// PHASE 1: RECEIVE DEPOSIT REQUEST FROM USER
app.post('/plugins/bank/deposit', toolsLib.security.verifyBearerTokenExpressMiddleware(['user']), (req, res) => {
const { currency, amount } = req.body;
const user_id = req.auth.sub.id;
// Create UUID for this deposit
const transactionId = uuid();
// Callback url for payment notification
const callback_url = `${toolsLib.getKitConfig().info.url}/plugins/bank/${transactionId}`;
user_id, // user_id added for callback
expires: moment().add(5, 'minutes') // if payment occurs 5 minutes after expires, deny transfer
// Store deposit data in Redis
await toolsLib.database.client.setAsync(transferUuid, JSON.stringify(payload));
// PAYMENT_SERVICE is the payment service being used
const transferResponse = await PAYMENT_SERVICE.deposit(payment);
// Redirect user for completing the payment
return res.redirect(transferResponse.url);
// PHASE 3: RECEIVE NOTIFICATION OF COMPLETED DEPOSIT FROM PAYMENT SERVICE
app.post('/plugins/bank/:uuid', (req, res) => {
const { uuid } = req.params;
const { amount, currency, transaction_id } = req.body;
// Get deposit data from Redis via uuid
const storedDepositData = await toolsLib.database.client.getAsync(uuid);
// If data is not found, reject deposit
if (!storedDepositData) {
return res.status(400).json({ message: `No deposit found with UUID ${uuid}` });
storedDepositData = JSON.parse(storedDepositData);
// Delete data from Redis
await toolsLib.database.client.delAsync(uuid);
// If deposit occured after expiry time, reject the deposit
if (moment().isAfter(storedDepositData.expires)) {
return res.status(400).json({ message: 'Deposit is expired' });
// If deposit amount or currency don't match ones stored on Redis, reject the deposit
if (amount !== storedDepositData.amount || currency !== storedDepositData.currency) {
return res.status(400).json({ message: 'Incorrect amount or currency given' });
// All checks passed, mint the asset with the transaction ID obtained from serivce provider
const mintResponse = await toolsLib.wallet.mintAssetByKitId(
storedDepositData.user_id, // User kit id
storedDepositData.currency, // currency
storedDepositData.amount, // amount
description: 'Bank Deposit', // description
transactionId: transaction_id // transaction id
return res.json(mintResponse);