feat(backend): add clientId to OP resources

packages/backend/migrations/20220819162330_create_grants_table.js

@@ -1,6 +1,7 @@
 exports.up = function (knex) {
   return knex.schema.createTable('grants', function (table) {
     table.string('id').notNullable().primary()
+    table.string('clientId').notNullable()
   })
 }
 

packages/backend/migrations/20220228162503_create_incoming_payments_table.js → packages/backend/migrations/20220908085845_create_incoming_payments_table.js

@@ -12,6 +12,9 @@ exports.up = function (knex) {
     table.string('externalRef').nullable()
     table.uuid('connectionId').notNullable()
 
+    table.string('grantId').nullable()
+    table.foreign('grantId').references('grants.id')
+
     table.uuid('assetId').notNullable()
     table.foreign('assetId').references('assets.id')
     table.timestamp('processAt').nullable()

packages/backend/migrations/20220414142553_create_outgoing_payments_table.js → packages/backend/migrations/20220908085854_create_outgoing_payments_table.js

@@ -9,7 +9,8 @@ exports.up = function (knex) {
     table.string('description').nullable()
     table.string('externalRef').nullable()
 
-    table.string('grantId').nullable().index()
+    table.string('grantId').nullable()
+    table.foreign('grantId').references('grants.id')
 
     // Open payments payment pointer corresponding to wallet account
     // from which to request funds for payment

packages/backend/src/app.ts

@@ -277,8 +277,10 @@ export class App {
     } = {
       [AccessAction.Create]: 'create',
       [AccessAction.Read]: 'get',
+      [AccessAction.ReadAll]: 'get',
       [AccessAction.Complete]: 'complete',
-      [AccessAction.List]: 'list'
+      [AccessAction.List]: 'list',
+      [AccessAction.ListAll]: 'list'
     }
 
     for (const path in openApi.paths) {

packages/backend/src/graphql/resolvers/incoming_payment.test.ts

@@ -10,12 +10,15 @@ import { randomAsset } from '../../tests/asset'
 import { createIncomingPayment } from '../../tests/incomingPayment'
 import { createPaymentPointer } from '../../tests/paymentPointer'
 import { truncateTables } from '../../tests/tableManager'
+import { v4 as uuid } from 'uuid'
+import { Grant } from '../../open_payments/auth/grantModel'
 
 describe('Incoming Payment Resolver', (): void => {
   let deps: IocContract<AppServices>
   let appContainer: TestContainer
   let knex: Knex
   let paymentPointerId: string
+  let grant: Grant
 
   const asset = randomAsset()
 
@@ -34,13 +37,18 @@ describe('Incoming Payment Resolver', (): void => {
   describe('Payment pointer incoming payments', (): void => {
     beforeEach(async (): Promise<void> => {
       paymentPointerId = (await createPaymentPointer(deps, { asset })).id
+      grant = await Grant.query().insert({
+        id: uuid(),
+        clientId: uuid()
+      })
     })
 
     getPageTests({
       getClient: () => appContainer.apolloClient,
       createModel: () =>
         createIncomingPayment(deps, {
           paymentPointerId,
+          grantId: grant.id,
           incomingAmount: {
             value: BigInt(123),
             assetCode: asset.code,

packages/backend/src/open_payments/auth/grant.test.ts

@@ -1,11 +1,13 @@
 import { Grant, AccessType, AccessAction, getInterval } from './grant'
 import { Interval } from 'luxon'
+import { v4 as uuid } from 'uuid'
 
 describe('Grant', (): void => {
   describe('includesAccess', (): void => {
     let grant: Grant
     const type = AccessType.IncomingPayment
     const action = AccessAction.Create
+    const clientId = uuid()
 
     describe.each`
       identifier                        | description
@@ -16,6 +18,7 @@ describe('Grant', (): void => {
         grant = new Grant({
           active: true,
           grant: 'PRY5NM33OM4TB8N6BW7',
+          clientId,
           access: [
             {
               type: AccessType.OutgoingPayment,

packages/backend/src/open_payments/auth/grant.ts

@@ -21,8 +21,10 @@ export enum AccessType {
 export enum AccessAction {
   Create = 'create',
   Read = 'read',
+  ReadAll = 'read-all',
   Complete = 'complete',
-  List = 'list'
+  List = 'list',
+  ListAll = 'list-all'
 }
 
 export interface AccessLimits {
@@ -53,6 +55,7 @@ export type GrantAccessJSON = Omit<GrantAccess, 'limits'> & {
 export interface GrantOptions {
   active: boolean
   grant: string
+  clientId: string
   access?: GrantAccess[]
 }
 
@@ -66,11 +69,13 @@ export class Grant {
     this.active = options.active
     this.grant = options.grant
     this.access = options.access || []
+    this.clientId = options.clientId
   }
 
   public readonly active: boolean
   public readonly grant: string
   public readonly access: GrantAccess[]
+  public readonly clientId: string
 
   public includesAccess({
     type,
@@ -93,6 +98,7 @@ export class Grant {
     return {
       active: this.active,
       grant: this.grant,
+      clientId: this.clientId,
       access: this.access?.map((access) => {
         return {
           ...access,

packages/backend/src/open_payments/auth/grantModel.ts

@@ -0,0 +1,11 @@
+import { Model } from 'objection'
+import { DbErrors } from 'objection-db-errors'
+
+export class Grant extends DbErrors(Model) {
+  public static get modelPaths(): string[] {
+    return [__dirname]
+  }
+  public static readonly tableName = 'grants'
+  public id!: string
+  public clientId!: string
+}

packages/backend/src/open_payments/auth/middleware.test.ts

@@ -1,6 +1,7 @@
 import assert from 'assert'
 import nock, { Definition } from 'nock'
 import { URL } from 'url'
+import { v4 as uuid } from 'uuid'
 
 import { createAuthMiddleware } from './middleware'
 import { Grant, GrantJSON, AccessType, AccessAction } from './grant'
@@ -131,6 +132,7 @@ describe('Auth Middleware', (): void => {
   test('returns 403 for unauthorized request', async (): Promise<void> => {
     const scope = mockAuthServer({
       active: true,
+      clientId: uuid(),
       grant: 'PRY5NM33OM4TB8N6BW7',
       access: [
         {
@@ -156,6 +158,7 @@ describe('Auth Middleware', (): void => {
     async ({ limitAccount }): Promise<void> => {
       const grant = new Grant({
         active: true,
+        clientId: uuid(),
         grant: 'PRY5NM33OM4TB8N6BW7',
         access: [
           {

packages/backend/src/open_payments/auth/middleware.ts

@@ -1,5 +1,6 @@
 import { AccessType, AccessAction } from './grant'
 import { AppContext } from '../../app'
+import { Grant } from './grantModel'
 
 export function createAuthMiddleware({
   type,
@@ -33,6 +34,13 @@ export function createAuthMiddleware({
       ) {
         ctx.throw(403, 'Insufficient Grant')
       }
+      await Grant.query()
+        .insert({
+          id: grant.grant,
+          clientId: grant.clientId
+        })
+        .onConflict('id')
+        .ignore()
       ctx.grant = grant
       await next()
     } catch (err) {

packages/backend/src/open_payments/auth/service.ts

@@ -80,6 +80,7 @@ async function introspectToken(
     )
     const options: GrantOptions = {
       active: data.active,
+      clientId: data.clientId,
       grant: data.grant
     }
     if (data.access) {

packages/backend/src/open_payments/connection/routes.test.ts

@@ -15,13 +15,15 @@ import { IncomingPayment } from '../payment/incoming/model'
 import { createIncomingPayment } from '../../tests/incomingPayment'
 import { createPaymentPointer } from '../../tests/paymentPointer'
 import base64url from 'base64url'
+import { Grant } from '../auth/grantModel'
 
 describe('Connection Routes', (): void => {
   let deps: IocContract<AppServices>
   let appContainer: TestContainer
   let knex: Knex
   let config: IAppConfig
   let connectionRoutes: ConnectionRoutes
+  let grant: Grant
 
   beforeAll(async (): Promise<void> => {
     config = Config
@@ -44,8 +46,13 @@ describe('Connection Routes', (): void => {
     config = await deps.use('config')
 
     paymentPointer = await createPaymentPointer(deps, { asset })
+    grant = await Grant.query().insert({
+      id: uuid(),
+      clientId: uuid()
+    })
     incomingPayment = await createIncomingPayment(deps, {
       paymentPointerId: paymentPointer.id,
+      grantId: grant.id,
       description: 'hello world',
       expiresAt: new Date(Date.now() + 30_000),
       incomingAmount: {

packages/backend/src/open_payments/payment/incoming/model.ts

@@ -8,6 +8,7 @@ import { LiquidityAccount, OnCreditOptions } from '../../../accounting/service'
 import { ConnectorAccount } from '../../../connector/core/rafiki'
 import { BaseModel } from '../../../shared/baseModel'
 import { WebhookEvent } from '../../../webhook/model'
+import { Grant } from '../../auth/grantModel'
 
 export enum IncomingPaymentEventType {
   IncomingPaymentExpired = 'incoming_payment.expired',
@@ -79,6 +80,14 @@ export class IncomingPayment
         from: 'incomingPayments.paymentPointerId',
         to: 'paymentPointers.id'
       }
+    },
+    grant: {
+      relation: Model.HasOneRelation,
+      modelClass: Grant,
+      join: {
+        from: 'incomingPayments.grantId',
+        to: 'grants.id'
+      }
     }
   }
 
@@ -91,6 +100,9 @@ export class IncomingPayment
   public externalRef?: string
   public connectionId!: string
 
+  public grantId?: string
+  public grant?: Grant
+
   public processAt!: Date | null
 
   public readonly assetId!: string