Add account creation to Vortex

apps/api/.env.example

@@ -10,6 +10,11 @@ SANDBOX_ENABLED=false
 # Example: openssl rand -base64 32
 ADMIN_SECRET=your-secure-admin-secret-here
 
+# Supabase Configuration
+SUPABASE_URL=https://your-project-id.supabase.co
+SUPABASE_ANON_KEY=your-anon-key-here
+SUPABASE_SERVICE_ROLE_KEY=your-service-role-key-here
+
 # Database
 DB_HOST=localhost
 DB_PORT=5432

apps/api/package.json

@@ -11,7 +11,7 @@
     "@polkadot/util": "catalog:",
     "@polkadot/util-crypto": "catalog:",
     "@scure/bip39": "^1.5.4",
-    "@supabase/supabase-js": "^2.87.1",
+    "@supabase/supabase-js": "catalog:",
     "@vortexfi/shared": "workspace:*",
     "@wagmi/core": "catalog:",
     "axios": "catalog:",

apps/api/src/api/controllers/admin/partnerApiKeys.controller.ts

@@ -12,7 +12,7 @@ import { generateApiKey, getKeyPrefix, hashApiKey } from "../../middlewares/apiK
  */
 export async function createApiKey(req: Request, res: Response): Promise<void> {
   try {
-    const { partnerName } = req.params;
+    const { partnerName } = req.params as { partnerName: string };
     const { name, expiresAt } = req.body;
 
     // Verify at least one partner with this name exists and is active
@@ -78,7 +78,7 @@ export async function createApiKey(req: Request, res: Response): Promise<void> {
       expiresAt: expirationDate,
       isActive: true,
       partnerCount: partners.length,
-      partnerName: partnerName,
+      partnerName,
       publicKey: {
         id: publicKeyRecord.id,
         key: publicKey, // Can be shown anytime (it's public)
@@ -112,7 +112,7 @@ export async function createApiKey(req: Request, res: Response): Promise<void> {
  */
 export async function listApiKeys(req: Request, res: Response): Promise<void> {
   try {
-    const { partnerName } = req.params;
+    const { partnerName } = req.params as { partnerName: string };
 
     // Verify partner exists
     const partners = await Partner.findAll({

apps/api/src/api/controllers/auth.controller.ts

@@ -0,0 +1,162 @@
+import { Request, Response } from "express";
+import User from "../../models/user.model";
+import { SupabaseAuthService } from "../services/auth";
+
+export class AuthController {
+  /**
+   * Check if email is registered
+   * GET /api/v1/auth/check-email?email=user@example.com
+   */
+  static async checkEmail(req: Request, res: Response) {
+    try {
+      const { email } = req.query;
+
+      if (!email || typeof email !== "string") {
+        return res.status(400).json({
+          error: "Email is required"
+        });
+      }
+
+      const exists = await SupabaseAuthService.checkUserExists(email);
+
+      return res.json({
+        action: exists ? "signin" : "signup",
+        exists
+      });
+    } catch (error) {
+      console.error("Error in checkEmail:", error);
+      return res.status(500).json({
+        error: "Failed to check email"
+      });
+    }
+  }
+
+  /**
+   * Request OTP
+   * POST /api/v1/auth/request-otp
+   */
+  static async requestOTP(req: Request, res: Response) {
+    try {
+      const { email } = req.body;
+
+      if (!email) {
+        return res.status(400).json({
+          error: "Email is required"
+        });
+      }
+
+      await SupabaseAuthService.sendOTP(email);
+
+      return res.json({
+        message: "OTP sent to email",
+        success: true
+      });
+    } catch (error) {
+      console.error("Error in requestOTP:", error);
+      return res.status(500).json({
+        error: "Failed to send OTP"
+      });
+    }
+  }
+
+  /**
+   * Verify OTP
+   * POST /api/v1/auth/verify-otp
+   */
+  static async verifyOTP(req: Request, res: Response) {
+    try {
+      const { email, token } = req.body;
+
+      if (!email || !token) {
+        return res.status(400).json({
+          error: "Email and token are required"
+        });
+      }
+
+      const result = await SupabaseAuthService.verifyOTP(email, token);
+
+      // Sync user to local database (upsert)
+      await User.upsert({
+        email: email,
+        id: result.user_id
+      });
+
+      return res.json({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        success: true,
+        user_id: result.user_id
+      });
+    } catch (error) {
+      console.error("Error in verifyOTP:", error);
+      return res.status(400).json({
+        error: "Invalid OTP or OTP expired"
+      });
+    }
+  }
+
+  /**
+   * Refresh token
+   * POST /api/v1/auth/refresh
+   */
+  static async refreshToken(req: Request, res: Response) {
+    try {
+      const { refresh_token } = req.body;
+
+      if (!refresh_token) {
+        return res.status(400).json({
+          error: "Refresh token is required"
+        });
+      }
+
+      const result = await SupabaseAuthService.refreshToken(refresh_token);
+
+      return res.json({
+        access_token: result.access_token,
+        refresh_token: result.refresh_token,
+        success: true
+      });
+    } catch (error) {
+      console.error("Error in refreshToken:", error);
+      return res.status(401).json({
+        error: "Invalid refresh token"
+      });
+    }
+  }
+
+  /**
+   * Verify token
+   * POST /api/v1/auth/verify
+   */
+  static async verifyToken(req: Request, res: Response) {
+    try {
+      const { access_token } = req.body;
+
+      if (!access_token) {
+        return res.status(400).json({
+          error: "Access token is required"
+        });
+      }
+
+      const result = await SupabaseAuthService.verifyToken(access_token);
+
+      if (!result.valid) {
+        return res.status(401).json({
+          error: "Invalid token",
+          valid: false
+        });
+      }
+
+      return res.json({
+        user_id: result.user_id,
+        valid: true
+      });
+    } catch (error) {
+      console.error("Error in verifyToken:", error);
+      return res.status(401).json({
+        error: "Token verification failed",
+        valid: false
+      });
+    }
+  }
+}

apps/api/src/api/controllers/brla.controller.ts

@@ -203,12 +203,14 @@ export const recordInitialKycAttempt = async (
         taxId
       }
     });
+
     if (!taxIdRecord) {
       const accountType = isValidCnpj(taxId)
         ? AveniaAccountType.COMPANY
         : isValidCpf(taxId)
           ? AveniaAccountType.INDIVIDUAL
           : undefined;
+
       // Create the entry only if a valid taxId is provided. Otherwise we ignore the request.
       if (accountType) {
         await TaxId.create({
@@ -217,7 +219,8 @@ export const recordInitialKycAttempt = async (
           initialSessionId: sessionId ?? null,
           internalStatus: TaxIdInternalStatus.Consulted,
           subAccountId: "",
-          taxId
+          taxId,
+          userId: req.userId ?? null
         });
       }
     }
@@ -317,14 +320,16 @@ export const createSubaccount = async (
     } else {
       // The entry should have been created the very first a new cpf/cnpj is consulted.
       // We leave this as is for now to avoid breaking changes.
+
       await TaxId.create({
         accountType,
         initialQuoteId: quoteId,
         initialSessionId: sessionId ?? null,
         internalStatus: TaxIdInternalStatus.Requested,
         requestedDate: new Date(),
         subAccountId: id,
-        taxId: taxId
+        taxId: taxId,
+        userId: req.userId ?? null
       });
     }
 

apps/api/src/api/controllers/maintenance.controller.ts

@@ -63,7 +63,7 @@ export const getAllMaintenanceSchedules: RequestHandler = async (_, res) => {
  */
 export const updateScheduleActiveStatus: RequestHandler = async (req, res) => {
   try {
-    const { id } = req.params;
+    const { id } = req.params as { id: string };
     const { isActive } = req.body;
 
     if (typeof isActive !== "boolean") {

apps/api/src/api/controllers/metrics.controller.ts

@@ -45,13 +45,13 @@ let supabaseClient: SupabaseClient | null = null;
 
 function getSupabaseClient() {
   if (!supabaseClient) {
-    if (!config.supabaseUrl) {
+    if (!config.supabase.url) {
       throw new Error("Missing Supabase URL in configuration.");
     }
-    if (!config.supabaseKey) {
+    if (!config.supabase.anonKey) {
       throw new Error("Missing Supabase Key in configuration.");
     }
-    supabaseClient = createClient(config.supabaseUrl, config.supabaseKey);
+    supabaseClient = createClient(config.supabase.url, config.supabase.anonKey);
   }
   return supabaseClient;
 }

apps/api/src/api/controllers/quote.controller.ts

@@ -48,7 +48,8 @@ export const createQuote = async (
       partnerId,
       partnerName: publicKeyPartnerName,
       rampType,
-      to
+      to,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(quote);
@@ -85,7 +86,8 @@ export const createBestQuote = async (
       partnerId,
       partnerName: publicKeyPartnerName,
       rampType,
-      to
+      to,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(quote);

apps/api/src/api/controllers/ramp.controller.ts

@@ -37,7 +37,8 @@ export const registerRamp = async (req: Request, res: Response<RampProcess>, nex
     const ramp = await rampService.registerRamp({
       additionalData,
       quoteId,
-      signingAccounts
+      signingAccounts,
+      userId: req.userId
     });
 
     res.status(httpStatus.CREATED).json(ramp);

apps/api/src/api/middlewares/supabaseAuth.ts

@@ -0,0 +1,76 @@
+import { NextFunction, Request, Response } from "express";
+import logger from "../../config/logger";
+import { SupabaseAuthService } from "../services/auth";
+
+declare global {
+  namespace Express {
+    interface Request {
+      userId?: string;
+    }
+  }
+}
+
+/**
+ * Middleware to verify Supabase auth token and attach userId to request
+ */
+export async function requireAuth(req: Request, res: Response, next: NextFunction) {
+  try {
+    const authHeader = req.headers.authorization;
+
+    if (!authHeader?.startsWith("Bearer ")) {
+      return res.status(401).json({
+        error: "Missing or invalid authorization header"
+      });
+    }
+
+    const token = authHeader.substring(7);
+    const result = await SupabaseAuthService.verifyToken(token);
+
+    if (!result.valid) {
+      return res.status(401).json({
+        error: "Invalid or expired token"
+      });
+    }
+
+    req.userId = result.user_id;
+    next();
+  } catch (error) {
+    console.error("Auth middleware error:", error);
+    return res.status(401).json({
+      error: "Authentication failed"
+    });
+  }
+}
+
+/**
+ * Optional auth - attaches userId if token present
+ */
+export async function optionalAuth(req: Request, res: Response, next: NextFunction) {
+  try {
+    const authHeader = req.headers.authorization;
+
+    if (authHeader?.startsWith("Bearer ")) {
+      const token = authHeader.substring(7);
+      const result = await SupabaseAuthService.verifyToken(token);
+
+      if (result.valid) {
+        req.userId = result.user_id;
+      }
+    }
+
+    next();
+  } catch (error) {
+    // Log truncated token for security - only show first/last few characters
+    const authHeader = req.headers.authorization;
+    const truncatedAuth = authHeader
+      ? `${authHeader.substring(0, 15)}...${authHeader.substring(authHeader.length - 4)}`
+      : undefined;
+
+    logger.warn("optionalAuth middleware: authentication error", {
+      authorization: truncatedAuth,
+      error,
+      path: req.path
+    });
+    next();
+  }
+}

apps/api/src/api/routes/v1/auth.route.ts

@@ -0,0 +1,12 @@
+import { Router } from "express";
+import { AuthController } from "../../controllers/auth.controller";
+
+const router = Router();
+
+router.get("/check-email", AuthController.checkEmail);
+router.post("/request-otp", AuthController.requestOTP);
+router.post("/verify-otp", AuthController.verifyOTP);
+router.post("/refresh", AuthController.refreshToken);
+router.post("/verify", AuthController.verifyToken);
+
+export default router;