Merge pull request #192 from PortalTechnologiesInc/wheatley/remove-age-verification-code

refactor(rest): remove verification-specific routes and settings

Author: denmeh

CHANGELOG.md

@@ -14,6 +14,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - `MessageRouter` now exposes `SendOutcome` / `EventSendResult` from the underlying `portal` crate, giving relay delivery feedback per event. `SendOutcome::Delivered { relays }` includes the URLs of relays that accepted the event. Not yet surfaced on the REST API; wiring will follow in a future release (#85)
 - `portal-rates`: added fallback-only market source failover in `MarketAPI` (tries fallback providers when the primary source fails). No `fiatUnits` mapping changes in this update (#129).
 
+#### Changed
+- Payment request amount fields now use `Amount` wrapper (`serde(transparent)` over `u64`) in core request models; wire JSON format remains unchanged.
+
+#### Removed
+- Verification-specific REST endpoints:
+  - `POST /verification/sessions`
+  - `POST /verification/token`
+- Verification-specific runtime settings from `portal-rest` config (`[verification]` / `PORTAL__VERIFICATION__API_KEY`).
+- Verification-specific entries from `portal-rest` OpenAPI spec and generated TS client/types.
+
 ---
 
 ### [0.4.1] - 2026-04-01
@@ -105,6 +115,7 @@ First release — Docker image available at [`getportal/sdk-daemon`](https://hub
 
 #### Changed
 - `register_nip05()` now delegates to `portal::register_nip05()` (moved to `portal` crate). UniFFI bindings unchanged.
+- Payment request amount fields now use `Amount` wrapper (`serde(transparent)` over `u64`) in core models; wire format and app compatibility unchanged.
 
 ---
 

README.md

@@ -15,13 +15,12 @@ No accounts. No KYC. No payment processor.
 
 ---
 
-Portal lets you add **age verification**, **authentication**, and **payments** to your app — without collecting personal data.
+Portal lets you add **authentication** and **payments** to your app — without collecting personal data.
 
 > **New here?** Start with the [documentation](https://portaltechnologiesinc.github.io/lib/) or create a free instance on [PortalHub](https://hub.getportal.cc).
 
 ## What can you build?
 
-- **Age verification** — verify users' age for compliance, no personal data stored → [Guide](https://portaltechnologiesinc.github.io/lib/age-verification/getting-started.html)
 - **Authentication** — passwordless login via the Portal app → [Guide](https://portaltechnologiesinc.github.io/lib/platform/authentication.html)
 - **Payments** — single, recurring, invoice-based; BTC or fiat → [Guide](https://portaltechnologiesinc.github.io/lib/platform/single-payments.html)
 - **Digital tickets** — issue and verify Cashu tokens → [Guide](https://portaltechnologiesinc.github.io/lib/platform/cashu-tokens.html)

crates/portal-rest/README.md

@@ -1,6 +1,6 @@
 # Portal REST API
 
-REST API server for Portal — authentication, payments, age verification, and more. Use it via the [TypeScript SDK](https://www.npmjs.com/package/portal-sdk) or call the HTTP endpoints directly.
+REST API server for Portal — authentication, payments,  and more. Use it via the [TypeScript SDK](https://www.npmjs.com/package/portal-sdk) or call the HTTP endpoints directly.
 
 > 📖 **[Full documentation](https://portaltechnologiesinc.github.io/lib/)** · 🚀 **[Get started with PortalHub](https://hub.getportal.cc)** (no self-hosting needed)
 

crates/portal-rest/clients/ts/src/client.ts

@@ -752,48 +752,4 @@ export class PortalClient {
     return this.get<EventsResponse>(`/events/${encodeURIComponent(streamId)}${q}`);
   }
 
-  // ---- Verification ----
-
-  /**
-   * Initiate a browser-based age verification session.
-   *
-   * Creates the verification session AND automatically starts listening for the
-   * verification token. Returns session info plus an `AsyncOperation` — use
-   * `poll()` or `done` to wait for the Cashu token result.
-   *
-   * Requires `[verification] api_key` in portal-rest config.
-   */
-  public async createVerificationSession(relayUrls?: string[]): Promise<
-    VerificationSessionResponse & AsyncOperation<CashuResponseStatus>
-  > {
-    const resp = await this.post<VerificationSessionResponse>('/verification/sessions', {
-      relays: relayUrls,
-    });
-    const done = this.registerStream(resp.stream_id).then(
-      (event) => event.status as CashuResponseStatus
-    );
-    return { ...resp, streamId: resp.stream_id, done };
-  }
-
-  // ---- Verification Token ----
-
-  /**
-   * Request a Cashu token from a recipient Portal wallet.
-   *
-   * Uses the Portal mint (`https://mint.getportal.cc`) with unit `multi`.
-   * Returns the `stream_id`; poll via `getEvents(streamId)` or use `onEvent`.
-   */
-  public async requestVerificationToken(
-    recipientKey: string,
-    subkeys: string[]
-  ): Promise<AsyncOperation<CashuResponseStatus>> {
-    const resp = await this.post<{ stream_id: string }>('/verification/token', {
-      recipient_key: recipientKey,
-      subkeys,
-    });
-    const done = this.registerStream(resp.stream_id).then(
-      (event) => event.status as CashuResponseStatus
-    );
-    return { streamId: resp.stream_id, done };
-  }
 }

crates/portal-rest/clients/ts/src/types.ts

@@ -321,27 +321,6 @@ export type CashuResponseStatus =
   | { status: 'insufficient_funds' }
   | { status: 'rejected'; reason?: string };
 
-// ---- Verification ----
-
-export interface CreateVerificationSessionRequest {
-  /** Relay URLs to use for the verification session. Defaults to the relays configured in the [nostr] section of the config if omitted. */
-  relays?: string[];
-}
-
-export interface VerificationSessionResponse {
-  session_id: string;
-  session_url: string;
-  ephemeral_npub: string;
-  expires_at: number;
-  stream_id: string;
-}
-
-// ---- Portal Token (Cashu from Portal wallet) ----
-
-export interface RequestVerificationTokenRequest {
-  recipient_key: string;
-  subkeys: string[];
-}
 
 // ---- Relays ----
 

crates/portal-rest/example.config.toml

@@ -52,11 +52,6 @@ ln_backend = "none"
 path = "portal-rest.db"
 
 
-## Age verification settings. Required for the POST /verification/sessions endpoint.
-## Get your API key from https://verify.getportal.cc
-# [verification]
-# api_key = "your-api-key-here"
-
 
 ## Optional Nostr profile metadata. Set any combination of fields to publish
 ## your profile on the Nostr network at startup. Omit the section or leave

crates/portal-rest/openapi.yaml

@@ -976,69 +976,3 @@ paths:
         "404":
           description: Stream not found
 
-
-  /verification/sessions:
-    post:
-      tags:
-        - Verification
-      summary: Initiate a browser-based age verification session
-      description: |
-        Creates a verification session AND automatically starts listening for the
-        verification token. Returns session info (including `session_url` to redirect
-        the user to) plus a `stream_id` to poll for the Cashu token result.
-        Poll `GET /events/{stream_id}` for a `cashu_response` event containing the token.
-        Requires `[verification] api_key` in the portal-rest configuration.
-      requestBody:
-        required: false
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CreateVerificationSessionRequest'
-      responses:
-        "200":
-          description: Verification session created
-          content:
-            application/json:
-              schema:
-                allOf:
-                  - $ref: '#/components/schemas/ApiResponse'
-                  - properties:
-                      data:
-                        $ref: '#/components/schemas/VerificationSessionResponse'
-        "400":
-          description: Verification not configured or invalid request
-        "500":
-          description: Verification service error
-
-  /verification/token:
-    post:
-      tags:
-        - Verification
-      summary: Request a verification token from a user who already holds one
-      description: |
-        Requests a verification token (Cashu) from a recipient who already has a token
-        in their Portal wallet (e.g. a mobile app user who completed verification previously).
-        Uses the Portal mint (`https://mint.getportal.cc`) with unit `multi`. Returns a
-        stream_id for polling. Poll GET /events/{stream_id} for the `cashu_response` event.
-
-        For new browser-based verification, use `POST /verification/sessions` instead — it
-        handles the full flow (session creation + token listening) in a single call.
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/RequestVerificationTokenRequest'
-      responses:
-        "201":
-          description: Verification token request initiated
-          content:
-            application/json:
-              schema:
-                allOf:
-                  - $ref: '#/components/schemas/ApiResponse'
-                  - properties:
-                      data:
-                        $ref: '#/components/schemas/StreamIdResponse'
-        "400":
-          description: Invalid recipient key or subkeys

crates/portal-rest/src/command.rs

@@ -74,18 +74,6 @@ pub struct RequestCashuRequest {
     pub amount: u64,
 }
 
-#[derive(Debug, Deserialize)]
-pub struct CreateVerificationSessionRequest {
-    /// Relay URLs to use for the verification session. Defaults to
-    /// the relays configured in the `[nostr]` section of the config if not set.
-    pub relays: Option<Vec<String>>,
-}
-
-#[derive(Debug, Deserialize)]
-pub struct RequestVerificationTokenRequest {
-    pub recipient_key: String,
-    pub subkeys: Vec<String>,
-}
 
 #[derive(Debug, Deserialize)]
 pub struct SendCashuDirectRequest {

crates/portal-rest/src/config.rs

@@ -18,13 +18,6 @@ pub struct Settings {
     pub profile: ProfileSettings,
     #[serde(default)]
     pub logging: LoggingSettings,
-    #[serde(default)]
-    pub verification: Option<VerificationSettings>,
-}
-
-#[derive(Deserialize, Debug, Clone)]
-pub struct VerificationSettings {
-    pub api_key: String,
 }
 
 #[derive(Deserialize, Debug, Clone)]

crates/portal-rest/src/handlers.rs

@@ -969,154 +969,3 @@ pub async fn get_events(
     Ok(ok(EventsResponse { stream_id, events }))
 }
 
-// ── Age Verification constants ────────────────────────────────────────────────
-const VERIFICATION_SERVICE_URL: &str = "https://verify.getportal.cc/verify/sessions";
-const VERIFICATION_MINT_URL: &str = "https://mint.getportal.cc";
-const VERIFICATION_TICKET_UNIT: &str = "multi";
-const VERIFICATION_TOKEN_AMOUNT: u64 = 1;
-
-// POST /verification/sessions
-pub async fn create_verification_session(
-    State(state): State<AppState>,
-    Json(req): Json<crate::command::CreateVerificationSessionRequest>,
-) -> ApiResult<VerificationSessionResponse> {
-    let verification = state
-        .settings
-        .verification
-        .as_ref()
-        .ok_or_else(|| bad_request("Verification not configured — add [verification] api_key to config"))?;
-
-    let relays = req.relays.unwrap_or_else(|| state.settings.nostr.relays.clone());
-
-    #[derive(serde::Serialize)]
-    struct VerifySessionRequest {
-        relays: Vec<String>,
-    }
-
-    #[derive(serde::Deserialize)]
-    struct VerifySessionApiResponse {
-        session_id: String,
-        session_url: String,
-        ephemeral_npub: String,
-        expires_at: u64,
-    }
-
-    let client = reqwest::Client::new();
-    let resp = client
-        .post(VERIFICATION_SERVICE_URL)
-        .header("X-Api-Key", &verification.api_key)
-        .json(&VerifySessionRequest { relays })
-        .send()
-        .await
-        .map_err(|e| internal_error(format!("Failed to call verification service: {e}")))?;
-
-    if !resp.status().is_success() {
-        let status = resp.status();
-        let body = resp.text().await.unwrap_or_default();
-        return Err(internal_error(format!(
-            "Verification service returned {}: {}",
-            status, body
-        )));
-    }
-
-    let api_resp: VerifySessionApiResponse = resp
-        .json()
-        .await
-        .map_err(|e| internal_error(format!("Failed to parse verification response: {e}")))?;
-
-    // Parse the ephemeral npub (bech32 format) into a PublicKey
-    let ephemeral_key = PublicKey::parse(&api_resp.ephemeral_npub)
-        .map_err(|e| internal_error(format!("Invalid ephemeral_npub from verification service: {e}")))?;
-
-    let stream_id = spawn_verification_token_request(
-        state.sdk.clone(),
-        &state.events,
-        ephemeral_key,
-        vec![],
-    )
-    .await;
-
-    Ok(ok(VerificationSessionResponse {
-        session_id: api_resp.session_id,
-        session_url: api_resp.session_url,
-        ephemeral_npub: api_resp.ephemeral_npub,
-        expires_at: api_resp.expires_at,
-        stream_id,
-    }))
-}
-
-/// Shared helper: creates a verification token request stream, spawns a
-/// background task that calls `sdk.request_cashu`, and returns the `stream_id`.
-async fn spawn_verification_token_request(
-    sdk: Arc<portal_sdk::PortalSDK>,
-    events: &crate::events::EventStore,
-    recipient: PublicKey,
-    subkeys: Vec<PublicKey>,
-) -> String {
-    let expires_at = Timestamp::now_plus_seconds(300);
-    let content = CashuRequestContent {
-        mint_url: VERIFICATION_MINT_URL.to_string(),
-        unit: VERIFICATION_TICKET_UNIT.to_string(),
-        amount: VERIFICATION_TOKEN_AMOUNT,
-        request_id: Uuid::new_v4().to_string(),
-        expires_at,
-    };
-
-    let stream_id = events
-        .new_stream("cashu_portal_token_request", None)
-        .await;
-
-    let events = events.clone();
-    let sid = stream_id.clone();
-    tokio::spawn(async move {
-        match sdk.request_cashu(recipient, subkeys, content).await {
-            Ok(Some(r)) => {
-                events
-                    .push(&sid, NotificationData::CashuResponse { status: r.status })
-                    .await;
-            }
-            Ok(None) => {
-                events
-                    .push(
-                        &sid,
-                        NotificationData::Error {
-                            reason: "No response from recipient".to_string(),
-                        },
-                    )
-                    .await;
-            }
-            Err(e) => {
-                events
-                    .push(
-                        &sid,
-                        NotificationData::Error {
-                            reason: format!("Failed to request verification token: {e}"),
-                        },
-                    )
-                    .await;
-            }
-        }
-    });
-
-    stream_id
-}
-
-// POST /verification/token
-pub async fn request_verification_token(
-    State(state): State<AppState>,
-    Json(req): Json<crate::command::RequestVerificationTokenRequest>,
-) -> ApiResult<StreamResponse> {
-    let recipient_key =
-        hex_to_pubkey(&req.recipient_key).map_err(|e| bad_request(format!("Invalid recipient key: {e}")))?;
-    let subkeys = parse_subkeys(&req.subkeys).map_err(|e| bad_request(format!("Invalid subkeys: {e}")))?;
-
-    let stream_id = spawn_verification_token_request(
-        state.sdk.clone(),
-        &state.events,
-        recipient_key,
-        subkeys,
-    )
-    .await;
-
-    Ok(created(StreamResponse { stream_id }))
-}