Merge branch 'v2' into form-level-analytics

SullyK · web-flow · commit 42f534256488 · 2025-05-28T16:57:19.000+01:00
diff --git a/model/src/data-model/types.ts b/model/src/data-model/types.ts
@@ -222,4 +222,7 @@ export type FormDefinition = {
   toggle?: boolean | string | undefined;
   retryTimeoutSeconds?: number | undefined;
   analytics?: Analytics;
+  webhookHmacSharedKey?: string | undefined;
+  fullStartPage?: string | undefined;
+  serviceName?: string | undefined;
 };
diff --git a/model/src/schema/schema.ts b/model/src/schema/schema.ts
@@ -354,6 +354,9 @@ export const Schema = joi
     toggleRedirect: joi.string().optional(),
     retryTimeoutSeconds: joi.number().optional(),
     analytics: analyticsSchema.optional(),
+    webhookHmacSharedKey: joi.string().optional(),
+    fullStartPage: joi.string().optional(),
+    serviceName: joi.string().optional(),
   });
 
 /**
diff --git a/runner/src/server/forms/kls-test-form.json b/runner/src/server/forms/kls-test-form.json
diff --git a/runner/src/server/plugins/views.ts b/runner/src/server/plugins/views.ts
@@ -71,9 +71,9 @@ export default {
         appVersion: pkg.version,
         assetPath: "/assets",
         cookiesPolicy: request?.state?.cookies_policy,
-        serviceName: capitalize(config.serviceName),
+        serviceName: capitalize(request.server?.app?.forms?.[request.params?.id]?.def?.serviceName || config.serviceName),
         feedbackLink: config.feedbackLink,
-        pageTitle: config.serviceName + " - GOV.UK",
+        pageTitle: (request.server?.app?.forms?.[request.params?.id]?.def?.serviceName || config.serviceName) + " - GOV.UK",
         analyticsAccount: config.analyticsAccount,
         gtmId1: analytics.gtmId1 || "",
         gtmId2: analytics.gtmId2 || "",
@@ -83,13 +83,14 @@ export default {
         BROWSER_REFRESH_URL: config.browserRefreshUrl,
         sessionTimeout: config.sessionTimeout,
         skipTimeoutWarning: false,
-        serviceStartPage: config.serviceStartPage || "#",
+        serviceStartPage: request.server?.app?.forms?.[request.params?.id]?.def?.fullStartPage || config.serviceName || "#",
         privacyPolicyUrl: config.privacyPolicyUrl || "/help/privacy",
         phaseTag: config.phaseTag,
         navigation: request?.auth.isAuthenticated
           ? [{ text: "Sign out", href: "/logout" }]
           : null,
       };
     },
+
   },
 };
diff --git a/runner/src/server/services/statusService.ts b/runner/src/server/services/statusService.ts
@@ -1,4 +1,5 @@
 import { HapiRequest, HapiServer } from "../types";
+import { createHmacRaw } from "../utils/hmac";
 import {
   CacheService,
   NotifyService,
@@ -130,6 +131,29 @@ export class StatusService {
 
     let newReference;
 
+    /**
+     * If the OPTIONAL config contains webhookHmacSharedKey, then we send HMAC Auth headers
+     * This is used to confirm ONLY X-Gov's backend is sending data to our API
+     * Everyone else will be Rejected
+     */
+    const id = request.params?.id;
+    const forms = request.server?.app?.forms;
+    const model = id && forms?.[id];
+    const hmacKey = model?.def?.webhookHmacSharedKey;
+    let customSecurityHeaders: Record<string, string> = {};
+
+    if (hmacKey) {
+      const [hmacSignature, requestTime, hmacExpiryTime] = await createHmacRaw(
+        request.yar.id,
+        hmacKey
+      );
+      customSecurityHeaders = {
+        "X-Request-ID": request.yar.id.toString(),
+        "X-HMAC-Signature": hmacSignature.toString(),
+        "X-HMAC-Time": requestTime.toString(),
+      };
+    }
+
     if (callback) {
       this.logger.info(
         ["StatusService", "outputRequests"],
@@ -153,7 +177,8 @@ export class StatusService {
         firstWebhook.outputData.url,
         { ...formData },
         "POST",
-        firstWebhook.outputData.sendAdditionalPayMetadata
+        firstWebhook.outputData.sendAdditionalPayMetadata,
+        customSecurityHeaders
       );
       await this.cacheService.mergeState(request, {
         reference: newReference,
@@ -178,7 +203,8 @@ export class StatusService {
             ...formData,
           },
           "POST",
-          sendAdditionalPayMetadata
+          sendAdditionalPayMetadata,
+          customSecurityHeaders
         )
       ),
     ];
diff --git a/runner/src/server/services/webhookService.ts b/runner/src/server/services/webhookService.ts
@@ -27,20 +27,26 @@ export class WebhookService {
     url: string,
     data: object,
     method: "POST" | "PUT" = "POST",
-    sendAdditionalPayMetadata: boolean = false
+    sendAdditionalPayMetadata: boolean = false,
+    authHeaders?: Record<string, string>
   ) {
     // Commented out due to potential for logging PII
     // this.logger.info(
     //   ["WebhookService", "postRequest body"],
     //   JSON.stringify(data)
     // );
+
     let request = method === "POST" ? post : put;
     try {
       if (!sendAdditionalPayMetadata) {
         delete data?.metadata?.pay;
       }
       const { payload } = await request(url, {
         ...DEFAULT_OPTIONS,
+        headers: {
+          ...DEFAULT_OPTIONS.headers,
+          ...(authHeaders || {}),
+        },
         payload: JSON.stringify(data),
       });
 
diff --git a/runner/src/server/utils/hmac.ts b/runner/src/server/utils/hmac.ts
@@ -80,6 +80,29 @@ export async function createHmac(email: string, hmacKey: string) {
   }
 }
 
+/**
+ * Similar to the above but returns raw epoch timestamps,
+ * making it preferable for cryptographic logic.
+ * The other function may benefit from refactoring
+ * to separate display logic from core logic. */
+export async function createHmacRaw(message: string, hmacKey: string) {
+  try {
+    const currentTimestamp = Math.floor(Date.now() / 1000);
+    const dataToHash = message + currentTimestamp;
+    const hmac = crypto
+      .createHmac("sha256", hmacKey)
+      .update(dataToHash)
+      .digest("hex");
+
+    const expiryTimestamp = currentTimestamp + TIME_THRESHOLD;
+
+    return [hmac, currentTimestamp, expiryTimestamp];
+  } catch (error) {
+    console.error("Error creating HMAC (raw):", error);
+    throw error;
+  }
+}
+
 /**
  * Validates an HMAC signature
  */
diff --git a/runner/src/server/views/timeout.html b/runner/src/server/views/timeout.html
@@ -14,7 +14,7 @@ <h1 class="govuk-heading-l">Your application has timed out</h1>
           We have reset your application because you did not do anything for {{ sessionTimeout / 60000 }} minutes. We did this
           to keep your information secure.
         </p>
-        <a href="{{ serviceStartPage }}" class="govuk-button">Start application again</a>
+        <a href="{{ startPage }}" class="govuk-button">Start application again</a>
       </div>
     </div>
   </div>
