Create new production release

apps/api/.env.example

@@ -10,6 +10,11 @@ SANDBOX_ENABLED=false
 # Example: openssl rand -base64 32
 ADMIN_SECRET=your-secure-admin-secret-here
 
+# Supabase Configuration
+SUPABASE_URL=https://your-project-id.supabase.co
+SUPABASE_ANON_KEY=your-anon-key-here
+SUPABASE_SERVICE_KEY=your-service-role-key-here
+
 # Database
 DB_HOST=localhost
 DB_PORT=5432

apps/api/package.json

@@ -11,7 +11,7 @@
     "@polkadot/util": "catalog:",
     "@polkadot/util-crypto": "catalog:",
     "@scure/bip39": "^1.5.4",
-    "@supabase/supabase-js": "^2.87.1",
+    "@supabase/supabase-js": "catalog:",
     "@vortexfi/shared": "workspace:*",
     "@wagmi/core": "catalog:",
     "axios": "catalog:",

apps/api/src/api/controllers/admin/partnerApiKeys.controller.ts

@@ -12,7 +12,7 @@ import { generateApiKey, getKeyPrefix, hashApiKey } from "../../middlewares/apiK
  */
 export async function createApiKey(req: Request<{ partnerName: string }>, res: Response): Promise<void> {
   try {
-    const partnerName = req.params.partnerName as string;
+    const partnerName = req.params.partnerName;
     const { name, expiresAt } = req.body;
 
     // Verify at least one partner with this name exists and is active
@@ -78,7 +78,7 @@ export async function createApiKey(req: Request<{ partnerName: string }>, res: R
       expiresAt: expirationDate,
       isActive: true,
       partnerCount: partners.length,
-      partnerName: partnerName,
+      partnerName,
       publicKey: {
         id: publicKeyRecord.id,
         key: publicKey, // Can be shown anytime (it's public)
@@ -112,7 +112,7 @@ export async function createApiKey(req: Request<{ partnerName: string }>, res: R
  */
 export async function listApiKeys(req: Request<{ partnerName: string }>, res: Response): Promise<void> {
   try {
-    const partnerName = req.params.partnerName as string;
+    const partnerName = req.params.partnerName;
 
     // Verify partner exists
     const partners = await Partner.findAll({

apps/api/src/api/controllers/auth.controller.ts

@@ -0,0 +1,168 @@
+import { Request, Response } from "express";
+import User from "../../models/user.model";
+import { SupabaseAuthService } from "../services/auth";
+
+export class AuthController {
+  /**
+   * Check if email is registered
+   * GET /api/v1/auth/check-email?email=user@example.com
+   */
+  static async checkEmail(req: Request, res: Response) {
+    try {
+      const { email } = req.query;
+
+      if (!email || typeof email !== "string") {
+        return res.status(400).json({
+          error: "Email is required"
+        });
+      }
+
+      const exists = await SupabaseAuthService.checkUserExists(email);
+
+      return res.json({
+        action: exists ? "signin" : "signup",
+        exists
+      });
+    } catch (error) {
+      console.error("Error in checkEmail:", error);
+      return res.status(500).json({
+        error: "Failed to check email"
+      });
+    }
+  }
+
+  /**
+   * Request OTP
+   * POST /api/v1/auth/request-otp
+   */
+  static async requestOTP(req: Request, res: Response) {
+    try {
+      const { email, locale } = req.body;
+
+      if (!email) {
+        return res.status(400).json({
+          error: "Email is required"
+        });
+      }
+
+      if (locale !== undefined && typeof locale !== "string") {
+        return res.status(400).json({
+          error: "Locale must be a string"
+        });
+      }
+
+      await SupabaseAuthService.sendOTP(email, locale);
+
+      return res.json({
+        message: "OTP sent to email",
+        success: true
+      });
+    } catch (error) {
+      console.error("Error in requestOTP:", error);
+      return res.status(500).json({
+        error: "Failed to send OTP"
+      });
+    }
+  }
+
+  /**
+   * Verify OTP
+   * POST /api/v1/auth/verify-otp
+   */
+  static async verifyOTP(req: Request, res: Response) {
+    try {
+      const { email, token } = req.body;
+
+      if (!email || !token) {
+        return res.status(400).json({
+          error: "Email and token are required"
+        });
+      }
+
+      const result = await SupabaseAuthService.verifyOTP(email, token);
+
+      // Sync user to local database (upsert)
+      await User.upsert({
+        email: email,
+        id: result.user_id
+      });
+
+      return res.json({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        success: true,
+        user_id: result.user_id
+      });
+    } catch (error) {
+      console.error("Error in verifyOTP:", error);
+      return res.status(400).json({
+        error: "Invalid OTP or OTP expired"
+      });
+    }
+  }
+
+  /**
+   * Refresh token
+   * POST /api/v1/auth/refresh
+   */
+  static async refreshToken(req: Request, res: Response) {
+    try {
+      const { refresh_token } = req.body;
+
+      if (!refresh_token) {
+        return res.status(400).json({
+          error: "Refresh token is required"
+        });
+      }
+
+      const result = await SupabaseAuthService.refreshToken(refresh_token);
+
+      return res.json({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        success: true
+      });
+    } catch (error) {
+      console.error("Error in refreshToken:", error);
+      return res.status(401).json({
+        error: "Invalid refresh token"
+      });
+    }
+  }
+
+  /**
+   * Verify token
+   * POST /api/v1/auth/verify
+   */
+  static async verifyToken(req: Request, res: Response) {
+    try {
+      const { access_token } = req.body;
+
+      if (!access_token) {
+        return res.status(400).json({
+          error: "Access token is required"
+        });
+      }
+
+      const result = await SupabaseAuthService.verifyToken(access_token);
+
+      if (!result.valid) {
+        return res.status(401).json({
+          error: "Invalid token",
+          valid: false
+        });
+      }
+
+      return res.json({
+        user_id: result.user_id,
+        valid: true
+      });
+    } catch (error) {
+      console.error("Error in verifyToken:", error);
+      return res.status(401).json({
+        error: "Token verification failed",
+        valid: false
+      });
+    }
+  }
+}

apps/api/src/api/controllers/brla.controller.ts

@@ -203,12 +203,14 @@ export const recordInitialKycAttempt = async (
         taxId
       }
     });
+
     if (!taxIdRecord) {
       const accountType = isValidCnpj(taxId)
         ? AveniaAccountType.COMPANY
         : isValidCpf(taxId)
           ? AveniaAccountType.INDIVIDUAL
           : undefined;
+
       // Create the entry only if a valid taxId is provided. Otherwise we ignore the request.
       if (accountType) {
         await TaxId.create({
@@ -217,7 +219,8 @@ export const recordInitialKycAttempt = async (
           initialSessionId: sessionId ?? null,
           internalStatus: TaxIdInternalStatus.Consulted,
           subAccountId: "",
-          taxId
+          taxId,
+          userId: req.userId ?? null
         });
       }
     }
@@ -317,14 +320,16 @@ export const createSubaccount = async (
     } else {
       // The entry should have been created the very first a new cpf/cnpj is consulted.
       // We leave this as is for now to avoid breaking changes.
+
       await TaxId.create({
         accountType,
         initialQuoteId: quoteId,
         initialSessionId: sessionId ?? null,
         internalStatus: TaxIdInternalStatus.Requested,
         requestedDate: new Date(),
         subAccountId: id,
-        taxId: taxId
+        taxId: taxId,
+        userId: req.userId ?? null
       });
     }
 

apps/api/src/api/controllers/contact.controller.ts

@@ -0,0 +1,32 @@
+import type { SubmitContactErrorResponse, SubmitContactResponse } from "@vortexfi/shared";
+import type { Request, Response } from "express";
+import { config } from "../../config";
+import { storeDataInGoogleSpreadsheet } from "./googleSpreadSheet.controller";
+
+enum ContactSheetHeaders {
+  Timestamp = "timestamp",
+  FullName = "fullName",
+  Email = "email",
+  ProjectName = "projectName",
+  Inquiry = "inquiry"
+}
+
+const CONTACT_SHEET_HEADER_VALUES = [
+  ContactSheetHeaders.Timestamp,
+  ContactSheetHeaders.FullName,
+  ContactSheetHeaders.Email,
+  ContactSheetHeaders.ProjectName,
+  ContactSheetHeaders.Inquiry
+];
+
+export { CONTACT_SHEET_HEADER_VALUES };
+
+export const submitContact = async (
+  req: Request,
+  res: Response<SubmitContactResponse | SubmitContactErrorResponse>
+): Promise<void> => {
+  if (!config.spreadsheet.contactSheetId) {
+    throw new Error("Contact sheet ID is not configured");
+  }
+  await storeDataInGoogleSpreadsheet(req, res, config.spreadsheet.contactSheetId, CONTACT_SHEET_HEADER_VALUES);
+};

apps/api/src/api/controllers/maintenance.controller.ts

@@ -63,7 +63,7 @@ export const getAllMaintenanceSchedules: RequestHandler = async (_, res) => {
  */
 export const updateScheduleActiveStatus: RequestHandler<{ id: string }> = async (req, res) => {
   try {
-    const id = req.params.id as string;
+    const id = req.params.id;
     const { isActive } = req.body;
 
     if (typeof isActive !== "boolean") {

apps/api/src/api/controllers/metrics.controller.ts

@@ -45,13 +45,13 @@ let supabaseClient: SupabaseClient | null = null;
 
 function getSupabaseClient() {
   if (!supabaseClient) {
-    if (!config.supabaseUrl) {
+    if (!config.supabase.url) {
       throw new Error("Missing Supabase URL in configuration.");
     }
-    if (!config.supabaseKey) {
+    if (!config.supabase.anonKey) {
       throw new Error("Missing Supabase Key in configuration.");
     }
-    supabaseClient = createClient(config.supabaseUrl, config.supabaseKey);
+    supabaseClient = createClient(config.supabase.url, config.supabase.anonKey);
   }
   return supabaseClient;
 }

apps/api/src/api/controllers/quote.controller.ts

@@ -48,7 +48,8 @@ export const createQuote = async (
       partnerId,
       partnerName: publicKeyPartnerName,
       rampType,
-      to
+      to,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(quote);
@@ -85,7 +86,8 @@ export const createBestQuote = async (
       partnerId,
       partnerName: publicKeyPartnerName,
       rampType,
-      to
+      to,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(quote);

apps/api/src/api/controllers/ramp.controller.ts

@@ -37,7 +37,8 @@ export const registerRamp = async (req: Request, res: Response<RampProcess>, nex
     const ramp = await rampService.registerRamp({
       additionalData,
       quoteId,
-      signingAccounts
+      signingAccounts,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(ramp);