feat(cli): Pass the platform url on decrypt, add the platform kas to the allowlist when fetching (#565)

* pass platform url in cli, add base platform kas by default

* 🤖 🎨 Autoformat

* set platform url for nano

* pass the platform endpoint into opentdf obj

* only add url if not already in registry

Author: elizabethhealy

cli/src/cli.ts

@@ -622,6 +622,7 @@ export const handleArgs = (args: string[]) => {
           }
           const authProvider = await processAuth(argv);
           log('DEBUG', `Initialized auth provider ${JSON.stringify(authProvider)}`);
+          const guessedPolicyEndpoint = guessPolicyUrl(argv);
           const client = new OpenTDF({
             authProvider,
             defaultCreateOptions: {
@@ -633,7 +634,8 @@ export const handleArgs = (args: string[]) => {
               noVerify: !!argv.noVerifyAssertions,
             },
             disableDPoP: !argv.dpop,
-            policyEndpoint: guessPolicyUrl(argv),
+            policyEndpoint: guessedPolicyEndpoint,
+            platformUrl: guessedPolicyEndpoint,
           });
           try {
             log('SILLY', `Initialized client`);

lib/src/access.ts

@@ -190,17 +190,23 @@ export async function fetchKeyAccessServers(
     } catch (e) {
       throw new NetworkError(`unable to fetch kas list from [${req.url}]`, e);
     }
-    if (response.ok) {
-      const { keyAccessServers = [], pagination = {} } = await response.json();
-      allServers.push(...keyAccessServers);
-      nextOffset = pagination.nextOffset || 0;
+    // if we get an error from the kas registry, throw an error
+    if (!response.ok) {
+      throw new ServiceError(
+        `unable to fetch kas list from [${req.url}], status: ${response.status}`
+      );
     }
+    const { keyAccessServers = [], pagination = {} } = await response.json();
+    allServers.push(...keyAccessServers);
+    nextOffset = pagination.nextOffset || 0;
   } while (nextOffset > 0);
 
-  if (!allServers.length) {
-    throw new ConfigurationError('There are no available KAS');
-  }
   const serverUrls = allServers.map((server) => server.uri);
+  // add base platform kas
+  if (!serverUrls.includes(`${platformUrl}/kas`)) {
+    serverUrls.push(`${platformUrl}/kas`);
+  }
+
   return new OriginAllowList(serverUrls, false);
 }
 

lib/src/opentdf.ts

@@ -497,7 +497,7 @@ class NanoTDFReader {
   ) {
     if (
       !this.opts.ignoreAllowlist &&
-      !this.outer.platformUrl &&
+      !this.opts.platformUrl &&
       !this.opts.allowedKASEndpoints?.length
     ) {
       throw new ConfigurationError('platformUrl is required when allowedKasEndpoints is empty');
@@ -529,7 +529,7 @@ class NanoTDFReader {
       dpopEnabled: this.outer.dpopEnabled,
       dpopKeys: this.outer.dpopKeys,
       kasEndpoint: this.opts.allowedKASEndpoints?.[0] || 'https://disallow.all.invalid',
-      platformUrl: this.outer.platformUrl,
+      platformUrl: this.opts.platformUrl || this.outer.platformUrl,
     });
     // TODO: The version number should be fetched from the API
     const version = '0.0.1';