BAU: Rework local stub to call /authorize

The local stub still relies on starting the journey from the root '/' which redirects to 'sign-in-or-create', a journey that is soon to be removed. Instead make the local stub start with a call to /authorize just like orchestration. The local stub is at the end of its useful life and needs to be replace with a real client, but this change will keep it going for a bit more. After login there will still be an error as there is no orchestration stub or real client to redirect back to, but the journey successfully completes /auth-code and hands back to orchestration. As a key is required to decrypt the authorize jwt the local application needs a connection to the aws account to read the key, so the startup script needs to retrieve credentials for the account in order to work. This changes fixes local startup but breaks startup of the frontend in docker-compose, which still needs fixing.
govuk-one-login · Feb 27, 2024 · ec7fd3f · ec7fd3f
1 parent 0a49d6b
commit ec7fd3f
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 3 deletions.
diff --git a/Dockerfile-stub b/Dockerfile-stub
@@ -1,4 +1,4 @@
-FROM node:18.12.1-alpine3.16@sha256:67373bd5d90ea600cb5f0fa58d7a5a4e6ebf50b6e05c50c1d1cc22df5134db43
+FROM node:18.12.1-alpine3.16@sha256:a56bbaddffb19e03fa78d0b2c88cf70ec2f8d40e30048c757fb7c17fd1e12d8d
 
 ENV NODE_ENV "development"
 ENV PORT 2000

diff --git a/dev-app.js b/dev-app.js
@@ -58,8 +58,12 @@ app.get("/", (req, res) => {
       console.log(`lng is: ${lngCookieValue}`);
 
       const location = url.parse(response.headers.location, true);
+      const redirect = "http://localhost:3000/authorize?" + querystring.stringify(location.query)
+
+      console.log(`orch response location query is: ${redirect}`);
+
       res.redirect(
-          "http://localhost:3000/?" + querystring.stringify(location.query)
+          redirect
       );
     })
     .catch(function (error) {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -23,6 +23,10 @@ services:
       - SUPPORT_INTERNATIONAL_NUMBERS=${SUPPORT_INTERNATIONAL_NUMBERS}
       - SUPPORT_LANGUAGE_CY=${SUPPORT_LANGUAGE_CY}
       - SUPPORT_ACCOUNT_RECOVERY=${SUPPORT_ACCOUNT_RECOVERY}
+      - SUPPORT_AUTH_ORCH_SPLIT=${SUPPORT_AUTH_ORCH_SPLIT}
+      - REDIS_PORT=6379
+      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
+      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
     restart: on-failure
     networks:
       - di-net

diff --git a/local.Dockerfile b/local.Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.12.1-alpine3.16@sha256:67373bd5d90ea600cb5f0fa58d7a5a4e6ebf50b6e05c50c1d1cc22df5134db43
+FROM node:18.12.1-alpine3.16@sha256:a56bbaddffb19e03fa78d0b2c88cf70ec2f8d40e30048c757fb7c17fd1e12d8d
 
 ENV NODE_ENV "development"
 ENV PORT 3000

diff --git a/startup.sh b/startup.sh
@@ -28,6 +28,13 @@ fi
 echo "Stopping frontend services..."
 docker-compose down
 
+if [[ -z "${AWS_ACCESS_KEY_ID:-}" || -z "${AWS_SECRET_ACCESS_KEY:-}" ]]; then
+  echo "!! AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set in the environment." >&2
+  echo "!! Configure AWS access for either gds-di-development (sandpit) or di-auth-development (authdevs)." >&2
+  echo "!! For gds-cli: gds aws digital-identity-dev -- ${0}" >&2
+  exit 1
+fi
+
 if [ $LOCAL == "1" ]; then
   echo "Starting frontend local service..."
   docker compose -f "docker-compose.yml" up -d --wait --no-deps redis di-auth-stub-default di-auth-stub-no-mfa