Feat: implement per operator settings cache

Fix: fix linter-found issues Chore: move findOperatorId to own middleware file Chore: delete old routes.js file and rename new-routes.js to routes.js Fix: PR fixes
2021-01-13 19:04:40 +00:00 · 2021-01-13 19:04:40 +00:00 · 558317e9f3
commit 558317e9f3
parent 85235eaa13
30 changed files with 232 additions and 860 deletions
--- a/bin/lamassu-server
+++ b/bin/lamassu-server
@ -9,4 +9,4 @@ process.on('unhandledRejection', err => {
 })

 app.run()
-.catch(console.log)
+  .catch(console.log)
--- a/lib/app.js
+++ b/lib/app.js
@ -3,7 +3,7 @@ const http = require('http')
 const https = require('https')
 const argv = require('minimist')(process.argv.slice(2))

-const routes = require('./new-routes')
+const routes = require('./routes')
 const logger = require('./logger')
 const poller = require('./poller')
 const settingsLoader = require('./new-settings-loader')
@ -90,4 +90,4 @@ function startServer (settings) {
    })
 }

-module.exports = {run}
+module.exports = { run }
--- a/lib/cash-out/cash-out-tx.js
+++ b/lib/cash-out/cash-out-tx.js
@ -9,6 +9,7 @@ const T = require('../time')
 const logger = require('../logger')
 const plugins = require('../plugins')

+const httpError = require('../route-helpers').httpError
 const helper = require('./cash-out-helper')
 const cashOutAtomic = require('./cash-out-atomic')
 const cashOutActions = require('./cash-out-actions')
@ -31,14 +32,6 @@ const INSUFFICIENT_FUNDS_CODE = 570

 const toObj = helper.toObj

-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
-
 function selfPost (tx, pi) {
  return post(tx, pi, false)
 }
@ -83,7 +76,7 @@ function postProcess (txVector, justAuthorized, pi) {
        }

        return cashOutActions.logAction(db, 'provisionNotes', rec, newTx)
-          .then(_.constant({bills}))
+          .then(_.constant({ bills }))
      })
      .catch(err => {
        pi.notifyOperator(newTx, { error: err.message, isRedemption: true })
--- a/lib/middlewares/authorize.js
+++ b/lib/middlewares/authorize.js
@ -16,4 +16,4 @@ const authorize = function (req, res, next) {
    .catch(next)
 }

-module.exports = authorize
+module.exports = authorize
--- a/lib/middlewares/ca.js
+++ b/lib/middlewares/ca.js
@ -1,7 +1,6 @@
 const pairing = require('../pairing')

 function ca (req, res) {
-  console.log("ca")
  const token = req.query.token

  return pairing.authorizeCaDownload(token)
@ -9,4 +8,4 @@ function ca (req, res) {
    .catch(() => res.status(403).json({ error: 'forbidden' }))
 }

-module.exports = ca
+module.exports = ca
--- a/lib/middlewares/errorHandler.js
+++ b/lib/middlewares/errorHandler.js
@ -12,4 +12,4 @@ function errorHandler (err, req, res, next) {
  return res.status(statusCode).json(json)
 }

-module.exports = errorHandler
+module.exports = errorHandler
--- a/lib/middlewares/filterOldRequests.js
+++ b/lib/middlewares/filterOldRequests.js
@ -24,4 +24,4 @@ function filterOldRequests (req, res, next) {
  next()
 }

-module.exports = filterOldRequests
+module.exports = filterOldRequests
--- a/lib/middlewares/operatorId.js
+++ b/lib/middlewares/operatorId.js
@ -0,0 +1,30 @@
+const pify = require('pify')
+const fs = pify(require('fs'))
+const hkdf = require('futoin-hkdf')
+
+const state = require('./state')
+const mnemonicHelpers = require('../mnemonic-helpers')
+const options = require('../options')
+
+function computeOperatorId (masterSeed) {
+  return hkdf(masterSeed, 16, { salt: 'lamassu-server-salt', info: 'operator-id' }).toString('hex')
+}
+
+function getMnemonic () {
+  if (state.mnemonic) return Promise.resolve(state.mnemonic)
+  return fs.readFile(options.mnemonicPath, 'utf8').then(mnemonic => {
+    state.mnemonic = mnemonic
+    return mnemonic
+  })
+}
+
+function findOperatorId (req, res, next) {
+  getMnemonic().then(mnemonic => {
+    return computeOperatorId(mnemonicHelpers.toEntropyBuffer(mnemonic))
+  }).then(id => {
+    res.locals.operatorId = id
+  }).catch(e => console.error('Error while computing operator id\n' + e))
+  next()
+}
+
+module.exports = findOperatorId
--- a/lib/middlewares/pair.js
+++ b/lib/middlewares/pair.js
@ -1,20 +0,0 @@
-const pairing = require('../pairing')
-
-function pair (req, res, next) {
-  console.log("pair")
-  const token = req.query.token
-  const deviceId = req.deviceId
-  const model = req.query.model
-
-  return pairing.pair(token, deviceId, model)
-    .then(valid => {
-      if (valid) {
-        return res.json({ status: 'paired' })
-      }
-
-      throw httpError('Pairing failed')
-    })
-    .catch(next)
-}
-
-module.exports = pair
--- a/lib/middlewares/populateDeviceId.js
+++ b/lib/middlewares/populateDeviceId.js
@ -1,7 +1,7 @@
 const _ = require('lodash/fp')
+const crypto = require('crypto')

 function sha256 (buf) {
-  const crypto = require('crypto')
  const hash = crypto.createHash('sha256')

  hash.update(buf)
@ -19,4 +19,4 @@ const populateDeviceId = function (req, res, next) {
  next()
 }

-module.exports = populateDeviceId
+module.exports = populateDeviceId
--- a/lib/middlewares/populateSettings.js
+++ b/lib/middlewares/populateSettings.js
@ -6,26 +6,27 @@ const helpers = require('../route-helpers')
 const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000

 const populateSettings = function (req, res, next) {
+  const operatorId = res.locals.operatorId
  const versionId = req.headers['config-version']
  if (versionId !== state.oldVersionId) {
    state.oldVersionId = versionId
  }

  // Clear cache every hour
-  if (Date.now() - settingsCache.getTimestamp() > SETTINGS_CACHE_REFRESH) {
-    settingsCache.clearCache()
+  if (Date.now() - settingsCache.getTimestamp(operatorId) > SETTINGS_CACHE_REFRESH) {
+    settingsCache.clear(operatorId)
  }

-  if (!versionId && settingsCache.getCache()) {
-    req.settings = settingsCache.getCache()
+  if (!versionId && settingsCache.getCache(operatorId)) {
+    req.settings = settingsCache.getCache(operatorId)
    return next()
  }

-  if (!versionId && !settingsCache.getCache()) {
+  if (!versionId && !settingsCache.getCache(operatorId)) {
    return newSettingsLoader.loadLatest()
      .then(settings => {
-        settingsCache.setCache(settings)
-        settingsCache.setTimestamp(Date.now())
+        settingsCache.setCache(operatorId, settings)
+        settingsCache.setTimestamp(operatorId, Date.now())
        req.settings = settings
      })
      .then(() => next())
@ -39,4 +40,4 @@ const populateSettings = function (req, res, next) {
    .catch(next)
 }

-module.exports = populateSettings
+module.exports = populateSettings
--- a/lib/middlewares/settingsCache.js
+++ b/lib/middlewares/settingsCache.js
@ -1,19 +1,26 @@
+const _ = require('lodash/fp')
 const state = require('./state')

-const getTimestamp = () => state.settingsCache.timestamp
+const getTimestamp = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].timestamp : null

-const getCache = () => state.settingsCache.cache
+const getCache = (operatorId) => state.settingsCache[operatorId] ? state.settingsCache[operatorId].cache : null

-const setTimestamp = (newTimestamp) => state.settingsCache.timestamp = newTimestamp
+const setTimestamp = (operatorId, newTimestamp) => {
+  state.settingsCache = _.set([operatorId, 'timestamp'], newTimestamp, state.settingsCache)
+}

-const setCache = (newCache) => state.settingsCache.cache = newCache
+const setCache = (operatorId, newCache) => {
+  state.settingsCache = _.set([operatorId, 'cache'], newCache, state.settingsCache)
+}

-const clearCache = () => state.settingsCache.cache = null
+const clear = (operatorId) => {
+  state.settingsCache = _.set([operatorId], null, state.settingsCache)
+}

 module.exports = {
  getTimestamp,
  getCache,
  setTimestamp,
  setCache,
-  clearCache
-}
+  clear
+}
--- a/lib/middlewares/state.js
+++ b/lib/middlewares/state.js
@ -1,12 +1,13 @@
-module.exports = function () {
+module.exports = (function () {
  return {
-    oldVersionId: "unset",
+    oldVersionId: 'unset',
    settingsCache: {},
    canLogClockSkewMap: {},
    canGetLastSeenMap: {},
    pids: {},
    reboots: {},
    shutdowns: {},
-    restartServicesMap: {}
+    restartServicesMap: {},
+    mnemonic: null
  }
-}()
+}())
--- a/lib/new-routes.js
+++ b/lib/new-routes.js
@ -1,80 +0,0 @@
-const express = require('express')
-const argv = require('minimist')(process.argv.slice(2))
-const bodyParser = require('body-parser')
-const compression = require('compression')
-const helmet = require('helmet')
-const morgan = require('morgan')
-const nocache = require('nocache')
-
-const authorize = require('./middlewares/authorize')
-const errorHandler = require('./middlewares/errorHandler')
-const filterOldRequests = require('./middlewares/filterOldRequests')
-const logger = require('./logger')
-const options = require('./options')
-const populateDeviceId = require('./middlewares/populateDeviceId')
-const populateSettings = require('./middlewares/populateSettings')
-
-const customerRoutes = require('./routes/customerRoutes')
-const logsRoutes = require('./routes/logsRoutes')
-const ownAuthorizationRoutes = require('./routes/ownAuthorizationRoutes')
-const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
-const pollingRoutes = require('./routes/pollingRoutes')
-const stateRoutes = require('./routes/stateRoutes')
-const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
-const txRoutes = require('./routes/txRoutes')
-const verifyUserRoutes = require('./routes/verifyUserRoutes')
-const verifyTxRoutes = require('./routes/verifyTxRoutes')
-
-const localAppRoutes = require('./routes/localAppRoutes')
-
-const app = express()
-const localApp = express()
-
-const configRequiredRoutes = [
-  '/poll',
-  '/terms_conditions',
-  '/event',
-  '/phone_code',
-  '/customer',
-  '/tx'
-]
-const devMode = argv.dev || options.http
-// middleware setup
-app.use(compression({ threshold: 500 }))
-app.use(helmet())
-app.use(nocache())
-app.use(bodyParser.json({ limit: '2mb' }))
-app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))
-
-// app /pair and /ca routes
-app.use('/', ownAuthorizationRoutes)
-
-app.use(populateDeviceId)
-if (!devMode) app.use(authorize)
-app.use(configRequiredRoutes, populateSettings)
-app.use(filterOldRequests)
-
-// other app routes
-app.use('/poll', pollingRoutes)
-app.use('/terms_conditions', termsAndConditionsRoutes)
-app.use('/state', stateRoutes)
-
-app.use('/verify_user', verifyUserRoutes)
-app.use('/verify_transaction', verifyTxRoutes)
-
-app.use('/phone_code', phoneCodeRoutes)
-app.use('/customer', customerRoutes)
-
-app.use('/tx', txRoutes)
-
-app.use('/logs', logsRoutes)
-
-app.use(errorHandler)
-app.use((req, res) => {
-  res.status(404).json({ error: 'No such route' })
-})
-
-// localapp routes
-localApp.use('/', localAppRoutes)
-
-module.exports = { app, localApp }
--- a/lib/route-helpers.js
+++ b/lib/route-helpers.js
@ -20,7 +20,7 @@ function stateChange (deviceId, deviceTime, rec) {
    id: rec.uuid,
    deviceId: deviceId,
    eventType: 'stateChange',
-    note: JSON.stringify({state: rec.state, isIdle: rec.isIdle, txId: rec.txId}),
+    note: JSON.stringify({ state: rec.state, isIdle: rec.isIdle, txId: rec.txId }),
    deviceTime: deviceTime
  }
  return dbm.machineEvent(event)
@ -93,5 +93,6 @@ module.exports = {
  stateChange,
  fetchPhoneTx,
  fetchStatusTx,
-  updateDeviceConfigVersion
+  updateDeviceConfigVersion,
+  httpError
 }
--- a/lib/routes.js
+++ b/lib/routes.js
@ -1,488 +1,36 @@
-'use strict'
-
-const compression = require('compression')
-const morgan = require('morgan')
-const helmet = require('helmet')
-const nocache = require('nocache')
-const bodyParser = require('body-parser')
-const _ = require('lodash/fp')
 const express = require('express')
-const nmd = require('nano-markdown')
-const semver = require('semver')
-
-const dbErrorCodes = require('./db-error-codes')
-const options = require('./options')
-const logger = require('./logger')
-const configManager = require('./new-config-manager')
-const complianceTriggers = require('./compliance-triggers')
-const pairing = require('./pairing')
-const newSettingsLoader = require('./new-settings-loader')
-const plugins = require('./plugins')
-const helpers = require('./route-helpers')
-const poller = require('./poller')
-const Tx = require('./tx')
-const E = require('./error')
-const customers = require('./customers')
-const logs = require('./logs')
-const compliance = require('./compliance')
-const promoCodes = require('./promo-codes')
-const BN = require('./bn')
-const commissionMath = require('./commission-math')
-const notifier = require('./notifier')
-
-const version = require('../package.json').version
-
 const argv = require('minimist')(process.argv.slice(2))
-
-const CLOCK_SKEW = 60 * 1000
-const REQUEST_TTL = 3 * 60 * 1000
-const THROTTLE_LOGS_QUERY = 30 * 1000
-const THROTTLE_CLOCK_SKEW = 60 * 1000
-const SETTINGS_CACHE_REFRESH = 60 * 60 * 1000
-
-const pids = {}
-const reboots = {}
-const shutdowns = {}
-const restartServicesMap = {}
-const canGetLastSeenMap = {}
-const canLogClockSkewMap = {}
-const settingsCache = {}
-
-const devMode = argv.dev || options.http
-
-function checkHasLightning (settings) {
-  return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
-}
-
-function poll (req, res, next) {
-  const machineVersion = req.query.version
-  const machineModel = req.query.model
-  const deviceId = req.deviceId
-  const deviceTime = req.deviceTime
-  const serialNumber = req.query.sn
-  const pid = req.query.pid
-  const settings = req.settings
-  const localeConfig = configManager.getLocale(deviceId, settings.config)
-  const pi = plugins(settings, deviceId)
-  const hasLightning = checkHasLightning(settings)
-
-  const triggers = configManager.getTriggers(settings.config)
-
-  const operatorInfo = configManager.getOperatorInfo(settings.config)
-  const machineInfo = { deviceId: req.deviceId, deviceName: req.deviceName }
-  const cashOutConfig = configManager.getCashOut(deviceId, settings.config)
-  const receipt = configManager.getReceipt(settings.config)
-  const terms = configManager.getTermsConditions(settings.config)
-
-  pids[deviceId] = { pid, ts: Date.now() }
-
-  return pi.pollQueries(serialNumber, deviceTime, req.query, machineVersion, machineModel)
-    .then(results => {
-      const cassettes = results.cassettes
-
-      const reboot = pid && reboots[deviceId] && reboots[deviceId] === pid
-      const shutdown = pid && shutdowns[deviceId] && shutdowns[deviceId] === pid
-      const restartServices = pid && restartServicesMap[deviceId] && restartServicesMap[deviceId] === pid
-      const langs = localeConfig.languages
-
-      const locale = {
-        fiatCode: localeConfig.fiatCurrency,
-        localeInfo: {
-          primaryLocale: langs[0],
-          primaryLocales: langs,
-          country: localeConfig.country
-        }
-      }
-
-      const response = {
-        error: null,
-        locale,
-        version,
-        receiptPrintingActive: receipt.active,
-        cassettes,
-        twoWayMode: cashOutConfig.active,
-        zeroConfLimit: cashOutConfig.zeroConfLimit,
-        reboot,
-        shutdown,
-        restartServices,
-        hasLightning,
-        receipt,
-        operatorInfo,
-        machineInfo,
-        triggers
-      }
-      // BACKWARDS_COMPATIBILITY 7.5
-      // machines before 7.5 expect old compliance
-      if (!machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')) {
-        const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
-        response.smsVerificationActive = !!compatTriggers.sms
-        response.smsVerificationThreshold = compatTriggers.sms
-        response.idCardDataVerificationActive = !!compatTriggers.idCardData
-        response.idCardDataVerificationThreshold = compatTriggers.idCardData
-        response.idCardPhotoVerificationActive = !!compatTriggers.idCardPhoto
-        response.idCardPhotoVerificationThreshold = compatTriggers.idCardPhoto
-        response.sanctionsVerificationActive = !!compatTriggers.sancations
-        response.sanctionsVerificationThreshold = compatTriggers.sancations
-        response.frontCameraVerificationActive = !!compatTriggers.facephoto
-        response.frontCameraVerificationThreshold = compatTriggers.facephoto
-      }
-
-      // BACKWARDS_COMPATIBILITY 7.4.9
-      // machines before 7.4.9 expect t&c on poll
-      if (!machineVersion || semver.lt(machineVersion, '7.4.9')) {
-        response.terms = createTerms(terms)
-      }
-      return res.json(_.assign(response, results))
-    })
-    .catch(next)
-}
-
-function getTermsConditions (req, res, next) {
-  const deviceId = req.deviceId
-  const settings = req.settings
-
-  const terms = configManager.getTermsConditions(settings.config)
-
-  const pi = plugins(settings, deviceId)
-
-  return pi.fetchCurrentConfigVersion().then(version => {
-    return res.json({ terms: createTerms(terms), version })
-  })
-    .catch(next)
-}
-
-function getTx (req, res, next) {
-  if (req.query.status) {
-    return helpers.fetchStatusTx(req.params.id, req.query.status)
-      .then(r => res.json(r))
-      .catch(next)
-  }
-
-  return next(httpError('Not Found', 404))
-}
-
-function getPhoneTx (req, res, next) {
-  if (req.query.phone) {
-    return helpers.fetchPhoneTx(req.query.phone)
-      .then(r => res.json(r))
-      .catch(next)
-  }
-
-  return next(httpError('Not Found', 404))
-}
-
-function postTx (req, res, next) {
-  const pi = plugins(req.settings, req.deviceId)
-
-  return Tx.post(_.set('deviceId', req.deviceId, req.body), pi)
-    .then(tx => {
-      if (tx.errorCode) {
-        logger.error(tx.error)
-        throw httpError(tx.error, 500)
-      }
-
-      return res.json(tx)
-    })
-    .catch(err => {
-      // 204 so that l-m can ignore the error
-      // this is fine because the request is polled and will be retried if needed.
-      if (err.code === dbErrorCodes.SERIALIZATION_FAILURE) {
-        logger.warn('Harmless DB conflict, the query will be retried.')
-        return res.status(204).json({})
-      }
-      if (err instanceof E.StaleTxError) return res.status(409).json({ errorType: 'stale' })
-      if (err instanceof E.RatchetError) return res.status(409).json({ errorType: 'ratchet' })
-
-      throw err
-    })
-    .catch(next)
-}
-
-function stateChange (req, res, next) {
-  helpers.stateChange(req.deviceId, req.deviceTime, req.body)
-    .then(() => respond(req, res))
-    .catch(next)
-}
-
-function verifyUser (req, res, next) {
-  const pi = plugins(req.settings, req.deviceId)
-  pi.verifyUser(req.body)
-    .then(idResult => respond(req, res, idResult))
-    .catch(next)
-}
-
-function verifyTx (req, res, next) {
-  const pi = plugins(req.settings, req.deviceId)
-  pi.verifyTransaction(req.body)
-    .then(idResult => respond(req, res, idResult))
-    .catch(next)
-}
-
-function verifyPromoCode (req, res, next) {
-  promoCodes.getPromoCode(req.body.codeInput)
-    .then(promoCode => {
-      if (!promoCode) return next()
-
-      const transaction = req.body.tx
-      const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
-      const tickerRate = BN(transaction.rawTickerPrice)
-      const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
-      const rates = {
-        [transaction.cryptoCode]: {
-          [transaction.direction]: (transaction.direction === 'cashIn')
-            ? tickerRate.mul(discount).round(5)
-            : tickerRate.div(discount).round(5)
-        }
-      }
-
-      respond(req, res, {
-        promoCode: promoCode,
-        newRates: rates
-      })
-    })
-    .catch(next)
-}
-
-function addOrUpdateCustomer (req) {
-  const customerData = req.body
-  const machineVersion = req.query.version
-  const triggers = configManager.getTriggers(req.settings.config)
-  const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
-  const maxDaysThreshold = complianceTriggers.maxDaysThreshold(triggers)
-
-  return customers.get(customerData.phone)
-    .then(customer => {
-      if (customer) return customer
-
-      return customers.add(req.body)
-    })
-    .then(customer => {
-      // BACKWARDS_COMPATIBILITY 7.5
-      // machines before 7.5 expect customer with sanctions result
-      const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
-      const shouldRunOfacCompat = !compatTriggers.sanctions && isOlderMachineVersion
-      if (!shouldRunOfacCompat) return customer
-
-      return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, customer)
-        .then(patch => {
-          if (_.isEmpty(patch)) return customer
-          return customers.update(customer.id, patch)
-        })
-    }).then(customer => {
-      return Tx.customerHistory(customer.id, maxDaysThreshold)
-        .then(result => {
-          customer.txHistory = result
-          return customer
-        })
-    })
-}
-
-function getCustomerWithPhoneCode (req, res, next) {
-  const pi = plugins(req.settings, req.deviceId)
-  const phone = req.body.phone
-
-  return pi.getPhoneCode(phone)
-    .then(code => {
-      return addOrUpdateCustomer(req)
-        .then(customer => respond(req, res, { code, customer }))
-    })
-    .catch(err => {
-      if (err.name === 'BadNumberError') throw httpError('Bad number', 401)
-      throw err
-    })
-    .catch(next)
-}
-
-function updateCustomer (req, res, next) {
-  const id = req.params.id
-  const machineVersion = req.query.version
-  const txId = req.query.txId
-  const patch = req.body
-  const triggers = configManager.getTriggers(req.settings.config)
-  const compatTriggers = complianceTriggers.getBackwardsCompatibleTriggers(triggers)
-
-  customers.getById(id)
-    .then(customer => {
-      if (!customer) { throw httpError('Not Found', 404) }
-
-      const mergedCustomer = _.merge(customer, patch)
-
-      // BACKWARDS_COMPATIBILITY 7.5
-      // machines before 7.5 expect customer with sanctions result
-      const isOlderMachineVersion = !machineVersion || semver.lt(machineVersion, '7.5.0-beta.0')
-
-      return Promise.resolve({})
-        .then(emptyObj => {
-          if (!isOlderMachineVersion) return Promise.resolve(emptyObj)
-          return compliance.validationPatch(req.deviceId, !!compatTriggers.sanctions, mergedCustomer)
-        })
-        .then(_.merge(patch))
-        .then(newPatch => customers.updatePhotoCard(id, newPatch))
-        .then(newPatch => customers.updateFrontCamera(id, newPatch))
-        .then(newPatch => customers.update(id, newPatch, null, txId))
-    })
-    .then(customer => respond(req, res, { customer }))
-    .catch(next)
-}
-
-function triggerSanctions (req, res, next) {
-  const id = req.params.id
-
-  customers.getById(id)
-    .then(customer => {
-      if (!customer) { throw httpError('Not Found', 404) }
-
-      return compliance.validationPatch(req.deviceId, true, customer)
-        .then(patch => customers.update(id, patch))
-
-    })
-    .then(customer => respond(req, res, { customer }))
-    .catch(next)
-}
-
-function triggerBlock (req, res, next) {
-  const id = req.params.id
-
-  customers.update(id, { authorizedOverride: 'blocked' })
-    .then(customer => {
-      notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'BLOCKED')
-      return respond(req, res, { customer })
-    })
-    .catch(next)
-}
-
-function triggerSuspend (req, res, next) {
-  const id = req.params.id
-  const triggerId = req.body.triggerId
-
-  const triggers = configManager.getTriggers(req.settings.config)
-  const getSuspendDays = _.compose(_.get('suspensionDays'), _.find(_.matches({ id: triggerId })))
-
-  const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)
-
-  const date = new Date()
-  date.setDate(date.getDate() + days);
-  customers.update(id, { suspendedUntil: date })
-    .then(customer => {
-      notifier.notifyIfActive('compliance', 'customerComplianceNotify', customer, req.deviceId, 'SUSPENDED', days)
-      return respond(req, res, { customer })
-    })
-    .catch(next)
-}
-
-function getLastSeen (req, res, next) {
-  const deviceId = req.deviceId
-  const timestamp = Date.now()
-  const shouldTrigger = !canGetLastSeenMap[deviceId] ||
-    timestamp - canGetLastSeenMap[deviceId] >= THROTTLE_LOGS_QUERY
-
-  if (shouldTrigger) {
-    canGetLastSeenMap[deviceId] = timestamp
-    return logs.getLastSeen(deviceId)
-      .then(r => res.json(r))
-      .catch(next)
-  }
-
-  return res.status(408).json({})
-}
-
-function updateLogs (req, res, next) {
-  return logs.update(req.deviceId, req.body.logs)
-    .then(status => res.json({ success: status }))
-    .catch(next)
-}
-
-function ca (req, res) {
-  const token = req.query.token
-
-  return pairing.authorizeCaDownload(token)
-    .then(ca => res.json({ ca }))
-    .catch(() => res.status(403).json({ error: 'forbidden' }))
-}
-
-function pair (req, res, next) {
-  const token = req.query.token
-  const deviceId = req.deviceId
-  const model = req.query.model
-
-  return pairing.pair(token, deviceId, model)
-    .then(valid => {
-      if (valid) {
-        return res.json({ status: 'paired' })
-      }
-
-      throw httpError('Pairing failed')
-    })
-    .catch(next)
-}
-
-function errorHandler (err, req, res, next) {
-  const statusCode = err.name === 'HTTPError'
-    ? err.code || 500
-    : 500
-
-  const json = { error: err.message }
-
-  if (statusCode >= 400) logger.error(err)
-
-  return res.status(statusCode).json(json)
-}
-
-function respond (req, res, _body, _status) {
-  const status = _status || 200
-  const body = _body || {}
-  const customer = _.getOr({ sanctions: true }, ['customer'], body)
-  // sanctions can be null for new customers so we can't use falsy checks
-  if (customer.sanctions === false) {
-    notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
-  }
-  return res.status(status).json(body)
-}
-
-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
-
-function filterOldRequests (req, res, next) {
-  const deviceTime = req.deviceTime
-  const deviceId = req.deviceId
-  const timestamp = Date.now()
-  const delta = timestamp - Date.parse(deviceTime)
-
-  const shouldTrigger = !canLogClockSkewMap[deviceId] ||
-    timestamp - canLogClockSkewMap[deviceId] >= THROTTLE_CLOCK_SKEW
-
-  if (delta > CLOCK_SKEW && shouldTrigger) {
-    canLogClockSkewMap[deviceId] = timestamp
-    logger.error('Clock skew with lamassu-machine[%s] too high [%ss], adjust lamassu-machine clock',
-      req.deviceName, (delta / 1000).toFixed(2))
-  }
-
-  if (delta > REQUEST_TTL) return res.status(408).json({ error: 'stale' })
-  next()
-}
-
-function authorize (req, res, next) {
-  const deviceId = req.deviceId
-
-  return pairing.isPaired(deviceId)
-    .then(deviceName => {
-      if (deviceName) {
-        req.deviceId = deviceId
-        req.deviceName = deviceName
-        return next()
-      }
-
-      return res.status(403).json({ error: 'Forbidden' })
-    })
-    .catch(next)
-}
-
-const skip = (req, res) => _.includes(req.path, ['/poll', '/state', '/logs']) && _.includes(res.statusCode, [200, 408])
+const bodyParser = require('body-parser')
+const compression = require('compression')
+const helmet = require('helmet')
+const morgan = require('morgan')
+const nocache = require('nocache')
+
+const authorize = require('./middlewares/authorize')
+const errorHandler = require('./middlewares/errorHandler')
+const filterOldRequests = require('./middlewares/filterOldRequests')
+const logger = require('./logger')
+const options = require('./options')
+const findOperatorId = require('./middlewares/operatorId')
+const populateDeviceId = require('./middlewares/populateDeviceId')
+const populateSettings = require('./middlewares/populateSettings')
+
+const customerRoutes = require('./routes/customerRoutes')
+const logsRoutes = require('./routes/logsRoutes')
+const rootRoutes = require('./routes/rootRoutes')
+const phoneCodeRoutes = require('./routes/phoneCodeRoutes')
+const pollingRoutes = require('./routes/pollingRoutes')
+const stateRoutes = require('./routes/stateRoutes')
+const termsAndConditionsRoutes = require('./routes/termsAndConditionsRoutes')
+const txRoutes = require('./routes/txRoutes')
+const verifyUserRoutes = require('./routes/verifyUserRoutes')
+const verifyTxRoutes = require('./routes/verifyTxRoutes')
+const verifyPromoCodeRoutes = require('./routes/verifyPromoCodeRoutes')
+
+const localAppRoutes = require('./routes/localAppRoutes')
+
+const app = express()
+const localApp = express()

 const configRequiredRoutes = [
  '/poll',
@ -493,168 +41,46 @@ const configRequiredRoutes = [
  '/tx',
  '/verify_promo_code'
 ]
+const devMode = argv.dev || options.http

-const app = express()
-const localApp = express()
-
+// middleware setup
 app.use(compression({ threshold: 500 }))
 app.use(helmet())
 app.use(nocache())
 app.use(bodyParser.json({ limit: '2mb' }))
 app.use(morgan(':method :url :status :response-time ms - :res[content-length]', { stream: logger.stream }))

-// These two have their own authorization
-app.post('/pair', populateDeviceId, pair)
-app.get('/ca', ca)
+// app /pair and /ca routes
+app.use('/', rootRoutes)

+app.use(findOperatorId)
 app.use(populateDeviceId)
 if (!devMode) app.use(authorize)
 app.use(configRequiredRoutes, populateSettings)
 app.use(filterOldRequests)

-app.get('/poll', poll)
-app.get('/terms_conditions', getTermsConditions)
-app.post('/state', stateChange)
+// other app routes
+app.use('/poll', pollingRoutes)
+app.use('/terms_conditions', termsAndConditionsRoutes)
+app.use('/state', stateRoutes)

-app.post('/verify_user', verifyUser)
-app.post('/verify_transaction', verifyTx)
-app.post('/verify_promo_code', verifyPromoCode)
+app.use('/verify_user', verifyUserRoutes)
+app.use('/verify_transaction', verifyTxRoutes)
+app.use('/verify_promo_code', verifyPromoCodeRoutes)

-app.post('/phone_code', getCustomerWithPhoneCode)
-app.patch('/customer/:id', updateCustomer)
-app.patch('/customer/:id/sanctions', triggerSanctions)
-app.patch('/customer/:id/block', triggerBlock)
-app.patch('/customer/:id/suspend', triggerSuspend)
+app.use('/phone_code', phoneCodeRoutes)
+app.use('/customer', customerRoutes)

-app.post('/tx', postTx)
-app.get('/tx/:id', getTx)
-app.get('/tx', getPhoneTx)
-app.get('/logs', getLastSeen)
-app.post('/logs', updateLogs)
+app.use('/tx', txRoutes)
+
+app.use('/logs', logsRoutes)

 app.use(errorHandler)
 app.use((req, res) => {
  res.status(404).json({ error: 'No such route' })
 })

-localApp.get('/pid', (req, res) => {
-  const deviceId = req.query.device_id
-  const pidRec = pids[deviceId]
-  res.json(pidRec)
-})
-
-localApp.post('/reboot', (req, res) => {
-  const deviceId = req.query.device_id
-  const pid = pids[deviceId] && pids[deviceId].pid
-
-  if (!deviceId || !pid) {
-    return res.sendStatus(400)
-  }
-
-  reboots[deviceId] = pid
-  res.sendStatus(200)
-})
-
-localApp.post('/shutdown', (req, res) => {
-  const deviceId = req.query.device_id
-  const pid = pids[deviceId] && pids[deviceId].pid
-
-  if (!deviceId || !pid) {
-    return res.sendStatus(400)
-  }
-
-  shutdowns[deviceId] = pid
-  res.sendStatus(200)
-})
-
-localApp.post('/restartServices', (req, res) => {
-  const deviceId = req.query.device_id
-  const pid = pids[deviceId] && pids[deviceId].pid
-
-  if (!deviceId || !pid) {
-    return res.sendStatus(400)
-  }
-
-  restartServicesMap[deviceId] = pid
-  res.sendStatus(200)
-})
-
-localApp.post('/dbChange', (req, res, next) => {
-  settingsCache.cache = null
-  return newSettingsLoader.loadLatest()
-    .then(poller.reload)
-    .then(() => logger.info('Config reloaded'))
-    .catch(err => {
-      logger.error(err)
-      res.sendStatus(500)
-    })
-})
-
-function sha256 (buf) {
-  const crypto = require('crypto')
-  const hash = crypto.createHash('sha256')
-
-  hash.update(buf)
-  return hash.digest('hex').toString('hex')
-}
-
-function populateDeviceId (req, res, next) {
-  const deviceId = _.isFunction(req.connection.getPeerCertificate)
-    ? sha256(req.connection.getPeerCertificate().raw)
-    : null
-
-  req.deviceId = deviceId
-  req.deviceTime = req.get('date')
-
-  next()
-}
-
-let oldVersionId = 'initial'
-
-function populateSettings (req, res, next) {
-  const versionId = req.headers['config-version']
-  if (versionId !== oldVersionId) {
-    oldVersionId = versionId
-  }
-
-  // Clear cache every hour
-  if (Date.now() - settingsCache.timestamp > SETTINGS_CACHE_REFRESH) {
-    settingsCache.cache = null
-  }
-
-  if (!versionId && settingsCache.cache) {
-    req.settings = settingsCache.cache
-    return next()
-  }
-
-  if (!versionId && !settingsCache.cache) {
-    return newSettingsLoader.loadLatest()
-      .then(settings => {
-        settingsCache.cache = settings
-        settingsCache.timestamp = Date.now()
-        req.settings = settings
-      })
-      .then(() => next())
-      .catch(next)
-  }
-
-  newSettingsLoader.load(versionId)
-    .then(settings => { req.settings = settings })
-    .then(() => helpers.updateDeviceConfigVersion(versionId))
-    .then(() => next())
-    .catch(next)
-}
-
-function createTerms (terms) {
-  if (!terms.active || !terms.text) return null
-
-  return {
-    active: terms.active,
-    title: terms.title,
-    text: nmd(terms.text),
-    accept: terms.acceptButtonText,
-    cancel: terms.cancelButtonText
-  }
-}
+// localapp routes
+localApp.use('/', localAppRoutes)

 module.exports = { app, localApp }
--- a/lib/routes/customerRoutes.js
+++ b/lib/routes/customerRoutes.js
@ -7,14 +7,7 @@ const compliance = require('../compliance')
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const customers = require('../customers')
-
-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
+const httpError = require('../route-helpers').httpError

 function updateCustomer (req, res, next) {
  const id = req.params.id
@ -54,10 +47,8 @@ function triggerSanctions (req, res, next) {
  customers.getById(id)
    .then(customer => {
      if (!customer) { throw httpError('Not Found', 404) }
-
      return compliance.validationPatch(req.deviceId, true, customer)
        .then(patch => customers.update(id, patch))
-
    })
    .then(customer => res.status(200).json({ customer }))
    .catch(next)
@ -81,7 +72,7 @@ function triggerSuspend (req, res, next) {
  const days = triggerId === 'no-ff-camera' ? 1 : getSuspendDays(triggers)

  const date = new Date()
-  date.setDate(date.getDate() + days);
+  date.setDate(date.getDate() + days)
  customers.update(id, { suspendedUntil: date })
    .then(customer => res.status(200).json({ customer }))
    .catch(next)
@ -92,4 +83,4 @@ router.patch('/:id/sanctions', triggerSanctions)
 router.patch('/:id/block', triggerBlock)
 router.patch('/:id/suspend', triggerSuspend)

-module.exports = router
+module.exports = router
--- a/lib/routes/localAppRoutes.js
+++ b/lib/routes/localAppRoutes.js
@ -1,10 +1,6 @@
 const express = require('express')
 const router = express.Router()

-const logger = require('../logger')
-const newSettingsLoader = require('../new-settings-loader')
-const poller = require('../poller')
-const settingsCache = require('../middlewares/settingsCache')
 const state = require('../middlewares/state')

 router.get('/pid', (req, res) => {
@ -49,15 +45,4 @@ router.post('/restartServices', (req, res) => {
  res.sendStatus(200)
 })

-router.post('/dbChange', (req, res, next) => {
-  settingsCache.clearCache()
-  return newSettingsLoader.loadLatest()
-    .then(poller.reload)
-    .then(() => logger.info('Config reloaded'))
-    .catch(err => {
-      logger.error(err)
-      res.sendStatus(500)
-    })
-})
-
-module.exports = router
+module.exports = router
--- a/lib/routes/logsRoutes.js
+++ b/lib/routes/logsRoutes.js
@ -1,6 +1,5 @@
 const express = require('express')
 const router = express.Router()
-const _ = require('lodash/fp')

 const state = require('../middlewares/state')
 const logs = require('../logs')
@ -32,4 +31,4 @@ function updateLogs (req, res, next) {
 router.get('/', getLastSeen)
 router.post('/', updateLogs)

-module.exports = router
+module.exports = router
--- a/lib/routes/ownAuthorizationRoutes.js
+++ b/lib/routes/ownAuthorizationRoutes.js
@ -1,11 +0,0 @@
-const express = require('express')
-const router = express.Router()
-
-const ca = require('../middlewares/ca')
-const pair = require('../middlewares/pair')
-const populateDeviceId = require('../middlewares/populateDeviceId')
-
-router.post('/pair', populateDeviceId, pair)
-router.get('/ca', ca)
-
-module.exports = router
--- a/lib/routes/phoneCodeRoutes.js
+++ b/lib/routes/phoneCodeRoutes.js
@ -7,6 +7,7 @@ const compliance = require('../compliance')
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const customers = require('../customers')
+const httpError = require('../route-helpers').httpError
 const plugins = require('../plugins')
 const Tx = require('../tx')

@ -44,14 +45,6 @@ function addOrUpdateCustomer (req) {
    })
 }

-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
-
 function getCustomerWithPhoneCode (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)
  const phone = req.body.phone
@ -70,4 +63,4 @@ function getCustomerWithPhoneCode (req, res, next) {

 router.post('/', getCustomerWithPhoneCode)

-module.exports = router
+module.exports = router
--- a/lib/routes/pollingRoutes.js
+++ b/lib/routes/pollingRoutes.js
@ -1,7 +1,9 @@
 const express = require('express')
-const router = express.Router()
+const nmd = require('nano-markdown')
 const _ = require('lodash/fp')

+const router = express.Router()
+
 const complianceTriggers = require('../compliance-triggers')
 const configManager = require('../new-config-manager')
 const plugins = require('../plugins')
@ -13,17 +15,13 @@ function checkHasLightning (settings) {
  return configManager.getWalletSettings('BTC', settings.config).layer2 !== 'no-layer2'
 }

-function createTerms (terms) {
-  if (!terms.active || !terms.text) return null
-
-  return {
-    active: terms.active,
-    title: terms.title,
-    text: nmd(terms.text),
-    accept: terms.acceptButtonText,
-    cancel: terms.cancelButtonText
-  }
-}
+const createTerms = terms => (terms.active && terms.text) ? ({
+  active: terms.active,
+  title: terms.title,
+  text: nmd(terms.text),
+  accept: terms.acceptButtonText,
+  cancel: terms.cancelButtonText
+}) : null

 function poll (req, res, next) {
  const machineVersion = req.query.version
@ -109,4 +107,4 @@ function poll (req, res, next) {

 router.get('/', poll)

-module.exports = router
+module.exports = router
--- a/lib/routes/rootRoutes.js
+++ b/lib/routes/rootRoutes.js
@ -0,0 +1,25 @@
+const express = require('express')
+const router = express.Router()
+
+const ca = require('../middlewares/ca')
+const httpError = require('../route-helpers').httpError
+const pairing = require('../pairing')
+const populateDeviceId = require('../middlewares/populateDeviceId')
+
+function pair (req, res, next) {
+  const token = req.query.token
+  const deviceId = req.deviceId
+  const model = req.query.model
+
+  return pairing.pair(token, deviceId, model)
+    .then(isValid => {
+      if (isValid) return res.json({ status: 'paired' })
+      throw httpError('Pairing failed')
+    })
+    .catch(next)
+}
+
+router.post('/pair', populateDeviceId, pair)
+router.get('/ca', ca)
+
+module.exports = router
--- a/lib/routes/stateRoutes.js
+++ b/lib/routes/stateRoutes.js
@ -11,4 +11,4 @@ function stateChange (req, res, next) {

 router.post('/', stateChange)

-module.exports = router
+module.exports = router
--- a/lib/routes/termsAndConditionsRoutes.js
+++ b/lib/routes/termsAndConditionsRoutes.js
@ -1,20 +1,18 @@
 const express = require('express')
+const nmd = require('nano-markdown')
+
 const router = express.Router()

 const configManager = require('../new-config-manager')
 const plugins = require('../plugins')

-function createTerms (terms) {
-  if (!terms.active || !terms.text) return null
-
-  return {
-    active: terms.active,
-    title: terms.title,
-    text: nmd(terms.text),
-    accept: terms.acceptButtonText,
-    cancel: terms.cancelButtonText
-  }
-}
+const createTerms = terms => (terms.active && terms.text) ? ({
+  active: terms.active,
+  title: terms.title,
+  text: nmd(terms.text),
+  accept: terms.acceptButtonText,
+  cancel: terms.cancelButtonText
+}) : null

 function getTermsConditions (req, res, next) {
  const deviceId = req.deviceId
@ -32,4 +30,4 @@ function getTermsConditions (req, res, next) {

 router.get('/', getTermsConditions)

-module.exports = router
+module.exports = router
--- a/lib/routes/txRoutes.js
+++ b/lib/routes/txRoutes.js
@ -3,19 +3,13 @@ const router = express.Router()
 const _ = require('lodash/fp')

 const dbErrorCodes = require('../db-error-codes')
+const E = require('../error')
 const helpers = require('../route-helpers')
+const httpError = require('../route-helpers').httpError
 const logger = require('../logger')
 const plugins = require('../plugins')
 const Tx = require('../tx')

-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
-
 function postTx (req, res, next) {
  const pi = plugins(req.settings, req.deviceId)

@ -67,4 +61,4 @@ router.post('/', postTx)
 router.get('/:id', getTx)
 router.get('/', getPhoneTx)

-module.exports = router
+module.exports = router
--- a/lib/routes/verifyPromoCodeRoutes.js
+++ b/lib/routes/verifyPromoCodeRoutes.js
@ -0,0 +1,49 @@
+const express = require('express')
+const router = express.Router()
+const _ = require('lodash/fp')
+
+const BN = require('../bn')
+const commissionMath = require('../commission-math')
+const configManager = require('../new-config-manager')
+const notifier = require('../notifier')
+const promoCodes = require('../promo-codes')
+
+function respond (req, res, _body, _status) {
+  const status = _status || 200
+  const body = _body || {}
+  const customer = _.getOr({ sanctions: true }, ['customer'], body)
+  // sanctions can be null for new customers so we can't use falsy checks
+  if (customer.sanctions === false) {
+    notifier.notifyIfActive('compliance', 'sanctionsNotify', customer, req.body.phone)
+  }
+  return res.status(status).json(body)
+}
+
+function verifyPromoCode (req, res, next) {
+  promoCodes.getPromoCode(req.body.codeInput)
+    .then(promoCode => {
+      if (!promoCode) return next()
+
+      const transaction = req.body.tx
+      const commissions = configManager.getCommissions(transaction.cryptoCode, req.deviceId, req.settings.config)
+      const tickerRate = BN(transaction.rawTickerPrice)
+      const discount = commissionMath.getDiscountRate(promoCode.discount, commissions[transaction.direction])
+      const rates = {
+        [transaction.cryptoCode]: {
+          [transaction.direction]: (transaction.direction === 'cashIn')
+            ? tickerRate.mul(discount).round(5)
+            : tickerRate.div(discount).round(5)
+        }
+      }
+
+      respond(req, res, {
+        promoCode: promoCode,
+        newRates: rates
+      })
+    })
+    .catch(next)
+}
+
+router.post('/', verifyPromoCode)
+
+module.exports = router
--- a/lib/routes/verifyTxRoutes.js
+++ b/lib/routes/verifyTxRoutes.js
@ -12,4 +12,4 @@ function verifyTx (req, res, next) {

 router.post('/', verifyTx)

-module.exports = router
+module.exports = router
--- a/lib/routes/verifyUserRoutes.js
+++ b/lib/routes/verifyUserRoutes.js
@ -12,4 +12,4 @@ function verifyUser (req, res, next) {

 router.post('/', verifyUser)

-module.exports = router
+module.exports = router
--- a/lib/wallet.js
+++ b/lib/wallet.js
@ -10,22 +10,15 @@ const mnemonicHelpers = require('./mnemonic-helpers')
 const options = require('./options')
 const ph = require('./plugin-helper')
 const layer2 = require('./layer2')
+const httpError = require('./route-helpers').httpError

 const FETCH_INTERVAL = 5000
 const INSUFFICIENT_FUNDS_CODE = 570
 const INSUFFICIENT_FUNDS_NAME = 'InsufficientFunds'
 const ZERO_CONF_EXPIRATION = 60000

-function httpError (msg, code) {
-  const err = new Error(msg)
-  err.name = 'HTTPError'
-  err.code = code || 500
-
-  return err
-}
-
 function computeSeed (masterSeed) {
-  return hkdf(masterSeed, 32, {salt: 'lamassu-server-salt', info: 'wallet-seed'})
+  return hkdf(masterSeed, 32, { salt: 'lamassu-server-salt', info: 'wallet-seed' })
 }

 function fetchWallet (settings, cryptoCode) {