option to process any userId face auth results with admin permission (#…

…61)

cmd/eskimo-hut/api/docs.go

@@ -159,6 +159,13 @@ const docTemplate = `{
                         "in": "header",
                         "required": true
                     },
+                    {
+                        "type": "string",
+                        "default": "",
+                        "description": "UserID to process",
+                        "name": "X-User-ID",
+                        "in": "header"
+                    },
                     {
                         "description": "Request params",
                         "name": "request",

cmd/eskimo-hut/api/swagger.json

@@ -153,6 +153,13 @@
                         "in": "header",
                         "required": true
                     },
+                    {
+                        "type": "string",
+                        "default": "",
+                        "description": "UserID to process",
+                        "name": "X-User-ID",
+                        "in": "header"
+                    },
                     {
                         "description": "Request params",
                         "name": "request",

cmd/eskimo-hut/api/swagger.yaml

@@ -493,6 +493,11 @@ paths:
         name: X-API-Key
         required: true
         type: string
+      - default: ""
+        description: UserID to process
+        in: header
+        name: X-User-ID
+        type: string
       - description: Request params
         in: body
         name: request

cmd/eskimo-hut/auth.go

@@ -368,6 +368,7 @@ func (s *service) updateMetadataWithFirebaseID(
 //	@Produce		json
 //	@Param			Authorization	header	string							true	"Insert your access token"	default(Bearer <Add access token here>)
 //	@Param			X-API-Key		header	string							true	"Insert your api key"		default(<Add api key here>)
+//	@Param			X-User-ID		header	string							false	"UserID to process"			default()
 //	@Param			request			body	ProcessFaceRecognitionResultArg	true	"Request params"
 //	@Success		200				"OK"
 //	@Failure		401				{object}	server.ErrorResponse	"if not authenticated"
@@ -386,6 +387,10 @@ func (s *service) ProcessFaceRecognitionResult(
 	}
 	usr, err := parseProcessFaceRecognitionResultRequest(req)
 	if err != nil {
+		if errors.Is(err, errNoPermission) {
+			return nil, server.Forbidden(err)
+		}
+
 		return nil, server.UnprocessableEntity(err, invalidPropertiesErrorCode)
 	}
 	if err = s.usersProcessor.ModifyUser(ctx, usr, nil); err != nil {
@@ -401,6 +406,7 @@ func (s *service) ProcessFaceRecognitionResult(
 	return server.OK[any](), nil
 }
 
+//nolint:funlen //.
 func parseProcessFaceRecognitionResultRequest(req *server.Request[ProcessFaceRecognitionResultArg, any]) (*users.User, error) {
 	lastUpdatedAtDates := make([]*time.Time, 0, len(req.Data.LastUpdatedAt))
 	for ix, lastUpdatedAt := range req.Data.LastUpdatedAt {
@@ -414,13 +420,17 @@ func parseProcessFaceRecognitionResultRequest(req *server.Request[ProcessFaceRec
 	}
 	usr := new(users.User)
 	usr.ID = req.AuthenticatedUser.UserID
+	if req.Data.UserID != "" {
+		if req.AuthenticatedUser.Role != adminRole {
+			return nil, errors.Wrapf(errNoPermission, "insufficient role: %v, admin role required", req.AuthenticatedUser.Role)
+		}
+		usr.ID = req.Data.UserID
+	}
 	if len(lastUpdatedAtDates) > 0 {
 		usr.KYCStepsLastUpdatedAt = &lastUpdatedAtDates
 	}
-
 	kycStepPassed := users.KYCStep(len(lastUpdatedAtDates))
 	usr.KYCStepPassed = &kycStepPassed
-
 	if *req.Data.Disabled {
 		kycStepBlocked := users.FacialRecognitionKYCStep
 		usr.KYCStepBlocked = &kycStepBlocked

cmd/eskimo-hut/contract.go

@@ -6,6 +6,8 @@ import (
 	_ "embed"
 	"mime/multipart"
 
+	"github.com/pkg/errors"
+
 	emaillink "github.com/ice-blockchain/eskimo/auth/email_link"
 	"github.com/ice-blockchain/eskimo/users"
 )
@@ -16,7 +18,8 @@ type (
 	GetMetadataArg                  struct{}
 	ProcessFaceRecognitionResultArg struct {
 		Disabled      *bool    `json:"disabled" required:"true"`
-		APIKey        string   `header:"X-API-Key" swaggerignore:"true" required:"true" example:"some secret"` //nolint:tagliatelle // Nope.
+		APIKey        string   `header:"X-API-Key" swaggerignore:"true" required:"true" example:"some secret"`  //nolint:tagliatelle // Nope.
+		UserID        string   `header:"X-User-ID" swaggerignore:"true" required:"false" example:"some secret"` //nolint:tagliatelle // Nope.
 		LastUpdatedAt []string `json:"lastUpdatedAt" required:"true" example:"2006-01-02T15:04:05Z"`
 	}
 	Metadata struct {
@@ -163,12 +166,15 @@ const (
 	noPendingLoginSessionErrorCode = "NO_PENDING_LOGIN_SESSION" //nolint:gosec // .
 
 	deviceIDTokenClaim = "deviceUniqueID" //nolint:gosec // .
+
+	adminRole = "admin"
 )
 
 // .
 var (
 	//nolint:gochecknoglobals // Because its loaded once, at runtime.
-	cfg config
+	cfg             config
+	errNoPermission = errors.New("insufficient role")
 )
 
 type (

go.mod

@@ -88,7 +88,7 @@ require (
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/sys/mount v0.3.3 // indirect
 	github.com/moby/sys/mountinfo v0.6.2 // indirect
@@ -105,7 +105,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/quic-go/qtls-go1-20 v0.3.4 // indirect
-	github.com/quic-go/quic-go v0.39.0 // indirect
+	github.com/quic-go/quic-go v0.39.1 // indirect
 	github.com/refraction-networking/utls v1.5.4 // indirect
 	github.com/rs/zerolog v1.31.0 // indirect
 	github.com/sagikazarmark/locafero v0.3.0 // indirect
@@ -144,9 +144,9 @@ require (
 	google.golang.org/api v0.147.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/appengine/v2 v2.0.5 // indirect
-	google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
 	google.golang.org/grpc v1.58.3 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect

go.sum

@@ -334,8 +334,9 @@ github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
@@ -377,8 +378,8 @@ github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
 github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
 github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.39.0 h1:AgP40iThFMY0bj8jGxROhw3S0FMGa8ryqsmi9tBH3So=
-github.com/quic-go/quic-go v0.39.0/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
+github.com/quic-go/quic-go v0.39.1 h1:d/m3oaN/SD2c+f7/yEjZxe2zEVotXprnrCCJ2y/ZZFE=
+github.com/quic-go/quic-go v0.39.1/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
 github.com/refraction-networking/utls v1.5.4 h1:9k6EO2b8TaOGsQ7Pl7p9w6PUhx18/ZCeT0WNTZ7Uw4o=
 github.com/refraction-networking/utls v1.5.4/go.mod h1:SPuDbBmgLGp8s+HLNc83FuavwZCFoMmExj+ltUHiHUw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -771,12 +772,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a h1:fwgW9j3vHirt4ObdHoYNwuO24BEZjSzbh+zPaNWoiY8=
-google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb80Dq1hhioy0sOsY9jCE46YDgHlJ7fWVUWRE=
-google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a h1:myvhA4is3vrit1a6NZCWBIwN0kNEnX21DJOJX/NvIfI=
-google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a h1:a2MQQVoTo96JC9PMGtGBymLp7+/RzpFc2yX/9WfFg1c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=