npm - @mojaloop/connection-manager-api - Versions diffs - 3.4.0-snapshot.1 → 3.5.0 - Mend

@mojaloop/connection-manager-api 3.4.0-snapshot.1 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,61 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+## [3.5.0](https://github.com/mojaloop/connection-manager-api/compare/v3.4.0...v3.5.0) (2026-01-15)
+### Features
+* add Traefik and domain-based routing ([f2ccf27](https://github.com/mojaloop/connection-manager-api/commit/f2ccf27e459984c6b76ab2f998457af3f3cad550))
+* add traefik for docker compose domain-based routing ([40c0f16](https://github.com/mojaloop/connection-manager-api/commit/40c0f1670c2b825dcef194e0161b18e418779d73))
+* unify domain routing in docker-compose, and persist Vault ([8a95263](https://github.com/mojaloop/connection-manager-api/commit/8a95263ae0e04bd7dc5673f97baca46cb32fadb4))
+### Bug Fixes
+*  deps ([121a7a5](https://github.com/mojaloop/connection-manager-api/commit/121a7a5bb59c3e7e4ff642cd6d90d5bfc31a4316))
+* add jest timeout ([6f59977](https://github.com/mojaloop/connection-manager-api/commit/6f5997717cc76d549eacf24184bb4273520766ef))
+* add more test cases, clean up test logging and suppress DB warnings ([e65f0a7](https://github.com/mojaloop/connection-manager-api/commit/e65f0a7410ed68aac076ef74c48da337dac23cd3))
+* add nvm ([e307275](https://github.com/mojaloop/connection-manager-api/commit/e307275a900c4b345b4f29ac4791c8127b3b60d2))
+* bump deps ([1fcc5cf](https://github.com/mojaloop/connection-manager-api/commit/1fcc5cfbda9af7006ebbcb95e4ec98effdcf7dae))
+* bump deps ([13ce461](https://github.com/mojaloop/connection-manager-api/commit/13ce4616cc24d52f7f9543938fb052adc508f03c))
+* config ([e9e6cee](https://github.com/mojaloop/connection-manager-api/commit/e9e6ceea61d06c3e33fb7cca5c993ada55dd3795))
+* deps ([2793011](https://github.com/mojaloop/connection-manager-api/commit/2793011fac3ee55f277d37345b94bb47a3dc9629))
+* deps ([4b580fd](https://github.com/mojaloop/connection-manager-api/commit/4b580fd33bbbaad66bf53533cf258ee0be699b58))
+* deps ([8cb320b](https://github.com/mojaloop/connection-manager-api/commit/8cb320b2d0cc6d936ca20a1a5b9396a218c1c9a8))
+* deps ([ec5680a](https://github.com/mojaloop/connection-manager-api/commit/ec5680a30e3ec182eeb6f222f1dcf5115692728e))
+* deps ([c29290a](https://github.com/mojaloop/connection-manager-api/commit/c29290a5904487ee304f8d60d13a22b6221541be))
+* dfspId assignment in tests ([d3f10ed](https://github.com/mojaloop/connection-manager-api/commit/d3f10edd05ead7a54c3450fa8d12ddc3e0483bf6))
+* disable auth ([fa68fae](https://github.com/mojaloop/connection-manager-api/commit/fa68fae8ff3afb199ed927d3b6fadea33c3f00d1))
+* docker compose deps ([5bc4aa1](https://github.com/mojaloop/connection-manager-api/commit/5bc4aa131ae3da2f7ff3683cae900f0b5972b567))
+* endpoint ([68962eb](https://github.com/mojaloop/connection-manager-api/commit/68962eb82655fcab695443b233c10996b41aef81))
+* links ([6b86057](https://github.com/mojaloop/connection-manager-api/commit/6b86057cf8edf0c868c38f5a35fa3b3147d90999))
+* resolve Keycloak pagination issues and standardize test configuration ([c0f5e37](https://github.com/mojaloop/connection-manager-api/commit/c0f5e37654a9d9df527827447e2b3c178d7cd291))
+* urls ([1fa67c6](https://github.com/mojaloop/connection-manager-api/commit/1fa67c65f394457e88b5a9a6be18ae3b697e0332))
+* vulnr ([6c7ea34](https://github.com/mojaloop/connection-manager-api/commit/6c7ea34e87c455b38826ea09387b328acd93bfe3))
+* vulnr ([bd76d49](https://github.com/mojaloop/connection-manager-api/commit/bd76d49756650752ef2e300410ce86fd1209487d))
+### Documentation
+* update configs and documentation to use domain-based routing (*.mcm.localhost) ([da06d77](https://github.com/mojaloop/connection-manager-api/commit/da06d77d553a86732141f0dc0a738103bbfd7bda))
+### Chore
+* bump deps ([4d6bf25](https://github.com/mojaloop/connection-manager-api/commit/4d6bf25a341be11e515a979d5b53217ecdbc5eb2))
+* bump deps ([5eb2ede](https://github.com/mojaloop/connection-manager-api/commit/5eb2ede9076f35e4c74739c2e1f75fd462b9d6d3))
+* cleanup ([68302f5](https://github.com/mojaloop/connection-manager-api/commit/68302f59c761771ad6fc5614579db90090650240))
+* fix lock file ([57c914d](https://github.com/mojaloop/connection-manager-api/commit/57c914dc241d975d6d60553790ce76a3e69332b6))
+* reorder imports ([f9c7865](https://github.com/mojaloop/connection-manager-api/commit/f9c7865bfbb9e707a37f81708da59427c5a4081e))
+## [3.4.0](https://github.com/mojaloop/connection-manager-api/compare/v3.3.2...v3.4.0) (2025-12-12)
+### Features
+* **csi-1941:** add dfsp gauge for alerting functionality ([#175](https://github.com/mojaloop/connection-manager-api/issues/175)) ([de1767e](https://github.com/mojaloop/connection-manager-api/commit/de1767ed62a3c29064ff4df935cc22c05d117121))
 ### [3.3.2](https://github.com/mojaloop/connection-manager-api/compare/v3.3.1...v3.3.2) (2025-12-02)

package/README.md CHANGED Viewed

@@ -29,7 +29,7 @@ The system uses OpenID Connect authentication, which is a provider-agnostic appr
 |OPENID_DISCOVERY_URL|OpenID Connect discovery URL|
 |OPENID_CLIENT_ID|Client ID for OpenID authentication|
 |OPENID_CLIENT_SECRET|Client secret for OpenID authentication|
-|OPENID_REDIRECT_URI|Redirect URI for OpenID authentication|http://localhost:3001/api/auth/callback
+|OPENID_REDIRECT_URI|Redirect URI for OpenID authentication|http://mcm.localhost/api/auth/callback
 |OPENID_JWT_COOKIE_NAME|Cookie name for storing the JWT token|MCM-API_ACCESS_TOKEN
 |OPENID_EVERYONE_ROLE|Role assigned to all authenticated users|everyone
 |OPENID_MTA_ROLE|DFSP Admin role mapping for OpenID|mta
@@ -49,102 +49,142 @@ P12_PASS_PHRASE="choose your own password" npm start
 The default config requires a `mysql` db running on the default port.
-Once running, you can access the [Swagger UI interface](http://localhost:3001/docs)
+Once running, you can access the [Swagger UI interface](http://mcm.localhost/api/docs)
 ## Running the server + db + web UI locally while developing
-The API server requires a mysql db. There's also a Web UI [https://github.com/modusbox/connection-manager-ui](https://github.com/modusbox/connection-manager-ui).
 To run them together, you can use the following setup:
-- Clone this repo and the Web UI repo at the same level
-- Use the `docker-compose` config in this repo to run a mysql DB, the WebUI and the API server
+- Clone this repo
+- Use the `docker-compose` config in this repo to run a mysql DB, Vault, Keycloak, the WebUI and the API server
 ```bash
-mkdir modusbox
-cd modusbox
-git clone https://github.com/modusbox/connection-manager-ui
+mkdir mojaloop
+cd mojaloop
 git clone https://github.com/modusbox/connection-manager-api
-cd connection-manager-api/docker
-docker-compose build
-docker-compose up
+cd connection-manager-api
+docker compose --profile functional --profile dev up -d --wait
 ```
-Once the docker containers are confirmed to be stable and up, you will need to create the initial HUB environment. From a new terminal
- session, execute the following;
+### Accessing Services
- ```bash
-curl -X POST "http://localhost:3001/api/environments" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"name\": \"DEV\", \"defaultDN\": { \"CN\": \"tes1.centralhub.modusbox.live\", \"O\": \"Modusbox\", \"OU\": \"MCM\" }}"
- ```
+The stack includes Traefik for local DNS routing. All services are accessible via `*.mcm.localhost` domains:
-The UI 'localhost' can now be opened in your local browser.
+| Service | URL | Description |
+|---------|-----|-------------|
+| MCM UI | http://mcm.localhost | Web UI |
+| MCM API | http://mcm.localhost/api | API Server |
+| Vault UI | http://vault.mcm.localhost | Vault UI |
+| Keycloak | http://keycloak.mcm.localhost | Keycloak Admin Console |
+| Mailpit | http://mailpit.mcm.localhost | Email Testing UI |
+| Traefik Dashboard | http://localhost:8090 | Traefik Dashboard |
-If you want to start the app with auth enabled:
+### Customizing Configuration
-1) create a local copy of `docker-compose-auth.yml` as in:
+You can customize the domain and ports by creating a `.env` file:
-`cp docker-compose-auth.yml docker-compose-auth.local.yml`
+```bash
+# .env
+COMPOSE_DOMAIN=myapp.localhost
+TRAEFIK_HTTP_PORT=8080
+DATABASE_PORT=3307
+```
-( `docker-compose-auth.local.yml` is git-ignored )
+This will change all services to use `*.myapp.localhost`, expose Traefik on port 8080, and MySQL on port 3307.
-1) Edit `docker-compose-auth.local.yml` and enter the security details.
+**Note**: If port 80 is already in use, set `TRAEFIK_HTTP_PORT` to an available port (e.g., 8080). Access services at `http://ui.myapp.localhost:8080`.
-1) Run the bundle with:
+### Running Multiple Instances
-`docker-compose build && docker-compose -f docker-compose.yml -f docker-compose-auth.local.yml up`
+To run multiple instances simultaneously:
-## Configuration
+```bash
+# Instance 1 (default ports)
+COMPOSE_PROJECT_NAME=mcm1 COMPOSE_DOMAIN=mcm1.localhost docker compose up -d
+# Instance 2 (different MySQL port)
+COMPOSE_PROJECT_NAME=mcm2 COMPOSE_DOMAIN=mcm2.localhost DATABASE_PORT=3307 docker compose up -d
+```
-There's a [Constants.js file](./src/constants/Constants.js) that pulls the values from the environment or uses defaults if not defined.
+Access via:
+- Instance 1: `http://api.mcm1.localhost`, MySQL at `localhost:3306`
+- Instance 2: `http://api.mcm2.localhost`, MySQL at `localhost:3307`
-Variables:
+See [.env-example](./.env-example) for all available configuration options.
+## Configuration
 |Environment variable|Description|Default Value
 :---|:---|:---
 | **MCM API server configuration**
-|PORT|mcm API HTTP port|3001
+|PORT|MCM API HTTP port|3001
+|CLIENT_URL|MCM UI URL|http://mcm.localhost
+|SWITCH_ID|Switch identifier (required)|
+|SWITCH_FQDN|Switch FQDN|switch.example.com
+| **Docker Compose configuration**
+|COMPOSE_DOMAIN|Domain for Traefik routing (docker-compose only)|mcm.localhost
 | **Authentication features**
-|OPENID_ENABLED|Enables support for OAuth2. 'TRUE' to enable| (disabled)
-|OPENID_ENABLE_2FA|Enables two-factor authentication 'TRUE' to enable| (disabled)
+|OPENID_ENABLED|Enable OpenID Connect authentication|false
+|OPENID_ENABLE_2FA|Enable two-factor authentication|false
+|OPENID_ALLOW_INSECURE|Allow insecure HTTPS for development|false
+|OPENID_DISCOVERY_URL|OpenID Connect discovery URL|
+|OPENID_CLIENT_ID|Client ID for OpenID authentication|
+|OPENID_CLIENT_SECRET|Client secret for OpenID authentication|
+|LOGIN_CALLBACK|OAuth callback URL|http://mcm.localhost/api/auth/callback
+|OPENID_AUDIENCE|JWT audience claim|connection-manager-api
+|OPENID_JWT_COOKIE_NAME|Cookie name for JWT token|MCM-API_ACCESS_TOKEN
+| **OpenID Connect groups/roles**
+|OPENID_APPLICATION_GROUP|Application group name|Application
+|OPENID_EVERYONE_GROUP|Authenticated users group|everyone
+|OPENID_MTA_GROUP|DFSP Admin group|MTA
+|OPENID_PTA_GROUP|HUB Admin group|PTA
+|OPENID_DFSP_GROUP|DFSP group|DFSP
 | **Session configuration**
-|SESSION_STORE_SECRET|Secret for encrypting session data|
-|SESSION_MAX_AGE|Session timeout in milliseconds|86400000 (24 hours)
-|SESSION_SAME_SITE|SameSite cookie setting|'strict'
-|SESSION_SECURE|Whether session cookies require HTTPS|true in production
-| **OAuth2 roles**
-|MTA_ROLE|DFSP Admin role|'Application/MTA'
-|PTA_ROLE|HUB Admin Role|'Application/PTA'
-|EVERYONE_ROLE|Authenticated users role|'Internal/everyone'
+|SESSION_STORE_SECRET|Secret for encrypting session data|connection_manager_session_secret
+|SESSION_COOKIE_SAME_SITE_STRICT|Use strict SameSite cookie setting|true
 | **Database configuration**
-|DATABASE_HOST|mysql host|localhost
-|DATABASE_PORT|mysql port|3306
-|DATABASE_USER|mysql user|mcm
-|DATABASE_PASSWORD|mysql password|mcm
-|DATABASE_SCHEMA|mysql schema|mcm
+|DATABASE_HOST|MySQL host|localhost
+|DATABASE_PORT|MySQL port (also used for docker-compose host mapping)|3306
+|DATABASE_USER|MySQL user|mcm
+|DATABASE_PASSWORD|MySQL password|mcm
+|DATABASE_SCHEMA|MySQL schema|mcm
 |DATABASE_SSL_ENABLED|Enable SSL for MySQL connection|false
 |DATABASE_SSL_VERIFY|Verify server certificate when using SSL|false
 |DATABASE_SSL_CA|CA certificate string for MySQL SSL|''
-|DB_RETRIES|Times the initial connection to the DB will be retried|10,
-|DB_CONNECTION_RETRY_WAIT_MILLISECONDS|Pause between retries|5000,
-|RUN_MIGRATIONS|If true, run db schema migration at startup. Can always be true as the schema creation is idempotent|true,
-|CURRENCY_CODES|Path to file containing all the supported currency codes|'./data/currencyCodes.json',
-|DATA_CONFIGURATION_FILE|Initial data configuration path. See specific doc|'./data/sampleConfiguration.json'
-| **MCM Internal Certificate Authority configuration**
-|P12_PASS_PHRASE|Pass phrase used to save the internal CA Key in the DB.|
-| **Support for self-signed certificates on OAuth Server and other TLS client connections**
-|EXTRA_CERTIFICATE_CHAIN_FILE_NAME|Extra trusted server certificate chain file name ( PEM-encoded, as explained in https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options )|
+|DB_RETRIES|Times the initial connection to the DB will be retried|10
+|DB_CONNECTION_RETRY_WAIT_MILLISECONDS|Pause between retries|1000
+|DB_POOL_SIZE_MAX|Maximum database connection pool size|10
+| **Vault PKI configuration**
+|VAULT_ENDPOINT|Vault server endpoint|http://127.0.0.1:8233
+|VAULT_AUTH_METHOD|Vault auth method (K8S or APP_ROLE)|APP_ROLE (required)
+|VAULT_ROLE_ID_FILE|Path to Vault role ID file|docker/vault/tmp/role-id
+|VAULT_ROLE_SECRET_ID_FILE|Path to Vault secret ID file|docker/vault/tmp/secret-id
+|VAULT_PKI_SERVER_ROLE|Vault PKI role for server certs|(required)
+|VAULT_PKI_CLIENT_ROLE|Vault PKI role for client certs|(required)
+|VAULT_SIGN_EXPIRY_HOURS|Certificate signing expiry in hours|43800
+|PRIVATE_KEY_LENGTH|RSA key length for certificates|4096
+|PRIVATE_KEY_ALGORITHM|Key algorithm|rsa
+|INTERNAL_CA_TTL|Internal CA certificate TTL|8760h
+|VAULT_MOUNT_PKI|Vault PKI mount path|pki
+|VAULT_MOUNT_INTERMEDIATE_PKI|Vault intermediate PKI mount path|pki_int
+|VAULT_MOUNT_KV|Vault KV mount path|secrets
+| **Certificate CSR parameters**
+|CLIENT_CSR_PARAMETERS|Path to client CSR parameters JSON file|
+|SERVER_CSR_PARAMETERS|Path to server CSR parameters JSON file|
+|CA_CSR_PARAMETERS|Path to CA CSR parameters JSON file|
+| **Support for self-signed certificates**
+|EXTRA_CERTIFICATE_CHAIN_FILE_NAME|Extra trusted server certificate chain file name|
 |EXTRA_ROOT_CERT_FILE_NAME|Extra trusted server root certificate file name|
-| **CFSSL**
-|CFSSL_VERSION|Expected CFSSL version to use. Should be updated to keep in sync with the cfssl development|1.3.4
-|CFSSL_COMMAND_PATH|cfssl command; it should be just cfssl if it's in the PATH or the full path|cfssl
 | **Keycloak Integration**
 |KEYCLOAK_ENABLED|Enable Keycloak integration for DFSP account creation|false
-|KEYCLOAK_BASE_URL|Base URL of the Keycloak server|http://localhost:8080
-|KEYCLOAK_DISCOVERY_URL|OpenID Connect discovery URL for Keycloak|http://localhost:8080/realms/dfsps/.well-known/openid-configuration
+|KEYCLOAK_BASE_URL|Base URL of the Keycloak server|http://keycloak.mcm.localhost
+|KEYCLOAK_DISCOVERY_URL|OpenID Connect discovery URL for Keycloak|http://keycloak.mcm.localhost/realms/dfsps/.well-known/openid-configuration
 |KEYCLOAK_ADMIN_CLIENT_ID|Client ID for Keycloak admin operations|connection-manager-client
 |KEYCLOAK_ADMIN_CLIENT_SECRET|Client secret for Keycloak admin operations|
 |KEYCLOAK_DFSPS_REALM|Keycloak realm for DFSP accounts|dfsps
-|KEYCLOAK_AUTO_CREATE_ACCOUNTS|Automatically create Keycloak accounts when DFSPs are created|**false** (disabled by default)
+|KEYCLOAK_AUTO_CREATE_ACCOUNTS|Automatically create Keycloak accounts when DFSPs are created|false
+| **Other features**
+|DFSP_WATCHER_ENABLED|Enable DFSP watcher service|false
 ## Testing

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/connection-manager-api",
-  "version": "3.4.0-snapshot.1",
+  "version": "3.5.0",
   "description": "Mojaloop Connection Manager API",
   "license": "Apache-2.0",
   "author": "ModusBox",
@@ -64,7 +64,7 @@
     "sanitize-html": "2.12.1",
     "oas3-tools": {
       "body-parser": "^1.20.3",
-      "qs": "^6.14.0",
+      "qs": "^6.14.1",
       "js-yaml": "^3"
     },
     "postcss": {
@@ -92,16 +92,16 @@
   },
   "dependencies": {
     "@hapi/hapi": "21.4.4",
-    "@keycloak/keycloak-admin-client": "^26.4.7",
+    "@keycloak/keycloak-admin-client": "^26.5.1",
     "@kubernetes/client-node": "^1.4.0",
-    "@mojaloop/central-services-logger": "11.10.2",
+    "@mojaloop/central-services-logger": "11.10.3",
     "@mojaloop/central-services-metrics": "12.8.3",
-    "@mojaloop/central-services-shared": "18.34.5",
+    "@mojaloop/central-services-shared": "18.34.6",
     "@ory/keto-client": "^25.4.0",
     "async-exit-hook": "^2.0.1",
     "async-retry": "^1.3.3",
     "axios": "1.13.2",
-    "body-parser": "^2.2.1",
+    "body-parser": "^2.2.2",
     "connect": "^3.7.0",
     "convict": "6.2.4",
     "cookies": "^0.9.1",
@@ -117,22 +117,22 @@
     "jsonwebtoken": "^9.0.3",
     "knex": "^3.1.0",
     "moment": "^2.30.1",
-    "mysql2": "^3.15.3",
+    "mysql2": "^3.16.0",
     "node-forge": "^1.3.3",
     "node-vault": "^0.10.9",
     "oas3-tools": "^2.2.3",
     "openid-client": "^6.8.1",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
-    "qs": "^6.14.0",
-    "soap": "^1.6.1",
+    "qs": "^6.14.1",
+    "soap": "^1.6.3",
     "ulid": "3.0.2",
     "winston": "^3.19.0",
     "xml2js": "^0.6.2"
   },
   "devDependencies": {
-    "@commitlint/cli": "^20.2.0",
-    "@commitlint/config-conventional": "^20.2.0",
+    "@commitlint/cli": "^20.3.1",
+    "@commitlint/config-conventional": "^20.3.1",
     "@types/jest": "30.0.0",
     "audit-ci": "^7.1.0",
     "axios-mock-adapter": "2.1.0",
@@ -144,14 +144,14 @@
     "husky": "^9.1.7",
     "jest": "^30.0.2",
     "jest-extended": "^7.0.0",
-    "npm-check-updates": "^19.2.0",
+    "npm-check-updates": "^19.3.1",
     "nyc": "^17.1.0",
-    "sinon": "^21.0.0",
+    "sinon": "^21.0.1",
     "snazzy": "^9.0.0",
     "source-map-support": "^0.5.21",
     "standard-version": "^9.5.0",
     "standardx": "^7.0.0",
-    "supertest": "^7.1.4",
+    "supertest": "^7.2.2",
     "tap-xunit": "^2.4.1",
     "tmp": "^0.2.5"
   },