fix comments, improve indexes

application.yaml

@@ -15,21 +15,26 @@ cmd/eskimo:
   wintr/auth/ice:
     refreshExpirationTime: 24h
     accessExpirationTime: 1h
-    jwtSecret: bogus
+    jwtSecret: bogus2
+  wintr/auth/firebase:
+    allowEmailPassword: true
 cmd/eskimo-hut:
+  third-party-api-key: 111
   api-key: bogus-secret
-  host: localhost:1443
+  host: localhost:1445
   version: local
   defaultEndpointTimeout: 120s
   #tenant: sunwaves
   httpServer:
-    port: 1443
+    port: 1445
     certPath: cmd/eskimo-hut/.testdata/localhost.crt
     keyPath: cmd/eskimo-hut/.testdata/localhost.key
   wintr/auth/ice:
     refreshExpirationTime: 24h
-    accessExpirationTime: 1h
+    accessExpirationTime: 8h
     jwtSecret: bogus
+  wintr/auth/firebase:
+    allowEmailPassword: true
 global:
   wintr/connectors/storage/v2:
     runDDL: true
@@ -39,18 +44,17 @@ global:
       password: pass
     replicaURLs:
       - postgresql://root:pass@localhost:5438/eskimo-global?pool_max_conn_idle_time=1000ms&pool_health_check_period=500ms&pool_max_conns=20
+
 wintr/connectors/storage/v2: &db
-  runDDL: true
   ignoreGlobal: true
-  primaryURL: postgresql://root:pass@localhost:5433/eskimo
+  runDDL: true
+  primaryURL: postgresql://root:pass@localhost:5433/eskimo3?pool_max_conn_idle_time=1000ms&pool_health_check_period=500ms&pool_max_conns=40
   credentials:
     user: root
     password: pass
   replicaURLs:
-    - postgresql://root:pass@localhost:5433/eskimo
+    - postgresql://root:pass@localhost:5433/eskimo3?pool_max_conn_idle_time=1000ms&pool_health_check_period=500ms&pool_max_conns=20
 kyc/social:
-  welcomeBonusV2Amount: 500
-  config-json-url: https://somewhere.com/something/somebogus.json
   environment: local
   enable-alerts: false
   alert-slack-webhook: https://hooks.slack.com/services/dummy/dummy/dummy
@@ -59,9 +63,18 @@ kyc/social:
   max-sessions-allowed: 4
   max-attempts-allowed: 3
   wintr/connectors/storage/v2: *db
+  config-json-url: https://ice-staging.b-cdn.net/assets/auth-config.json
+  config-json-url1: https://ice-staging.b-cdn.net/assets/auth-config.json
+  config-json-url2: https://ice-staging.b-cdn.net/assets/auth-config.json
   web-scraping-api:
+    api-key: bogus
+    url: bogus
   social-links:
     twitter:
+      post-urls:
+        3: /ice_blockchain/status/1712692723336032437
+        5: /ice_blockchain/status/1712692723336032437
+        6: /ice_blockchain/status/1712692723336032437
       domains:
         - twitter.com
         - x.com
@@ -71,43 +84,51 @@ kyc/social:
         - CA
         - US
     facebook:
+      post-urls:
+        3: https://www.facebook.com/reel/1463272597773681
+        5: https://www.facebook.com/reel/1463272597773681
+        6: https://www.facebook.com/reel/1463272597773681
       allow-long-live-tokens: true
+      app-id: bogus
+      app-secret: bogus
   tenant-name: sunwaves
   referralInviteUrlPrefix: https://bogus.com/@
 kyc/face:
-  config-json-url: https://somewhere.com/something/somebogus.json
+  wintr/connectors/storage/v2: *db
+  config-json-url: https://ice-staging.b-cdn.net/assets/auth-config.json
   threeDiVi:
-    bafToken: bogus
-    bafHost: http://bogus.com/
-    availabilityUrl:
-    secretApiToken: bogus-secret
+    bafToken: sk_b8ab2c4d-9968-4119-b23d-42ab33e1a104
+    bafHost: https://baf.staging.ice.vip
+    secretApiToken: HiYEFO9ZZiq7OEJA
+    availabilityUrl: https://baf.staging.ice.vip/stunner-metrics
     concurrentUsers: 1
 kyc/linking:
-  tenant: sunwaves
-  # If urls does not match <cmd/*->hostname>/$tenant/ schema.
-  #tenantURLs:
-  #  callfluent: https://localhost:1444/
-  #  doctorx: https://localhost:1445/
+  tenant: doctorx
 kyc/quiz:
   environment: local
-  enable-alerts: false
+  enable-alerts: true
   alert-slack-webhook: https://hooks.slack.com/services/dummy/dummy/dummy
   wintr/connectors/storage/v2: *db
-  maxSessionDurationSeconds: 600
+  maxSessionDurationSeconds: 300
+  sessionCooldownSeconds: 10
   maxQuestionsPerSession: 3
   maxWrongAnswersPerSession: 1
-  sessionCoolDownSeconds: 3600
   maxResetCount: 0
   maxAttemptsAllowed: 3
-  availabilityWindowSeconds: 600
-  globalStartDate: '2024-02-03T16:20:52.156534Z'
+  availabilityWindowSeconds: 60000
+  globalStartDate: '2024-05-29T08:40:52.156534Z'
+  config-json-url: https://ice-staging.b-cdn.net/assets/auth-config.json
+  config-json-url1: https://ice-staging.b-cdn.net/assets/auth-config.json
+  config-json-url2: https://ice-staging.b-cdn.net/assets/auth-config.json
 auth/telegram:
   wintr/connectors/storage/v2: *db
-  telegramTokenExpiration: 1h
+  telegramTokenExpiration: 0h
   telegramBots:
     1:
-      botToken: bogus
+      botToken: 7174357441:AAFb3buFkggIGTjh1g75NdR1FtVaG1F4ULs
 auth/email-link:
+  queueAliveTTL: 3m
+  queueProcessing: false
   extraLoadBalancersCount: 2
   wintr/connectors/storage/v2: *db
   wintr/connectors/storage/v3:
@@ -116,16 +137,14 @@ auth/email-link:
   fromEmailName: ice
   emailValidation:
     authLink: https://some.webpage.example/somePath
-    expirationTime: 1h
+    expirationTime: 3h
     blockDuration: 10m
-    sameIpRateCheckPeriod: 1h
-    maxRequestsFromIP: 10
   loginSession:
     jwtSecret: bogus
   confirmationCode:
     maxWrongAttemptsCount: 3
     constCodes:
-      bogus@example.com: 111
+      kolayuk@gmail.com: 111
   petName: Tenanter
   appName: Tenant
   teamName: Tenant
@@ -142,7 +161,6 @@ auth/email-link/2:
     credentials:
       #apiKey: bogus2
 users: &users
-  maxReferralsCount: 200
   defaultReferralName: bogus
   adoptionUrl: https://localhost:3443/v1r/tokenomics-statistics/adoption
   kyc:
@@ -159,32 +177,32 @@ users: &users
       - name: eskimo-health-check
         partitions: 1
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       - name: users-table
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       - name: user-device-metadata-table
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       - name: global-table
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       - name: contacts-table
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       ### The next topics are not owned by this service, but are needed to be created for the local/test environment.
       - name: mining-sessions-table
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
       - name: user-pings
         partitions: 10
         replicationFactor: 1
-        retention: 1000h
+        retention: 10s
     consumingTopics:
       - name: users-table
       - name: mining-sessions-table
@@ -215,3 +233,8 @@ users_test:
     <<: *usersMessageBroker
     consumingTopics: *usersMessageBrokerTopics
     consumerGroup: eskimo-local-test
+self:
+  wintr/auth/ice:
+    refreshExpirationTime: 24h
+    accessExpirationTime: 24h
+    jwtSecret: bogus

cmd/eskimo-hut/kyc.go

@@ -351,7 +351,7 @@ func (s *service) ForwardToFaceKYC(
 		case errors.Is(err, linking.ErrNotOwnRemoteUser):
 			return nil, server.BadRequest(err, linkingNotOwnedProfile)
 		case errors.Is(err, linking.ErrDuplicate):
-			return nil, server.BadRequest(err, linkingDuplicate)
+			return nil, server.Conflict(err, linkingDuplicate)
 		default:
 			return nil, server.Unexpected(err)
 		}

kyc/face/face.go

@@ -76,10 +76,10 @@ func (c *client) CheckStatus(ctx context.Context, user *users.User, nextKYCStep
 	}
 	if hasResult {
 		if dErr := c.accountsLinker.SetTenantVerified(ctx, user.ID, verifiedTenant); dErr != nil {
-			return false, errors.Wrapf(err, "failed to save user face id kyc for user id %v", user.ID)
+			return false, errors.Wrapf(dErr, "failed to mark tenant %v verified for user %v", verifiedTenant, user.ID)
 		}
 		if dErr := c.saveFaceID(ctx, user.ID, faceID); dErr != nil {
-			return false, errors.Wrapf(err, "failed to save user face id kyc for user id %v", user.ID)
+			return false, errors.Wrapf(dErr, "failed to save user face id kyc for user id %v", user.ID)
 		}
 	}
 	if !hasResult || nextKYCStep == users.LivenessDetectionKYCStep {

kyc/linking/global_ddl.sql

@@ -8,7 +8,7 @@ CREATE TABLE IF NOT EXISTS linked_user_accounts
     linked_tenant  TEXT NOT NULL,
     linked_user_id TEXT NOT NULL,
     has_kyc        BOOLEAN NOT NULL DEFAULT false,
-    primary key (tenant, user_id,linked_tenant,linked_user_id)
+    primary key (user_id, linked_user_id, tenant, linked_tenant)
 );
 
-CREATE INDEX IF NOT EXISTS linked_user_accounts_linked_user_id_user_id ON linked_user_accounts (user_id, linked_user_id);
+CREATE INDEX IF NOT EXISTS linked_user_accounts_linked_user_id ON linked_user_accounts (linked_user_id);

kyc/linking/linking.go

@@ -114,7 +114,7 @@ func (l *linker) Get(ctx context.Context, userID UserID) (allLinkedProfiles Link
 								UNION SELECT linked_user_accounts.* FROM linked_user_accounts
 								JOIN rec on rec.user_id = linked_user_accounts.user_id OR rec.linked_user_id = linked_user_accounts.linked_user_id
 							) SELECT * FROM rec;`, userID)
-	if err != nil && storage.IsErr(err, storage.ErrNotFound) {
+	if err != nil && !storage.IsErr(err, storage.ErrNotFound) {
 		return nil, "", errors.Wrapf(err, "failed to fetch linked accounts for user %v", userID)
 	}
 	allLinkedProfiles = make(map[Tenant]UserID)
@@ -143,7 +143,7 @@ func (l *linker) verifyToken(ctx context.Context, userID, tenant, token string)
 			return "", false, ErrNotOwnRemoteUser
 		}
 
-		return "", false, errors.Wrapf(err, "failed to link accounts with %v", userID)
+		return "", false, errors.Wrapf(err, "failed to fwtch remote user data for %v", userID)
 	}
 	if usr.CreatedAt == nil || usr.ReferredBy == "" || usr.Username == "" {
 		return "", false, ErrNotOwnRemoteUser