-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR: claim permit in gift cards #226
Conversation
I only had the chance to quickly look through the code from my phone. Are you using Cloudflare Pages Function due to authentication? Otherwise I'm curious why you couldn't run everything from the UI? Tag my name when you reply so that I get a push notification. Thanks! |
Correct. This is the main reason. The API keys and access key of Reloadly give almost full access to a user to place an order. They can purchase a gift card of bigger amounts than their reward if there is no backend to keep a check on that. In fact, anyone can place an order, doesn't matter if they have a reward permit or not, if they have those keys. Plus, I think with only frontend, you can't check pre-conditions to place orders reliably. The payment of gift card is done correctly, it has been mined. The transfer is to/from the correct addresses. All of these things can be manipulated by a bad actor on the frontend. @0x4007 |
I also want to bring your attention to how the pricing of these cards works to make sure we deduct the correct amount and you are okay with it. Because the way Reloadly puts price on these cards is a little complicated.
On top of this, there is an extra fee per purchase, there is a percentage fee on each purchase, and then there is a discount. I see that I need to use the permit in one go. Let the user buy card that is available in the exact amount as permit. I tried and the permit doesn't appear to allow a second transaction even if you use some of it. |
That's a shame. Regarding the card mint flow, my vision is to have a deposit contract for Ubiquity Dollars. We can use the blockchain as our database. Given the complications with the card amounts, we can do the math on the UI, and then have a button that says "deposit $73" etc or whatever is required, then the button will trigger a transfer of ubiquity dollars from the users wallet to the deposit contract. Once the transaction is complete, the UI can use a wallet signature to expose the card details to the user? We should be leveraging the built-in security properties of web3 for authentication etc. Regarding euros etc: let's only mint USD cards. No need to complicate things in euros? Or are you saying there is no USD option? |
Currently, it is very much like claiming permit. You claim card, instead of claiming crypto.
I have found a way to handle everything we need without a database. Reloadly allows one custom field to be saved with each order. I store a hash of
I can retrieve the order later using these values.
Correct, this is already implemented and is working nicely.
Yes, we are doing so. I am storing the order info/card numbers, and showing only to the correct user using hashing and signatures.
This simplifies my work because this is where I am working now. Most of the other stuff is done. Secondly, it needs a separate http request to fetch each exchange rate. So when you are showing a list of 10 to 100 gift cards, it is a problem. |
Yes we will want to provide incentives for our partners to settle in Ubiquity Dollars, such as the ability to mint payment cards!
What about a wallet signature instead? Their public wallet address seems less secure because it's public information.
I want to spend extra time thinking through the UI/UX so that the user is never bombarded with a view of tens of cards. We should do our best to abstract/hide this away. Perhaps we can check their balances and if they are too low then we automatically hide them and save the state in localStorage etc. Another UX flow to consider: I imagine that as soon as I mint my cards, I will immediately add it to my Apple Pay wallet. After that I do not need to access the card details from the UI (unless if I can see balance details, then this is useful) otherwise I will only use the card from my Apple Pay wallet app and a copy will be saved there. Also last thing that's really important: we should have the ability to "roll up" permits into a single card. For example, if I have five permits that total up to $900, it would be far better UX to mint a single $900 card instead of five small cards. Please let me know your plan for addressing this.
I understand that USD cards can be spent anywhere. @sergfeldman minted me a $10 USD card and I spent it using Apple Pay in South Korea at a convenience store without a problem. |
I have a question. I am about to test on Ethereum. I have never tried an Ethereum permit here. It appears everything on Ethereum is also the same as gnosischain. ERC20 DAI token is used to pay on Ethereum with permits? @0x4007 |
Technically, any token should work, but yes, in the past when we first started the system we settled in DAI on mainnet |
Yes, as far as I know, you can pay everywhere with a card in USD. |
fixes broken test
Signer will be different partners addresses. No benefit in checking.
I have resolved the merge conflicts and I have merged it. Also, I have added a few more fixes. |
@rndquu is a super admin on the Ubiquity Workers Cloudflare account and should be able to address |
No problem. I am expecting some UI change requests. So let them gather up and I will implement them. I believe clicking this will show cards below. I had this icon in the same spot at some point during implementation. This mingles the UI code of claiming gift card and crypto. Right now, the UI codes are very much separate. |
I have tested using polygon amoy and a WXDAI mock deployment, claiming to my own address and signing using a vanity-eth address I run it e2e on mobile and desktop without errors so everything appears to be working as expected. I did notice that on mobile the cards lose their background and are difficult to see. They appear this way without interaction I just killed two birds capturing the toast. I also think that the additional info is uneasy on the eyes I only tested with the sandbox creds but functionally things are working as expected and I think all of the angles have been covered in terms of it being exploitable, great work. Idk if it's due to my region or if everyone is only showed one card now I thought the intention was to show multiple but I was only able to see one so I'm unsure how multiple would look on mobile. I was testing from 68dfa23 |
I will spend some time working on the UI/UX whenever its set up on beta.pay.ubq.fi etc Very excited to demo this. |
Unfortunately, Reloadly has only 1 visa gift card, and no mastercard on Sandbox. So, everyone will see only one card. You can see more cards if you use the production API keys of Reloadly. But those will be real gift card and claiming them will actually buy the cards. But I think it is okay to test claiming using sandbox, and test UI using production API keys. Claiming can be tested on production at the end of all other testings. |
The carousel looks and feels good on mobile as far as I can tell |
@EresDev So I should:
Frontend + functions deployment will be handled by deploy.yml. Correct? |
Yes, correct. But please note that we are merging to |
There is no Could you fix the deploy cloudflare CI and run it again so that a new project |
@rndquu Deployment to cloudflare is working fine now. However, I think I was wrong in the above statement. I saw @0x4007 creating new project so I thought it will be deployed to new project on cloudflare. @0x4007 do you know how it suppose to deploy to new project or maybe you were just doing this for your own testing. Because if the branch is different, the deployment will still go to the same old project but will be treated a preview deployment and will get a separate URL. If I am right here, you can add the environment variable to the same old pay project. But @0x4007 will tell us more if deployment is expected in a separate project. |
I plan to expose it at some subdomain or some other domain for testing purposes. Ultimately it is a convenience but either way, there will be a direct |
@EresDev Right now the The latest deployment of the |
@0x4007 I have plain admin access to the "Ubiquity DAO Workers" project while editing DNS settings requires super admin. |
I modified the global subdomain router to handle what we need, and it seems to be fine, except now the final problem is that somebody is using the |
I may have had it but I spent like 10 mins clearing all of my workers/pages yesterday so if it was me I'd expect it to have propagated by now |
Cloudflare support told me @Steveantor has it! |
We may have to rebrand/use a different subdomain as I did not immediately hear back. If this is the case, then we must change the bot permit generation code to reflect the new subdomain name @gentlementlegen Perhaps rewards.ubq.fi |
Couldn't figure out how to make my sub sub domain catch yet (beta.pay.ubq.fi.) Will work on it later. For now this is accessible at https://beta.pay-ubq-fi.pages.dev |
Resolves ubiquity/card-issuance#34
Table of Contents
pay.ubq.fi
/post-order
work?Introduction
This feature gives a bounty hunter an option to claim their permit reward in a virtual visa/mastercard.
There is no change in the ubiquibot functions. A hunter gets a reward permit on github issue they solve from ubiquibot. You notice a change when you reach the
pay.ubq.fi
to claim the permit reward. Here, you see the old option to claim in crypto, and a second option to claim a gift card.How does it work for the end user (the bounty hunter)?
There is no change in the way reward was claimed in crypto. It works the way it used to.
If a user clicks a "Claim" button for a gift card, they also get a similar transaction confirmation prompt from their web3 wallet. When the user confirms this transaction, and if all goes well. The page reloads, and they or anyone with a link to this permit can see the following page. However, only the actual owner can reveal the redeem code of the purchased card by signing a special message.
Changes to the architecture of
pay.ubq.fi
Before gift cards, we had two components. Frontend and blockchain. Hunters were claiming their permit in crypto only, and you know how these components were interacting.
Now, we have a third component, which is our backend using Cloudflare functions. It is used to buy a gift card from Reloadly using its API and deliver it back to the frontend if the order is successful.
In the process of claiming a gift card, the permit amount is transferred to our
GIFT_CARD_TREASURY
address instead of the hunter's own address. This happens when we change thepermit.transferDetails.to
address toGIFT_CARD_TREASURY
address when the user clicks to claim a gift card.If the transfer is successful, we send this transaction hash with some other info to the backend to buy visa/mastercard for the hunter. The backend checks the details of the transfer and makes sure they are correct, not already used, and the correct amounts, etc. You can see what it checks in file https://github.com/EresDevOrg/pay.ubq.fi/blob/development/functions/post-order.ts . If all is well, an order is placed with Reloadly and the hunter is informed that he has claimed the gift card.
After the order, the user or anyone can see on the
pay.ubq.fi....
permit page that a gift card has been claimed. Here, only the owner can reveal the gift card code.All communication with Reloadly happens through our backend. There is no direct communication between the frontend and Reloadly. Because Reloady needs API credentials or an access token with every request, and we can't reveal them to the public.
How does
/post-order
work?This is the most important backend function that consumes our Reloadly balance and buys gift card from Reloadly for the user who are claiming their permit in gift cards. This function receives their crypto transaction hash
txHash
andchainId
andproductId
of required the gift card from the user after they have successfully confirmed the permit transaction for gift card.chainId
is used to connect to a correct RPC (from our specified list) for blockchain eth/gnosis.There is no user auth here. All is in the txHash that we check, and give the gift card if the checks pass. What we check is exhaustive to make sure no one cheats. What do we check and why do we check in /post-order? You can also see in this function
pay.ubq.fi/functions/post-order.ts
Line 204 in 8fe9b2b
permit.transferDetails.to
is ourGIFT_CARD_TREASURY
address.permitTransferFrom
If all of these conditions are correct, we buy gift card from Reloadly. Otherwise, an appropriate error is logged and a generic error is sent to the end user.
Addresses like
GIFT_CARD_TREASURY
,Permit2
,Token
are present on the constants file. They usually will not change, but if we need to, they can be changed.What is needed to merge this PR & deploy to production?
Alternate manual option is to deploy using your CLI. The command you will use is
npx wrangler pages deploy "static" --project-name "pay-ubq-fi" --branch "development" --commit-dirty=true
Please use appropriate--project-name
here.USE_RELOADLY_SANDBOX=false
RELOADLY_SANDBOX_API_CLIENT_ID
andRELOADLY_SANDBOX_API_CLIENT_SECRET
to GitHub secrets so that the cypress tests could run. These e2e tests place orders on Reloadly sandbox.Currently, you see cypress tests failing in this PR. It is because of these variables. You can see the same cypress tests passing on the source repository because it has these variables.
Also, there is a security concern that these keys can leak somehow from cypress tests workflow, but I decided to keep them because they are just sandbox keys. It should not affect the production.
pay.ubq.fi/.github/workflows/cypress-testing.yml
Line 42 in 8fa0b09
How do I run & try it locally?
Here, we use Foundry Anvil to fork gnosischain.
pay.ubq.fi/.github/workflows/cypress-testing.yml
Line 51 in 8fa0b09
wrangler.toml
file. You can use these credentials from the issue of this PR Bounty proposal: integrate Reloadly API card-issuance#34. In the first comment, there is a doc file link shared. If you don't have permission to read the doc file, ask @sergfeldmannvm use
yarn install
yarn build
yarn test:anvil
yarn test:fund
yarn start
will generate permits and start wrangler to serve the backend. Go to the recently generated permit link and try.What can be improved next?