From a9599d0a4fca347e269229fdce29f9c1ad295de5 Mon Sep 17 00:00:00 2001 From: golobitch Date: Tue, 21 May 2024 21:12:05 +0200 Subject: [PATCH 1/6] feat(backend)!: update env variables --- packages/backend/jest.config.js | 1 + packages/backend/jest.env.js | 9 ++++ packages/backend/src/config/app.ts | 72 +++++++++++++++--------------- 3 files changed, 46 insertions(+), 36 deletions(-) create mode 100644 packages/backend/jest.env.js diff --git a/packages/backend/jest.config.js b/packages/backend/jest.config.js index 8f933f9a4c..127e2dba99 100644 --- a/packages/backend/jest.config.js +++ b/packages/backend/jest.config.js @@ -25,6 +25,7 @@ module.exports = { `/packages/${packageName}/src/`, `/node_modules` ], + setupFiles: [`/packages/${packageName}/jest.env.js`], id: packageName, displayName: packageName, rootDir: '../..' diff --git a/packages/backend/jest.env.js b/packages/backend/jest.env.js new file mode 100644 index 0000000000..dd60c312b2 --- /dev/null +++ b/packages/backend/jest.env.js @@ -0,0 +1,9 @@ +process.env.INSTANCE_NAME = 'Rafiki' +process.env.KEY_ID = 'myKey' +process.env.OPEN_PAYMENTS_URL = 'http://127.0.0.1:3000' +process.env.ILP_CONNECTOR_ADDRESS = 'http://127.0.0.1:3002' +process.env.ILP_ADDRESS = 'test.rafiki' +process.env.AUTH_SERVER_GRANT_URL = 'http://127.0.0.1:3006' +process.env.AUTH_SERVER_INTROSPECTION_URL = 'http://127.0.0.1:3007/' +process.env.WEBHOOK_URL = 'http://127.0.0.1:4001/webhook' +process.env.STREAM_SECRET = '2/PxuRFV9PAp0yJlnAifJ+1OxujjjI16lN+DBnLNRLA=' diff --git a/packages/backend/src/config/app.ts b/packages/backend/src/config/app.ts index b60a6bd163..caf2d83125 100644 --- a/packages/backend/src/config/app.ts +++ b/packages/backend/src/config/app.ts @@ -1,12 +1,15 @@ import { loadOrGenerateKey } from '@interledger/http-signature-utils' -import * as crypto from 'crypto' import dotenv from 'dotenv' import * as fs from 'fs' import { ConnectionOptions } from 'tls' -function envString(name: string, value: string): string { +function envString(name: string, defaultValue?: string): string { const envValue = process.env[name] - return envValue == null ? value : envValue + + if (envValue) return envValue + if (defaultValue) return defaultValue + + throw new Error(`Environment variable ${name} must be set.`) } function envStringArray(name: string, value: string[]): string[] { @@ -35,9 +38,18 @@ dotenv.config({ path: process.env.ENV_FILE || '.env' }) +let privateKeyFileEnv +try { + privateKeyFileEnv = envString('PRIVATE_KEY_FILE') +} catch (err) { + /* empty */ +} + +const privateKeyFileValue = loadOrGenerateKey(privateKeyFileEnv) + export const Config = { logLevel: envString('LOG_LEVEL', 'info'), - enableTelemetry: envBool('ENABLE_TELEMETRY', true), + enableTelemetry: envBool('ENABLE_TELEMETRY', false), livenet: envBool('LIVENET', false), openTelemetryCollectors: envStringArray( 'OPEN_TELEMETRY_COLLECTOR_URLS', @@ -59,7 +71,7 @@ export const Config = { 86_400_000 ), adminPort: envInt('ADMIN_PORT', 3001), - openPaymentsUrl: envString('OPEN_PAYMENTS_URL', 'http://127.0.0.1:3000'), + openPaymentsUrl: envString('OPEN_PAYMENTS_URL'), openPaymentsPort: envInt('OPEN_PAYMENTS_PORT', 3003), connectorPort: envInt('CONNECTOR_PORT', 3002), autoPeeringServerPort: envInt('AUTO_PEERING_SERVER_PORT', 3005), @@ -80,21 +92,15 @@ export const Config = { trustProxy: envBool('TRUST_PROXY', false), redisUrl: envString('REDIS_URL', 'redis://127.0.0.1:6379'), redisTls: parseRedisTlsConfig( - envString('REDIS_TLS_CA_FILE_PATH', ''), - envString('REDIS_TLS_KEY_FILE_PATH', ''), - envString('REDIS_TLS_CERT_FILE_PATH', '') + process.env.REDIS_TLS_CA_FILE_PATH, + process.env.REDIS_TLS_KEY_FILE_PATH, + process.env.REDIS_TLS_CERT_FILE_PATH ), - ilpAddress: envString('ILP_ADDRESS', 'test.rafiki'), - ilpConnectorAddress: envString( - 'ILP_CONNECTOR_ADDRESS', - 'http://127.0.0.1:3002' - ), - instanceName: envString('INSTANCE_NAME', 'Rafiki'), - streamSecret: process.env.STREAM_SECRET - ? Buffer.from(process.env.STREAM_SECRET, 'base64') - : crypto.randomBytes(32), - - useTigerbeetle: envBool('USE_TIGERBEETLE', false), + ilpAddress: envString('ILP_ADDRESS'), + ilpConnectorAddress: envString('ILP_CONNECTOR_ADDRESS'), + instanceName: envString('INSTANCE_NAME'), + streamSecret: Buffer.from(process.env.STREAM_SECRET || '', 'base64'), + useTigerbeetle: envBool('USE_TIGERBEETLE', true), tigerbeetleClusterId: envInt('TIGERBEETLE_CLUSTER_ID', 0), tigerbeetleReplicaAddresses: process.env.TIGERBEETLE_REPLICA_ADDRESSES ? process.env.TIGERBEETLE_REPLICA_ADDRESSES.split(',') @@ -109,14 +115,8 @@ export const Config = { walletAddressWorkers: envInt('WALLET_ADDRESS_WORKERS', 1), walletAddressWorkerIdle: envInt('WALLET_ADDRESS_WORKER_IDLE', 200), // milliseconds - authServerGrantUrl: envString( - 'AUTH_SERVER_GRANT_URL', - 'http://127.0.0.1:3006' - ), - authServerIntrospectionUrl: envString( - 'AUTH_SERVER_INTROSPECTION_URL', - 'http://127.0.0.1:3007/' - ), + authServerGrantUrl: envString('AUTH_SERVER_GRANT_URL'), + authServerIntrospectionUrl: envString('AUTH_SERVER_INTROSPECTION_URL'), outgoingPaymentWorkers: envInt('OUTGOING_PAYMENT_WORKERS', 4), outgoingPaymentWorkerIdle: envInt('OUTGOING_PAYMENT_WORKER_IDLE', 200), // milliseconds @@ -126,7 +126,7 @@ export const Config = { webhookWorkers: envInt('WEBHOOK_WORKERS', 1), webhookWorkerIdle: envInt('WEBHOOK_WORKER_IDLE', 200), // milliseconds - webhookUrl: envString('WEBHOOK_URL', 'http://127.0.0.1:4001/webhook'), + webhookUrl: envString('WEBHOOK_URL'), webhookTimeout: envInt('WEBHOOK_TIMEOUT', 2000), // milliseconds webhookMaxRetry: envInt('WEBHOOK_MAX_RETRY', 10), @@ -141,8 +141,8 @@ export const Config = { apiSecret: process.env.API_SECRET, // optional apiSignatureVersion: envInt('API_SIGNATURE_VERSION', 1), - keyId: envString('KEY_ID', 'rafiki'), - privateKey: loadOrGenerateKey(envString('PRIVATE_KEY_FILE', '')), + keyId: envString('KEY_ID'), + privateKey: privateKeyFileValue, graphQLIdempotencyKeyLockMs: envInt('GRAPHQL_IDEMPOTENCY_KEY_LOCK_MS', 2000), graphQLIdempotencyKeyTtlMs: envInt( @@ -169,23 +169,23 @@ export const Config = { } function parseRedisTlsConfig( - caFile: string, - keyFile: string, - certFile: string + caFile?: string, + keyFile?: string, + certFile?: string ): ConnectionOptions | undefined { const options: ConnectionOptions = {} // self-signed certs. - if (caFile !== '') { + if (caFile) { options.ca = fs.readFileSync(caFile) options.rejectUnauthorized = false } - if (certFile !== '') { + if (certFile) { options.cert = fs.readFileSync(certFile) } - if (keyFile !== '') { + if (keyFile) { options.key = fs.readFileSync(keyFile) } From 5d1ecfbccb34cb7660985353e3dde1f089e5a20c Mon Sep 17 00:00:00 2001 From: golobitch Date: Wed, 22 May 2024 21:42:53 +0200 Subject: [PATCH 2/6] feat(localenv): update backend env variables --- localenv/cloud-nine-wallet/docker-compose.yml | 3 ++- localenv/happy-life-bank/docker-compose.yml | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/localenv/cloud-nine-wallet/docker-compose.yml b/localenv/cloud-nine-wallet/docker-compose.yml index b6fce79379..6f7dcc318a 100644 --- a/localenv/cloud-nine-wallet/docker-compose.yml +++ b/localenv/cloud-nine-wallet/docker-compose.yml @@ -69,8 +69,9 @@ services: EXCHANGE_RATES_URL: http://cloud-nine-wallet/rates REDIS_URL: redis://shared-redis:6379/0 WALLET_ADDRESS_URL: ${CLOUD_NINE_WALLET_ADDRESS_URL:-https://cloud-nine-wallet-backend/.well-known/pay} - ILP_CONNECTOR_ADDRESS: ${CLOUD_NINE_CONNECTOR_URL} + ILP_CONNECTOR_ADDRESS: http://127.0.0.1:3002 ENABLE_TELEMETRY: false + KEY_ID: rafiki depends_on: - shared-database - shared-redis diff --git a/localenv/happy-life-bank/docker-compose.yml b/localenv/happy-life-bank/docker-compose.yml index f0bcf71e42..1cd4f77d42 100644 --- a/localenv/happy-life-bank/docker-compose.yml +++ b/localenv/happy-life-bank/docker-compose.yml @@ -38,6 +38,7 @@ services: ports: - "4000:80" - "4001:3001" + - "4002:3002" - '9231:9229' networks: - rafiki @@ -55,6 +56,7 @@ services: AUTH_SERVER_GRANT_URL: ${HAPPY_LIFE_BANK_AUTH_SERVER_DOMAIN:-http://happy-life-bank-auth:3006} AUTH_SERVER_INTROSPECTION_URL: http://happy-life-bank-auth:3007 ILP_ADDRESS: test.happy-life-bank + ILP_CONNECTOR_ADDRESS: http://127.0.0.1:4002 STREAM_SECRET: BjPXtnd00G2mRQwP/8ZpwyZASOch5sUXT5o0iR5b5wU= API_SECRET: iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964= WEBHOOK_URL: http://happy-life-bank/webhooks @@ -63,6 +65,7 @@ services: REDIS_URL: redis://shared-redis:6379/2 WALLET_ADDRESS_URL: ${HAPPY_LIFE_BANK_WALLET_ADDRESS_URL:-https://happy-life-bank-backend/.well-known/pay} ENABLE_TELEMETRY: false + KEY_ID: rafiki depends_on: - cloud-nine-backend happy-life-auth: From ed1dadec475125617e20d76fc5d688cd660b7021 Mon Sep 17 00:00:00 2001 From: golobitch Date: Wed, 22 May 2024 21:43:12 +0200 Subject: [PATCH 3/6] test(integration): update backend env variables --- test/integration/testenv/cloud-nine-wallet/docker-compose.yml | 2 ++ test/integration/testenv/happy-life-bank/docker-compose.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml index 48a74c34ec..c2a2f34aa8 100644 --- a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml +++ b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml @@ -20,6 +20,7 @@ services: environment: LOG_LEVEL: debug NODE_ENV: development + INSTANCE_NAME: 'Rafiki' CONNECTOR_PORT: 3102 ADMIN_PORT: 3101 OPEN_PAYMENTS_PORT: 3100 @@ -32,6 +33,7 @@ services: AUTH_SERVER_INTROSPECTION_URL: http://cloud-nine-wallet-test-auth:3107 AUTH_SERVER_GRANT_URL: http://cloud-nine-wallet-test-auth:3106 ILP_ADDRESS: test.cloud-nine-wallet-test + ILP_CONNECTOR_ADDRESS: http://127.0.0.1:3102 STREAM_SECRET: BjPXtnd00G2mRQwP/8ZpwyZASOch5sUXT5o0iR5b5wU= WEBHOOK_URL: http://host.docker.internal:8888/webhooks EXCHANGE_RATES_URL: http://host.docker.internal:8888/rates diff --git a/test/integration/testenv/happy-life-bank/docker-compose.yml b/test/integration/testenv/happy-life-bank/docker-compose.yml index 18d5496a79..bfd464839f 100644 --- a/test/integration/testenv/happy-life-bank/docker-compose.yml +++ b/test/integration/testenv/happy-life-bank/docker-compose.yml @@ -17,6 +17,7 @@ services: environment: NODE_ENV: development LOG_LEVEL: debug + INSTANCE_NAME: 'Happy Life Test' OPEN_PAYMENTS_URL: https://happy-life-bank-test-backend:4100 WALLET_ADDRESS_URL: https://happy-life-bank-test-backend:4100/.well-known/pay ADMIN_PORT: 4101 @@ -29,6 +30,7 @@ services: KEY_ID: keyid-97a3a431-8ee1-48fc-ac85-70e2f5eba8e5 PRIVATE_KEY_FILE: /workspace/private-key.pem ILP_ADDRESS: test.happy-life-bank-test + ILP_CONNECTOR_ADDRESS: http://127.0.0.1:4102 STREAM_SECRET: BjPXtnd00G2mRQwP/8ZpwyZASOch5sUXT5o0iR5b5wU= WEBHOOK_URL: http://host.docker.internal:8889/webhooks EXCHANGE_RATES_URL: http://host.docker.internal:8889/rates From da8eb12121806ed00cbf58a203ed8ad2a08283c2 Mon Sep 17 00:00:00 2001 From: Tadej Golobic Date: Tue, 21 May 2024 21:39:06 +0200 Subject: [PATCH 4/6] feat(auth)!: update default values for env variables (#2728) * feat(auth)!: remove default values for cookie key and identity server secret * feat(auth)!: rename auth server domain to auth server url * test(integration): update env * feat(localenv): update auth env * feat(localenv): update identity server url * test(integration): update identity server url * feat(auth)!: rename identity server domain to server url * docs(integration): update deployment env variables * fix(documentation): auth env grammatical error Co-authored-by: Nathan Lie --------- Co-authored-by: Nathan Lie --- localenv/cloud-nine-wallet/docker-compose.yml | 5 ++- localenv/happy-life-bank/docker-compose.yml | 5 ++- packages/auth/jest.config.js | 1 + packages/auth/jest.env.js | 6 +++ packages/auth/src/accessToken/routes.ts | 2 +- packages/auth/src/config/app.ts | 41 +++++++++---------- packages/auth/src/grant/routes.test.ts | 10 ++--- packages/auth/src/grant/routes.ts | 10 ++--- packages/auth/src/interaction/routes.test.ts | 4 +- packages/auth/src/interaction/routes.ts | 4 +- .../content/docs/integration/deployment.md | 8 ++-- test/integration/lib/test-actions/index.ts | 6 +-- .../cloud-nine-wallet/docker-compose.yml | 5 ++- .../happy-life-bank/docker-compose.yml | 5 ++- 14 files changed, 63 insertions(+), 49 deletions(-) create mode 100644 packages/auth/jest.env.js diff --git a/localenv/cloud-nine-wallet/docker-compose.yml b/localenv/cloud-nine-wallet/docker-compose.yml index 6f7dcc318a..3e4463c7c2 100644 --- a/localenv/cloud-nine-wallet/docker-compose.yml +++ b/localenv/cloud-nine-wallet/docker-compose.yml @@ -97,8 +97,11 @@ services: NODE_ENV: ${NODE_ENV:-development} TRUST_PROXY: ${TRUST_PROXY} AUTH_DATABASE_URL: postgresql://cloud_nine_wallet_auth:cloud_nine_wallet_auth@shared-database/cloud_nine_wallet_auth - AUTH_SERVER_DOMAIN: ${CLOUD_NINE_AUTH_SERVER_DOMAIN:-http://localhost:3006} + AUTH_SERVER_URL: ${CLOUD_NINE_AUTH_SERVER_DOMAIN:-http://localhost:3006} REDIS_URL: redis://shared-redis:6379/1 + IDENTITY_SERVER_URL: http://localhost:3030/mock-idp/ + IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE= + COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37 depends_on: - shared-database - shared-redis diff --git a/localenv/happy-life-bank/docker-compose.yml b/localenv/happy-life-bank/docker-compose.yml index 1cd4f77d42..944eedae5b 100644 --- a/localenv/happy-life-bank/docker-compose.yml +++ b/localenv/happy-life-bank/docker-compose.yml @@ -87,8 +87,11 @@ services: environment: NODE_ENV: development AUTH_DATABASE_URL: postgresql://happy_life_bank_auth:happy_life_bank_auth@shared-database/happy_life_bank_auth - AUTH_SERVER_DOMAIN: ${HAPPY_LIFE_BANK_AUTH_SERVER_DOMAIN:-http://localhost:4006} + AUTH_SERVER_URL: ${HAPPY_LIFE_BANK_AUTH_SERVER_DOMAIN:-http://localhost:4006} REDIS_URL: redis://shared-redis:6379/3 + IDENTITY_SERVER_URL: http://localhost:3031/mock-idp/ + IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE= + COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37 depends_on: - cloud-nine-auth happy-life-admin: diff --git a/packages/auth/jest.config.js b/packages/auth/jest.config.js index 1eeeb79ce2..a6127d9dcb 100644 --- a/packages/auth/jest.config.js +++ b/packages/auth/jest.config.js @@ -13,6 +13,7 @@ module.exports = { testRegex: `(packages/${packageName}/.*/__tests__/.*|\\.(test|spec))\\.tsx?$`, moduleDirectories: [`node_modules`, `packages/${packageName}/node_modules`], modulePaths: [`/packages/${packageName}/src/`], + setupFiles: [`/packages/${packageName}/jest.env.js`], id: packageName, displayName: packageName, rootDir: '../..' diff --git a/packages/auth/jest.env.js b/packages/auth/jest.env.js new file mode 100644 index 0000000000..712a6a7a31 --- /dev/null +++ b/packages/auth/jest.env.js @@ -0,0 +1,6 @@ +process.env.COOKIE_KEY = + '42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37' +process.env.IDENTITY_SERVER_SECRET = + '2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=' +process.env.AUTH_SERVER_URL = 'http://localhost:3006' +process.env.IDENTITY_SERVER_URL = 'http://localhost:3030/mock-idp/' diff --git a/packages/auth/src/accessToken/routes.ts b/packages/auth/src/accessToken/routes.ts index 6baed5afe9..5b183a4925 100644 --- a/packages/auth/src/accessToken/routes.ts +++ b/packages/auth/src/accessToken/routes.ts @@ -176,7 +176,7 @@ async function rotateToken( ctx.status = 200 ctx.body = { access_token: toOpenPaymentsAccessToken(newToken, accessItems, { - authServerUrl: deps.config.authServerDomain + authServerUrl: deps.config.authServerUrl }) } } diff --git a/packages/auth/src/config/app.ts b/packages/auth/src/config/app.ts index f0216b9c00..051797db27 100644 --- a/packages/auth/src/config/app.ts +++ b/packages/auth/src/config/app.ts @@ -1,11 +1,14 @@ -import * as crypto from 'crypto' import dotenv from 'dotenv' import * as fs from 'fs' import { ConnectionOptions } from 'tls' -function envString(name: string, value: string): string { +function envString(name: string, defaultValue?: string): string { const envValue = process.env[name] - return envValue == null ? value : envValue + + if (envValue) return envValue + if (defaultValue) return defaultValue + + throw new Error(`Environment variable ${name} must be set.`) } function envInt(name: string, value: number): number { @@ -38,17 +41,11 @@ export const Config = { 'AUTH_DATABASE_URL', 'postgresql://postgres:password@localhost:5432/auth_development' ), - identityServerDomain: envString( - 'IDENTITY_SERVER_DOMAIN', - 'http://localhost:3030/mock-idp/' - ), - identityServerSecret: envString('IDENTITY_SERVER_SECRET', 'replace-me'), - authServerDomain: envString( - 'AUTH_SERVER_DOMAIN', - `http://localhost:${envInt('AUTH_PORT', 3006)}` - ), + identityServerUrl: envString('IDENTITY_SERVER_URL'), + identityServerSecret: envString('IDENTITY_SERVER_SECRET'), + authServerUrl: envString('AUTH_SERVER_URL'), waitTimeSeconds: envInt('WAIT_SECONDS', 5), - cookieKey: envString('COOKIE_KEY', crypto.randomBytes(32).toString('hex')), + cookieKey: envString('COOKIE_KEY'), interactionExpirySeconds: envInt('INTERACTION_EXPIRY_SECONDS', 10 * 60), // Default 10 minutes accessTokenExpirySeconds: envInt('ACCESS_TOKEN_EXPIRY_SECONDS', 10 * 60), // Default 10 minutes databaseCleanupWorkers: envInt('DATABASE_CLEANUP_WORKERS', 1), @@ -58,30 +55,30 @@ export const Config = { listAllInteraction: envBool('LIST_ALL_ACCESS_INTERACTION', true), redisUrl: envString('REDIS_URL', 'redis://127.0.0.1:6379'), redisTls: parseRedisTlsConfig( - envString('REDIS_TLS_CA_FILE_PATH', ''), - envString('REDIS_TLS_KEY_FILE_PATH', ''), - envString('REDIS_TLS_CERT_FILE_PATH', '') + process.env.REDIS_TLS_CA_FILE_PATH, + process.env.REDIS_TLS_KEY_FILE_PATH, + process.env.REDIS_TLS_CERT_FILE_PATH ) } function parseRedisTlsConfig( - caFile: string, - keyFile: string, - certFile: string + caFile?: string, + keyFile?: string, + certFile?: string ): ConnectionOptions | undefined { const options: ConnectionOptions = {} // self-signed certs. - if (caFile !== '') { + if (caFile) { options.ca = fs.readFileSync(caFile) options.rejectUnauthorized = false } - if (certFile !== '') { + if (certFile) { options.cert = fs.readFileSync(certFile) } - if (keyFile !== '') { + if (keyFile) { options.key = fs.readFileSync(keyFile) } diff --git a/packages/auth/src/grant/routes.test.ts b/packages/auth/src/grant/routes.test.ts index 43f1bae7d9..5175fb02c0 100644 --- a/packages/auth/src/grant/routes.test.ts +++ b/packages/auth/src/grant/routes.test.ts @@ -239,7 +239,7 @@ describe('Grant Routes', (): void => { publicName: TEST_CLIENT_DISPLAY.name, assetCode: 'USD', assetScale: 2, - authServer: Config.authServerDomain, + authServer: Config.authServerUrl, resourceServer: faker.internet.url({ appendSlash: false }) }) @@ -351,7 +351,7 @@ describe('Grant Routes', (): void => { publicName: TEST_CLIENT_DISPLAY.name, assetCode: 'USD', assetScale: 2, - authServer: Config.authServerDomain, + authServer: Config.authServerUrl, resourceServer: faker.internet.url({ appendSlash: false }) }) @@ -498,8 +498,7 @@ describe('Grant Routes', (): void => { expect(ctx.body).toEqual({ access_token: { value: accessToken.value, - manage: - Config.authServerDomain + `/token/${accessToken.managementId}`, + manage: Config.authServerUrl + `/token/${accessToken.managementId}`, access: expect.arrayContaining([ { actions: expect.arrayContaining(['create', 'read', 'list']), @@ -823,8 +822,7 @@ describe('Grant Routes', (): void => { access_token: { value: accessToken.value, manage: - Config.authServerDomain + - `/token/${accessToken.managementId}`, + Config.authServerUrl + `/token/${accessToken.managementId}`, access: expect.arrayContaining([ { actions: expect.arrayContaining(['create', 'read', 'list']), diff --git a/packages/auth/src/grant/routes.ts b/packages/auth/src/grant/routes.ts index 7fec7c6988..17e6f09128 100644 --- a/packages/auth/src/grant/routes.ts +++ b/packages/auth/src/grant/routes.ts @@ -159,7 +159,7 @@ async function createApprovedGrant( ctx.body = toOpenPaymentsGrant( grant, - { authServerUrl: config.authServerDomain }, + { authServerUrl: config.authServerUrl }, accessToken, access ) @@ -198,7 +198,7 @@ async function createPendingGrant( ctx.status = 200 ctx.body = toOpenPaymentPendingGrant(grant, interaction, { client, - authServerUrl: config.authServerDomain, + authServerUrl: config.authServerUrl, waitTimeSeconds: config.waitTimeSeconds }) @@ -284,7 +284,7 @@ async function pollGrantContinuation( await grantService.updateLastContinuedAt(grant.id) ctx.status = 200 ctx.body = toOpenPaymentsGrantContinuation(grant, { - authServerUrl: config.authServerDomain, + authServerUrl: config.authServerUrl, waitTimeSeconds: config.waitTimeSeconds }) @@ -314,7 +314,7 @@ async function pollGrantContinuation( ctx.body = toOpenPaymentsGrant( grant, { - authServerUrl: config.authServerDomain + authServerUrl: config.authServerUrl }, accessToken, access @@ -416,7 +416,7 @@ async function continueGrant( // TODO: add "continue" to response if additional grant request steps are added ctx.body = toOpenPaymentsGrant( interaction.grant, - { authServerUrl: config.authServerDomain }, + { authServerUrl: config.authServerUrl }, accessToken, access ) diff --git a/packages/auth/src/interaction/routes.test.ts b/packages/auth/src/interaction/routes.test.ts index 6d557c79e6..50137533fe 100644 --- a/packages/auth/src/interaction/routes.test.ts +++ b/packages/auth/src/interaction/routes.test.ts @@ -144,7 +144,7 @@ describe('Interaction Routes', (): void => { assert.ok(interaction.id) - const redirectUrl = new URL(config.identityServerDomain) + const redirectUrl = new URL(config.identityServerUrl) redirectUrl.searchParams.set('interactId', interaction.id) const redirectSpy = jest.spyOn(ctx, 'redirect') @@ -300,7 +300,7 @@ describe('Interaction Routes', (): void => { const { clientNonce } = grant const { nonce: interactNonce, ref: interactRef } = interaction - const grantRequestUrl = config.authServerDomain + `/` + const grantRequestUrl = config.authServerUrl + `/` const data = `${clientNonce}\n${interactNonce}\n${interactRef}\n${grantRequestUrl}` const hash = crypto diff --git a/packages/auth/src/interaction/routes.ts b/packages/auth/src/interaction/routes.ts index 6bea0cfae6..8f29ea9fa5 100644 --- a/packages/auth/src/interaction/routes.ts +++ b/packages/auth/src/interaction/routes.ts @@ -187,7 +187,7 @@ async function startInteraction( ctx.session.nonce = interaction.nonce - const interactionUrl = new URL(config.identityServerDomain) + const interactionUrl = new URL(config.identityServerUrl) interactionUrl.searchParams.set('interactId', interaction.id) interactionUrl.searchParams.set('nonce', interaction.nonce) interactionUrl.searchParams.set('clientName', clientName as string) @@ -312,7 +312,7 @@ async function handleFinishableGrant( const { clientNonce } = grant const { nonce: interactNonce, ref: interactRef } = interaction - const grantRequestUrl = config.authServerDomain + `/` + const grantRequestUrl = config.authServerUrl + `/` // https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol#section-4.2.3 const data = `${clientNonce}\n${interactNonce}\n${interactRef}\n${grantRequestUrl}` diff --git a/packages/documentation/src/content/docs/integration/deployment.md b/packages/documentation/src/content/docs/integration/deployment.md index b36dccbb16..341160d248 100644 --- a/packages/documentation/src/content/docs/integration/deployment.md +++ b/packages/documentation/src/content/docs/integration/deployment.md @@ -116,11 +116,11 @@ Now, the Admin UI can be found on localhost:3010. | `ADMIN_PORT` | auth.port.admin | `3003` | Admin API GraphQL Server port | | `AUTH_DATABASE_URL` | auth.postgresql.host, auth.postgresql.port, auth.postgresql.username, auth.postgresql.database, auth.postgresql.password | `postgresql://postgres:password@localhost:5432/auth_development` | Postgres database URL of database storing the grant data; For Helm, these components are provided individually. | | `AUTH_PORT` | auth.port.auth | `3006` | port of this Open Payments Auth Server | -| `AUTH_SERVER_DOMAIN` | | `http://localhost:3006` | public endpoint of this Open Payments Auth Server | -| `COOKIE_KEY` | auth.cookieKey | 32 random bytes | [koa KeyGrip key](https://koajs.com/#app-keys-) that is used to sign cookies for an interaction session | +| `AUTH_SERVER_URL` | | | Public endpoint for this Rafiki instance's public Open Payment routes. | +| `COOKIE_KEY` | auth.cookieKey | | [koa KeyGrip key](https://koajs.com/#app-keys-) that is used to sign cookies for an interaction session | | `DATABASE_CLEANUP_WORKERS` | auth.workers.cleanup | `1` | number of workers processing expired or revoked access tokens | -| `IDENTITY_SERVER_DOMAIN` | auth.identityServer.domain | `http://localhost:3030/mock-idp/` | endpoint of the identity server controlled by the Account Servicing Entity | -| `IDENTITY_SERVER_SECRET` | auth.identityServer.secret | `replace-me` | API key to fetch the identity server endpoint | +| `IDENTITY_SERVER_URL` | auth.identityServer.domain | | endpoint of the identity server controlled by the Account Servicing Entity | +| `IDENTITY_SERVER_SECRET` | auth.identityServer.secret | | API key to fetch the identity server endpoint | | `INCOMING_PAYMENT_INTERACTION` | auth.interaction.incomingPayment | `false` | flag - incoming payments grant requests are interactive or not | | `INTERACTION_EXPIRY_SECONDS` | auth.interactionExpirySeconds | `600` | time in seconds for which a user can interact with a grant request | | `INTROSPECTION_PORT` | auth.port.introspection | `3007` | port of this Open Payments Auth - Token Introspection Server | diff --git a/test/integration/lib/test-actions/index.ts b/test/integration/lib/test-actions/index.ts index b67aef23ce..77c8551fd7 100644 --- a/test/integration/lib/test-actions/index.ts +++ b/test/integration/lib/test-actions/index.ts @@ -57,7 +57,7 @@ async function consentInteraction( { method: 'GET', headers: { - 'x-idp-secret': 'replace-me', + 'x-idp-secret': '2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=', cookie } } @@ -81,7 +81,7 @@ async function consentInteractionWithInteractRef( { method: 'GET', headers: { - 'x-idp-secret': 'replace-me', + 'x-idp-secret': '2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=', cookie }, redirect: 'manual' // dont follow redirects @@ -124,7 +124,7 @@ async function _startAndAcceptInteraction( { method: 'POST', headers: { - 'x-idp-secret': 'replace-me', + 'x-idp-secret': '2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=', cookie } } diff --git a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml index c2a2f34aa8..3f88d3af9a 100644 --- a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml +++ b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml @@ -58,12 +58,15 @@ services: - '3107:3107' environment: NODE_ENV: ${NODE_ENV:-development} - AUTH_SERVER_DOMAIN: http://cloud-nine-wallet-test-auth:3106 + AUTH_SERVER_URL: http://cloud-nine-wallet-test-auth:3106 AUTH_DATABASE_URL: postgresql://cloud_nine_wallet_test_auth:cloud_nine_wallet_test_auth@shared-database/cloud_nine_wallet_test_auth INTROSPECTION_PORT: 3107 AUTH_PORT: 3106 ADMIN_PORT: 3103 REDIS_URL: redis://shared-redis:6379/1 + IDENTITY_SERVER_URL: http://localhost:3030/mock-idp/ + IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE= + COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37 depends_on: - shared-database - shared-redis \ No newline at end of file diff --git a/test/integration/testenv/happy-life-bank/docker-compose.yml b/test/integration/testenv/happy-life-bank/docker-compose.yml index bfd464839f..e594f2a1fc 100644 --- a/test/integration/testenv/happy-life-bank/docker-compose.yml +++ b/test/integration/testenv/happy-life-bank/docker-compose.yml @@ -58,10 +58,13 @@ services: environment: NODE_ENV: development AUTH_DATABASE_URL: postgresql://happy_life_bank_test_auth:happy_life_bank_test_auth@shared-database/happy_life_bank_test_auth - AUTH_SERVER_DOMAIN: http://happy-life-bank-test-auth:4106 + AUTH_SERVER_URL: http://happy-life-bank-test-auth:4106 INTROSPECTION_PORT: 4107 ADMIN_PORT: 4103 AUTH_PORT: 4106 REDIS_URL: redis://shared-redis:6379/3 + IDENTITY_SERVER_URL: http://localhost:3030/mock-idp/ + IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE= + COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37 depends_on: - cloud-nine-wallet-test-auth \ No newline at end of file From edfb478087c65e717718bea3b941ca24819219fc Mon Sep 17 00:00:00 2001 From: Jason Bruwer Date: Mon, 27 May 2024 07:48:32 +0100 Subject: [PATCH 5/6] feat(2712): remove the accounting service interface from rafiki (#2743) * feat(2712): make use of backend accounting service. * feat(2712): make use of backend accounting service. * feat(2712): introduce BasicAccountingService. * feat(2712): formatting. * feat(2712): formatting. * feat(2712): remove the BaseAccountingService. * feat(2712): address warnings. * feat(2712): review comments. --- .../ilp/connector/core/rafiki.ts | 34 +------- .../core/test/mocks/accounting-service.ts | 86 +++++++++++++++++-- 2 files changed, 82 insertions(+), 38 deletions(-) diff --git a/packages/backend/src/payment-method/ilp/connector/core/rafiki.ts b/packages/backend/src/payment-method/ilp/connector/core/rafiki.ts index f0a7efb7c9..16e58f8e69 100644 --- a/packages/backend/src/payment-method/ilp/connector/core/rafiki.ts +++ b/packages/backend/src/payment-method/ilp/connector/core/rafiki.ts @@ -5,15 +5,9 @@ import { Errors } from 'ilp-packet' import { Redis } from 'ioredis' import Koa, { Middleware } from 'koa' import { Logger } from 'pino' -//import { Router } from './services/router' -import { - CreateAccountError, - TransferError -} from '../../../../accounting/errors' import { LiquidityAccount, - LiquidityAccountType, - Transaction + AccountingService } from '../../../../accounting/service' import { AssetOptions } from '../../../../asset/service' import { IncomingPaymentService } from '../../../../open_payments/payment/incoming/service' @@ -61,14 +55,6 @@ export interface TransferOptions { timeout: number } -export interface AccountingService { - createTransfer(options: TransferOptions): Promise - createLiquidityAccount( - account: LiquidityAccount, - type: LiquidityAccountType - ): Promise -} - export interface RafikiServices { //router: Router accounting: AccountingService @@ -115,7 +101,6 @@ export type ILPContext = { } export class Rafiki { - //private _router?: Router private streamServer: StreamServer private redis: Redis @@ -125,21 +110,13 @@ export class Rafiki { private config: RafikiServices, private routes: ILPMiddleware ) { - //this._router = config && config.router ? config.router : undefined this.redis = config.redis const logger = config.logger - //const routerOrThrow = (): Router => { - // if (this._router) return this._router - // throw new Error('No router service provided to the app') - //} this.streamServer = config.streamServer const { redis, streamServer } = this // Set global context that exposes services this.publicServer.context.services = { - //get router(): Router { - // return routerOrThrow() - //}, get incomingPayments(): IncomingPaymentService { return config.incomingPayments }, @@ -164,7 +141,6 @@ export class Rafiki { get telemetry(): TelemetryService | undefined { return config.telemetry }, - logger } @@ -210,14 +186,6 @@ export class Rafiki { return response.rawReply } - //public get router(): Router | undefined { - // return this._router - //} - - //public set router(router: Router | undefined) { - // this._router = router - //} - public get logger(): Logger { return this.publicServer.context.services.logger } diff --git a/packages/backend/src/payment-method/ilp/connector/core/test/mocks/accounting-service.ts b/packages/backend/src/payment-method/ilp/connector/core/test/mocks/accounting-service.ts index a5c7ad8e7f..60aa5cf783 100644 --- a/packages/backend/src/payment-method/ilp/connector/core/test/mocks/accounting-service.ts +++ b/packages/backend/src/payment-method/ilp/connector/core/test/mocks/accounting-service.ts @@ -1,15 +1,17 @@ +import { IncomingAccount, OutgoingAccount } from '../../rafiki' + import { + Transaction, AccountingService, - IncomingAccount, - OutgoingAccount -} from '../../rafiki' - -import { Transaction } from '../../../../../../accounting/service' + Deposit, + Withdrawal +} from '../../../../../../accounting/service' import { CreateAccountError, TransferError } from '../../../../../../accounting/errors' import { CreateAccountError as CreateAccountErrorCode } from 'tigerbeetle-node' +import { TransactionOrKnex } from 'objection' interface MockAccount { id: string @@ -133,4 +135,78 @@ export class MockAccountingService implements AccountingService { } return account } + + createDeposit( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + deposit: Deposit, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + trx?: TransactionOrKnex + ): Promise { + throw new Error('Not implemented!') + } + + createSettlementAccount( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + ledger: number, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + trx?: TransactionOrKnex + ): Promise { + throw new Error('Not implemented!') + } + + createWithdrawal( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + withdrawal: Withdrawal + ): Promise { + throw new Error('Not implemented!') + } + + getAccountsTotalReceived( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + ids: string[] + ): Promise<(bigint | undefined)[]> { + throw new Error('Not implemented!') + } + + getAccountsTotalSent( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + ids: string[] + ): Promise<(bigint | undefined)[]> { + throw new Error('Not implemented!') + } + + getSettlementBalance( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + ledger: number + ): Promise { + throw new Error('Not implemented!') + } + + getTotalReceived( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + id: string + ): Promise { + throw new Error('Not implemented!') + } + + getTotalSent( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + id: string + ): Promise { + throw new Error('Not implemented!') + } + + postWithdrawal( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + id: string + ): Promise { + throw new Error('Not implemented!') + } + + voidWithdrawal( + // eslint-disable-next-line @typescript-eslint/no-unused-vars + id: string + ): Promise { + throw new Error('Not implemented!') + } } From 01f5b18312f1e8e288359449a8455e2470f88e9e Mon Sep 17 00:00:00 2001 From: golobitch Date: Wed, 22 May 2024 21:43:12 +0200 Subject: [PATCH 6/6] test(integration): update backend env variables --- .../integration/testenv/cloud-nine-wallet/docker-compose.yml | 5 +++++ test/integration/testenv/happy-life-bank/docker-compose.yml | 1 + 2 files changed, 6 insertions(+) diff --git a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml index 3f88d3af9a..bf11667b07 100644 --- a/test/integration/testenv/cloud-nine-wallet/docker-compose.yml +++ b/test/integration/testenv/cloud-nine-wallet/docker-compose.yml @@ -33,11 +33,16 @@ services: AUTH_SERVER_INTROSPECTION_URL: http://cloud-nine-wallet-test-auth:3107 AUTH_SERVER_GRANT_URL: http://cloud-nine-wallet-test-auth:3106 ILP_ADDRESS: test.cloud-nine-wallet-test +<<<<<<< HEAD ILP_CONNECTOR_ADDRESS: http://127.0.0.1:3102 +======= + ILP_CONNECTOR_ADDRESS: http://host.docker.internal:3102 +>>>>>>> 3c721905 (test(integration): update backend env variables) STREAM_SECRET: BjPXtnd00G2mRQwP/8ZpwyZASOch5sUXT5o0iR5b5wU= WEBHOOK_URL: http://host.docker.internal:8888/webhooks EXCHANGE_RATES_URL: http://host.docker.internal:8888/rates REDIS_URL: redis://shared-redis:6379/0 + USE_TIGERBEETLE: false volumes: - ../private-key.pem:/workspace/private-key.pem depends_on: diff --git a/test/integration/testenv/happy-life-bank/docker-compose.yml b/test/integration/testenv/happy-life-bank/docker-compose.yml index e594f2a1fc..96efd7d917 100644 --- a/test/integration/testenv/happy-life-bank/docker-compose.yml +++ b/test/integration/testenv/happy-life-bank/docker-compose.yml @@ -35,6 +35,7 @@ services: WEBHOOK_URL: http://host.docker.internal:8889/webhooks EXCHANGE_RATES_URL: http://host.docker.internal:8889/rates REDIS_URL: redis://shared-redis:6379/2 + USE_TIGERBEETLE: false volumes: - ../private-key.pem:/workspace/private-key.pem depends_on: