fix: call Ibex when checking user balance

dev/bin/add-phone.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+source "$(git rev-parse --show-toplevel)/test/galoy/bats/helpers/_common.bash"
+
+DEVICE_NAME="device-user"
+DEVICE_PHONE="+16505554353"
+
+token_name="$DEVICE_NAME"
+phone="$DEVICE_PHONE"
+code="$CODE"
+
+variables=$(
+  jq -n \
+  --arg phone "$phone" \
+ --arg code "$code" \
+  '{input: {phone: $phone, code: $code}}'
+)
+
+exec_graphql "$token_name" 'user-login-upgrade' "$variables"
+upgrade_success="$(graphql_output '.data.userLoginUpgrade.success')"
+[[ "$upgrade_success" == "true" ]] || exit 1
+
+# Existing phone accounts return an authToken
+upgrade_auth_token="$(graphql_output '.data.userLoginUpgrade.authToken')"
+[[ "$upgrade_auth_token" == "null" ]] || exit 1
+
+exec_graphql "$token_name" 'account-details'
+account_level="$(graphql_output '.data.me.defaultAccount.level')"
+[[ "$account_level" == "ONE" ]] || exit 1

dev/bin/create-device-account.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+source "$(git rev-parse --show-toplevel)/test/galoy/bats/helpers/_common.bash"
+
+DEVICE_NAME="device-user"
+
+create_device_account "$DEVICE_NAME"
+
+# Verify account is creation
+exec_graphql "$DEVICE_NAME" 'account-details'
+# local account_id="$(graphql_output '.data.me.defaultAccount.id')"
+# [[ "$account_id" != "null" ]] || return 1
+echo "Created device account with ID: $(graphql_output '.data.me.defaultAccount.id')"
+
+# return 0

dev/bin/gen-test-jwt.ts

@@ -1,7 +1,8 @@
-// this script generates and verifies a JSON Web Token (JWT), using the 'node-jose', 'jsonwebtoken', and 'jwks-rsa' packages.
-// It uses a local 'jwks.json' file for key storage and verification
+/*
+  Firebase App Check Token is used for Device Authentication. 
+  This JWT simulates the Firebase App Check token used in the device account creation flow.
+*/
 
-// cd dev/ory && ts-node gen-test-jwt.ts
 import fs from "fs"
 import * as jose from "node-jose"
 import jsonwebtoken from "jsonwebtoken"
@@ -85,12 +86,12 @@ async function verifyToken(token) {
   const pem = jwtAskey.toPEM(false)
 
   // Verify the token
-  const verifiedToken = jsonwebtoken.verify(token, pem, {
-    algorithms: ["RS256"],
-    audience: aud,
-    issuer: iss,
-  })
-  return verifiedToken
+  // const verifiedToken = jsonwebtoken.verify(token, pem, {
+  //   algorithms: ["RS256"],
+  //   audience: aud,
+  //   issuer: iss,
+  // })
+  // return verifiedToken
 }
 
 main()

src/app/authentication/login.ts

@@ -54,6 +54,7 @@ import {
   rewardFailedLoginAttemptPerIpLimits,
   rewardFailedLoginAttemptPerLoginIdentifierLimits,
 } from "./ratelimits"
+import { getBalanceForWallet } from "@app/wallets"
 
 export const loginWithPhoneToken = async ({
   phone,
@@ -306,12 +307,11 @@ export const loginDeviceUpgradeWithPhone = async ({
   // is there still txns left over on the device account?
   const deviceWallets = await WalletsRepository().listByAccountId(account.id)
   if (deviceWallets instanceof Error) return deviceWallets
-  const ledger = LedgerService()
   let deviceAccountHasBalance = false
   for (const wallet of deviceWallets) {
-    const balance = await ledger.getWalletBalance(wallet.id)
+    const balance = await getBalanceForWallet({ walletId: wallet.id })
     if (balance instanceof Error) return balance
-    if (balance > 0) {
+    if (!balance.isZero()) {
       deviceAccountHasBalance = true
     }
   }

test/galoy/bats/helpers/_common.bash

@@ -100,7 +100,7 @@ gql_query() {
 }
 
 gql_file() {
-  echo "${BATS_TEST_DIRNAME:-${REPO_ROOT}/test/bats}/gql/$1.gql"
+  echo "${BATS_TEST_DIRNAME:-${REPO_ROOT}/test/galoy/bats}/gql/$1.gql"
 }
 
 gql_admin_query() {
@@ -136,13 +136,25 @@ exec_graphql() {
 
   gql_route="graphql"
 
-  ${run_cmd} curl -s \
-    -X POST \
-    ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
-    -H "Content-Type: application/json" \
-    -H "X-Idempotency-Key: $(new_idempotency_key)" \
-    -d "{\"query\": \"$(gql_query $query_name)\", \"variables\": $variables}" \
-    "${GALOY_ENDPOINT}/${gql_route}"
+  if [[ "${BATS_TEST_DIRNAME}" != "" ]]; then
+    # In BATS: run command captures output into $output
+    ${run_cmd} curl -s \
+      -X POST \
+      ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
+      -H "Content-Type: application/json" \
+      -H "X-Idempotency-Key: $(new_idempotency_key)" \
+      -d "{\"query\": \"$(gql_query $query_name)\", \"variables\": $variables}" \
+      "${GALOY_ENDPOINT}/${gql_route}"
+  else
+    # Outside BATS: manually capture output
+    output=$(curl -s \
+      -X POST \
+      ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
+      -H "Content-Type: application/json" \
+      -H "X-Idempotency-Key: $(new_idempotency_key)" \
+      -d "{\"query\": \"$(gql_query $query_name)\", \"variables\": $variables}" \
+      "${GALOY_ENDPOINT}/${gql_route}")
+  fi
 
   echo "GQL output: '$output'"
 }
@@ -168,12 +180,23 @@ exec_admin_graphql() {
 
   gql_route="admin/graphql"
 
-  ${run_cmd} curl -s \
-    -X POST \
-    ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
-    -H "Content-Type: application/json" \
-    -d "{\"query\": \"$(gql_admin_query $query_name)\", \"variables\": $variables}" \
-    "${GALOY_ENDPOINT}/${gql_route}"
+  if [[ "${BATS_TEST_DIRNAME}" != "" ]]; then
+    # In BATS: run command captures output into $output
+    ${run_cmd} curl -s \
+      -X POST \
+      ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
+      -H "Content-Type: application/json" \
+      -d "{\"query\": \"$(gql_admin_query $query_name)\", \"variables\": $variables}" \
+      "${GALOY_ENDPOINT}/${gql_route}"
+  else
+    # Outside BATS: manually capture output
+    output=$(curl -s \
+      -X POST \
+      ${AUTH_HEADER:+ -H "$AUTH_HEADER"} \
+      -H "Content-Type: application/json" \
+      -d "{\"query\": \"$(gql_admin_query $query_name)\", \"variables\": $variables}" \
+      "${GALOY_ENDPOINT}/${gql_route}")
+  fi
 
   echo "GQL output: '$output'"
 }
@@ -217,7 +240,13 @@ curl_request() {
 
   cmd+=("${url}")
 
-  "${cmd[@]}"
+  if [[ "${BATS_TEST_DIRNAME}" != "" ]]; then
+    # In BATS: run command captures output into $output
+    "${cmd[@]}"
+  else
+    # Outside BATS: manually capture output
+    output=$("${cmd[@]}")
+  fi
 
   echo "Curl output: '$output'"
 }
@@ -238,3 +267,29 @@ is_contact() {
   )
   [[ "$fetched_username" == "$contact_username" ]] || return 1
 }
+
+create_device_account() {
+    local token_name="$1"
+    local url="http://${GALOY_ENDPOINT}/auth/create/device-account"
+
+    # dev/ory/gen-test-jwt.ts
+    local jwt="eyJhbGciOiJSUzI1NiIsImtpZCI6IjFiOTdiMjIxLWNhMDgtNGViMi05ZDA5LWE1NzcwZmNjZWIzNyJ9.eyJzdWIiOiIxOjgwNjY0NjE0MDQzNTphbmRyb2lkOmE4YTBjY2ZlODhiZWUxNWIwNmY5ZTYiLCJhdWQiOlsicHJvamVjdHMvODA2NjQ2MTQwNDM1IiwicHJvamVjdHMvYXZpZC1jZWlsaW5nLTM5MDQxOCJdLCJwcm92aWRlciI6ImRlYnVnIiwiaXNzIjoiaHR0cHM6Ly9maXJlYmFzZWFwcGNoZWNrLmdvb2dsZWFwaXMuY29tLzgwNjY0NjE0MDQzNSIsImV4cCI6MjYzOTAwMDA2OX0.cgE2pX3srSzlPreJpBDLaFmPQn9CyKoxW1f-hFgVbGZ7xwWysogsNTrV0eIkvgDnZWjbjexOxf4HhuK2MSBmnRYTWgk6LC7LNoq_KPNAvxkMNj1HGSYh34q2uYafcc1LZCREDvPFTw-JN6FJOAzk7TbWwi8A8-Z8ed5W1kqzkWu_D79nZNWZuN6tUpoeyj1c77Cb7wn5UBlSBhoNrfxXOQKTsKTmuFpcR2P3zv_R9D-yedizqLpG75XJkJd6_4zuhhrW05nMgOHULQ2bTt3PTbi6dy64ObLwMOT5vevqqbKc303-rk02sDGCdRc251nL5sIvTIcajXUXs-Ruy3Op4g"  # the JWT token
+
+    local username="$(random_uuid)"
+    local password="$(random_uuid)"
+
+    if [[ "$(uname)" == "Linux" ]]; then
+      local basic_token="$(echo -n $username:$password | base64 -w 0)"
+    else
+      local basic_token="$(echo -n $username:$password | base64)"
+    fi
+
+    local auth_header="Authorization: Basic $basic_token"
+    local appcheck_header="Appcheck: $jwt"
+
+    # Create account
+    curl_request "$url" "" "$auth_header" "$appcheck_header"
+    local auth_token="$(echo $output | jq -r '.result')"
+    [[ "$auth_token" != "null" ]] || return 1
+    cache_value "$token_name" "$auth_token"
+  }