feat: added endpoint to aggregate the total number of verifications (…

…distinct nullifier_hashes) (#58) Co-authored-by: Paolo D'Amico <[email protected]>
worldcoin · Feb 1, 2023 · ae525a0 · ae525a0
1 parent a6edaed
commit ae525a0
Show file tree

Hide file tree

Showing 9 changed files with 52 additions and 8 deletions.
diff --git a/hasura/metadata/backend_configs.yaml b/hasura/metadata/backend_configs.yaml
@@ -0,0 +1 @@
+{}
diff --git a/hasura/metadata/databases/default/tables/public_nullifier.yaml b/hasura/metadata/databases/default/tables/public_nullifier.yaml
@@ -19,6 +19,13 @@ insert_permissions:
         - nullifier_type
       backend_only: false
 select_permissions:
+  - role: analytics
+    permission:
+      columns:
+        - created_at
+        - nullifier_hash
+      filter: {}
+      allow_aggregations: true
   - role: api_key
     permission:
       columns:
@@ -41,6 +48,7 @@ select_permissions:
         - created_at
         - nullifier_hash
       filter: {}
+      allow_aggregations: true
   - role: user
     permission:
       columns:

diff --git a/hasura/metadata/metrics_config.yaml b/hasura/metadata/metrics_config.yaml
@@ -0,0 +1 @@
+{}
diff --git a/hasura/metadata/opentelemetry.yaml b/hasura/metadata/opentelemetry.yaml
@@ -0,0 +1 @@
+{}
diff --git a/infrastructure/src/web/index.ts b/infrastructure/src/web/index.ts
@@ -143,6 +143,10 @@ export class Web extends MultiEnvRootStack {
                 props.secretsSecret,
                 'GENERAL_SECRET_KEY'
               ),
+              ANALYTICS_API_KEY: cdk.aws_ecs.Secret.fromSecretsManager(
+                props.secretsSecret,
+                'ANALYTICS_API_KEY'
+              ),
             },
             logDriver: cdk.aws_ecs.LogDrivers.firelens({
               options: {

diff --git a/web/.env.test b/web/.env.test
@@ -15,6 +15,9 @@ NEXT_PUBLIC_POSTHOG_ENABLE_ON_DEV=0
 CONSUMER_BACKEND_JWT=consumer_backend_jwt_test_key
 CONSTUMER_BACKEND_JWT_STAGING=staging_consumer_backend_jwt_test_key
 
+# Analytics service
+ANALYTICS_API_KEY=analytics_1234
+
 # Alchemy
 ALCHEMY_API_KEY=alchemy_test_key
 
@@ -23,7 +26,7 @@ TWILIO_ACCOUNT_SID=twilio_test_account_sid
 TWILIO_AUTH_TOKEN=twilio_test_auth_token
 TWILIO_VERIFY_SERVICE=twilio_test_verify_service
 
-# Phone singal v1 (alpha)
+# Phone signal v1 (alpha)
 PHONE_NULLIFIER_KEY=unsafe_secret_test
 PHONE_NULLIFIER_SIGNING_KEY=0x949012a42abaa28ab54d7d4a98444d3eb9c58e6e40bf339602b4b4069f8b003d
 

diff --git a/web/api-graphql.ts b/web/api-graphql.ts
@@ -1,7 +1,7 @@
 import {
   ApolloClient,
-  InMemoryCache,
   createHttpLink,
+  InMemoryCache,
   NormalizedCacheObject,
 } from "@apollo/client";
 import { setContext } from "@apollo/client/link/context";

diff --git a/web/api-utils.ts b/web/api-utils.ts
@@ -1,13 +1,13 @@
 /**
  * Contains shared utilities that are reused for the Next.js API (backend)
  */
-import { JwtConfig } from "./types";
-import * as jose from "jose";
-import crypto, { randomUUID } from "crypto";
-import { NextApiRequest, NextApiResponse } from "next";
-import { errorValidation } from "errors";
 import { defaultAbiCoder as abi } from "@ethersproject/abi";
 import { utils as widgetUtils } from "@worldcoin/id";
+import crypto, { randomUUID } from "crypto";
+import { errorValidation } from "errors";
+import * as jose from "jose";
+import { NextApiRequest, NextApiResponse } from "next";
+import { JwtConfig } from "./types";
 
 export const STAGING_RPC = "https://polygon-mumbai.g.alchemy.com";
 export const PRODUCTION_RPC = "https://polygon-mainnet.g.alchemy.com";
@@ -128,6 +128,22 @@ export const generateAPIKeyJWT = async (team_id: string): Promise<string> => {
   return await _generateJWT(payload);
 };
 
+/**
+ * Generates a JWT for the analytics service.
+ * @returns
+ */
+export const generateAnalyticsJWT = async (): Promise<string> => {
+  const payload = {
+    sub: "analytics_service",
+    "https://hasura.io/jwt/claims": {
+      "x-hasura-allowed-roles": ["analytics"],
+      "x-hasura-default-role": "analytics",
+    },
+  };
+
+  return await _generateJWT(payload);
+};
+
 /**
  * Generates a secure password hash to store in the DB
  * @param rawPassword

diff --git a/web/pages/api/v1/graphql.ts b/web/pages/api/v1/graphql.ts
@@ -1,6 +1,6 @@
 import { gql } from "@apollo/client";
 import { getAPIServiceClient } from "api-graphql";
-import { generateAPIKeyJWT } from "api-utils";
+import { generateAnalyticsJWT, generateAPIKeyJWT } from "api-utils";
 import { errorUnauthenticated } from "errors";
 import { NextApiRequest, NextApiResponse } from "next";
 import getConfig from "next/config";
@@ -55,6 +55,16 @@ export default async function handleGraphQL(
     );
   }
 
+  // Check if request is from the analytics service
+  if (authorization?.startsWith("analytics_")) {
+    if (authorization !== process.env.ANALYTICS_API_KEY) {
+      return errorUnauthenticated("Invalid analytics API key", res);
+    }
+
+    headers.delete("Authorization");
+    headers.append("Authorization", `Bearer ${await generateAnalyticsJWT()}`);
+  }
+
   let body: string | undefined = undefined;
   try {
     body = JSON.stringify(req.body);