From 9bb41bb696a0a73c5d0339325f163161e1e995bd Mon Sep 17 00:00:00 2001 From: Win Date: Tue, 8 Oct 2024 14:50:18 +0700 Subject: [PATCH] MOL-487/MOL-488: switch to use OAuth middleware --- CHANGELOG.md | 31 +++++++++++++------ connect.yaml | 4 +-- docs/Authorization.md | 23 ++++++++++++++ processor/.env.example | 2 +- processor/.env.jest | 2 +- ...{jwt.middleware.ts => oauth.middleware.ts} | 4 +-- processor/src/routes/processor.route.ts | 8 ++--- processor/src/sdk/payment.sdk.ts | 2 +- processor/src/utils/config.utils.ts | 2 +- processor/tests/utils/config.utils.spec.ts | 6 ++-- .../validators/helpers.validators.spec.ts | 10 +++--- 11 files changed, 65 insertions(+), 29 deletions(-) rename processor/src/middleware/{jwt.middleware.ts => oauth.middleware.ts} (70%) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4355b8..1512cff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## v1.0.4 + +Added + +- Add configuration to enable authorization mode +- OAuth middleware for securing connector endpoint + +## v1.0.3 + +Added + +- Add docs for status checking endpoint + ## v1.0.2 Fixes @@ -29,15 +42,15 @@ Added - Package version for requests - Log mechanism - Supporting payment methods namely: - - [Apple pay](https://docs.mollie.com/docs/apple-pay) - - [Bancontact](https://docs.mollie.com/docs/bancontact) - - [BLIK](https://docs.mollie.com/docs/blik) - - [Credit/debit card](https://docs.mollie.com/docs/cards) - - [Gift cards](https://docs.mollie.com/docs/giftcards) - - [iDEAL](https://docs.mollie.com/docs/ideal) - - [KBC/CBC](https://docs.mollie.com/docs/kbc) - - [Paypal](https://docs.mollie.com/docs/paypal) - - [Przelewy24](https://docs.mollie.com/docs/przelewy24) + - [Apple pay](https://docs.mollie.com/docs/apple-pay) + - [Bancontact](https://docs.mollie.com/docs/bancontact) + - [BLIK](https://docs.mollie.com/docs/blik) + - [Credit/debit card](https://docs.mollie.com/docs/cards) + - [Gift cards](https://docs.mollie.com/docs/giftcards) + - [iDEAL](https://docs.mollie.com/docs/ideal) + - [KBC/CBC](https://docs.mollie.com/docs/kbc) + - [Paypal](https://docs.mollie.com/docs/paypal) + - [Przelewy24](https://docs.mollie.com/docs/przelewy24) - Supporting for [Apply pay direct](https://docs.mollie.com/docs/direct-integration-of-apple-pay) & [Mollie card component](https://docs.mollie.com/docs/mollie-components) - Filter options for listing payment methods - Create/cancel payment via Payment API diff --git a/connect.yaml b/connect.yaml index ba65192..68d6a99 100644 --- a/connect.yaml +++ b/connect.yaml @@ -26,8 +26,8 @@ deployAs: - key: MOLLIE_BANK_TRANSFER_DUE_DATE description: Payment method Bank Transfer due date (1d -> 100d) default: "14d" - - key: CTP_AUTHENTICATION_MODE - description: To enable secure mode for connector requests using JWT authentication (0 or 1) + - key: AUTHENTICATION_MODE + description: To enable secure mode for connector requests using OAuth authentication (0 or 1) required: true default: "0" securedConfiguration: diff --git a/docs/Authorization.md b/docs/Authorization.md index 18a0e04..2a4c330 100644 --- a/docs/Authorization.md +++ b/docs/Authorization.md @@ -4,6 +4,29 @@ This guide explains how to connect to the Mollie client and verify the connection. The initial connection setup will be used across various features requiring Mollie integration. +## Securing connector endpoints + +To called our connector endpoint esp. the processor endpoint (/processor/*), a valid access token (with client credentials grant type) is required. This token must be updated into the extension destination. + +``` MD +CREAT/UPDATE Extension +{ + ... + "destination": { + "type": "HTTP", + "url": "https://efd6-115-74-115-119.ngrok-free.app/processor", + "authorization": { + "type": "AuthorizationHeader", + "headerValue": "_token_" + } + } + ... +} + +``` + +Kindly recheck your extension record if facing unauthorized error when communicating with the connector. Also the token do expire after a time, please consider to implement a scheduled job to update this token. + ## Connecting to Mollie To connect to the Mollie account, you must specify the `MOLLIE_API_TEST_KEY` and `MOLLIE_API_LIVE_KEY` in your .env file. You can get the API key from your Mollie Dashboard. diff --git a/processor/.env.example b/processor/.env.example index 5b3afe9..576da7b 100644 --- a/processor/.env.example +++ b/processor/.env.example @@ -4,7 +4,7 @@ CTP_CLIENT_SECRET= CTP_PROJECT_KEY= CTP_SCOPE= CTP_REGION= -CTP_AUTHENTICATION_MODE= +AUTHENTICATION_MODE= ## Commercetools API URLs CTP_AUTH_URL=https://auth..commercetools.com diff --git a/processor/.env.jest b/processor/.env.jest index a6f0569..51b9559 100644 --- a/processor/.env.jest +++ b/processor/.env.jest @@ -5,7 +5,7 @@ CTP_CLIENT_SECRET=12345678901234567890123456789012 CTP_PROJECT_KEY=TEST CTP_SCOPE=TEST CTP_REGION=europe-west1.gcp -CTP_AUTHENTICATION_MODE=0 +AUTHENTICATION_MODE=0 ## MOLLIE vars MOLLIE_PROFILE_ID=pfl_12345 DEBUG=0 diff --git a/processor/src/middleware/jwt.middleware.ts b/processor/src/middleware/oauth.middleware.ts similarity index 70% rename from processor/src/middleware/jwt.middleware.ts rename to processor/src/middleware/oauth.middleware.ts index 28cda5d..015a8e3 100644 --- a/processor/src/middleware/jwt.middleware.ts +++ b/processor/src/middleware/oauth.middleware.ts @@ -1,8 +1,8 @@ import { NextFunction, Request, Response } from 'express'; import { paymentSdk } from '../sdk/payment.sdk'; -export const jwtMiddleware = async (req: Request, res: Response, next: NextFunction) => { - await paymentSdk.jwtAuthHookFn +export const oauthMiddleware = async (req: Request, res: Response, next: NextFunction) => { + await paymentSdk.oauth2AuthHookFn .authenticate()(req) .then(() => next()) .catch(() => { diff --git a/processor/src/routes/processor.route.ts b/processor/src/routes/processor.route.ts index a0fecd2..912e32a 100644 --- a/processor/src/routes/processor.route.ts +++ b/processor/src/routes/processor.route.ts @@ -2,7 +2,7 @@ import { Router } from 'express'; import { post } from '../controllers/processor.controller'; import { install, healthCheck, uninstall, mollieStatus } from '../controllers/connector.controller'; import { readConfiguration } from '../utils/config.utils'; -import { jwtMiddleware } from '../middleware/jwt.middleware'; +import { oauthMiddleware } from '../middleware/oauth.middleware'; const serviceRouter = Router(); const AUTH_MODE = readConfiguration().commerceTools.authMode === '1'; @@ -12,9 +12,9 @@ serviceRouter.get('/health-check', healthCheck); serviceRouter.get('/mollie/status', mollieStatus); if (AUTH_MODE) { - serviceRouter.post('/', jwtMiddleware, post); - serviceRouter.post('/install', jwtMiddleware, install); - serviceRouter.post('/uninstall', jwtMiddleware, uninstall); + serviceRouter.post('/', oauthMiddleware, post); + serviceRouter.post('/install', oauthMiddleware, install); + serviceRouter.post('/uninstall', oauthMiddleware, uninstall); } else { serviceRouter.post('/', post); serviceRouter.post('/install', install); diff --git a/processor/src/sdk/payment.sdk.ts b/processor/src/sdk/payment.sdk.ts index 7cbf238..092cb67 100644 --- a/processor/src/sdk/payment.sdk.ts +++ b/processor/src/sdk/payment.sdk.ts @@ -6,7 +6,7 @@ const config = readConfiguration().commerceTools; export const paymentSdk = setupPaymentSDK({ projectKey: config.projectKey, clientId: config.clientId, - clientSecret: config.clientId, + clientSecret: config.clientSecret, authUrl: `https://auth.${config.region}.commercetools.com`, apiUrl: `https://api.${config.region}.commercetools.com`, sessionUrl: `https://session.${config.region}.commercetools.com`, diff --git a/processor/src/utils/config.utils.ts b/processor/src/utils/config.utils.ts index 515271f..edf8319 100644 --- a/processor/src/utils/config.utils.ts +++ b/processor/src/utils/config.utils.ts @@ -16,7 +16,7 @@ export const readConfiguration = () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { testApiKey: process.env.MOLLIE_API_TEST_KEY as string, diff --git a/processor/tests/utils/config.utils.spec.ts b/processor/tests/utils/config.utils.spec.ts index 94ac196..42c7725 100644 --- a/processor/tests/utils/config.utils.spec.ts +++ b/processor/tests/utils/config.utils.spec.ts @@ -12,7 +12,7 @@ describe('Test src/utils/config.utils.ts', () => { projectKey: process.env.CTP_PROJECT_KEY, scope: process.env.CTP_SCOPE, region: process.env.CTP_REGION, - authMode: process.env.CTP_AUTHENTICATION_MODE, + authMode: process.env.AUTHENTICATION_MODE, }, mollie: { liveApiKey: process.env.MOLLIE_API_LIVE_KEY, @@ -81,8 +81,8 @@ describe('Test src/utils/config.utils.ts', () => { expect(() => readConfiguration()).toThrow(CustomError); }); - test('should throw an error when CTP_AUTHENTICATION_MODE is invalid', () => { - process.env.CTP_AUTHENTICATION_MODE = 'dummy'; + test('should throw an error when AUTHENTICATION_MODE is invalid', () => { + process.env.AUTHENTICATION_MODE = 'dummy'; expect(() => readConfiguration()).toThrow(CustomError); }); }); diff --git a/processor/tests/validators/helpers.validators.spec.ts b/processor/tests/validators/helpers.validators.spec.ts index 4071461..d5bae56 100644 --- a/processor/tests/validators/helpers.validators.spec.ts +++ b/processor/tests/validators/helpers.validators.spec.ts @@ -255,7 +255,7 @@ describe('Test helpers.validators.ts', () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { liveApiKey: process.env.MOLLIE_API_LIVE_KEY as string, @@ -280,7 +280,7 @@ describe('Test helpers.validators.ts', () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { liveApiKey: process.env.MOLLIE_API_LIVE_KEY as string, @@ -345,7 +345,7 @@ describe('test getValidateMessages', () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { testApiKey: process.env.MOLLIE_API_TEST_KEY as string, @@ -378,7 +378,7 @@ describe('test getValidateMessages', () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { testApiKey: process.env.MOLLIE_API_TEST_KEY as string, @@ -411,7 +411,7 @@ describe('test getValidateMessages', () => { projectKey: process.env.CTP_PROJECT_KEY as string, scope: process.env.CTP_SCOPE as string, region: process.env.CTP_REGION as string, - authMode: process.env.CTP_AUTHENTICATION_MODE as string, + authMode: process.env.AUTHENTICATION_MODE as string, }, mollie: { testApiKey: process.env.MOLLIE_API_TEST_KEY as string,