@hmcts/opal-frontend-common-node 0.0.2 → 0.0.3

package/src/helmet/index.ts

@@ -1,60 +0,0 @@
-import * as express from 'express';
-import helmet from 'helmet';
-import { Logger } from '@hmcts/nodejs-logging';
-
-const logger = Logger.getLogger('helmet');
-const googleAnalyticsDomain = '*.google-analytics.com';
-const self = "'self'";
-const dynatraceDomain = '*.dynatrace.com';
-const LaunchDarklyDomain = '*.launchdarkly.com';
-const azureDomain = '*.azure.com';
-const applicationInsightsDomain = '*.applicationinsights.azure.com';
-/**
- * Module that enables helmet in the application
- */
-export class Helmet {
-  private readonly developmentMode: boolean;
-  constructor(developmentMode: boolean) {
-    this.developmentMode = developmentMode;
-  }
-
-  public enableFor(app: express.Express, enabled: boolean): void {
-    if (enabled) {
-      logger.info('Helmet enabled');
-      // include default helmet functions
-      const scriptSrc = [
-        self,
-        googleAnalyticsDomain,
-        dynatraceDomain,
-        "'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU='",
-        "'unsafe-inline'",
-      ];
-
-      if (this.developmentMode) {
-        // Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval'
-        // is not an allowed source of script in the following Content Security Policy directive:
-        // "script-src 'self' *.google-analytics.com 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU='".
-        // seems to be related to webpack
-        scriptSrc.push("'unsafe-eval'");
-      }
-
-      app.use(
-        helmet({
-          contentSecurityPolicy: {
-            directives: {
-              connectSrc: [self, dynatraceDomain, LaunchDarklyDomain, azureDomain, applicationInsightsDomain],
-              defaultSrc: ["'none'"],
-              fontSrc: [self, 'data:', 'https://fonts.gstatic.com'],
-              imgSrc: [self, googleAnalyticsDomain],
-              objectSrc: [self],
-              scriptSrc,
-              styleSrc: [self, "'unsafe-inline'", 'https://fonts.googleapis.com'],
-              scriptSrcAttr: ["'unsafe-inline'"],
-            },
-          },
-          referrerPolicy: { policy: 'origin' },
-        }),
-      );
-    }
-  }
-}

package/src/interfaces/app-insights-config.ts

@@ -1,7 +0,0 @@
-class AppInsightsConfig {
-  enabled!: boolean;
-  connectionString!: string | null;
-  cloudRoleName!: string | null;
-}
-
-export default AppInsightsConfig;

package/src/interfaces/launch-darkly-config.ts

@@ -1,7 +0,0 @@
-class LaunchDarklyConfig {
-  enabled!: boolean;
-  clientId!: string | null;
-  stream!: boolean;
-}
-
-export default LaunchDarklyConfig;

package/src/interfaces/routes-config.ts

@@ -1,8 +0,0 @@
-class RoutesConfiguration {
-  opalApiTarget!: string;
-  opalFinesServiceTarget!: string;
-  frontendHostname!: string;
-  prefix!: string;
-}
-
-export default RoutesConfiguration;

package/src/interfaces/securityToken.ts

@@ -1,8 +0,0 @@
-import UserState from './userState';
-
-class SecurityToken {
-  user_state: UserState | undefined;
-  access_token!: string;
-}
-
-export default SecurityToken;

package/src/interfaces/session-config.ts

@@ -1,5 +0,0 @@
-class SessionConfiguration {
-  userStateUrl!: string;
-  sessionExpiryUrl!: string;
-}
-export default SessionConfiguration;

package/src/interfaces/session-expiry-config.ts

@@ -1,7 +0,0 @@
-class ExpiryConfiguration {
-  testMode!: boolean;
-  expiryTimeInMilliseconds!: number;
-  warningThresholdInMilliseconds!: number;
-}
-
-export default ExpiryConfiguration;

package/src/interfaces/session-storage-config.ts

@@ -1,12 +0,0 @@
-class SessionStorageConfiguration {
-  secret!: string;
-  prefix!: string;
-  maxAge!: number;
-  sameSite!: boolean;
-  secure!: boolean;
-  domain!: string;
-  redisEnabled!: boolean;
-  redisConnectionString!: string | null;
-}
-
-export default SessionStorageConfiguration;

package/src/interfaces/sso-config.ts

@@ -1,9 +0,0 @@
-class SsoConfiguration {
-  login!: string;
-  loginCallback!: string;
-  logout!: string;
-  logoutCallback!: string;
-  authenticated!: string;
-}
-
-export default SsoConfiguration;

package/src/interfaces/transfer-server-state.ts

@@ -1,10 +0,0 @@
-import AppInsightsConfig from './app-insights-config';
-import LaunchDarklyConfig from './launch-darkly-config';
-
-class TransferServerState {
-  launchDarklyConfig!: LaunchDarklyConfig;
-  ssoEnabled!: boolean;
-  appInsightsConfig!: AppInsightsConfig;
-}
-
-export default TransferServerState;

package/src/interfaces/userState.ts

@@ -1,18 +0,0 @@
-class UserState {
-  user_id!: string;
-  user_name!: string;
-  business_unit_user?: BusinessUnitUser[];
-}
-
-class BusinessUnitUser {
-  business_user_id!: string;
-  business_unit!: string;
-  permissions?: Permissions[];
-}
-
-class Permissions {
-  permission_id!: number;
-  permission_name!: string;
-}
-
-export default UserState;

package/src/launch-darkly/index.ts

@@ -1,17 +0,0 @@
-import LaunchDarklyConfig from '../interfaces/launch-darkly-config';
-
-export class LaunchDarkly {
-  public enableFor(enabled: boolean, stream: boolean, clientId: string | null): LaunchDarklyConfig {
-    const launchDarklyConfig: LaunchDarklyConfig = {
-      enabled: enabled,
-      clientId: null,
-      stream: stream,
-    };
-
-    if (launchDarklyConfig.enabled && clientId) {
-      launchDarklyConfig.clientId = clientId;
-    }
-
-    return launchDarklyConfig;
-  }
-}

package/src/properties-volume/index.ts

@@ -1,12 +0,0 @@
-import * as propertiesVolume from '@hmcts/properties-volume';
-import { IConfig } from 'config';
-import { Application } from 'express';
-
-export class PropertiesVolume {
-  enableFor(server: Application, config: IConfig): IConfig {
-    if (server.locals['ENV'] !== 'development') {
-      propertiesVolume.addTo(config);
-    }
-    return config;
-  }
-}

package/src/proxy/opal-api-proxy/index.ts

@@ -1,19 +0,0 @@
-import { createProxyMiddleware } from 'http-proxy-middleware';
-
-const opalApiProxy = (opalApiTarget: string) => {
-  return createProxyMiddleware({
-    target: opalApiTarget,
-    changeOrigin: true,
-    logger: console,
-    on: {
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      proxyReq: (proxyReq, req: any) => {
-        if (req.session.securityToken?.access_token) {
-          proxyReq.setHeader('Authorization', `Bearer ${req.session.securityToken.access_token}`);
-        }
-      },
-    },
-  });
-};
-
-export default opalApiProxy;

package/src/routes/index.ts

@@ -1,91 +0,0 @@
-import { Application } from 'express';
-import bodyParser from 'body-parser';
-import type { NextFunction, Request, Response } from 'express';
-import { ssoAuthenticated, ssoLoginCallback, ssoLogin, ssoLogout, ssoLogoutCallback } from '../sso';
-import {
-  ssoLoginStub,
-  ssoLoginCallbackStub,
-  ssoAuthenticatedStub,
-  ssoLogoutStub,
-  ssoLogoutCallbackStub,
-} from '../stubs/sso';
-import sessionExpiry from '@hmcts/opal-frontend-common-node/session/session-expiry';
-import sessionUserState from '@hmcts/opal-frontend-common-node/session/session-user-state';
-import ExpiryConfiguration from '@hmcts/opal-frontend-common-node/interfaces/session-expiry-config';
-import RoutesConfiguration from '@hmcts/opal-frontend-common-node/interfaces/routes-config';
-import SsoConfiguration from '@hmcts/opal-frontend-common-node/interfaces/sso-config';
-import SessionConfiguration from '@hmcts/opal-frontend-common-node/interfaces/session-config';
-
-export class Routes {
-  public enableFor(
-    app: Application,
-    ssoEnabled: boolean,
-    expiryConfiguration: ExpiryConfiguration,
-    routesConfiguration: RoutesConfiguration,
-    sessionConfiguration: SessionConfiguration,
-    ssoConfiguration: SsoConfiguration,
-  ): void {
-    // Declare use of body-parser AFTER the use of proxy https://github.com/villadora/express-http-proxy
-    app.use(bodyParser.json());
-    app.use(bodyParser.urlencoded({ extended: false }));
-
-    this.setupSSORoutes(
-      app,
-      ssoEnabled,
-      routesConfiguration.opalApiTarget,
-      routesConfiguration.frontendHostname,
-      routesConfiguration.prefix,
-      ssoConfiguration,
-    );
-
-    app.get(sessionConfiguration.userStateUrl, (req: Request, res: Response) => sessionUserState(req, res));
-    app.get(sessionConfiguration.sessionExpiryUrl, (req: Request, res: Response) =>
-      sessionExpiry(
-        req,
-        res,
-        expiryConfiguration.testMode,
-        expiryConfiguration.expiryTimeInMilliseconds,
-        expiryConfiguration.warningThresholdInMilliseconds,
-      ),
-    );
-  }
-
-  private setupSSORoutes(
-    app: Application,
-    ssoEnabled: boolean,
-    opalApiUrl: string,
-    frontendHostname: string,
-    prefix: string,
-    ssoConfiguration: SsoConfiguration,
-  ): void {
-    const login = ssoEnabled ? ssoLogin : ssoLoginStub;
-    const loginCallback = ssoEnabled ? ssoLoginCallback : ssoLoginCallbackStub;
-    const logout = ssoEnabled ? ssoLogout : ssoLogoutStub;
-    const logoutCallback = ssoEnabled ? ssoLogoutCallback : ssoLogoutCallbackStub;
-    const authenticated = ssoEnabled ? ssoAuthenticated : ssoAuthenticatedStub;
-
-    const loginCallbackType = ssoEnabled ? 'post' : 'get';
-
-    app.get(ssoConfiguration.login, (req: Request, res: Response, next: NextFunction) =>
-      login(req, res, next, opalApiUrl, frontendHostname),
-    );
-
-    const routePath = ssoConfiguration.loginCallback;
-    const callbackHandler = (req: Request, res: Response, next: NextFunction) =>
-      loginCallback(req, res, next, opalApiUrl);
-
-    if (loginCallbackType === 'post') {
-      app.post(routePath, callbackHandler);
-    } else {
-      app.get(routePath, callbackHandler);
-    }
-
-    app.get(ssoConfiguration.logout, (req: Request, res: Response, next: NextFunction) =>
-      logout(req, res, next, opalApiUrl, frontendHostname),
-    );
-    app.get(ssoConfiguration.logoutCallback, (req: Request, res: Response, next: NextFunction) =>
-      logoutCallback(req, res, next, prefix),
-    );
-    app.get(ssoConfiguration.authenticated, (req: Request, res: Response) => authenticated(req, res));
-  }
-}

package/src/session/session-expiry/index.ts

@@ -1,31 +0,0 @@
-import { Request, Response } from 'express';
-import { DateTime } from 'luxon';
-import { Jwt } from '../../utils';
-
-const sessionExpiry = (
-  req: Request,
-  res: Response,
-  testMode: boolean,
-  expiryTimeInMilliseconds: number,
-  warningThresholdInMilliseconds: number,
-) => {
-  const accessToken = req.session.securityToken?.access_token;
-  if (accessToken) {
-    const payload = Jwt.parseJwt(accessToken);
-    const jwtExpiry = testMode
-      ? DateTime.now().plus({ milliseconds: expiryTimeInMilliseconds }).toISO()
-      : DateTime.fromMillis(payload.exp * 1000).toISO();
-
-    res.status(200).send({
-      expiry: jwtExpiry,
-      warningThresholdInMilliseconds: warningThresholdInMilliseconds,
-    });
-  } else {
-    res.status(200).send({
-      expiry: null,
-      warningThresholdInMilliseconds: null,
-    });
-  }
-};
-
-export default sessionExpiry;

package/src/session/session-storage/index.ts

@@ -1,68 +0,0 @@
-import { Logger } from '@hmcts/nodejs-logging';
-import SessionStorageConfiguration from '@hmcts/opal-frontend-common-node/interfaces/session-storage-config';
-import { RedisStore } from 'connect-redis';
-import cookieParser from 'cookie-parser';
-import { Application } from 'express';
-import session from 'express-session';
-import { createClient } from 'redis';
-import FileStoreFactory from 'session-file-store';
-
-const FileStore = FileStoreFactory(session);
-const logger = Logger.getLogger('session-storage');
-
-export default class SessionStorage {
-  public enableFor(app: Application, sessionStorage: SessionStorageConfiguration): void {
-    app.use(cookieParser(sessionStorage.secret));
-    app.set('trust proxy', 1);
-
-    app.use(
-      session({
-        name: sessionStorage.prefix,
-        resave: false,
-        saveUninitialized: false,
-        secret: sessionStorage.secret,
-        cookie: {
-          httpOnly: true,
-          maxAge: sessionStorage.maxAge,
-          sameSite: sessionStorage.sameSite,
-          secure: sessionStorage.secure,
-          domain: sessionStorage.domain,
-        },
-        rolling: true,
-        store: this.getStore(app, sessionStorage.redisEnabled, sessionStorage.redisConnectionString),
-      }),
-    );
-  }
-
-  private getStore(app: Application, enabled: boolean, connectionString: string | null) {
-    if (enabled && connectionString) {
-      logger.info('Using Redis session store', connectionString);
-      const client = createClient({
-        url: connectionString,
-        socket: {
-          reconnectStrategy: function (retries) {
-            if (retries > 20) {
-              logger.log('Too many attempts to reconnect. Redis connection was terminated');
-              return new Error('Too many retries.');
-            } else {
-              return retries * 500;
-            }
-          },
-        },
-      });
-
-      client.on('error', (err) => {
-        logger.error('Redis Client Error', err);
-      });
-
-      client.connect().catch(() => {
-        process.exit();
-      });
-
-      app.locals['redisClient'] = client;
-      return new RedisStore({ client });
-    }
-
-    return new FileStore({ path: '/tmp' });
-  }
-}

package/src/session/session-user-state/index.ts

@@ -1,24 +0,0 @@
-import { Request, Response } from 'express';
-import { UserState } from '../../interfaces';
-import { Jwt } from '../../utils';
-
-const sessionUserState = (req: Request, res: Response) => {
-  const userState: UserState | undefined = req.session.securityToken?.user_state;
-  const accessToken = req.session.securityToken?.access_token;
-  const name = accessToken && userState ? Jwt.parseJwt(accessToken).name : '';
-
-  // Don't allow caching of this endpoint
-  res.set({
-    'Cache-Control': 'no-store, no-cache, must-revalidate, max-age=0',
-    Pragma: 'no-cache',
-    Expires: '0',
-  });
-
-  if (!userState) {
-    res.send({});
-  } else {
-    res.send({ ...userState, name });
-  }
-};
-
-export default sessionUserState;

package/src/sso/sso-authenticated.ts

@@ -1,15 +0,0 @@
-import { Request, Response } from 'express';
-import { Jwt } from '../utils';
-
-export default (req: Request, res: Response) => {
-  const isJwtExpired = Jwt.isJwtExpired(req.session.securityToken?.access_token);
-  const userId = req.session.securityToken?.user_state?.user_id;
-  // Don't allow caching of this endpoint
-  res.header('Cache-Control', 'no-store, must-revalidate');
-
-  if (isJwtExpired || !userId) {
-    res.status(401).send(false);
-  } else {
-    res.status(200).send(true);
-  }
-};

package/src/sso/sso-login-callback.ts

@@ -1,30 +0,0 @@
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-import axios from 'axios';
-
-export default async (req: Request, res: Response, next: NextFunction, opalApiUrl: string) => {
-  const INTERNAL_USER_CALLBACK = `${opalApiUrl}/internal-user/handle-oauth-code`;
-  const logger = Logger.getLogger('login-callback');
-
-  try {
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const result = await axios.post<any>(INTERNAL_USER_CALLBACK, req.body, {
-      headers: { 'content-type': 'application/x-www-form-urlencoded' },
-    });
-
-    const securityToken = result.data;
-    req.session.securityToken = securityToken;
-
-    req.session.save((err) => {
-      if (err) {
-        logger.error('Error saving session', err);
-        return next(err);
-      }
-
-      res.redirect('/');
-    });
-  } catch (error) {
-    logger.error('Error on login-callback', error);
-    return next(error);
-  }
-};

package/src/sso/sso-login.ts

@@ -1,31 +0,0 @@
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-import axios from 'axios';
-
-export default async (
-  req: Request,
-  res: Response,
-  next: NextFunction,
-  opalApiUrl: string,
-  frontendHostname: string,
-) => {
-  const INTERNAL_USER_LOGIN = `${opalApiUrl}/internal-user/login-or-refresh`;
-  const logger = Logger.getLogger('login');
-  const url = `${INTERNAL_USER_LOGIN}?redirect_uri=${frontendHostname}/sso/login-callback`;
-
-  try {
-    const response = await axios.get(url);
-    const redirectUrl = response.request.res.responseUrl;
-
-    if (redirectUrl) {
-      res.redirect(redirectUrl);
-    } else {
-      const error = new Error('Error trying to fetch login page');
-      logger.error('Error on login', error);
-      return next(error);
-    }
-  } catch (error) {
-    logger.error('Error on login', error);
-    return next(error);
-  }
-};

package/src/sso/sso-logout-callback.ts

@@ -1,17 +0,0 @@
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-
-const logger = Logger.getLogger('logout');
-
-export default (req: Request, res: Response, next: NextFunction, prefix: string) => {
-  req.session.destroy((err) => {
-    if (err) {
-      logger.error('Error destroying session', err);
-      return next(err);
-    }
-
-    res.clearCookie(prefix);
-
-    res.redirect('/');
-  });
-};

package/src/sso/sso-logout.ts

@@ -1,41 +0,0 @@
-import axios from 'axios';
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-
-export default async (
-  req: Request,
-  res: Response,
-  next: NextFunction,
-  opalApiUrl: string,
-  frontendHostname: string,
-) => {
-  const INTERNAL_USER_LOGOUT = `${opalApiUrl}/internal-user/logout`;
-  const logger = Logger.getLogger('login');
-  const url = `${INTERNAL_USER_LOGOUT}?redirect_uri=${frontendHostname}/sso/logout-callback`;
-
-  try {
-    let accessToken;
-
-    if (req.session.securityToken) {
-      accessToken = req.session.securityToken.access_token;
-    }
-
-    if (!accessToken) {
-      return next(new Error('No access token found in session'));
-    }
-
-    const response = await axios.get(url, {
-      headers: { Authorization: `Bearer ${accessToken}` },
-    });
-
-    const logoutRedirect = response.request.res.responseUrl;
-    if (logoutRedirect) {
-      res.redirect(logoutRedirect);
-    } else {
-      next(new Error('Error trying to fetch logout page'));
-    }
-  } catch (error) {
-    logger.error('Error logging out', error);
-    return next(error);
-  }
-};

package/src/stubs/sso/sso-authenticated.stub.ts

@@ -1,16 +0,0 @@
-import { Request, Response } from 'express';
-import { Jwt } from '../../utils';
-
-export default (req: Request, res: Response) => {
-  const isJwtExpired = Jwt.isJwtExpired(req.session.securityToken?.access_token);
-  const userId = req.session.securityToken?.user_state?.user_id;
-
-  // Don't allow caching of this endpoint
-  res.header('Cache-Control', 'no-store, must-revalidate');
-
-  if (isJwtExpired || !userId) {
-    res.status(401).send(false);
-  } else {
-    res.status(200).send(true);
-  }
-};

package/src/stubs/sso/sso-login-callback.stub.ts

@@ -1,29 +0,0 @@
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-import axios from 'axios';
-
-export default async (req: Request, res: Response, next: NextFunction, opalApiUrl: string) => {
-  const INTERNAL_JWT = `${opalApiUrl}/testing-support/token/user`;
-  const logger = Logger.getLogger('login-callback-stub');
-
-  try {
-    const email = req.query['email'] as string;
-    const result = await axios.get(INTERNAL_JWT, {
-      headers: { 'X-User-Email': email },
-    });
-
-    req.session.securityToken = result.data;
-
-    req.session.save((err) => {
-      if (err) {
-        logger.error('Error saving session', err);
-        return next(err);
-      }
-      logger.info('Session saved');
-      res.redirect('/');
-    });
-  } catch (error) {
-    logger.error('Error on login-stub callback', error);
-    return next(error);
-  }
-};

package/src/stubs/sso/sso-login.stub.ts

@@ -1,16 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-
-const logger = Logger.getLogger('login-stub');
-
-export default async (req: Request, res: Response, next: NextFunction) => {
-  const email = req.query['email'] as string;
-
-  if (email !== 'null') {
-    res.redirect(`/sso/login-callback?email=${email}`);
-  } else {
-    const error = new Error('No email provided.');
-    logger.error('Error on login-stub', error);
-    return next(error);
-  }
-};

package/src/stubs/sso/sso-logout-callback.stub.ts

@@ -1,16 +0,0 @@
-import { NextFunction, Request, Response } from 'express';
-import { Logger } from '@hmcts/nodejs-logging';
-
-export default (req: Request, res: Response, next: NextFunction, prefix: string) => {
-  const logger = Logger.getLogger('logout-callback-stub');
-
-  req.session.destroy((err) => {
-    if (err) {
-      logger.error(`Error destroying session: ${err}`);
-      return next(err);
-    }
-
-    res.clearCookie(prefix);
-    res.redirect('/');
-  });
-};

package/src/stubs/sso/sso-logout.stub.ts

@@ -1,6 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-export default async (req: Request, res: Response, next: NextFunction) => {
-  res.redirect('/sso/logout-callback');
-};