implemented backend wallets/ledger accounts listing

api/server/internal/server/ledgerapiimp/balance.go

@@ -0,0 +1,52 @@
+package ledgerapiimp
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/pkg/mservice"
+	ledgerv1 "github.com/tech/sendico/pkg/proto/ledger/v1"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *LedgerAPI) getBalance(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for ledger balance", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	accountRef := strings.TrimSpace(a.aph.GetID(r))
+	if accountRef == "" {
+		return response.BadReference(a.logger, a.Name(), a.aph.Name(), a.aph.GetID(r), errors.New("ledger account reference is required"))
+	}
+
+	ctx := r.Context()
+	res, err := a.enf.Enforce(ctx, a.balancePerm, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
+	if err != nil {
+		a.logger.Warn("Failed to check ledger balance access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()), zap.String("ledger_account_ref", accountRef))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !res {
+		a.logger.Debug("Access denied when reading ledger balance", zap.String(a.oph.Name(), orgRef.Hex()), zap.String("ledger_account_ref", accountRef))
+		return response.AccessDenied(a.logger, a.Name(), "ledger balance read permission denied")
+	}
+	if a.client == nil {
+		return response.Internal(a.logger, mservice.Ledger, errors.New("ledger client is not configured"))
+	}
+
+	resp, err := a.client.GetBalance(ctx, &ledgerv1.GetBalanceRequest{
+		LedgerAccountRef: accountRef,
+	})
+	if err != nil {
+		a.logger.Warn("Failed to fetch ledger balance", zap.Error(err), zap.String("ledger_account_ref", accountRef))
+		return response.Auto(a.logger, mservice.Ledger, err)
+	}
+
+	return sresponse.LedgerBalance(a.logger, resp, token)
+}

api/server/internal/server/ledgerapiimp/list.go

@@ -0,0 +1,46 @@
+package ledgerapiimp
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/pkg/mservice"
+	ledgerv1 "github.com/tech/sendico/pkg/proto/ledger/v1"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *LedgerAPI) listAccounts(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for ledger account list", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	res, err := a.enf.Enforce(ctx, a.permissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
+	if err != nil {
+		a.logger.Warn("Failed to check ledger accounts access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !res {
+		a.logger.Debug("Access denied when listing ledger accounts", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "ledger accounts read permission denied")
+	}
+	if a.client == nil {
+		return response.Internal(a.logger, mservice.Ledger, errors.New("ledger client is not configured"))
+	}
+
+	resp, err := a.client.ListAccounts(ctx, &ledgerv1.ListAccountsRequest{
+		OrganizationRef: orgRef.Hex(),
+	})
+	if err != nil {
+		a.logger.Warn("Failed to list ledger accounts", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, mservice.Ledger, err)
+	}
+
+	return sresponse.LedgerAccounts(a.logger, resp.GetAccounts(), token)
+}

api/server/internal/server/ledgerapiimp/service.go

@@ -0,0 +1,110 @@
+package ledgerapiimp
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	ledgerclient "github.com/tech/sendico/ledger/client"
+	api "github.com/tech/sendico/pkg/api/http"
+	"github.com/tech/sendico/pkg/auth"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/mlogger"
+	"github.com/tech/sendico/pkg/mservice"
+	ledgerv1 "github.com/tech/sendico/pkg/proto/ledger/v1"
+	eapi "github.com/tech/sendico/server/interface/api"
+	mutil "github.com/tech/sendico/server/internal/mutil/param"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+type ledgerClient interface {
+	ListAccounts(ctx context.Context, req *ledgerv1.ListAccountsRequest) (*ledgerv1.ListAccountsResponse, error)
+	GetBalance(ctx context.Context, req *ledgerv1.GetBalanceRequest) (*ledgerv1.BalanceResponse, error)
+	Close() error
+}
+
+type LedgerAPI struct {
+	logger        mlogger.Logger
+	client        ledgerClient
+	enf           auth.Enforcer
+	oph           mutil.ParamHelper
+	aph           mutil.ParamHelper
+	permissionRef primitive.ObjectID
+	balancePerm   primitive.ObjectID
+}
+
+func (a *LedgerAPI) Name() mservice.Type { return mservice.LedgerAccounts }
+
+func (a *LedgerAPI) Finish(ctx context.Context) error {
+	if a.client != nil {
+		if err := a.client.Close(); err != nil {
+			a.logger.Warn("Failed to close ledger client", zap.Error(err))
+		}
+	}
+	return nil
+}
+
+func CreateAPI(apiCtx eapi.API) (*LedgerAPI, error) {
+	p := &LedgerAPI{
+		logger: apiCtx.Logger().Named(mservice.LedgerAccounts),
+		enf:    apiCtx.Permissions().Enforcer(),
+		oph:    mutil.CreatePH(mservice.Organizations),
+		aph:    mutil.CreatePH("ledger_account"),
+	}
+
+	desc, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.LedgerAccounts)
+	if err != nil {
+		p.logger.Warn("Failed to fetch ledger accounts permission description", zap.Error(err))
+		return nil, err
+	}
+	p.permissionRef = desc.ID
+
+	bdesc, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.LedgerBalances)
+	if err != nil {
+		p.logger.Warn("Failed to fetch ledger balances permission description", zap.Error(err))
+		return nil, err
+	}
+	p.balancePerm = bdesc.ID
+
+	if err := p.initLedgerClient(apiCtx.Config().Ledger); err != nil {
+		p.logger.Error("Failed to initialize ledger client", zap.Error(err))
+		return nil, err
+	}
+
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/"), api.Get, p.listAccounts)
+	apiCtx.Register().AccountHandler(p.Name(), p.aph.AddRef(p.oph.AddRef("/"))+"/balance", api.Get, p.getBalance)
+
+	return p, nil
+}
+
+func (a *LedgerAPI) initLedgerClient(cfg *eapi.LedgerConfig) error {
+	if cfg == nil {
+		return merrors.InvalidArgument("ledger configuration is not provided")
+	}
+
+	address := strings.TrimSpace(cfg.Address)
+	if address == "" {
+		address = strings.TrimSpace(os.Getenv(cfg.AddressEnv))
+	}
+	if address == "" {
+		return merrors.InvalidArgument(fmt.Sprintf("ledger address is not specified and address env %s is empty", cfg.AddressEnv))
+	}
+
+	clientCfg := ledgerclient.Config{
+		Address:     address,
+		DialTimeout: time.Duration(cfg.DialTimeoutSeconds) * time.Second,
+		CallTimeout: time.Duration(cfg.CallTimeoutSeconds) * time.Second,
+		Insecure:    cfg.Insecure,
+	}
+
+	client, err := ledgerclient.New(context.Background(), clientCfg)
+	if err != nil {
+		return err
+	}
+
+	a.client = client
+	return nil
+}

api/server/internal/server/walletapiimp/balance.go

@@ -0,0 +1,55 @@
+package walletapiimp
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/pkg/mservice"
+	gatewayv1 "github.com/tech/sendico/pkg/proto/chain/gateway/v1"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *WalletAPI) getWalletBalance(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for wallet balance", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+	walletRef := strings.TrimSpace(a.wph.GetID(r))
+	if walletRef == "" {
+		return response.BadReference(a.logger, a.Name(), a.wph.Name(), a.wph.GetID(r), errors.New("wallet reference is required"))
+	}
+
+	ctx := r.Context()
+	res, err := a.enf.Enforce(ctx, a.balancesPermissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
+	if err != nil {
+		a.logger.Warn("Failed to check wallet balance permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()), zap.String("wallet_ref", walletRef))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !res {
+		a.logger.Debug("Access denied when reading wallet balance", zap.String(a.oph.Name(), orgRef.Hex()), zap.String("wallet_ref", walletRef))
+		return response.AccessDenied(a.logger, a.Name(), "wallet balance read permission denied")
+	}
+	if a.chainGateway == nil {
+		return response.Internal(a.logger, mservice.ChainGateway, errors.New("chain gateway client is not configured"))
+	}
+
+	resp, err := a.chainGateway.GetWalletBalance(ctx, &gatewayv1.GetWalletBalanceRequest{WalletRef: walletRef})
+	if err != nil {
+		a.logger.Warn("Failed to fetch wallet balance", zap.Error(err), zap.String("wallet_ref", walletRef))
+		return response.Auto(a.logger, mservice.ChainGateway, err)
+	}
+
+	bal := resp.GetBalance()
+	if bal == nil {
+		a.logger.Warn("Wallet balance missing in response", zap.String("wallet_ref", walletRef))
+		return response.Auto(a.logger, mservice.ChainGateway, errors.New("wallet balance not available"))
+	}
+
+	return sresponse.WalletBalance(a.logger, bal, token)
+}

api/server/internal/server/walletapiimp/list.go

@@ -0,0 +1,52 @@
+package walletapiimp
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/tech/sendico/pkg/api/http/response"
+	"github.com/tech/sendico/pkg/model"
+	"github.com/tech/sendico/pkg/mservice"
+	gatewayv1 "github.com/tech/sendico/pkg/proto/chain/gateway/v1"
+	"github.com/tech/sendico/server/interface/api/sresponse"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+func (a *WalletAPI) listWallets(r *http.Request, account *model.Account, token *sresponse.TokenData) http.HandlerFunc {
+	orgRef, err := a.oph.GetRef(r)
+	if err != nil {
+		a.logger.Warn("Failed to parse organization reference for wallet list", zap.Error(err), zap.String(a.oph.Name(), a.oph.GetID(r)))
+		return response.BadReference(a.logger, a.Name(), a.oph.Name(), a.oph.GetID(r), err)
+	}
+
+	ctx := r.Context()
+	res, err := a.enf.Enforce(ctx, a.walletsPermissionRef, account.ID, orgRef, primitive.NilObjectID, model.ActionRead)
+	if err != nil {
+		a.logger.Warn("Failed to check chain wallet access permissions", zap.Error(err), zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.Auto(a.logger, a.Name(), err)
+	}
+	if !res {
+		a.logger.Debug("Access denied when listing organization wallets", zap.String(a.oph.Name(), orgRef.Hex()))
+		return response.AccessDenied(a.logger, a.Name(), "wallets read permission denied")
+	}
+	if a.chainGateway == nil {
+		return response.Internal(a.logger, mservice.ChainGateway, errors.New("chain gateway client is not configured"))
+	}
+
+	req := &gatewayv1.ListManagedWalletsRequest{
+		OrganizationRef: orgRef.Hex(),
+	}
+	if owner := strings.TrimSpace(r.URL.Query().Get("owner_ref")); owner != "" {
+		req.OwnerRef = owner
+	}
+
+	resp, err := a.chainGateway.ListManagedWallets(ctx, req)
+	if err != nil {
+		a.logger.Warn("Failed to list managed wallets", zap.Error(err), zap.String("organization_ref", orgRef.Hex()))
+		return response.Auto(a.logger, mservice.ChainGateway, err)
+	}
+
+	return sresponse.Wallets(a.logger, resp, token)
+}

api/server/internal/server/walletapiimp/service.go

@@ -0,0 +1,115 @@
+package walletapiimp
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	chaingatewayclient "github.com/tech/sendico/chain/gateway/client"
+	api "github.com/tech/sendico/pkg/api/http"
+	"github.com/tech/sendico/pkg/auth"
+	"github.com/tech/sendico/pkg/merrors"
+	"github.com/tech/sendico/pkg/mlogger"
+	"github.com/tech/sendico/pkg/mservice"
+	gatewayv1 "github.com/tech/sendico/pkg/proto/chain/gateway/v1"
+	eapi "github.com/tech/sendico/server/interface/api"
+	mutil "github.com/tech/sendico/server/internal/mutil/param"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.uber.org/zap"
+)
+
+type WalletAPI struct {
+	logger                mlogger.Logger
+	chainGateway          chainWalletClient
+	enf                   auth.Enforcer
+	oph                   mutil.ParamHelper
+	wph                   mutil.ParamHelper
+	walletsPermissionRef  primitive.ObjectID
+	balancesPermissionRef primitive.ObjectID
+}
+
+type chainWalletClient interface {
+	ListManagedWallets(ctx context.Context, req *gatewayv1.ListManagedWalletsRequest) (*gatewayv1.ListManagedWalletsResponse, error)
+	GetWalletBalance(ctx context.Context, req *gatewayv1.GetWalletBalanceRequest) (*gatewayv1.GetWalletBalanceResponse, error)
+	Close() error
+}
+
+func (a *WalletAPI) Name() mservice.Type { return mservice.ChainWallets }
+
+func (a *WalletAPI) Finish(ctx context.Context) error {
+	if a.chainGateway != nil {
+		if err := a.chainGateway.Close(); err != nil {
+			a.logger.Warn("Failed to close chain gateway client", zap.Error(err))
+		}
+	}
+	return nil
+}
+
+func CreateAPI(apiCtx eapi.API) (*WalletAPI, error) {
+	p := &WalletAPI{
+		logger: apiCtx.Logger().Named(mservice.Wallets),
+		enf:    apiCtx.Permissions().Enforcer(),
+		oph:    mutil.CreatePH(mservice.Organizations),
+		wph:    mutil.CreatePH(mservice.Wallets),
+	}
+
+	walletsPolicy, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.ChainWallets)
+	if err != nil {
+		p.logger.Warn("Failed to fetch chain wallets permission policy description", zap.Error(err))
+		return nil, err
+	}
+	p.walletsPermissionRef = walletsPolicy.ID
+
+	balancesPolicy, err := apiCtx.Permissions().GetPolicyDescription(context.Background(), mservice.ChainWalletBalances)
+	if err != nil {
+		p.logger.Warn("Failed to fetch chain wallet balances permission policy description", zap.Error(err))
+		return nil, err
+	}
+	p.balancesPermissionRef = balancesPolicy.ID
+
+	cfg := apiCtx.Config()
+	if cfg == nil {
+		p.logger.Error("Failed to fetch service configuration")
+		return nil, merrors.InvalidArgument("No configuration provided")
+	}
+	if err := p.initChainGateway(cfg.ChainGateway); err != nil {
+		p.logger.Error("Failed to initialize chain gateway client", zap.Error(err))
+		return nil, err
+	}
+
+	apiCtx.Register().AccountHandler(p.Name(), p.oph.AddRef("/"), api.Get, p.listWallets)
+	apiCtx.Register().AccountHandler(p.Name(), p.wph.AddRef(p.oph.AddRef("/"))+"/balance", api.Get, p.getWalletBalance)
+
+	return p, nil
+}
+
+func (a *WalletAPI) initChainGateway(cfg *eapi.ChainGatewayConfig) error {
+	if cfg == nil {
+		return merrors.InvalidArgument("chain gateway configuration is not provided")
+	}
+
+	cfg.Address = strings.TrimSpace(cfg.Address)
+	if cfg.Address == "" {
+		cfg.Address = strings.TrimSpace(os.Getenv(cfg.AddressEnv))
+	}
+	if cfg.Address == "" {
+		return merrors.InvalidArgument(fmt.Sprintf("chain gateway address is not specified and address env %s is empty", cfg.AddressEnv))
+	}
+
+	clientCfg := chaingatewayclient.Config{
+		Address:     cfg.Address,
+		DialTimeout: time.Duration(cfg.DialTimeoutSeconds) * time.Second,
+		CallTimeout: time.Duration(cfg.CallTimeoutSeconds) * time.Second,
+		Insecure:    cfg.Insecure,
+	}
+
+	client, err := chaingatewayclient.New(context.Background(), clientCfg)
+	if err != nil {
+		return err
+	}
+
+	a.chainGateway = client
+	return nil
+}