IP check in add earn isn't checking last IP

[daviroo]

We are using the following logic to check for the last IP the user connected from

  const lastIp = lastIPs.length > 0 ? lastIPs[lastIPs.length - 1] : undefined

https://github.com/GaloyMoney/galoy/blob/e821b328d03737f60e9e0d2525b63645cb63aec3/src/app/accounts/add-earn.ts#L55 But when we update the lastIPs in the database we update the entry in place if the user has connected from that IP before

      const lastIP = userIP.lastIPs.find((ipObject) => ipObject.ip === ip)

      if (lastIP) {
        lastIP.lastConnection = lastConnection
      } else {
       ...
        }
        userIP.lastIPs.push(ipInfo)
      }
      const result = await usersIp.update(userIP)

https://github.com/GaloyMoney/galoy/blob/e821b328d03737f60e9e0d2525b63645cb63aec3/src/app/users/get-user.ts#L76 So in the addEarn code we are assuming the IP the user is connecting from is the last one in the array, but that is actually jus the last new IP the user connected from.

[daviroo]

@dolcalmi I think you were the last person to touch the addEarn IP protection so interested in your opinion about this. Also @vindard.

[nicolasburtey]

the type of things that should be remove from the core I think

[nicolasburtey]

this PR https://github.com/GaloyMoney/galoy/commit/a9a5f5fe1137ae6290517ac27a44d7ab96f9b5e3 should have address this issue

@daviroo please reopen if the issue persists.