Token bug fix (#134)

* setting token in cookie for default hour 4

* fixed issue of verifier controller is not gettign passed through middleware

* updated onboarding template

* added kyb widget url

* code prettified

* increased token expiry for kyb

Author: varsha766

.deploy/deployment.yaml

@@ -117,6 +117,8 @@ spec:
           value: __CLIENT_APP_URL__
         - name: KYC_WIDGET_URL
           value: __KYC_WIDGET_URL__
+        - name: KYB_WIDGET_URL
+          value: __KYB_WIDGET_URL__
         - name: MAX_MFA_RETRY_ATTEMPT
           value: '__MAX_MFA_RETRY_ATTEMPT__' 
         - name: DASHBOARD_CREDIT_USAGE_NOTIFICATION_QUEUE

.github/workflows/pipeline.yaml

@@ -159,5 +159,7 @@ jobs:
       run: find .deploy/deployment.yaml -type f -exec sed  -i -e "s#__CLIENT_APP_URL__#${{ secrets.CLIENT_APP_URL }}#" {} \;
     - name: "Replace secrets"
       run: find .deploy/deployment.yaml -type f -exec sed  -i -e "s#__KYC_WIDGET_URL__#${{ secrets.KYC_WIDGET_URL }}#" {} \;
+    - name: "Replace secrets"
+      run: find .deploy/deployment.yaml -type f -exec sed  -i -e "s#__KYB_WIDGET_URL__#${{ secrets.KYB_WIDGET_URL }}#" {} \;
     - name: "Deploy to GKE"
       run: kubectl apply -f .deploy/deployment.yaml

dev.env.sample

@@ -27,6 +27,7 @@ MFA_REDIRECT_URL='http://localhost:9001/#/studio/mfa'
 MAX_MFA_RETRY_ATTEMPT=3
 CLIENT_APP_URL=https://entity.dashboard.hypersign.id
 KYC_WIDGET_URL=https://verify.hypersign.id
+KYB_WIDGET_URL=https://verify.business.hypersign.id
 
 
 

src/customer-onboarding/services/customer-onboarding.service.ts

@@ -710,6 +710,11 @@ export class CustomerOnboardingService {
                       this.config.get<string>('CLIENT_APP_URL'),
                       false,
                     ),
+                    urlSanitizer(
+                      this.config.get<string>('KYB_WIDGET_URL') ||
+                        'https://verify.business.hypersign.id',
+                      false,
+                    ),
                   ],
                   env: APP_ENVIRONMENT.dev,
                   hasDomainVerified: false,

src/mail-notification/constants/templates/credit-request.template.ts

@@ -40,10 +40,10 @@ export default function getCreditRequestNotificationMail(
     </p>
     <br>
     <ul>
+     <li><strong>OnboardingId:</strong> ${onboardingId}</li>
      <li><strong>UserId:</strong> ${userId}</li>
         ${emailFields}
      <li><strong>Requested Service:</strong> ${requestedService}</li>
-     <li><strong>OnboardingId:</strong> ${onboardingId}</li>
      <li><strong>companyName:</strong> ${companyName}</li>
      <li><strong>accountType:</strong> ${type}</li>
      ${optionalFields}

src/utils/time-constant.ts

@@ -9,7 +9,7 @@ export const TIME = {
 export const COOKIE_CONFIG = {
   AUTH: {
     name: 'accessToken',
-    expiry: 30 * TIME.MINUTE * 1000,
+    expiry: 4 * TIME.HOUR * 1000,
     redisExpiryTime: TIME.WEEK,
   },
   REFRESH: {
@@ -43,14 +43,22 @@ export const getSecondsFromUnit = (time: number, unit: TIME_UNIT) => {
  *  EXPIRY_CONFIG defines the expiry times for different types of tokens and Redis cache entries used across the system.
  */
 export const EXPIRY_CONFIG = {
-  // KYC and SSI Token for context - verifier Page and Customer App
+  // KYC and SSI Token for context - kyc verifier Page and Customer App
 
   VERIFIER_CUSTOMER_APP_ACCESS: {
     jwtTime: 30,
     jwtUnit: TIME_UNIT.MINUTE,
     redisExpiryTime: 30 * TIME.MINUTE,
   },
 
+  // KYC and SSI Token for context - kyb verifier Page and Customer App
+
+  VERIFIER_CUSTOMER_KYB_APP_ACCESS: {
+    jwtTime: 60,
+    jwtUnit: TIME_UNIT.MINUTE,
+    redisExpiryTime: 60 * TIME.MINUTE,
+  },
+
   // All Tokens generated during onboarding flow
 
   ONBOARDING_ACCESS: {

src/webpage-config/controller/webpage-config.controller.ts

@@ -35,7 +35,7 @@ import { AllExceptionsFilter, VerifierParamsDto } from 'src/utils/utils';
 @ApiTags('Webpage-config')
 @UseFilters(AllExceptionsFilter)
 @UsePipes(new ValidationPipe())
-@Controller('api/v1/app/')
+@Controller('api/v1/app')
 export class WebpageConfigController {
   constructor(private readonly webpageConfigService: WebpageConfigService) {}
 

src/webpage-config/services/webpage-config.service.ts

@@ -343,6 +343,10 @@ export class WebpageConfigService {
       GRANT_TYPES.access_service_ssi,
       TokenModule.ID_SERVICE,
     );
+    const expiryConfig =
+      serviceType === GRANT_TYPES.access_service_kyb
+        ? EXPIRY_CONFIG.VERIFIER_CUSTOMER_KYB_APP_ACCESS
+        : EXPIRY_CONFIG.VERIFIER_CUSTOMER_APP_ACCESS;
     // generate access tokens
     const [ssiAccessTokenDetail, pageAccessTokenDetail] = await Promise.all([
       this.appAuthService.getAccessToken(
@@ -353,8 +357,8 @@ export class WebpageConfigService {
           sessionId: generateHash(ssiServiceId),
           subdomain: ssiServiceDetail.subdomain,
         },
-        EXPIRY_CONFIG.VERIFIER_CUSTOMER_APP_ACCESS.jwtTime,
-        EXPIRY_CONFIG.VERIFIER_CUSTOMER_APP_ACCESS.jwtUnit,
+        expiryConfig.jwtTime,
+        expiryConfig.jwtUnit,
       ),
       this.appAuthService.getAccessToken(
         {
@@ -368,8 +372,8 @@ export class WebpageConfigService {
           ),
           subdomain: kycServiceDetail.subdomain,
         },
-        EXPIRY_CONFIG.VERIFIER_CUSTOMER_APP_ACCESS.jwtTime,
-        EXPIRY_CONFIG.VERIFIER_CUSTOMER_APP_ACCESS.jwtUnit,
+        expiryConfig.jwtTime,
+        expiryConfig.jwtUnit,
       ),
     ]);
     const redisPayload: any = {