npm - @govuk-pay/cli - Versions diffs - 0.0.30 → 0.0.31 - Mend

@govuk-pay/cli 0.0.30 → 0.0.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@govuk-pay/cli",
-  "version": "0.0.30",
+  "version": "0.0.31",
   "description": "GOV.UK Pay Command Line Interface",
   "bin": {
     "pay": "bin/cli.js",
@@ -18,9 +18,12 @@
     "@aws-sdk/client-ecs": "^3.637.0",
     "@aws-sdk/client-rds": "^3.637.0",
     "@aws-sdk/client-ssm": "^3.651.1",
+    "handlebars": "^4.7.8",
     "openurl": "^1.1.1",
     "semver": "^7.6.3",
-    "ts-standard": "^12.0.2"
+    "totp-generator": "^1.0.0",
+    "ts-standard": "^12.0.2",
+    "yaml": "^2.5.1"
   },
   "files": [
     "resources",

package/resources/pay-local/config/localstack/init-aws.sh ADDED Viewed

@@ -0,0 +1,70 @@
+#!/bin/sh
+cat > /tmp/sqs_attributes.json <<EOF
+{
+  "VisibilityTimeout": "3600",
+  "DelaySeconds": "0",
+  "ReceiveMessageWaitTimeSeconds": "0"
+}
+EOF
+echo "|======================================================================="
+echo "| Creating SQS queues"
+echo "|======================================================================="
+for QUEUE in \
+    connector_tasks_queue \
+    pay_capture_queue \
+    pay_event_queue \
+    payout_reconcile_queue \
+    webhooks-events-subscriber-queue
+do
+  echo "---------------------"
+  echo "Creating queue $QUEUE"
+  echo "---------------------"
+  aws sqs create-queue \
+    --queue-name "$QUEUE" \
+    --attributes file:///tmp/sqs_attributes.json \
+    --endpoint-url=http://localhost:4566 \
+    --region=eu-west-1
+  echo "---------------------"
+  echo
+done
+echo "|======================================================================="
+echo "| Creating SNS topics"
+echo "|======================================================================="
+for TOPIC in \
+    card-payment-dispute-events-topic \
+    card-payment-events-topic
+do
+  echo "---------------------"
+  echo "Creating topic $TOPIC"
+  echo "---------------------"
+  aws sns create-topic \
+    --name "$TOPIC" \
+    --endpoint-url=http://localhost:4566 \
+    --region=eu-west-1
+  echo "---------------------"
+  echo
+done
+echo "|======================================================================="
+echo "| Subscribing webhooks SQS queue to relevant SNS topics"
+echo "|======================================================================="
+for TOPIC in \
+    card-payment-dispute-events-topic \
+    card-payment-events-topic
+do
+  echo
+  echo "---------------------"
+  echo "Subscribing webhooks-events-subscriber-queue to topic $TOPIC"
+  echo "---------------------"
+  aws sns subscribe \
+    --topic-arn "arn:aws:sns:eu-west-1:000000000000:$TOPIC" \
+    --protocol sqs \
+    --notification-endpoint arn:aws:sns:eu-west-1:000000000000:webhooks-events-subscriber-queue \
+    --endpoint-url=http://localhost:4566 \
+    --region=eu-west-1
+  echo
+  echo
+done

package/resources/pay-local/config/postgres/docker-entrypoint-initdb.d/make_payments_databases.sql ADDED Viewed

@@ -0,0 +1,26 @@
+CREATE EXTENSION "uuid-ossp";
+CREATE EXTENSION IF NOT EXISTS pg_trgm WITH SCHEMA pg_catalog;
+CREATE USER connector WITH password 'mysecretpassword';
+CREATE DATABASE connector WITH owner=connector TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE connector TO connector;
+CREATE USER publicauth WITH password 'mysecretpassword';
+CREATE DATABASE publicauth WITH owner=publicauth TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE publicauth TO publicauth;
+CREATE USER adminusers WITH password 'mysecretpassword';
+CREATE DATABASE adminusers WITH owner=adminusers TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE adminusers TO adminusers;
+CREATE USER products WITH password 'mysecretpassword';
+CREATE DATABASE products WITH owner=products TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE products TO products;
+CREATE USER ledger WITH password 'mysecretpassword';
+CREATE DATABASE ledger WITH owner=ledger TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE ledger TO ledger;
+CREATE USER webhooks WITH password 'mysecretpassword';
+CREATE DATABASE webhooks WITH owner=webhooks TEMPLATE postgres;
+GRANT ALL PRIVILEGES ON DATABASE webhooks TO webhooks;

package/resources/pay-local/config/service_config.yaml ADDED Viewed

@@ -0,0 +1,193 @@
+adminusers:
+  name: adminusers
+  type: java
+  db: true
+  db_port: 19700
+  port: 9700
+  admin_port: 9701
+  healthcheck: true
+  queues:
+    AWS_SQS_CONNECTOR_TASKS_QUEUE_URL: connector_tasks_queue
+  clusters:
+    - admin
+    - paymentlinks
+    - card
+    - endtoend
+    - java
+    - toolbox
+cardid:
+  name: cardid
+  type: java
+  port: 9900
+  db: false
+  admin_port: 9901
+  healthcheck: true
+  clusters:
+    - paymentlinks
+    - card
+    - endtoend
+    - java
+connector:
+  name: connector
+  type: java
+  db: true
+  db_port: 19300
+  port: 9300
+  admin_port: 9301
+  healthcheck: true
+  can_use_egress_proxy: true
+  queues:
+    AWS_SQS_CAPTURE_QUEUE_URL: pay_capture_queue
+    AWS_SQS_PAYMENT_EVENT_QUEUE_URL: pay_event_queue
+    AWS_SQS_PAYOUT_RECONCILE_QUEUE_URL: payout_reconcile_queue
+    AWS_SQS_CONNECTOR_TASKS_QUEUE_URL: connector_tasks_queue
+  clusters:
+    - admin
+    - paymentlinks
+    - card
+    - endtoend
+    - java
+    - toolbox
+frontend:
+  name: frontend
+  type: node
+  proxy: true
+  naxsi: true
+  db: false
+  port: 9000
+  debug_port: 9001
+  proxy_port: 29000
+  healthcheck: true
+  can_use_egress_proxy: true
+  clusters:
+    - paymentlinks
+    - card
+    - endtoend
+ledger:
+  name: ledger
+  type: java
+  db: true
+  db_port: 20700
+  port: 10700
+  admin_port: 10701
+  healthcheck: true
+  queues:
+    AWS_SQS_PAYMENT_EVENT_QUEUE_URL: pay_event_queue
+  sns_topics:
+    SNS_TOPIC_CARD_PAYMENT_EVENTS: card-payment-events-topic
+    SNS_TOPIC_CARD_PAYMENT_DISPUTE_EVENTS: card-payment-dispute-events-topic
+  clusters:
+    - admin
+    - card
+    - endtoend
+    - java
+    - toolbox
+products:
+  name: products
+  type: java
+  db: true
+  db_port: 19800
+  port: 18000
+  admin_port: 18001
+  healthcheck: true
+  clusters:
+    - admin
+    - paymentlinks
+    - endtoend
+    - java
+    - toolbox
+products-ui:
+  name: products-ui
+  type: node
+  proxy: true
+  db: false
+  port: 10400
+  debug_port: 10401
+  proxy_port: 19000
+  healthcheck: true
+  clusters:
+    - paymentlinks
+    - endtoend
+publicapi:
+  name: publicapi
+  type: java
+  proxy: true
+  db: false
+  naxsi: true
+  port: 9100
+  admin_port: 9101
+  proxy_port: 39100
+  healthcheck: true
+  uses_redis: true
+  clusters:
+    - paymentlinks
+    - card
+    - endtoend
+    - java
+publicauth:
+  name: publicauth
+  type: java
+  db: true
+  db_port: 19600
+  port: 9600
+  admin_port: 9601
+  healthcheck: true
+  clusters:
+    - admin
+    - paymentlinks
+    - card
+    - endtoend
+    - java
+    - toolbox
+selfservice:
+  name: selfservice
+  type: node
+  proxy: true
+  naxsi: true
+  db: false
+  port: 9400
+  debug_port: 9401
+  healthcheck: true
+  proxy_port: 39000
+  clusters:
+    - admin
+    - endtoend
+    - webhooks
+    - toolbox
+stubs:
+  name: stubs
+  type: node
+  proxy: false
+  db: false
+  port: 3030
+  debug_port: 3031
+  healthcheck: false
+  clusters:
+    - endtoend
+toolbox:
+  name: toolbox
+  type: node
+  db: false
+  port: 3040
+  debug_port: 3041
+  healthcheck: true
+  entrypoint_override_local: 'sh -c "npm run build:copy && npm --inspect=0.0.0.0:3041 start"'
+  clusters:
+    - toolbox
+webhooks:
+  name: webhooks
+  type: java
+  db: true
+  db_port: 20800
+  port: 10800
+  admin_port: 10801
+  healthcheck: true
+  queues:
+    AWS_SQS_PAYMENT_EVENT_QUEUE_URL: webhooks-events-subscriber-queue
+  clusters:
+    - admin
+    - card
+    - endtoend
+    - java
+    - toolbox
+    - webhooks

package/resources/pay-local/config/services/adminusers.env ADDED Viewed

@@ -0,0 +1,49 @@
+PORT=9700
+ADMIN_PORT=9701
+DB_HOST=adminusers_db
+DB_PORT=5432
+DB_SSL_OPTION=ssl=true
+DB_USER=adminusers
+DB_PASSWORD=mysecretpassword
+JPA_LOG_LEVEL=WARNING
+JPA_SQL_LOG_LEVEL=WARNING
+LOGIN_ATTEMPT_CAP=2
+# defines whether outbound HTTP traffic need to be routed via a proxy. Default behaviour is proxy off.
+HTTP_PROXY_ENABLED=false
+HTTP_PROXY_HOST=egress.pymnt.localdomain
+HTTP_PROXY_PORT=8080
+LEDGER_URL=http://ledger:10700
+NOTIFY_SERVICE_ID=pay-notify-service-id
+NOTIFY_SECRET=pay-notify-secret-needs-to-be-32-chars-fsghdngfhmhfkrgsfs
+NOTIFY_API_KEY=api_key-pay-notify-service-id-pay-notify-secret-needs-to-be-32-chars-fsghdngfhmhfkrgsfs
+NOTIFY_SIGN_IN_OTP_SMS_TEMPLATE_ID=pay-notify-sign-in-otp-sms-template-id
+NOTIFY_CHANGE_SIGN_IN_2FA_TO_SMS_OTP_SMS_TEMPLATE_ID=pay-notify-change-sign-in-2fa-to-sms-otp-sms-template-id
+NOTIFY_SELF_INITIATED_CREATE_USER_AND_SERVICE_OTP_SMS_TEMPLATE_ID=pay-notify-self-initiated-create-user-and-service-otp-sms-template-id
+NOTIFY_CREATE_USER_IN_RESPONSE_TO_INVITATION_TO_SERVICE_OTP_SMS_TEMPLATE_ID=pay-notify-create-user-in-response-to-invitation-to-service-otp-sms-template-id
+NOTIFY_INVITE_EMAIL_TEMPLATE_ID=pay-notify-invite-email-template-id
+NOTIFY_INVITE_USER_EMAIL_TEMPLATE_ID=pay-notify-invite-user-email-template-id
+NOTIFY_FORGOTTEN_PASSWORD_EMAIL_TEMPLATE_ID=pay-notify-forgotten-password-email-template-id
+NOTIFY_BASE_URL=http://stubs:3030/notify
+NOTIFY_INVITE_SERVICE_EMAIL_TEMPLATE_ID=pay-notify-invite-service-email-template-id
+NOTIFY_INVITE_SERVICE_USER_EXITS_EMAIL_TEMPLATE_ID=pay-notify-invite-service-user-exists-email-template-id
+NOTIFY_LIVE_ACCOUNT_CREATED_EMAIL_TEMPLATE_ID=pay-notify-live-account-created-email-template-id
+NOTIFY_DISPUTE_CREATED_EMAIL_TEMPLATE_ID=pay-notify-dispute-created-email-template-id
+NOTIFY_STRIPE_DISPUTE_CREATED_EMAIL_TEMPLATE_ID=pay-notify-dispute-created-email-template-id
+NOTIFY_STRIPE_DISPUTE_EVIDENCE_SUBMITTED_EMAIL_TEMPLATE_ID=pay-notify-dispute-evidence-submitted-template-id
+NOTIFY_STRIPE_DISPUTE_LOST_EMAIL_TEMPLATE_ID=pay-notify-stripe-dispute-lost-email-template-id
+NOTIFY_STRIPE_DISPUTE_LOST_AND_SERVICE_CHARGED_EMAIL_TEMPLATE_ID=pay-notify-stripe-dispute-lost-andservice-charged-email-template-id
+NOTIFY_STRIPE_DISPUTE_WON_EMAIL_TEMPLATE_ID=pay-notify-stripe-dispute-won-email-template-id
+NOTIFY_EMAIL_REPLY_TO_SUPPORT_ID=pay-notify-email-reply-to-support-id
+FORGOTTEN_PASSWORD_EXPIRY_MINUTES=90
+AWS_SQS_CONNECTOR_TASKS_QUEUE_URL=http://localstack:4566/000000000000/connector_tasks_queue
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000
+EXPUNGE_AND_ARCHIVE_HISTORICAL_DATA_ENABLED=true

package/resources/pay-local/config/services/cardid.env ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ PORT=9800
2	+ ADMIN_PORT=9801

package/resources/pay-local/config/services/connector.env ADDED Viewed

@@ -0,0 +1,70 @@
+PORT=9300
+ADMIN_PORT=9301
+DB_HOST=connector_db
+DB_PORT=5432
+DB_SSL_OPTION=ssl=true
+DB_USER=connector
+DB_PASSWORD=mysecretpassword
+SECURE_WORLDPAY_NOTIFICATION_ENABLED=false
+SECURE_WORLDPAY_NOTIFICATION_DOMAIN=pymnt.localdomain
+GDS_CONNECTOR_WORLDPAY_TEST_URL=http://stubs:3030/stub/worldpay
+GDS_CONNECTOR_WORLDPAY_LIVE_URL=http://stubs:3030/stub/worldpay
+WORLDPAY_3DS_FLEX_DDC_TEST_URL=http://stubs:3030/stub/worldpay
+WORLDPAY_3DS_FLEX_DDC_LIVE_URL=http://stubs:3030/stub/worldpay
+WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjRENDQkJhZ0F3SUJBZ0lJVXlyRU00SXpCSFF3Q2dZSUtvWkl6ajBFQXdJd2dZQXhOREF5QmdOVkJBTU0KSzBGd2NHeGxJRmR2Y214a2QybGtaU0JFWlhabGJHOXdaWElnVW1Wc1lYUnBiMjV6SUVOQklDMGdSekl4SmpBawpCZ05WQkFzTUhVRndjR3hsSUVObGNuUnBabWxqWVhScGIyNGdRWFYwYUc5eWFYUjVNUk13RVFZRFZRUUtEQXBCCmNIQnNaU0JKYm1NdU1Rc3dDUVlEVlFRR0V3SlZVekFlRncweE5ERXdNall4TWpFd01UQmFGdzB4TmpFeE1qUXgKTWpFd01UQmFNSUdoTVM0d0xBWUtDWkltaVpQeUxHUUJBUXdlYldWeVkyaGhiblF1WTI5dExuTmxZWFJuWldWcgpMbE5sWVhSSFpXVnJNVFF3TWdZRFZRUUREQ3ROWlhKamFHRnVkQ0JKUkRvZ2JXVnlZMmhoYm5RdVkyOXRMbk5sCllYUm5aV1ZyTGxObFlYUkhaV1ZyTVJNd0VRWURWUVFMREFvNVFqTlJXVGxYUWxvMU1SY3dGUVlEVlFRS0RBNVQKWldGMFIyVmxheXdnU1c1akxqRUxNQWtHQTFVRUJoTUNWVk13V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQgpCd05DQUFRUGppQTFrVEVvZFNUMnd5NWQ1a1FGck0wRDVxQlg5VWtyeThXNkQrdkM3T3FiTW9UbS91cFJNMUdSCkhlQTJMYVZUcndBbnBHaG9PMEVUcVlGMk51NFZvNElDVlRDQ0FsRXdSd1lJS3dZQkJRVUhBUUVFT3pBNU1EY0cKQ0NzR0FRVUZCekFCaGl0b2RIUndPaTh2YjJOemNDNWhjSEJzWlM1amIyMHZiMk56Y0RBMExXRndjR3hsZDNkawpjbU5oTWpBeE1CMEdBMVVkRGdRV0JCUVdHZktnUGdWQlg4Sk92ODRxMWMwNEhTaE1tekFNQmdOVkhSTUJBZjhFCkFqQUFNQjhHQTFVZEl3UVlNQmFBRklTMmhNdzZobUp5RmxtVTZCcWp2VWpmT3Q4TE1JSUJIUVlEVlIwZ0JJSUIKRkRDQ0FSQXdnZ0VNQmdrcWhraUc5Mk5rQlFFd2dmNHdnY01HQ0NzR0FRVUZCd0lDTUlHMkRJR3pVbVZzYVdGdQpZMlVnYjI0Z2RHaHBjeUJqWlhKMGFXWnBZMkYwWlNCaWVTQmhibmtnY0dGeWRIa2dZWE56ZFcxbGN5QmhZMk5sCmNIUmhibU5sSUc5bUlIUm9aU0IwYUdWdUlHRndjR3hwWTJGaWJHVWdjM1JoYm1SaGNtUWdkR1Z5YlhNZ1lXNWsKSUdOdmJtUnBkR2x2Ym5NZ2IyWWdkWE5sTENCalpYSjBhV1pwWTJGMFpTQndiMnhwWTNrZ1lXNWtJR05sY25ScApabWxqWVhScGIyNGdjSEpoWTNScFkyVWdjM1JoZEdWdFpXNTBjeTR3TmdZSUt3WUJCUVVIQWdFV0ttaDBkSEE2Ckx5OTNkM2N1WVhCd2JHVXVZMjl0TDJObGNuUnBabWxqWVhSbFlYVjBhRzl5YVhSNUx6QTJCZ05WSFI4RUx6QXQKTUN1Z0thQW5oaVZvZEhSd09pOHZZM0pzTG1Gd2NHeGxMbU52YlM5aGNIQnNaWGQzWkhKallUSXVZM0pzTUE0RwpBMVVkRHdFQi93UUVBd0lES0RCUEJna3Foa2lHOTJOa0JpQUVRZ3hBUmprek9FWTBOalU0UTBFeVF6RkRPVU16Ck9FSTRSRVpEUWpWRVFrSXlRVEl5TkRVMk1EZEVSRVV5UmpFeE5EWXlNRVU0TkRZNFJVWTFNa1F5TURoRFFUQUsKQmdncWhrak9QUVFEQWdOSUFEQkZBaUIrUTR6enBNajJESlRDSWhERkJjbXdLMXpRQUM3MGZZMklzWWQ4K054dQp1d0loQUtqOVJyVE95aWFRbm9UNU1xaTNVSG9wYjZ4VHVnbDNMVURCbG9yYUJIeVAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+WORLDPAY_APPLE_PAY_PAYMENT_PROCESSING_PRIVATE_KEY=MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgOqukXQoQVbg1xvvq/IGLdK0UuJPbbawULTALcuw/Uz2hRANCAAQPjiA1kTEodST2wy5d5kQFrM0D5qBX9Ukry8W6D+vC7OqbMoTm/upRM1GRHeA2LaVTrwAnpGhoO0ETqYF2Nu4V
+GDS_CONNECTOR_SMARTPAY_TEST_URL=http://stubs:3030/stub/smartpay
+GDS_CONNECTOR_SMARTPAY_LIVE_URL=http://stubs:3030/stub/smartpay
+SANDBOX_ALLOWED_CIDRS=["127.0.0.1/32", "0.0.0.0/32"]
+SMARTPAY_ALLOWED_CIDRS=["127.0.0.1/32", "0.0.0.0/32"]
+GDS_CONNECTOR_SMARTPAY_NOTIFICATION_USER=smartpay-user
+GDS_CONNECTOR_SMARTPAY_NOTIFICATION_PASSWORD=smartpay-password
+STRIPE_ALLOWED_CIDRS=["127.0.0.1/32", "0.0.0.0/32"]
+STRIPE_TRANSACTION_FEE_PERCENTAGE=0.9
+STRIPE_TRANSACTION_RADAR_FEE_IN_PENCE=5
+STRIPE_TRANSACTION_THREE_DS_FEE_IN_PENCE=5
+JPA_LOG_LEVEL=WARNING
+JPA_SQL_LOG_LEVEL=WARNING
+# defines whether outbound HTTP traffic need to be routed via a proxy. Default behaviour is proxy off.
+HTTP_PROXY_ENABLED=false
+# If `ENABLE_OUTBOUND_PROXY=true` make sure to set the below proxy vars. Otherwise they are ignored
+HTTP_PROXY_HOST=egress.pymnt.localdomain
+HTTP_PROXY_PORT=8080
+HTTP_PROXY_SCHEME=http
+AUTH_READ_TIMEOUT_SECONDS=1
+NOTIFY_EMAIL_ENABLED=true
+NOTIFY_PAYMENT_RECEIPT_EMAIL_TEMPLATE_ID=email-template-id
+NOTIFY_REFUND_ISSUED_EMAIL_TEMPLATE_ID=email-refund-issued-template-id
+NOTIFY_API_KEY=api_key-pay-notify-service-id-pay-notify-secret-needs-to-be-32-chars-fsghdngfhmhfkrgsfs
+NOTIFY_BASE_URL=http://stubs:3030/notify
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000
+AWS_XRAY_CONTEXT_MISSING=LOG_ERROR
+CAPTURE_PROCESS_QUEUE_SCHEDULER_THREAD_DELAY_IN_SECONDS=1
+EVENT_QUEUE_ENABLED=true
+AWS_SQS_PAYMENT_EVENT_QUEUE_URL=http://localstack:4566/000000000000/pay_event_queue
+AWS_SQS_PAYOUT_RECONCILE_QUEUE_URL=http://localstack:4566/000000000000/payout_reconcile_queue
+EMIT_PAYMENT_STATE_TRANSITION_EVENTS=true
+EMIT_PAYOUT_EVENTS=true
+TASK_QUEUE_ENABLED="true"
+AWS_SQS_CONNECTOR_TASKS_QUEUE_URL=http://localstack:4566/000000000000/connector_tasks_queue
+FRONTEND_URL=http://localhost:9000
+CARDID_URL=http://cardid:9900

package/resources/pay-local/config/services/demo-service.env ADDED Viewed

@@ -0,0 +1,10 @@
+NODE_WORKER_COUNT=1
+NODE_ENV=dev
+SESSION_ENCRYPTION_KEY=asdjhbwefbo23r23rbfik2roiwhefwbqw
+COOKIE_MAX_AGE=5400000
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000
+DISABLE_INTERNAL_HTTPS=true
+DISABLE_SSL=true
+PAY_API_URL=http://publicapi:9100

package/resources/pay-local/config/services/egress/squid.conf ADDED Viewed

@@ -0,0 +1,47 @@
+logformat govuk_datetime %tg %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
+acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC4193 local private network range
+acl localnet src fe80::/10      # RFC4291 link-local (directly-plugged) machine
+acl SSL_ports port 443
+acl Safe_ports port 80
+acl purge method PURGE
+acl CONNECT method CONNECT
+acl all_sites                ssl::server_name_regex .*
+acl vpc src 172.18.0.0/16
+http_access allow all_sites        vpc SSL_ports
+http_access allow manager      localhost
+http_access deny  manager
+http_access allow purge        localhost
+http_access deny  purge
+http_access deny  !Safe_ports
+http_access deny  CONNECT      !SSL_ports
+http_access allow localhost
+http_access deny    all
+icp_access  deny    all
+http_port 0.0.0.0:8080
+access_log stdio:/dev/stdout govuk_datetime
+cache_log  stdio:/dev/stdout govuk_datetime
+refresh_pattern     ^ftp:     1440  20% 10080
+refresh_pattern     ^gopher:      1440  0%  1440
+refresh_pattern     -i (/cgi-bin/|\?)   0 0%  0
+refresh_pattern     (Release|Package(.gz)*)$  0 20% 2880
+pid_filename /squid/pid
+visible_hostname squid
+hosts_file /etc/hosts
+maximum_object_size 512 MB
+coredump_dir /squid
+cache_mem 1024 MB
+cache deny all

package/resources/pay-local/config/services/frontend.env ADDED Viewed

@@ -0,0 +1,12 @@
+SESSION_ENCRYPTION_KEY=asdjhbwefbo23r23rbfik2roiwhefwbqw
+COOKIE_MAX_AGE=5400000
+CONNECTOR_HOST=http://connector:9300
+ANALYTICS_TRACKING_ID=testing-123
+CARDID_HOST=http://cardid:9900
+NODE_WORKER_COUNT=1
+NODE_ENV=dev
+WORLDPAY_3DS_FLEX_DDC_TEST_URL=http://stubs:3030/stub/worldpay
+WORLDPAY_3DS_FLEX_DDC_LIVE_URL=http://stubs:3030/stub/worldpay
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000
+DISABLE_INTERNAL_HTTPS=true

package/resources/pay-local/config/services/java_app.env ADDED Viewed

	@@ -0,0 +1 @@
1	+ JAVA_OPTS=-Xms128m -Xmx1G

package/resources/pay-local/config/services/ledger.env ADDED Viewed

@@ -0,0 +1,10 @@
+PORT=10700
+ADMIN_PORT=10701
+QUEUE_MESSAGE_RECEIVER_THREAD_DELAY_IN_MILLISECONDS=1000
+EXPUNGE_AND_REDACT_HISTORICAL_DATA_ENABLED=true
+EXPUNGE_OR_REDACT_DATA_OLDER_THAN_DAYS=0
+EXPUNGE_NO_OF_TRANSACTIONS_PER_TASK_RUN=5
+SNS_ENABLED=true
+PUBLISH_CARD_PAYMENT_EVENTS_TO_SNS=true
+PUBLISH_CARD_PAYMENT_DISPUTE_EVENTS_TO_SNS=true

package/resources/pay-local/config/services/products-ui.env ADDED Viewed

@@ -0,0 +1,14 @@
+PORT=10100
+SESSION_ENCRYPTION_KEY=asdjhbwefbo23r23rbfik2roiwhefwbqw
+COOKIE_MAX_AGE=3600000
+DISABLE_INTERNAL_HTTPS=true
+SELFSERVICE_DASHBOARD_URL=http://localhost:9400/dashboard
+SELFSERVICE_DEMO_PAYMENT_RETURN_URL=http://localhost:9400/make-a-demo-payment/:productExternalId/go-to-transactions
+NODE_ENV=dev
+GOOGLE_RECAPTCHA_SITE_KEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
+GOOGLE_RECAPTCHA_SECRET_KEY=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+GOOGLE_RECAPTCHA_USE_ENTERPRISE_VERSION=false

package/resources/pay-local/config/services/products.env ADDED Viewed

@@ -0,0 +1,25 @@
+PORT=10300
+ADMIN_PORT=10001
+DB_HOST=products_db
+DB_SSL_OPTION=ssl=true
+DB_USER=products
+DB_PASSWORD=mysecretpassword
+JPA_LOG_LEVEL=WARNING
+JPA_SQL_LOG_LEVEL=WARNING
+BASE_URL=http://localhost:10300
+PRODUCTSUI_PAY_URL=http://localhost:10400/pay
+PRODUCTSUI_CONFIRMATION_URL=http://localhost:10400/payment-complete
+PRODUCTS_FRIENDLY_BASE_URI=http://localhost:10400/redirect
+HTTP_PROXY_HOST=egress.pymnt.localdomain
+HTTP_PROXY_PORT=8080
+HTTP_PROXY_SCHEME=http
+AUTH_READ_TIMEOUT_SECONDS=1
+EXPUNGE_HISTORICAL_DATA_ENABLED=true
+EXPUNGE_DATA_OLDER_THAN_DAYS=0
+EXPUNGE_NO_OF_PAYMENTS_PER_TASK_RUN=10

package/resources/pay-local/config/services/publicapi.env ADDED Viewed

@@ -0,0 +1,13 @@
+PORT=9100
+ADMIN_PORT=9101
+CONNECTOR_URL=http://connector:9300
+PUBLIC_AUTH_URL=http://publicauth:9600/v1/api/auth
+LEDGER_URL=http://ledger:10700
+TOKEN_API_HMAC_SECRET=qwer9yuhgf
+PUBLICAPI_BASE=http://publicapi:9100
+ALLOW_HTTP_FOR_RETURN_URL=true
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000
+REDIS_URL=redis
+RATE_LIMITER_VALUE=75
+RATE_LIMITER_VALUE_POST=15
+RATE_LIMITER_PER_MILLIS=1000

package/resources/pay-local/config/services/publicauth.env ADDED Viewed

@@ -0,0 +1,13 @@
+PORT=9600
+ADMIN_PORT=9601
+DB_HOST=publicauth_db
+DB_PORT=5432
+DB_SSL_OPTION=ssl=true
+DB_USER=publicauth
+DB_PASSWORD=mysecretpassword
+TOKEN_DB_BCRYPT_SALT='$2a$10$IhaXo6LIBhKIWOiGpbtPOu'
+TOKEN_API_HMAC_SECRET=qwer9yuhgf
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000

package/resources/pay-local/config/services/selfservice.env ADDED Viewed

@@ -0,0 +1,21 @@
+PORT=9400
+SESSION_ENCRYPTION_KEY=asdjhbwefbo23r23rbfik2roiwhefwbqw
+PUBLIC_AUTH_URL=http://publicauth:9600/v1/frontend/auth
+SELFSERVICE_BASE=selfservice
+PRODUCTS_URL=http://products:18000
+ADMINUSERS_URL=http://adminusers:9700
+LEDGER_URL=http://ledger:10700
+WEBHOOKS_URL=http://webhooks:10800
+PRODUCTS_API_TOKEN=g0nBA5lNzfUalQjk4ZBDy70AikNshxz2G70dA6lg
+PRODUCTS_FRIENDLY_BASE_URI=productsui/redirect
+LOGIN_ATTEMPT_CAP=3
+COOKIE_MAX_AGE=10800000
+NODE_WORKER_COUNT=1
+NODE_ENV=dev
+# defines whether outbound HTTP traffic need to be routed via a proxy.
+HTTP_PROXY_ENABLED=false
+#AWS_XRAY_DAEMON_ADDRESS=xray:2000

package/resources/pay-local/config/services/ssl/certs/frontend-proxy.crt ADDED Viewed

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdoCCQCF60eRLhmlXDANBgkqhkiG9w0BAQsFADA7MRcwFQYDVQQDDA5m
+cm9udGVuZC1wcm94eTETMBEGA1UECgwKR09WLlVLIFBheTELMAkGA1UEBhMCR0Iw
+HhcNMTgxMDAzMTA1MDA2WhcNMTkxMDAzMTA1MDA2WjA7MRcwFQYDVQQDDA5mcm9u
+dGVuZC1wcm94eTETMBEGA1UECgwKR09WLlVLIFBheTELMAkGA1UEBhMCR0IwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyQ5bPLhR1njJc3eGtAyChrQPS
+/oKHDUm1H61HSv9OJFZvm4La1hQD9BhxbT47ZC1qTGAnaXoP3SJJSooyZxIcrEQp
+Ns9zVsGjZ6wdn4Dhjks4x70qEcZawkrgPhJEIGaYlSs928LOrBLWAv+cSew+YSMA
+Men6wdg5fWDaue91LMc/Scp7YIGfVWU3oRe+nVKF7jvQv7qu1C4HIEqEyRDiDM2I
+POrYTvst9FIGHcEV5FqfKa5rfy5A8wpXFdg3DaC0US5dZPQDdz/q+pM/+42lt3R6
+vTPUVpESOgRaa2sr6j6/B5VltIgXN4oXak+Ho5KSsi3DWAivriIeNXGAsnM3AgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAKMq4/XWjadL08UsEOjGL7fvOIn6HopqeQ3+
+slXyQYO0BMokF5TRgfVQ4Gq5r9Rs9900/FTdYTeOFmQv7taU+U8Op76b4oFCq9jG
+YRCnCYeYwdl5Jk695NXp7U5DhLKAbxSDXK1tkwyODg9N/JIUWynowNagiwnuTA5l
+7uUICeIlF25wKz+9NPOVtVebKZeVwouSLuWP1p42VewE1nq9XotnG2Kq0yjPQ3cP
+P/EZZuXncvbQxnSMLZZqabgTvuEELgIKtB+3M6s3G05gWzjJ22neEJjqLUA9oObr
+TNV3cn4fGxANh7bRGIe4eiyk/onJNcuWQ1+b6adSkRDjCVFGzqs=
+-----END CERTIFICATE-----

package/resources/pay-local/config/services/ssl/certs/products-ui-proxy.crt ADDED Viewed

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIJAJTMRAWxLjdOMA0GCSqGSIb3DQEBCwUAMD4xGjAYBgNV
+BAMMEXNlbGZzZXJ2aWNlLXByb3h5MRMwEQYDVQQKDApHT1YuVUsgUGF5MQswCQYD
+VQQGEwJHQjAeFw0xODEwMDUxMzI1NTFaFw0xOTEwMDUxMzI1NTFaMD4xGjAYBgNV
+BAMMEXNlbGZzZXJ2aWNlLXByb3h5MRMwEQYDVQQKDApHT1YuVUsgUGF5MQswCQYD
+VQQGEwJHQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMqC2PBeWXf
+4y841dai6Jpnci7mPICjtgk3bMEzeTS3u79XqR0tm4nNRs7jJzRGL4q1uYGIlRPn
+bfiFBAKRJTR1thntZV5kiUf5c4rdFIDlhjJF8WbWoTpys1ZQ1pJwpYSDbppdt3Cz
+3gh/LHmlTFxP84Ha/4Bk+W6+VVMNdY07ymjYt2f327983XEmvFmm0ZUMPrUHzU2J
+kppt/H01Se4clGU1ngqSYcQoD4SWDctRFXjv7YY/cZKmNARnCMCHKChmTWNiRjCx
+R9khg+ZOYCWsU11V6OuKizs8DedOmQnnISJ5JoY9ACC+/Ll0F0GKBsc87ZYh5mdw
+uWMYEfGUuesCAwEAAaNQME4wHQYDVR0OBBYEFJYeywmQGYJ0+U28cXRmGK+/HGzy
+MB8GA1UdIwQYMBaAFJYeywmQGYJ0+U28cXRmGK+/HGzyMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBAEH4TgXZSRU66qeiVIphuMtajkpCKIYkhSJiy+BS
+5Q8hnqAVWUvihhBpfdBpV2vosTAYU9I7eEkJ+t1utDgH6nzriIVuUKEeeMDmel+M
+zLqMy8M4+9Y/Stesxm646iWIJMzGT8PoZSYBbcjvb4bsLBy7nxkkFvVluo90uBoK
+xY60fSLLobh1Uh0Nr3/Ui9u712gjq1IZ3bcohqVXEumck9cH3z84BjzUlCPRoYPN
+SUydh086XTBz4yjP7DK68QyCAfVoTwWz7P7rLjYZH9NB57b3DrwizYlwMX7kKfHj
+POXim9pVku1mI1IdBFxN3XbqzeqHUeCRyyqWxCIlDeHCEmA=
+-----END CERTIFICATE-----

package/resources/pay-local/config/services/ssl/certs/publicapi-proxy.crt ADDED Viewed

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAdwCCQDCic1s3YTXrjANBgkqhkiG9w0BAQsFADA8MRgwFgYDVQQDDA9w
+dWJsaWNhcGktcHJveHkxEzARBgNVBAoMCkdPVi5VSyBQYXkxCzAJBgNVBAYTAkdC
+MB4XDTI0MDMwNDE1MzA0OVoXDTI1MDMwNDE1MzA0OVowPDEYMBYGA1UEAwwPcHVi
+bGljYXBpLXByb3h5MRMwEQYDVQQKDApHT1YuVUsgUGF5MQswCQYDVQQGEwJHQjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALN/gveplxRPaCWANwe2S9LD
+ZAeFD0rQFFETt1IKHmk0qFn/4Gxdf5svMhrk6fV7HJW5v93bpz8fgFlwTeHh5FKN
+6AeGzqhP16LrBNNIavuFwEU/LRER+FlMjNN66EHGrcPClF3c5eAmWarYdZYkpkCN
++Nh2TEAB/biJXb95YxJjg5NZUCJnS4LC0GYjS4Gu3dauIsQbJ0L4oYo9K/1FZfJc
+7u5FTY5T9zRJPGVEMN/HFqe2PzgesP1dWs/HMlFMgtefcb/9ESkx+SzRwITkE9mq
+MlNL5lpNC/joK30vKj6ZclRBwQ6EgtdzgrvnIAvP4gklZqqUuSCdYsqjzTc7uoUC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhzI5eFhRG+DYvtJVHtwm6YudpEJ/MT/P
+jHhnymVLfTNrvkhZ+75VUTKXdhnZQWMBpH4ZV5ASktB+BeiMz/lKcA1tdAZvnZyB
+6O9QLYKMEfU5fg5i7fdrAimv3rvj/KMgejUZrHobKaMWcPBRiIpKbxWI6+DFTHyc
+hCcMdeC8rNT5Iz1WG2Uqo66otv83g6dyIrbq8cOZxXI9ocTQgTyfLSIWp72NBxk5
+xxMzuyojVU678zb7oX3qCRTX4TlxMU/+o7QQ/oPwpHi9S/oDpeZBfepLf6nmwQJT
+TGWlUWlb2gCJef8UtrJSDg9B4nZR83L7qutEberZJrkzBxbqXz6GfQ==
+-----END CERTIFICATE-----