Merge remote-tracking branch 'origin/auth_bpp_webhook' into develop

config/config-sample-client-localhost.yaml

@@ -110,9 +110,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/config-sample-network-localhost.yaml

@@ -110,9 +110,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/config-sample.yaml

@@ -90,9 +90,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/new-config-sample.yaml

@@ -91,9 +91,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/samples/bap-client.yaml

@@ -131,9 +131,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/samples/bap-network.yaml

@@ -131,9 +131,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/samples/bpp-client.yaml

@@ -129,9 +129,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

config/samples/bpp-network.yaml

@@ -129,9 +129,15 @@ app:
     # In minutes
     syncInterval: 30
     redis_db: 3
+<<<<<<< HEAD
 
   useLayer2Config: false
   mandateLayer2Config: false
 
   openAPIValidator:
     cachedFileLimit: 5
+=======
+
+  useHMACForWebhook: false
+  sharedKeyForWebhookHMAC: ""
+>>>>>>> origin/auth_bpp_webhook

src/controllers/bpp.request.controller.ts

@@ -17,6 +17,7 @@ import {
   createTelemetryEvent,
   processTelemetry
 } from "../utils/telemetry.utils";
+import { createBppWebhookAuthHeaderConfig } from "../utils/auth.utils";
 
 export const bppNetworkRequestHandler = async (
   req: Request,
@@ -90,7 +91,11 @@ export const bppNetworkRequestSettler = async (
         break;
       }
       case ClientConfigType.webhook: {
-        requestCallback(requestBody);
+        let axios_config = {};
+        if (getConfig().app.useHMACForWebhook) {
+          axios_config = await createBppWebhookAuthHeaderConfig(requestBody);
+        }
+        requestCallback(requestBody, axios_config);
         break;
       }
       case ClientConfigType.messageQueue: {

src/schemas/configs/app.config.schema.ts

@@ -55,9 +55,14 @@ export const appConfigSchema = z.object({
   unsolicitedWebhook: z.object({
     url: z.string().optional()
   }).optional(),
+<<<<<<< HEAD
   openAPIValidator: z.object({
     cachedFileLimit: z.number().optional()
   }).optional()
+=======
+  useHMACForWebhook: z.boolean().optional(),
+  sharedKeyForWebhookHMAC: z.string().optional(),
+>>>>>>> origin/auth_bpp_webhook
 });
 
 export type AppConfigDataType = z.infer<typeof appConfigSchema>;

src/utils/auth.utils.ts

@@ -70,9 +70,8 @@ export const createAuthorizationHeader = async (message: any) => {
     getConfig().app.privateKey || ""
   );
   const subscriber_id = getConfig().app.subscriberId;
-  const header = `Signature keyId="${subscriber_id}|${
-    getConfig().app.uniqueKey
-  }|ed25519",algorithm="ed25519",created="${created}",expires="${expires}",headers="(created) (expires) digest",signature="${signature}"`;
+  const header = `Signature keyId="${subscriber_id}|${getConfig().app.uniqueKey
+    }|ed25519",algorithm="ed25519",created="${created}",expires="${expires}",headers="(created) (expires) digest",signature="${signature}"`;
   return header;
 };
 
@@ -204,8 +203,30 @@ export const createAuthHeaderConfig = async (request: any) => {
     timeout: getConfig().app.httpTimeout
   };
   logger.info(
-    `Axios Config for Request from ${
-      getConfig().app.mode + " " + getConfig().app.gateway.mode
+    `Axios Config for Request from ${getConfig().app.mode + " " + getConfig().app.gateway.mode
+    }:==>\n${JSON.stringify(axios_config)}\n\n`
+  );
+  return axios_config;
+};
+
+const createBppWebhookAuthHeader = async (request: any) => {
+  const sodium = _sodium;
+  const key = getConfig().app.sharedKeyForWebhookHMAC || "";
+  const keyUint8Array = sodium.from_string(key);
+  const messageUint8Array = sodium.from_string(JSON.stringify(request));
+  const hmac = sodium.crypto_auth(messageUint8Array, keyUint8Array);
+  return sodium.to_hex(hmac);
+};
+
+export const createBppWebhookAuthHeaderConfig = async (request: any) => {
+  const header = await createBppWebhookAuthHeader(request);
+  const axios_config = {
+    headers: {
+      authorization: header
+    }
+  };
+  logger.info(
+    `Axios Config for Request from ${getConfig().app.mode + " " + getConfig().app.gateway.mode
     }:==>\n${JSON.stringify(axios_config)}\n\n`
   );
   return axios_config;

src/utils/callback.utils.ts

@@ -1,20 +1,18 @@
-import axios from "axios";
+import axios, { AxiosRequestConfig } from "axios";
 import { Exception, ExceptionType } from "../models/exception.model";
 import {
-  BecknErrorDataType,
-  becknErrorSchema
+  BecknErrorDataType
 } from "../schemas/becknError.schema";
 import { requestCallbackSchema } from "../schemas/callbacks/request.callback.schema";
 import { responseCallbackSchema } from "../schemas/callbacks/response.callback.schema";
 import {
   ClientConfigType,
   WebhookClientConfigDataType
 } from "../schemas/configs/client.config.schema";
-import { GatewayMode } from "../schemas/configs/gateway.app.config.schema";
 import { getConfig } from "./config.utils";
 import logger from "./logger.utils";
 
-async function makeClientCallback(data: any) {
+async function makeClientCallback(data: any, axios_config?: AxiosRequestConfig) {
   try {
     if (getConfig().client.type != ClientConfigType.webhook) {
       throw new Exception(
@@ -30,7 +28,7 @@ async function makeClientCallback(data: any) {
     console.log(
       `TMTR - ${data?.context?.message_id} - ${data?.context?.action} - ${getConfig().app.mode}-${getConfig().app.gateway.mode} FORW EXIT: ${new Date().valueOf()}`
     );
-    const response = await axios.post(clientConnectionConfig.url, data);
+    const response = await axios.post(clientConnectionConfig.url, data, axios_config || {});
     logger.info(
       `Response from Webhook:==>\n ${JSON.stringify(
         response.data
@@ -88,10 +86,10 @@ export async function responseCallback(data: any) {
   }
 }
 
-export async function requestCallback(data: any) {
+export async function requestCallback(data: any, axios_config?: AxiosRequestConfig) {
   try {
     const callbackData = requestCallbackSchema.parse(data);
-    await makeClientCallback(callbackData);
+    await makeClientCallback(callbackData, axios_config);
   } catch (error) {
     if (error instanceof Exception) {
       throw error;