feat: auth service-to-service api #3148
Conversation
github-actions
bot
added
type: tests
| private async request<T = any>( | ||
| path: string, | ||
| options: RequestInit | ||
| ): Promise<T> { | ||
| const response = await fetch(`${this.baseUrl}${path}`, options) | ||
|
|
||
| if (!response.ok) { | ||
| let errorDetails | ||
| try { | ||
| errorDetails = await response.json() | ||
| } catch { | ||
| errorDetails = { message: response.statusText } | ||
| } | ||
|
|
||
| throw new AuthServiceClientError( | ||
| `Auth Service Client Error: ${response.status} ${response.statusText}`, | ||
| response.status, | ||
| errorDetails | ||
| ) | ||
| } | ||
|
|
||
| if ( | ||
| response.status === 204 || | ||
| response.headers.get('Content-Length') === '0' | ||
| ) { | ||
| return undefined as T | ||
| } | ||
|
|
||
| const contentType = response.headers.get('Content-Type') | ||
| if (contentType && contentType.includes('application/json')) { | ||
| try { | ||
| return (await response.json()) as T | ||
| } catch (error) { | ||
| throw new AuthServiceClientError( | ||
| `Failed to parse JSON response from ${path}`, | ||
| response.status | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| return (await response.text()) as T | ||
| } |
There was a problem hiding this comment.
I opted to use the native fetch here although there were some behaviors I wasnt quite sure about. I tested with axios and mirrored how that works:
- not OK response (400, 500) etc. throws
- 204 returns
undefined - Success without body (200, 201, etc.) returns the response.text (just
''if not set) - Interface accepts a generic which asserts the return type, although technically it could still return a
stringorundefinedin the cases described above.
| async function createTenant( | ||
| deps: ServiceDependencies, | ||
| ctx: CreateContext | ||
| ): Promise<void> { | ||
| const { body } = ctx.request | ||
|
|
||
| await deps.tenantService.create(body) | ||
|
|
||
| ctx.status = 204 | ||
| } |
There was a problem hiding this comment.
@mkurapov influenced by the pattern we've been talking about in the POC meetings. Not 201 with the resource returned. Originally I went with 201 but that really should have a body: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/201
thus the 204 No Content for this and the update and delete.
| function toTenantResponse(tenant: Tenant): TenantResponse { | ||
| return { | ||
| id: tenant.id, | ||
| idpConsentUrl: tenant.idpConsentUrl, | ||
| idpSecret: tenant.idpSecret | ||
| } | ||
| } |
There was a problem hiding this comment.
to filter out the created, deleted, update timestamps basically. Figured we'd keep those in the return from the service layer and filter out here. Although I considered not returning them from the service since in theory maybe those are purely business logic concerns? Kinda academic at this point though.
| public tenant = { | ||
| get: (id: string) => | ||
| this.request<Tenant>(`/tenant/${id}`, { method: 'GET' }), | ||
| create: (data: Omit<Tenant, 'id'>) => | ||
| this.request('/tenant', { | ||
| method: 'POST', | ||
| headers: { 'Content-Type': 'application/json' }, | ||
| body: JSON.stringify(data) | ||
| }), | ||
| update: (id: string, data: Partial<Omit<Tenant, 'id'>>) => | ||
| this.request(`/tenant/${id}`, { | ||
| method: 'PATCH', | ||
| headers: { 'Content-Type': 'application/json' }, | ||
| body: JSON.stringify(data) | ||
| }), | ||
| delete: (id: string) => this.request(`/tenant/${id}`, { method: 'DELETE' }) | ||
| } |
There was a problem hiding this comment.
could probably move these methods and the Tenant interface out of this file if we want but opted to just put it here since it's really the only thing we need for the forseeable future.
| } | ||
| } | ||
|
|
||
| export class AuthServiceClient { |
There was a problem hiding this comment.
Almost feels like this should be a different package outside of backend but this is the only consumer at this point so I felt like this keeps it simpler.
|
Not able to add an integration test yet because the backend doesnt have any endpoints that uses the backend tenant service. However, I did do some manual integration tests by adding this to the // Test the tenant stuff. Comment out client methods and inspect db as needed to confirm.
const authServiceClient = container.use('authServiceClient')
const tenant = await authServiceClient.tenant.get(config.operatorTenantId)
console.log({ tenant }) // OK
const id = '438fa74a-fa7d-4317-9ced-dde32ece1788'
await authServiceClient.tenant.create({
// OK
id,
idpConsentUrl: 'http://localhost:3031/mock-idp2/',
idpSecret: '3pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE='
})
await authServiceClient.tenant.update(id, {
// OK
idpConsentUrl: 'http://localhost:3031/mock-idp3/'
})
const deletedAt = new Date('2024-12-20T18:16:02.019Z')
await authServiceClient.tenant.delete(id, deletedAt) // OK |
BlairCurrey
requested review from
njlie,
mkurapov,
sanducb,
oana-lolea and
koekiebox
We can add the proper test for this in #3124 |
| @@ -43,6 +43,7 @@ export const Config = { | |||
| authPort: envInt('AUTH_PORT', 3006), | |||
| interactionPort: envInt('INTERACTION_PORT', 3009), | |||
| introspectionPort: envInt('INTROSPECTION_PORT', 3007), | |||
| serviceAPIPort: envInt('SERVICE_API_PORT', 3011), | |||
There was a problem hiding this comment.
what do you think about calling this Tenant service instead?
Are you approaching this from this service being used for something else, for example?
There was a problem hiding this comment.
Are you approaching this from this service being used for something else, for example?
Yes, that was the idea. Figured it can serve the purpose of any service-to-service communication. No specific things in mind but if we did want to expose some other resource I dont imagine we'd want a new api just for that. And probably better to avoid renaming everything including this env var (since it would be breaking).
|
|
||
| public tenant = { | ||
| get: (id: string) => | ||
| this.request<Tenant>(`/tenant/${id}`, { method: 'GET' }), |
There was a problem hiding this comment.
do we need the headers object in here as well?
Can also just have it in the request fn
There was a problem hiding this comment.
The second arg in request? Yeah I think we need this. Its more than just the headers. request just wraps fetch and fetch needs the the method at the very least since its used for gets, posts, delete, etc. Or maybe I'm misunderstanding the comment?
There was a problem hiding this comment.
As in, I think we need { 'Content-Type': 'application/json' } also for the GET method.
My suggestion is to just have { 'Content-Type': 'application/json' } once on L29
There was a problem hiding this comment.
i added it in request as suggested. Actually I dont think we need it for the GET (just for specifying format of body no?) but it shouldn't hurt in any case.
| @@ -104,3 +104,8 @@ export async function verifyApiSignature( | |||
|
|
|||
| return verifyApiSignatureDigest(signature as string, ctx.request, config) | |||
| } | |||
|
|
|||
| // Intended for Date strings like "2024-12-05T15:10:09.545Z" (e.g., from new Date().toISOString()) | |||
| export function isValidDateString(date: string): boolean { | |||
There was a problem hiding this comment.
small, but would be good to write a few tests for this
There was a problem hiding this comment.
| @@ -265,6 +266,7 @@ export interface AppServices { | |||
| paymentMethodHandlerService: Promise<PaymentMethodHandlerService> | |||
| ilpPaymentService: Promise<IlpPaymentService> | |||
| localPaymentService: Promise<LocalPaymentService> | |||
| authServiceClient: AuthServiceClient | |||
There was a problem hiding this comment.
| authServiceClient: AuthServiceClient | |
| authServiceClient: Promise<AuthServiceClient> |
There was a problem hiding this comment.
Technically I dont think I need this? Although I realize everything else is a promise but its driven by the factory function we pass into the singleton. I have:
container.singleton('authServiceClient', () => {
return new AuthServiceClient(config.authServiceApiUrl)
})I didn't make that async since it didn't need to be, hence the AuthServiceClient and not a promise fort he type here. I do see that we return a promise elsewhere where it doesnt seem like we need to. Recent in memory cache for example.
container.singleton('tenantCache', async () => {
return createInMemoryDataStore(config.localCacheDuration)
})So either I'm missing something or we just return a promise everywhere even when its not needed out of habit I guess.
There was a problem hiding this comment.
Ah yeah, I think it's only out of habit. In that case, it's fine as is
Changes proposed in this pull request
ServiceAPIServertoauthServiceAPIServerauthServiceAPIClienttobackendwhich is used by tenant service.Context
fixes: #3125
Opened interledger/helm-charts#47 to follow up on the env vars in the helm charts
Checklist
fixes #numberuser-docslabel (if necessary)