error);
+        return false;
+    }
+}
+
 /**
- * Extracts user identifiers (email and social media usernames) from a Privy user
- * @param user - The Privy user object
- * @returns UserIdentifiers object containing all identifiers
-*/
-function getUserIdentifiers(user: User): UserIdentifiers {
+ * Get the identifiers for the user
+ * @param user - The user object from Privy
+ * @returns The identifiers for the user
+ */
+export function getUserIdentifiers(user: User): UserIdentifiers {
     const identifiers: UserIdentifiers = {};
 
     // Get email if available
@@ -40,24 +153,22 @@ function getUserIdentifiers(user: User): UserIdentifiers {
     }
 
     // Get usernames from linked accounts
-    user.linkedAccounts.forEach(account => {
+    user.linkedAccounts.forEach((account: LinkedAccount) => {
         const accountType = account.type as SocialAccountType;
         // Remove '_oauth' suffix to get the field name
         const field = accountType.replace('_oauth', '') as keyof UserIdentifiers;
 
         // Handle email-based accounts (email, google, apple, linkedin)
         if (accountType === 'email' || accountType === 'google_oauth' || accountType === 'apple_oauth' || accountType === 'linkedin_oauth') {
-            const emailAccount = account as { email?: string } | { address?: string };
-            if ('email' in emailAccount) {
-                identifiers[field] = emailAccount.email;
-            } else if ('address' in emailAccount) {
-                identifiers[field] = emailAccount.address;
+            if (account.email) {
+                identifiers[field] = account.email || undefined;
+            } else if (account.address) {
+                identifiers[field] = account.address || undefined;
             }
         } 
         // Handle username-based accounts
-        else {
-            const usernameAccount = account as { username?: string };
-            identifiers[field] = usernameAccount.username || undefined;
+        else if (account.username) {
+            identifiers[field] = account.username || undefined;
         }
     });
     return identifiers;
@@ -67,7 +178,6 @@ export const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGat
     try {
         // Get wallet address from query parameters
         const walletAddress = event.pathParameters?.walletAddress;
-        
         if (!walletAddress) {
             return {
                 statusCode: 422,
@@ -77,13 +187,17 @@ export const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGat
             };
         }
 
+        if (!PRIVY_APP_ID || !PRIVY_APP_SECRET) {
+            throw new Error('Missing required environment variables');
+        }
+
         const privy = new PrivyClient(
-            process.env.PRIVY_APP_ID!,
-            process.env.PRIVY_APP_SECRET!
+            PRIVY_APP_ID,
+            PRIVY_APP_SECRET
         );
 
         const user = await privy.getUserByWalletAddress(walletAddress);
-        
+
         if (!user) {
             return {
                 statusCode: 404,
@@ -92,17 +206,35 @@ export const lambdaHandler = async (event: APIGatewayProxyEvent): Promise<APIGat
                 }),
             };
         }
+
         const identifiers = getUserIdentifiers(user);
+
+        if (identifiers.email) {
+            try {
+                const isInDenylist = await checkPrivyDenylist(identifiers.email);
+                identifiers.isDisposable = isInDenylist;
+                if (!isInDenylist) {
+                    const isDisposable = await tryUserCheck(identifiers.email);
+                    identifiers.isDisposable = isDisposable;
+                    if (isDisposable) {
+                        await addToDenylist(identifiers.email);
+                    }
+                }
+            } catch (error) {
+                console.error('Error checking email disposability:', error);
+            }
+        }
+
         return {
             statusCode: 200,
             body: JSON.stringify(identifiers),
         };
     } catch (err) {
-        console.log(err);
+        console.error('Error processing request:', err);
         return {
             statusCode: 500,
             body: JSON.stringify({
-                message: 'Some error happened',
+                message: 'Internal server error',
             }),
         };
     }

lambda/package.json

@@ -6,20 +6,48 @@
   "repository": "https://github.com/vechain/vechain-kit",
   "author": "VeChain Kit",
   "license": "MIT",
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc -w",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:coverage": "jest --coverage"
+  },
   "dependencies": {
-    "@privy-io/server-auth": "^1.19.1",
+    "@privy-io/public-api": "^2.20.5",
+    "@privy-io/server-auth": "^1.19.3",
+    "axios": "^1.6.7",
+    "dotenv": "^16.4.5",
     "esbuild": "^0.14.14",
-    "viem": "^2.7.9",
-    "ethers": "^6.11.0"
+    "ethers": "^6.11.0",
+    "viem": "^2.7.9"
   },
   "devDependencies": {
-    "@types/aws-lambda": "^8.10.92",
-    "@types/node": "^20.5.7",
-    "@typescript-eslint/eslint-plugin": "^5.10.2",
-    "@typescript-eslint/parser": "^5.10.2",
-    "eslint": "^8.8.0",
-    "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-prettier": "^4.0.0",
-    "typescript": "^5.0.4"
+    "@types/aws-lambda": "^8.10.119",
+    "@types/jest": "^29.5.12",
+    "@types/node": "^20.11.19",
+    "@typescript-eslint/eslint-plugin": "^8.29.1",
+    "@typescript-eslint/parser": "^8.29.1",
+    "dotenv-cli": "^8.0.0",
+    "eslint": "^9.24.0",
+    "eslint-config-prettier": "^10.1.1",
+    "eslint-plugin-prettier": "^5.2.6",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.8.3"
+  },
+  "jest": {
+    "preset": "ts-jest",
+    "testEnvironment": "node",
+    "moduleFileExtensions": [
+      "ts",
+      "js"
+    ],
+    "transform": {
+      "^.+\\.ts$": "ts-jest"
+    },
+    "testMatch": [
+      "**/tests/**/*.test.ts"
+    ]
   }
 }