feat(incoming-payment): make it actionable (#2827)

* feat(backend): incoming paymentm igrations approved or canceled fields

This change will add two new table columns in the incomingPayments table on the backend service. ASE
will be able to call cancel or approve incoming payment GraphQL API, and the timestamp of the call
will be save in the database under these two fields. Normally, both of these two fields are
optional.

* feat(incoming-payment): option to approve incoming payment

This commit introduces possibility, to approve incoming payment through Admin API. API can be called
with existing incoming payment as ID. Rafiki will fetch the incoming payment and update it's
approvedAt field in the database. In case that payment does not exists or that it is not in the
PENDING state, appropriate error is returned.

#2811

* chore(graphql): generate new graphql fiels for dependencies

#2811

* feat(incoming-payment): possibility to cancel incoming payment

It will be possible to cancel incoming payment due to some requirements. Rafiki just need to get a
call to cancel incoming payment, with the payment ID. If transaction is in PENDING state and it is
in the database, then it will get updated. It's cancelledAt field will be set  to current time.

#2811

* chore(graphql): generate new graphql fiels for dependencies due to cancel incoming payment API

#2811

* feat(config): backend to introduce env variables for actionable incoming payments

Introduced three new env variables that will set the behaviour of actionable incoming payments. One
env variable will define if polling will be done, meaning that it will wait for the incoming payment
to be accepted or rejected, and other two env variables defines timeout for polling and polling
frequency

* fix(config): pool vs poll typo

* feat(incoming-payment): poll incoming payment

* feat(incoming-payment): new error code + linting

* test(incoming-payment): check approvedAt and cancelledAt

* docs(bruno): approve and cancel incoming payment

* Update packages/backend/src/open_payments/payment/incoming/service.test.ts

Co-authored-by: Max Kurapov <max@interledger.org>

* feat(incoming-payment): error log

* refactor(dependencies): axios to 1.7.4

Our builds are failing due to Trivy scanner. Trivy scanner actually found that our Axios version
v1.6.8 has a vulnerability - CVE-2024-39338. This was fixed in version 1.7.4, hence, the upgrade.

fix #2860

* fix(incoming-payment): add log if ip is not approved or cancelled

* fix(incoming-payment): check other fields before approving or cancelling incoming payment

* test(incoming-payment): add additional tests

* feat(incoming-payment): new error code

* feat(bruno): update approve and cancel ip

* feat(incoming-payment): lint + add missing resolvers

---------

Co-authored-by: Max Kurapov <max@interledger.org>

bruno/collections/Rafiki/Rafiki Admin APIs/Approve Incoming Payment.bru

@@ -0,0 +1,35 @@
+meta {
+  name: Approve Incoming Payment
+  type: graphql
+  seq: 47
+}
+
+post {
+  url: {{PeerGraphqlHost}}/graphql
+  body: graphql
+  auth: none
+}
+
+body:graphql {
+  mutation ApproveIncomingPayment($input: ApproveIncomingPaymentInput!) {
+  	approveIncomingPayment(input:$input) {
+      payment {
+        id
+      }
+    }
+  }
+}
+
+body:graphql:vars {
+  {
+    "input": {
+      "id": "{{incomingPaymentId}}"
+    }
+  }
+}
+
+script:pre-request {
+  const scripts = require('./scripts');
+
+  scripts.addApiSignatureHeader();
+}

bruno/collections/Rafiki/Rafiki Admin APIs/Cancel Incoming Payment.bru

@@ -0,0 +1,36 @@
+meta {
+  name: Cancel Incoming Payment
+  type: graphql
+  seq: 48
+}
+
+post {
+  url: {{PeerGraphqlHost}}/graphql
+  body: graphql
+  auth: none
+}
+
+body:graphql {
+  mutation CancelIncomingPayment($input: CancelIncomingPaymentInput!) {
+    cancelIncomingPayment(input: $input) {
+      payment {
+        id
+      }
+    }
+  }
+
+}
+
+body:graphql:vars {
+  {
+    "input": {
+      "id": "{{incomingPaymentId}}"
+    }
+  }
+}
+
+script:pre-request {
+  const scripts = require('./scripts');
+
+  scripts.addApiSignatureHeader();
+}

packages/backend/migrations/20240729210134_incoming_payment_cancel_approved_timestamp.js

@@ -0,0 +1,21 @@
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = function (knex) {
+  return knex.schema.alterTable('incomingPayments', (table) => {
+    table.timestamp('approvedAt').nullable()
+    table.timestamp('cancelledAt').nullable()
+  })
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = function (knex) {
+  return knex.schema.alterTable('incomingPayments', (table) => {
+    table.dropColumn('approvedAt')
+    table.dropColumn('cancelledAt')
+  })
+}

packages/backend/src/config/app.ts

@@ -132,6 +132,18 @@ export const Config = {
 
   incomingPaymentWorkers: envInt('INCOMING_PAYMENT_WORKERS', 1),
   incomingPaymentWorkerIdle: envInt('INCOMING_PAYMENT_WORKER_IDLE', 200), // milliseconds
+  pollIncomingPaymentCreatedWebhook: envBool(
+    'POLL_INCOMING_PAYMENT_CREATED_WEBHOOK',
+    false
+  ),
+  incomingPaymentCreatedPollTimeout: envInt(
+    'INCOMING_PAYMENT_CREATED_POLL_TIMEOUT_MS',
+    10000
+  ), // milliseconds
+  incomingPaymentCreatedPollFrequency: envInt(
+    'INCOMING_PAYMENT_CREATED_POLL_FREQUENCY_MS',
+    1000
+  ), // milliseconds
 
   webhookWorkers: envInt('WEBHOOK_WORKERS', 1),
   webhookWorkerIdle: envInt('WEBHOOK_WORKER_IDLE', 200), // milliseconds

packages/backend/src/graphql/errors/index.ts

@@ -5,5 +5,6 @@ export enum GraphQLErrorCode {
   Inactive = 'INACTIVE',
   InternalServerError = 'INTERNAL_SERVER_ERROR',
   NotFound = 'NOT_FOUND',
-  Conflict = 'CONFLICT'
+  Conflict = 'CONFLICT',
+  Timeout = 'TIMEOUT'
 }