Use axios for ApplePay Merchant Validation with or without proxy

With this change, we are updating the controller in charge of operating the Apple Pay Merchant Validation so that it uses axios instead of request retry, and also so that it uses HttpsProxyAgent if a proxy URL is defined in the environment. This is needed because we have realised that the test environment uses a proxy, while the local environment does not, thus requiring us to use axios in two different ways depending on the presence or absence of a proxy. Further information in Jira. https://payments-platform.atlassian.net/browse/PP-12853
alphagov · Jul 29, 2024 · b088df5 · b088df5
1 parent 2ccba2e
commit b088df5
Show file tree

Hide file tree

Showing 5 changed files with 290 additions and 212 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -26,6 +26,9 @@
     {
       "name": "GitHubTokenDetector"
     },
+    {
+      "name": "GitLabTokenDetector"
+    },
     {
       "name": "HexHighEntropyString",
       "limit": 3.0
@@ -36,6 +39,9 @@
     {
       "name": "IbmCosHmacDetector"
     },
+    {
+      "name": "IPPublicDetector"
+    },
     {
       "name": "JwtTokenDetector"
     },
@@ -49,9 +55,15 @@
     {
       "name": "NpmDetector"
     },
+    {
+      "name": "OpenAIDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
+    {
+      "name": "PypiTokenDetector"
+    },
     {
       "name": "SendGridDetector"
     },
@@ -67,6 +79,9 @@
     {
       "name": "StripeDetector"
     },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
     {
       "name": "TwilioKeyDetector"
     }
@@ -114,16 +129,7 @@
         "filename": "app/controllers/web-payments/apple-pay/merchant-validation.controller.js",
         "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
         "is_verified": false,
-        "line_number": 14
-      }
-    ],
-    "test/controllers/web-payments/apple-pay/merchant-validation.controller.test.js": [
-      {
-        "type": "Private Key",
-        "filename": "test/controllers/web-payments/apple-pay/merchant-validation.controller.test.js",
-        "hashed_secret": "1348b145fa1a555461c1b790a2f66614781091e9",
-        "is_verified": false,
-        "line_number": 68
+        "line_number": 18
       }
     ],
     "test/controllers/web-payments/apple-pay/normalise-apple-pay-payload.test.js": [
@@ -385,5 +391,5 @@
       }
     ]
   },
-  "generated_at": "2024-07-22T12:54:11Z"
+  "generated_at": "2024-07-24T08:52:06Z"
 }
diff --git a/app/controllers/web-payments/apple-pay/merchant-validation.controller.js b/app/controllers/web-payments/apple-pay/merchant-validation.controller.js
@@ -1,8 +1,12 @@
 'use strict'
 
-const request = require('requestretry')
 const logger = require('../../../utils/logger')(__filename)
 const { getLoggingFields } = require('../../../utils/logging-fields-helper')
+const axios = require('axios')
+const https = require('https')
+const { HttpsProxyAgent } = require('https-proxy-agent')
+const proxyUrl = process.env.HTTPS_PROXY
+
 
 function getCertificateMultiline (cert) {
   return `-----BEGIN CERTIFICATE-----
@@ -38,7 +42,8 @@ function getApplePayMerchantIdentityVariables (paymentProvider) {
 // When an Apple payment is initiated in Safari, it must check that the request
 // is coming from a registered and authorised Apple Merchant Account. The
 // browser will produce a URL which we should dial with our certificates server side.
-module.exports = (req, res) => {
+module.exports = async (req, res) => {
+
   if (!req.body.url) {
     return res.sendStatus(400)
   }
@@ -48,30 +53,42 @@ module.exports = (req, res) => {
     return res.sendStatus(400)
   }
 
+  const httpsAgent = new https.Agent({
+    cert: merchantIdentityVars.cert,
+    key: merchantIdentityVars.key
+  });
+
+  const proxyAgent = proxyUrl ? new HttpsProxyAgent(proxyUrl) : null
+
   const options = {
     url: url,
-    cert: merchantIdentityVars.cert,
-    key: merchantIdentityVars.key,
     method: 'post',
-    body: {
+    headers: { 'Content-Type': 'application/json' },
+    data: {
       merchantIdentifier: merchantIdentityVars.merchantIdentifier,
       displayName: 'GOV.UK Pay',
       initiative: 'web',
       initiativeContext: process.env.APPLE_PAY_MERCHANT_DOMAIN
     },
-    json: true
+    httpsAgent: proxyUrl ? proxyAgent : httpsAgent
   }
 
-  request(options, (err, response, body) => {
-    if (err) {
-      logger.info('Error generating Apple Pay session', {
-        ...getLoggingFields(req),
-        error: err,
-        response: response,
-        body: body
-      })
-      return res.status(500).send(body)
+  try {
+    let response
+
+    if (proxyUrl) {
+      response = await axios(options, httpsAgent)
+    } else {
+      response = await axios(options)
     }
-    res.status(200).send(body)
-  })
+    res.status(200).send(response.data)
+  } catch (error) {
+    logger.info('Error generating Apple Pay session', {
+      ...getLoggingFields(req),
+      error: error,
+      response: error.response,
+      data: error.response ? error.response.data : null
+    })
+    res.status(500).send(error.response ? error.response.data : 'Apple Pay Error')
+  }
 }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -87,6 +87,7 @@
     "gaap-analytics": "^3.1.0",
     "govuk-frontend": "^4.8.0",
     "helmet": "^7.1.0",
+    "https-proxy-agent": "^7.0.5",
     "i18n": "0.15.x",
     "lodash": "4.17.x",
     "mailcheck": "^1.1.1",