Refactor new meter creation code.

Author: dlongley

lib/config.js

@@ -1,5 +1,5 @@
 /*!
- * Copyright (c) 2019-2023 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2019-2026 Digital Bazaar, Inc. All rights reserved.
  */
 import {config} from '@bedrock/core';
 import {fileURLToPath} from 'node:url';
@@ -21,4 +21,16 @@ cfg.routes = {
 
 cfg.autoLoginNewAccounts = false;
 
+cfg.accountPolicies = {
+  /*
+  "<accountId>": {
+    "meters": {
+      "<policyAction, e.g., `create`>": {
+        "<productId>": true|false
+      }
+    }
+  }
+  */
+};
+
 config.validation.schema.paths.push(path.join(__dirname, '..', 'schemas'));

lib/handlers.js

@@ -7,15 +7,16 @@ import assert from 'assert-plus';
 const {util: {BedrockError}} = bedrock;
 
 const HANDLERS = {
-  // this handler must be called when creating a new meter
-  createMeter: null,
+  /**
+   * @function createMeter
+   * @param {object} options - The meter creation options.
+   * @param {object} options.meter - The meter to create.
+   * @description Called to create a meter after a meter policy check has
+   * been passed.
+   */
+  createMeter: null
 };
 
-/* The createMeter is an optional handler for now. */
-// bedrock.events.on('bedrock.start', async () => {
-//   _checkHandlerSet({name: 'createMeter', handler: HANDLERS.createMeter});
-// });
-
 export function setCreateMeterHandler({handler} = {}) {
   assert.func(handler, 'handler');
   _checkHandlerNotSet({name: 'createMeter', handler: HANDLERS.createMeter});
@@ -25,19 +26,13 @@ export function setCreateMeterHandler({handler} = {}) {
 // expose HANDLERS for testing and internal use only
 export const _HANDLERS = HANDLERS;
 
-// function _checkHandlerSet({name, handler}) {
-//   if(!handler) {
-//     throw new BedrockError(
-//       'Account HTTP handler not set.',
-//       'InvalidStateError', {name});
-//   }
-// }
-
 function _checkHandlerNotSet({name, handler}) {
   // can only set handlers once
   if(handler) {
     throw new BedrockError(
-      'Account HTTP handler already set.',
-      'DuplicateError', {name});
+      `Account HTTP handler "${name}" already set.`, {
+        name: 'DuplicateError',
+        details: {name}
+      });
   }
 }

lib/http.js

@@ -38,53 +38,29 @@ bedrock.events.on('bedrock-express.configure.routes', app => {
     ensureAuthenticated,
     createValidateMiddleware({bodySchema: validators.createMeter()}),
     asyncHandler(async (req, res) => {
-      /**
-       * @function createMeter
-       * @param {object} req - The request.
-       * @param {object} res - The response.
-       * @param {object} req.body - The request body.
-       * @param {string} req.body.meter - Meter to create.
-       * @param {string} req.user.account.id - User account ID.
-       * @description Check if the request user's account ID is in a list of
-       * meter creation policies. If account ID is found pass meter to create
-       * meter handler and return the result.
-       */
       if(!HANDLERS.createMeter) {
         throw new BedrockError(
-          'Missing required createMeter handler.', 'NotFoundError', {
-            httpStatusCode: 404,
-            public: true,
+          'Meter creation not supported.', {
+            name: 'NotSupportedError',
+            details: {httpStatusCode: 400, public: true}
           });
       }
 
       const meter = req.body.meter;
       const productId = meter.product.id;
       const accountId = req.user.account.id;
-      const accountPolicies = cfg.meterCreationPolicies[accountId];
-      const missingPolicy = !(accountPolicies && accountPolicies.create);
+      const accountPolicy = cfg.accountPolicies[accountId];
+      const productAllowed = accountPolicy?.meters?.create?.[productId];
 
-      // check for account meter creation policy
-      if(missingPolicy) {
+      if(!productAllowed) {
         throw new BedrockError(
-          `Meter creation policy does not include account ID: ${accountId}`,
-          'NotAllowedError', {
-            httpStatusCode: 403,
-            public: true,
+          `Creation of a meter for product "${productId}" by account ` +
+          `"${accountId}" is not allowed.`, {
+            name: 'NotAllowedError',
+            details: {httpStatusCode: 403, public: true}
           });
       }
 
-      // ensure product ID is listed in policy & creation is permitted
-      const productInPolicy = accountPolicies.create[productId];
-
-      if(!(productInPolicy && productInPolicy.allowed)) {
-        throw new BedrockError(
-          `Policy is missing product ID: ${productId}`, 'NotAllowedError', {
-            httpStatusCode: 403,
-            public: true
-          }
-        );
-      }
-
       // pass meter to create meter handler
       const response = await HANDLERS.createMeter({meter});
 

lib/index.js

@@ -4,4 +4,5 @@
 import '@bedrock/express';
 
 import './http.js';
+
 export * as handlers from './handlers.js';