From 3f0300592cc06d1d9000e10ab64a753b81d74a69 Mon Sep 17 00:00:00 2001 From: naftis Date: Tue, 24 Sep 2024 16:57:35 +0300 Subject: [PATCH 1/3] refactor(env-vars): validate country-config environment variables --- package.json | 9 +++++---- src/constants.ts | 44 +++++++++++++++++++++----------------------- src/environment.ts | 33 +++++++++++++++++++++++++++++++++ yarn.lock | 12 ++++++++++++ 4 files changed, 71 insertions(+), 27 deletions(-) create mode 100644 src/environment.ts diff --git a/package.json b/package.json index dd2250442..31833e51b 100644 --- a/package.json +++ b/package.json @@ -34,8 +34,8 @@ "@graphql-codegen/add": "^3.1.1", "@graphql-codegen/cli": "^3.3.1", "@graphql-codegen/introspection": "^3.0.1", - "@graphql-codegen/typescript-operations": "^3.0.4", "@graphql-codegen/typescript": "^3.0.4", + "@graphql-codegen/typescript-operations": "^3.0.4", "@inquirer/editor": "^1.2.13", "@octokit/core": "4.2.1", "@types/google-libphonenumber": "^7.4.23", @@ -49,9 +49,9 @@ "@typescript-eslint/eslint-plugin": "^5.60.1", "@typescript-eslint/parser": "^5.60.1", "cypress-xpath": "^2.0.1", + "eslint": "^8.43.0", "eslint-config-prettier": "^8.8.0", "eslint-plugin-prettier": "^4.2.1", - "eslint": "^8.43.0", "husky": "1.0.0-rc.13", "inquirer": "^9.2.12", "kleur": "^4.1.5", @@ -76,8 +76,8 @@ "@types/hapi__hapi": "^20.0.0", "@types/jwt-decode": "^2.2.1", "@types/lodash": "^4.14.117", - "@types/node-fetch": "^2.6.2", "@types/node": "^10.12.5", + "@types/node-fetch": "^2.6.2", "@types/nodemailer": "^6.4.14", "app-module-path": "^2.2.0", "chalk": "^2.4.1", @@ -87,10 +87,11 @@ "csv2json": "^2.0.2", "date-fns": "^2.28.0", "dotenv": "^16.4.5", + "envalid": "^8.0.0", "esbuild": "^0.18.9", "google-libphonenumber": "^3.2.32", - "graphql-tag": "^2.12.6", "graphql": "^16.3.0", + "graphql-tag": "^2.12.6", "handlebars": "^4.7.7", "hapi-auth-jwt2": "10.4.0", "hapi-pino": "^9.0.0", diff --git a/src/constants.ts b/src/constants.ts index 795d1cc3e..4c66a080a 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -8,28 +8,26 @@ * * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS. */ +import { env } from './environment' + export const TEST_SOURCE = `${process.cwd()}/src/tests/` -export const DOMAIN = process.env.DOMAIN || '*' -export const GATEWAY_URL = process.env.GATEWAY_URL || 'http://localhost:7070' -export const LOGIN_URL = process.env.LOGIN_URL || 'http://localhost:3020/' -export const CLIENT_APP_URL = - process.env.CLIENT_APP_URL || 'http://localhost:3000/' -export const FHIR_URL = process.env.FHIR_URL || 'http://localhost:3447/fhir' -export const ORG_URL = 'http://opencrvs.org' -export const COUNTRY_CONFIG_HOST = process.env.COUNTRY_CONFIG_HOST || '0.0.0.0' -export const COUNTRY_CONFIG_PORT = process.env.COUNTRY_CONFIG_PORT || 3040 -export const AUTH_URL = process.env.AUTH_URL || 'http://localhost:4040' -export const COUNTRY_CONFIG_URL = - process.env.COUNTRY_CONFIG_URL || 'http://localhost:3040' -export const APPLICATION_CONFIG_URL = - process.env.APPLICATION_CONFIG_URL || 'http://localhost:2021/' -export const SENTRY_DSN = process.env.SENTRY_DSN -// Check if the token has been invalided in the auth service before it has expired -// This needs to be a string to make it easy to pass as an ENV var. -export const CHECK_INVALID_TOKEN = process.env.CHECK_INVALID_TOKEN || 'false' -export const CONFIRM_REGISTRATION_URL = - process.env.CONFIRM_REGISTRATION_URL || - 'http://localhost:5050/confirm/registration' export const DEFAULT_TIMEOUT = 600000 -export const PRODUCTION = process.env.NODE_ENV === 'production' -export const QA_ENV = process.env.QA_ENV || false + +export const DOMAIN = env.DOMAIN +export const GATEWAY_URL = env.GATEWAY_URL +export const LOGIN_URL = env.LOGIN_URL +export const CLIENT_APP_URL = env.CLIENT_APP_URL +export const FHIR_URL = env.FHIR_URL + +export const COUNTRY_CONFIG_HOST = env.COUNTRY_CONFIG_HOST +export const COUNTRY_CONFIG_PORT = env.COUNTRY_CONFIG_PORT +export const AUTH_URL = env.AUTH_URL +export const COUNTRY_CONFIG_URL = env.COUNTRY_CONFIG_URL +export const APPLICATION_CONFIG_URL = env.APPLICATION_CONFIG_URL + +export const SENTRY_DSN = env.SENTRY_DSN +export const CHECK_INVALID_TOKEN = env.CHECK_INVALID_TOKEN + +export const CONFIRM_REGISTRATION_URL = env.CONFIRM_REGISTRATION_URL +export const PRODUCTION = env.isProd +export const QA_ENV = env.QA_ENV diff --git a/src/environment.ts b/src/environment.ts new file mode 100644 index 000000000..6640df2c5 --- /dev/null +++ b/src/environment.ts @@ -0,0 +1,33 @@ +/* + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. + * + * OpenCRVS is also distributed under the terms of the Civil Registration + * & Healthcare Disclaimer located at http://opencrvs.org/license. + * + * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS. + */ +import { bool, cleanEnv, port, str, url } from 'envalid' + +export const env = cleanEnv(process.env, { + DOMAIN: str({ devDefault: '*' }), + GATEWAY_URL: url({ devDefault: 'http://localhost:7070' }), + LOGIN_URL: url({ devDefault: 'http://localhost:3020/' }), + CLIENT_APP_URL: url({ devDefault: 'http://localhost:3000/' }), + FHIR_URL: url({ devDefault: 'http://localhost:3447/fhir' }), + COUNTRY_CONFIG_HOST: str({ devDefault: '0.0.0.0' }), + COUNTRY_CONFIG_PORT: port({ default: 3040 }), + AUTH_URL: url({ devDefault: 'http://localhost:4040' }), + COUNTRY_CONFIG_URL: url({ devDefault: 'http://localhost:3040' }), + APPLICATION_CONFIG_URL: url({ devDefault: 'http://localhost:2021/' }), + SENTRY_DSN: str({ default: undefined }), + CHECK_INVALID_TOKEN: bool({ + devDefault: false, + desc: 'Check if the token has been invalidated in the auth service before it has expired' + }), + CONFIRM_REGISTRATION_URL: url({ + devDefault: 'http://localhost:5050/confirm/registration' + }), + QA_ENV: bool({ default: false }) +}) diff --git a/yarn.lock b/yarn.lock index 584e11b1d..737396482 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3480,6 +3480,13 @@ end-of-stream@^1.1.0, end-of-stream@^1.4.1: dependencies: once "^1.4.0" +envalid@^8.0.0: + version "8.0.0" + resolved "https://registry.yarnpkg.com/envalid/-/envalid-8.0.0.tgz#2314451e18e88051c98540ab60640e330279e486" + integrity sha512-PGeYJnJB5naN0ME6SH8nFcDj9HVbLpYIfg1p5lAyM9T4cH2lwtu2fLbozC/bq+HUUOIFxhX/LP0/GmlqPHT4tQ== + dependencies: + tslib "2.6.2" + error-ex@^1.3.1: version "1.3.2" resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf" @@ -6861,6 +6868,11 @@ tsconfig-paths@^3.8.0: minimist "^1.2.6" strip-bom "^3.0.0" +tslib@2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" + integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== + tslib@^1.8.1, tslib@^1.9.0, tslib@^1.9.3: version "1.14.1" resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00" From 58762cd3217d8a06ab4bbcdc66873fd0ae5252a2 Mon Sep 17 00:00:00 2001 From: naftis Date: Wed, 6 Nov 2024 11:33:26 +0200 Subject: [PATCH 2/3] fix: set node env to development on sort-translations --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 862d16836..23ad41c6e 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "snapshot": "bash infrastructure/backups/backup.sh", "port-forward": "bash infrastructure/port-forward.sh", "environment:init": "ts-node infrastructure/environments/setup-environment.ts", - "sort-translations": "ts-node -r tsconfig-paths/register src/sort-translations.ts" + "sort-translations": "cross-env NODE_ENV=development ts-node -r tsconfig-paths/register src/sort-translations.ts" }, "devDependencies": { "@graphql-codegen/add": "^3.1.1", From c711eaa3ef86529baba29b322a8e511724151462 Mon Sep 17 00:00:00 2001 From: naftis Date: Wed, 6 Nov 2024 11:54:22 +0200 Subject: [PATCH 3/3] fix: typescript issue in index.ts --- src/index.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/index.ts b/src/index.ts index c8ddb8f32..c12d07052 100644 --- a/src/index.ts +++ b/src/index.ts @@ -139,18 +139,18 @@ export const verifyToken = async (token: string, authUrl: string) => { const validateFunc = async ( payload: any, request: Hapi.Request, - checkInvalidToken: string, + checkInvalidToken: boolean, authUrl: string ) => { let valid - if (checkInvalidToken === 'true') { + if (checkInvalidToken) { valid = await verifyToken( request.headers.authorization.replace('Bearer ', ''), authUrl ) } - if (valid === true || checkInvalidToken !== 'true') { + if (valid === true || !checkInvalidToken) { return { isValid: true, credentials: payload