account-lookup-service 15.6.0-iso.22 → 15.6.0-iso.24

package/audit-ci.jsonc

@@ -29,6 +29,7 @@
     "GHSA-rv95-896h-c2vc", // https://github.com/advisories/GHSA-rv95-896h-c2vc
     "GHSA-952p-6rrq-rcjv", // https://github.com/advisories/GHSA-952p-6rrq-rcjv
     "GHSA-3xgq-45jj-v275", // https://github.com/advisories/GHSA-3xgq-45jj-v275
-    "GHSA-rhx6-c78j-4q9w" // https://github.com/advisories/GHSA-rhx6-c78j-4q9w
+    "GHSA-rhx6-c78j-4q9w", // https://github.com/advisories/GHSA-rhx6-c78j-4q9w
+    "GHSA-mwcw-c2x4-8c55" // https://github.com/advisories/GHSA-mwcw-c2x4-8c55
   ]
 }

package/config/default.json

@@ -15,6 +15,7 @@
     "DATABASE": "account_lookup",
     "POOL_MIN_SIZE": 10,
     "POOL_MAX_SIZE": 10,
+    "MAX_PENDING_ACQUIRE": null,
     "ACQUIRE_TIMEOUT_MILLIS": 30000,
     "CREATE_TIMEOUT_MILLIS": 30000,
     "DESTROY_TIMEOUT_MILLIS": 5000,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "account-lookup-service",
   "description": "Account Lookup Service is used to validate Party and Participant lookups.",
-  "version": "15.6.0-iso.22",
+  "version": "15.6.0-iso.24",
   "license": "Apache-2.0",
   "author": "ModusBox",
   "contributors": [
@@ -94,12 +94,12 @@
     "@mojaloop/central-services-health": "15.0.0",
     "@mojaloop/central-services-logger": "11.5.1",
     "@mojaloop/central-services-metrics": "12.4.2",
-    "@mojaloop/central-services-shared": "18.14.1",
-    "@mojaloop/central-services-stream": "11.3.1",
-    "@mojaloop/database-lib": "11.0.6",
+    "@mojaloop/central-services-shared": "18.14.2",
+    "@mojaloop/central-services-stream": "11.4.1",
+    "@mojaloop/database-lib": "11.1.0",
     "@mojaloop/event-sdk": "14.1.1",
     "@mojaloop/inter-scheme-proxy-cache-lib": "2.3.1",
-    "@mojaloop/ml-schema-transformer-lib": "2.4.1",
+    "@mojaloop/ml-schema-transformer-lib": "2.5.1",
     "@mojaloop/sdk-standard-components": "19.6.2",
     "@now-ims/hapi-now-auth": "2.1.0",
     "ajv": "8.17.1",
@@ -118,6 +118,9 @@
     "rc": "1.2.8"
   },
   "overrides": {
+    "postcss": {
+      "nanoid": "^3.3.8"
+    },
     "@mojaloop/central-services-health": {
       "@mojaloop/central-services-logger": ">=11.4.0"
     },
@@ -157,7 +160,7 @@
     "jest": "29.7.0",
     "jest-junit": "16.0.0",
     "jsdoc": "4.0.4",
-    "nodemon": "3.1.7",
+    "nodemon": "3.1.9",
     "npm-check-updates": "17.1.11",
     "nyc": "17.1.0",
     "pre-commit": "1.2.2",

package/src/domain/participants/participants.js

@@ -84,7 +84,7 @@ const getParticipantsByTypeAndID = async (headers, params, method, query, span,
       throw ErrorHandler.Factory.createFSPIOPError(ErrorHandler.Enums.FSPIOPErrorCodes.ID_NOT_FOUND, errMessage)
     }
     step = 'oracleRequest-2'
-    const response = await oracle.oracleRequest(headers, method, params, query, undefined, cache)
+    const response = await oracle.oracleRequest(headers, method, params, query, undefined, cache, true)
     if (response?.data && Array.isArray(response.data.partyList) && response.data.partyList.length > 0) {
       const options = {
         partyIdType: type,

package/src/domain/parties/getPartiesByTypeAndID.js

@@ -91,12 +91,16 @@ const getPartiesByTypeAndID = async (headers, params, method, query, span, cache
   const proxyEnabled = !!(Config.PROXY_CACHE_CONFIG.enabled && proxyCache)
   const type = params.Type
   const partySubId = params.SubId
+  const callbackEndpointType = utils.getPartyCbType(partySubId)
   const source = headers[Headers.FSPIOP.SOURCE]
   const proxy = proxyEnabled && headers[Headers.FSPIOP.PROXY]
-  const callbackEndpointType = utils.getPartyCbType(partySubId)
+  let destination = headers[Headers.FSPIOP.DESTINATION]
+  // see https://github.com/mojaloop/design-authority/issues/79
+  // the requester has specified a destination routing header. We should respect that and forward the request directly to the destination
+  // without consulting any oracles.
 
   const childSpan = span ? span.getChild('getPartiesByTypeAndID') : undefined
-  log.info('parties::getPartiesByTypeAndID::begin', { source, proxy, params })
+  log.info('parties::getPartiesByTypeAndID::begin', { source, destination, proxy, params })
 
   let requester
   let fspiopError
@@ -110,10 +114,6 @@ const getPartiesByTypeAndID = async (headers, params, method, query, span, cache
       ...(partySubId && { partySubIdOrType: partySubId })
     }
 
-    let destination = headers[Headers.FSPIOP.DESTINATION]
-    // see https://github.com/mojaloop/design-authority/issues/79
-    // the requester has specified a destination routing header. We should respect that and forward the request directly to the destination
-    // without consulting any oracles.
     if (destination) {
       step = 'validateParticipant-1'
       const destParticipantModel = await participant.validateParticipant(destination)
@@ -122,6 +122,7 @@ const getPartiesByTypeAndID = async (headers, params, method, query, span, cache
         const proxyId = proxyEnabled && await proxyCache.lookupProxyByDfspId(destination)
 
         if (!proxyId) {
+          log.warn('no destination participant, and no dfsp-to-proxy mapping', { destination })
           const errMessage = ERROR_MESSAGES.partyDestinationFspNotFound
           throw ErrorHandler.Factory.createFSPIOPError(ErrorHandler.Enums.FSPIOPErrorCodes.ID_NOT_FOUND, errMessage)
         }

package/src/lib/config.js

@@ -117,6 +117,7 @@ const config = {
       password: RC.DATABASE.PASSWORD,
       database: RC.DATABASE.DATABASE
     },
+    maxPendingAcquire: RC.DATABASE.MAX_PENDING_ACQUIRE,
     pool: {
       // minimum size
       min: getOrDefault(RC.DATABASE.POOL_MIN_SIZE, 2),

package/src/models/oracle/facade.js

@@ -47,10 +47,11 @@ const { hubNameRegex } = require('../../lib/util').hubNameConfig
  * @param {object} params - uri parameters of the http request
  * @param {object} query - the query parameter on the uri of the http request
  * @param {object} payload - payload of the request being sent out
+ * @param {object} assertPendingAcquire - flag to check DB pool pending acquire limit
  *
  * @returns {object} returns the response from the oracle
  */
-exports.oracleRequest = async (headers, method, params = {}, query = {}, payload = undefined, cache) => {
+exports.oracleRequest = async (headers, method, params = {}, query = {}, payload = undefined, cache, assertPendingAcquire) => {
   try {
     let url
     const partyIdType = params.Type
@@ -59,13 +60,13 @@ exports.oracleRequest = async (headers, method, params = {}, query = {}, payload
     const partySubIdOrType = (params && params.SubId) ? params.SubId : (query && query.partySubIdOrType) ? query.partySubIdOrType : undefined
     const isGetRequest = method.toUpperCase() === Enums.Http.RestMethods.GET
     if (currency && partySubIdOrType && isGetRequest) {
-      url = await _getOracleEndpointByTypeCurrencyAndSubId(partyIdType, partyIdentifier, currency, partySubIdOrType)
+      url = await _getOracleEndpointByTypeCurrencyAndSubId(partyIdType, partyIdentifier, currency, partySubIdOrType, assertPendingAcquire)
     } else if (currency && isGetRequest) {
-      url = await _getOracleEndpointByTypeAndCurrency(partyIdType, partyIdentifier, currency)
+      url = await _getOracleEndpointByTypeAndCurrency(partyIdType, partyIdentifier, currency, assertPendingAcquire)
     } else if (partySubIdOrType && isGetRequest) {
-      url = await _getOracleEndpointByTypeAndSubId(partyIdType, partyIdentifier, partySubIdOrType)
+      url = await _getOracleEndpointByTypeAndSubId(partyIdType, partyIdentifier, partySubIdOrType, assertPendingAcquire)
     } else {
-      url = await _getOracleEndpointByType(partyIdType, partyIdentifier)
+      url = await _getOracleEndpointByType(partyIdType, partyIdentifier, assertPendingAcquire)
       if (partySubIdOrType) {
         payload = { ...payload, partySubIdOrType }
       }
@@ -172,12 +173,13 @@ exports.oracleRequest = async (headers, method, params = {}, query = {}, payload
  * @param {string} partyIdType - party ID type (e.g MSISDN)
  * @param {string} partyIdentifier - party ID
  * @param {string} currency - currency ID
+ * @param {object} assertPendingAcquire - flag to check DB pool pending acquire limit
  *
  * @returns {string} returns the endpoint to the oracle
  */
-const _getOracleEndpointByTypeAndCurrency = async (partyIdType, partyIdentifier, currency) => {
+const _getOracleEndpointByTypeAndCurrency = async (partyIdType, partyIdentifier, currency, assertPendingAcquire) => {
   let url
-  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByTypeAndCurrency(partyIdType, currency)
+  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByTypeAndCurrency(partyIdType, currency, assertPendingAcquire)
   if (oracleEndpointModel.length > 0) {
     if (oracleEndpointModel.length > 1) {
       const defautOracle = oracleEndpointModel.filter(oracle => oracle.isDefault).pop()
@@ -207,12 +209,13 @@ const _getOracleEndpointByTypeAndCurrency = async (partyIdType, partyIdentifier,
  *
  * @param {string} partyIdType - party ID type (e.g MSISDN)
  * @param {string} partyIdentifier - party ID
+ * @param {object} assertPendingAcquire - flag to check DB pool pending acquire limit
  *
  * @returns {string} returns the endpoint to the oracle
  */
-const _getOracleEndpointByType = async (partyIdType, partyIdentifier) => {
+const _getOracleEndpointByType = async (partyIdType, partyIdentifier, assertPendingAcquire) => {
   let url
-  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByType(partyIdType)
+  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByType(partyIdType, assertPendingAcquire)
   if (oracleEndpointModel.length > 0) {
     if (oracleEndpointModel.length > 1) {
       const defaultOracle = oracleEndpointModel.filter(oracle => oracle.isDefault).pop()
@@ -243,12 +246,13 @@ const _getOracleEndpointByType = async (partyIdType, partyIdentifier) => {
  * @param {string} partyIdType - party ID type (e.g MSISDN)
  * @param {string} partyIdentifier - party ID
  * @param {string} partySubIdOrType - party subId
+ * @param {object} assertPendingAcquire - flag to check DB pool pending acquire limit
  *
  * @returns {string} returns the endpoint to the oracle
  */
-const _getOracleEndpointByTypeAndSubId = async (partyIdType, partyIdentifier, partySubIdOrType) => {
+const _getOracleEndpointByTypeAndSubId = async (partyIdType, partyIdentifier, partySubIdOrType, assertPendingAcquire) => {
   let url
-  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByType(partyIdType)
+  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByType(partyIdType, assertPendingAcquire)
   if (oracleEndpointModel.length > 0) {
     if (oracleEndpointModel.length > 1) {
       const defautOracle = oracleEndpointModel.filter(oracle => oracle.isDefault).pop()
@@ -280,12 +284,13 @@ const _getOracleEndpointByTypeAndSubId = async (partyIdType, partyIdentifier, pa
  * @param {string} partyIdentifier - party ID
  * @param {string} currency - currency ID
  * @param {string} partySubIdOrType - party subId
+ * @param {object} assertPendingAcquire - flag to check DB pool pending acquire limit
  *
  * @returns {string} returns the endpoint to the oracle
  */
-const _getOracleEndpointByTypeCurrencyAndSubId = async (partyIdType, partyIdentifier, currency, partySubIdOrType) => {
+const _getOracleEndpointByTypeCurrencyAndSubId = async (partyIdType, partyIdentifier, currency, partySubIdOrType, assertPendingAcquire) => {
   let url
-  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByTypeAndCurrency(partyIdType, currency)
+  const oracleEndpointModel = await oracleEndpointCached.getOracleEndpointByTypeAndCurrency(partyIdType, currency, assertPendingAcquire)
   if (oracleEndpointModel.length > 0) {
     if (oracleEndpointModel.length > 1) {
       const defautOracle = oracleEndpointModel.filter(oracle => oracle.isDefault).pop()

package/src/models/oracle/oracleEndpoint.js

@@ -233,6 +233,7 @@ const destroyOracleEndpointById = async (oracleEndpointId) => {
 }
 
 module.exports = {
+  assertPendingAcquires: Db.assertPendingAcquires,
   getOracleEndpointByType,
   getOracleEndpointByTypeAndCurrency,
   getOracleEndpointByCurrency,

package/src/models/oracle/oracleEndpointCached.js

@@ -53,6 +53,7 @@ const getOracleEndpointCached = async (params) => {
   const cacheKey = getCacheKey(params)
   let cachedEndpoints = cacheClient.get(cacheKey)
   if (!cachedEndpoints) {
+    if (params.assertPendingAcquire) OracleEndpointUncached.assertPendingAcquires()
     // No oracleEndpoint in the cache, so fetch from participant API
     let oracleEndpoints
     if (partyIdType && currency) {
@@ -87,9 +88,9 @@ exports.initialize = async () => {
   cacheClient = Cache.registerCacheClient(oracleEndpointCacheClientMeta)
 }
 
-exports.getOracleEndpointByTypeAndCurrency = async (partyIdType, currency) => {
+exports.getOracleEndpointByTypeAndCurrency = async (partyIdType, currency, assertPendingAcquire) => {
   try {
-    return await getOracleEndpointCached({ partyIdType, currency })
+    return await getOracleEndpointCached({ partyIdType, currency, assertPendingAcquire })
   } catch (err) {
     throw ErrorHandler.Factory.reformatFSPIOPError(
       err,
@@ -100,9 +101,9 @@ exports.getOracleEndpointByTypeAndCurrency = async (partyIdType, currency) => {
   }
 }
 
-exports.getOracleEndpointByType = async (partyIdType) => {
+exports.getOracleEndpointByType = async (partyIdType, assertPendingAcquire) => {
   try {
-    return await getOracleEndpointCached({ partyIdType })
+    return await getOracleEndpointCached({ partyIdType, assertPendingAcquire })
   } catch (err) {
     throw ErrorHandler.Factory.reformatFSPIOPError(
       err,
@@ -113,9 +114,9 @@ exports.getOracleEndpointByType = async (partyIdType) => {
   }
 }
 
-exports.getOracleEndpointByCurrency = async (currency) => {
+exports.getOracleEndpointByCurrency = async (currency, assertPendingAcquire) => {
   try {
-    return await getOracleEndpointCached({ currency })
+    return await getOracleEndpointCached({ currency, assertPendingAcquire })
   } catch (err) {
     throw ErrorHandler.Factory.reformatFSPIOPError(
       err,

package/test/unit/models/oracle/oracleEndpointCached.test.js

@@ -58,6 +58,7 @@ describe('ParticipantCurrency cached model', () => {
     sandbox.stub(OracleEndpointUncached, 'getOracleEndpointByTypeAndCurrency').returns(oracleEndpoints)
     sandbox.stub(OracleEndpointUncached, 'getOracleEndpointByCurrency').returns(oracleEndpoints)
     sandbox.stub(OracleEndpointUncached, 'getOracleEndpointByType').returns(oracleEndpoints)
+    sandbox.stub(OracleEndpointUncached, 'assertPendingAcquires').returns()
   })
 
   afterEach(() => {
@@ -150,4 +151,35 @@ describe('ParticipantCurrency cached model', () => {
     await Model.getOracleEndpointByTypeAndCurrency('MSISDN', 'USD')
     expect(cacheClient.get.called).toBeTruthy()
   })
+  it('getOracleEndpointCached calls assertPendingAcquire when assertPendingAcquire is true', async () => {
+    let cache = null
+    const cacheClient = {
+      createKey: sandbox.stub().returns({}),
+      get: () => cache,
+      set: (key, x) => {
+        cache = { item: x } // the cache returns {item: <data>} structure
+      }
+    }
+    Cache.registerCacheClient.returns(cacheClient)
+    await Model.initialize()
+
+    await Model.getOracleEndpointByTypeAndCurrency('MSISDN', 'USD', true)
+    expect(OracleEndpointUncached.assertPendingAcquires.calledOnce).toBeTruthy()
+  })
+
+  it('getOracleEndpointCached does not call assertPendingAcquire when assertPendingAcquire is false', async () => {
+    let cache = null
+    const cacheClient = {
+      createKey: sandbox.stub().returns({}),
+      get: () => cache,
+      set: (key, x) => {
+        cache = { item: x } // the cache returns {item: <data>} structure
+      }
+    }
+    Cache.registerCacheClient.returns(cacheClient)
+    await Model.initialize()
+
+    await Model.getOracleEndpointByTypeAndCurrency('MSISDN', 'USD', false)
+    expect(OracleEndpointUncached.assertPendingAcquires.called).toBeFalsy()
+  })
 })