From 03900ce67c6f4a5e7e7a153eac32c52fd8c78530 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20D=E2=80=99Aquino?= <daniel@daquino.me>
Date: Wed, 13 Mar 2024 14:57:27 +0000
Subject: [PATCH] Add transaction clearing admin endpoint for testing purposes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This adds one new admin endpoint that allows for the deletion of an
entire transaction history, for testing purposes only.

Testing
--------

1. On a local setup, I sent a cURL command to the new endpoint.
The command succeeded and the transaction history was successfully
cleared. I purchased a month via LN checkout and verified that
transactions were written again as normal.
2. Ran all automated tests which were passing.
3. Ran type check and ensured there are no regressions on the type check
4. Tested sending request with no admin password and an incorrect admin
   password and ensured that it was rejected and had no side effects to
   the account

Signed-off-by: Daniel D’Aquino <daniel@daquino.me>
Signed-off-by: William Casarin <jb55@jb55.com>
---
 src/router_config.js | 43 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/router_config.js b/src/router_config.js
index d4f8850..156bec3 100644
--- a/src/router_config.js
+++ b/src/router_config.js
@@ -382,10 +382,49 @@ function config_router(app) {
         invalid_request(res, { error: delete_error })
         return
       }
-      
+
       json_response(res, { success: true })
     })
-    
+
+    /**
+      * This route is used to delete a user account transaction history.
+      * This is useful when testing first checkout flows, and we need to reset the user's transaction history.
+    */
+    router.delete('/admin/users/:pubkey/transaction-history', async (req, res) => {
+      const pubkey = req.params.pubkey
+      const body = req.body
+      const admin_password = body.admin_password
+      if (!process.env.ADMIN_PASSWORD) {
+        unauthorized_response(res, 'Admin password not set in the environment variables')
+        return
+      }
+      if (!admin_password) {
+        unauthorized_response(res, 'Missing admin_password')
+        return
+      }
+      if (admin_password != process.env.ADMIN_PASSWORD) {
+        unauthorized_response(res, 'Invalid admin password')
+        return
+      }
+      if (!pubkey) {
+        invalid_request(res, 'Missing pubkey')
+        return
+      }
+      const { account, user_id } = get_account_and_user_id(app, pubkey)
+
+      account.transactions = []
+      account.expiry = null
+      try {
+        put_account(app, pubkey, account)
+      }
+      catch (e) {
+        error("Error when putting account: %s", e.toString())
+        invalid_request(res, { error: e.toString() })
+        return
+      }
+      json_response(res, { success: true })
+    })
+
     /**
       * This route is used to force a specific UUID for a user account.
       *