[CP] AIT1 flow updates

Closes: aptos-labs#849

ecosystem/platform/server/.env.example

@@ -7,7 +7,6 @@ GITHUB_CLIENT_ID=
 GITHUB_CLIENT_SECRET=
 
 # PG DB connection
-RAILS_MAX_THREADS=5
 COMMUNITY_DB_USER=
 COMMUNITY_DB_PASS=
 COMMUNITY_DB_HOST=localhost
@@ -24,10 +23,18 @@ RECAPTCHA_SECRET_KEY=
 GOOGLE_ANALYTICS_ID="G-CWW2TW4HSD"
 
 RAILS_ENV=development
+RAILS_MAX_THREADS=5
+
+# MAXMIND account info
+MAXMIND_ACCOUNT_ID=
+MAXMIND_LICENSE_KEY=
 
 SECRET_KEY_BASE=18ff7d41b9da02d394434e2eb140611516707334b7d7a7e15cf8b567061f30e9400a82e61aa772b9e6ccb72853932769d03bbbb9d78f62333c8f7adb95cc727d
 
 # Mailchimp emails
 SMTP_HOST=smtp.mandrillapp.com
 SMTP_PORT=587
 MAILCHIMP_API_KEY=
+
+# Sentry
+SENTRY_DSN=

ecosystem/platform/server/.rubocop.yml

@@ -2,10 +2,10 @@ AllCops:
   NewCops: enable
 
 Metrics/MethodLength:
-  Max: 50
+  Enabled: false
 
 Metrics/BlockLength:
-  Max: 80
+  Enabled: false
 
 Metrics/CyclomaticComplexity:
   Max: 12

ecosystem/platform/server/Gemfile

@@ -63,18 +63,32 @@ gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false
 
+gem 'httparty'
+
 # Use Sass to process CSS
 gem 'sassc-rails'
 
+# IP -> GEO via MaxMind
+gem 'maxmind-geoip2'
+
+# Postgresql backed DelayedJob
+gem 'delayed'
+
 # mailchimp
 # https://github.com/mailchimp/mailchimp-transactional-ruby/
 gem 'MailchimpTransactional'
 
+gem 'recaptcha', '~> 5.10'
+
 # Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
 # gem "image_processing", "~> 1.2"
 
 gem 'tailwindcss-rails', '~> 2.0'
 
+# Monitoring
+gem 'sentry-rails'
+gem 'sentry-ruby'
+
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem 'debug', platforms: %i[mri mingw x64_mingw]
@@ -109,5 +123,3 @@ group :test do
   gem 'selenium-webdriver'
   gem 'webdrivers'
 end
-
-gem 'recaptcha', '~> 5.10'

ecosystem/platform/server/Gemfile.lock

@@ -102,6 +102,7 @@ GEM
       xpath (~> 3.2)
     childprocess (4.1.0)
     concurrent-ruby (1.1.10)
+    connection_pool (2.2.5)
     crass (1.0.6)
     database_cleaner (2.0.1)
       database_cleaner-active_record (~> 2.0.0)
@@ -112,6 +113,9 @@ GEM
     debug (1.5.0)
       irb (>= 1.3.6)
       reline (>= 0.2.7)
+    delayed (0.4.0)
+      activerecord (>= 5.2)
+      concurrent-ruby
     devise (4.8.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -120,6 +124,8 @@ GEM
       warden (~> 1.2.3)
     diff-lcs (1.5.0)
     digest (3.1.0)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     dotenv (2.7.6)
     dotenv-rails (2.7.6)
       dotenv (= 2.7.6)
@@ -138,6 +144,9 @@ GEM
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (2.0.2)
     ffi (1.15.5)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
     formtastic (4.0.0)
       actionpack (>= 5.2.0)
     formtastic_i18n (0.7.0)
@@ -147,6 +156,17 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
     hashie (5.0.0)
+    http (5.0.4)
+      addressable (~> 2.8)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.2)
+      llhttp-ffi (~> 0.4.0)
+    http-cookie (1.0.4)
+      domain_name (~> 0.5)
+    http-form_data (2.3.0)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     importmap-rails (1.0.3)
@@ -181,14 +201,25 @@ GEM
       activerecord
       kaminari-core (= 1.2.2)
     kaminari-core (1.2.2)
+    llhttp-ffi (0.4.0)
+      ffi-compiler (~> 1.0)
+      rake (~> 13.0)
     loofah (2.17.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.2)
     matrix (0.4.2)
+    maxmind-db (1.1.1)
+    maxmind-geoip2 (1.1.0)
+      connection_pool (~> 2.2)
+      http (>= 4.3, < 6.0)
+      maxmind-db (~> 1.1)
     method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
     mini_mime (1.1.2)
     minitest (5.15.0)
     msgpack (1.5.1)
@@ -343,6 +374,14 @@ GEM
       childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2)
+    sentry-rails (5.3.0)
+      railties (>= 5.0)
+      sentry-ruby-core (~> 5.3.0)
+    sentry-ruby (5.3.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      sentry-ruby-core (= 5.3.0)
+    sentry-ruby-core (5.3.0)
+      concurrent-ruby
     sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -367,6 +406,9 @@ GEM
       railties (>= 6.0.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.8.1)
     unicode-display_width (2.1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
@@ -400,13 +442,16 @@ DEPENDENCIES
   capybara
   database_cleaner
   debug
+  delayed
   devise
   dotenv-rails
   factory_bot_rails
   faker
+  httparty
   importmap-rails
   jbuilder
   kaminari
+  maxmind-geoip2
   omniauth
   omniauth-discord
   omniauth-github
@@ -422,6 +467,8 @@ DEPENDENCIES
   rubocop-rails
   sassc-rails
   selenium-webdriver
+  sentry-rails
+  sentry-ruby
   sprockets-rails
   stimulus-rails
   tailwindcss-rails (~> 2.0)

ecosystem/platform/server/README.md

@@ -1,24 +1,19 @@
-# README
+# Community Platform
 
-This README would normally document whatever steps are necessary to get the
-application up and running.
+### Run Server
 
-Things you may want to cover:
+```bash
+bundle exec rails s
+```
 
-* Ruby version
+### Run Tailwind Recompile Watcher
 
-* System dependencies
+```bash
+bundle exec rails tailwindcss:watch
+```
 
-* Configuration
+### Run Mailcatcher
 
-* Database creation
-
-* Database initialization
-
-* How to run the test suite
-
-* Services (job queues, cache servers, search engines, etc.)
-
-* Deployment instructions
-
-* ...
+```bash
+docker run -p 1080:1080 -p 1025:1025 stpaquet/alpinemailcatcher:latest
+```

ecosystem/platform/server/app/assets/config/manifest.js

@@ -7,4 +7,3 @@
 //= link_directory ../stylesheets .css
 //= link_tree ../../javascript .js
 //= link_tree ../../../vendor/javascript .js
-//= link_tree ../builds

ecosystem/platform/server/app/controllers/application_controller.rb

@@ -28,4 +28,8 @@ def after_sign_in_path_for(user)
   def admin_access_denied(_exception)
     head :forbidden
   end
+
+  def ensure_confirmed!
+    redirect_to onboarding_email_path unless current_user.confirmed?
+  end
 end

ecosystem/platform/server/app/controllers/it1_profiles_controller.rb

@@ -5,10 +5,15 @@
 class It1ProfilesController < ApplicationController
   before_action :authenticate_user!
   before_action :set_it1_profile, only: %i[show edit update destroy]
+  respond_to :html
+
+  def show
+    redirect_to edit_it1_profile_path(params.fetch(:id))
+  end
 
   # GET /it1_profiles/new
   def new
-    redirect_to overview_index_path if current_user.it1_profile.present?
+    redirect_to edit_it1_profile_path(current_user.it1_profile) if current_user.it1_profile.present?
     @it1_profile = It1Profile.new
   end
 
@@ -21,24 +26,76 @@ def create
     params[:user] = current_user
     @it1_profile = It1Profile.new(params)
 
-    if verify_recaptcha(model: @it1_profile) && @it1_profile.save
-      redirect_to overview_index_path, notice: 'IT1 application was successfully created.'
+    respond_with(@it1_profile) and return unless verify_recaptcha(model: @it1_profile)
+
+    v = NodeHelper::NodeVerifier.new(@it1_profile.validator_address, @it1_profile.validator_metrics_port,
+                                     @it1_profile.validator_api_port)
+
+    if v.ip.ok
+      @it1_profile.validator_ip = v.ip.ip
     else
-      render :new, status: :unprocessable_entity
+      @it1_profile.errors.add :validator_address, v.ip.message
+      respond_with(@it1_profile) and return
     end
+
+    if @it1_profile.save
+      validate_node(v, do_location: true)
+      if @it1_profile.validator_verified?
+        redirect_to it1_path, notice: 'AIT1 application completed successfully: your node is verified!'
+      end
+    end
+    respond_with(@it1_profile)
   end
 
   # PATCH/PUT /it1_profiles/1 or /it1_profiles/1.json
   def update
-    if verify_recaptcha(model: @it1_profile) && @it1_profile.update(it1_profile_params)
-      redirect_to overview_index_path, notice: 'IT1 application was successfully updated.'
+    v = NodeHelper::NodeVerifier.new(it1_profile_params[:validator_address],
+                                     it1_profile_params[:validator_metrics_port],
+                                     it1_profile_params[:validator_api_port])
+
+    respond_with(@it1_profile) and return unless verify_recaptcha(model: @it1_profile)
+
+    if v.ip.ok
+      @it1_profile.validator_ip = v.ip.ip
     else
-      render :edit, status: :unprocessable_entity
+      @it1_profile.errors.add :validator_address, v.ip.message
+      respond_with(@it1_profile) and return
     end
+
+    ip_changed = @it1_profile.validator_ip_changed?
+    if @it1_profile.update(it1_profile_params)
+      if @it1_profile.validator_verified? && !@it1_profile.needs_revalidation?
+        redirect_to it1_path,
+                    notice: 'AIT1 node information updated' and return
+      end
+
+      validate_node(v, do_location: ip_changed)
+      if @it1_profile.validator_verified?
+        redirect_to it1_path, notice: 'AIT1 node verification completed successfully!' and return
+      end
+    end
+    respond_with(@it1_profile)
   end
 
   private
 
+  # @param [NodeHelper::NodeVerifier] node_verifier
+  # @return [Array<VerifyResult>]
+  def validate_node(node_verifier, do_location: false)
+    results = node_verifier.verify
+
+    # Save without validation to avoid needless uniqueness checks
+    is_valid = results.map(&:valid).all?
+    @it1_profile.update_attribute(:validator_verified, is_valid)
+
+    LocationJob.perform_later({ it1_profile_id: @it1_profile.id }) if is_valid && do_location
+
+    results.each do |result|
+      @it1_profile.errors.add :base, result.message unless result.valid
+    end
+    results
+  end
+
   # Use callbacks to share common setup or constraints between actions.
   def set_it1_profile
     @it1_profile = It1Profile.find(params[:id])
@@ -48,6 +105,7 @@ def set_it1_profile
   # Only allow a list of trusted parameters through.
   def it1_profile_params
     params.fetch(:it1_profile, {}).permit(:consensus_key, :account_key, :network_key, :validator_address,
-                                          :validator_port, :metrics_port, :fullnode_address, :fullnode_port, :terms)
+                                          :validator_port, :validator_api_port, :validator_metrics_port,
+                                          :fullnode_address, :fullnode_port, :terms_accepted)
   end
 end

ecosystem/platform/server/app/controllers/onboarding_controller.rb

@@ -3,15 +3,18 @@
 # frozen_string_literal: true
 
 class OnboardingController < ApplicationController
+  before_action :authenticate_user!
   before_action :set_oauth_data
 
   def email; end
 
   def email_update
-    email_params = params.require(:user).permit(:email)
+    return redirect_to overview_index_path if current_user.confirmed?
+
+    email_params = params.require(:user).permit(:email, :username)
     if verify_recaptcha(model: current_user) && current_user.update(email_params)
       current_user.send_confirmation_instructions
-      redirect_to overview_index_path
+      redirect_to onboarding_email_path, notice: "Verification email sent to #{email_params[:email]}"
     else
       render :email, status: :unprocessable_entity
     end