MOL-487/MOL-488: switch to use OAuth middleware

CHANGELOG.md

@@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## v1.0.4
+
+Added
+
+- Add configuration to enable authorization mode
+- OAuth middleware for securing connector endpoint
+
+## v1.0.3
+
+Added
+
+- Add docs for status checking endpoint
+
 ## v1.0.2
 
 Fixes
@@ -29,15 +42,15 @@ Added
 - Package version for requests
 - Log mechanism
 - Supporting payment methods namely:
-    - [Apple pay](https://docs.mollie.com/docs/apple-pay)
-    - [Bancontact](https://docs.mollie.com/docs/bancontact)
-    - [BLIK](https://docs.mollie.com/docs/blik)
-    - [Credit/debit card](https://docs.mollie.com/docs/cards)
-    - [Gift cards](https://docs.mollie.com/docs/giftcards)
-    - [iDEAL](https://docs.mollie.com/docs/ideal)
-    - [KBC/CBC](https://docs.mollie.com/docs/kbc)
-    - [Paypal](https://docs.mollie.com/docs/paypal)
-    - [Przelewy24](https://docs.mollie.com/docs/przelewy24)
+  - [Apple pay](https://docs.mollie.com/docs/apple-pay)
+  - [Bancontact](https://docs.mollie.com/docs/bancontact)
+  - [BLIK](https://docs.mollie.com/docs/blik)
+  - [Credit/debit card](https://docs.mollie.com/docs/cards)
+  - [Gift cards](https://docs.mollie.com/docs/giftcards)
+  - [iDEAL](https://docs.mollie.com/docs/ideal)
+  - [KBC/CBC](https://docs.mollie.com/docs/kbc)
+  - [Paypal](https://docs.mollie.com/docs/paypal)
+  - [Przelewy24](https://docs.mollie.com/docs/przelewy24)
 - Supporting for [Apply pay direct](https://docs.mollie.com/docs/direct-integration-of-apple-pay) & [Mollie card component](https://docs.mollie.com/docs/mollie-components)
 - Filter options for listing payment methods
 - Create/cancel payment via Payment API

connect.yaml

@@ -26,8 +26,8 @@ deployAs:
         - key: MOLLIE_BANK_TRANSFER_DUE_DATE
           description: Payment method Bank Transfer due date (1d -> 100d)
           default: "14d"
-        - key: CTP_AUTHENTICATION_MODE
-          description: To enable secure mode for connector requests using JWT authentication (0 or 1)
+        - key: AUTHENTICATION_MODE
+          description: To enable secure mode for connector requests using OAuth authentication (0 or 1)
           required: true
           default: "0"
       securedConfiguration:

docs/Authorization.md

@@ -4,6 +4,29 @@
 
 This guide explains how to connect to the Mollie client and verify the connection. The initial connection setup will be used across various features requiring Mollie integration.
 
+## Securing connector endpoints
+
+To called our connector endpoint esp. the processor endpoint (/processor/*), a valid access token (with client credentials grant type) is required. This token must be updated into the extension destination.
+
+``` MD
+CREAT/UPDATE Extension 
+{
+    ...
+    "destination": {
+        "type": "HTTP",
+        "url": "https://efd6-115-74-115-119.ngrok-free.app/processor",
+        "authorization": {
+            "type": "AuthorizationHeader",
+            "headerValue": "_token_"
+        }
+    }
+    ...
+}
+
+```
+
+Kindly recheck your extension record if facing unauthorized error when communicating with the connector. Also the token do expire after a time, please consider to implement a scheduled job to update this token.
+
 ## Connecting to Mollie
 
 To connect to the Mollie account, you must specify the `MOLLIE_API_TEST_KEY` and `MOLLIE_API_LIVE_KEY` in your .env file. You can get the API key from your Mollie Dashboard.

processor/.env.example

@@ -4,7 +4,7 @@ CTP_CLIENT_SECRET=<YOUR_CTP_CLIENT_SECRET>
 CTP_PROJECT_KEY=<YOUR_CTP_PROJECT_KEY>
 CTP_SCOPE=<YOUR_CTP_PROJECT_SCOPE> 
 CTP_REGION=<YOUR_CTP_REGION>
-CTP_AUTHENTICATION_MODE=<YOUR_CTP_AUTHENTICATION_MODE>
+AUTHENTICATION_MODE=<YOUR_AUTHENTICATION_MODE>
 
 ## Commercetools API URLs
 CTP_AUTH_URL=https://auth.<YOUR_CTP_REGION>.commercetools.com

processor/.env.jest

@@ -5,7 +5,7 @@ CTP_CLIENT_SECRET=12345678901234567890123456789012
 CTP_PROJECT_KEY=TEST
 CTP_SCOPE=TEST
 CTP_REGION=europe-west1.gcp
-CTP_AUTHENTICATION_MODE=0
+AUTHENTICATION_MODE=0
 ## MOLLIE vars
 MOLLIE_PROFILE_ID=pfl_12345
 DEBUG=0

processor/src/middleware/jwt.middleware.ts → processor/src/middleware/oauth.middleware.ts

@@ -1,8 +1,8 @@
 import { NextFunction, Request, Response } from 'express';
 import { paymentSdk } from '../sdk/payment.sdk';
 
-export const jwtMiddleware = async (req: Request, res: Response, next: NextFunction) => {
-  await paymentSdk.jwtAuthHookFn
+export const oauthMiddleware = async (req: Request, res: Response, next: NextFunction) => {
+  await paymentSdk.oauth2AuthHookFn
     .authenticate()(req)
     .then(() => next())
     .catch(() => {

processor/src/routes/processor.route.ts

@@ -2,7 +2,7 @@ import { Router } from 'express';
 import { post } from '../controllers/processor.controller';
 import { install, healthCheck, uninstall, mollieStatus } from '../controllers/connector.controller';
 import { readConfiguration } from '../utils/config.utils';
-import { jwtMiddleware } from '../middleware/jwt.middleware';
+import { oauthMiddleware } from '../middleware/oauth.middleware';
 
 const serviceRouter = Router();
 const AUTH_MODE = readConfiguration().commerceTools.authMode === '1';
@@ -12,9 +12,9 @@ serviceRouter.get('/health-check', healthCheck);
 serviceRouter.get('/mollie/status', mollieStatus);
 
 if (AUTH_MODE) {
-  serviceRouter.post('/', jwtMiddleware, post);
-  serviceRouter.post('/install', jwtMiddleware, install);
-  serviceRouter.post('/uninstall', jwtMiddleware, uninstall);
+  serviceRouter.post('/', oauthMiddleware, post);
+  serviceRouter.post('/install', oauthMiddleware, install);
+  serviceRouter.post('/uninstall', oauthMiddleware, uninstall);
 } else {
   serviceRouter.post('/', post);
   serviceRouter.post('/install', install);

processor/src/sdk/payment.sdk.ts

@@ -6,7 +6,7 @@ const config = readConfiguration().commerceTools;
 export const paymentSdk = setupPaymentSDK({
   projectKey: config.projectKey,
   clientId: config.clientId,
-  clientSecret: config.clientId,
+  clientSecret: config.clientSecret,
   authUrl: `https://auth.${config.region}.commercetools.com`,
   apiUrl: `https://api.${config.region}.commercetools.com`,
   sessionUrl: `https://session.${config.region}.commercetools.com`,

processor/src/utils/config.utils.ts

@@ -16,7 +16,7 @@ export const readConfiguration = () => {
       projectKey: process.env.CTP_PROJECT_KEY as string,
       scope: process.env.CTP_SCOPE as string,
       region: process.env.CTP_REGION as string,
-      authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+      authMode: process.env.AUTHENTICATION_MODE as string,
     },
     mollie: {
       testApiKey: process.env.MOLLIE_API_TEST_KEY as string,

processor/tests/utils/config.utils.spec.ts

@@ -12,7 +12,7 @@ describe('Test src/utils/config.utils.ts', () => {
         projectKey: process.env.CTP_PROJECT_KEY,
         scope: process.env.CTP_SCOPE,
         region: process.env.CTP_REGION,
-        authMode: process.env.CTP_AUTHENTICATION_MODE,
+        authMode: process.env.AUTHENTICATION_MODE,
       },
       mollie: {
         liveApiKey: process.env.MOLLIE_API_LIVE_KEY,
@@ -81,8 +81,8 @@ describe('Test src/utils/config.utils.ts', () => {
     expect(() => readConfiguration()).toThrow(CustomError);
   });
 
-  test('should throw an error when CTP_AUTHENTICATION_MODE is invalid', () => {
-    process.env.CTP_AUTHENTICATION_MODE = 'dummy';
+  test('should throw an error when AUTHENTICATION_MODE is invalid', () => {
+    process.env.AUTHENTICATION_MODE = 'dummy';
     expect(() => readConfiguration()).toThrow(CustomError);
   });
 });

processor/tests/validators/helpers.validators.spec.ts

@@ -255,7 +255,7 @@ describe('Test helpers.validators.ts', () => {
         projectKey: process.env.CTP_PROJECT_KEY as string,
         scope: process.env.CTP_SCOPE as string,
         region: process.env.CTP_REGION as string,
-        authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+        authMode: process.env.AUTHENTICATION_MODE as string,
       },
       mollie: {
         liveApiKey: process.env.MOLLIE_API_LIVE_KEY as string,
@@ -280,7 +280,7 @@ describe('Test helpers.validators.ts', () => {
         projectKey: process.env.CTP_PROJECT_KEY as string,
         scope: process.env.CTP_SCOPE as string,
         region: process.env.CTP_REGION as string,
-        authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+        authMode: process.env.AUTHENTICATION_MODE as string,
       },
       mollie: {
         liveApiKey: process.env.MOLLIE_API_LIVE_KEY as string,
@@ -345,7 +345,7 @@ describe('test getValidateMessages', () => {
         projectKey: process.env.CTP_PROJECT_KEY as string,
         scope: process.env.CTP_SCOPE as string,
         region: process.env.CTP_REGION as string,
-        authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+        authMode: process.env.AUTHENTICATION_MODE as string,
       },
       mollie: {
         testApiKey: process.env.MOLLIE_API_TEST_KEY as string,
@@ -378,7 +378,7 @@ describe('test getValidateMessages', () => {
         projectKey: process.env.CTP_PROJECT_KEY as string,
         scope: process.env.CTP_SCOPE as string,
         region: process.env.CTP_REGION as string,
-        authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+        authMode: process.env.AUTHENTICATION_MODE as string,
       },
       mollie: {
         testApiKey: process.env.MOLLIE_API_TEST_KEY as string,
@@ -411,7 +411,7 @@ describe('test getValidateMessages', () => {
         projectKey: process.env.CTP_PROJECT_KEY as string,
         scope: process.env.CTP_SCOPE as string,
         region: process.env.CTP_REGION as string,
-        authMode: process.env.CTP_AUTHENTICATION_MODE as string,
+        authMode: process.env.AUTHENTICATION_MODE as string,
       },
       mollie: {
         testApiKey: process.env.MOLLIE_API_TEST_KEY as string,