From c232750f8d0608d6d1f897a45eafb3c7bc00111b Mon Sep 17 00:00:00 2001 From: Miguel de Barros Date: Fri, 27 Oct 2023 18:38:04 +0200 Subject: [PATCH] fix(mojaloop/#3533): helm v15.2.0-rc fixes (#982) fix(mojaloop/#3533): helm v15.2.0-rc fixes - https://github.com/mojaloop/project/issues/3533 List of fixes: - fix(mojaloop/#3580): missing toDestination on handling the fspiop source/destiation headers failing match validation on fulfil - regression on #2697 - https://github.com/mojaloop/central-ledger/compare/v17.0.0...v17.2.0#diff-3a2d4aabbde0cd9517dd372f6ae6001ad607d005b5316785c8698fe25160aa92L393 - https://github.com/mojaloop/project/issues/3580 Fixes currently resolve regression failures on these tests: - p2p_money_transfer_put_notifications - payee receives no Notification with ABORTED status after sending invalid FSPIOP-Destination header with transferStatus=COMMITTED, file path: golden_path/bug fixes /Test for Bugfix #2697 - Central-Ledger Fulfil Handler does not correctly invalidate requests with an incorrect-non-existent FSP-ID in the FSPIOP-Destination header.json - p2p_money_transfer_patch_notifications - payee receives PATCH Notification with ABORTED status after sending invalid FSPIOP-Destination header with transferStatus=RESERVED, file path: golden_path/bug fixes/Test for Bugfix #2697 - Central-Ledger Fulfil Handler does not correctly invalidate requests with an incorrect-non-existent FSP-ID in the FSPIOP-Destination header.json --- audit-ci.jsonc | 39 +++++---- package-lock.json | 126 ++++++++++++++++++++++-------- package.json | 12 +-- src/handlers/timeouts/handler.js | 2 +- src/handlers/transfers/handler.js | 8 +- 5 files changed, 121 insertions(+), 66 deletions(-) diff --git a/audit-ci.jsonc b/audit-ci.jsonc index 1680e79f2..4f486d9e1 100644 --- a/audit-ci.jsonc +++ b/audit-ci.jsonc @@ -4,26 +4,23 @@ // Only use one of ["low": true, "moderate": true, "high": true, "critical": true] "moderate": true, "allowlist": [ // NOTE: Please add as much information as possible to any items added to the allowList - // Currently no fixes available for the following - "GHSA-v88g-cgmw-v5xw", - "GHSA-mg85-8mv5-ffjr", - "GHSA-phwq-j96m-2c2q", - "GHSA-7hx8-2rxv-66xv", - "GHSA-282f-qqgm-c34q", - "GHSA-8cf7-32gw-wr33", - "GHSA-hjrf-2m68-5959", - // TODO: Upgrade jsonwebtoken in the central-services-shared lib --> https://github.com/mojaloop/project/issues/3097 - "GHSA-qwph-4952-7xr6", // https://github.com/advisories/GHSA-qwph-4952-7xr6 - // Knex dependency has been upgraded to v2.4x as advised by this advisory. Not sure why its still reporting it as an issue? - // TODO: Investigate as to why this is still being reported even though Knex was upgraded! :( - "GHSA-4jv9-3563-23j3", // https://github.com/advisories/GHSA-4jv9-3563-23j3 - "GHSA-6vfc-qv3f-vr6c", - "GHSA-mjxr-4v3x-q3m4", - "GHSA-rjqq-98f6-6j3r", - "GHSA-g64q-3vg8-8f93", - "GHSA-5854-jvxx-2cg9", - "GHSA-2mvq-xp48-4c77", - "GHSA-w5p7-h5w8-2hfq", - "GHSA-p9pc-299p-vxgp" + "GHSA-67hx-6x53-jw92", // @babel/traverse + "GHSA-v88g-cgmw-v5xw", // widdershins>swagger2openapi>oas-validator>ajv + "GHSA-mg85-8mv5-ffjr", // hapi-auth-basic>hapi>ammo + "GHSA-phwq-j96m-2c2q", // @mojaloop/central-services-shared>shins>ejs + "GHSA-7hx8-2rxv-66xv", // hapi-auth-basic>hapi + "GHSA-282f-qqgm-c34q", // widdershins>swagger2openapi>better-ajv-errors>jsonpointer + "GHSA-8cf7-32gw-wr33", // @now-ims/hapi-now-auth>jsonwebtoken + "GHSA-hjrf-2m68-5959", // @now-ims/hapi-now-auth>jsonwebtoken + "GHSA-qwph-4952-7xr6", // @now-ims/hapi-now-auth>jsonwebtoken + "GHSA-6vfc-qv3f-vr6c", // widdershins>markdown-it + "GHSA-7fh5-64p2-3v2j", // @mojaloop/central-services-shared>shins>sanitize-html>postcss + "GHSA-mjxr-4v3x-q3m4", // @mojaloop/central-services-shared>shins>sanitize-html + "GHSA-rjqq-98f6-6j3r", // @mojaloop/central-services-shared>shins>sanitize-html + "GHSA-g64q-3vg8-8f93", // hapi-auth-basic>hapi>subtext + "GHSA-5854-jvxx-2cg9", // hapi-auth-basic>hapi>subtext + "GHSA-2mvq-xp48-4c77", // hapi-auth-basic>hapi>subtext + "GHSA-w5p7-h5w8-2hfq", // tap-spec>tap-out>trim + "GHSA-p9pc-299p-vxgp" // widdershins>yargs>yargs-parser ] } \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 50660d6f3..a842ee0e3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@mojaloop/central-ledger", - "version": "17.2.1", + "version": "17.3.0-snapshot.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@mojaloop/central-ledger", - "version": "17.2.1", + "version": "17.3.0-snapshot.7", "license": "Apache-2.0", "dependencies": { "@hapi/catbox-memory": "6.0.1", @@ -30,8 +30,8 @@ "ajv-keywords": "5.1.0", "base64url": "3.0.1", "blipp": "4.0.2", - "commander": "11.0.0", - "cron": "2.4.4", + "commander": "11.1.0", + "cron": "3.1.1", "decimal.js": "10.4.3", "docdash": "2.0.2", "event-stream": "4.0.1", @@ -41,7 +41,7 @@ "hapi-auth-bearer-token": "8.0.0", "hapi-swagger": "17.1.0", "ilp-packet": "2.2.0", - "knex": "2.5.1", + "knex": "3.0.1", "lodash": "4.17.21", "moment": "2.29.4", "mongo-uri-builder": "^4.0.0", @@ -56,12 +56,12 @@ "jsdoc": "4.0.2", "jsonpath": "1.1.1", "nodemon": "3.0.1", - "npm-check-updates": "16.14.4", + "npm-check-updates": "16.14.6", "nyc": "15.1.0", "pre-commit": "1.2.2", "proxyquire": "2.1.3", "replace": "^1.2.2", - "sinon": "16.0.0", + "sinon": "16.1.0", "standard": "17.1.0", "standard-version": "^9.5.0", "tap-spec": "^5.0.0", @@ -1765,6 +1765,64 @@ "mysql": "2.18.1" } }, + "node_modules/@mojaloop/database-lib/node_modules/commander": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "engines": { + "node": ">=14" + } + }, + "node_modules/@mojaloop/database-lib/node_modules/knex": { + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/knex/-/knex-2.5.1.tgz", + "integrity": "sha512-z78DgGKUr4SE/6cm7ku+jHvFT0X97aERh/f0MUKAKgFnwCYBEW4TFBqtHWFYiJFid7fMrtpZ/gxJthvz5mEByA==", + "dependencies": { + "colorette": "2.0.19", + "commander": "^10.0.0", + "debug": "4.3.4", + "escalade": "^3.1.1", + "esm": "^3.2.25", + "get-package-type": "^0.1.0", + "getopts": "2.3.0", + "interpret": "^2.2.0", + "lodash": "^4.17.21", + "pg-connection-string": "2.6.1", + "rechoir": "^0.8.0", + "resolve-from": "^5.0.0", + "tarn": "^3.0.2", + "tildify": "2.0.0" + }, + "bin": { + "knex": "bin/cli.js" + }, + "engines": { + "node": ">=12" + }, + "peerDependenciesMeta": { + "better-sqlite3": { + "optional": true + }, + "mysql": { + "optional": true + }, + "mysql2": { + "optional": true + }, + "pg": { + "optional": true + }, + "pg-native": { + "optional": true + }, + "sqlite3": { + "optional": true + }, + "tedious": { + "optional": true + } + } + }, "node_modules/@mojaloop/event-sdk": { "version": "13.0.0", "resolved": "https://registry.npmjs.org/@mojaloop/event-sdk/-/event-sdk-13.0.0.tgz", @@ -3778,9 +3836,9 @@ } }, "node_modules/commander": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz", - "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==", + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", + "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", "engines": { "node": ">=16" } @@ -4327,9 +4385,9 @@ "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==" }, "node_modules/cron": { - "version": "2.4.4", - "resolved": "https://registry.npmjs.org/cron/-/cron-2.4.4.tgz", - "integrity": "sha512-MHlPImXJj3K7x7lyUHjtKEOl69CSlTOWxS89jiFgNkzXfvhVjhMz/nc7/EIfN9vgooZp8XTtXJ1FREdmbyXOiQ==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/cron/-/cron-3.1.1.tgz", + "integrity": "sha512-P8rDShXt2IZa16KwuYpbd1w7NjU4BnXeUEfkesBXT36JXhUsQ1P6i6ctsi5H82FQmR4tn/MOz05aB/3vn6dSkA==", "dependencies": { "@types/luxon": "~3.3.0", "luxon": "~3.3.0" @@ -6506,9 +6564,9 @@ } }, "node_modules/fp-and-or": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/fp-and-or/-/fp-and-or-0.1.3.tgz", - "integrity": "sha512-wJaE62fLaB3jCYvY2ZHjZvmKK2iiLiiehX38rz5QZxtdN8fVPJDeZUiVvJrHStdTc+23LHlyZuSEKgFc0pxi2g==", + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/fp-and-or/-/fp-and-or-0.1.4.tgz", + "integrity": "sha512-+yRYRhpnFPWXSly/6V4Lw9IfOV26uu30kynGJ03PW+MnjOEQe45RZ141QcS0aJehYBYA50GfCDnsRbFJdhssRw==", "dev": true, "engines": { "node": ">=10" @@ -9136,9 +9194,9 @@ } }, "node_modules/knex": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/knex/-/knex-2.5.1.tgz", - "integrity": "sha512-z78DgGKUr4SE/6cm7ku+jHvFT0X97aERh/f0MUKAKgFnwCYBEW4TFBqtHWFYiJFid7fMrtpZ/gxJthvz5mEByA==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/knex/-/knex-3.0.1.tgz", + "integrity": "sha512-ruASxC6xPyDklRdrcDy6a9iqK+R9cGK214aiQa+D9gX2ZnHZKv6o6JC9ZfgxILxVAul4bZ13c3tgOAHSuQ7/9g==", "dependencies": { "colorette": "2.0.19", "commander": "^10.0.0", @@ -9159,7 +9217,7 @@ "knex": "bin/cli.js" }, "engines": { - "node": ">=12" + "node": ">=16" }, "peerDependenciesMeta": { "better-sqlite3": { @@ -10793,9 +10851,9 @@ } }, "node_modules/npm-check-updates": { - "version": "16.14.4", - "resolved": "https://registry.npmjs.org/npm-check-updates/-/npm-check-updates-16.14.4.tgz", - "integrity": "sha512-PKg1wv3vno75/9qgRLqV2huBO7eukOlW+PmIGl7LPXjElfYTUTWUtaMOdOckImaSj4Uqe46W/zMbMFZQp5dHRQ==", + "version": "16.14.6", + "resolved": "https://registry.npmjs.org/npm-check-updates/-/npm-check-updates-16.14.6.tgz", + "integrity": "sha512-sJ6w4AmSDP7YzBXah94Ul2JhiIbjBDfx9XYgib15um2wtiQkOyjE7Lov3MNUSQ84Ry7T81mE4ynMbl/mGbK4HQ==", "dev": true, "dependencies": { "chalk": "^5.3.0", @@ -10803,7 +10861,7 @@ "commander": "^10.0.1", "fast-memoize": "^2.5.2", "find-up": "5.0.0", - "fp-and-or": "^0.1.3", + "fp-and-or": "^0.1.4", "get-stdin": "^8.0.0", "globby": "^11.0.4", "hosted-git-info": "^5.1.0", @@ -10821,11 +10879,11 @@ "prompts-ncu": "^3.0.0", "rc-config-loader": "^4.1.3", "remote-git-tags": "^3.0.0", - "rimraf": "^5.0.1", + "rimraf": "^5.0.5", "semver": "^7.5.4", "semver-utils": "^1.1.4", "source-map-support": "^0.5.21", - "spawn-please": "^2.0.1", + "spawn-please": "^2.0.2", "strip-ansi": "^7.1.0", "strip-json-comments": "^5.0.1", "untildify": "^4.0.0", @@ -10891,15 +10949,15 @@ } }, "node_modules/npm-check-updates/node_modules/rimraf": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-5.0.1.tgz", - "integrity": "sha512-OfFZdwtd3lZ+XZzYP/6gTACubwFcHdLRqS9UX3UwpU2dnGQYkPFISRwvM3w9IiB2w7bW5qGo/uAwE4SmXXSKvg==", + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-5.0.5.tgz", + "integrity": "sha512-CqDakW+hMe/Bz202FPEymy68P+G50RfMQK+Qo5YUqc9SPipvbGjCGKd0RSKEelbsfQuw3g5NZDSrlZZAJurH1A==", "dev": true, "dependencies": { - "glob": "^10.2.5" + "glob": "^10.3.7" }, "bin": { - "rimraf": "dist/cjs/src/bin.js" + "rimraf": "dist/esm/bin.mjs" }, "engines": { "node": ">=14" @@ -14232,9 +14290,9 @@ } }, "node_modules/sinon": { - "version": "16.0.0", - "resolved": "https://registry.npmjs.org/sinon/-/sinon-16.0.0.tgz", - "integrity": "sha512-B8AaZZm9CT5pqe4l4uWJztfD/mOTa7dL8Qo0W4+s+t74xECOgSZDDQCBjNgIK3+n4kyxQrSTv2V5ul8K25qkiQ==", + "version": "16.1.0", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-16.1.0.tgz", + "integrity": "sha512-ZSgzF0vwmoa8pq0GEynqfdnpEDyP1PkYmEChnkjW0Vyh8IDlyFEJ+fkMhCP0il6d5cJjPl2PUsnUSAuP5sttOQ==", "dev": true, "dependencies": { "@sinonjs/commons": "^3.0.0", diff --git a/package.json b/package.json index c91330ae2..ca6eb5389 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@mojaloop/central-ledger", - "version": "17.2.1", + "version": "17.3.0-snapshot.7", "description": "Central ledger hosted by a scheme to record and settle transfers", "license": "Apache-2.0", "author": "ModusBox", @@ -100,8 +100,8 @@ "ajv-keywords": "5.1.0", "base64url": "3.0.1", "blipp": "4.0.2", - "commander": "11.0.0", - "cron": "2.4.4", + "commander": "11.1.0", + "cron": "3.1.1", "decimal.js": "10.4.3", "docdash": "2.0.2", "event-stream": "4.0.1", @@ -111,7 +111,7 @@ "hapi-auth-bearer-token": "8.0.0", "hapi-swagger": "17.1.0", "ilp-packet": "2.2.0", - "knex": "2.5.1", + "knex": "3.0.1", "lodash": "4.17.21", "moment": "2.29.4", "mongo-uri-builder": "^4.0.0", @@ -129,12 +129,12 @@ "jsdoc": "4.0.2", "jsonpath": "1.1.1", "nodemon": "3.0.1", - "npm-check-updates": "16.14.4", + "npm-check-updates": "16.14.6", "nyc": "15.1.0", "pre-commit": "1.2.2", "proxyquire": "2.1.3", "replace": "^1.2.2", - "sinon": "16.0.0", + "sinon": "16.1.0", "standard": "17.1.0", "standard-version": "^9.5.0", "tap-spec": "^5.0.0", diff --git a/src/handlers/timeouts/handler.js b/src/handlers/timeouts/handler.js index 3a18189d5..8f2492aa7 100644 --- a/src/handlers/timeouts/handler.js +++ b/src/handlers/timeouts/handler.js @@ -176,7 +176,7 @@ const registerTimeoutHandler = async () => { await stop() } - timeoutJob = new CronJob({ + timeoutJob = CronJob.from({ cronTime: Config.HANDLERS_TIMEOUT_TIMEXP, onTick: timeout, start: false, diff --git a/src/handlers/transfers/handler.js b/src/handlers/transfers/handler.js index 4085feec9..84c295506 100644 --- a/src/handlers/transfers/handler.js +++ b/src/handlers/transfers/handler.js @@ -390,7 +390,7 @@ const fulfil = async (error, messages) => { // Publish message to Position Handler // Key position abort with payer account id const payerAccount = await Participant.getAccountByNameAndCurrency(transfer.payerFsp, transfer.currency, Enum.Accounts.LedgerAccountType.POSITION) - await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, fspiopError: apiFSPIOPError, eventDetail, fromSwitch, messageKey: payerAccount.participantCurrencyId.toString() }) + await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, fspiopError: apiFSPIOPError, eventDetail, fromSwitch, toDestination: transfer.payerFsp, messageKey: payerAccount.participantCurrencyId.toString() }) /** * Send patch notification callback to original payee fsp if they asked for a a patch response. @@ -420,7 +420,7 @@ const fulfil = async (error, messages) => { } } message.value.content.payload = reservedAbortedPayload - await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail: reserveAbortedEventDetail, fromSwitch: true }) + await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail: reserveAbortedEventDetail, fromSwitch: true, toDestination: transfer.payeeFsp }) } throw apiFSPIOPError @@ -587,7 +587,7 @@ const fulfil = async (error, messages) => { } } message.value.content.payload = reservedAbortedPayload - await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true }) + await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true, toDestination: transfer.payeeFsp }) } throw fspiopError } @@ -615,7 +615,7 @@ const fulfil = async (error, messages) => { transferState: TransferState.ABORTED } message.value.content.payload = reservedAbortedPayload - await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true }) + await Kafka.proceed(Config.KAFKA_CONFIG, params, { consumerCommit, eventDetail, fromSwitch: true, toDestination: transfer.payeeFsp }) } throw fspiopError }