[#175072065] EXPERIMENTAL: Start io-backend as Azure Function

.funcignore

@@ -0,0 +1,15 @@
+*.js.map
+*.ts
+.git*
+.vscode*
+.circleci*
+.prettierrc
+local.settings.json*
+tsconfig.json
+tslint.json
+README.md
+yarn.lock
+jest.config.js
+__*
+Dangerfile.js
+CODEOWNERS

.gitignore

@@ -1,3 +1,7 @@
+# Exclude Azure functions files
+bin
+obj
+
 # Exclude OS Folders
 .DS_Store
 
@@ -35,6 +39,7 @@ npm-debug.log
 
 # Exclude certificates
 *.pem
+*.pfx
 
 # Exclude local files
 local.*

StartBackend/function.json

@@ -0,0 +1,24 @@
+{
+  "bindings": [
+    {
+      "authLevel": "anonymous",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "route": "{*segments}",
+      "methods": [
+        "get",
+        "post",
+        "put",
+        "patch",
+        "delete"
+      ]
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ],
+  "scriptFile": "./index.js"
+}

StartBackend/index.ts

@@ -0,0 +1,105 @@
+import * as winston from "winston";
+
+import { Context } from "@azure/functions";
+import { secureExpressApp } from "io-functions-commons/dist/src/utils/express";
+import { AzureContextTransport } from "io-functions-commons/dist/src/utils/logging";
+import { setAppContext } from "io-functions-commons/dist/src/utils/middlewares/context_middleware";
+import createAzureFunctionHandler from "io-functions-express/dist/src/createAzureFunctionsHandler";
+
+/**
+ * Main entry point for the Digital Citizenship proxy.
+ */
+
+import { fromNullable } from "fp-ts/lib/Option";
+import { newApp } from "../src/app";
+import {
+  ALLOW_BPD_IP_SOURCE_RANGE,
+  ALLOW_MYPORTAL_IP_SOURCE_RANGE,
+  ALLOW_NOTIFY_IP_SOURCE_RANGE,
+  ALLOW_PAGOPA_IP_SOURCE_RANGE,
+  ALLOW_SESSION_HANDLER_IP_SOURCE_RANGE,
+  API_BASE_PATH,
+  AUTHENTICATION_BASE_PATH,
+  BONUS_API_BASE_PATH,
+  BPD_BASE_PATH,
+  DEFAULT_APPINSIGHTS_SAMPLING_PERCENTAGE,
+  ENV,
+  MYPORTAL_BASE_PATH,
+  PAGOPA_BASE_PATH
+} from "../src/config";
+import { initAppInsights } from "../src/utils/appinsights";
+import {
+  getCurrentBackendVersion,
+  getValueFromPackageJson
+} from "../src/utils/package";
+
+const authenticationBasePath = AUTHENTICATION_BASE_PATH;
+const APIBasePath = API_BASE_PATH;
+const BonusAPIBasePath = BONUS_API_BASE_PATH;
+const PagoPABasePath = PAGOPA_BASE_PATH;
+const MyPortalBasePath = MYPORTAL_BASE_PATH;
+const BPDBasePath = BPD_BASE_PATH;
+
+/**
+ * If APPINSIGHTS_INSTRUMENTATIONKEY env is provided initialize an App Insights Client
+ * WARNING: When the key is provided several information are collected automatically
+ * and sent to App Insights.
+ * To see what kind of informations are automatically collected
+ * @see: utils/appinsights.js into the class AppInsightsClientBuilder
+ */
+const maybeAppInsightsClient = fromNullable(
+  process.env.APPINSIGHTS_INSTRUMENTATIONKEY
+).map(k =>
+  initAppInsights(k, {
+    applicationVersion: getCurrentBackendVersion(),
+    cloudRole: getValueFromPackageJson("name"),
+    disableAppInsights: process.env.APPINSIGHTS_DISABLED === "true",
+    samplingPercentage: process.env.APPINSIGHTS_SAMPLING_PERCENTAGE
+      ? parseInt(process.env.APPINSIGHTS_SAMPLING_PERCENTAGE, 10)
+      : DEFAULT_APPINSIGHTS_SAMPLING_PERCENTAGE
+  })
+);
+
+// tslint:disable-next-line: no-let
+let logger: Context["log"] | undefined;
+const contextTransport = new AzureContextTransport(() => logger, {
+  level: "debug"
+});
+winston.add(contextTransport);
+
+// Setup Express
+const init = newApp({
+  APIBasePath,
+  BPDBasePath,
+  BonusAPIBasePath,
+  MyPortalBasePath,
+  PagoPABasePath,
+  allowBPDIPSourceRange: ALLOW_BPD_IP_SOURCE_RANGE,
+  allowMyPortalIPSourceRange: ALLOW_MYPORTAL_IP_SOURCE_RANGE,
+  allowNotifyIPSourceRange: ALLOW_NOTIFY_IP_SOURCE_RANGE,
+  allowPagoPAIPSourceRange: ALLOW_PAGOPA_IP_SOURCE_RANGE,
+  allowSessionHandleIPSourceRange: ALLOW_SESSION_HANDLER_IP_SOURCE_RANGE,
+  appInsightsClient: maybeAppInsightsClient.toUndefined(),
+  authenticationBasePath,
+  env: ENV,
+  withBodyParser: false
+}).then(app => {
+  secureExpressApp(app);
+  return {
+    app,
+    azureFunctionHandler: createAzureFunctionHandler(app)
+  };
+});
+
+// Binds the express app to an Azure Function handler
+function httpStart(context: Context): void {
+  logger = context.log;
+  init
+    .then(({ app, azureFunctionHandler }) => {
+      setAppContext(app, context);
+      azureFunctionHandler(context);
+    })
+    .catch(context.log);
+}
+
+export default httpStart;

extensions.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <AzureFunctionsVersion>v3</AzureFunctionsVersion>
+	<WarningsAsErrors></WarningsAsErrors>
+	<DefaultItemExcludes>**</DefaultItemExcludes>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.DurableTask" Version="2.2.2" />
+    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.Storage" Version="4.0.1" />
+    <PackageReference Include="Microsoft.Azure.WebJobs.Script.ExtensionsMetadataGenerator" Version="1.1.8" />
+  </ItemGroup>
+</Project>

host.json

@@ -0,0 +1,16 @@
+{
+  "version": "2.0",
+  "logging": {
+    "logLevel": {
+      "default": "Information"
+    }
+  },
+  "extensions": {
+    "http": {
+      "routePrefix": ""
+    },
+    "durableTask": {
+      "hubName": "%SLOT_TASK_HUBNAME%"
+    }
+  }
+}

package.json

@@ -24,7 +24,9 @@
     "prettify": "prettier --write \"./**/*.ts\"",
     "test": "jest -i",
     "test:coverage": "dotenv -e .env.example -- jest -i --coverage",
+    "prestart:func": "func extensions install --javascript",
     "start": "node src/server.js",
+    "start:func": "dotenv -e .env func start --javascript --useHttps --cert certs/cert.pfx --password secret",
     "generate:proxy-models": "npm-run-all generate:proxy:* generate:api:* generate:messages:*",
     "generate:proxy:api-models": "rimraf generated/backend && shx mkdir -p generated/backend && gen-api-models --api-spec api_backend.yaml --out-dir generated/backend",
     "generate:proxy:auth-models": "rimraf generated/auth && shx mkdir -p generated/auth && gen-api-models --api-spec api_auth.yaml --out-dir generated/auth",
@@ -55,6 +57,7 @@
   },
   "homepage": "https://github.com/pagopa/io-backend#readme",
   "dependencies": {
+    "@azure/functions": "^1.2.2",
     "@azure/storage-queue": "^12.0.0",
     "@pagopa/io-spid-commons": "^4.7.0",
     "apicache": "^1.4.0",
@@ -68,6 +71,7 @@
     "fp-ts": "~1.17.0",
     "helmet": "3.21.1",
     "http-graceful-shutdown": "^2.3.2",
+    "io-functions-commons": "^15.0.0",
     "io-ts": "1.8.5",
     "io-ts-types": "^0.4.7",
     "italia-ts-commons": "^8.3.0",
@@ -97,6 +101,7 @@
     "@types/helmet": "^0.0.43",
     "@types/jest": "^23.3.3",
     "@types/lolex": "2.1.3",
+    "@types/mime": "^1.3.1",
     "@types/morgan": "^1.7.35",
     "@types/node": "10.14.2",
     "@types/node-fetch": "^2.1.2",

scripts/generate-test-certs.sh

@@ -17,4 +17,5 @@ else
 	echo "Generating certificates in $1"
 	cd $1
 	openssl req -sha256 -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/C=IT/ST=Italy/L=Rome/O=ACME/OU=IT Department/CN=api.italia.local"
+	openssl pkcs12 -inkey key.pem -in cert.pem -export -out cert.pfx -password pass:secret
 fi

src/__tests__/app.test.ts

@@ -80,7 +80,8 @@ describe("Success app start", () => {
       allowPagoPAIPSourceRange: [aValidCIDR],
       allowSessionHandleIPSourceRange: [aValidCIDR],
       authenticationBasePath: "",
-      env: NodeEnvironmentEnum.PRODUCTION
+      env: NodeEnvironmentEnum.PRODUCTION,
+      withBodyParser: true
     });
   });
 
@@ -99,7 +100,7 @@ describe("Success app start", () => {
     // test case: https forced. Already set: it trust the proxy and accept the header: X-Forwarded-Proto.
     it("should respond 200 if forwarded from an HTTPS connection", () => {
       return request(app)
-        .get("/")
+        .get("/info")
         .set(X_FORWARDED_PROTO_HEADER, "https")
         .expect(200);
     });
@@ -179,7 +180,8 @@ describe("Failure app start", () => {
         allowPagoPAIPSourceRange: [aValidCIDR],
         allowSessionHandleIPSourceRange: [aValidCIDR],
         authenticationBasePath: "",
-        env: NodeEnvironmentEnum.PRODUCTION
+        env: NodeEnvironmentEnum.PRODUCTION,
+        withBodyParser: true
       });
     } catch (err) {
       expect(mockFetchIdpsMetadata).toBeCalledTimes(3);
@@ -205,7 +207,8 @@ describe("Failure app start", () => {
         allowPagoPAIPSourceRange: [aValidCIDR],
         allowSessionHandleIPSourceRange: [aValidCIDR],
         authenticationBasePath: "",
-        env: NodeEnvironmentEnum.PRODUCTION
+        env: NodeEnvironmentEnum.PRODUCTION,
+        withBodyParser: true
       });
     } catch (err) {
       expect(mockNotificationService).toBeCalledTimes(1);
@@ -231,7 +234,8 @@ describe("Failure app start", () => {
         allowPagoPAIPSourceRange: [aValidCIDR],
         allowSessionHandleIPSourceRange: [aValidCIDR],
         authenticationBasePath: "",
-        env: NodeEnvironmentEnum.PRODUCTION
+        env: NodeEnvironmentEnum.PRODUCTION,
+        withBodyParser: true
       });
     } catch (err) {
       expect(mockNotificationService).toBeCalledTimes(1);

src/__tests__/services-api.test.ts

@@ -88,7 +88,8 @@ describe("GET /services/:id", () => {
       allowPagoPAIPSourceRange: [aValidCIDR],
       allowSessionHandleIPSourceRange: [aValidCIDR],
       authenticationBasePath: "",
-      env: NodeEnvironmentEnum.PRODUCTION
+      env: NodeEnvironmentEnum.PRODUCTION,
+      withBodyParser: true
     });
   });
 

src/app.ts

@@ -54,6 +54,7 @@ import ServicesController from "./controllers/servicesController";
 import SessionController from "./controllers/sessionController";
 import UserMetadataController from "./controllers/userMetadataController";
 
+import * as mime from "mime";
 import { log } from "./utils/logger";
 import checkIP from "./utils/middleware/checkIP";
 
@@ -64,6 +65,7 @@ import * as appInsights from "applicationinsights";
 import { tryCatch2v } from "fp-ts/lib/Either";
 import { isEmpty, StrMap } from "fp-ts/lib/StrMap";
 import { fromLeft, taskEither, tryCatch } from "fp-ts/lib/TaskEither";
+import * as fs from "fs";
 import { VersionPerPlatform } from "../generated/public/VersionPerPlatform";
 import BonusController from "./controllers/bonusController";
 import SessionLockController from "./controllers/sessionLockController";
@@ -129,9 +131,10 @@ export interface IAppFactoryParameters {
   PagoPABasePath: string;
   MyPortalBasePath: string;
   BPDBasePath: string;
+  withBodyParser: boolean;
 }
 
-// tslint:disable-next-line: no-big-function
+// tslint:disable-next-line: cognitive-complexity no-big-function
 export function newApp({
   env,
   allowNotifyIPSourceRange,
@@ -145,7 +148,8 @@ export function newApp({
   BonusAPIBasePath,
   PagoPABasePath,
   MyPortalBasePath,
-  BPDBasePath
+  BPDBasePath,
+  withBodyParser
 }: IAppFactoryParameters): Promise<Express> {
   const REDIS_CLIENT =
     ENV === NodeEnvironmentEnum.DEVELOPMENT
@@ -247,21 +251,47 @@ export function newApp({
 
   app.use(morgan(loggerFormat));
 
-  //
-  // Setup parsers
-  //
-
-  // Parse the incoming request body. This is needed by Passport spid strategy.
-  app.use(bodyParser.json());
+  // When the application is running as Azure Function
+  // Express Body parser must be disabled.
+  if (withBodyParser) {
+    // Parse the incoming request body. This is needed by Passport spid strategy.
+    app.use(bodyParser.json());
 
-  // Parse an urlencoded body.
-  app.use(bodyParser.urlencoded({ extended: true }));
+    // Parse an urlencoded body.
+    app.use(bodyParser.urlencoded({ extended: true }));
+  }
 
   //
   // Define the folder that contains the public assets.
   //
 
-  app.use(express.static("public"));
+  app.get(/(\.html|\.svg|\.png)$/, async (req, res, next) => {
+    try {
+      const path = "public" + req.path;
+      if (!fs.existsSync(path)) {
+        return next();
+      }
+      const stat = await fs.promises.stat(path);
+      if (stat.isDirectory()) {
+        return next();
+      }
+      const type = mime.lookup(path);
+      if (type) {
+        const charset = mime.charsets.lookup(type);
+        res.setHeader(
+          "Content-Type",
+          // tslint:disable-next-line: restrict-plus-operands
+          type + (charset ? `; charset=${charset}` : "")
+        );
+      }
+      const content = await fs.promises.readFile(path);
+      res.setHeader("Content-Length", stat.size);
+      res.status(200).send(content);
+    } catch (err) {
+      log.error(`static|Error retrieving static file asset|error:%s`, err);
+      return next(err);
+    }
+  });
 
   //
   // Initializes Passport for incoming requests.