GaloyMoney · nicolasburtey · Feb 12, 2024 · Feb 12, 2024
diff --git a/core/api/src/graphql/public/root/mutation/user-logout.ts b/core/api/src/graphql/public/root/mutation/user-logout.ts
@@ -1,6 +1,6 @@
 import { GT } from "@/graphql/index"
 
-import { logoutToken } from "@/app/authentication"
+import { Authentication } from "@/app"
 import { mapAndParseErrorForGqlResponse } from "@/graphql/error-map"
 import SuccessPayload from "@/graphql/shared/types/payload/success-payload"
 
@@ -30,7 +30,11 @@ const UserLogoutMutation = GT.Field<
   resolve: async (_, args, { sessionId, user }) => {
     const deviceToken = args?.input?.deviceToken
 
-    const logoutResp = await logoutToken({ sessionId, deviceToken, userId: user.id })
+    const logoutResp = await Authentication.logoutToken({
+      sessionId,
+      deviceToken,
+      userId: user.id,
+    })
     if (logoutResp instanceof Error)
       return { errors: [mapAndParseErrorForGqlResponse(logoutResp)], success: false }
     return { errors: [], success: true }

diff --git a/core/api/src/servers/authentication/index.ts b/core/api/src/servers/authentication/index.ts
@@ -1,47 +1,35 @@
+import basicAuth from "basic-auth"
+import bodyParser from "body-parser"
 import cors from "cors"
 import express, { NextFunction, Request, Response } from "express"
 
-import basicAuth from "basic-auth"
-
-import bodyParser from "body-parser"
+import { mapError } from "@/graphql/error-map"
 
 import { Authentication } from "@/app"
+import { registerCaptchaGeetest } from "@/app/captcha"
 
-import { mapError } from "@/graphql/error-map"
-import {
-  addAttributesToCurrentSpan,
-  recordExceptionInCurrentSpan,
-  tracer,
-} from "@/services/tracing"
+import { UNSECURE_IP_FROM_REQUEST_OBJECT } from "@/config"
 
-import {
-  elevatingSessionWithTotp,
-  loginWithEmailToken,
-  requestEmailCode,
-} from "@/app/authentication"
 import { parseIps } from "@/domain/accounts-ips"
+import { checkedToEmailCode, validOneTimeAuthCodeValue } from "@/domain/authentication"
+import {
+  EmailCodeInvalidError,
+  EmailValidationSubmittedTooOftenError,
+} from "@/domain/authentication/errors"
+import { UserLoginIpRateLimiterExceededError } from "@/domain/rate-limit/errors"
+import { parseErrorMessageFromUnknown } from "@/domain/shared"
 import { checkedToEmailAddress, checkedToPhoneNumber } from "@/domain/users"
 
 import {
   checkedToAuthToken,
   checkedToEmailLoginId,
   checkedToTotpCode,
 } from "@/services/kratos"
-
-import { UNSECURE_IP_FROM_REQUEST_OBJECT } from "@/config"
-
-import { parseErrorMessageFromUnknown } from "@/domain/shared"
-
-import { checkedToEmailCode, validOneTimeAuthCodeValue } from "@/domain/authentication"
-
 import {
-  EmailCodeInvalidError,
-  EmailValidationSubmittedTooOftenError,
-} from "@/domain/authentication/errors"
-
-import { UserLoginIpRateLimiterExceededError } from "@/domain/rate-limit/errors"
-
-import { registerCaptchaGeetest } from "@/app/captcha"
+  addAttributesToCurrentSpan,
+  recordExceptionInCurrentSpan,
+  tracer,
+} from "@/services/tracing"
 
 const authRouter = express.Router({ caseSensitive: true })
 
@@ -136,7 +124,7 @@
   }
 
   try {
-    const emailLoginId = await requestEmailCode({ email, ip })
+    const emailLoginId = await Authentication.requestEmailCode({ email, ip })
     if (emailLoginId instanceof Error) {
       recordExceptionInCurrentSpan({ error: emailLoginId.message })
       return res.status(500).send({ error: emailLoginId.message })
@@ -150,55 +138,59 @@
  }
 })

 authRouter.post("/email/login", async (req: Request, res: Response) => {
  const ip = req.originalIp

  const emailLoginIdRaw = req.body.emailLoginId
  if (!emailLoginIdRaw) {
    return res.status(422).send({ error: "Missing input" })
  }

  const emailLoginId = checkedToEmailLoginId(emailLoginIdRaw)
  if (emailLoginId instanceof Error) {
    return res.status(422).send({ error: emailLoginId.message })
  }

  const codeRaw = req.body.code
  if (!codeRaw) {
    return res.status(422).send({ error: "Missing input" })
  }

  const code = checkedToEmailCode(codeRaw)
  if (code instanceof Error) {
    return res.status(422).send({ error: code.message })
   }
 
   try {
-    const result = await loginWithEmailToken({ ip, emailFlowId: emailLoginId, code })
+    const result = await Authentication.loginWithEmailToken({
+      ip,
+      emailFlowId: emailLoginId,
+      code,
+    })
     if (result instanceof EmailCodeInvalidError) {
       recordExceptionInCurrentSpan({ error: result })
       return res.status(401).send({ error: "invalid code" })
    }
    if (
      result instanceof EmailValidationSubmittedTooOftenError ||
      result instanceof UserLoginIpRateLimiterExceededError
    ) {
      recordExceptionInCurrentSpan({ error: result })
      return res.status(429).send({ error: "too many requests" })
    }
    if (result instanceof Error) {
      recordExceptionInCurrentSpan({ error: result })
      return res.status(500).send({ error: result.message })
    }
    const { authToken, totpRequired, id } = result
    return res.status(200).send({
      result: { authToken, totpRequired, id },
    })
  } catch (err) {
    recordExceptionInCurrentSpan({ error: err })
    return res.status(500).send({ error: parseErrorMessageFromUnknown(err) })
  }
 })

 authRouter.post("/totp/validate", async (req: Request, res: Response) => {
  const totpCodeRaw = req.body.totpCode
@@ -224,7 +216,7 @@
   }
 
   try {
-    const result = await elevatingSessionWithTotp({
+    const result = await Authentication.elevatingSessionWithTotp({
       totpCode,
       authToken,
     })