Merge pull request #282 from opencrvs/ocrvs-5932-country-config

refactor(env-vars): validate country-config environment variables

Author: tahmidrahman-dsi

package.json

@@ -28,7 +28,7 @@
     "snapshot": "bash infrastructure/backups/backup.sh",
     "port-forward": "bash infrastructure/port-forward.sh",
     "environment:init": "ts-node infrastructure/environments/setup-environment.ts",
-    "sort-translations": "ts-node -r tsconfig-paths/register src/sort-translations.ts"
+    "sort-translations": "cross-env NODE_ENV=development ts-node -r tsconfig-paths/register src/sort-translations.ts"
   },
   "devDependencies": {
     "@graphql-codegen/add": "^3.1.1",
@@ -89,6 +89,7 @@
     "csv2json": "^2.0.2",
     "date-fns": "^2.28.0",
     "dotenv": "^16.4.5",
+    "envalid": "^8.0.0",
     "esbuild": "^0.18.9",
     "google-libphonenumber": "^3.2.32",
     "graphql": "^16.3.0",

src/constants.ts

@@ -8,28 +8,26 @@
  *
  * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
  */
+import { env } from './environment'
+
 export const TEST_SOURCE = `${process.cwd()}/src/tests/`
-export const DOMAIN = process.env.DOMAIN || '*'
-export const GATEWAY_URL = process.env.GATEWAY_URL || 'http://localhost:7070'
-export const LOGIN_URL = process.env.LOGIN_URL || 'http://localhost:3020/'
-export const CLIENT_APP_URL =
-  process.env.CLIENT_APP_URL || 'http://localhost:3000/'
-export const FHIR_URL = process.env.FHIR_URL || 'http://localhost:3447/fhir'
-export const ORG_URL = 'http://opencrvs.org'
-export const COUNTRY_CONFIG_HOST = process.env.COUNTRY_CONFIG_HOST || '0.0.0.0'
-export const COUNTRY_CONFIG_PORT = process.env.COUNTRY_CONFIG_PORT || 3040
-export const AUTH_URL = process.env.AUTH_URL || 'http://localhost:4040'
-export const COUNTRY_CONFIG_URL =
-  process.env.COUNTRY_CONFIG_URL || 'http://localhost:3040'
-export const APPLICATION_CONFIG_URL =
-  process.env.APPLICATION_CONFIG_URL || 'http://localhost:2021/'
-export const SENTRY_DSN = process.env.SENTRY_DSN
-// Check if the token has been invalided in the auth service before it has expired
-// This needs to be a string to make it easy to pass as an ENV var.
-export const CHECK_INVALID_TOKEN = process.env.CHECK_INVALID_TOKEN || 'false'
-export const CONFIRM_REGISTRATION_URL =
-  process.env.CONFIRM_REGISTRATION_URL ||
-  'http://localhost:5050/confirm/registration'
 export const DEFAULT_TIMEOUT = 600000
-export const PRODUCTION = process.env.NODE_ENV === 'production'
-export const QA_ENV = process.env.QA_ENV || false
+
+export const DOMAIN = env.DOMAIN
+export const GATEWAY_URL = env.GATEWAY_URL
+export const LOGIN_URL = env.LOGIN_URL
+export const CLIENT_APP_URL = env.CLIENT_APP_URL
+export const FHIR_URL = env.FHIR_URL
+
+export const COUNTRY_CONFIG_HOST = env.COUNTRY_CONFIG_HOST
+export const COUNTRY_CONFIG_PORT = env.COUNTRY_CONFIG_PORT
+export const AUTH_URL = env.AUTH_URL
+export const COUNTRY_CONFIG_URL = env.COUNTRY_CONFIG_URL
+export const APPLICATION_CONFIG_URL = env.APPLICATION_CONFIG_URL
+
+export const SENTRY_DSN = env.SENTRY_DSN
+export const CHECK_INVALID_TOKEN = env.CHECK_INVALID_TOKEN
+
+export const CONFIRM_REGISTRATION_URL = env.CONFIRM_REGISTRATION_URL
+export const PRODUCTION = env.isProd
+export const QA_ENV = env.QA_ENV

src/environment.ts

@@ -0,0 +1,33 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * OpenCRVS is also distributed under the terms of the Civil Registration
+ * & Healthcare Disclaimer located at http://opencrvs.org/license.
+ *
+ * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+ */
+import { bool, cleanEnv, port, str, url } from 'envalid'
+
+export const env = cleanEnv(process.env, {
+  DOMAIN: str({ devDefault: '*' }),
+  GATEWAY_URL: url({ devDefault: 'http://localhost:7070' }),
+  LOGIN_URL: url({ devDefault: 'http://localhost:3020/' }),
+  CLIENT_APP_URL: url({ devDefault: 'http://localhost:3000/' }),
+  FHIR_URL: url({ devDefault: 'http://localhost:3447/fhir' }),
+  COUNTRY_CONFIG_HOST: str({ devDefault: '0.0.0.0' }),
+  COUNTRY_CONFIG_PORT: port({ default: 3040 }),
+  AUTH_URL: url({ devDefault: 'http://localhost:4040' }),
+  COUNTRY_CONFIG_URL: url({ devDefault: 'http://localhost:3040' }),
+  APPLICATION_CONFIG_URL: url({ devDefault: 'http://localhost:2021/' }),
+  SENTRY_DSN: str({ default: undefined }),
+  CHECK_INVALID_TOKEN: bool({
+    devDefault: false,
+    desc: 'Check if the token has been invalidated in the auth service before it has expired'
+  }),
+  CONFIRM_REGISTRATION_URL: url({
+    devDefault: 'http://localhost:5050/confirm/registration'
+  }),
+  QA_ENV: bool({ default: false })
+})

src/index.ts

@@ -139,18 +139,18 @@ export const verifyToken = async (token: string, authUrl: string) => {
 const validateFunc = async (
   payload: any,
   request: Hapi.Request,
-  checkInvalidToken: string,
+  checkInvalidToken: boolean,
   authUrl: string
 ) => {
   let valid
-  if (checkInvalidToken === 'true') {
+  if (checkInvalidToken) {
     valid = await verifyToken(
       request.headers.authorization.replace('Bearer ', ''),
       authUrl
     )
   }
 
-  if (valid === true || checkInvalidToken !== 'true') {
+  if (valid === true || !checkInvalidToken) {
     return {
       isValid: true,
       credentials: payload

yarn.lock

@@ -3777,6 +3777,13 @@ end-of-stream@^1.1.0, end-of-stream@^1.4.1:
   dependencies:
     once "^1.4.0"
 
+envalid@^8.0.0:
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/envalid/-/envalid-8.0.0.tgz#2314451e18e88051c98540ab60640e330279e486"
+  integrity sha512-PGeYJnJB5naN0ME6SH8nFcDj9HVbLpYIfg1p5lAyM9T4cH2lwtu2fLbozC/bq+HUUOIFxhX/LP0/GmlqPHT4tQ==
+  dependencies:
+    tslib "2.6.2"
+
 error-ex@^1.3.1:
   version "1.3.2"
   resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.2.tgz#b4ac40648107fdcdcfae242f428bea8a14d4f1bf"
@@ -7322,6 +7329,11 @@ tslib@2:
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f"
   integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==
 
+[email protected]:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae"
+  integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==
+
 tslib@^1.8.1, tslib@^1.9.0, tslib@^1.9.3:
   version "1.14.1"
   resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"