diff --git a/.env.example b/.env.example index c6aba817f2..90884e2186 100644 --- a/.env.example +++ b/.env.example @@ -107,4 +107,5 @@ GOV_UK_PAY_TOKEN_GLOUCESTER=👻 GOV_UK_PAY_TOKEN_MEDWAY=👻 ## End-to-end test team (borrows Lambeth's details) +GOV_UK_PAY_SECRET_E2E=👻 GOV_UK_PAY_TOKEN_E2E=👻 diff --git a/api.planx.uk/modules/pay/controller.ts b/api.planx.uk/modules/pay/controller.ts index 45aa7798ec..47d2c91fe2 100644 --- a/api.planx.uk/modules/pay/controller.ts +++ b/api.planx.uk/modules/pay/controller.ts @@ -60,6 +60,7 @@ export const makePaymentViaProxy: PaymentProxyController = async ( ), }, req, + res, )(req, res, next); }; diff --git a/api.planx.uk/modules/pay/middleware.ts b/api.planx.uk/modules/pay/middleware.ts index 9c2f6b1c32..e11a537714 100644 --- a/api.planx.uk/modules/pay/middleware.ts +++ b/api.planx.uk/modules/pay/middleware.ts @@ -5,19 +5,26 @@ import { ServerError } from "../../errors"; /** * Confirm that this local authority (aka team) has a pay token - * TODO: Check this against a DB value instead of env vars? */ -export const isTeamUsingGovPay: RequestHandler = (req, _res, next) => { - const isSupported = - process.env[`GOV_UK_PAY_TOKEN_${req.params.localAuthority.toUpperCase()}`]; +export const isTeamUsingGovPay: RequestHandler = async (req, res, next) => { + const env = + process.env.APP_ENVIRONMENT === "production" ? "production" : "staging"; - if (!isSupported) { + const { govPayToken } = await $api.team.getIntegrations({ + env, + slug: req.params.localAuthority, + encryptionKey: process.env.ENCRYPTION_KEY!, + }); + + if (!govPayToken) { return next({ status: 400, message: `GOV.UK Pay is not enabled for this local authority (${req.params.localAuthority})`, }); } + res.locals.govPayToken = govPayToken; + next(); }; diff --git a/api.planx.uk/modules/pay/proxy.ts b/api.planx.uk/modules/pay/proxy.ts index 66d9ee47a5..e1f3ce331c 100644 --- a/api.planx.uk/modules/pay/proxy.ts +++ b/api.planx.uk/modules/pay/proxy.ts @@ -1,19 +1,15 @@ -import { Request } from "express"; +import { Response, Request } from "express"; import { fixRequestBody, Options } from "http-proxy-middleware"; import { useProxy } from "../../shared/middleware/proxy"; -export const usePayProxy = (options: Partial, req: Request) => { +export const usePayProxy = (options: Partial, req: Request, res: Response) => { return useProxy({ target: "https://publicapi.payments.service.gov.uk/v1/payments", onProxyReq: fixRequestBody, headers: { ...(req.headers as NodeJS.Dict), "content-type": "application/json", - Authorization: `Bearer ${ - process.env[ - `GOV_UK_PAY_TOKEN_${req.params.localAuthority}`.toUpperCase() - ] - }`, + Authorization: `Bearer ${res.locals.govPayToken}`, }, ...options, }); diff --git a/e2e/tests/ui-driven/src/context.ts b/e2e/tests/ui-driven/src/context.ts index 6419acec0f..ba852faaf9 100644 --- a/e2e/tests/ui-driven/src/context.ts +++ b/e2e/tests/ui-driven/src/context.ts @@ -82,6 +82,8 @@ export async function setUpTestContext( publisherId: context.user!.id!, }); } + await setupGovPaySecret($admin, context); + return context; } @@ -327,3 +329,29 @@ async function deleteTeam(adminGQLClient: GraphQLClient, context: Context) { } } } + +async function setupGovPaySecret($admin: CoreDomainClient, context: Context) { + try { + await $admin.client.request( + gql` + mutation SetupGovPaySecret( + $team_id: Int + $staging_govpay_secret: String + ) { + update_team_integrations( + where: { team_id: { _eq: $team_id } } + _set: { staging_govpay_secret: $staging_govpay_secret } + ) { + affected_rows + } + } + `, + { + team_id: context.team.id, + staging_govpay_secret: process.env.GOV_UK_PAY_SECRET_E2E, + }, + ); + } catch (error) { + throw Error("Failed to setup GovPay secret for E2E team"); + } +}