Add auth scope for app developer endpoints

src/api/rest/v1/app/controller.ts

@@ -18,42 +18,53 @@ function serialize(data: any): string {
 }
 
 export class AppController {
+    // TODO: Gracefully handle errors
 
     public async getAccount(req: Request, res: Response) {
-        const { did } = req.veridaNetworkConnection
+        try {
+            const { did } = req.veridaNetworkConnection
+
+            const account = await BillingManager.getAccount(did)
 
-        const account = await BillingManager.getAccount(did)
+            if (!account) {
+                return res.status(404).json({
+                    success: false,
+                    error: "Account not found"
+                })
+            }
 
-        if (!account) {
-            return res.status(404).json({
-                success: false
+            return res.json({
+                success: true,
+                account
+            })
+        } catch (error) {
+            console.error(error)
+            return res.status(500).json({
+                success: false,
+                error: "Something went wrong while retrieving account"
             })
         }
-
-        return res.json({
-            account
-        })
     }
 
     public async register(req: Request, res: Response) {
         const { did } = req.veridaNetworkConnection
-        
+
         return res.json({
             success: await BillingManager.registerAccount(did, BillingAccountType.APP)
         })
     }
 
     public async requests(req: Request, res: Response) {
         const { did } = req.veridaNetworkConnection
-        
+
         return res.json({
             results: await UsageManager.getRequests(did)
         })
     }
 
     public async accountCount(req: Request, res: Response) {
         const { did } = req.veridaNetworkConnection
-        
+
         return res.json(serialize({
             count: await UsageManager.getAccountCount(did)
         }))
@@ -63,15 +74,15 @@ export class AppController {
         const { did } = req.veridaNetworkConnection
         const startDateTime = req.params.start ? req.params.start.toString() : undefined
         const endDateTime = req.params.end ? req.params.end.toString() : undefined
-        
+
         return res.json(serialize({
             usage: await UsageManager.getUsageStats(did, startDateTime, endDateTime)
         }))
     }
 
     public async balance(req: Request, res: Response) {
         const { did } = req.veridaNetworkConnection
-        
+
         const balance = await BillingManager.getBalance(did)
         return res.json(serialize({
             balance
@@ -87,7 +98,7 @@ export class AppController {
 
     public async deposits(req: Request, res: Response) {
         const { did } = req.veridaNetworkConnection
-        
+
         return res.json(serialize({
             deposits: await BillingManager.getDeposits(did)
         }))
@@ -130,4 +141,4 @@ export class AppController {
 }
 
 const controller = new AppController()
-export default controller
+export default controller

src/api/rest/v1/app/routes.ts

@@ -4,6 +4,7 @@ import auth from "../../../../middleware/auth";
 
 const router = express.Router()
 const appAuth = auth({
+    scopes: ['api:app-developer'],
     options: {
         // App DID's don't need to be whitelisted
         ignoreAccessCheck: true
@@ -20,4 +21,4 @@ router.get('/vda-price', appAuth, Controller.vdaPrice)
 router.get('/deposits', appAuth, Controller.deposits)
 router.post('/deposit-crypto', appAuth, Controller.depositCrypto)
 
-export default router
+export default router

src/api/rest/v1/auth/scopes.ts

@@ -109,12 +109,12 @@ function appendNewOnly(scopes: string[], newScope: string): string[] {
 /**
  * Take an array of scopes and expand any short hand scopes (ie: ds:file) to
  * the full scope. Convert base64 encoded URL scopes to have the actual URL.
- * 
+ *
  * If the same datastore or database scope is listed multiple times, merge them.
- * 
+ *
  * (ie: ds:r:<schema> and ds:rw:<schema>)
- * 
- * @param scopes 
+ *
+ * @param scopes
  */
 export function expandScopes(scopes: string[], expandPermissions: boolean = true): ExpandedScopes {
     const scopeValidity: Record<string, boolean> = {}
@@ -251,7 +251,7 @@ const SCOPES: Record<string, Scope> = {
 
     /**
      * Datastore Access Scopes
-     * 
+     *
      * Dynamically injected below
      */
     "api:llm-prompt": {
@@ -298,7 +298,16 @@ const SCOPES: Record<string, Scope> = {
         type: ScopeType.API,
         description: "Access status information on connected third party accounts (ie: Google, Telegram)",
         userNote: `Access status information on connected third party accounts (ie: Google, Telegram)`
-    }
+    },
+
+    /**
+     * App Developer Scopes
+     */
+    "api:app-developer": {
+        type: ScopeType.API,
+        description: "Access app developer features",
+        userNote: "Access app developer features"
+    },
 }
 
 for (const datastoreId in DATASTORE_LOOKUP) {
@@ -349,4 +358,4 @@ for (const scope in SCOPES) {
     }
 }
 
-export default SCOPES
+export default SCOPES