feat(feature-manager): remove webhooks, verified content (#2159)

* feat(feature-manager): remove webhooks, verified content from feature manager

* build: add default signing key in dev

* docs: add comment about SQS url default

docker-compose.yml

@@ -52,6 +52,9 @@ services:
       # Keep in sync with the development key in
       # https://github.com/opengovsg/formsg-javascript-sdk/blob/develop/src/resource/verification-keys.ts
       - VERIFICATION_SECRET_KEY=iGkfOuI6uxrlfw+7CZFFUZBwk86I+pu6v+g7EWA6qJpJnilXQleCPx2EVTr24eWWphzFO2WJiaL53oyXnqWdBQ==
+      # Keep in sync with the development key in
+      # https://github.com/opengovsg/formsg-javascript-sdk/blob/develop/src/resource/signing-keys.ts
+      - SIGNING_SECRET_KEY=HDBXpu+2/gu10bLHpy8HjpN89xbA6boH9GwibPGJA8BOXmB+zOUpxCP33/S5p8vBWlPokC7gLR0ca8urVwfMUQ==
       - TWILIO_ACCOUNT_SID
       - TWILIO_API_KEY
       - TWILIO_API_SECRET
@@ -60,7 +63,6 @@ services:
       - SES_USER
       - OTP_LIFE_SPAN
       - AWS_REGION
-      - SIGNING_SECRET_KEY
       - SP_FORMSG_KEY_PATH
       - SP_FORMSG_CERT_PATH
       - SP_IDP_CERT_PATH

src/app/config/feature-manager/index.ts

@@ -1,15 +1,13 @@
 import FeatureManager from './util/FeatureManager.class'
 import sms from './sms.config'
 import spcpMyInfo from './spcp-myinfo.config'
-import webhookVerifiedContent from './webhook-verified-content.config'
 
 export * from './types'
 
 const featureManager = new FeatureManager()
 
 // Register features and associated middleware/fallbacks
 featureManager.register(spcpMyInfo)
-featureManager.register(webhookVerifiedContent)
 featureManager.register(sms)
 
 export default featureManager

src/app/config/feature-manager/types.ts

@@ -4,7 +4,6 @@ import { Schema } from 'convict'
 export enum FeatureNames {
   Sms = 'sms',
   SpcpMyInfo = 'spcp-myinfo',
-  WebhookVerifiedContent = 'webhook-verified-content',
 }
 
 export interface ISms {
@@ -49,15 +48,9 @@ export interface IMyInfoConfig {
 
 export type ISpcpMyInfo = ISpcpConfig & IMyInfoConfig
 
-export interface IWebhookVerifiedContent {
-  signingSecretKey: string
-  webhookQueueUrl: string
-}
-
 export interface IFeatureManager {
   [FeatureNames.Sms]: ISms
   [FeatureNames.SpcpMyInfo]: ISpcpMyInfo
-  [FeatureNames.WebhookVerifiedContent]: IWebhookVerifiedContent
 }
 
 export interface RegisteredFeature<T extends FeatureNames> {

src/app/config/feature-manager/webhook-verified-content.config.ts

@@ -1,22 +1,28 @@
-import { FeatureNames, RegisterableFeature } from './types'
+import convict, { Schema } from 'convict'
 
-const webhookVerifiedContentFeature: RegisterableFeature<FeatureNames.WebhookVerifiedContent> =
-  {
-    name: FeatureNames.WebhookVerifiedContent,
-    schema: {
-      signingSecretKey: {
-        doc: 'The secret key for signing verified content passed into the database and for signing webhooks',
-        format: String,
-        default: null,
-        env: 'SIGNING_SECRET_KEY',
-      },
-      webhookQueueUrl: {
-        doc: 'URL of AWS SQS queue for webhook retries',
-        format: String,
-        default: '',
-        env: 'WEBHOOK_SQS_URL',
-      },
-    },
-  }
+export interface IWebhooksAndVerifiedContent {
+  signingSecretKey: string
+  webhookQueueUrl: string
+}
 
-export default webhookVerifiedContentFeature
+const webhooksAndVerifiedContentSchema: Schema<IWebhooksAndVerifiedContent> = {
+  signingSecretKey: {
+    doc: 'The secret key for signing verified content passed into the database and for signing webhooks',
+    format: String,
+    default: null,
+    env: 'SIGNING_SECRET_KEY',
+  },
+  webhookQueueUrl: {
+    doc: 'URL of AWS SQS queue for webhook retries',
+    format: String,
+    // Allow this to default to empty string so retries can be disabled easily
+    default: '',
+    env: 'WEBHOOK_SQS_URL',
+  },
+}
+
+export const webhooksAndVerifiedContentConfig = convict(
+  webhooksAndVerifiedContentSchema,
+)
+  .validate({ allowed: 'strict' })
+  .getProperties()

src/app/config/formsg-sdk.ts

@@ -1,18 +1,13 @@
 import formsgSdkPackage from '@opengovsg/formsg-sdk'
-import { get } from 'lodash'
 
 import * as vfnConstants from '../../shared/util/verification'
 
 import { verifiedFieldsConfig } from './feature-manager/verified-fields.config'
+import { webhooksAndVerifiedContentConfig } from './feature-manager/webhook-verified-content.config'
 import { formsgSdkMode } from './config'
-import featureManager, { FeatureNames } from './feature-manager'
 
 const formsgSdk = formsgSdkPackage({
-  webhookSecretKey: get(
-    featureManager.props(FeatureNames.WebhookVerifiedContent),
-    'signingSecretKey',
-    undefined,
-  ),
+  webhookSecretKey: webhooksAndVerifiedContentConfig.signingSecretKey,
   mode: formsgSdkMode,
   verificationOptions: {
     secretKey: verifiedFieldsConfig.verificationSecretKey,

src/app/modules/submission/encrypt-submission/encrypt-submission.controller.ts

@@ -31,7 +31,7 @@ import { PermissionLevel } from '../../form/admin-form/admin-form.types'
 import * as FormService from '../../form/form.service'
 import { SpcpFactory } from '../../spcp/spcp.factory'
 import { getPopulatedUserById } from '../../user/user.service'
-import { VerifiedContentFactory } from '../../verified-content/verified-content.factory'
+import * as VerifiedContentService from '../../verified-content/verified-content.service'
 import { WebhookFactory } from '../../webhook/webhook.factory'
 import * as EncryptSubmissionMiddleware from '../encrypt-submission/encrypt-submission.middleware'
 import { sendEmailConfirmations } from '../submission.service'
@@ -251,11 +251,11 @@ const submitEncryptModeForm: ControllerHandler<
   let verified
   if (form.authType === AuthType.SP || form.authType === AuthType.CP) {
     const encryptVerifiedContentResult =
-      VerifiedContentFactory.getVerifiedContent({
+      VerifiedContentService.getVerifiedContent({
         type: form.authType,
         data: { uinFin, userInfo },
       }).andThen((verifiedContent) =>
-        VerifiedContentFactory.encryptVerifiedContent({
+        VerifiedContentService.encryptVerifiedContent({
           verifiedContent,
           formPublicKey: form.publicKey,
         }),

src/app/modules/verified-content/verified-content.service.ts

@@ -1,6 +1,7 @@
 import { err, ok, Result } from 'neverthrow'
 
 import { AuthType } from '../../../types'
+import { webhooksAndVerifiedContentConfig } from '../../config/feature-manager/webhook-verified-content.config'
 import formsgSdk from '../../config/formsg-sdk'
 import { createLoggerWithLabel } from '../../config/logger'
 
@@ -41,15 +42,15 @@ export const getVerifiedContent = ({
 export const encryptVerifiedContent = ({
   verifiedContent,
   formPublicKey,
-  signingSecretKey,
-}: EncryptVerificationContentParams & {
-  signingSecretKey: string
-}): Result<string, EncryptVerifiedContentError> => {
+}: EncryptVerificationContentParams): Result<
+  string,
+  EncryptVerifiedContentError
+> => {
   try {
     const encryptedContent = formsgSdk.crypto.encrypt(
       verifiedContent,
       formPublicKey,
-      signingSecretKey,
+      webhooksAndVerifiedContentConfig.signingSecretKey,
     )
     return ok(encryptedContent)
   } catch (error) {