Skip to content

Commit

Permalink
Merge pull request #34 from ech0s7r/main
Browse files Browse the repository at this point in the history
Add encryption support
  • Loading branch information
ech0s7r authored Jun 16, 2022
2 parents 19ef80f + 60a466c commit 239510c
Show file tree
Hide file tree
Showing 29 changed files with 4,024 additions and 115 deletions.
13 changes: 13 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# http://editorconfig.org
root = true

[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

[*.md]
trim_trailing_whitespace = false
23 changes: 23 additions & 0 deletions .eslintrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
extends:
- eslint:recommended
- prettier

env:
es6: true
node: true
jest: true

parserOptions:
ecmaVersion: 8

rules:
semi: 2
no-console: 2
no-empty: 2
eqeqeq:
- 2
- always
no-unused-vars: 1
no-unsafe-negation: 2
prefer-const: 2
no-var: 2
23 changes: 23 additions & 0 deletions .github/workflows/linter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: Linter
'on':
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: 0 14 * * *
jobs:
linter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Use Node.js 13
uses: actions/setup-node@v1
with:
node-version: 13
- name: Run eslint
run: |
npm ci
npm run lint
15 changes: 9 additions & 6 deletions .github/workflows/sonar-scanner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ name: Sonar
schedule:
- cron: 0 14 * * *
jobs:
build:
sonarcloud:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Expand All @@ -28,15 +28,18 @@ jobs:
run: |
npm ci
npm run build --if-present
npm test
npm run coverage
cat .nyc_output/coverage.lcov
- name: SonarCloud
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}'
with:
args: >
-Dsonar.organization=mastercard
-Dsonar.projectName=insomnia-plugin-mastercard
-Dsonar.projectKey=Mastercard_insomnia-plugin-mastercard
-Dsonar.sources=./src -Dsonar.host.url=https://sonarcloud.io
-Dsonar.login=${{ secrets.SONAR_TOKEN }}
-Dsonar.sources=.
-Dsonar.exclusions=test/**/*
-Dsonar.tests=./test
-Dsonar.coverage.jacoco.xmlReportPaths=test-results.xml
-Dsonar.javascript.lcov.reportPaths=.nyc_output/coverage.lcov
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,9 @@ typings/

.history/

.idea

test-results.xml

.scannerwork

77 changes: 66 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
[![](https://developer.mastercard.com/_/_/src/global/assets/svg/mcdev-logo-dark.svg)](https://developer.mastercard.com/)

[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_insomnia-plugin-mastercard&metric=alert_status)](https://sonarcloud.io/dashboard?id=Mastercard_insomnia-plugin-mastercard)
[![](https://github.com/Mastercard/insomnia-plugin-mastercard-auth/workflows/broken%20links%3F/badge.svg)](https://github.com/Mastercard/insomnia-plugin-mastercard-auth/actions?query=workflow%3A%22broken+links%3F%22)
[![](https://img.shields.io/npm/v/insomnia-plugin-mastercard-auth.svg)](https://www.npmjs.com/package/insomnia-plugin-mastercard-auth)
[![](https://img.shields.io/badge/license-Apache%202.0-yellow.svg)](https://github.com/Mastercard/insomnia-plugin-mastercard-auth/blob/master/LICENSE)
[![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard-auth/master/workspace/mastercard-apis-insomnia-workspace.json)
[![](https://github.com/Mastercard/insomnia-plugin-mastercard/workflows/broken%20links%3F/badge.svg)](https://github.com/Mastercard/insomnia-plugin-mastercard/actions?query=workflow%3A%22broken+links%3F%22)
[![](https://img.shields.io/npm/v/insomnia-plugin-mastercard.svg)](https://www.npmjs.com/package/insomnia-plugin-mastercard)
[![](https://img.shields.io/badge/license-Apache%202.0-yellow.svg)](https://github.com/Mastercard/insomnia-plugin-mastercard/blob/master/LICENSE)
[![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json)

## Table of Contents
- [Overview](#overview)
Expand All @@ -16,16 +16,20 @@
* [Installation](#installation)
* [Configuration](#configuration)
* [Authenticated Requests](#authenticated-requests)
* [Encryption](#encryption)
- [Further Reading](#further-reading)

## Overview <a name="overview"></a>
A plugin for handling Mastercard API authentication. This plugin computes and adds an `Authorization` header to requests sent from [Insomnia REST Client](https://insomnia.rest/).
A plugin for consuming Mastercard APIs with support for authentication and encryption.
This plugin computes and adds an `Authorization` header to requests sent from [Insomnia REST Client](https://insomnia.rest/)
and it can be configured to automatically encrypt request and/or decrypt response payloads.

### Compatibility <a name="compatibility"></a>
Insomnia v5.15.0+

### References <a name="references"></a>
* [Using OAuth 1.0a to Access Mastercard APIs](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/)
* [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/)
* [A Mastercard Plugin for Insomnia REST Client](https://developer.mastercard.com/blog/a-mastercard-plugin-for-insomnia-rest-client)

## Usage <a name="usage"></a>
Expand All @@ -40,20 +44,20 @@ As part of this set up, you'll receive credentials for your app:
### Installation <a name="installation"></a>

#### 1. One-Click Installation
1. Go to https://insomnia.rest/plugins/insomnia-plugin-mastercard-auth
1. Go to https://insomnia.rest/plugins/insomnia-plugin-mastercard
2. Click the "Install Plugin" button
3. Click "Open Insomnia" and "Install"

#### 2. From the Plugins Tab
1. Open Insomnia
2. Go to Application > Preferences > Plugins
3. Type "insomnia-plugin-mastercard-auth"
3. Type "insomnia-plugin-mastercard"
4. Click "Install Plugin"

![](https://user-images.githubusercontent.com/3964455/67882592-66a0cd00-fb3a-11e9-9e57-15736b605396.gif)

#### 3. Manual Installation
1. Download "insomnia-plugin-mastercard-auth-{version}.zip" from [Releases > Assets](https://github.com/Mastercard/insomnia-plugin-mastercard-auth/releases)
1. Download "insomnia-plugin-mastercard-{version}.zip" from [Releases > Assets](https://github.com/Mastercard/insomnia-plugin-mastercard/releases)
2. Go to Application > Preferences > Plugins
3. Click "Reveal Plugins Folder"
4. Extract the ZIP file from step 1 to the "plugins" folder
Expand All @@ -65,14 +69,14 @@ As part of this set up, you'll receive credentials for your app:

#### One-Click Import
To import two ready to be used "sandbox" and "production" environments:
1. Click [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard-auth/master/workspace/mastercard-apis-insomnia-workspace.json)
1. Click [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json)
2. Click "Run Import Mastercard Workspace"

Alternatively, you can:
1. Go to Application > Preferences > Data
2. Click "Import Data"
3. Click "From URL"
4. Type: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard-auth/master/workspace/mastercard-apis-insomnia-workspace.json
4. Type: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json
5. Click "Fetch and Import"

![](https://user-images.githubusercontent.com/3964455/68041294-2d966300-fcc8-11e9-887a-cfadf183c4c1.gif)
Expand Down Expand Up @@ -118,7 +122,58 @@ From now on, an `Authorization` header will be automatically added to every requ

![](https://user-images.githubusercontent.com/3964455/68042376-a72f5080-fcca-11e9-85d9-d60cdd2da920.gif)

### Encryption <a name="encryption"></a>
This plugin can take care of encrypting requests and/or decrypting response payloads. To enable encryption support,
you need to configure in the environment the `encryptionConfig` property:

```jsonc
{
"mastercard": {

// ... //

"encryptionConfig": {
"paths": [
{
"path": "/tokenize",
"toEncrypt": [
{
"element": "cardInfo.encryptedData",
"obj": "cardInfo"
},
{
"element": "fundingAccountInfo.encryptedPayload.encryptedData",
"obj": "fundingAccountInfo.encryptedPayload"
}
],
"toDecrypt": [
{
"element": "tokenDetail",
"obj": "tokenDetail.encryptedData"
}
]
}
],
"oaepPaddingDigestAlgorithm": "SHA-512",
"ivFieldName": "iv",
"encryptedKeyFieldName": "encryptedKey",
"encryptedValueFieldName": "encryptedData",
"oaepHashingAlgorithmFieldName": "oaepHashingAlgorithm",
"publicKeyFingerprintFieldName": "publicKeyFingerprint",
"publicKeyFingerprintType": "certificate",
"dataEncoding": "hex",
"encryptionCertificate": "/path/to/the/encryption/certificate",
"privateKey": "/path/to/private/key"
}
}
}
```

For further details on the configuration object and predefined service configurations, please checkout this [page](https://github.com/Mastercard/client-encryption-nodejs/wiki).

## Further Reading <a name="further-reading"></a>

* [oauth1-signer-nodejs](https://github.com/Mastercard/oauth1-signer-nodejs) — A zero dependency library for generating a Mastercard API compliant OAuth signature
* [client-encryption-nodejs](https://github.com/Mastercard/client-encryption-nodejs) — Library for Mastercard API compliant payload encryption/decryption.
* [Insomnia Plugins](https://support.insomnia.rest/article/26-plugins)
* [The Insomnia Plugin Hub](https://insomnia.rest/plugins)
* [oauth1-signer-nodejs](https://github.com/Mastercard/oauth1-signer-nodejs) — A zero dependency library for generating a Mastercard API compliant OAuth signature
20 changes: 10 additions & 10 deletions icon.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
7 changes: 4 additions & 3 deletions index.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
module.exports.requestHooks = [
require('./src/mastercard-auth')
];
module.exports = {
requestHooks: require('./src/plugin').request,
responseHooks: require('./src/plugin').response
};
Loading

0 comments on commit 239510c

Please sign in to comment.