feat(infitx/iprod-93): used https.Agent for WSO2 requests in api-svc (#…

…457)

* IPROD-93 used https.Agent for WSO2 requests

* IPROD-93 used https.Agent for WSO2 requests

* IPROD-93 used https.Agent for WSO2 requests

* IPROD-93 used https.Agent for WSO2 requests

* IPROD-93 added OUTBOUND_MUTUAL_TLS_USE_FILES env var

* feat(iprod-93): added OUT_USE_CERT_FILES_FOR_AUTH env var for OIDC endpoint

* fix: updated deps

* fix: updated deps

* fix: updated audit-ci.jsonc

* fix: used updated dk-standard-components snapshot

* chore(snapshot): 23.5.0-snapshot.0

* fix: used updated dk-standard-components snapshot

audit-ci.jsonc

@@ -21,15 +21,19 @@
         // central-services-shared
         "GHSA-hjrf-2m68-5959",
         "GHSA-qwph-4952-7xr6",
+        "GHSA-7fh5-64p2-3v2j",
         // Some audit issues with api-snippets
         "GHSA-c2qf-rxjj-qqgw",
         // Issue with protobuffs (https://github.com/advisories/GHSA-h755-8qp9-cq85). No fix available.
         "GHSA-h755-8qp9-cq85",
+        // @babel/traverse (https://github.com/advisories/GHSA-67hx-6x53-jw92)
+        "GHSA-67hx-6x53-jw92",
         // Issue with PostCSS library (https://github.com/advisories/GHSA-7fh5-64p2-3v2j)
         "GHSA-7fh5-64p2-3v2j",
         // SSRF attacks against npm IP (https://github.com/advisories/GHSA-78xj-cgh5-2h22)
         "GHSA-78xj-cgh5-2h22",
         // https://github.com/advisories/GHSA-rm97-x556-q36h
         "GHSA-rm97-x556-q36h",
+        "GHSA-wf5p-g6vw-rhxx" // https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
     ]
 }

modules/api-svc/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-api-svc",
-  "version": "20.7.0-snapshot.4",
+  "version": "20.8.0-snapshot.0",
   "description": "An adapter for connecting to Mojaloop API enabled switches.",
   "main": "src/index.js",
   "types": "src/index.d.ts",
@@ -70,9 +70,9 @@
     "@mojaloop/central-services-shared": "18.3.0",
     "@mojaloop/event-sdk": "^14.0.0",
     "@mojaloop/sdk-scheme-adapter-private-shared-lib": "workspace:^",
-    "@mojaloop/sdk-standard-components": "v18.0.0",
+    "@mojaloop/sdk-standard-components": "18.1.0",
     "ajv": "8.12.0",
-    "axios": "^1.6.7",
+    "axios": "^1.6.8",
     "co-body": "^6.1.0",
     "dotenv": "^16.4.5",
     "env-var": "^7.4.1",
@@ -82,7 +82,7 @@
     "javascript-state-machine": "^3.1.0",
     "js-yaml": "^4.1.0",
     "json-schema-ref-parser": "^9.0.9",
-    "koa": "^2.15.0",
+    "koa": "^2.15.1",
     "koa-body": "^6.0.1",
     "lodash": "^4.17.21",
     "module-alias": "^2.2.3",

modules/api-svc/src/config.js

@@ -175,6 +175,7 @@ module.exports = {
             clientSecret: env.get('OAUTH_CLIENT_SECRET').asString(),
             refreshSeconds: env.get('OAUTH_REFRESH_SECONDS').default('60').asIntPositive(),
         },
+        mTlsEnabled: env.get('OAUTH_MUTUAL_TLS_ENABLED').default('false').asBool(),
         requestAuthFailureRetryTimes: env.get('WSO2_AUTH_FAILURE_REQUEST_RETRIES').default('0').asIntPositive(),
     },
     rejectExpiredQuoteResponses: env.get('REJECT_EXPIRED_QUOTE_RESPONSES').default('false').asBool(),

modules/api-svc/src/index.js

@@ -11,9 +11,10 @@
 'use strict';
 
 const { hostname } = require('os');
+const EventEmitter = require('events');
 const _ = require('lodash');
+const { Logger } = require('@mojaloop/sdk-standard-components');
 const config = require('./config');
-const EventEmitter = require('events');
 
 const InboundServer = require('./InboundServer');
 const OutboundServer = require('./OutboundServer');
@@ -32,7 +33,8 @@ const Router = require('./lib/router');
 const Validate = require('./lib/validate');
 const Cache = require('./lib/cache');
 const { SDKStateEnum } = require('./lib/model/common');
-const { Logger, WSO2Auth } = require('@mojaloop/sdk-standard-components');
+const { createAuthClient } = require('./lib/utils');
+
 const LOG_ID = {
     INBOUND:   { app: 'mojaloop-connector-inbound-api' },
     OUTBOUND:  { app: 'mojaloop-connector-outbound-api' },
@@ -68,14 +70,7 @@ class Server extends EventEmitter {
             logger: this.logger.push(LOG_ID.METRICS)
         });
 
-        this.wso2 = {
-            auth: new WSO2Auth({
-                ...conf.wso2.auth,
-                logger,
-                tlsCreds: conf.outbound.tls.mutualTLS.enabled && conf.outbound.tls.creds,
-            }),
-            retryWso2AuthFailureTimes: conf.wso2.requestAuthFailureRetryTimes,
-        };
+        this.wso2 = createAuthClient(conf, logger);
         this.wso2.auth.on('error', (msg) => {
             this.emit('error', 'WSO2 auth error in InboundApi', msg);
         });
@@ -200,12 +195,7 @@ class Server extends EventEmitter {
             || !_.isEqual(this.conf.outbound.tls, newConf.outbound.tls);
         if (updateWSO2) {
             this.wso2.auth.stop();
-            this.wso2.auth = new WSO2Auth({
-                ...newConf.wso2.auth,
-                logger: this.logger,
-                tlsCreds: newConf.outbound.tls.mutualTLS.enabled && newConf.outbound.tls.creds,
-            });
-            this.wso2.retryWso2AuthFailureTimes = newConf.wso2.requestAuthFailureRetryTimes;
+            this.wso2 = createAuthClient(newConf, this.logger);
             this.wso2.auth.on('error', (msg) => {
                 this.emit('error', 'WSO2 auth error in InboundApi', msg);
             });

modules/api-svc/src/lib/utils.js

@@ -0,0 +1,20 @@
+const { WSO2Auth } = require('@mojaloop/sdk-standard-components');
+
+const createAuthClient = (conf, logger) => {
+    const { wso2, outbound } = conf;
+
+    const auth = new WSO2Auth({
+        ...wso2.auth,
+        logger,
+        tlsCreds: wso2.mTlsEnabled && outbound.tls.creds,
+    });
+
+    return Object.freeze({
+        auth,
+        retryWso2AuthFailureTimes: wso2.requestAuthFailureRetryTimes,
+    });
+};
+
+module.exports = {
+    createAuthClient,
+};

modules/api-svc/test/unit/config.test.js

@@ -11,13 +11,19 @@
 const fs  = require('fs');
 const path = require('path');
 const os = require('os');
+const sdkSC = require('@mojaloop/sdk-standard-components');
+const { createAuthClient } = require('../../src/lib/utils');
 
 const outErrorStatusKey = 'outErrorStatusKey';
 
 jest.mock('dotenv', () => ({
     config: jest.fn(),
 }));
 
+jest.mock('@mojaloop/sdk-standard-components', () => ({
+    WSO2Auth: jest.fn(),
+}));
+
 describe('config', () => {
     let certDir;
     let env;
@@ -95,7 +101,6 @@ describe('config', () => {
     });
 
     it('should transform correctly resources versions to config', () => {
-
         const resourceVersions = {
             resourceOneName: {
                 acceptVersion: '1',
@@ -116,4 +121,21 @@ describe('config', () => {
         expect(() => parseResourceVersion('resourceOneName=1.0;resourceTwoName=1.1')).toThrowError(new Error('Resource versions format should be in format: "resourceOneName=1.0,resourceTwoName=1.1"'));
     });
 
+    it('should return outbound.tls.creds with keys if OUTBOUND_MUTUAL_TLS_USE_FILES is true', () => {
+        process.env.OUTBOUND_MUTUAL_TLS_USE_FILES = 'true';
+        const config = require('~/config');
+        expect(config.outbound.tls.creds).toStrictEqual({
+            ca: undefined,
+            cert: undefined,
+            key: undefined,
+        });
+    });
+
+    it('should pass outbound tlsCreds as false to WSO2Auth ctor, if OUT_USE_CERT_FILES_FOR_AUTH is false', () => {
+        process.env.OAUTH_MUTUAL_TLS_ENABLED = 'false';
+        const config = require('~/config');
+        createAuthClient(config, {});
+        const { tlsCreds } = sdkSC.WSO2Auth.mock.calls[0][0];
+        expect(tlsCreds).toBe(false);
+    });
 });

modules/api-svc/test/unit/outboundApi/handlers.test.js

@@ -569,8 +569,6 @@ describe('Outbound API handlers:', () => {
                         error: () => {},
                         isDebugEnabled: () => {},
                         isErrorEnabled: () => {},
-                        isDebugEnabled: () => {},
-                        isErrorEnabled: () => {}
                     },
                 }
             };

modules/outbound-command-event-handler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-outbound-command-event-handler",
-  "version": "0.2.20-snapshot.4",
+  "version": "0.2.20-snapshot.5",
   "description": "mojaloop sdk scheme adapter command event handler",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/sdk-scheme-adapter/",
@@ -58,13 +58,13 @@
     "@types/convict": "^6.1.6",
     "@types/express": "^4.17.21",
     "@types/jest": "^29.5.12",
-    "@types/node": "^20.11.27",
+    "@types/node": "^20.11.29",
     "@types/node-cache": "^4.2.5",
     "@types/supertest": "^6.0.2",
     "@types/swagger-ui-express": "^4.1.6",
     "@types/yamljs": "^0.2.34",
-    "@typescript-eslint/eslint-plugin": "^7.2.0",
-    "@typescript-eslint/parser": "^7.2.0",
+    "@typescript-eslint/eslint-plugin": "^7.3.1",
+    "@typescript-eslint/parser": "^7.3.1",
     "copyfiles": "^2.4.1",
     "eslint": "^8.57.0",
     "jest": "^29.7.0",

modules/outbound-domain-event-handler/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@mojaloop/sdk-scheme-adapter-outbound-domain-event-handler",
-    "version": "0.2.20-snapshot.4",
+    "version": "0.2.20-snapshot.5",
     "description": "mojaloop sdk scheme adapter outbound domain event handler",
     "license": "Apache-2.0",
     "homepage": "https://github.com/mojaloop/sdk-scheme-adapter/",
@@ -56,13 +56,13 @@
         "@types/convict": "^6.1.6",
         "@types/express": "^4.17.21",
         "@types/jest": "^29.5.12",
-        "@types/node": "^20.11.27",
+        "@types/node": "^20.11.29",
         "@types/node-cache": "^4.2.5",
         "@types/supertest": "^6.0.2",
         "@types/swagger-ui-express": "^4.1.6",
         "@types/yamljs": "^0.2.34",
-        "@typescript-eslint/eslint-plugin": "^7.2.0",
-        "@typescript-eslint/parser": "^7.2.0",
+        "@typescript-eslint/eslint-plugin": "^7.3.1",
+        "@typescript-eslint/parser": "^7.3.1",
         "copyfiles": "^2.4.1",
         "eslint": "^8.57.0",
         "jest": "^29.7.0",

modules/private-shared-lib/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter-private-shared-lib",
-  "version": "0.3.20-snapshot.4",
+  "version": "0.3.20-snapshot.5",
   "description": "SDK Scheme Adapter private shared library.",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/accounts-and-balances-bc/tree/main/modules/private-types",
@@ -37,7 +37,7 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@types/node": "^20.11.27",
+    "@types/node": "^20.11.29",
     "eslint": "^8.57.0",
     "jest": "^29.7.0",
     "npm-check-updates": "^16.7.10",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter",
-  "version": "23.4.1",
+  "version": "23.5.0-snapshot.0",
   "description": "mojaloop sdk-scheme-adapter",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/sdk-scheme-adapter",
@@ -72,10 +72,10 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.12",
-    "@types/node": "^20.11.27",
+    "@types/node": "^20.11.29",
     "@types/node-cache": "^4.2.5",
-    "@typescript-eslint/eslint-plugin": "^7.2.0",
-    "@typescript-eslint/parser": "^7.2.0",
+    "@typescript-eslint/eslint-plugin": "^7.3.1",
+    "@typescript-eslint/parser": "^7.3.1",
     "audit-ci": "^6.6.1",
     "eslint": "^8.57.0",
     "eslint-config-airbnb-typescript": "^18.0.0",