fix: compare app in whitelist check (sismo-core#111)

src/app/api/zk-telegram-bot/verify/route.test.ts

@@ -61,7 +61,23 @@ describe("POST /api/zk-telegram-bot/verify", () => {
     expect(data.message).toMatch(/Failed to verify ZK-Proof/);
   });
 
-  it("Should return approved when the user is not in the whitelist yet", async () => {
+  it("Should return approved when the userId is not in the whitelist", async () => {
+    const response = await POST(
+      new MockedRequest({
+        spaceSlug: "spaceSlug",
+        appSlug: "appSlug",
+        response: mockResponse,
+      }) as any
+    );
+    const data = await response.json();
+    expect(data.status).toEqual("approved");
+  });
+
+  it("Should return approved when the userId is whitelisted but for another app", async () => {
+    await memoryUserStore.add({
+      userId: "6232426394",
+      appSlug: "alreadyApprovedAppSlug",
+    });
     const response = await POST(
       new MockedRequest({
         spaceSlug: "spaceSlug",

src/app/api/zk-telegram-bot/verify/route.ts

@@ -38,7 +38,7 @@ export async function POST(req: Request) {
     const userStore = getUserStore();
 
     const telegramId = result.getUserId(AuthType.TELEGRAM);
-    if (await isAlreadyApproved(userStore, telegramId)) {
+    if (await isAlreadyApproved(userStore, app.slug, telegramId)) {
       if (env.isDev) {
         console.info(`User ${telegramId} is already approved`);
       }
@@ -74,8 +74,16 @@ const verifyResponse = async (
   return await sismoConnect.verify(response, verifyParams);
 };
 
-const isAlreadyApproved = async (store: UserStore, telegramId: string): Promise<boolean> => {
-  const users = await store.getUsers({ userId: telegramId });
+const isAlreadyApproved = async (
+  store: UserStore, 
+  appSlug: string,
+  telegramId: string
+): Promise<boolean> => {
+  const userQuery = { 
+    appSlug: appSlug,
+    userId: telegramId 
+  };
+  const users = await store.getUsers(userQuery);
   return users.length > 0;
 };
 

src/libs/user-store/memory-user-store/index.ts

@@ -6,7 +6,10 @@ export class MemoryUserStore extends UserStore {
 
   public async getUsers(queryUser?: Partial<User>): Promise<User[]> {
     return this._users.filter((user) => {
-      return queryUser?.userId === user.userId;
+      if (queryUser?.appSlug && queryUser.appSlug !== user.appSlug)
+        return false;
+      if (queryUser?.userId && queryUser.userId !== user.userId) return false;
+      return true;
     });
   }
 

src/libs/user-store/memory-user-store/memory-user-store.test.ts

@@ -0,0 +1,48 @@
+import { MemoryUserStore } from ".";
+import { UserStore } from "../store";
+
+let userStore: UserStore;
+
+const user1 = {
+  appSlug: "appSlug1",
+  userId: "userId1",
+};
+const user2 = {
+  appSlug: "appSlug2",
+  userId: "userId2",
+};
+const user3 = {
+  appSlug: "appSlug1",
+  userId: "userId3"
+};
+
+describe("MemoryUserStore", () => {
+  beforeEach(async () => {
+    userStore = new MemoryUserStore();
+
+    await userStore.add(user1);
+    await userStore.add(user2);
+    await userStore.add(user3);
+  });
+
+  it("Should return all users when query is missing", async () => {
+    const users = await userStore.getUsers();
+    expect(users.length).toEqual(3);
+    expect(users[0]).toEqual(user1);
+    expect(users[1]).toEqual(user2);
+    expect(users[2]).toEqual(user3);
+  });
+
+  it("Should return all users matching partial query", async () => {
+    const users = await userStore.getUsers({ appSlug: "appSlug1"});
+    expect(users.length).toEqual(2);
+    expect(users[0]).toEqual(user1);
+    expect(users[1]).toEqual(user3);
+  });
+
+  it("Should return users matching full query", async () => {
+    const users = await userStore.getUsers({ appSlug: "appSlug1", userId: "userId1"});
+    expect(users.length).toEqual(1);
+    expect(users[0]).toEqual(user1);
+  });
+});