Feat: implement per operator settings cache

Fix: fix linter-found issues Chore: move findOperatorId to own middleware file Chore: delete old routes.js file and rename new-routes.js to routes.js Fix: PR fixes
2021-01-13 19:04:40 +00:00 · 2021-01-13 19:04:40 +00:00 · 558317e9f3
commit 558317e9f3
parent 85235eaa13
30 changed files with 232 additions and 860 deletions
--- a/bin/lamassu-server
+++ b/bin/lamassu-server
@ -9,4 +9,4 @@ process.on('unhandledRejection', err => {
 })
 app.run()
-.catch(console.log)
+  .catch(console.log)
--- a/lib/app.js
+++ b/lib/app.js
@ -3,7 +3,7 @@ const http = require('http')
 const https = require('https')
 const argv = require('minimist')(process.argv.slice(2))
-const routes = require('./new-routes')
+const routes = require('./routes')
 const logger = require('./logger')
 const poller = require('./poller')
 const settingsLoader = require('./new-settings-loader')
@ -90,4 +90,4 @@ function startServer (settings) {
    })
 }
-module.exports = {run}
+module.exports = { run }
--- a/lib/cash-out/cash-out-tx.js
+++ b/lib/cash-out/cash-out-tx.js
@ -9,6 +9,7 @@ const T = require('../time')
 const logger = require('../logger')
 const plugins = require('../plugins')
 const httpError = require('../route-helpers').httpError
 const helper = require('./cash-out-helper')
 const cashOutAtomic = require('./cash-out-atomic')
 const cashOutActions = require('./cash-out-actions')
@ -31,14 +32,6 @@ const INSUFFICIENT_FUNDS_CODE = 570
 const toObj = helper.toObj
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function selfPost (tx, pi) {
  return post(tx, pi, false)
 }
@ -83,7 +76,7 @@ function postProcess (txVector, justAuthorized, pi) {
        }
        return cashOutActions.logAction(db, 'provisionNotes', rec, newTx)
-          .then(_.constant({bills}))
+          .then(_.constant({ bills }))
      })
      .catch(err => {
        pi.notifyOperator(newTx, { error: err.message, isRedemption: true })
--- a/lib/middlewares/authorize.js
+++ b/lib/middlewares/authorize.js
@ -16,4 +16,4 @@ const authorize = function (req, res, next) {
    .catch(next)
 }
-module.exports = authorize
+module.exports = authorize
--- a/lib/middlewares/ca.js
+++ b/lib/middlewares/ca.js
@ -1,7 +1,6 @@
 const pairing = require('../pairing')
 function ca (req, res) {
  console.log("ca")
  const token = req.query.token
  return pairing.authorizeCaDownload(token)
@ -9,4 +8,4 @@ function ca (req, res) {
    .catch(() => res.status(403).json({ error: 'forbidden' }))
 }
-module.exports = ca
+module.exports = ca
--- a/lib/middlewares/errorHandler.js
+++ b/lib/middlewares/errorHandler.js
@ -12,4 +12,4 @@ function errorHandler (err, req, res, next) {
  return res.status(statusCode).json(json)
 }
-module.exports = errorHandler
+module.exports = errorHandler
--- a/lib/middlewares/filterOldRequests.js
+++ b/lib/middlewares/filterOldRequests.js
@ -24,4 +24,4 @@ function filterOldRequests (req, res, next) {
  next()
 }
-module.exports = filterOldRequests
+module.exports = filterOldRequests
--- a/lib/middlewares/operatorId.js
+++ b/lib/middlewares/operatorId.js
@ -0,0 +1,30 @@
 const pify = require('pify')
 const fs = pify(require('fs'))
 const hkdf = require('futoin-hkdf')
 const state = require('./state')
 const mnemonicHelpers = require('../mnemonic-helpers')
 const options = require('../options')
 function computeOperatorId (masterSeed) {
  return hkdf(masterSeed, 16, { salt: 'lamassu-server-salt', info: 'operator-id' }).toString('hex')
 }
 function getMnemonic () {
  if (state.mnemonic) return Promise.resolve(state.mnemonic)
  return fs.readFile(options.mnemonicPath, 'utf8').then(mnemonic => {
    state.mnemonic = mnemonic
    return mnemonic
  })
 }
 function findOperatorId (req, res, next) {
  getMnemonic().then(mnemonic => {
    return computeOperatorId(mnemonicHelpers.toEntropyBuffer(mnemonic))
  }).then(id => {
    res.locals.operatorId = id
  }).catch(e => console.error('Error while computing operator id\n' + e))
  next()
 }
 module.exports = findOperatorId
--- a/lib/middlewares/pair.js
+++ b/lib/middlewares/pair.js
@ -1,20 +0,0 @@
 const pairing = require('../pairing')
 function pair (req, res, next) {
  console.log("pair")
  const token = req.query.token
  const deviceId = req.deviceId
  const model = req.query.model
  return pairing.pair(token, deviceId, model)
    .then(valid => {
      if (valid) {
        return res.json({ status: 'paired' })
      }
      throw httpError('Pairing failed')
    })
    .catch(next)
 }
 module.exports = pair
--- a/lib/middlewares/populateDeviceId.js
+++ b/lib/middlewares/populateDeviceId.js
@ -1,7 +1,7 @@
 const _ = require('lodash/fp')
 const crypto = require('crypto')
 function sha256 (buf) {
  const crypto = require('crypto')
  const hash = crypto.createHash('sha256')
  hash.update(buf)
@ -19,4 +19,4 @@ const populateDeviceId = function (req, res, next) {
  next()
 }
-module.exports = populateDeviceId
+module.exports = populateDeviceId
--- a/lib/middlewares/populateSettings.js
+++ b/lib/middlewares/populateSettings.js
@ -6,26 +6,27 @@ const helpers = require('../route-helpers')
 const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000
 const populateSettings = function (req, res, next) {
  const operatorId = res.locals.operatorId
  const versionId = req.headers['config-version']
  if (versionId !== state.oldVersionId) {
    state.oldVersionId = versionId
  }
  // Clear cache every hour
-  if (Date.now() - settingsCache.getTimestamp() > SETTINGS_CACHE_REFRESH) {
+  if (Date.now() - settingsCache.getTimestamp(operatorId) > SETTINGS_CACHE_REFRESH) {
-    settingsCache.clearCache()
+    settingsCache.clear(operatorId)
  }
-  if (!versionId && settingsCache.getCache()) {
+  if (!versionId && settingsCache.getCache(operatorId)) {
-    req.settings = settingsCache.getCache()
+    req.settings = settingsCache.getCache(operatorId)
    return next()
  }
-  if (!versionId && !settingsCache.getCache()) {
+  if (!versionId && !settingsCache.getCache(operatorId)) {
    return newSettingsLoader.loadLatest()
      .then(settings => {
-        settingsCache.setCache(settings)
+        settingsCache.setCache(operatorId, settings)
-        settingsCache.setTimestamp(Date.now())
+        settingsCache.setTimestamp(operatorId, Date.now())
        req.settings = settings
      })
      .then(() => next())
@ -39,4 +40,4 @@ const populateSettings = function (req, res, next) {
    .catch(next)
 }
-module.exports = populateSettings
+module.exports = populateSettings
--- a/lib/middlewares/settingsCache.js
+++ b/lib/middlewares/settingsCache.js
@ -1,19 +1,26 @@
 const _ = require('lodash/fp')
 const state = require('./state')
-const getTimestamp = () => state.settingsCache.timestamp
+const getTimestamp = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].timestamp : null
-const getCache = () => state.settingsCache.cache
+const getCache = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].cache : null
-const setTimestamp = (newTimestamp) => state.settingsCache.timestamp = newTimestamp
+const setTimestamp = (operatorId, newTimestamp) => {
  state.settingsCache = _.set([operatorId, 'timestamp'], newTimestamp, state.settingsCache)
 }
-const setCache = (newCache) => state.settingsCache.cache = newCache
+const setCache = (operatorId, newCache) => {
  state.settingsCache = _.set([operatorId, 'cache'], newCache, state.settingsCache)
 }
-const clearCache = () => state.settingsCache.cache = null
+const clear = (operatorId) => {
  state.settingsCache = _.set([operatorId], null, state.settingsCache)
 }
 module.exports = {
  getTimestamp,
  getCache,
  setTimestamp,
  setCache,
-  clearCache
+  clear
-}
+}
--- a/lib/middlewares/state.js
+++ b/lib/middlewares/state.js
@ -1,12 +1,13 @@
-module.exports = function () {
+module.exports = (function () {
  return {
-    oldVersionId: "unset",
+    oldVersionId: 'unset',
    settingsCache: {},
    canLogClockSkewMap: {},
    canGetLastSeenMap: {},
    pids: {},
    reboots: {},
    shutdowns: {},
-    restartServicesMap: {}
+    restartServicesMap: {},
    mnemonic: null
  }
-}()
+}())
--- a/lib/new-routes.js
+++ b/lib/new-routes.js
@ -1,80 +0,0 @@
 const express = require('express')
 const argv = require('minimist')(process.argv.slice(2))
 const bodyParser = require('body-parser')
 const compression = require('compression')
 const helmet = require('helmet')
 const morgan = require('morgan')
 const nocache = require('nocache')
 const authorize = require('./middlewares/authorize')
 const errorHandler = require('./middlewares/errorHandler')
 const filterOldRequests = require('./middlewares/filterOldRequests')
 const logger = require('./logger')
 const options = require('./options')
 const populateDeviceId = require('./middlewares/populateDeviceId')
 const populateSettings = require('./middlewares/populateSettings')
 const customerRoutes = require('./routes/customerRoutes')
 const logsRoutes = require('./routes/logsRoutes')
 const ownAuthorizationRoutes = require('./routes/ownAuthorizationRoutes')
 const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
 const pollingRoutes = require('./routes/pollingRoutes')
 const stateRoutes = require('./routes/stateRoutes')
 const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
 const txRoutes = require('./routes/txRoutes')
 const verifyUserRoutes = require('./routes/verifyUserRoutes')
 const verifyTxRoutes = require('./routes/verifyTxRoutes')
 const localAppRoutes = require('./routes/localAppRoutes')
 const app = express()
 const localApp = express()
 const configRequiredRoutes = [
  '/poll',
  '/terms_conditions',
  '/event',
  '/phone_code',
  '/customer',
  '/tx'
 ]
 const devMode = argv.dev || options.http
 // middleware setup
 app.use(compression({ threshold: 500 }))
 app.use(helmet())
 app.use(nocache())
 app.use(bodyParser.json({ limit: '2mb' }))
 app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))
 // app /pair and /ca routes
 app.use('/', ownAuthorizationRoutes)
 app.use(populateDeviceId)
 if (!devMode) app.use(authorize)
 app.use(configRequiredRoutes, populateSettings)
 app.use(filterOldRequests)
 // other app routes
 app.use('/poll', pollingRoutes)
 app.use('/terms_conditions', termsAndConditionsRoutes)
 app.use('/state', stateRoutes)
 app.use('/verify_user', verifyUserRoutes)
 app.use('/verify_transaction', verifyTxRoutes)
 app.use('/phone_code', phoneCodeRoutes)
 app.use('/customer', customerRoutes)
 app.use('/tx', txRoutes)
 app.use('/logs', logsRoutes)
 app.use(errorHandler)
 app.use((req, res) => {
  res.status(404).json({ error: 'No such route' })
 })
 // localapp routes
 localApp.use('/', localAppRoutes)
 module.exports = { app, localApp }
--- a/lib/route-helpers.js
+++ b/lib/route-helpers.js
@ -20,7 +20,7 @@ function stateChange (deviceId, deviceTime, rec) {
    id: rec.uuid,
    deviceId: deviceId,
    eventType: 'stateChange',
-    note: JSON.stringify({state: rec.state, isIdle: rec.isIdle, txId: rec.txId}),
+    note: JSON.stringify({ state: rec.state, isIdle: rec.isIdle, txId: rec.txId }),
    deviceTime: deviceTime
  }
  return dbm.machineEvent(event)
@ -93,5 +93,6 @@ module.exports = {
  stateChange,
  fetchPhoneTx,
  fetchStatusTx,
-  updateDeviceConfigVersion
+  updateDeviceConfigVersion,
  httpError
 }
--- a/lib/routes.js
+++ b/lib/routes.js
@ -1,488 +1,36 @@
 'use strict'
 const compression = require('compression')
 const morgan = require('morgan')
 const helmet = require('helmet')
 const nocache = require('nocache')
 const bodyParser = require('body-parser')
 const _ = require('lodash/fp')
 const express = require('express')
 const nmd = require('nano-markdown')
 const semver = require('semver')
 const dbErrorCodes = require('./db-error-codes')
 const options = require('./options')
 const logger = require('./logger')
 const configManager = require('./new-config-manager')
 const complianceTriggers = require('./compliance-triggers')
 const pairing = require('./pairing')
 const newSettingsLoader = require('./new-settings-loader')
 const plugins = require('./plugins')
 const helpers = require('./route-helpers')
 const poller = require('./poller')
 const Tx = require('./tx')
 const E = require('./error')
 const customers = require('./customers')
 const logs = require('./logs')
 const compliance = require('./compliance')
 const promoCodes = require('./promo-codes')
 const BN = require('./bn')
 const commissionMath = require('./commission-math')
 const notifier = require('./notifier')
 const version = require('../package.json').version
 const argv = require('minimist')(process.argv.slice(2))
-
+const bodyParser = require('body-parser')
-const CLOCK_SKEW = 60 * 1000
+const compression = require('compression')
-const REQUEST_TTL = 3 * 60 * 1000
+const helmet = require('helmet')
-const THROTTLE_LOGS_QUERY = 30 * 1000
+const morgan = require('morgan')
-const THROTTLE_CLOCK_SKEW = 60 * 1000
+const nocache = require('nocache')
-const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000
+
-
+const authorize = require('./middlewares/authorize')
-const pids = {}
+const errorHandler = require('./middlewares/errorHandler')
-const reboots = {}
+const filterOldRequests = require('./middlewares/filterOldRequests')
-const shutdowns = {}
+const logger = require('./logger')
-const restartServicesMap = {}
+const options = require('./options')
-const canGetLastSeenMap = {}
+const findOperatorId = require('./middlewares/operatorId')
-const canLogClockSkewMap = {}
+const populateDeviceId = require('./middlewares/populateDeviceId')
-const settingsCache = {}
+const populateSettings = require('./middlewares/populateSettings')
-
+
-const devMode = argv.dev || options.http
+const customerRoutes = require('./routes/customerRoutes')
-
+const logsRoutes = require('./routes/logsRoutes')
-function checkHasLightning (settings) {
+const rootRoutes = require('./routes/rootRoutes')
-  return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
+const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
-}
+const pollingRoutes = require('./routes/pollingRoutes')
-
+const stateRoutes = require('./routes/stateRoutes')
-function poll (req, res, next) {
+const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
-  const machineVersion = req.query.version
+const txRoutes = require('./routes/txRoutes')
-  const machineModel = req.query.model
+const verifyUserRoutes = require('./routes/verifyUserRoutes')
-  const deviceId = req.deviceId
+const verifyTxRoutes = require('./routes/verifyTxRoutes')
-  const deviceTime = req.deviceTime
+const verifyPromoCodeRoutes = require('./routes/verifyPromoCodeRoutes')
-  const serialNumber = req.query.sn
+
-  const pid = req.query.pid
+const localAppRoutes = require('./routes/localAppRoutes')
-  const settings = req.settings
+
-  const localeConfig = configManager.getLocale(deviceId, settings.config)
+const app = express()
-  const pi = plugins(settings, deviceId)
+const localApp = express()
  const hasLightning = checkHasLightning(settings)
  const triggers = configManager.getTriggers(settings.config)
  const operatorInfo = configManager.getOperatorInfo(settings.config)
  const machineInfo = { deviceId: req.deviceId, deviceName: req.deviceName }
  const cashOutConfig = configManager.getCashOut(deviceId, settings.config)
  const receipt = configManager.getReceipt(settings.config)
  const terms = configManager.getTermsConditions(settings.config)
  pids[deviceId] = { pid, ts: Date.now() }
  return pi.pollQueries(serialNumber, deviceTime, req.query, machineVersion, machineModel)
    .then(results => {
      const cassettes = results.cassettes
      const reboot = pid && reboots[deviceId] && reboots[deviceId] === pid
      const shutdown = pid && shutdowns[deviceId] && shutdowns[deviceId] === pid
      const restartServices = pid && restartServicesMap[deviceId] && restartServicesMap[deviceId] === pid
      const langs = localeConfig.languages
      const locale = {
        fiatCode: localeConfig.fiatCurrency,
        localeInfo: {
          primaryLocale: langs[0],
          primaryLocales: langs,
          country: localeConfig.country
        }
      }
      const response = {
        error: null,
        locale,
        version,
        receiptPrintingActive: receipt.active,
        cassettes,
        twoWayMode: cashOutConfig.active,
        zeroConfLimit: cashOutConfig.zeroConfLimit,
        reboot,
        shutdown,
        restartServices,
        hasLightning,
        receipt,
        operatorInfo,
        machineInfo,
        triggers
      }
      // BACKWARDS_COMPATIBILITY 7.5
      // machines before 7.5 expect old compliance
      if (!machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')) {
        const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
        response.smsVerificationActive = !!compatTriggers.sms
        response.smsVerificationThreshold = compatTriggers.sms
        response.idCardDataVerificationActive = !!compatTriggers.idCardData
        response.idCardDataVerificationThreshold = compatTriggers.idCardData
        response.idCardPhotoVerificationActive = !!compatTriggers.idCardPhoto
        response.idCardPhotoVerificationThreshold = compatTriggers.idCardPhoto
        response.sanctionsVerificationActive = !!compatTriggers.sancations
        response.sanctionsVerificationThreshold = compatTriggers.sancations
        response.frontCameraVerificationActive = !!compatTriggers.facephoto
        response.frontCameraVerificationThreshold = compatTriggers.facephoto
      }
      // BACKWARDS_COMPATIBILITY 7.4.9
      // machines before 7.4.9 expect t&c on poll
      if (!machineVersion || semver.lt(machineVersion, '7.4.9')) {
        response.terms = createTerms(terms)
      }
      return res.json(_.assign(response, results))
    })
    .catch(next)
 }
 function getTermsConditions (req, res, next) {
  const deviceId = req.deviceId
  const settings = req.settings
  const terms = configManager.getTermsConditions(settings.config)
  const pi = plugins(settings, deviceId)
  return pi.fetchCurrentConfigVersion().then(version => {
    return res.json({ terms: createTerms(terms), version })
  })
    .catch(next)
 }
 function getTx (req, res, next) {
  if (req.query.status) {
    return helpers.fetchStatusTx(req.params.id, req.query.status)
      .then(r => res.json(r))
      .catch(next)
  }
  return next(httpError('Not Found', 404))
 }
 function getPhoneTx (req, res, next) {
  if (req.query.phone) {
    return helpers.fetchPhoneTx(req.query.phone)
      .then(r => res.json(r))
      .catch(next)
  }
  return next(httpError('Not Found', 404))
 }
 function postTx (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  return Tx.post(_.set('deviceId', req.deviceId, req.body), pi)
    .then(tx => {
      if (tx.errorCode) {
        logger.error(tx.error)
        throw httpError(tx.error, 500)
      }
      return res.json(tx)
    })
    .catch(err => {
      // 204 so that l-m can ignore the error
      // this is fine because the request is polled and will be retried if needed.
      if (err.code === dbErrorCodes.SERIALIZATION_FAILURE) {
        logger.warn('Harmless DB conflict, the query will be retried.')
        return res.status(204).json({})
      }
      if (err instanceof E.StaleTxError) return res.status(409).json({ errorType: 'stale' })
      if (err instanceof E.RatchetError) return res.status(409).json({ errorType: 'ratchet' })
      throw err
    })
    .catch(next)
 }
 function stateChange (req, res, next) {
  helpers.stateChange(req.deviceId, req.deviceTime, req.body)
    .then(() => respond(req, res))
    .catch(next)
 }
 function verifyUser (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  pi.verifyUser(req.body)
    .then(idResult => respond(req, res, idResult))
    .catch(next)
 }
 function verifyTx (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  pi.verifyTransaction(req.body)
    .then(idResult => respond(req, res, idResult))
    .catch(next)
 }
 function verifyPromoCode (req, res, next) {
  promoCodes.getPromoCode(req.body.codeInput)
    .then(promoCode => {
      if (!promoCode) return next()
      const transaction = req.body.tx
      const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
      const tickerRate = BN(transaction.rawTickerPrice)
      const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
      const rates = {
        [transaction.cryptoCode]: {
          [transaction.direction]: (transaction.direction === 'cashIn')
            ? tickerRate.mul(discount).round(5)
            : tickerRate.div(discount).round(5)
        }
      }
      respond(req, res, {
        promoCode: promoCode,
        newRates: rates
      })
    })
    .catch(next)
 }
 function addOrUpdateCustomer (req) {
  const customerData = req.body
  const machineVersion = req.query.version
  const triggers = configManager.getTriggers(req.settings.config)
  const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
  const maxDaysThreshold = complianceTriggers.maxDaysThreshold(triggers)
  return customers.get(customerData.phone)
    .then(customer => {
      if (customer) return customer
      return customers.add(req.body)
    })
    .then(customer => {
      // BACKWARDS_COMPATIBILITY 7.5
      // machines before 7.5 expect customer with sanctions result
      const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
      const shouldRunOfacCompat = !compatTriggers.sanctions && isOlderMachineVersion
      if (!shouldRunOfacCompat) return customer
      return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, customer)
        .then(patch => {
          if (_.isEmpty(patch)) return customer
          return customers.update(customer.id, patch)
        })
    }).then(customer => {
      return Tx.customerHistory(customer.id, maxDaysThreshold)
        .then(result => {
          customer.txHistory = result
          return customer
        })
    })
 }
 function getCustomerWithPhoneCode (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  const phone = req.body.phone
  return pi.getPhoneCode(phone)
    .then(code => {
      return addOrUpdateCustomer(req)
        .then(customer => respond(req, res, { code, customer }))
    })
    .catch(err => {
      if (err.name === 'BadNumberError') throw httpError('Bad number', 401)
      throw err
    })
    .catch(next)
 }
 function updateCustomer (req, res, next) {
  const id = req.params.id
  const machineVersion = req.query.version
  const txId = req.query.txId
  const patch = req.body
  const triggers = configManager.getTriggers(req.settings.config)
  const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
  customers.getById(id)
    .then(customer => {
      if (!customer) { throw httpError('Not Found', 404) }
      const mergedCustomer = _.merge(customer, patch)
      // BACKWARDS_COMPATIBILITY 7.5
      // machines before 7.5 expect customer with sanctions result
      const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
      return Promise.resolve({})
        .then(emptyObj => {
          if (!isOlderMachineVersion) return Promise.resolve(emptyObj)
          return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, mergedCustomer)
        })
        .then(_.merge(patch))
        .then(newPatch => customers.updatePhotoCard(id, newPatch))
        .then(newPatch => customers.updateFrontCamera(id, newPatch))
        .then(newPatch => customers.update(id, newPatch, null, txId))
    })
    .then(customer => respond(req, res, { customer }))
    .catch(next)
 }
 function triggerSanctions (req, res, next) {
  const id = req.params.id
  customers.getById(id)
    .then(customer => {
      if (!customer) { throw httpError('Not Found', 404) }
      return compliance.validationPatch(req.deviceId, true, customer)
        .then(patch => customers.update(id, patch))
    })
    .then(customer => respond(req, res, { customer }))
    .catch(next)
 }
 function triggerBlock (req, res, next) {
  const id = req.params.id
  customers.update(id, { authorizedOverride: 'blocked' })
    .then(customer => {
      notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'BLOCKED')
      return respond(req, res, { customer })
    })
    .catch(next)
 }
 function triggerSuspend (req, res, next) {
  const id = req.params.id
  const triggerId = req.body.triggerId
  const triggers = configManager.getTriggers(req.settings.config)
  const getSuspendDays = _.compose(_.get('suspensionDays'), _.find(_.matches({ id: triggerId })))
  const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)
  const date = new Date()
  date.setDate(date.getDate() + days);
  customers.update(id, { suspendedUntil: date })
    .then(customer => {
      notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'SUSPENDED', days)
      return respond(req, res, { customer })
    })
    .catch(next)
 }
 function getLastSeen (req, res, next) {
  const deviceId = req.deviceId
  const timestamp = Date.now()
  const shouldTrigger = !canGetLastSeenMap[deviceId] ||
    timestamp - canGetLastSeenMap[deviceId] >= THROTTLE_LOGS_QUERY
  if (shouldTrigger) {
    canGetLastSeenMap[deviceId] = timestamp
    return logs.getLastSeen(deviceId)
      .then(r => res.json(r))
      .catch(next)
  }
  return res.status(408).json({})
 }
 function updateLogs (req, res, next) {
  return logs.update(req.deviceId, req.body.logs)
    .then(status => res.json({ success: status }))
    .catch(next)
 }
 function ca (req, res) {
  const token = req.query.token
  return pairing.authorizeCaDownload(token)
    .then(ca => res.json({ ca }))
    .catch(() => res.status(403).json({ error: 'forbidden' }))
 }
 function pair (req, res, next) {
  const token = req.query.token
  const deviceId = req.deviceId
  const model = req.query.model
  return pairing.pair(token, deviceId, model)
    .then(valid => {
      if (valid) {
        return res.json({ status: 'paired' })
      }
      throw httpError('Pairing failed')
    })
    .catch(next)
 }
 function errorHandler (err, req, res, next) {
  const statusCode = err.name === 'HTTPError'
    ? err.code || 500
    : 500
  const json = { error: err.message }
  if (statusCode >= 400) logger.error(err)
  return res.status(statusCode).json(json)
 }
 function respond (req, res, _body, _status) {
  const status = _status || 200
  const body = _body || {}
  const customer = _.getOr({ sanctions: true }, ['customer'], body)
  // sanctions can be null for new customers so we can't use falsy checks
  if (customer.sanctions === false) {
    notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
  }
  return res.status(status).json(body)
 }
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function filterOldRequests (req, res, next) {
  const deviceTime = req.deviceTime
  const deviceId = req.deviceId
  const timestamp = Date.now()
  const delta = timestamp - Date.parse(deviceTime)
  const shouldTrigger = !canLogClockSkewMap[deviceId] ||
    timestamp - canLogClockSkewMap[deviceId] >= THROTTLE_CLOCK_SKEW
  if (delta > CLOCK_SKEW && shouldTrigger) {
    canLogClockSkewMap[deviceId] = timestamp
    logger.error('Clock skew with lamassu-machine[%s] too high [%ss], adjust lamassu-machine clock',
      req.deviceName, (delta / 1000).toFixed(2))
  }
  if (delta > REQUEST_TTL) return res.status(408).json({ error: 'stale' })
  next()
 }
 function authorize (req, res, next) {
  const deviceId = req.deviceId
  return pairing.isPaired(deviceId)
    .then(deviceName => {
      if (deviceName) {
        req.deviceId = deviceId
        req.deviceName = deviceName
        return next()
      }
      return res.status(403).json({ error: 'Forbidden' })
    })
    .catch(next)
 }
 const skip = (req, res) => _.includes(req.path, ['/poll', '/state', '/logs']) && _.includes(res.statusCode, [200, 408])
 const configRequiredRoutes = [
  '/poll',
@ -493,168 +41,46 @@ const configRequiredRoutes = [
  '/tx',
  '/verify_promo_code'
 ]
 const devMode = argv.dev || options.http
-const app = express()
+// middleware setup
 const localApp = express()
 app.use(compression({ threshold: 500 }))
 app.use(helmet())
 app.use(nocache())
 app.use(bodyParser.json({ limit: '2mb' }))
 app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))
-// These two have their own authorization
+// app /pair and /ca routes
-app.post('/pair', populateDeviceId, pair)
+app.use('/', rootRoutes)
 app.get('/ca', ca)
 app.use(findOperatorId)
 app.use(populateDeviceId)
 if (!devMode) app.use(authorize)
 app.use(configRequiredRoutes, populateSettings)
 app.use(filterOldRequests)
-app.get('/poll', poll)
+// other app routes
-app.get('/terms_conditions', getTermsConditions)
+app.use('/poll', pollingRoutes)
-app.post('/state', stateChange)
+app.use('/terms_conditions', termsAndConditionsRoutes)
 app.use('/state', stateRoutes)
-app.post('/verify_user', verifyUser)
+app.use('/verify_user', verifyUserRoutes)
-app.post('/verify_transaction', verifyTx)
+app.use('/verify_transaction', verifyTxRoutes)
-app.post('/verify_promo_code', verifyPromoCode)
+app.use('/verify_promo_code', verifyPromoCodeRoutes)
-app.post('/phone_code', getCustomerWithPhoneCode)
+app.use('/phone_code', phoneCodeRoutes)
-app.patch('/customer/:id', updateCustomer)
+app.use('/customer', customerRoutes)
 app.patch('/customer/:id/sanctions', triggerSanctions)
 app.patch('/customer/:id/block', triggerBlock)
 app.patch('/customer/:id/suspend', triggerSuspend)
-app.post('/tx', postTx)
+app.use('/tx', txRoutes)
-app.get('/tx/:id', getTx)
+
-app.get('/tx', getPhoneTx)
+app.use('/logs', logsRoutes)
 app.get('/logs', getLastSeen)
 app.post('/logs', updateLogs)
 app.use(errorHandler)
 app.use((req, res) => {
  res.status(404).json({ error: 'No such route' })
 })
-localApp.get('/pid', (req, res) => {
+// localapp routes
-  const deviceId = req.query.device_id
+localApp.use('/', localAppRoutes)
  const pidRec = pids[deviceId]
  res.json(pidRec)
 })
 localApp.post('/reboot', (req, res) => {
  const deviceId = req.query.device_id
  const pid = pids[deviceId] && pids[deviceId].pid
  if (!deviceId || !pid) {
    return res.sendStatus(400)
  }
  reboots[deviceId] = pid
  res.sendStatus(200)
 })
 localApp.post('/shutdown', (req, res) => {
  const deviceId = req.query.device_id
  const pid = pids[deviceId] && pids[deviceId].pid
  if (!deviceId || !pid) {
    return res.sendStatus(400)
  }
  shutdowns[deviceId] = pid
  res.sendStatus(200)
 })
 localApp.post('/restartServices', (req, res) => {
  const deviceId = req.query.device_id
  const pid = pids[deviceId] && pids[deviceId].pid
  if (!deviceId || !pid) {
    return res.sendStatus(400)
  }
  restartServicesMap[deviceId] = pid
  res.sendStatus(200)
 })
 localApp.post('/dbChange', (req, res, next) => {
  settingsCache.cache = null
  return newSettingsLoader.loadLatest()
    .then(poller.reload)
    .then(() => logger.info('Config reloaded'))
    .catch(err => {
      logger.error(err)
      res.sendStatus(500)
    })
 })
 function sha256 (buf) {
  const crypto = require('crypto')
  const hash = crypto.createHash('sha256')
  hash.update(buf)
  return hash.digest('hex').toString('hex')
 }
 function populateDeviceId (req, res, next) {
  const deviceId = _.isFunction(req.connection.getPeerCertificate)
    ? sha256(req.connection.getPeerCertificate().raw)
    : null
  req.deviceId = deviceId
  req.deviceTime = req.get('date')
  next()
 }
 let oldVersionId = 'initial'
 function populateSettings (req, res, next) {
  const versionId = req.headers['config-version']
  if (versionId !== oldVersionId) {
    oldVersionId = versionId
  }
  // Clear cache every hour
  if (Date.now() - settingsCache.timestamp > SETTINGS_CACHE_REFRESH) {
    settingsCache.cache = null
  }
  if (!versionId && settingsCache.cache) {
    req.settings = settingsCache.cache
    return next()
  }
  if (!versionId && !settingsCache.cache) {
    return newSettingsLoader.loadLatest()
      .then(settings => {
        settingsCache.cache = settings
        settingsCache.timestamp = Date.now()
        req.settings = settings
      })
      .then(() => next())
      .catch(next)
  }
  newSettingsLoader.load(versionId)
    .then(settings => { req.settings = settings })
    .then(() => helpers.updateDeviceConfigVersion(versionId))
    .then(() => next())
    .catch(next)
 }
 function createTerms (terms) {
  if (!terms.active || !terms.text) return null
  return {
    active: terms.active,
    title: terms.title,
    text: nmd(terms.text),
    accept: terms.acceptButtonText,
    cancel: terms.cancelButtonText
  }
 }
 module.exports = { app, localApp }
--- a/lib/routes/customerRoutes.js
+++ b/lib/routes/customerRoutes.js
@ -7,14 +7,7 @@ const compliance = require('../compliance')
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const customers = require('../customers')
-
+const httpError = require('../route-helpers').httpError
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function updateCustomer (req, res, next) {
  const id = req.params.id
@ -54,10 +47,8 @@ function triggerSanctions (req, res, next) {
  customers.getById(id)
    .then(customer => {
      if (!customer) { throw httpError('Not Found', 404) }
      return compliance.validationPatch(req.deviceId, true, customer)
        .then(patch => customers.update(id, patch))
    })
    .then(customer => res.status(200).json({ customer }))
    .catch(next)
@ -81,7 +72,7 @@ function triggerSuspend (req, res, next) {
  const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)
  const date = new Date()
-  date.setDate(date.getDate() + days);
+  date.setDate(date.getDate() + days)
  customers.update(id, { suspendedUntil: date })
    .then(customer => res.status(200).json({ customer }))
    .catch(next)
@ -92,4 +83,4 @@ router.patch('/:id/sanctions', triggerSanctions)
 router.patch('/:id/block', triggerBlock)
 router.patch('/:id/suspend', triggerSuspend)
-module.exports = router
+module.exports = router
--- a/lib/routes/localAppRoutes.js
+++ b/lib/routes/localAppRoutes.js
@ -1,10 +1,6 @@
 const express = require('express')
 const router = express.Router()
 const logger = require('../logger')
 const newSettingsLoader = require('../new-settings-loader')
 const poller = require('../poller')
 const settingsCache = require('../middlewares/settingsCache')
 const state = require('../middlewares/state')
 router.get('/pid', (req, res) => {
@ -49,15 +45,4 @@ router.post('/restartServices', (req, res) => {
  res.sendStatus(200)
 })
-router.post('/dbChange', (req, res, next) => {
+module.exports = router
  settingsCache.clearCache()
  return newSettingsLoader.loadLatest()
    .then(poller.reload)
    .then(() => logger.info('Config reloaded'))
    .catch(err => {
      logger.error(err)
      res.sendStatus(500)
    })
 })
 module.exports = router
--- a/lib/routes/logsRoutes.js
+++ b/lib/routes/logsRoutes.js
@ -1,6 +1,5 @@
 const express = require('express')
 const router = express.Router()
 const _ = require('lodash/fp')
 const state = require('../middlewares/state')
 const logs = require('../logs')
@ -32,4 +31,4 @@ function updateLogs (req, res, next) {
 router.get('/', getLastSeen)
 router.post('/', updateLogs)
-module.exports = router
+module.exports = router
--- a/lib/routes/ownAuthorizationRoutes.js
+++ b/lib/routes/ownAuthorizationRoutes.js
@ -1,11 +0,0 @@
 const express = require('express')
 const router = express.Router()
 const ca = require('../middlewares/ca')
 const pair = require('../middlewares/pair')
 const populateDeviceId = require('../middlewares/populateDeviceId')
 router.post('/pair', populateDeviceId, pair)
 router.get('/ca', ca)
 module.exports = router
--- a/lib/routes/phoneCodeRoutes.js
+++ b/lib/routes/phoneCodeRoutes.js
@ -7,6 +7,7 @@ const compliance = require('../compliance')
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const customers = require('../customers')
 const httpError = require('../route-helpers').httpError
 const plugins = require('../plugins')
 const Tx = require('../tx')
@ -44,14 +45,6 @@ function addOrUpdateCustomer (req) {
    })
 }
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function getCustomerWithPhoneCode (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  const phone = req.body.phone
@ -70,4 +63,4 @@ function getCustomerWithPhoneCode (req, res, next) {
 router.post('/', getCustomerWithPhoneCode)
-module.exports = router
+module.exports = router
--- a/lib/routes/pollingRoutes.js
+++ b/lib/routes/pollingRoutes.js
@ -1,7 +1,9 @@
 const express = require('express')
-const router = express.Router()
+const nmd = require('nano-markdown')
 const _ = require('lodash/fp')
 const router = express.Router()
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const plugins = require('../plugins')
@ -13,17 +15,13 @@ function checkHasLightning (settings) {
  return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
 }
-function createTerms (terms) {
+const createTerms = terms => (terms.active && terms.text) ? ({
-  if (!terms.active || !terms.text) return null
+  active: terms.active,
-
+  title: terms.title,
-  return {
+  text: nmd(terms.text),
-    active: terms.active,
+  accept: terms.acceptButtonText,
-    title: terms.title,
+  cancel: terms.cancelButtonText
-    text: nmd(terms.text),
+}) : null
    accept: terms.acceptButtonText,
    cancel: terms.cancelButtonText
  }
 }
 function poll (req, res, next) {
  const machineVersion = req.query.version
@ -109,4 +107,4 @@ function poll (req, res, next) {
 router.get('/', poll)
-module.exports = router
+module.exports = router
--- a/lib/routes/rootRoutes.js
+++ b/lib/routes/rootRoutes.js
@ -0,0 +1,25 @@
 const express = require('express')
 const router = express.Router()
 const ca = require('../middlewares/ca')
 const httpError = require('../route-helpers').httpError
 const pairing = require('../pairing')
 const populateDeviceId = require('../middlewares/populateDeviceId')
 function pair (req, res, next) {
  const token = req.query.token
  const deviceId = req.deviceId
  const model = req.query.model
  return pairing.pair(token, deviceId, model)
    .then(isValid => {
      if (isValid) return res.json({ status: 'paired' })
      throw httpError('Pairing failed')
    })
    .catch(next)
 }
 router.post('/pair', populateDeviceId, pair)
 router.get('/ca', ca)
 module.exports = router
--- a/lib/routes/stateRoutes.js
+++ b/lib/routes/stateRoutes.js
@ -11,4 +11,4 @@ function stateChange (req, res, next) {
 router.post('/', stateChange)
-module.exports = router
+module.exports = router
--- a/lib/routes/termsAndConditionsRoutes.js
+++ b/lib/routes/termsAndConditionsRoutes.js
@ -1,20 +1,18 @@
 const express = require('express')
 const nmd = require('nano-markdown')
 const router = express.Router()
 const configManager = require('../new-config-manager')
 const plugins = require('../plugins')
-function createTerms (terms) {
+const createTerms = terms => (terms.active && terms.text) ? ({
-  if (!terms.active || !terms.text) return null
+  active: terms.active,
-
+  title: terms.title,
-  return {
+  text: nmd(terms.text),
-    active: terms.active,
+  accept: terms.acceptButtonText,
-    title: terms.title,
+  cancel: terms.cancelButtonText
-    text: nmd(terms.text),
+}) : null
    accept: terms.acceptButtonText,
    cancel: terms.cancelButtonText
  }
 }
 function getTermsConditions (req, res, next) {
  const deviceId = req.deviceId
@ -32,4 +30,4 @@ function getTermsConditions (req, res, next) {
 router.get('/', getTermsConditions)
-module.exports = router
+module.exports = router
--- a/lib/routes/txRoutes.js
+++ b/lib/routes/txRoutes.js
@ -3,19 +3,13 @@ const router = express.Router()
 const _ = require('lodash/fp')
 const dbErrorCodes = require('../db-error-codes')
 const E = require('../error')
 const helpers = require('../route-helpers')
 const httpError = require('../route-helpers').httpError
 const logger = require('../logger')
 const plugins = require('../plugins')
 const Tx = require('../tx')
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function postTx (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
@ -67,4 +61,4 @@ router.post('/', postTx)
 router.get('/:id', getTx)
 router.get('/', getPhoneTx)
-module.exports = router
+module.exports = router
--- a/lib/routes/verifyPromoCodeRoutes.js
+++ b/lib/routes/verifyPromoCodeRoutes.js
@ -0,0 +1,49 @@
 const express = require('express')
 const router = express.Router()
 const _ = require('lodash/fp')
 const BN = require('../bn')
 const commissionMath = require('../commission-math')
 const configManager = require('../new-config-manager')
 const notifier = require('../notifier')
 const promoCodes = require('../promo-codes')
 function respond (req, res, _body, _status) {
  const status = _status || 200
  const body = _body || {}
  const customer = _.getOr({ sanctions: true }, ['customer'], body)
  // sanctions can be null for new customers so we can't use falsy checks
  if (customer.sanctions === false) {
    notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
  }
  return res.status(status).json(body)
 }
 function verifyPromoCode (req, res, next) {
  promoCodes.getPromoCode(req.body.codeInput)
    .then(promoCode => {
      if (!promoCode) return next()
      const transaction = req.body.tx
      const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
      const tickerRate = BN(transaction.rawTickerPrice)
      const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
      const rates = {
        [transaction.cryptoCode]: {
          [transaction.direction]: (transaction.direction === 'cashIn')
            ? tickerRate.mul(discount).round(5)
            : tickerRate.div(discount).round(5)
        }
      }
      respond(req, res, {
        promoCode: promoCode,
        newRates: rates
      })
    })
    .catch(next)
 }
 router.post('/', verifyPromoCode)
 module.exports = router
--- a/lib/routes/verifyTxRoutes.js
+++ b/lib/routes/verifyTxRoutes.js
@ -12,4 +12,4 @@ function verifyTx (req, res, next) {
 router.post('/', verifyTx)
-module.exports = router
+module.exports = router
--- a/lib/routes/verifyUserRoutes.js
+++ b/lib/routes/verifyUserRoutes.js
@ -12,4 +12,4 @@ function verifyUser (req, res, next) {
 router.post('/', verifyUser)
-module.exports = router
+module.exports = router
--- a/lib/wallet.js
+++ b/lib/wallet.js
@ -10,22 +10,15 @@ const mnemonicHelpers = require('./mnemonic-helpers')
 const options = require('./options')
 const ph = require('./plugin-helper')
 const layer2 = require('./layer2')
 const httpError = require('./route-helpers').httpError
 const FETCH_INTERVAL = 5000
 const INSUFFICIENT_FUNDS_CODE = 570
 const INSUFFICIENT_FUNDS_NAME = 'InsufficientFunds'
 const ZERO_CONF_EXPIRATION = 60000
 function httpError (msg, code) {
  const err = new Error(msg)
  err.name = 'HTTPError'
  err.code = code || 500
  return err
 }
 function computeSeed (masterSeed) {
-  return hkdf(masterSeed, 32, {salt: 'lamassu-server-salt', info: 'wallet-seed'})
+  return hkdf(masterSeed, 32, { salt: 'lamassu-server-salt', info: 'wallet-seed' })
 }
 function fetchWallet (settings, cryptoCode) {
`@ -11,4 +11,4 @@ function stateChange (req, res, next) {`

	`router.post('/', stateChange)`	`router.post('/', stateChange)`

	`module.exports = router`	`module.exports = router`
`@ -12,4 +12,4 @@ function verifyTx (req, res, next) {`

	`router.post('/', verifyTx)`	`router.post('/', verifyTx)`

	`module.exports = router`	`module.exports = router`
`@ -12,4 +12,4 @@ function verifyUser (req, res, next) {`

	`router.post('/', verifyUser)`	`router.post('/', verifyUser)`

	`module.exports = router`	`module.exports = router`