Registry

Registry

The Registry class provides the interface between the API server and the Account module. This class defines the methods and interfaces responsible for new account registration, login authentication, profile updates and account deletion/undeletion requests.

  • See Create() to understand signup logic.
  • See Retrieve() to understand login logic.
  • See Modify() to understand update profile logic.
  • See Remove() to understand account deletion logic.

In addition to these functionalities, the Registry class also defines several utility methods that carry out key responsibilities. DidSendOTP() and HasVerified() ensure smooth OTP-based verification. While DidResetPassword() carries out the seemingly straightforward but actually quite complex task of resetting a user's password.

Constructor

new Registry(db, messaging)

A Registry instance needs access to the messaging API and database for proper functioning. This constructor initialises an instance with fully-configured Messaging and Mongo.Db instances.

Parameters:
Name Type Description
db Mongo.Db

A MongoDB database instance
messaging Messaging

A Messaging instance as defined in `@magic.batua/messaging` package.
Source:

Methods

Create(input)

Registers a new Magic Batua account and returns a stringified version of the new Account object. The registration process is as follows:

  1. Initialise a new Account object using the given input.
  2. Check for duplicate account
  3. Send a verification SMS
  4. If an inviteCode is provided in the input query, find the referrer.
    • Add a new referral to the referrer account and award them Magic Points for a referral.
  5. Issue Magic Points to the new account.
  6. Write the account to the database.
Parameters:
Name Type Description
input SignupQuery

See index.ts for definition of SignupQuery.
Source:
Returns:

A stringified version of the Account object

Example
let registry = new Registry(...)
 registry.Create({
     name: "Godzilla"
     phone: 1234567890,
     email: "god@zilla.com",
     password: "Password",
     inviteCode: "BigInJapan"  // Optional
 })

DidResetPassword(phone, newPass, pin)

Before a user can submit a reset password request, they need to verify their identity via a one-time pin sent to their registered mobile number. This method expects that pin as well as the newPassword as the input.

If OTP-verification succeeds, the newPassword is salted using a new randomly generated salt and then hashed before being stored in the database. So in effect, this method resets both the salt and the password.

If OTP-verification fails, password is not reset and an error is thrown instead.

Parameters:
Name Type Description
phone string

Registered mobile number
newPass string

New password
pin pin

OTP sent during verification
Source:
Returns:

true if password reset is successful, otherwise throws an error.

DidSendOTP(phone)

Generates a random one-time verification pin and sends it to the given phone number. The method is designed such that if the phone number is not registered with us, the method will throw an error and refuse to send the SMS.

This could be problematic in some cases, so if a solid reason can be found to remove this caveat, you should edit out the part of code in the beginning of the method.

Parameters:
Name Type Description
phone string

A mobile number registered with us.
Source:
Returns:

true if the SMS was sent successfully, otherwise throws an error.

HasVerified(phone, pin)

Marks an account as verified if the given pin matches the one sent to the account's registered mobile number.

Parameters:
Name Type Description
phone string

Registered mobile number
pin number

OTP sent for verification
Source:
Returns:

true if verification is successful, otherwise throws an error.

IsDuplicate(input)

Checks whether the given account parameters already exists in our records. Used to prevent duplicate registrations.

Parameters:
Name Type Description
input SignupQuery

See index.ts for definition of SignupQuery.
Source:

Modify(id, query)

Modifies profile information for the given account _id as instructed by the query parameter. At the time of writing, only email, phone and name could be updated. For changing/resetting password, use DidResetPassword() instead.

This method doesn't perform validation on input data. So you could very well set the phone as "0000" and it wouldn't bat an eye. This should be improved in the next version..

Parameters:
Name Type Description
id string

Magic Batua user _id
query any

Key-value pairs to be updated
Source:
Example
let registry = new Registry(...)
 registry.Modify("abcdefgh", {
     phone: "1234567890",
     name: "Godzilla"
 })

Remove(id)

Puts the account with ID _id under a 14-day deletion hold. If the account owner doesn't logs into their account within this 14-day period, the account is permanently soft-deleted and can't be recovered.

If a user does log in within the 14-day window, the deletion hold is lifted and the account is restored back to normal. See Retrieve() for the logic that removes the deletion hold.

Parameters:
Name Type Description
id string

_id of the user to be deleted
Source:

Retrieve(query)

Returns a stringified version of the Account object that matches the given query. If the account requested had been marked for deletion earlier, and account recoverBy date is in the future, the deletion hold on the account is lifted and the account is restored to its former glory.

There is no separate function to lift the deletion hold on an account. After requesting a deletion, a user has 14 days to cancel it by logging back into their account. After the 14th day, the account is soft-deleted and can't be recovered.

Parameters:
Name Type Description
query LoginQuery

See index.ts for definition of LoginQuery
Source:
Returns:

A stringified Account object

Example
let registry = new Registry(...)
 registry.Retrieve({
     phone: "1234567890",
     password: "Godzilla"
 })