VIA-537 AS/SB Delete config and apimConfig

Author: anoop-surej-nhs

src/app/_components/vaccine/Vaccine.integration.test.tsx

@@ -2,17 +2,15 @@ import { auth } from "@project/auth";
 import Vaccine from "@src/app/_components/vaccine/Vaccine";
 import { VaccineType } from "@src/models/vaccine";
 import { fetchEligibilityContent } from "@src/services/eligibility-api/gateway/fetch-eligibility-content";
-import { configProvider } from "@src/utils/config";
+import lazyConfig from "@src/utils/lazy-config";
 import { mockNHSAppJSFunctions } from "@src/utils/nhsapp-js.test";
+import { AsyncConfigMock, lazyConfigBuilder } from "@test-data/config/builders";
 import { eligibilityApiResponseBuilder } from "@test-data/eligibility-api/builders";
 import { render, screen } from "@testing-library/react";
 import { ReadonlyHeaders } from "next/dist/server/web/spec-extension/adapters/headers";
 import { headers } from "next/headers";
 
 jest.mock("@src/utils/auth/generate-auth-payload", () => jest.fn());
-jest.mock("@src/utils/config", () => ({
-  configProvider: jest.fn(),
-}));
 jest.mock("@src/services/eligibility-api/gateway/fetch-eligibility-content", () => ({
   fetchEligibilityContent: jest.fn(),
 }));
@@ -33,11 +31,13 @@ jest.mock("sanitize-data", () => ({ sanitize: jest.fn() }));
 const nhsNumber = "5123456789";
 
 describe("Vaccine", () => {
+  const mockedConfig = lazyConfig as AsyncConfigMock;
   beforeAll(() => {
-    (configProvider as jest.Mock).mockImplementation(() => ({
-      CONTENT_CACHE_PATH: "wiremock/__files/",
-      PINO_LOG_LEVEL: "info",
-    }));
+    const defaultConfig = lazyConfigBuilder()
+      .withContentCachePath("wiremock/__files/")
+      .withPinoLogLevel("info")
+      .build();
+    Object.assign(mockedConfig, defaultConfig);
     (fetchEligibilityContent as jest.Mock).mockResolvedValue(eligibilityApiResponseBuilder().build());
     mockNHSAppJSFunctions(jest.fn(), jest.fn());
     (auth as jest.Mock).mockResolvedValue({

src/app/api/auth/[...nextauth]/provider.test.ts

@@ -2,7 +2,6 @@ import NHSLoginAuthProvider from "@src/app/api/auth/[...nextauth]/provider";
 import lazyConfig from "@src/utils/lazy-config";
 import { AsyncConfigMock, lazyConfigBuilder } from "@test-data/config/builders";
 
-jest.mock("@src/utils/config");
 jest.mock("@src/utils/auth/pem-to-crypto-key");
 jest.mock("sanitize-data", () => ({ sanitize: jest.fn() }));
 

src/services/content-api/content-api.integration.test.tsx

@@ -10,7 +10,6 @@ import lazyConfig from "@src/utils/lazy-config";
 import { AsyncConfigMock, lazyConfigBuilder } from "@test-data/config/builders";
 import { Readable } from "stream";
 
-jest.mock("@src/utils/config");
 jest.mock("@aws-sdk/client-s3");
 jest.mock("sanitize-data", () => ({ sanitize: jest.fn() }));
 

src/services/content-api/gateway/content-reader-service.test.ts

@@ -9,7 +9,6 @@ import { readContentFromCache } from "@src/services/content-api/gateway/content-
 import { Readable } from "stream";
 
 jest.mock("@aws-sdk/client-s3");
-jest.mock("@src/utils/config");
 jest.mock("sanitize-data", () => ({ sanitize: jest.fn() }));
 
 const mockRsvResponse = {

src/utils/apimConfig.test.ts

@@ -1,10 +1,10 @@
 /**
  * @jest-environment node
  */
-import { ApimConfig } from "@src/utils/apimConfig";
 import { generateAPIMTokenPayload } from "@src/utils/auth/apim/fetch-apim-access-token";
 import { APIMTokenPayload, IdToken } from "@src/utils/auth/types";
-import { apimConfigBuilder } from "@test-data/config/builders";
+import lazyConfig from "@src/utils/lazy-config";
+import { AsyncConfigMock, lazyConfigBuilder } from "@test-data/config/builders";
 import jwt from "jsonwebtoken";
 
 jest.mock("jsonwebtoken", () => ({
@@ -17,18 +17,14 @@ const mockSignedJwt = "mock-signed-jwt";
 const mockIdToken = "id-token" as IdToken;
 const mockNowInSeconds = 1749052001;
 
-const apimApiKey = "apim-api-key";
+const eligibilityApiKey = "eligibility-api-key";
 const apimKeyId = "apim-key-id";
 const apimPrivateKey = "apim-private-key";
-const mockApimConfig: ApimConfig = apimConfigBuilder()
-  .withELIGIBILITY_API_KEY(apimApiKey)
-  .andAPIM_AUTH_URL(new URL("https://apim-test-auth-url.com/test"))
-  .andAPIM_KEY_ID(apimKeyId)
-  .andAPIM_PRIVATE_KEY(apimPrivateKey)
-  .build();
+const apimAuthUrl = new URL("https://apim-test-auth-url.com/test");
 
 describe("generateAPIMTokenPayload", () => {
   let randomUUIDSpy: jest.SpyInstance;
+  const mockedConfig = lazyConfig as AsyncConfigMock;
 
   beforeAll(() => {
     randomUUIDSpy = jest.spyOn(global.crypto, "randomUUID").mockReturnValue(mockRandomUUID);
@@ -38,6 +34,13 @@ describe("generateAPIMTokenPayload", () => {
     randomUUIDSpy.mockClear();
     jest.useFakeTimers();
     jest.setSystemTime(mockNowInSeconds * 1000);
+    const defaultConfig = lazyConfigBuilder()
+      .withEligibilityApiKey(eligibilityApiKey)
+      .andApimAuthUrl(apimAuthUrl)
+      .andApimKeyId(apimKeyId)
+      .andApimPrivateKey(apimPrivateKey)
+      .build();
+    Object.assign(mockedConfig, defaultConfig);
   });
 
   afterAll(() => {
@@ -47,28 +50,28 @@ describe("generateAPIMTokenPayload", () => {
   });
 
   describe("new access token requested", () => {
-    it("should include signed client_assertion with expected iss sub and aud values", () => {
+    it("should include signed client_assertion with expected iss sub and aud values", async () => {
       (jwt.sign as jest.Mock).mockReturnValue(mockSignedJwt);
 
       const expectedClientAssertionPayloadContent = {
-        iss: mockApimConfig.ELIGIBILITY_API_KEY,
-        sub: mockApimConfig.ELIGIBILITY_API_KEY,
-        aud: mockApimConfig.APIM_AUTH_URL.href,
+        iss: eligibilityApiKey,
+        sub: eligibilityApiKey,
+        aud: apimAuthUrl.href,
         jti: mockRandomUUID,
         exp: mockNowInSeconds + 300,
       };
 
-      const apimTokenPayload: APIMTokenPayload = generateAPIMTokenPayload(mockApimConfig, mockIdToken);
+      const apimTokenPayload: APIMTokenPayload = await generateAPIMTokenPayload(mockIdToken);
       const clientAssertionJWT = apimTokenPayload.client_assertion;
 
-      expect(jwt.sign).toHaveBeenCalledWith(expectedClientAssertionPayloadContent, mockApimConfig.APIM_PRIVATE_KEY, {
+      expect(jwt.sign).toHaveBeenCalledWith(expectedClientAssertionPayloadContent, apimPrivateKey, {
         algorithm: "RS512",
-        keyid: mockApimConfig.APIM_KEY_ID,
+        keyid: apimKeyId,
       });
       expect(clientAssertionJWT).toEqual(mockSignedJwt);
     });
 
-    it("should use token-exchange grant type & id_token as subject_token field", () => {
+    it("should use token-exchange grant type & id_token as subject_token field", async () => {
       // Given
       (jwt.sign as jest.Mock).mockReturnValue(mockSignedJwt);
 
@@ -81,7 +84,7 @@ describe("generateAPIMTokenPayload", () => {
       };
 
       // When
-      const apimTokenPayload = generateAPIMTokenPayload(mockApimConfig, mockIdToken);
+      const apimTokenPayload = await generateAPIMTokenPayload(mockIdToken);
 
       // Then
       expect(apimTokenPayload).toEqual(expectedTokenPayload);
@@ -92,9 +95,9 @@ describe("generateAPIMTokenPayload", () => {
         throw new Error("Invalid key");
       });
 
-      expect(() => {
-        generateAPIMTokenPayload(mockApimConfig, mockIdToken);
-      }).toThrow("Invalid key");
+      expect(async () => {
+        await generateAPIMTokenPayload(mockIdToken);
+      }).rejects.toThrow("Invalid key");
     });
   });
 });

src/utils/apimConfig.ts

@@ -1,7 +1,7 @@
-import { ApimConfig, apimConfigProvider } from "@src/utils/apimConfig";
 import { ApimAuthError, ApimHttpError } from "@src/utils/auth/apim/exceptions";
 import { ApimTokenResponse } from "@src/utils/auth/apim/types";
 import { APIMClientAssertionPayload, APIMTokenPayload, IdToken } from "@src/utils/auth/types";
+import lazyConfig from "@src/utils/lazy-config";
 import { logger } from "@src/utils/logger";
 import axios, { AxiosResponse, HttpStatusCode } from "axios";
 import jwt from "jsonwebtoken";
@@ -10,25 +10,34 @@ import { Logger } from "pino";
 const log: Logger = logger.child({ module: "utils-auth-apim-fetch-apim-access-token" });
 
 const fetchAPIMAccessToken = async (idToken: IdToken): Promise<ApimTokenResponse> => {
-  const apimConfig: ApimConfig = await apimConfigProvider();
-  log.debug({ context: { apimConfig, idToken } }, "Fetching APIM Access Token");
+  log.debug({ context: { idToken } }, "Fetching APIM Access Token");
 
   try {
-    const tokenPayload: APIMTokenPayload = generateAPIMTokenPayload(apimConfig, idToken);
+    const tokenPayload: APIMTokenPayload = await generateAPIMTokenPayload(idToken);
     log.debug({ context: { tokenPayload } }, "APIM token payload");
 
-    const response: AxiosResponse<ApimTokenResponse> = await axios.post(apimConfig.APIM_AUTH_URL.href, tokenPayload, {
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      timeout: 10000,
-      validateStatus: (status) => status < HttpStatusCode.BadRequest,
-    });
+    const response: AxiosResponse<ApimTokenResponse> = await axios.post(
+      ((await lazyConfig.APIM_AUTH_URL) as URL).href,
+      tokenPayload,
+      {
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        timeout: 10000,
+        validateStatus: (status) => status < HttpStatusCode.BadRequest,
+      },
+    );
 
     log.info({ context: { apimToken: response.data } }, "APIM access token fetched");
     return response.data;
   } catch (error) {
     if (axios.isAxiosError(error)) {
       log.error(
-        { error, context: { APIM_AUTH_URL: apimConfig.APIM_AUTH_URL.href, response_data: error.response?.data } },
+        {
+          error,
+          context: {
+            APIM_AUTH_URL: ((await lazyConfig.APIM_AUTH_URL) as URL).href,
+            response_data: error.response?.data,
+          },
+        },
         "Error calling APIM token endpoint: HTTP request failed",
       );
       throw new ApimHttpError("Error getting APIM token");
@@ -42,8 +51,8 @@ const fetchAPIMAccessToken = async (idToken: IdToken): Promise<ApimTokenResponse
   }
 };
 
-const generateAPIMTokenPayload = (apimConfig: ApimConfig, idToken: IdToken): APIMTokenPayload => {
-  const clientAssertion: string = _generateClientAssertion(apimConfig);
+const generateAPIMTokenPayload = async (idToken: IdToken): Promise<APIMTokenPayload> => {
+  const clientAssertion: string = await _generateClientAssertion();
 
   return {
     grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
@@ -54,18 +63,18 @@ const generateAPIMTokenPayload = (apimConfig: ApimConfig, idToken: IdToken): API
   };
 };
 
-const _generateClientAssertion = (apimConfig: ApimConfig): string => {
-  const privateKey: string = apimConfig.APIM_PRIVATE_KEY;
+const _generateClientAssertion = async (): Promise<string> => {
+  const privateKey: string = (await lazyConfig.APIM_PRIVATE_KEY) as string;
   const payload: APIMClientAssertionPayload = {
-    iss: apimConfig.ELIGIBILITY_API_KEY,
-    sub: apimConfig.ELIGIBILITY_API_KEY,
-    aud: apimConfig.APIM_AUTH_URL.href,
+    iss: (await lazyConfig.ELIGIBILITY_API_KEY) as string,
+    sub: (await lazyConfig.ELIGIBILITY_API_KEY) as string,
+    aud: ((await lazyConfig.APIM_AUTH_URL) as URL).href,
     jti: crypto.randomUUID(),
     exp: Math.floor(Date.now() / 1000) + 300,
   };
   log.debug({ context: { payload } }, "raw APIMClientAssertionPayload");
 
-  return jwt.sign(payload, privateKey, { algorithm: "RS512", keyid: apimConfig.APIM_KEY_ID });
+  return jwt.sign(payload, privateKey, { algorithm: "RS512", keyid: (await lazyConfig.APIM_KEY_ID) as string });
 };
 
 export { fetchAPIMAccessToken, generateAPIMTokenPayload };