Pass the allowed headers to BC Gov request

bcgov · Feb 11, 2025 · 28f97a4 · 28f97a4
1 parent 18b1198
commit 28f97a4
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 13 deletions.
diff --git a/aws/services/apiService.ts b/aws/services/apiService.ts
@@ -3,6 +3,23 @@ import qs from "qs";
 import { HttpService, IHttpService } from "./httpService";
 import SecretsManagerService from "./secretsManagerService";
 
+// These are the list of Headers imported from SCV
+// Only include headers from the original request when present.
+const allowedHeaders = new Set([
+  "applicationCd",
+  "correlationId",
+  "deviceNm",
+  "domainNm",
+  "domainUserGuid",
+  "domainUserId",
+  "guid",
+  "ipAddressTxt",
+  "reloadPassword",
+  "requestAgencyIdentifierId",
+  "requestPartId",
+  "temporaryAccessGuid",
+]);
+
 export class ApiService {
   protected httpService: IHttpService;
   protected smService: SecretsManagerService;
@@ -53,6 +70,20 @@ export class ApiService {
     return queryString;
   }
 
+  private sanitizeHeaders(
+    headers: Record<string, string | undefined>
+  ): Record<string, string> {
+    const filteredHeaders: Record<string, string> = {};
+
+    for (const [key, value] of Object.entries(headers || {})) {
+      if (allowedHeaders.has(key)) {
+        filteredHeaders[key] = value as string;
+      }
+    }
+
+    return filteredHeaders;
+  }
+
   public async handleRequest(
     event: APIGatewayEvent
   ): Promise<APIGatewayProxyResult> {
@@ -63,26 +94,28 @@ export class ApiService {
 
       const method = event.httpMethod.toUpperCase();
       const body = event.body ? JSON.parse(event.body) : {};
-
       const queryString = this.sanitizeQueryStringParams(
         event.queryStringParameters || {}
       );
+      const headers = this.sanitizeHeaders(event.headers);
 
       const url = `${event.path}?${queryString}`;
 
       console.log(`Sending ${method} request to ${url}`);
+      console.log(`Headers: ${headers}`);
+      console.log(`Body: ${body}`);
 
       let data;
 
       switch (method) {
         case "GET":
-          data = await this.httpService.get(url);
+          data = await this.httpService.get(url, headers);
           break;
         case "POST":
-          data = await this.httpService.post(url, body);
+          data = await this.httpService.post(url, body, headers);
           break;
         case "PUT":
-          data = await this.httpService.put(url, body);
+          data = await this.httpService.put(url, body, headers);
           break;
         default:
           return {

diff --git a/aws/services/httpService.ts b/aws/services/httpService.ts
@@ -3,9 +3,17 @@ import https from "https";
 
 export interface IHttpService {
   init(credentialsSecret: string, mtlsSecret: string): Promise<void>;
-  get<T>(url: string): Promise<T>;
-  post<T>(url: string, data?: Record<string, unknown>): Promise<T>;
-  put<T>(url: string, data?: Record<string, unknown>): Promise<T>;
+  get<T>(url: string, headers?: Record<string, string>): Promise<T>;
+  post<T>(
+    url: string,
+    data?: Record<string, unknown>,
+    headers?: Record<string, string>
+  ): Promise<T>;
+  put<T>(
+    url: string,
+    data?: Record<string, unknown>,
+    headers?: Record<string, string>
+  ): Promise<T>;
 }
 
 export class HttpService implements IHttpService {
@@ -36,27 +44,39 @@ export class HttpService implements IHttpService {
     });
   }
 
-  async get<T>(url: string): Promise<T> {
+  async get<T>(url: string, headers?: Record<string, string>): Promise<T> {
     try {
-      const response: AxiosResponse<T> = await this.axios.get(url);
+      const response: AxiosResponse<T> = await this.axios.get(url, { headers });
       return response.data;
     } catch (error) {
       this.handleError(error);
     }
   }
 
-  async post<T>(url: string, data?: Record<string, unknown>): Promise<T> {
+  async post<T>(
+    url: string,
+    data?: Record<string, unknown>,
+    headers?: Record<string, string>
+  ): Promise<T> {
     try {
-      const response: AxiosResponse<T> = await this.axios.post(url, data);
+      const response: AxiosResponse<T> = await this.axios.post(url, data, {
+        headers,
+      });
       return response.data;
     } catch (error) {
       this.handleError(error);
     }
   }
 
-  async put<T>(url: string, data?: Record<string, unknown>): Promise<T> {
+  async put<T>(
+    url: string,
+    data?: Record<string, unknown>,
+    headers?: Record<string, string>
+  ): Promise<T> {
     try {
-      const response: AxiosResponse<T> = await this.axios.put(url, data);
+      const response: AxiosResponse<T> = await this.axios.put(url, data, {
+        headers,
+      });
       return response.data;
     } catch (error) {
       this.handleError(error);