add support staff flag to copayer lookup collection

8 years ago · 41c82e9e76
3 changed files with 42 additions and 5 deletions
--- a/lib/expressapp.js
+++ b/lib/expressapp.js
@ -39,7 +39,7 @@ ExpressApp.prototype.start = function(opts, cb) {
  this.app.use(function(req, res, next) {
    res.setHeader('Access-Control-Allow-Origin', '*');
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
-    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-session,x-client-version,X-Requested-With,Content-Type,Authorization');
+    res.setHeader('Access-Control-Allow-Headers', 'x-signature,x-identity,x-session,x-client-version,x-wallet-id,X-Requested-With,Content-Type,Authorization');
    res.setHeader('x-service-version', WalletService.getServiceVersion());
    next();
  });
@ -165,6 +165,7 @@ ExpressApp.prototype.start = function(opts, cb) {
      message: req.method.toLowerCase() + '|' + req.url + '|' + JSON.stringify(req.body),
      signature: credentials.signature,
      clientVersion: req.header('x-client-version'),
+      walletId: req.header('x-wallet-id'),
    };
    if (opts.allowSession) {
      auth.session = credentials.session;
--- a/lib/server.js
+++ b/lib/server.js
@ -200,6 +200,7 @@ WalletService.getInstance = function(opts) {
 * @param {string} opts.signature - (Optional) Signature of message to be verified using one of the copayer's requestPubKeys. Only needed if no session token is provided.
 * @param {string} opts.session - (Optional) A valid session token previously obtained using the #login method
 * @param {string} opts.clientVersion - A string that identifies the client issuing the request
+ * @param {string} [opts.walletId] - The wallet id to use as current wallet for this request (only when copayer is support staff).
 */
 WalletService.getInstanceWithAuth = function(opts, cb) {
  function withSignature(cb) {
@ -216,12 +217,16 @@ WalletService.getInstanceWithAuth = function(opts, cb) {
      if (err) return cb(err);
      if (!copayer) return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Copayer not found'));

-      var isValid = !!server._getSigningKey(opts.message, opts.signature, copayer.requestPubKeys);
-      if (!isValid)
-        return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Invalid signature'));
+      if (!copayer.isSupportStaff) {
+        var isValid = !!server._getSigningKey(opts.message, opts.signature, copayer.requestPubKeys);
+        if (!isValid)
+          return cb(new ClientError(Errors.codes.NOT_AUTHORIZED, 'Invalid signature'));
+        server.walletId = copayer.walletId;
+      } else {
+        server.walletId = opts.walletId || copayer.walletId;
+      }

      server.copayerId = opts.copayerId;
-      server.walletId = copayer.walletId;
      return cb(null, server);
    });
  };
--- a/test/integration/server.js
+++ b/test/integration/server.js
@ -103,6 +103,7 @@ describe('Wallet service', function() {
          message: 'hello world',
          signature: sig,
          clientVersion: 'bwc-2.0.0',
+          walletId: '123',
        }, function(err, server) {
          should.not.exist(err);
          server.walletId.should.equal(wallet.id);
@ -140,6 +141,36 @@ describe('Wallet service', function() {
        });
      });
    });
+
+    it('should get server instance for support staff', function(done) {
+      helpers.createAndJoinWallet(1, 1, function(s, wallet) {
+        var collections = require('../../lib/storage').collections;
+        s.storage.db.collection(collections.COPAYERS_LOOKUP).update({
+          copayerId: wallet.copayers[0].id
+        }, {
+          $set: {
+            isSupportStaff: true
+          }
+        });
+
+        var xpriv = TestData.copayers[0].xPrivKey;
+        var priv = TestData.copayers[0].privKey_1H_0;
+
+        var sig = helpers.signMessage('hello world', priv);
+
+        WalletService.getInstanceWithAuth({
+          copayerId: wallet.copayers[0].id,
+          message: 'hello world',
+          signature: sig,
+          walletId: '123',
+        }, function(err, server) {
+          should.not.exist(err);
+          server.walletId.should.equal('123');
+          server.copayerId.should.equal(wallet.copayers[0].id);
+          done();
+        });
+      });
+    });
  });

  describe('Session management (#login, #logout, #authenticate)', function() {