Merge branch 'master' into fix/deployment-resolution

reapit · Nov 15, 2024 · cb451c6 · cb451c6
2 parents 2ff5e32 + 56a0d99
commit cb451c6
Show file tree

Hide file tree

Showing 15 changed files with 7 additions and 4 deletions.
diff --git a/.yarn/cache/@esbuild-darwin-arm64-npm-0.17.19-64d69299ed-10.zip b/.yarn/cache/@esbuild-darwin-arm64-npm-0.17.19-64d69299ed-10.zip
diff --git a/.yarn/cache/@esbuild-darwin-arm64-npm-0.21.5-62349c1520-10.zip b/.yarn/cache/@esbuild-darwin-arm64-npm-0.21.5-62349c1520-10.zip
diff --git a/.yarn/cache/@esbuild-darwin-arm64-npm-0.23.1-1d26281f3d-10.zip b/.yarn/cache/@esbuild-darwin-arm64-npm-0.23.1-1d26281f3d-10.zip
diff --git a/.yarn/cache/@esbuild-linux-x64-npm-0.17.19-08a7136aa6-10.zip b/.yarn/cache/@esbuild-linux-x64-npm-0.17.19-08a7136aa6-10.zip
diff --git a/.yarn/cache/@esbuild-linux-x64-npm-0.21.5-88079726c4-10.zip b/.yarn/cache/@esbuild-linux-x64-npm-0.21.5-88079726c4-10.zip
diff --git a/.yarn/cache/@esbuild-linux-x64-npm-0.23.1-e5d2d8764d-10.zip b/.yarn/cache/@esbuild-linux-x64-npm-0.23.1-e5d2d8764d-10.zip
diff --git a/.yarn/cache/@rollup-rollup-darwin-arm64-npm-4.24.0-9d2c88b8fe-10.zip b/.yarn/cache/@rollup-rollup-darwin-arm64-npm-4.24.0-9d2c88b8fe-10.zip
diff --git a/.yarn/cache/@rollup-rollup-linux-x64-gnu-npm-4.24.0-a67121f2c9-10.zip b/.yarn/cache/@rollup-rollup-linux-x64-gnu-npm-4.24.0-a67121f2c9-10.zip
diff --git a/.yarn/cache/@sentry-cli-darwin-npm-2.37.0-109f3042d1-10.zip b/.yarn/cache/@sentry-cli-darwin-npm-2.37.0-109f3042d1-10.zip
diff --git a/.yarn/cache/@sentry-cli-linux-x64-npm-2.37.0-1ccd9d140f-10.zip b/.yarn/cache/@sentry-cli-linux-x64-npm-2.37.0-1ccd9d140f-10.zip
diff --git a/...darwin-arm64-npm-1.7.36-9c1682cc14-10.zip → ...inux-x64-gnu-npm-1.7.36-24fed95b50-10.zip b/...darwin-arm64-npm-1.7.36-9c1682cc14-10.zip → ...inux-x64-gnu-npm-1.7.36-24fed95b50-10.zip
diff --git a/.yarn/cache/fsevents-patch-19706e7e35-10.zip b/.yarn/cache/fsevents-patch-19706e7e35-10.zip
diff --git a/.yarn/cache/fsevents-patch-6b67494872-10.zip b/.yarn/cache/fsevents-patch-6b67494872-10.zip
diff --git a/packages/payments-service/package.json b/packages/payments-service/package.json
@@ -1,6 +1,6 @@
 {
   "name": "payments-service",
-  "version": "3.0.0",
+  "version": "3.1.1",
   "description": "Payments Proxy Service To API Platform",
   "main": "index.js",
   "repository": "[email protected]:reapit/foundations.git",

diff --git a/packages/payments-service/src/core/authorizer.ts b/packages/payments-service/src/core/authorizer.ts
@@ -28,11 +28,14 @@ const customChallenge = async (event: APIGatewayTokenAuthorizerEvent, decodedTok
 
   // I am repeating the checks I perform on the access token on the id token with the extra check of the reapit-customer
   // against the clientId in the token
-  const issuer = idToken.payload.iss
   const decodedIdToken = decode(idToken, { complete: true })
+
   if (!decodedIdToken) throw new Error('Id Token failed to decode')
   if (typeof decodedIdToken.payload === 'string') throw new Error('Decoded id token payload is a string')
   if (!decodedIdToken.payload.sub) throw new Error('Id token does not contain a sub')
+
+  const issuer = decodedIdToken.payload.iss
+
   // TODO We can remove this check when we go live with Auth0
   // Check against cognito if token provided is valid
   // else check auth0
@@ -52,7 +55,7 @@ const customChallenge = async (event: APIGatewayTokenAuthorizerEvent, decodedTok
 
     // This is the crucial part of the check - I validate the idToken so I can trust it then check the reapit-customer
     // header so my downstream services can trust it behind the gateway
-    if (reapitCustomer !== verified.clientId) {
+    if (reapitCustomer !== verified['custom:reapit:clientCode']) {
       throw new Error('Reapit Customer does not match the decoded idToken')
     }
   }
@@ -73,7 +76,7 @@ const customChallenge = async (event: APIGatewayTokenAuthorizerEvent, decodedTok
     if (!verified) throw new Error('Token failed to verify')
     // This is the crucial part of the check - I validate the idToken so I can trust it then check the reapit-customer
     // header so my downstream services can trust it behind the gateway
-    if (reapitCustomer !== verified.clientId) {
+    if (reapitCustomer !== verified['custom:reapit:clientCode']) {
       throw new Error('Reapit Customer does not match the decoded idToken')
     }
   } else {