Closed naftis closed 1 week ago
@naftis Should we fetch everything directly from countryconfig or perhaps have the endpoints in gateway?
@Zangetsu101 Passing them through gateway seems aligned to how we aim to do things
We need to decide what to do with notifications and certificate refresh that makes sense for existing projects. @rikukissa we realised that the only way to update a certificate, or SMS notification settings on a deployed, production server is with a Postman request. We need to technically have an easier way to do this. Otherwise we should re-introduce this UI in 1.6.0: https://github.com/opencrvs/opencrvs-core/pull/7380
explore if it would be possible to leverage the signed urls (similar to minio) to serve the certificates from countryconfig
@Zangetsu101 @Nil20
Here's an example how we could implement our own signing mechanism
packages/documents/src/features/presign/index.test.ts
import * as jwt from 'jsonwebtoken'
const COUNTRY_CONFIG_URL = 'http://localhost:3040' /* From constants file */
const PERSISTENT_SECRET_KEY = 'HELLO_WORLD'
function getPresignedUrl(signature: string) {
const decoded = jwt.verify(signature, PERSISTENT_SECRET_KEY) as {
targetUrl: string
}
return decoded.targetUrl.replace(
/{{\s*COUNTRY_CONFIG_URL\s*}}/g,
COUNTRY_CONFIG_URL
)
}
function signFileUrl(targetUrl: string) {
return jwt.sign({ targetUrl }, PERSISTENT_SECRET_KEY, { expiresIn: '1h' })
}
function createPreSignedUrl(targetUrl: string) {
return '/documents/' + signFileUrl(targetUrl)
}
describe("Document service's own presign / validate mechanism. This is used, for example, to secure certificates and other assets served by the country config", () => {
it('creates presigned urls that point to the document service itself', async () => {
const url = '{{COUNTRY_CONFIG_URL}}/certificates/birth.svg'
const signedUrl = createPreSignedUrl(url)
expect(signedUrl).toContain(
'/documents/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
)
})
it('can verify those signed URLS are correct', async () => {
const signedUrl = createPreSignedUrl(
'{{COUNTRY_CONFIG_URL}}/certificates/birth.svg'
)
const signature = signedUrl.replace('/documents/', '')
expect(getPresignedUrl(signature)).toBe(
'http://localhost:3040/certificates/birth.svg'
)
})
it('fails for incorrect urls', async () => {
const invalidSignature =
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0YXJnZXRVcmwiOiJ7e0NPVU5UUllfQ09ORklHX1VSTH19L2NlcnRpZmljYXRlcy9iaXJ0aC5zdmciLCJpYXQiOjE3MjI0MTM3MjMsImV4cCI6MTcyMjQxNzMyM30.9ocZviMAvtStkcNH7iik1uAdRQJQd7Rf3sFURH8wd4E'
expect(() => getPresignedUrl(invalidSignature)).toThrow()
})
})
@Zangetsu101 Please mention what needs to be tested for this ticket
@SyedaAfrida
This ticket is fixed
Description
In 1.5 we deprecated some of the admin UI items (https://github.com/opencrvs/opencrvs-core/issues/6975), but as there were references to the admin UI code in for example advanced search, we did not refactor and clean up the stale code.
Dev tasks
PR 1
PR 2
application-config-default.ts
to be something more fitting