feat(services-bff): My pages bff setup (#16543)

* Fix user menu test

* Updates to environment and config

* Update infra allowed external api urls to be hard coded

* Simplify client urls with bff postfix in it

* Add ingress to project and remove logout redirect path in favour of client base url

* Add docker express to services bff

* update config simpler syntax

* chore: nx format:write update dirty files

* Update config and redis dev setup

* Update crypto service to include algorithm in the encryption, explain better in comments what encrypt/decrypt is doing and update crypto test to not use mock

* Remove CORS entirely in favour of client proxy config

* Update error handling in bff backend, refactor infra and handle error query param in client

* When proxy service errors then handle as unauthorized. Update targetUrl to be defensive, i.e. no undefined possible.

* Remove unnecessary Uint8Array conversion

* Simplify the BFFUser object to not have dateOfBirth and remove double scope field which was due to backwards compatibility

* Update cookies to share constants, update options to be more secure

* access token expire time latency by 5 sec

* remove omit

* Update user profile cache ttl

* update cache ttl again and rename baseUrl to issuerUrl in ids service

* reaname var

* remove params from cache attempt that where not used in the callback

* Clean up old session in login callback if it exists

* Fix login callback cache clean up and revoke refresh token

* Update logout flow to clean up, revoke tokens and better validation. Also deletes the logout callback

* remove unused import

* Simplify error in favour of enhanced fetch

* created enhanced fetch module, moved pkce service to services, updated proxy service and a little refactor

* par support flag not optional

* Fix typo

* Add better validation to crypto decryption function

* Update validate uri to be more secure, create test for validate uri. Update port range in environment

* Remove state param from logout to ensure it will not be passed to redirect uri

* Adding more tests and increasing security in the function

* Refactor after reading comments from coderabbit

* remove private from method for test

* Move portal scopes to shareable location.

* Remove unused import

* Add no_refresh query to user endpoint in backend

* Polling and broadcaster added to react spa bff library

* Enhanced security in pkce service.and improve error handling to be more secure

* Update usePolling to have better types and secure resumabiltiy.

* Refactor useBroadcaster.

* Add client logic to handle the case if bff server goes down

* Fix tests and builds

* Fix portal infra local vars

* DX infra setup for services-bff

* Remove error log from revokeRefreshToken since it is handled by enhancedFetch and update download service local url

* Rename cached toke fields to be prefixed with encrypted and fix where encryption was missing. Also fix for revoking wrong token

* Better handling on errors in auth service

* Update api requests formatting and handling to handle exceptions and errors better.

* Update apps/services/bff/src/app/bff.config.ts

simpler redis config

Co-authored-by: Eiríkur Heiðar Nilsson <eirikur@nilsson.is>

* cleanup after commit from github

* Update after our pull request AI suggested the change

* Remove broadcaster mocks

* Remove redundant timeout in favour of poller

* Fix portal config, fix redis cache module init, update bff provider to handle logout in before redirect

* Remove timeout in logout broadcasting and throw the error in postRequest if not successful plain text response

* Revert the timeout in the logout

* chore: charts update dirty files

* Rename queries to dto for consistency in monorepo and add log for logout callback

* Fix cli error that got merged from main

* Fix prettier formatting error

* chore: nx format:write update dirty files

* fix storybook build

* ci: trigger from levy user

* fix: use portals-admin, added portal-env test

* Revert manual validation and use library

* Use fetch instead of post in download url

* Fix type errors and add forward get proxy api request

* fix: main conflict

* chore: charts update dirty files

* fix: prettier issues

* chore: prettify

* chore: nx format:write update dirty files

* ci: add services-bff to helm chart

* Fix env vars for feature deploy

* Fix health check to be excluded from prefix

* update global prefix logic

* update bff services options

* Remove bff redis name env var

* Update bff config again

* Update portal env spec for feature branch

* chore: charts update dirty files

* Update validation error log

* Remove database healthcheck

* Revert globalprefix options and update liveness and readiness infra checks

* chore: charts update dirty files

* Add auth controller tests

* Add logout log for testing in feature deploy

* remove unused

* clean up auth controller test

* chore: nx format:write update dirty files

* Add tests for proxy controller

* Add ref to infra for api

* update charts

* add zed editor config to gitignore

* Add support for mocks

* chore: nx format:write update dirty files

* Fix portal env spec

* chore: charts update dirty files

* Update mocking server logic for portals

* update mock logic

* fix: public envs (#16493)

* fix: merge conflict

* fix: improved zod schema generation

* test: update portal-env test for service building

* fix: generate feature deploy urls

* fix: improve getEnvUrl func

* feat: integrated bff to ServiceBuilder

* fix: more abstraction to dsl

* fix: simplify and cleanup

* chore: remove unused file

* chore: cleanup dupes

* chore: nx format:write update dirty files

* chore: more cleanup

---------

Co-authored-by: andes-it <builders@andes.is>

* Move my-pages over to bff first attempt

* chore: remove nx-command impl (#16532)

* chore: move nx runcommand cli to a new PR

* chore: commit save point

* chore: commit save point

* Update infra setup

* fix tests

* chore: charts update dirty files

* update my pages infra

* fix env in infra

* fix infra url

* Removed un used import

* chore: charts update dirty files

* chore: nx format:write update dirty files

* fix: revert secret type changes

* chore: nx format:write update dirty files

* chore: cleanup

* Removed un used import

* Update after self review

* fix feature deployment url

* fix tests

* fix missing logger

* chore: nx format:write update dirty files

* update api graphql bff config env var

* update api graphql bff config env var

* fix tests

* fix tests

* chore: charts update dirty files

* chore: nx format:write update dirty files

* grantnamespaces

* chore: charts update dirty files

* grantnamespace identity server

* chore: charts update dirty files

* disable global auth on dev

* disable global auth on dev

* chore: charts update dirty files

* Fix UserMenu test

* fix portal core tests

* test: update bff tests

* test: fix scope bad placement

* fix: minor cleanup

* chore: nx format:write update dirty files

* chore: charts update dirty files

* Merge branch 'main' into feat/bff-my-pages

# Conflicts:
#	apps/portals/my-pages/project.json
#	libs/react-spa/bff/src/lib/bff.hooks.ts

* Add authority string to bff state

* update to new bff hooks

* Revert "Merge branch 'main' into feat/bff-my-pages"

This reverts commit 3f74e60.

* chore: charts update dirty files

* chore: nx format:write update dirty files

* Update hooks

* chore: charts update dirty files

* Update formSubmit handler to proxy bff requests and add external post request to proxy.controller

* Fix test

* Small fixes

* chore: rebuild

* update hook after bff addon

* Remove unused commit

* Add issuer to my-pages

* chore: charts update dirty files

* chore: nx format:write update dirty files

* remove unused env var from my pages infra

* chore: charts update dirty files

* Introduce legacy user info hook until application system has implemented bff pattern

* chore: charts update dirty files

* Add useLegacyAuth hook to support both contexts

* Revert back to bff only hooks

* Update global prefix path for my pages

* Fix bff creator logic

* fix tests

* chore: charts update dirty files

* fix tests

* chore: charts update dirty files

* update charts build error

* console.error if no download url is found

* fix document type check

* fix infra paths

* chore: charts update dirty files

* feat(application-system-form): Update application-system to use bff (#16973)

* Update hooks and frontend code for application system

* Add proxy config to application system

* Add support to add allowed redirect uris from bff infras

* chore: charts update dirty files

* chore: nx format:write update dirty files

* add application system scopes to my-pages-portal

* chore: charts update dirty files

* Update mocking setup for all SPAs

---------

Co-authored-by: andes-it <builders@andes.is>

* update application system ui tests

* Fix tests

* fix islandis build error

* Extend Redis cache keys to be unique between bffs since using same Redis server

* Add deprecation messages to old hooks

* Fix warning

* Fix tests and change separator for cache key

* Remove redundant config

* Remove options from mock

* Fix potential body error

* Make sure that bff scopes are uniq

* chore: nx format:write update dirty files

* Include targetLinkUrl in error redirects

* Update base bff infra to be strict about allowed redirect uris

* Use bff hooks instead in old auth lib

* Add comment about birthday hook and remove user type from isDelegation hook

* Remove optional check on profile

* Update bff redirect url logic

* fix accidental scope switch

* chore: charts update dirty files

* Update prod url for allowed redirect uris

* chore: charts update dirty files

* Move comment above hook

* Update redirect uris

* fix tests

* chore: charts update dirty files

* Fix prod being null

* chore: charts update dirty files

* Fix prod url being null when using ctx.env.domain

* chore: charts update dirty files

* Prod url fix

* chore: charts update dirty files

* Revert removed auth context

* chore: nx format:write update dirty files

---------

Co-authored-by: andes-it <builders@andes.is>
Co-authored-by: Eiríkur Heiðar Nilsson <eirikur@nilsson.is>
Co-authored-by: Jón Levy <levy@andes.is>

apps/application-system/form/infra/application-system-form.ts

@@ -1,25 +1,12 @@
 import { ref, service, ServiceBuilder } from '../../../../infra/src/dsl/dsl'
 
-export const serviceSetup = (services: {
-  api: ServiceBuilder<'api'>
-}): ServiceBuilder<'application-system-form'> =>
+export const serviceSetup = (): ServiceBuilder<'application-system-form'> =>
   service('application-system-form')
     .namespace('application-system')
     .liveness('/liveness')
     .readiness('/readiness')
     .env({
       BASEPATH: '/umsoknir',
-      SI_PUBLIC_GRAPHQL_PATH: {
-        dev: '',
-        prod: '',
-        staging: '',
-        local: ref((h) => `http://${h.svc(services.api)}`),
-      },
-      SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: {
-        dev: 'https://identity-server.dev01.devland.is',
-        staging: 'https://identity-server.staging01.devland.is',
-        prod: 'https://innskra.island.is',
-      },
       SI_PUBLIC_ENVIRONMENT: ref((h) => h.env.type),
     })
     .secrets({

apps/application-system/form/project.json

@@ -64,7 +64,8 @@
       "executor": "@nx/webpack:dev-server",
       "options": {
         "port": 4242,
-        "buildTarget": "application-system-form:build"
+        "buildTarget": "application-system-form:build",
+        "proxyConfig": "apps/application-system/form/proxy.config.json"
       },
       "configurations": {
         "production": {
@@ -103,16 +104,32 @@
         "parallel": false
       }
     },
+    "start-bff": {
+      "executor": "nx:run-commands",
+      "options": {
+        "commands": [
+          "node -r esbuild-register src/cli/cli.ts run-local-env services-bff-portals-my-pages"
+        ],
+        "cwd": "infra"
+      }
+    },
     "dev": {
       "executor": "nx:run-commands",
       "options": {
         "commands": [
           "yarn nx run application-system-api:dev",
+          "yarn nx run service-portal:start-bff",
           "yarn start application-system-form"
         ],
         "parallel": true
       }
     },
+    "mock": {
+      "executor": "nx:run-commands",
+      "options": {
+        "commands": ["API_MOCKS=true yarn start application-system-form"]
+      }
+    },
     "docker-static": {
       "executor": "Intentionally left blank, only so this target is valid when using `nx show projects --with-target docker-static`"
     }

apps/application-system/form/proxy.config.json

@@ -0,0 +1,6 @@
+{
+  "/bff/*": {
+    "target": "http://localhost:3010",
+    "secure": false
+  }
+}

apps/application-system/form/src/app/App.tsx

@@ -1,23 +1,34 @@
 import { ApolloProvider } from '@apollo/client'
 
-import { initializeClient } from '@island.is/application/graphql'
+import { client } from '@island.is/application/graphql'
 import { LocaleProvider } from '@island.is/localization'
-import { defaultLanguage } from '@island.is/shared/constants'
-import { AuthProvider } from '@island.is/auth/react'
 import { FeatureFlagProvider } from '@island.is/react/feature-flags'
+import { defaultLanguage } from '@island.is/shared/constants'
 
+import { applicationSystemScopes } from '@island.is/auth/scopes'
+import { BffProvider, createMockedInitialState } from '@island.is/react-spa/bff'
+import { Router } from '../components/Router'
 import { environment } from '../environments'
 import { BASE_PATH } from '../lib/routes'
-import { Router } from '../components/Router'
+import { isMockMode } from '../mocks'
+
+const mockedInitialState = isMockMode
+  ? createMockedInitialState({
+      scopes: applicationSystemScopes,
+    })
+  : undefined
 
 export const App = () => (
-  <ApolloProvider client={initializeClient(environment.baseApiUrl)}>
+  <ApolloProvider client={client}>
     <LocaleProvider locale={defaultLanguage} messages={{}}>
-      <AuthProvider basePath={BASE_PATH}>
+      <BffProvider
+        applicationBasePath={BASE_PATH}
+        mockedInitialState={mockedInitialState}
+      >
         <FeatureFlagProvider sdkKey={environment.featureFlagSdkKey}>
           <Router />
         </FeatureFlagProvider>
-      </AuthProvider>
+      </BffProvider>
     </LocaleProvider>
   </ApolloProvider>
 )

apps/application-system/form/src/components/Router.tsx

@@ -1,15 +1,15 @@
 import { createBrowserRouter, RouterProvider } from 'react-router-dom'
 
-import { useAuth } from '@island.is/auth/react'
-import { LoadingScreen } from '@island.is/react/components'
-import { BASE_PATH, routes } from '../lib/routes'
-import React, { useRef } from 'react'
 import { useLocale } from '@island.is/localization'
+import { useUserInfo } from '@island.is/react-spa/bff'
+import { LoadingScreen } from '@island.is/react/components'
+import { useRef } from 'react'
 import { m } from '../lib/messages'
+import { BASE_PATH, routes } from '../lib/routes'
 
 export const Router = () => {
   const { formatMessage } = useLocale()
-  const { userInfo } = useAuth()
+  const userInfo = useUserInfo()
   const router = useRef<ReturnType<typeof createBrowserRouter>>()
 
   if (!userInfo) {

apps/application-system/form/src/environments/environment.ts

@@ -2,10 +2,6 @@ import { getStaticEnv } from '@island.is/shared/utils'
 
 const devConfig = {
   production: false,
-  baseApiUrl: 'http://localhost:4444',
-  identityServer: {
-    authority: 'https://identity-server.dev01.devland.is',
-  },
   featureFlagSdkKey: 'YcfYCOwBTUeI04mWOWpPdA/KgCHhUk0_k2BdiKMaNh3qA',
   DD_RUM_CLIENT_TOKEN: 'unknown',
   DD_RUM_APPLICATION_ID: 'unknown',
@@ -15,10 +11,6 @@ const devConfig = {
 
 const prodConfig = {
   production: true,
-  baseApiUrl: getStaticEnv('SI_PUBLIC_GRAPHQL_PATH') ?? window.location.origin,
-  identityServer: {
-    authority: getStaticEnv('SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL'),
-  },
   featureFlagSdkKey: getStaticEnv('SI_PUBLIC_CONFIGCAT_SDK_KEY'),
   DD_RUM_CLIENT_TOKEN: getStaticEnv('SI_PUBLIC_DD_RUM_CLIENT_TOKEN'),
   DD_RUM_APPLICATION_ID: getStaticEnv('SI_PUBLIC_DD_RUM_APPLICATION_ID'),

apps/application-system/form/src/lib/routes.tsx

@@ -1,12 +1,12 @@
 import { Outlet, RouteObject } from 'react-router-dom'
 
-import { UserProfileLocale } from '@island.is/shared/components'
 import { ErrorShell, HeaderInfoProvider } from '@island.is/application/ui-shell'
+import { UserProfileLocale } from '@island.is/shared/components'
 
+import { Layout } from '../components/Layout/Layout'
 import { Application } from '../routes/Application'
 import { Applications } from '../routes/Applications'
 import { AssignApplication } from '../routes/AssignApplication'
-import { Layout } from '../components/Layout/Layout'
 
 export const BASE_PATH = '/umsoknir'
 

apps/application-system/form/src/main.tsx

@@ -1,14 +1,12 @@
 import '@island.is/api/mocks'
-import React, { StrictMode } from 'react'
+import { StrictMode } from 'react'
 import { createRoot } from 'react-dom/client'
 
 import { isRunningOnEnvironment } from '@island.is/shared/utils'
 
-import './auth'
-
-import { environment } from './environments'
-import App from './app/App'
 import { userMonitoring } from '@island.is/user-monitoring'
+import App from './app/App'
+import { environment } from './environments'
 
 if (!isRunningOnEnvironment('local')) {
   userMonitoring.initDdRum({

apps/application-system/form/src/mocks/index.ts

@@ -0,0 +1 @@
+export const isMockMode = process.env.API_MOCKS === 'true'

apps/application-system/form/src/routes/Application.tsx

@@ -1,9 +1,9 @@
 import { useParams } from 'react-router-dom'
 
+import { coreMessages } from '@island.is/application/core'
 import { ApplicationForm, ErrorShell } from '@island.is/application/ui-shell'
 import { useLocale } from '@island.is/localization'
-import { coreMessages } from '@island.is/application/core'
-import { useAuth } from '@island.is/auth/react'
+import { useUserInfo } from '@island.is/react-spa/bff'
 
 type UseParams = {
   slug: string
@@ -12,7 +12,7 @@ type UseParams = {
 
 export const Application = () => {
   const { slug, id } = useParams() as UseParams
-  const { userInfo } = useAuth()
+  const userInfo = useUserInfo()
   const { formatMessage } = useLocale()
   const nationalRegistryId = userInfo?.profile?.nationalId
 

apps/download-service/src/app/modules/documents/document.controller.ts

@@ -67,9 +67,9 @@ export class DocumentController {
         rawDocumentDTO.fileName
       }.pdf`,
     )
-    res.header('Pragma: no-cache')
-    res.header('Cache-Control: no-cache')
-    res.header('Cache-Control: nmax-age=0')
+    res.header('Pragma', 'no-cache')
+    res.header('Cache-Control', 'no-cache')
+    res.header('Cache-Control', 'nmax-age=0')
 
     return res.end(buffer)
   }

apps/portals/admin/infra/portals-admin.ts

@@ -17,11 +17,6 @@ export const serviceSetup = (): ServiceBuilder<'portals-admin'> =>
     })
     .env({
       BASEPATH: '/stjornbord',
-      SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: {
-        dev: 'https://identity-server.dev01.devland.is',
-        staging: 'https://identity-server.staging01.devland.is',
-        prod: 'https://innskra.island.is',
-      },
       SI_PUBLIC_ENVIRONMENT: ref((h) => h.env.type),
     })
     .secrets({

apps/portals/admin/project.json

@@ -111,7 +111,7 @@
         ]
       }
     },
-    "mockmode": {
+    "mock": {
       "executor": "nx:run-commands",
       "options": {
         "commands": ["API_MOCKS=true yarn start portals-admin"]

apps/portals/admin/src/app/App.tsx

@@ -1,4 +1,5 @@
 import { ApolloProvider } from '@apollo/client'
+import { adminPortalScopes } from '@island.is/auth/scopes'
 import { LocaleProvider } from '@island.is/localization'
 import {
   ApplicationErrorBoundary,
@@ -13,7 +14,6 @@ import { client } from '../graphql'
 import { modules } from '../lib/modules'
 import { AdminPortalPaths } from '../lib/paths'
 import { createRoutes } from '../lib/routes'
-import { adminPortalScopes } from '@island.is/auth/scopes'
 
 const mockedInitialState = isMockMode
   ? createMockedInitialState({
@@ -27,6 +27,7 @@ export const App = () => (
       <ApplicationErrorBoundary>
         <BffProvider
           applicationBasePath={AdminPortalPaths.Base}
+          bffGlobalPrefix={`${AdminPortalPaths.Base}/bff`}
           mockedInitialState={mockedInitialState}
         >
           <FeatureFlagProvider sdkKey={environment.featureFlagSdkKey}>

apps/portals/admin/src/environments/environment.ts

@@ -2,9 +2,6 @@ import { getStaticEnv } from '@island.is/shared/utils'
 
 const devConfig = {
   production: false,
-  identityServer: {
-    authority: 'https://identity-server.dev01.devland.is',
-  },
   featureFlagSdkKey: 'YcfYCOwBTUeI04mWOWpPdA/KgCHhUk0_k2BdiKMaNh3qA',
   DD_RUM_CLIENT_TOKEN: 'unknown',
   DD_RUM_APPLICATION_ID: 'unknown',
@@ -14,9 +11,6 @@ const devConfig = {
 
 const prodConfig = {
   production: true,
-  identityServer: {
-    authority: getStaticEnv('SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL'),
-  },
   featureFlagSdkKey: getStaticEnv('SI_PUBLIC_CONFIGCAT_SDK_KEY'),
   DD_RUM_CLIENT_TOKEN: getStaticEnv('SI_PUBLIC_DD_RUM_CLIENT_TOKEN'),
   DD_RUM_APPLICATION_ID: getStaticEnv('SI_PUBLIC_DD_RUM_APPLICATION_ID'),

apps/portals/my-pages/infra/portals-my-pages.ts

@@ -1,8 +1,6 @@
 import { ref, service, ServiceBuilder } from '../../../../infra/src/dsl/dsl'
 
-export const serviceSetup = (services: {
-  graphql: ServiceBuilder<'api'>
-}): ServiceBuilder<'service-portal'> =>
+export const serviceSetup = (): ServiceBuilder<'service-portal'> =>
   service('service-portal')
     .namespace('service-portal')
     .liveness('/liveness')
@@ -18,18 +16,7 @@ export const serviceSetup = (services: {
     })
     .env({
       BASEPATH: '/minarsidur',
-      SI_PUBLIC_IDENTITY_SERVER_ISSUER_URL: {
-        dev: 'https://identity-server.dev01.devland.is',
-        staging: 'https://identity-server.staging01.devland.is',
-        prod: 'https://innskra.island.is',
-      },
       SI_PUBLIC_ENVIRONMENT: ref((h) => h.env.type),
-      SI_PUBLIC_GRAPHQL_API: {
-        prod: '/api/graphql',
-        staging: '/api/graphql',
-        dev: '/api/graphql',
-        local: ref((h) => `http://${h.svc(services.graphql)}/api/graphql`),
-      },
     })
     .secrets({
       SI_PUBLIC_CONFIGCAT_SDK_KEY: '/k8s/configcat/CONFIGCAT_SDK_KEY',