Mijn 7102 kv certs (#1023)

Amsterdam · Nov 2, 2023 · c86fa4a · c86fa4a
1 parent 16e5cb5
commit c86fa4a
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 122 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,11 +5,11 @@
 
 version: 2
 updates:
-  - package-ecosystem: "Docker"
-    directory: "/"
+  - package-ecosystem: 'docker'
+    directory: '/'
     schedule:
-      interval: "weekly"
-  - package-ecosystem: "npm"
-    directory: "/"
+      interval: 'weekly'
+  - package-ecosystem: 'npm'
+    directory: '/'
     schedule:
-      interval: "weekly"
+      interval: 'weekly'
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/docker-compose.yml b/docker-compose.yml
diff --git a/src/server/config.ts b/src/server/config.ts
@@ -1,31 +1,42 @@
-import {
-  ApiSuccessResponse,
-  ApiErrorResponse,
-  ApiPostponeResponse,
-} from './../universal/helpers/api';
 import { AxiosRequestConfig } from 'axios';
 import { CorsOptions } from 'cors';
 import { ConfigParams } from 'express-openid-connect';
 import fs from 'fs';
 import https from 'https';
 import jose from 'jose';
 import { FeatureToggle } from '../universal/config';
-import { IS_OT, IS_TAP } from '../universal/config/env';
+import { IS_OT, IS_TEST } from '../universal/config/env';
+import {
+  ApiErrorResponse,
+  ApiPostponeResponse,
+  ApiSuccessResponse,
+} from './../universal/helpers/api';
 import { TokenData } from './helpers/app';
 
-export function getCertificateSync(path?: string, name?: string) {
-  if (!path) {
-    if (name) {
-      console.log(`${name}: Certificate path empty ${path}`);
-    }
-    return '';
+export function getCertificateSync(envVarName: string | undefined) {
+  const path = envVarName && process.env[envVarName];
+  if (path) {
+    try {
+      return fs.readFileSync(path).toString();
+    } catch (error) {}
+  }
+
+  return undefined;
+}
+
+function decodeBase64EncodedCertificateFromEnv(name: string | undefined) {
+  const data = name && process.env[name];
+  if (data) {
+    return Buffer.from(data, 'base64').toString('utf-8');
   }
-  let fileContents: string = '';
-  try {
-    fileContents = fs.readFileSync(path).toString();
-  } catch (error) {}
+  return undefined;
+}
 
-  return fileContents;
+function getCert(envVarName: string | undefined) {
+  // TODO: Should be only decodeBase64EncodedCertificateFromEnv when we've migrated to AZ
+  return IS_TEST
+    ? decodeBase64EncodedCertificateFromEnv(envVarName)
+    : getCertificateSync(envVarName);
 }
 
 export const BFF_REQUEST_CACHE_ENABLED =
@@ -168,10 +179,8 @@ export const ApiConfig: ApiDataRequestConfig = {
     postponeFetch: !FeatureToggle.milieuzoneApiActive,
     method: 'POST',
     httpsAgent: new https.Agent({
-      cert: IS_TAP
-        ? getCertificateSync(process.env.BFF_SERVER_CLIENT_CERT)
-        : [],
-      key: IS_TAP ? getCertificateSync(process.env.BFF_SERVER_CLIENT_KEY) : [],
+      cert: getCert('BFF_SERVER_CLIENT_CERT'),
+      key: getCert('BFF_SERVER_CLIENT_KEY'),
     }),
   },
   SIA: {

diff --git a/src/server/services/buurt/buurt.test.ts b/src/server/services/buurt/buurt.test.ts
@@ -132,6 +132,7 @@ vi.mock('../../../universal/config/env', () => {
     IS_PRODUCTION: false,
     IS_ACCEPTANCE: true,
     IS_TAP: true,
+    IS_TEST: true,
   };
 });
 vi.mock('../../../universal/config/myarea-datasets');