Merge branch 'fix/hmac-tests' into 'develop'

HMAC Headers to tests

See merge request !14

.gitlab-ci.yml

 ---
 variables:
-  PROJECT: global-data-resources
-  PRODUCTION_PROJECT: global-data-resources
-  TESTING_PROJECT: global-data-resources
+  PROJECT: cosmos-dev-286703
+  DEVELOPMENT_PROJECT: cosmos-dev-286703
+  STAGING_PROJECT: cosmos-staging-291101
   REGION: europe-west1
 
 cache:
@@ -48,7 +48,7 @@ build:
   <<: *only_default
   stage: build
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
   script:
     - time make src/node_modules
     - make lint
@@ -62,19 +62,17 @@ test-jest:
   <<: *only_default
   stage: test
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
   script:
     - make test
 
-  allow_failure: true
-
 test-snyk:
   <<: *make_dependencies
   <<: *only_default
   stage: test
   retry: 2
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
   script:
     - make snyk
 
@@ -83,7 +81,7 @@ test-coverage:
   <<: *only_default
   stage: test
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
   artifacts:
     name: "$CI_JOB_NAME:coverage"
     expire_in: 1 weeks
@@ -99,7 +97,7 @@ test-fossa:
   <<: *only_default
   stage: test
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
   script:
     - make fossa
 
@@ -136,7 +134,7 @@ deploy-dev:
   <<: *make_dependencies
   stage: deploy
   variables:
-    PROJECT: $TESTING_PROJECT
+    PROJECT: $DEVELOPMENT_PROJECT
     ENVIRONMENT: dev
   environment:
     name: testing
@@ -153,7 +151,7 @@ deploy-dev:
 #   <<: *make_dependencies
 #   stage: deploy
 #   variables:
-#     PROJECT: $PRODUCTION_PROJECT
+#     PROJECT: $DEVELOPMENT_PROJECT
 #     ENVIRONMENT: prod
 #   environment:
 #     name: testing

README.md

@@ -2,20 +2,23 @@
 
 Responsible for authenticating CSL webhook events, parsing the payload and forwarding the request to PubSub topics.
 
+The repository deploys a cloud function to gcp using a nodejs runtime and is configured to receive http post requests from CSL webhook events, these requests are then authenticated via hmac/sha256 and finally the Data is published to GCP Pub/Sub topics.
+
 ## Release process:
 
 1. `NEW_RELEASE=v1.2.3 make release`
 1. `git push --all --follow-tags`
 
-## Running Dev Environment:
+## Running Dev Environment on Linux:
 
 Requirements:
 
 1. Node.js >= 10
 2. npm >= 6.14.6
 3. GCloud Service Account .json File
+4. Make
 
-Fixing the watch failure : `echo fs.inotify.max_user_watches=582222 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`
+Configure max watches to prevent node.js crashes : `echo fs.inotify.max_user_watches=582222 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p`
 
 Export your google cloud service account with `export GOOGLE_APPLICATION_CREDENTIALS="PATH"`
 

src/includes/logger.js

@@ -25,11 +25,9 @@ switch (process.env.ENVIRONMENT) {
   case 'prod':
   case 'production':
     level = 'info';
-    silent = false;
     break;
   default:
     level = 'debug';
-    silent = false;
     break;
 }
 

src/index.js

@@ -181,9 +181,10 @@ app.post('/', async (req, res, next) => {
   )}`;
 
   // Verify that the payload is signed with the correct key
+
   if (localSign !== req.header('x-controlshift-webhook-signature')) {
     logger.error('Invalid signature!');
-    return res.status(400).send({status: 'Hash Error'});
+    return res.status(400).send({error: 'Hash Error'});
   }
 
   next();
@@ -263,6 +264,7 @@ app.post('/', async function (req, res, _next) {
 
 // Root requests to this endpoint
 app.get('/', function (_req, res, _next) {
+  console.log('Triggered');
   res.end('OK');
 });
 

src/package-lock.json

 {
   "name": "csl-incoming-webhook",
-  "version": "2.1.0",
+  "version": "2.2.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

src/tests/index.test.js

@@ -33,6 +33,10 @@ describe('POST Endpoints', () => {
       .post('/')
       .set('Content-Type', 'application/json')
       .set('Accept', 'application/json')
+      .set(
+        'x-controlshift-webhook-signature',
+        'sha256:907f3b3acd3f15c16b15c6a7329f18d6bbbdee6f2215761a8fe1cfc96ca95123'
+      )
       .send({
         type: 'data.full_table_exported',
       });
@@ -46,6 +50,10 @@ describe('POST Endpoints', () => {
       .post('/')
       .set('Content-Type', 'application/json')
       .set('Accept', 'application/json')
+      .set(
+        'x-controlshift-webhook-signature',
+        'sha256:0fdc7de63a7fce465b84bbb4afc6fe74e8b9c4ee9e785f42e2bf0f2847d6bb07'
+      )
       .send({
         type: 'data.incremental_table_exported',
       });
@@ -59,6 +67,10 @@ describe('POST Endpoints', () => {
       .post('/')
       .set('Content-Type', 'application/json')
       .set('Accept', 'application/json')
+      .set(
+        'x-controlshift-webhook-signature',
+        'sha256:3f5e38170ddeb5d7cba6879521a54365230a3bcf694f729d2bd8ccfbb7c7717f'
+      )
       .send({
         type: 'nope.nopenopenope',
       });
@@ -72,11 +84,26 @@ describe('POST Endpoints', () => {
       .post('/')
       .set('Content-Type', 'application/json')
       .set('Accept', 'application/json')
+      .set(
+        'x-controlshift-webhook-signature',
+        'sha256:2cd2b174c5df3c79fdd3fd34f8b6702451c6b7b53b4bcea606660607451951eb'
+      )
       .send({});
 
     expect(res.statusCode).toEqual(400);
     expect(res.body).toHaveProperty('error');
   });
+
+  it('should error out with "Invalid signature"', async () => {
+    const res = await request(app)
+      .post('/')
+      .set('Content-Type', 'application/json')
+      .set('Accept', 'application/json')
+      .send({});
+
+    expect(res.statusCode).toEqual(400);
+    expect(res.body).toHaveProperty('error', 'Hash Error');
+  });
 });
 
 describe('GET Endpoints', () => {