@traxionpay/cbsmiddleware 0.0.1

package/docker-compose.yml

@@ -0,0 +1,14 @@
+services:
+  service:
+    build: .
+    container_name: cbs-middleware
+    env_file:
+      - ./.env
+    environment:
+      - NODE_ENV=production
+    ports:
+      - "5011:5000"
+    volumes:
+      - ./logs:/usr/src/app/logs
+      - ./certs:/usr/src/app/certs:ro
+    restart: always

package/ecosystem.config.js

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2024.
+ * Company: Traxion Tech Inc.
+ * Author: Patrick Doldolea
+ * Created: 12/18/24, 7:44 PM
+ * Modified: 12/18/24, 7:44 PM
+ * Last User: pdoldolea
+ */
+
+/*
+NOTE: clustering is disabled
+*/
+
+const os = require('os');
+
+const cpuCount = os.cpus().length;
+const instances = Math.floor(cpuCount / 2) || 1;
+const singleNodeInstance = process.env.FORCED_SINGLE_INSTANCE === 'true';
+
+module.exports = {
+  apps: [
+    {
+      name: 'CBS MiddleWare',
+      namespace: 'service',
+      script: 'dist/main.js', // Entry point of your NestJS application
+      instances: 2,
+      exec_mode: 'cluster', // cluster only on multiple instance requirements
+      watch: false, // Set to true if you want PM2 to watch for file changes (not recommended for production)
+      env: {
+        NODE_ENV: 'production', // Sets the environment variable
+        PORT: 5000
+      },
+    },
+  ],
+};

package/eslint.config.mjs

@@ -0,0 +1,34 @@
+// @ts-check
+import eslint from '@eslint/js';
+import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended';
+import globals from 'globals';
+import tseslint from 'typescript-eslint';
+
+export default tseslint.config(
+  {
+    ignores: ['eslint.config.mjs'],
+  },
+  eslint.configs.recommended,
+  ...tseslint.configs.recommendedTypeChecked,
+  eslintPluginPrettierRecommended,
+  {
+    languageOptions: {
+      globals: {
+        ...globals.node,
+        ...globals.jest,
+      },
+      sourceType: 'commonjs',
+      parserOptions: {
+        projectService: true,
+        tsconfigRootDir: import.meta.dirname,
+      },
+    },
+  },
+  {
+    rules: {
+      '@typescript-eslint/no-explicit-any': 'off',
+      '@typescript-eslint/no-floating-promises': 'warn',
+      '@typescript-eslint/no-unsafe-argument': 'warn'
+    },
+  },
+);

package/nest-cli.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/nest-cli",
+  "collection": "@nestjs/schematics",
+  "sourceRoot": "src",
+  "compilerOptions": {
+    "deleteOutDir": true
+  }
+}

package/package.json

@@ -0,0 +1,102 @@
+{
+  "name": "@traxionpay/cbsmiddleware",
+  "version": "0.0.1",
+  "description": "This is a cbs middlware for RB Banks",
+  "author": "Archer",
+  "private": false,
+  "license": "UNLICENSED",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
+    "start": "nest start",
+    "start:dev": "nest start --watch",
+    "start:debug": "nest start --debug --watch",
+    "start:prod": "node dist/main",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:cov": "jest --coverage",
+    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
+    "test:e2e": "jest --config ./test/jest-e2e.json"
+  },
+  "dependencies": {
+    "@nestjs/common": "^11.0.1",
+    "@nestjs/config": "^4.0.2",
+    "@nestjs/core": "^11.0.1",
+    "@nestjs/jwt": "^11.0.0",
+    "@nestjs/mapped-types": "*",
+    "@nestjs/passport": "^11.0.5",
+    "@nestjs/platform-express": "^11.0.1",
+    "axios": "^1.10.0",
+    "bcryptjs": "^3.0.2",
+    "class-validator": "^0.14.2",
+    "crypto-js": "^4.2.0",
+    "date-fns-tz": "^3.2.0",
+    "moment-timezone": "^0.6.0",
+    "nestjs-pino": "^4.4.0",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "pino-daily-rotate-file": "^0.0.1",
+    "pino-http": "^10.5.0",
+    "pino-pretty": "^13.0.0",
+    "reflect-metadata": "^0.2.2",
+    "rxjs": "^7.8.1",
+    "speakeasy": "^2.0.0",
+    "totp-generator": "^2.0.0",
+    "uuid": "^11.1.0"
+  },
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.2.0",
+    "@eslint/js": "^9.18.0",
+    "@nestjs/cli": "^11.0.0",
+    "@nestjs/schematics": "^11.0.0",
+    "@nestjs/testing": "^11.0.1",
+    "@swc/cli": "^0.6.0",
+    "@swc/core": "^1.10.7",
+    "@types/express": "^5.0.0",
+    "@types/jest": "^29.5.14",
+    "@types/node": "^22.10.7",
+    "@types/supertest": "^6.0.2",
+    "eslint": "^9.18.0",
+    "eslint-config-prettier": "^10.0.1",
+    "eslint-plugin-prettier": "^5.2.2",
+    "globals": "^16.0.0",
+    "jest": "^29.7.0",
+    "prettier": "^3.4.2",
+    "source-map-support": "^0.5.21",
+    "supertest": "^7.0.0",
+    "ts-jest": "^29.2.5",
+    "ts-loader": "^9.5.2",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "typescript": "^5.7.3",
+    "typescript-eslint": "^8.20.0"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js",
+      "json",
+      "ts"
+    ],
+    "rootDir": "src",
+    "testRegex": ".*\\.spec\\.ts$",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "collectCoverageFrom": [
+      "**/*.(t|j)s"
+    ],
+    "coverageDirectory": "../coverage",
+    "testEnvironment": "node"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://bitbucket.org/traxiondev/cbs-middleware-package.git"
+  },
+  "bugs": {
+    "url": "https://bitbucket.org/traxiondev/cbs-middleware-package/issues"
+  },
+  "homepage": "https://bitbucket.org/traxiondev/cbs-middleware-package#readme"
+}

package/src/app.module.ts

@@ -0,0 +1,33 @@
+import { Module } from '@nestjs/common';
+import { BankingModule } from './banking/banking.module';
+//alias module if you have authmodule in your own repo
+import { AuthModule as MiddleWareAuthModule  } from './auth/auth.module';
+import { TransformInterceptor } from './interceptors/response.interceptor';
+import { LoggerInterceptor } from './logger/logger-interceptor';
+import { APP_INTERCEPTOR } from '@nestjs/core';
+import { ConfigModule } from '@nestjs/config';
+import { authConfig, bankConfig } from './auth.config';
+
+@Module({
+    imports: [
+    ConfigModule.forRoot({
+      isGlobal: true,
+    }),
+    BankingModule.register({
+      config: bankConfig
+      //options: optional
+    }),
+    MiddleWareAuthModule.forRoot(authConfig),
+  ],
+  providers: [
+     {
+      provide: APP_INTERCEPTOR,
+      useClass: LoggerInterceptor, //optional
+    },
+    {
+      provide: APP_INTERCEPTOR,
+      useClass: TransformInterceptor, //optional if want to Transform your responses
+    },
+  ],
+})
+export class AppModule {}

package/src/auth/apikey.guard.ts

@@ -0,0 +1,42 @@
+
+import { CanActivate, ExecutionContext, HttpStatus, Injectable, Inject } from '@nestjs/common';
+import * as moment from 'moment-timezone'; 
+import { AUTH_MODULE_OPTIONS } from './constant';
+import { AuthModuleOptions } from './auth.interface';
+
+@Injectable()
+export class ApiKeyGuard implements CanActivate {
+  private readonly validApiKeys: string;
+
+      constructor(
+      @Inject(AUTH_MODULE_OPTIONS)
+      private readonly options: AuthModuleOptions,
+    ) {
+      this.validApiKeys = options.apiKey || 'Hi';
+    }
+
+  canActivate(context: ExecutionContext): any {
+
+    const request = context.switchToHttp();
+    const response = request.getResponse();
+    const apiKey = request.getRequest().headers['x-api-key'] as string | undefined;
+    const errorResponse = {
+        statusCode: HttpStatus.UNAUTHORIZED,
+        timeStamp: moment.tz('Asia/Manila').format('YYYY-MM-DD HH:mm:ss'),
+        message: 'Invalid API Key provided.',
+        error: 'Unauthorized',
+    };
+
+    if (!apiKey) {
+      response.status(HttpStatus.UNAUTHORIZED).send(errorResponse);
+    }
+    
+    if(this.validApiKeys == apiKey) {
+      return true;
+    } else {
+      // return false;
+      response.status(HttpStatus.UNAUTHORIZED).send(errorResponse);
+    }
+
+  }
+}

package/src/auth/auth.controller.ts

@@ -0,0 +1,41 @@
+import { Controller, Post,  UseGuards, Inject } from '@nestjs/common';
+import { AuthService } from './services/auth.service';
+import { ApiKeyGuard } from './apikey.guard';
+import { AUTH_MODULE_OPTIONS } from './constant';
+import { AuthModuleOptions } from './auth.interface';
+import { ResponseMessage } from '../decorators/response_message.decorator';
+@Controller('auth')
+export class AuthController {
+  private readonly secretKey: string;
+  constructor(private readonly authService: AuthService,
+   @Inject(AUTH_MODULE_OPTIONS)
+    private readonly options: AuthModuleOptions,
+
+  ) {
+    this.secretKey = options.jwtSecret || '';
+  }
+ 
+  @Post('token')
+  @UseGuards(ApiKeyGuard)
+  @ResponseMessage("Generate Token")
+  async generateToken() {
+    const payload = {
+      service: 'banking-service',
+      issuedAt: Date.now(),
+      secret_key: this.secretKey
+    };
+
+    const token = await this.authService.generateToken(payload);
+        if (token) {
+      return {
+        success: true,
+        ...token,
+      }
+    }else {
+      return {
+      success: false,
+      message: 'Error Token Generation',
+      }
+    }
+  }
+}

package/src/auth/auth.interface.ts

@@ -0,0 +1,7 @@
+export interface AuthModuleOptions {
+  jwtSecret?: string;
+  expiresIn?: string | undefined;
+  publicKey?: string;
+  privateKey?: string;
+  apiKey?: string;
+}

package/src/auth/auth.module.ts

@@ -0,0 +1,125 @@
+import { Module, DynamicModule } from '@nestjs/common';
+import { JwtModule } from '@nestjs/jwt';
+import { PassportModule } from '@nestjs/passport';
+import { AuthService } from './services/auth.service';
+import { JwtStrategy } from './jwt-strategy';
+import { JwtAuthGuard } from './jwt-guard';
+import { AUTH_MODULE_OPTIONS } from './constant';
+import { AuthModuleOptions } from './auth.interface';
+import { AuthController } from './auth.controller';
+import { AppLoggerModule } from '../logger/logger.module';
+import { EncryptionService } from './services/encryption.service';
+
+/**
+ * The `AuthModule` provides a dynamic authentication module with JWT-based authentication.
+ *
+ * It supports both symmetric (`jwtSecret`) and asymmetric (`privateKey`/`publicKey`) signing strategies,
+ * and it integrates with Passport.js and NestJS guards for secure route access.
+ *
+ * You can configure this module at runtime using the `forRoot()` static method.
+ *
+ * @export
+ * @class AuthModule
+ * @typedef {AuthModule}
+ *
+ * @example
+ * // Register the module using a symmetric secret
+ * AuthModule.forRoot({
+ *   jwtSecret: process.env.JWT_SECRET,
+ *   expiresIn: '1h',
+ *   apiKey: process.env.API_KEY,
+ * });
+ *
+ * @example
+ * // Register using asymmetric RSA keys
+ * AuthModule.forRoot({
+ *   privateKey: fs.readFileSync('private.pem', 'utf-8'),
+ *   publicKey: fs.readFileSync('public.pem', 'utf-8'),
+ *   expiresIn: '3600s',
+ * });
+ */
+@Module({})
+export class AuthModule {
+  /**
+   * Dynamically registers and configures the `AuthModule` with optional JWT and API key settings.
+   *
+   * - Supports both symmetric (`jwtSecret`) and asymmetric (`privateKey`/`publicKey`) JWT configurations.
+   * - Throws an error if neither a `jwtSecret` nor `privateKey` is provided.
+   *
+   * @static
+   * @param {Partial<AuthModuleOptions>} [options={}] - Optional configuration for JWT and API key support.
+   * @returns {DynamicModule} A fully configured NestJS dynamic module.
+   *
+   * @example
+   * import { AuthModule } from './auth/auth.module';
+   *
+   * `@`Module({
+   *   imports: [
+   *     AuthModule.forRoot({
+   *       jwtSecret: 'your-secret',
+   *       expiresIn: '3600s',
+   *       apiKey: 'my-api-key',
+   *     }),
+   *   ],
+   * })
+   * export class AppModule {}
+   */
+  static forRoot(options: Partial<AuthModuleOptions> = {}): DynamicModule {
+    const jwtSecret = options.jwtSecret;
+    const expiresIn = options.expiresIn?.toString(); // ensure it's a string
+    const publicKey = options.publicKey;
+    const privateKey = options.privateKey;
+    const apiKey = options.apiKey;
+
+    if (!jwtSecret && !privateKey) {
+      throw new Error(
+        'AuthModule Error: jwtSecret or privateKey is required via options or .env or constants',
+      );
+    }
+
+    const finalOptions: AuthModuleOptions = {
+      jwtSecret,
+      expiresIn,
+      publicKey,
+      privateKey,
+      apiKey,
+    };
+
+    return {
+      module: AuthModule,
+      imports: [
+        PassportModule, // Provides support for Passport strategies
+        AppLoggerModule, // Custom logging module
+        JwtModule.registerAsync({
+          global: true,
+          useFactory: async () => {
+            if (privateKey && publicKey) {
+              return {
+                privateKey,
+                publicKey,
+                signOptions: { algorithm: 'RS256', expiresIn },
+              };
+            } else {
+              return {
+                secret: jwtSecret,
+                signOptions: { expiresIn },
+              };
+            }
+          },
+        }),
+      ],
+      controllers: [AuthController],
+      providers: [
+        AuthService,
+        JwtStrategy,      // Strategy for validating JWTs
+        JwtAuthGuard,     // Guard to protect routes using JWTs
+        EncryptionService, // Optional encryption utility
+        {
+          provide: AUTH_MODULE_OPTIONS,
+          useValue: finalOptions,
+        },
+      ],
+      exports: [AuthService, JwtAuthGuard], // Export AuthService and Guard for use in other modules
+    };
+  }
+}

package/src/auth/constant.ts

@@ -0,0 +1 @@
+export const AUTH_MODULE_OPTIONS = 'AUTH_MODULE_OPTIONS';

package/src/auth/jwt-constant.ts

@@ -0,0 +1,31 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as process from 'process';
+import { SignOptions } from 'jsonwebtoken';
+
+const defaultCertPath = path.resolve(process.cwd(), 'certs'); // From the consumer's project root
+
+const privateKeyPath = path.join(defaultCertPath, 'private.key');
+const publicKeyPath = path.join(defaultCertPath, 'public.key');
+
+let privateKey: string | undefined;
+let publicKey: string | undefined;
+
+// Safely try to read certs from consumer's file system
+if (fs.existsSync(privateKeyPath)) {
+  privateKey = fs.readFileSync(privateKeyPath, 'utf8');
+}
+
+if (fs.existsSync(publicKeyPath)) {
+  publicKey = fs.readFileSync(publicKeyPath, 'utf8');
+}
+
+export const JWT_CONSTANTS = {
+  jwtSecret: process.env.JWT_SECRET,
+  privateKey,
+  publicKey,
+  signOptions: {
+    algorithm: privateKey && publicKey ? 'RS256' : 'HS256',
+    expiresIn: process.env.JWT_EXPIRES_IN || '1m',
+  } as SignOptions,
+};

package/src/auth/jwt-guard.ts

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+@Injectable()
+export class JwtAuthGuard extends AuthGuard('jwt') {}

package/src/auth/jwt-strategy.ts

@@ -0,0 +1,43 @@
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
+import { AUTH_MODULE_OPTIONS } from './constant';
+import { AuthModuleOptions } from './auth.interface';
+import { Logger } from 'nestjs-pino';
+import { EncryptionService } from './services/encryption.service';
+
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  private readonly secretKey: string;
+  constructor(
+    @Inject(AUTH_MODULE_OPTIONS)
+    private readonly options: AuthModuleOptions,
+    private readonly logger: Logger,
+    private readonly encryptionService: EncryptionService,
+  ) {
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: options.publicKey,
+    });
+    this.secretKey = options.jwtSecret || '';
+  }
+
+  async validate(payload: any) {
+    const decryptedPayload = JSON.parse(this.encryptionService.decrypt(payload.encrypted));
+    if (this.secretKey !== decryptedPayload.secret_key) {
+      this.logger.error('Invalid token payload');
+      throw new UnauthorizedException('Invalid token payload');
+    }
+
+    const currentTime = Math.floor(Date.now() / 1000); // Current time in seconds
+    if (payload.exp < currentTime) {
+      this.logger.error('Invalid token payload');
+      throw new UnauthorizedException('Token is expired');
+    }
+
+    return { secret_key: decryptedPayload.secret_key };
+
+  }
+}
+

package/src/auth/services/auth.service.ts

@@ -0,0 +1,33 @@
+import { Injectable, Inject } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { AuthModuleOptions } from '../auth.interface';
+import { AUTH_MODULE_OPTIONS } from '../constant';
+import { Logger } from 'nestjs-pino';
+import { EncryptionService } from './encryption.service';
+
+@Injectable()
+export class AuthService {
+  constructor(
+    private readonly jwtService: JwtService,
+    private  readonly logger: Logger,
+    private readonly encryptionService: EncryptionService,
+    @Inject(AUTH_MODULE_OPTIONS)
+    private readonly options: AuthModuleOptions,
+  ) {}
+
+async generateToken(payload: any): Promise<any> {
+  try {
+    const encryptedPayload = this.encryptionService.encrypt(JSON.stringify(payload));
+    return {
+      token: this.jwtService.sign({ encrypted: encryptedPayload }),
+    };
+  } catch (error) {
+    this.logger.error(error);
+    throw error;
+  }
+}
+
+  verifyToken(token: string): any {
+    return this.jwtService.verify(token);
+  }
+}

package/src/auth/services/encryption.service.ts

@@ -0,0 +1,35 @@
+import { createCipheriv, createDecipheriv, scryptSync } from 'crypto';
+import { Injectable, Inject } from '@nestjs/common';
+import { AUTH_MODULE_OPTIONS } from '../constant';
+import { AuthModuleOptions } from '../auth.interface';
+
+@Injectable()
+export class EncryptionService {
+  private algorithm = 'aes-256-cbc';
+  // JWT_SECRET is required in .env file. Please generate strong JWT_SECRET
+  private readonly secretKey: string;
+  private iv = Buffer.alloc(16, 0); // Initialization vector
+
+    constructor(
+    @Inject(AUTH_MODULE_OPTIONS)
+    private readonly options: AuthModuleOptions,
+  ) {
+    this.secretKey = options.jwtSecret || '';
+  }
+  // Encypt Token
+  encrypt(text: string): string {
+    const key = scryptSync(this.secretKey, 'salt', 32);
+    const cipher = createCipheriv(this.algorithm, key, this.iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return encrypted;
+  }
+
+  decrypt(encrypted: string): string {
+    const key = scryptSync(this.secretKey, 'salt', 32);
+    const decipher = createDecipheriv(this.algorithm, key, this.iv);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  }
+}

package/src/auth.config.ts

@@ -0,0 +1,42 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as dotenv from 'dotenv';
+dotenv.config();
+
+const privateKeyPath = path.resolve(process.cwd(), 'certs', 'private.key');
+const publicKeyPath = path.resolve(process.cwd(), 'certs', 'public.key');
+
+export const authConfig = {
+  //Based on current AuthModule Configuration
+  jwtSecret: process.env.JWT_SECRET,
+  expiresIn: process.env.TOKEN_EXPIRATION,
+  privateKey: fs.readFileSync(privateKeyPath, 'utf8'),
+  publicKey: fs.readFileSync(publicKeyPath, 'utf8'),
+  apiKey: process.env.API_KEY,
+};
+
+export const bankConfig = {
+  //Based on current BankConfiguration
+  BANK1_DATA_KEY: process.env.BANK1_DATA_KEY || '',
+  BANK1_AUTH_KEY: process.env.BANK1_AUTH_KEY || '',
+  BANK2_AUTH_KEY: process.env.BANK2_AUTH_KEY || '',
+  BANK1_URL: process.env.BANK1_URL || '',
+  BANK2_URL: process.env.BANK2_URL || '',
+  BANK1_DATA_PORT: Number(process.env.BANK1_DATA_PORT),
+  BANK2_DATA_PORT: Number(process.env.BANK2_DATA_PORT),
+  BANK1_MESSAGE_ID: process.env.BANK1_MESSAGE_ID || '',
+  //ASPAC
+  ASPAC_URL: process.env.ASPAC_URL || '',
+  ASPAC_API_KEY: process.env.ASPAC_API_KEY || '',
+  ASPAC_VERSION_KEY: process.env.ASPAC_VERSION_KEY || '',
+  //WELCOMEBANK
+  WELCOMEBANK_URL: process.env.WELCOMEBANK_URL || '',
+  WELCOMEBANK_PORT: Number(process.env.WELCOMEBANK_PORT),
+  WELCOMEBANK_API_KEY: process.env.WELCOMEBANK_API_KEY || '',
+  WELCOMEBANK_VERSION_KEY: process.env.WELCOMEBANK_VERSION_KEY || '',
+  WELCOMBANK_ENABLEENCRYPTION: process.env.WELCOMBANK_ENABLEENCRYPTION === 'true',
+  //WBWIN
+  MBWIN_URL: process.env.MBWIN_URL || '',
+  MBWIN_PORT: Number(process.env.MBWIN_PORT),
+  MBWIN_API_KEY: process.env.MBWIN_API_KEY || '',
+}