cedros-login-server 0.0.19

Authentication server for cedros-login with email/password, Google OAuth, and Solana wallet sign-in
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

//! Treasury wallet administration handlers
//!
//! POST /admin/treasury/authorize - Authorize admin's wallet as treasury
//! GET /admin/treasury - Get current treasury configuration
//! DELETE /admin/treasury - Revoke treasury authorization

use axum::{extract::State, http::HeaderMap, Json};
use base64::{engine::general_purpose::STANDARD as BASE64, Engine};
use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::sync::Arc;
use uuid::Uuid;

use super::users::validate_system_admin;
use crate::callback::AuthCallback;
use crate::errors::AppError;
use crate::models::MessageResponse;
use crate::repositories::TreasuryConfigEntity;
use crate::services::EmailService;
use crate::utils::authenticate;
use crate::AppState;

/// Request to authorize admin's wallet as treasury
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct AuthorizeTreasuryRequest {
    /// Org ID for org-specific treasury (None = global default)
    pub org_id: Option<Uuid>,
}

/// Response with treasury configuration
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct TreasuryConfigResponse {
    pub id: Uuid,
    pub org_id: Option<Uuid>,
    pub treasury_user_id: Uuid,
    pub wallet_address: String,
    pub authorized_at: DateTime<Utc>,
    pub authorized_by: Uuid,
}

impl From<TreasuryConfigEntity> for TreasuryConfigResponse {
    fn from(e: TreasuryConfigEntity) -> Self {
        Self {
            id: e.id,
            org_id: e.org_id,
            treasury_user_id: e.treasury_user_id,
            wallet_address: e.wallet_address,
            authorized_at: e.authorized_at,
            authorized_by: e.authorized_by,
        }
    }
}

/// Query params for GET /admin/treasury
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct GetTreasuryQuery {
    /// Org ID (None = global default)
    pub org_id: Option<Uuid>,
}

/// POST /admin/treasury/authorize - Authorize admin's wallet as treasury
///
/// The admin must have their wallet unlocked. The server reconstructs the
/// private key and stores it encrypted for batch swap signing.
///
/// Requires system admin privileges.
pub async fn authorize_treasury<C: AuthCallback, E: EmailService>(
    State(state): State<Arc<AppState<C, E>>>,
    headers: HeaderMap,
    Json(request): Json<AuthorizeTreasuryRequest>,
) -> Result<Json<TreasuryConfigResponse>, AppError> {
    // Validate system admin
    let admin_id = validate_system_admin(&state, &headers).await?;

    // Get authenticated user (needed for session ID for wallet cache)
    let auth_user = authenticate(&state, &headers).await?;

    // Get wallet material
    let wallet_material = state
        .wallet_material_repo
        .find_default_by_user(admin_id)
        .await?
        .ok_or_else(|| AppError::NotFound("Admin does not have an SSS wallet enrolled".into()))?;

    // Get session ID for wallet unlock cache
    let session_id = auth_user
        .session_id
        .ok_or_else(|| AppError::Unauthorized("Session required for wallet operations".into()))?;

    // Get cached encryption key (wallet must be unlocked)
    let cached_key = state
        .wallet_unlock_cache
        .get(session_id)
        .await
        .ok_or_else(|| {
            AppError::Unauthorized("Wallet is locked. Call POST /wallet/unlock first.".into())
        })?;

    // Reconstruct the private key
    let private_key = state
        .wallet_signing_service
        .reconstruct_private_key(&wallet_material, &cached_key)
        .map_err(|e| {
            tracing::error!(error = %e, "Failed to reconstruct private key for treasury");
            AppError::Internal(anyhow::anyhow!("Failed to reconstruct wallet key"))
        })?;

    // Encrypt private key for storage
    let note_encryption = state
        .note_encryption_service
        .as_ref()
        .ok_or_else(|| AppError::Config("Note encryption not configured".into()))?;

    let encrypted = note_encryption.encrypt(private_key.as_bytes())?;

    // Store as: nonce (12 bytes) + ciphertext, all base64 encoded
    let mut combined = encrypted.nonce;
    combined.extend(&encrypted.ciphertext);
    let encrypted_private_key = BASE64.encode(&combined);

    // Create treasury config
    let config = TreasuryConfigEntity::new(
        request.org_id,
        admin_id,
        wallet_material.solana_pubkey.clone(),
        encrypted_private_key,
        note_encryption.key_id().to_string(),
        admin_id,
    );

    // Store in repository (will fail if treasury already exists for this org)
    let created = state.treasury_config_repo.create(config).await?;

    tracing::info!(
        treasury_id = %created.id,
        org_id = ?created.org_id,
        wallet = %created.wallet_address,
        "Treasury wallet authorized"
    );

    Ok(Json(TreasuryConfigResponse::from(created)))
}

/// GET /admin/treasury - Get current treasury configuration
///
/// Returns the treasury config for the specified org, or the global default
/// if no org_id is provided. Returns 404 if no treasury is configured.
///
/// Requires system admin privileges.
pub async fn get_treasury<C: AuthCallback, E: EmailService>(
    State(state): State<Arc<AppState<C, E>>>,
    headers: HeaderMap,
    axum::extract::Query(query): axum::extract::Query<GetTreasuryQuery>,
) -> Result<Json<TreasuryConfigResponse>, AppError> {
    validate_system_admin(&state, &headers).await?;

    let config = if let Some(org_id) = query.org_id {
        state.treasury_config_repo.find_by_org(org_id).await?
    } else {
        state.treasury_config_repo.find_global().await?
    };

    let config =
        config.ok_or_else(|| AppError::NotFound("No treasury configured for this org".into()))?;

    Ok(Json(TreasuryConfigResponse::from(config)))
}

/// DELETE /admin/treasury - Revoke treasury authorization
///
/// Removes the treasury configuration for the specified org (or global).
/// After revocation, micro deposits will fall back to the next available
/// treasury (org-specific or global).
///
/// Requires system admin privileges.
pub async fn revoke_treasury<C: AuthCallback, E: EmailService>(
    State(state): State<Arc<AppState<C, E>>>,
    headers: HeaderMap,
    axum::extract::Query(query): axum::extract::Query<GetTreasuryQuery>,
) -> Result<Json<MessageResponse>, AppError> {
    validate_system_admin(&state, &headers).await?;

    let deleted = state
        .treasury_config_repo
        .delete_by_org(query.org_id)
        .await?;

    if deleted {
        tracing::info!(org_id = ?query.org_id, "Treasury authorization revoked");
        Ok(Json(MessageResponse {
            message: "Treasury authorization revoked".to_string(),
        }))
    } else {
        Err(AppError::NotFound(
            "No treasury configured for this org".into(),
        ))
    }
}