chore: fix audit

.circleci/config.yml

@@ -366,12 +366,8 @@ jobs:
       #     command: |
       #       docker-compose pull
       - run:
-          name: Start docker-compose
-          command: |
-            docker-compose up -d
-
-            # Check straight away to see if any containers have exited
-            docker-compose ps
+          name: Start docker compose
+          command: npm run dc:up
       - run:
           name: Wait for Health Services
           command: |
@@ -973,4 +969,4 @@ workflows:
               only: /v[0-9]+(\.[0-9]+)*\-snapshot+((\.[0-9]+)?)/
             branches:
               ignore:
-                - /.*/
+                - /.*/

.dockerignore

@@ -9,4 +9,4 @@ admin.Dockerfile
 Dockerfile
 LICENSE
 README.md
-.circleci/
+.circleci/

.gitignore

@@ -58,7 +58,7 @@ typings/
 .yarn-integrity
 
 # dotenv environment variables file
-.env
+#.env
 
 # next.js build output
 .next
@@ -79,3 +79,6 @@ devspace*
 
 # General Ignore
 *IGNORE*
+
+# macOS
+.DS_Store

.ncurc.yaml

@@ -2,5 +2,6 @@
 reject: [
   # TODO: v6+ (ref: https://github.com/sindresorhus/get-port/releases/tag/v6.0.0) is an ESM library and thus not compatible with CommonJS. Future story needed to resolve.
   "get-port",
-  "@mojaloop/sdk-standard-components"
+  "@mojaloop/sdk-standard-components",
+  "@mojaloop/central-services-shared" ## need to remove before merging proxyCache functionality to main
 ]

.nvmrc

@@ -1 +1 @@
-18.20.3
+18.19.0

Dockerfile

@@ -6,27 +6,26 @@ ARG NODE_VERSION=lts-alpine
 #  export NODE_VERSION="$(cat .nvmrc)-alpine" \
 #  docker build \
 #    --build-arg NODE_VERSION=$NODE_VERSION \
-#    -t mojaloop/sdk-scheme-adapter:local \
+#    -t mojaloop/account-lookup-service:local \
 #    . \
 #
 
 # Build Image
-FROM node:${NODE_VERSION} as builder
+FROM node:${NODE_VERSION} AS builder
 WORKDIR /opt/app
 
 RUN apk --no-cache add git
-RUN apk add --no-cache -t build-dependencies make gcc g++ python3 libtool openssl-dev autoconf automake bash \
+RUN apk add --no-cache -t build-dependencies make gcc g++ python3 py3-setuptools libtool openssl-dev autoconf automake bash \
     && cd $(npm root -g)/npm
 
-COPY package.json package-lock.json* /opt/app/
+COPY package.json package-lock.json /opt/app/
 
 RUN npm ci
 
 COPY src /opt/app/src
 COPY config /opt/app/config
 COPY migrations /opt/app/migrations
 COPY seeds /opt/app/seeds
-COPY test /opt/app/test
 
 FROM node:${NODE_VERSION}
 WORKDIR /opt/app
@@ -36,7 +35,7 @@ RUN mkdir ./logs && touch ./logs/combined.log
 RUN ln -sf /dev/stdout ./logs/combined.log
 
 # Create a non-root user: ml-user
-RUN adduser -D ml-user 
+RUN adduser -D ml-user
 USER ml-user
 
 COPY --chown=ml-user --from=builder /opt/app .

README.md

@@ -149,7 +149,7 @@ If you want to run integration tests in a repetitive manner, you can startup the
     Start containers required for Integration Tests
 
     ```bash
-    docker-compose -f docker-compose.yml up -d
+    npm run dc:up
     ```
 
     Run wait script which will report once all required containers are up and running

audit-ci.jsonc

@@ -26,7 +26,7 @@
     "GHSA-f9xv-q969-pqx4",
     "GHSA-7fh5-64p2-3v2j",
     "GHSA-rm97-x556-q36h", // https://github.com/advisories/GHSA-rm97-x556-q36h
-    "GHSA-rv95-896h-c2vc" // https://github.com/advisories/GHSA-rv95-896h-c2vc
-
+    "GHSA-rv95-896h-c2vc", // https://github.com/advisories/GHSA-rv95-896h-c2vc
+    "GHSA-952p-6rrq-rcjv"  // https://github.com/advisories/GHSA-952p-6rrq-rcjv
   ]
 }

config/default.json

@@ -1,4 +1,8 @@
 {
+  "HUB_PARTICIPANT": {
+    "ID": 1,
+    "NAME": "Hub"
+  },
   "ADMIN_PORT": 4001,
   "API_PORT": 4002,
   "DATABASE": {
@@ -51,10 +55,29 @@
     "MAX_BYTE_SIZE": 10000000,
     "EXPIRES_IN_MS": 61000
   },
+  "PROXY_CACHE": {
+    "enabled": true,
+    "type": "redis-cluster",
+    "proxyConfig": {
+      "cluster": [
+        { "host": "localhost", "port": 6379 }
+      ]
+    }
+  },
   "ERROR_HANDLING": {
     "includeCauseExtension": false,
     "truncateExtensions": true
   },
+  "HANDLERS": {
+    "DISABLED": false,
+    "MONITORING_PORT": 4003,
+    "TIMEOUT": {
+      "DISABLED": false,
+      "TIMEXP": "*/30 * * * * *",
+      "TIMEZONE": "UTC",
+      "BATCH_SIZE": 100
+    }
+  },
   "SWITCH_ENDPOINT": "http://localhost:3001",
   "INSTRUMENTATION": {
     "METRICS": {
@@ -74,7 +97,6 @@
   "ENDPOINT_SECURITY":{
     "JWS": {
       "JWS_SIGN": false,
-      "FSPIOP_SOURCE_TO_SIGN": "switch",
       "JWS_SIGNING_KEY_PATH": "secrets/jwsSigningKey.key"
     }
   },

docker-compose.yml

@@ -1,55 +1,94 @@
-version: "3.7"
-
 networks:
   als-mojaloop-net:
     name: als-mojaloop-net
+
+# @see https://uninterrupted.tech/blog/hassle-free-redis-cluster-deployment-using-docker/
+x-redis-node: &REDIS_NODE
+  image: docker.io/bitnami/redis-cluster:6.2.14
+  environment: &REDIS_ENVS
+    ALLOW_EMPTY_PASSWORD: yes
+    REDIS_CLUSTER_DYNAMIC_IPS: no
+    REDIS_CLUSTER_ANNOUNCE_IP: ${REDIS_CLUSTER_ANNOUNCE_IP}
+    REDIS_NODES: localhost:6379 localhost:6380 localhost:6381 localhost:6382 localhost:6383 localhost:6384
+  healthcheck:
+    test: [ "CMD", "redis-cli", "ping" ]
+    timeout: 2s
+  network_mode: host
 
-services:
-  account-lookup-service:
+x-account-lookup-service: &ACCOUNT_LOOKUP_SERVICE
     image: mojaloop/account-lookup-service:local
     build:
       context: .
       target: builder
-    container_name: als_account-lookup-service
     user: root
-    command:
-      - "sh"
-      - "-c"
-      - "sh /opt/wait-for/wait-for-account-lookup-service.sh && node src/index.js server"
-    ports:
-      - "4001:4001"
-      - "4002:4002"
+    environment:
+      LOG_LEVEL: debug
     networks:
       - als-mojaloop-net
     depends_on:
-      - mysql-als
       - central-ledger
+      - proxy
+      - mysql-als
+      - redis-node-0
+      # - redis
     volumes:
       - ./secrets:/opt/app/secrets
       - ./src:/opt/app/src
       - ./docker/account-lookup-service/default.json:/opt/app/config/default.json
       - ./docker/wait-for:/opt/wait-for
+    extra_hosts:
+      - "redis-node-0:host-gateway"
+
+services:
+  account-lookup-service:
+    <<: *ACCOUNT_LOOKUP_SERVICE
+    container_name: als_account-lookup-service
+    command:
+      - "sh"
+      - "-c"
+      - "sh /opt/wait-for/wait-for-account-lookup-service.sh && node src/index.js server"
+    ports:
+      - "4001:4001"
+      - "4002:4002"
     healthcheck:
       test: ["CMD", "sh", "-c" ,"apk --no-cache add curl", ";", "curl", "http://localhost:4001/health"]
       timeout: 20s
       retries: 10
       interval: 30s
-
+
+  account-lookup-service-handlers:
+    <<: *ACCOUNT_LOOKUP_SERVICE
+    container_name: als_account-lookup-service-handlers
+    command:
+      - "sh"
+      - "-c"
+      - "node src/handlers/index.js h --timeout"
+    depends_on:
+     - redis-node-0
+    ports:
+      - "4003:4003"
+    healthcheck:
+      test: ["CMD", "sh", "-c" ,"apk --no-cache add curl", ";", "curl", "http://localhost:4003/health"]
+      timeout: 20s
+      retries: 10
+      interval: 30s
+
   central-ledger:
-    image: mojaloop/central-ledger:latest
+#    image: mojaloop/central-ledger:latest
+    image: mojaloop/central-ledger:v17.8.0.160-snapshot.4
     container_name: als_central-ledger
     user: root
     command:
       - "sh"
       - "-c"
       - "sh /opt/wait-for/wait-for-central-ledger.sh && node src/api/index.js"
     ports:
-      - "3001:3001"
+      - "${CL_PORT:-3001}:3001"
     volumes:
        - ./docker/central-ledger/default.json:/opt/app/config/default.json
        - ./docker/wait-for:/opt/wait-for
     environment:
-      - LOG_LEVEL=info
+      - LOG_LEVEL=debug
       - CLEDG_DATABASE_URI=mysql://central_ledger:password@mysql-cl:3306/central_ledger
       - CLEDG_SIDECAR__DISABLED=true
       - CLEDG_MONGODB__DISABLED=true
@@ -64,6 +103,17 @@ services:
       retries: 10
       interval: 30s
 
+  proxy:
+    build:
+      context: ./docker/mock-proxy
+      dockerfile: Dockerfile
+    restart: always
+    env_file: ./test/integration/.env
+    ports:
+      - "${PROXY_PORT}:${PROXY_PORT}"
+    networks:
+      - als-mojaloop-net
+
   kafka:
     image: johnnypark/kafka-zookeeper:2.3.0
     container_name: als_kafka
@@ -124,3 +174,67 @@ services:
       retries: 10
       start_period: 40s
       interval: 30s
+
+  redis-node-0:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_CLUSTER_CREATOR: yes
+      REDIS_PORT_NUMBER: 6379
+    depends_on:
+      - redis-node-1
+      - redis-node-2
+      - redis-node-3
+      - redis-node-4
+      - redis-node-5
+  redis-node-1:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_PORT_NUMBER: 6380
+    ports:
+      - "16380:16380"
+  redis-node-2:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_PORT_NUMBER: 6381
+    ports:
+      - "16381:16381"
+  redis-node-3:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_PORT_NUMBER: 6382
+    ports:
+      - "16382:16382"
+  redis-node-4:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_PORT_NUMBER: 6383
+    ports:
+      - "16383:16383"
+  redis-node-5:
+    <<: *REDIS_NODE
+    environment:
+      <<: *REDIS_ENVS
+      REDIS_PORT_NUMBER: 6384
+    ports:
+      - "16384:16384"
+
+##  To be used with proxyCache.type === 'redis'
+#  redis:
+#    image: redis:6.2.4-alpine
+#    restart: "unless-stopped"
+#    environment:
+#      <<: *REDIS_ENVS
+#      REDIS_CLUSTER_CREATOR: yes
+#    depends_on:
+#      - redis-node-1
+#      - redis-node-2
+#      - redis-node-3
+#      - redis-node-4
+#      - redis-node-5
+#    ports:
+#      - "6379:6379"