@mojaloop/sdk-scheme-adapter 24.9.5 → 24.9.6

package/CHANGELOG.md

@@ -1,4 +1,11 @@
 # Changelog: [mojaloop/sdk-scheme-adapter](https://github.com/mojaloop/sdk-scheme-adapter)
+### [24.9.6](https://github.com/mojaloop/sdk-scheme-adapter/compare/v24.9.5...v24.9.6) (2025-06-01)
+
+
+### Chore
+
+* fix faulty jws replacement logic  [@kleyow](https://github.com/kleyow) ([#585](https://github.com/mojaloop/sdk-scheme-adapter/issues/585)) ([efa7ce1](https://github.com/mojaloop/sdk-scheme-adapter/commit/efa7ce19f869a601f868f57ea569202110c9d7f9))
+
 ### [24.9.5](https://github.com/mojaloop/sdk-scheme-adapter/compare/v24.9.4...v24.9.5) (2025-05-30)
 
 

package/modules/api-svc/src/InboundServer/index.js

@@ -26,6 +26,7 @@
  ******/
 const Koa = require('koa');
 
+const _ = require('lodash');
 const assert = require('assert').strict;
 const https = require('https');
 const http = require('http');
@@ -87,7 +88,8 @@ class InboundApi extends EventEmitter {
     }
 
     _updatePeerJwsKeys(peerJwsKeys) {
-        if (this._conf.pm4mlEnabled) {
+        if (this._conf.pm4mlEnabled && !_.isEqual(this._jwsVerificationKeys, peerJwsKeys) &&
+            this._jwsVerificationKeys && typeof this._jwsVerificationKeys === 'object') {
             this._logger && this._logger.isVerboseEnabled && this._logger.verbose('Clearing existing JWS verification keys');
             Object.keys(this._jwsVerificationKeys).forEach(key => delete this._jwsVerificationKeys[key]);
             this._logger && this._logger.isVerboseEnabled && this._logger.verbose('Assigning new peer JWS keys');

package/modules/api-svc/src/index.js

@@ -144,10 +144,6 @@ class Server extends EventEmitter {
             || !_.isEqual(this.conf.outbound, newConf.outbound);
     }
 
-    _shouldUpdatePeerJwsKeys(newConf) {
-        return !_.isEqual(this.conf.peerJWSKeys, newConf.peerJWSKeys);
-    }
-
     async start() {
         await this.cache.connect();
         await this.wso2.auth.start();
@@ -251,10 +247,7 @@ class Server extends EventEmitter {
             restartActionsTaken.updateInboundServer = true;
         }
 
-        const updatePeerJwsKeys = this._shouldUpdatePeerJwsKeys(newConf);
-        if (updatePeerJwsKeys) {
-            this.inboundServer._api._updatePeerJwsKeys(newConf.peerJWSKeys);
-        }
+        this.inboundServer._api._updatePeerJwsKeys(newConf.peerJWSKeys);
 
         this.logger.isDebugEnabled && this.logger.push({ oldConf: this.conf.outbound, newConf: newConf.outbound }).debug('Outbound server configuration');
         const updateOutboundServer = !_.isEqual(this.conf.outbound, newConf.outbound);

package/modules/api-svc/test/unit/InboundServer.test.js

@@ -490,5 +490,59 @@ describe('Inbound Server', () => {
 
             expect(Jws.validator.__validationKeys['mock-jws'].toString()).toEqual('foo-key-updated');
         });
+
+        it('should overwrite an existing peer JWS key when _updatePeerJwsKeys is called with the same key name', async () => {
+            // Arrange
+            const serverConfig = JSON.parse(JSON.stringify(defaultConfig));
+            serverConfig.validateInboundJws = true;
+            const cache = new Cache({
+                cacheUrl: serverConfig.cacheUrl,
+                logger: logger.push({ component: 'cache' }),
+                unsubscribeTimeoutMs: serverConfig.unsubscribeTimeoutMs,
+            });
+            serverConfig.validateInboundJws = true;
+            serverConfig.pm4mlEnabled = true;
+            serverConfig.peerJWSKeys = {
+                'peer1': 'original-key'
+            };
+            const svr = new InboundServer(serverConfig, logger, cache);
+
+            // Save reference before update
+            const keysRef = svr._api._jwsVerificationKeys;
+
+            // Act: Overwrite the key
+            svr._api._updatePeerJwsKeys({ 'peer1': 'new-key' });
+
+            // Assert
+            expect(svr._api._jwsVerificationKeys['peer1']).toBe('new-key');
+            expect(svr._api._jwsVerificationKeys).toBe(keysRef); // memory reference unchanged
+        });
+
+        it('should add a new peer JWS key when _updatePeerJwsKeys is called with a new key name', async () => {
+            // Arrange
+            const serverConfig = JSON.parse(JSON.stringify(defaultConfig));
+            serverConfig.validateInboundJws = true;
+            const cache = new Cache({
+                cacheUrl: serverConfig.cacheUrl,
+                logger: logger.push({ component: 'cache' }),
+                unsubscribeTimeoutMs: serverConfig.unsubscribeTimeoutMs,
+            });
+            serverConfig.validateInboundJws = true;
+            serverConfig.pm4mlEnabled = true;
+            serverConfig.peerJWSKeys = {
+                'peer1': 'original-key'
+            };
+            const svr = new InboundServer(serverConfig, logger, cache);
+
+            // Save reference before update
+            const keysRef = svr._api._jwsVerificationKeys;
+
+            // Act: Add a new key
+            svr._api._updatePeerJwsKeys({ 'peer1': 'original-key', 'peer2': 'another-key' });
+            // Assert
+            expect(svr._api._jwsVerificationKeys['peer1']).toBe('original-key');
+            expect(svr._api._jwsVerificationKeys['peer2']).toBe('another-key');
+            expect(svr._api._jwsVerificationKeys).toBe(keysRef); // memory reference unchanged
+        });
     });
 });

package/modules/api-svc/test/unit/index.test.js

@@ -99,21 +99,6 @@ describe('Server', () => {
             expect(server.restart).toHaveBeenCalledWith(newConf);
         });
 
-        it('hot mutates peerJwsKeys reference if peerJWSKeys config is different', async () => {
-            // Test that peerJwsKeys are updated without a full restart if config changes
-            const originalPeerJwsKeys = conf.peerJWSKeys;
-            const newPeerJwsKeys = { ...originalPeerJwsKeys, newKey: 'newValue' };
-            const newConfPeerJwsKeys = { ...conf, peerJWSKeys: newPeerJwsKeys };
-
-            expect(server._shouldUpdatePeerJwsKeys(newConfPeerJwsKeys)).toBe(true);
-
-            controlServer.broadcastConfigChange(newConfPeerJwsKeys);
-            await new Promise((wait) => setTimeout(wait, 1000));
-
-            // Should call restart with new config
-            expect(server.restart).toHaveBeenCalledWith(newConfPeerJwsKeys);
-        });
-
         it('restarts inbound server if inbound or outbound is different', async () => {
             // Clone the conf and change inbound config
             const newConfInbound = JSON.parse(JSON.stringify(conf));

package/modules/outbound-command-event-handler/package.json

@@ -60,7 +60,7 @@
     "@types/convict": "6.1.6",
     "@types/express": "5.0.2",
     "@types/jest": "29.5.14",
-    "@types/node": "22.15.28",
+    "@types/node": "22.15.29",
     "@types/node-cache": "4.2.5",
     "@types/supertest": "6.0.3",
     "@types/swagger-ui-express": "4.1.8",

package/modules/outbound-domain-event-handler/package.json

@@ -57,7 +57,7 @@
         "@types/convict": "6.1.6",
         "@types/express": "5.0.2",
         "@types/jest": "29.5.14",
-        "@types/node": "22.15.28",
+        "@types/node": "22.15.29",
         "@types/node-cache": "4.2.5",
         "@types/supertest": "6.0.3",
         "@types/swagger-ui-express": "4.1.8",

package/modules/private-shared-lib/package.json

@@ -40,7 +40,7 @@
   },
   "devDependencies": {
     "@eslint/compat": "1.2.9",
-    "@types/node": "22.15.28",
+    "@types/node": "22.15.29",
     "@types/uuid": "10.0.0",
     "@typescript-eslint/eslint-plugin": "8.33.0",
     "@typescript-eslint/parser": "8.33.0",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mojaloop/sdk-scheme-adapter",
-  "version": "24.9.5",
+  "version": "24.9.6",
   "description": "mojaloop sdk-scheme-adapter",
   "license": "Apache-2.0",
   "homepage": "https://github.com/mojaloop/sdk-scheme-adapter",
@@ -82,7 +82,7 @@
   },
   "devDependencies": {
     "@types/jest": "29.5.14",
-    "@types/node": "22.15.28",
+    "@types/node": "22.15.29",
     "@types/node-cache": "4.2.5",
     "@typescript-eslint/eslint-plugin": "8.33.0",
     "@typescript-eslint/parser": "8.33.0",