Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fix request header validation #261

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

fix: fix request header validation #261

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
22668f8
fix: fix request header validation
oderayi Jun 26, 2024
dbf75be
chore(snapshot): 12.3.0-snapshot.0
oderayi Jun 26, 2024
ff79498
feat: use enf for HUB_NAME input
oderayi Jun 27, 2024
4c9971a
chore(snapshot): 12.3.0-snapshot.1
oderayi Jun 27, 2024
3941a58
chore(snapshot): 12.3.0-snapshot.2
oderayi Jun 27, 2024
61f4c57
fix: fix config refs
oderayi Jun 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 8 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "sims",
"version": "12.2.0",
"version": "12.3.0-snapshot.2",
"description": "A super-simple fsp simulator",
"main": "src/index.js",
"author": "ModusBox",
Expand All @@ -27,6 +27,12 @@
"lint:fix": "npm run standard -- --fix",
"start": "node src/index.js",
"test": "echo \"Error: no test specified\" && exit 1",
"docker:build": "docker build --build-arg NODE_VERSION=\"$(cat .nvmrc)-alpine\" -t mojaloop/simulator:local .",
"docker:up": "docker-compose -f docker-compose.yml up",
"docker:stop": "docker-compose -f docker-compose.yml stop",
"docker:rm": "docker-compose -f docker-compose.yml rm -f -v",
"docker:down": "docker-compose -f docker-compose.yml down -v",
"docker:clean": "docker-compose -f docker-compose.yml down --rmi local",
"audit:fix": "npm audit fix",
"audit:check": "npx audit-ci --config ./audit-ci.jsonc",
"dep:check": "npx ncu -e 2",
Expand All @@ -50,7 +56,7 @@
"@mojaloop/central-services-metrics": "12.0.8",
"@mojaloop/central-services-shared": "18.5.0",
"@mojaloop/event-sdk": "^14.1.1",
"@mojaloop/sdk-standard-components": "18.2.0",
"@mojaloop/sdk-standard-components": "18.2.1",
"axios": "1.7.2",
"base64url": "3.0.1",
"blipp": "4.0.2",
Expand Down
6 changes: 3 additions & 3 deletions src/acceptheaderpayee/handler.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ exports.getPartiesByTypeAndId = function (req, h) {
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(correlationCache.get(req.params.id))
data: correlationCache.get(req.params.id)
}

// Logger.isInfoEnabled && Logger.info((new Date().toISOString()), 'Executing PUT', url)
Expand Down Expand Up @@ -232,7 +232,7 @@ exports.postQuotes = function (req, h) {
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(quotesResponse)
data: quotesResponse
}
// Logger.isInfoEnabled && Logger.info((new Date().toISOString()), 'Executing PUT', url)
const res = await request(url, opts, req.span)
Expand Down Expand Up @@ -314,7 +314,7 @@ exports.postTransfers = async function (req, h) {
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(transfersResponse)
data: transfersResponse
}

// Logger.isInfoEnabled && Logger.info(`Executing PUT: [${url}], HEADERS: [${JSON.stringify(opts.headers)}], BODY: [${JSON.stringify(transfersResponse)}]`)
Expand Down
10 changes: 5 additions & 5 deletions src/acceptheaderpayee/routes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
failAction: (request, h, err) => { throw err }
}
}
Expand Down Expand Up @@ -114,7 +114,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
payload: Joi.object({
quoteId: Joi.string().guid().required().description('Id of quote').label('@ Quote Id must be in a valid GUID format. @'),
transactionId: Joi.string().guid().required().description('Id of transaction').label('@ Transaction Id must be in a valid GUID format. @'),
Expand Down Expand Up @@ -214,7 +214,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
payload: Joi.object({
transferId: Joi.string().guid().required().description('Id of transfer').label('@ Transfer Id must be in a valid GUID format. @'),
payeeFsp: Joi.string().required().min(1).max(32).description('Financial Service Provider of Payee').label('@ A valid Payee FSP number must be supplied. @'),
Expand Down Expand Up @@ -261,7 +261,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down Expand Up @@ -303,7 +303,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down
28 changes: 14 additions & 14 deletions src/bulkQuotes/handler.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@ const Sdk = require('@mojaloop/sdk-standard-components')
const ErrorHandler = require('@mojaloop/central-services-error-handling')
const Metrics = require('../lib/metrics')
const base64url = require('base64url')
const Config = require('../lib/config')

const hubName = process.env.HUB_NAME || 'Hub'
const quotesEndpoint = process.env.QUOTES_ENDPOINT || 'http://localhost:1080'
const signature = process.env.MOCK_JWS_SIGNATURE || 'abcJjvNrkyK2KBieDUbGfhaBUn75aDUATNF4joqA8OLs4QgSD7i6EO8BIdy6Crph3LnXnTM20Ai1Z6nt0zliS_qPPLU9_vi6qLb15FOkl64DQs9hnfoGeo2tcjZJ88gm19uLY_s27AJqC1GH1B8E2emLrwQMDMikwQcYvXoyLrL7LL3CjaLMKdzR7KTcQi1tCK4sNg0noIQLpV3eA61kess'
const ilpSecret = process.env.ILP_SECRET || 'Quaixohyaesahju3thivuiChai5cahng'
Expand Down Expand Up @@ -146,13 +146,13 @@ exports.postBulkQuotes = function (request, h) {
'FSPIOP-URI': `/bulkQuotes/${bulkQuoteRequest.bulkQuoteId}`
},
transformRequest: [(data, headers) => {
delete headers.common.Accept
return data
headers.delete('Accept')
return JSON.stringify(data)
}],
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(bulkQuotesResponse)
data: bulkQuotesResponse
}
// Logger.isInfoEnabled && Logger.info((new Date().toISOString()), 'Executing PUT', url)
const res = await sendRequest(url, opts, request.span)
Expand Down Expand Up @@ -268,13 +268,13 @@ exports.getBulkQuotesById = function (request, h) {
'FSPIOP-URI': `/bulkQuotes/${request.params.id}`
},
transformRequest: [(data, headers) => {
delete headers.common.Accept
return data
headers.delete('Accept')
return JSON.stringify(data)
}],
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(responseData)
data: responseData
}
// Logger.isInfoEnabled && Logger.info((new Date().toISOString()), 'Executing PUT', url)
const res = await sendRequest(url, opts, request.span)
Expand Down Expand Up @@ -315,7 +315,7 @@ const sendErrorCallback = async (fspiopError, bulkQuoteId, headers, span) => {
const protectedHeader = {
alg: 'RS256',
'FSPIOP-Source': `${headers['fspiop-source']}`,
'FSPIOP-Destination': Config.HUB_NAME,
'FSPIOP-Destination': hubName,
'FSPIOP-URI': `/bulkQuotes/${bulkQuoteId}/error`,
'FSPIOP-HTTP-Method': 'PUT',
Date: ''
Expand All @@ -329,30 +329,30 @@ const sendErrorCallback = async (fspiopError, bulkQuoteId, headers, span) => {
headers: {
'Content-Type': 'application/vnd.interoperability.quotes+json;version=1.0',
'FSPIOP-Source': headers['fspiop-source'],
'FSPIOP-Destination': Config.HUB_NAME,
'FSPIOP-Destination': hubName,
Date: new Date().toUTCString(),
'FSPIOP-Signature': `${JSON.stringify(fspiopSignature)}`,
'FSPIOP-HTTP-Method': 'PUT',
'FSPIOP-URI': `/bulkQuotes/${bulkQuoteId}/error`
},
transformRequest: [(data, headers) => {
delete headers.common.Accept
return data
headers.delete('Accept')
return JSON.stringify(data)
}],
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(fspiopError.toApiErrorObject())
data: fspiopError.toApiErrorObject()
}
const res = await sendRequest(url, opts, span)
if (res.status !== Enums.Http.ReturnCodes.OK.CODE) {
throw new Error(`Failed to send. Result: ${res}`)
}

histTimerEnd({ success: true, fsp: 'payee', operation: 'sendErrorCallback', source: headers['fspiop-source'], destination: Config.HUB_NAME })
histTimerEnd({ success: true, fsp: 'payee', operation: 'sendErrorCallback', source: headers['fspiop-source'], destination: hubName })
} catch (err) {
Logger.isErrorEnabled && Logger.error(err)
histTimerEnd({ success: false, fsp: 'payee', operation: 'sendErrorCallback', source: headers['fspiop-source'], destination: Config.HUB_NAME })
histTimerEnd({ success: false, fsp: 'payee', operation: 'sendErrorCallback', source: headers['fspiop-source'], destination: hubName })
}
}

Expand Down
8 changes: 4 additions & 4 deletions src/bulkQuotes/routes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
payload: Joi.object({
bulkQuoteId: Joi.string().guid().required().description('Id of bulkQuote').label('@ BulkQuote Id must be in a valid GUID format. @'),
payer: Joi.object().required().keys({
Expand Down Expand Up @@ -162,7 +162,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().guid().required().description('path')
}),
Expand Down Expand Up @@ -195,7 +195,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down Expand Up @@ -282,7 +282,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down
6 changes: 3 additions & 3 deletions src/bulkTransfers/handler.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,13 +101,13 @@ exports.postBulkTransfers = async function (req, h) {
// tracestate: req.headers.tracestate ? req.headers.tracestate : undefined
},
transformRequest: [(data, headers) => {
delete headers.common.Accept
return data
headers.delete('Accept')
return JSON.stringify(data)
}],
httpsAgent: new https.Agent({
rejectUnauthorized: false
}),
data: JSON.stringify(bulkTransferResponse)
data: bulkTransferResponse
}
// Logger.isInfoEnabled && Logger.info(`Executing PUT: [${url}], HEADERS: [${JSON.stringify(opts.headers)}], BODY: [${JSON.stringify(bulkTransferResponse)}]`)
const res = await request(url, opts, req.span)
Expand Down
6 changes: 3 additions & 3 deletions src/bulkTransfers/routes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
payload: Joi.object({
bulkTransferId: Joi.string().guid().required().description('Id of bulk transfer').label('@ Bulk Transfer Id must be in a valid GUID format. @'),
bulkQuoteId: Joi.string().guid().required().description('Id of bulk quote').label('@ Bulk Quote Id must be in a valid GUID format. @'),
Expand Down Expand Up @@ -114,7 +114,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down Expand Up @@ -175,7 +175,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down
6 changes: 3 additions & 3 deletions src/bulkTransfersNegative/routes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
payload: Joi.object({
bulkTransferId: Joi.string().guid().required().description('Id of bulk transfer').label('@ Bulk Transfer Id must be in a valid GUID format. @'),
bulkQuoteId: Joi.string().guid().required().description('Id of bulk quote').label('@ Bulk Quote Id must be in a valid GUID format. @'),
Expand Down Expand Up @@ -114,7 +114,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down Expand Up @@ -175,7 +175,7 @@ module.exports = [
'fspiop-http-method': Joi.string().optional(),
traceparent: Joi.string().optional(),
tracestate: Joi.string().optional()
}).unknown(false).options({ stripUnknown: true }),
}).unknown(true).options({ stripUnknown: true }),
params: Joi.object({
id: Joi.string().required().description('path')
}),
Expand Down
6 changes: 0 additions & 6 deletions src/lib/config.js
View file
Open in desktop

This file was deleted.

Loading