From aaacd5b07e34b1e47112e92b3879c414c1fd6812 Mon Sep 17 00:00:00 2001 From: Antariksh Mahajan Date: Mon, 9 Nov 2020 15:03:35 +0800 Subject: [PATCH] refactor: validate MyInfo env vars using Convict (#559) * refactor: validate myinfo env vars using convict * refactor: combine imports * test: add required env vars to tests * ref: change myInfoClientMode default to prod --- src/app/factories/spcp-myinfo.factory.js | 13 +++++++------ src/config/feature-manager/spcp-myinfo.config.ts | 16 ++++++++++++++++ src/config/feature-manager/types.ts | 10 +++++++++- tests/.test-full-env | 4 +++- 4 files changed, 35 insertions(+), 8 deletions(-) diff --git a/src/app/factories/spcp-myinfo.factory.js b/src/app/factories/spcp-myinfo.factory.js index fb8befa061..a4efa61f8a 100644 --- a/src/app/factories/spcp-myinfo.factory.js +++ b/src/app/factories/spcp-myinfo.factory.js @@ -6,7 +6,10 @@ const featureManager = require('../../config/feature-manager').default const config = require('../../config/config') const fs = require('fs') const SPCPAuthClient = require('@opengovsg/spcp-auth-client') -const { MyInfoGovClient } = require('@opengovsg/myinfo-gov-client') +const { + MyInfoGovClient, + Mode: MyInfoClientMode, +} = require('@opengovsg/myinfo-gov-client') const MyInfoService = require('../services/myinfo.service') const logger = require('../../config/logger').createLoggerWithLabel(module) @@ -59,12 +62,10 @@ const spcpFactory = ({ isEnabled, props }) => { // as part of convict (Issue #255) if (config.nodeEnv === 'production') { let myInfoPrefix = - process.env.MYINFO_CLIENT_CONFIG === 'stg' ? 'STG2-' : 'PROD2-' - myInfoConfig.privateKey = fs.readFileSync( - process.env.MYINFO_FORMSG_KEY_PATH, - ) + props.myInfoClientMode === MyInfoClientMode.Staging ? 'STG2-' : 'PROD2-' + myInfoConfig.privateKey = fs.readFileSync(props.myInfoKeyPath) myInfoConfig.appId = myInfoPrefix + myInfoConfig.singpassEserviceId - myInfoConfig.mode = process.env.MYINFO_CLIENT_CONFIG + myInfoConfig.mode = props.myInfoClientMode myInfoGovClient = new MyInfoGovClient(myInfoConfig) } else { logger.warn({ diff --git a/src/config/feature-manager/spcp-myinfo.config.ts b/src/config/feature-manager/spcp-myinfo.config.ts index bbf05bfb40..878da9a6bb 100644 --- a/src/config/feature-manager/spcp-myinfo.config.ts +++ b/src/config/feature-manager/spcp-myinfo.config.ts @@ -1,3 +1,5 @@ +import { Mode as MyInfoClientMode } from '@opengovsg/myinfo-gov-client' + import { FeatureNames, RegisterableFeature } from './types' const HOUR_IN_MILLIS = 1000 * 60 * 60 @@ -151,6 +153,20 @@ const spcpMyInfoFeature: RegisterableFeature = { default: null, env: 'CP_IDP_CERT_PATH', }, + myInfoClientMode: { + doc: + 'Configures MyInfoGovClient. Set this to either `stg` or `prod` to fetch MyInfo data from the corresponding endpoints.', + format: Object.values(MyInfoClientMode), + default: MyInfoClientMode.Production, + env: 'MYINFO_CLIENT_CONFIG', + }, + myInfoKeyPath: { + doc: + 'Filepath to MyInfo private key, which is used to decrypt returned responses.', + format: String, + default: null, + env: 'MYINFO_FORMSG_KEY_PATH', + }, }, } diff --git a/src/config/feature-manager/types.ts b/src/config/feature-manager/types.ts index 6311f76413..4d1cf25623 100644 --- a/src/config/feature-manager/types.ts +++ b/src/config/feature-manager/types.ts @@ -1,3 +1,4 @@ +import { Mode as MyInfoClientMode } from '@opengovsg/myinfo-gov-client' import { Schema } from 'convict' export enum FeatureNames { @@ -36,7 +37,7 @@ export interface ISms { twilioMsgSrvcSid: string } -export interface ISpcpMyInfo { +export interface ISpcpConfig { isSPMaintenance: string isCPMaintenance: string spCookieMaxAge: number @@ -61,6 +62,13 @@ export interface ISpcpMyInfo { cpIdpCertPath: string } +export interface IMyInfoConfig { + myInfoClientMode: MyInfoClientMode + myInfoKeyPath: string +} + +export type ISpcpMyInfo = ISpcpConfig & IMyInfoConfig + export interface IVerifiedFields { verificationSecretKey: string } diff --git a/tests/.test-full-env b/tests/.test-full-env index a948d307ec..a5ef50e7e2 100644 --- a/tests/.test-full-env +++ b/tests/.test-full-env @@ -10,6 +10,9 @@ SINGPASS_IDP_ID=https://saml-internet.singpass.gov.sg/FIM/sps/SingpassIDPFed/sam MOCKPASS_PORT=5156 SINGPASS_ESRVC_ID=Test-eServiceId-Sp +MYINFO_CLIENT_CONFIG=stg +MYINFO_FORMSG_KEY_PATH=./node_modules/@opengovsg/mockpass/static/certs/key.pem + CP_FORMSG_KEY_PATH=./node_modules/@opengovsg/mockpass/static/certs/key.pem CP_FORMSG_CERT_PATH=./node_modules/@opengovsg/mockpass/static/certs/server.crt CP_IDP_CERT_PATH=./node_modules/@opengovsg/mockpass/static/certs/spcp.crt @@ -26,7 +29,6 @@ SHOW_LOGIN_PAGE=true IS_SP_MAINTENANCE=Date/Time-SP IS_CP_MAINTENANCE=Date/Time-CP -MYINFO_CLIENT_CONFIG=stg MOCKPASS_NRIC=S6005038D MOCKPASS_UEN=123456789A