From 99d997d835329878b54d953a7fe0543059917b77 Mon Sep 17 00:00:00 2001 From: Rory Doak Date: Thu, 9 Jan 2025 14:41:46 +0000 Subject: [PATCH 1/5] initial work to add keys --- .env.example | 1 + api.planx.uk/.env.test.example | 1 + api.planx.uk/modules/auth/middleware.ts | 4 ++++ docker-compose.yml | 1 + infrastructure/application/index.ts | 3 +++ 5 files changed, 10 insertions(+) diff --git a/.env.example b/.env.example index 90f746b2a2..1705520ff2 100644 --- a/.env.example +++ b/.env.example @@ -35,6 +35,7 @@ FILE_API_KEY_SOUTHWARK=👻 FILE_API_KEY_EPSOM_EWELL=👻 FILE_API_KEY_MEDWAY=👻 FILE_API_KEY_GATESHEAD=👻 +FILE_API_KEY_DONCASTER=👻 # Editor EDITOR_URL_EXT=http://localhost:3000 diff --git a/api.planx.uk/.env.test.example b/api.planx.uk/.env.test.example index 60ac5e4a5d..becf92fd5d 100644 --- a/api.planx.uk/.env.test.example +++ b/api.planx.uk/.env.test.example @@ -25,6 +25,7 @@ FILE_API_KEY_SOUTHWARK=👻 FILE_API_KEY_EPSOM_EWELL=👻 FILE_API_KEY_MEDWAY=👻 FILE_API_KEY_GATESHEAD=👻 +FILE_API_KEY_DONCASTER=👻 # Editor EDITOR_URL_EXT=example.com diff --git a/api.planx.uk/modules/auth/middleware.ts b/api.planx.uk/modules/auth/middleware.ts index 22e07337c8..6deb59c4be 100644 --- a/api.planx.uk/modules/auth/middleware.ts +++ b/api.planx.uk/modules/auth/middleware.ts @@ -110,6 +110,10 @@ export const useFilePermission: RequestHandler = (req, _res, next): void => { isEqual( req.headers["api-key"] as string, process.env.FILE_API_KEY_EPSOM_EWELL!, + )|| + isEqual( + req.headers["api-key"] as string, + process.env.FILE_API_KEY_DONCASTER!, ); if (!isAuthenticated) return next({ status: 401, message: "Unauthorised" }); return next(); diff --git a/docker-compose.yml b/docker-compose.yml index 5022927716..8c645b96e6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -130,6 +130,7 @@ services: FILE_API_KEY_EPSOM_EWELL: ${FILE_API_KEY_EPSOM_EWELL} FILE_API_KEY_MEDWAY: ${FILE_API_KEY_MEDWAY} FILE_API_KEY_GATESHEAD: ${FILE_API_KEY_GATESHEAD} + FILE_API_KEY_DONCASTER: ${FILE_API_KEY_DONCASTER} FILE_API_KEY_NEXUS: ${FILE_API_KEY_NEXUS} FILE_API_KEY: ${FILE_API_KEY} GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID} diff --git a/infrastructure/application/index.ts b/infrastructure/application/index.ts index 317d680092..fb4ec99d14 100644 --- a/infrastructure/application/index.ts +++ b/infrastructure/application/index.ts @@ -380,6 +380,9 @@ export = async () => { { name: "FILE_API_KEY_GATESHEAD", value: config.requireSecret("file-api-key-gateshead"), + }, { + name: "FILE_API_KEY_DONCASTER", + value: config.requireSecret("file-api-key-doncaster"), }, { name: "GOOGLE_CLIENT_ID", From 790d82d26bb424c38ff434bae40abef86c9b1c9e Mon Sep 17 00:00:00 2001 From: Rory Doak Date: Thu, 9 Jan 2025 15:51:17 +0000 Subject: [PATCH 2/5] add file api keys to pulumi yaml --- infrastructure/application/Pulumi.production.yaml | 1 + infrastructure/application/Pulumi.staging.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/infrastructure/application/Pulumi.production.yaml b/infrastructure/application/Pulumi.production.yaml index 37b51f211c..c3fb952127 100644 --- a/infrastructure/application/Pulumi.production.yaml +++ b/infrastructure/application/Pulumi.production.yaml @@ -10,6 +10,7 @@ config: secure: AAABAGyTfLujGho+V0tEhFXQRET5FjYK6txyaFTB3gY/VaKzq8yNlocJTAM5nt8mBhF6T+AeQD2GxW63 application:file-api-key-barnet: secure: AAABANMl+fVFsRVGXvJV/aLManXO+TldXVDhp5QH6KGWJoG7O9Ket63zIW1iOiinINWJ2I5OizI= + application:file-api-key-doncaster: ZqAnRnR6rira9LZpPLguH7TwU46XmXDXDhaDD72r application:file-api-key-epsom-ewell: secure: AAABANvwhiVRBq8NH7ZqcToUzYn4X+KfC5Wm8WjWUKXT5TuVXqC6zHhVVKFBbmdtKjC4j5M4+bWsLiFO9dO0MLobxLpK7YCE application:file-api-key-gateshead: diff --git a/infrastructure/application/Pulumi.staging.yaml b/infrastructure/application/Pulumi.staging.yaml index 5cc9b010c9..ffc36bf366 100644 --- a/infrastructure/application/Pulumi.staging.yaml +++ b/infrastructure/application/Pulumi.staging.yaml @@ -11,6 +11,7 @@ config: secure: AAABAN0LjLOgxCkr5ZqQLn6FkZPcrPlvNG4fbNZ02W2qC1VVYVee/3aToZQuXuokVwnIPNbbe2w= application:file-api-key-barnet: secure: AAABAFpZq81zy3CKFXUgi9oEGIGp7LDVD3TNlYkZD4liX0bxOrmMJYdDpMmyGt4aGARF63nEUmo= + application:file-api-key-doncaster: f4cAPYv26Z3jbsVioWcf9sdYsHWjtPRHg4hHPZKL application:file-api-key-epsom-ewell: secure: AAABAD1/nlJ2EOEglLiiNsOLbOd3KWCONhNhJAIdZQVnrSRsNIzX2luszOreQf20EYl8AZ4L1TiheqUHSt22e5z1FiLWoCtY application:file-api-key-gateshead: From 73baebe2d478fa60d3793ec8a1ce3c6b3f9b8c94 Mon Sep 17 00:00:00 2001 From: Rory Doak Date: Thu, 9 Jan 2025 16:08:31 +0000 Subject: [PATCH 3/5] lint:fix --- api.planx.uk/modules/auth/middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api.planx.uk/modules/auth/middleware.ts b/api.planx.uk/modules/auth/middleware.ts index 6deb59c4be..1aeb857ea8 100644 --- a/api.planx.uk/modules/auth/middleware.ts +++ b/api.planx.uk/modules/auth/middleware.ts @@ -110,7 +110,7 @@ export const useFilePermission: RequestHandler = (req, _res, next): void => { isEqual( req.headers["api-key"] as string, process.env.FILE_API_KEY_EPSOM_EWELL!, - )|| + ) || isEqual( req.headers["api-key"] as string, process.env.FILE_API_KEY_DONCASTER!, From 38bef2375f2962631f5858043097fed65d23263e Mon Sep 17 00:00:00 2001 From: Rory Doak Date: Thu, 9 Jan 2025 17:32:16 +0000 Subject: [PATCH 4/5] swap file api keys and change formatting --- infrastructure/application/Pulumi.production.yaml | 3 ++- infrastructure/application/Pulumi.staging.yaml | 3 ++- infrastructure/application/index.ts | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/infrastructure/application/Pulumi.production.yaml b/infrastructure/application/Pulumi.production.yaml index c3fb952127..30a5ffea21 100644 --- a/infrastructure/application/Pulumi.production.yaml +++ b/infrastructure/application/Pulumi.production.yaml @@ -10,7 +10,8 @@ config: secure: AAABAGyTfLujGho+V0tEhFXQRET5FjYK6txyaFTB3gY/VaKzq8yNlocJTAM5nt8mBhF6T+AeQD2GxW63 application:file-api-key-barnet: secure: AAABANMl+fVFsRVGXvJV/aLManXO+TldXVDhp5QH6KGWJoG7O9Ket63zIW1iOiinINWJ2I5OizI= - application:file-api-key-doncaster: ZqAnRnR6rira9LZpPLguH7TwU46XmXDXDhaDD72r + application:file-api-key-doncaster: + secure: AAABALpOWpDVq45I3oBlXg2j40TH5xNhNlLt1dY+e1OHNNDgrw3MtokuEEZx1Iz6LQdz5fgQW/bAE9VVO06SAOLvHXAcYIXKUI892RqgHlGxmS9z60yFEdWdB8NhX7KCiKmCBklxXNZizDCPqoB37nqYsxr7KQsLQav/DPQ5wY3v2GOoXBC93Da3iGBTQT+sX2lmjFe7DSDFTI+DYT/Oo8k= application:file-api-key-epsom-ewell: secure: AAABANvwhiVRBq8NH7ZqcToUzYn4X+KfC5Wm8WjWUKXT5TuVXqC6zHhVVKFBbmdtKjC4j5M4+bWsLiFO9dO0MLobxLpK7YCE application:file-api-key-gateshead: diff --git a/infrastructure/application/Pulumi.staging.yaml b/infrastructure/application/Pulumi.staging.yaml index ffc36bf366..3e80c269b3 100644 --- a/infrastructure/application/Pulumi.staging.yaml +++ b/infrastructure/application/Pulumi.staging.yaml @@ -11,7 +11,8 @@ config: secure: AAABAN0LjLOgxCkr5ZqQLn6FkZPcrPlvNG4fbNZ02W2qC1VVYVee/3aToZQuXuokVwnIPNbbe2w= application:file-api-key-barnet: secure: AAABAFpZq81zy3CKFXUgi9oEGIGp7LDVD3TNlYkZD4liX0bxOrmMJYdDpMmyGt4aGARF63nEUmo= - application:file-api-key-doncaster: f4cAPYv26Z3jbsVioWcf9sdYsHWjtPRHg4hHPZKL + application:file-api-key-doncaster: + secure: AAABAGflOiDR2agEFZYNZRXzzPmua5Ts+F5sXpa6LpOAWNfJOO7qYsTMgY5Oj+AB8qVW7VcTjWriFG8BdfjDcyl1RtMWxYfOHXFjNKmvlABuOR+pxD7ygFAwlvp5dm8UPPFothtZIgi9nYS6qxnGSLomvqApF17D29R8ydJdYcTJmjPHufWcIRjT3tx72+R1o57i3QFnoQqbZIOSw7ELVqI= application:file-api-key-epsom-ewell: secure: AAABAD1/nlJ2EOEglLiiNsOLbOd3KWCONhNhJAIdZQVnrSRsNIzX2luszOreQf20EYl8AZ4L1TiheqUHSt22e5z1FiLWoCtY application:file-api-key-gateshead: diff --git a/infrastructure/application/index.ts b/infrastructure/application/index.ts index fb4ec99d14..cc389339b6 100644 --- a/infrastructure/application/index.ts +++ b/infrastructure/application/index.ts @@ -380,7 +380,8 @@ export = async () => { { name: "FILE_API_KEY_GATESHEAD", value: config.requireSecret("file-api-key-gateshead"), - }, { + }, + { name: "FILE_API_KEY_DONCASTER", value: config.requireSecret("file-api-key-doncaster"), }, From 3664befcfc9dbc35e8ccc29b6cadc0810004c664 Mon Sep 17 00:00:00 2001 From: Rory Doak Date: Thu, 9 Jan 2025 17:41:33 +0000 Subject: [PATCH 5/5] fix pulumi keys --- infrastructure/application/Pulumi.production.yaml | 2 +- infrastructure/application/Pulumi.staging.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infrastructure/application/Pulumi.production.yaml b/infrastructure/application/Pulumi.production.yaml index 30a5ffea21..1fe6f91808 100644 --- a/infrastructure/application/Pulumi.production.yaml +++ b/infrastructure/application/Pulumi.production.yaml @@ -11,7 +11,7 @@ config: application:file-api-key-barnet: secure: AAABANMl+fVFsRVGXvJV/aLManXO+TldXVDhp5QH6KGWJoG7O9Ket63zIW1iOiinINWJ2I5OizI= application:file-api-key-doncaster: - secure: AAABALpOWpDVq45I3oBlXg2j40TH5xNhNlLt1dY+e1OHNNDgrw3MtokuEEZx1Iz6LQdz5fgQW/bAE9VVO06SAOLvHXAcYIXKUI892RqgHlGxmS9z60yFEdWdB8NhX7KCiKmCBklxXNZizDCPqoB37nqYsxr7KQsLQav/DPQ5wY3v2GOoXBC93Da3iGBTQT+sX2lmjFe7DSDFTI+DYT/Oo8k= + secure: AAABANsIFFm3IsQKbZHe4lEZGsJv3bcK2XOVzd6IiKj+4i/eiILIc7BS0KDQxqLskQ6QCv1sDw04pie8cvAlKqVYWBGmomA2 application:file-api-key-epsom-ewell: secure: AAABANvwhiVRBq8NH7ZqcToUzYn4X+KfC5Wm8WjWUKXT5TuVXqC6zHhVVKFBbmdtKjC4j5M4+bWsLiFO9dO0MLobxLpK7YCE application:file-api-key-gateshead: diff --git a/infrastructure/application/Pulumi.staging.yaml b/infrastructure/application/Pulumi.staging.yaml index 3e80c269b3..97b43c592a 100644 --- a/infrastructure/application/Pulumi.staging.yaml +++ b/infrastructure/application/Pulumi.staging.yaml @@ -12,7 +12,7 @@ config: application:file-api-key-barnet: secure: AAABAFpZq81zy3CKFXUgi9oEGIGp7LDVD3TNlYkZD4liX0bxOrmMJYdDpMmyGt4aGARF63nEUmo= application:file-api-key-doncaster: - secure: AAABAGflOiDR2agEFZYNZRXzzPmua5Ts+F5sXpa6LpOAWNfJOO7qYsTMgY5Oj+AB8qVW7VcTjWriFG8BdfjDcyl1RtMWxYfOHXFjNKmvlABuOR+pxD7ygFAwlvp5dm8UPPFothtZIgi9nYS6qxnGSLomvqApF17D29R8ydJdYcTJmjPHufWcIRjT3tx72+R1o57i3QFnoQqbZIOSw7ELVqI= + secure: AAABAIZjfr4tVG+HG9+83bPYQjgD1hmK5P+SbYpq4qGue07rHA02kciAkTMCyxD5Lzb0WX0K6fm5cvH2tof5mmX7gJGTkMVc application:file-api-key-epsom-ewell: secure: AAABAD1/nlJ2EOEglLiiNsOLbOd3KWCONhNhJAIdZQVnrSRsNIzX2luszOreQf20EYl8AZ4L1TiheqUHSt22e5z1FiLWoCtY application:file-api-key-gateshead: