change configs to live centrally in config.ts

Author: devksingh4

cloudformation/main.yml

@@ -39,14 +39,10 @@ Mappings:
       ApiCertificateArn: arn:aws:acm:us-east-1:427040638965:certificate/63ccdf0b-d2b5-44f0-b589-eceffb935c23
       HostedZoneId: Z04502822NVIA85WM2SML
       ApiDomainName: "aws.qa.acmuiuc.org"
-      ValidCorsOrigins: ["*"]
-      AadValidClientId: "39c28870-94e4-47ee-b4fb-affe0bf96c9f"
     prod:
       ApiCertificateArn: arn:aws:acm:us-east-1:298118738376:certificate/6142a0e2-d62f-478e-bf15-5bdb616fe705
       HostedZoneId: Z05246633460N5MEB9DBF
       ApiDomainName: "aws.acmuiuc.org" # CHANGE ME
-      ValidCorsOrigins: ["https://acm.illinois.edu", "https://www.acm.illinois.edu"]
-      AadValidClientId: "5e08cf0f-53bb-4e09-9df2-e9bdc3467296"
   EnvironmentToCidr:
     dev:
       SecurityGroupIds:
@@ -97,8 +93,6 @@ Resources:
       Environment:
         Variables:
           RunEnvironment: !Ref RunEnvironment
-          ValidCorsOrigins: !Join [",", !FindInMap [ApiGwConfig, !Ref RunEnvironment, ValidCorsOrigins]]
-          AadValidClientId: !FindInMap [ApiGwConfig, !Ref RunEnvironment, AadValidClientId]
       VpcConfig: 
         Ipv6AllowedForDualStack: !If [ShouldAttachVpc, True, !Ref AWS::NoValue]
         SecurityGroupIds: !If [ShouldAttachVpc, !FindInMap [EnvironmentToCidr, !Ref RunEnvironment, SecurityGroupIds], !Ref AWS::NoValue]

src/config.ts

@@ -1,3 +1,51 @@
-export default {
-  DYNAMO_TABLE_NAME: "infra-events-api-records",
+import { AppRoles, RunEnvironment } from "./roles.js";
+
+type GroupRoleMapping = Record<string, AppRoles[]>;
+type AzureRoleMapping = Record<string, AppRoles[]>;
+
+type ConfigType = {
+  GroupRoleMapping: GroupRoleMapping;
+  AzureRoleMapping: AzureRoleMapping;
+  ValidCorsOrigins: (string | RegExp)[];
+  AadValidClientId: string;
 };
+
+type GenericConfigType = {
+  DynamoTableName: string;
+  ConfigSecretName: string;
+};
+
+type EnvironmentConfigType = {
+  [env in RunEnvironment]: ConfigType;
+};
+
+const genericConfig: GenericConfigType = {
+  DynamoTableName: "infra-events-api-records",
+  ConfigSecretName: "infra-events-api-config",
+} as const;
+
+const environmentConfig: EnvironmentConfigType = {
+  dev: {
+    GroupRoleMapping: {
+      "48591dbc-cdcb-4544-9f63-e6b92b067e33": [AppRoles.MANAGER], // Infra Chairs
+      "940e4f9e-6891-4e28-9e29-148798495cdb": [AppRoles.MANAGER], // ACM Infra Team
+      "f8dfc4cf-456b-4da3-9053-f7fdeda5d5d6": [AppRoles.MANAGER], // Infra Leads
+      "0": [AppRoles.MANAGER], // Dummy Group for development only
+    },
+    AzureRoleMapping: { AutonomousWriters: [AppRoles.MANAGER] },
+    ValidCorsOrigins: ['http://localhost:3000', /\.acmuiuc\.\.pages\.dev$/, 'https://acmuiuc.pages.dev'],
+    AadValidClientId: '39c28870-94e4-47ee-b4fb-affe0bf96c9f'
+  },
+  prod: {
+    GroupRoleMapping: {
+      "48591dbc-cdcb-4544-9f63-e6b92b067e33": [AppRoles.MANAGER], // Infra Chairs
+      "ff49e948-4587-416b-8224-65147540d5fc": [AppRoles.MANAGER], // Officers
+      "ad81254b-4eeb-4c96-8191-3acdce9194b1": [AppRoles.MANAGER], // Exec
+    },
+    AzureRoleMapping: { AutonomousWriters: [AppRoles.MANAGER] },
+    ValidCorsOrigins: ['https:///acm.illinois.edu', 'https:///www.acm.illinois.edu'],
+    AadValidClientId: '5e08cf0f-53bb-4e09-9df2-e9bdc3467296'
+  },
+} as const;
+
+export { genericConfig, environmentConfig };

src/index.ts

@@ -10,6 +10,7 @@ import { InternalServerError } from "./errors/index.js";
 import eventsPlugin from "./routes/events.js";
 import cors from "@fastify/cors";
 import fastifyZodValidationPlugin from "./plugins/validate.js";
+import { environmentConfig } from "./config.js";
 
 const now = () => Date.now();
 
@@ -66,7 +67,7 @@ async function init() {
     { prefix: "/api/v1" },
   );
   await app.register(cors, {
-    origin: (process.env.ValidCorsOrigins || "*").split(","),
+    origin: environmentConfig[app.runEnvironment].ValidCorsOrigins,
   });
 
   return app;

src/plugins/auth.ts

@@ -6,37 +6,14 @@ import {
   SecretsManagerClient,
   GetSecretValueCommand,
 } from "@aws-sdk/client-secrets-manager";
-import { AppRoles, RunEnvironment } from "../roles.js";
+import { AppRoles } from "../roles.js";
 import {
   BaseError,
   InternalServerError,
   UnauthenticatedError,
   UnauthorizedError,
 } from "../errors/index.js";
-
-const CONFIG_SECRET_NAME = "infra-events-api-config" as const;
-const AzureRoleMapping: Record<RunEnvironment, Record<string, AppRoles[]>> = {
-  prod: {
-    AutonomousWriters: [AppRoles.MANAGER],
-  },
-  dev: {
-    AutonomousWriters: [AppRoles.MANAGER],
-  },
-};
-
-const GroupRoleMapping: Record<RunEnvironment, Record<string, AppRoles[]>> = {
-  prod: {
-    "48591dbc-cdcb-4544-9f63-e6b92b067e33": [AppRoles.MANAGER], // Infra Chairs
-    "ff49e948-4587-416b-8224-65147540d5fc": [AppRoles.MANAGER], // Officers
-    "ad81254b-4eeb-4c96-8191-3acdce9194b1": [AppRoles.MANAGER], // Exec
-  },
-  dev: {
-    "48591dbc-cdcb-4544-9f63-e6b92b067e33": [AppRoles.MANAGER], // Infra Chairs
-    "940e4f9e-6891-4e28-9e29-148798495cdb": [AppRoles.MANAGER], // ACM Infra Team
-    "f8dfc4cf-456b-4da3-9053-f7fdeda5d5d6": [AppRoles.MANAGER], // Infra Leads
-    "0": [AppRoles.MANAGER], // Dummy Group for development only
-  },
-};
+import { environmentConfig, genericConfig } from "../config.js";
 
 function intersection<T>(setA: Set<T>, setB: Set<T>): Set<T> {
   const _intersection = new Set<T>();
@@ -133,8 +110,11 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
           }
           signingKey =
             process.env.JwtSigningKey ||
-            (((await getSecretValue(CONFIG_SECRET_NAME)) || { jwt_key: "" })
-              .jwt_key as string) ||
+            ((
+              (await getSecretValue(genericConfig.ConfigSecretName)) || {
+                jwt_key: "",
+              }
+            ).jwt_key as string) ||
             "";
           if (signingKey === "") {
             throw new UnauthenticatedError({
@@ -181,24 +161,32 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
         const expectedRoles = new Set(validRoles);
         if (verifiedTokenData.groups) {
           for (const group of verifiedTokenData.groups) {
-            if (!GroupRoleMapping[fastify.runEnvironment][group]) {
+            if (
+              !environmentConfig[fastify.runEnvironment]["GroupRoleMapping"][
+                group
+              ]
+            ) {
               continue;
             }
-            for (const role of GroupRoleMapping[fastify.runEnvironment][
-              group
-            ]) {
+            for (const role of environmentConfig[fastify.runEnvironment][
+              "GroupRoleMapping"
+            ][group]) {
               userRoles.add(role);
             }
           }
         } else {
           if (verifiedTokenData.roles) {
             for (const group of verifiedTokenData.roles) {
-              if (!AzureRoleMapping[fastify.runEnvironment][group]) {
+              if (
+                !environmentConfig[fastify.runEnvironment]["AzureRoleMapping"][
+                  group
+                ]
+              ) {
                 continue;
               }
-              for (const role of AzureRoleMapping[fastify.runEnvironment][
-                group
-              ]) {
+              for (const role of environmentConfig[fastify.runEnvironment][
+                "AzureRoleMapping"
+              ][group]) {
                 userRoles.add(role);
               }
             }