Skip to content

Commit

Permalink
feat: expose .well-known
Browse files Browse the repository at this point in the history
  • Loading branch information
KenLSM committed Dec 16, 2024
1 parent 0177ab4 commit 704b7e9
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 4 deletions.
1 change: 1 addition & 0 deletions .ebextensions/01env-file-aws-ssm.config
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ files:
aws ssm get-parameter --name "${ENV_TYPE}-verified-fields" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "${ENV_TYPE}-webhook-verified-content" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "${ENV_TYPE}-wogaa" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "/${ENV_TYPE}/formsg-sdk/jwks" --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "${ENV_SITE_NAME}-sgid" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "${ENV_SITE_NAME}-payment" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
aws ssm get-parameter --name "${ENV_SITE_NAME}-cron-payment" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env
Expand Down
17 changes: 17 additions & 0 deletions src/app/config/features/formsg-sdk-jwks.config.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import convict, { Schema } from 'convict'

type FormSgSdkJwks = {
publicJwks: string
}

const formSgSdkJwksSchema: Schema<FormSgSdkJwks> = {
publicJwks: {
doc: 'JSON Web Key Set for FormSG SDK',
format: String,
default: null, // required field
env: 'FORMSG_SDK_PUBLIC_JWKS',
},
}
export const formSgSdkJwksConfig = convict(formSgSdkJwksSchema)
.validate({ allowed: 'strict' })
.getProperties()
8 changes: 4 additions & 4 deletions src/app/loaders/express/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import * as IntranetMiddleware from '../../modules/intranet/intranet.middleware'
import { MYINFO_ROUTER_PREFIX } from '../../modules/myinfo/myinfo.constants'
import { MyInfoRouter } from '../../modules/myinfo/myinfo.routes'
import { SgidRouter } from '../../modules/sgid/sgid.routes'
import { WellKnownRouter } from '../../routes/./.well-known'
import { ApiRouter } from '../../routes/api'
import { LegacyRedirectRouter } from '../../routes/legacy-redirect'
import { SpOidcJwksRouter } from '../../routes/singpass'
Expand Down Expand Up @@ -123,6 +124,8 @@ const loadExpressApp = async (connection: Connection) => {
app.use('/sgid', SgidRouter)
app.use(MYINFO_ROUTER_PREFIX, MyInfoRouter)

app.use('/.well-known', WellKnownRouter)

// Legacy frontend routes which may still be in use
app.use(LegacyRedirectRouter)

Expand All @@ -135,10 +138,7 @@ const loadExpressApp = async (connection: Connection) => {

// If requests for known static asset patterns were not served by
// the static handlers above, middleware should try to fetch from s3 static bucket or else return 404s
app.get(
/^\/(public|static|\.well-known)\//,
catchNonExistentStaticRoutesMiddleware,
)
app.get(/^\/(public|static)\//, catchNonExistentStaticRoutesMiddleware)

// Requests for root files (e.g. /robots.txt or /favicon.ico) that were
// not served statically above will also return 404
Expand Down
24 changes: 24 additions & 0 deletions src/app/routes/.well-known/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
import { Router } from 'express'

import { formSgSdkJwksConfig } from '../../config/features/formsg-sdk-jwks.config'
import { createLoggerWithLabel } from '../../config/logger'

export const WellKnownRouter = Router()

const logger = createLoggerWithLabel(module)
/**
* Returns the FormSG's public json web key set (JWKS) for communication with FormSG SDK
* @route GET /.well-known/formsg/jwks.json
* @returns 200
*/
WellKnownRouter.get('/formsg/jwks.json', (req, res) => {
logger.info({
message: 'Admin attempting to make changes',
meta: {
action: 'formsg/jwks.json',
publicJwks: formSgSdkJwksConfig.publicJwks,
},
})

return res.send(formSgSdkJwksConfig.publicJwks)
})

0 comments on commit 704b7e9

Please sign in to comment.