From 2c39b3428237fa669e98e12add1186441e7b8c0f Mon Sep 17 00:00:00 2001
From: Nicolas Burtey <nb@galoy.io>
Date: Sat, 23 Sep 2023 11:46:08 +0100
Subject: [PATCH] chore: create cardId earlier in the flow

---
 apps/boltcard/app/api/activate/route.ts |  2 +-
 apps/boltcard/app/api/create/route.ts   | 41 +++++++++++++++++++++++++
 apps/boltcard/app/api/ln/route.ts       | 40 +-----------------------
 apps/boltcard/app/card/[id]/page.tsx    |  4 +--
 apps/boltcard/bats/e2e-test.bats        |  9 +++++-
 apps/boltcard/services/db/card-init.ts  |  4 ++-
 apps/boltcard/services/db/schema.ts     |  5 ++-
 7 files changed, 60 insertions(+), 45 deletions(-)

diff --git a/apps/boltcard/app/api/activate/route.ts b/apps/boltcard/app/api/activate/route.ts
index f5cb5eccdf3..763a2272dce 100644
--- a/apps/boltcard/app/api/activate/route.ts
+++ b/apps/boltcard/app/api/activate/route.ts
@@ -53,7 +53,7 @@ export async function GET(req: NextRequest) {
     warning: warningReusedCode,
     protocol_name: "create_bolt_card_response",
     protocol_version: 2,
-    card_name: "",
+    card_name: cardKeysSetup.cardId,
     lnurlw_base: lnurlwBase,
     k0: cardKeysSetup.k0AuthKey,
     k1: k1DecryptKey,
diff --git a/apps/boltcard/app/api/create/route.ts b/apps/boltcard/app/api/create/route.ts
index 8f18a75105e..53afa2dd148 100644
--- a/apps/boltcard/app/api/create/route.ts
+++ b/apps/boltcard/app/api/create/route.ts
@@ -7,6 +7,44 @@ import { serverUrl } from "@/services/config"
 
 const randomHex = (): string => randomBytes(16).toString("hex")
 
+function generateReadableCode(numDigits: number, separator: number = 4): string {
+  const allowedNumbers = ["3", "4", "6", "7", "9"]
+  const allowedLetters = [
+    "A",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "J",
+    "K",
+    "M",
+    "N",
+    "P",
+    "Q",
+    "R",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+  ]
+
+  const allowedChars = [...allowedNumbers, ...allowedLetters]
+  let code = ""
+  for (let i = 0; i < numDigits; i++) {
+    if (i > 0 && i % separator === 0) {
+      code += "_"
+    }
+    const randomIndex = Math.floor(Math.random() * allowedChars.length)
+    code += allowedChars[randomIndex]
+  }
+
+  return code
+}
+
 export async function GET(req: NextRequest) {
   // should be pass with POST? not sure if this would be compatible
   // with the wallet that can create cards
@@ -29,6 +67,8 @@ export async function GET(req: NextRequest) {
   const k3 = randomHex()
   const k4 = randomHex()
 
+  const cardId = generateReadableCode(12)
+
   const result = await createCardKeysSetup({
     oneTimeCode,
     k0AuthKey,
@@ -36,6 +76,7 @@ export async function GET(req: NextRequest) {
     k3,
     k4,
     token,
+    cardId,
   })
 
   if (result instanceof Error) {
diff --git a/apps/boltcard/app/api/ln/route.ts b/apps/boltcard/app/api/ln/route.ts
index 7905225b6ae..7b1791cbb2d 100644
--- a/apps/boltcard/app/api/ln/route.ts
+++ b/apps/boltcard/app/api/ln/route.ts
@@ -64,44 +64,6 @@ gql`
   }
 `
 
-function generateReadableCode(numDigits: number, separator: number = 4): string {
-  const allowedNumbers = ["3", "4", "6", "7", "9"]
-  const allowedLetters = [
-    "A",
-    "C",
-    "D",
-    "E",
-    "F",
-    "G",
-    "H",
-    "J",
-    "K",
-    "M",
-    "N",
-    "P",
-    "Q",
-    "R",
-    "T",
-    "U",
-    "V",
-    "W",
-    "X",
-    "Y",
-  ]
-
-  const allowedChars = [...allowedNumbers, ...allowedLetters]
-  let code = ""
-  for (let i = 0; i < numDigits; i++) {
-    if (i > 0 && i % separator === 0) {
-      code += "_"
-    }
-    const randomIndex = Math.floor(Math.random() * allowedChars.length)
-    code += allowedChars[randomIndex]
-  }
-
-  return code
-}
-
 function generateSecureRandomString(length: number): string {
   return randomBytes(Math.ceil(length / 2))
     .toString("hex")
@@ -208,7 +170,7 @@ const setupCard = async ({
     )
   }
 
-  const id = generateReadableCode(12)
+  const id = cardKeysSetup.cardId
   const username = `card_${id}`
   console.log({ id, username }, "activate card id")
 
diff --git a/apps/boltcard/app/card/[id]/page.tsx b/apps/boltcard/app/card/[id]/page.tsx
index 3c1b0001019..d8f7df59c99 100644
--- a/apps/boltcard/app/card/[id]/page.tsx
+++ b/apps/boltcard/app/card/[id]/page.tsx
@@ -86,8 +86,8 @@ export default async function Card({ params }: { params: { id: string } }) {
       <section className="my-4">
         <h2>Wipe Card:</h2>
         <p>
-          <strong>Warning:</strong> This will wipe the card and remove all funds. This
-          action cannot be undone.
+          <strong>Warning:</strong> This will wipe the card and reset it to factory
+          settings. Any remaining funds will be unaccessible.
         </p>
         <p>
           <Image
diff --git a/apps/boltcard/bats/e2e-test.bats b/apps/boltcard/bats/e2e-test.bats
index 587cbe58e3a..a2880f982c7 100644
--- a/apps/boltcard/bats/e2e-test.bats
+++ b/apps/boltcard/bats/e2e-test.bats
@@ -17,6 +17,13 @@ random_phone() {
   CALLBACK_API_URL=$(echo $RESPONSE | jq -r '.apiActivationUrl')
   CALLBACK_UI_URL=$(echo $RESPONSE | jq -r '.uiActivationUrl')
 
+  echo "RESPONSE: $RESPONSE"
+  echo "CALLBACK_API_URL: $CALLBACK_API_URL"
+  echo "CALLBACK_UI_URL: $CALLBACK_UI_URL"
+
+  [[ $(echo $CALLBACK_API_URL) != "null" ]] || exit 1
+  [[ $(echo $CALLBACK_UI_URL) != "null" ]] || exit 1
+  
   # TODO: test CALLBACK_UI_URL
 
   # Making the follow-up curl request
@@ -61,7 +68,7 @@ random_phone() {
   cardId=$(curl -s http://localhost:3000/api/card/uid/${uid} | jq -r '.id')
   cache_value "cardId" "$cardId"
 
-  amount="0.01"
+  amount="0.001"
   token_name=$(read_value "alice")
 
   bitcoin_cli sendtoaddress "$address" "$amount"
diff --git a/apps/boltcard/services/db/card-init.ts b/apps/boltcard/services/db/card-init.ts
index ffe94509276..0cbecd3b8f9 100644
--- a/apps/boltcard/services/db/card-init.ts
+++ b/apps/boltcard/services/db/card-init.ts
@@ -7,11 +7,12 @@ export interface CardKeysSetupInput {
   k3: string
   k4: string
   token: string
+  cardId: string
 }
 
 export async function createCardKeysSetup(cardData: CardKeysSetupInput) {
   try {
-    const { oneTimeCode, k0AuthKey, k2CmacKey, k3, k4, token } = cardData
+    const { oneTimeCode, k0AuthKey, k2CmacKey, k3, k4, token, cardId } = cardData
 
     const result = await knex("CardKeysSetup").insert({
       oneTimeCode,
@@ -20,6 +21,7 @@ export async function createCardKeysSetup(cardData: CardKeysSetupInput) {
       k3,
       k4,
       token,
+      cardId,
     })
 
     return result
diff --git a/apps/boltcard/services/db/schema.ts b/apps/boltcard/services/db/schema.ts
index 6826e9e103c..7dc5cf5b956 100644
--- a/apps/boltcard/services/db/schema.ts
+++ b/apps/boltcard/services/db/schema.ts
@@ -56,13 +56,16 @@ async function createTables() {
   if (!hasCardKeysSetupTable) {
     await knex.schema.createTable("CardKeysSetup", (table) => {
       table.string("oneTimeCode").notNullable().index().unique()
+
       table.timestamp("created_at").defaultTo(knex.fn.now())
 
       table.string("status").defaultTo("init") // init, fetched, used
       table.string("token").notNullable()
 
+      table.string("cardId").notNullable().unique()
+
       table.string("k0AuthKey").notNullable()
-      table.string("k2CmacKey").notNullable().index() // .unique() enforcing uniqueness would ensure there is no reusage of keys
+      table.string("k2CmacKey").notNullable().unique()
       table.string("k3").notNullable()
       table.string("k4").notNullable()
     })