feat: parameterized cors options

package.json

@@ -1,7 +1,7 @@
 {
   "name": "ml-testing-toolkit",
   "description": "Testing Toolkit for Mojaloop implementations",
-  "version": "16.1.1",
+  "version": "16.2.0-snapshot.2",
   "license": "Apache-2.0",
   "author": "Vijaya Kumar Guthi, ModusBox Inc. ",
   "contributors": [
@@ -57,13 +57,13 @@
     "genexec": "pkg -t node8-win ."
   },
   "dependencies": {
-    "@elastic/elasticsearch": "^8.6.0",
-    "@hapi/basic": "7.0.1",
+    "@elastic/elasticsearch": "^8.8.1",
+    "@hapi/basic": "7.0.2",
     "@hapi/boom": "10.0.1",
     "@hapi/good": "9.0.1",
-    "@hapi/hapi": "^21.3.1",
+    "@hapi/hapi": "^21.3.2",
     "@hapi/inert": "7.1.0",
-    "@hapi/vision": "7.0.1",
+    "@hapi/vision": "7.0.2",
     "@mojaloop/central-services-logger": "^11.2.0",
     "@mojaloop/ml-testing-toolkit-shared-lib": "^13.0.0",
     "@mojaloop/sdk-standard-components": "17.1.1",
@@ -76,60 +76,60 @@
     "cookie-parser": "^1.4.6",
     "cookies": "0.8.0",
     "cors": "^2.8.5",
-    "dotenv": "^16.0.3",
+    "dotenv": "^16.3.1",
     "express": "^4.18.2",
-    "express-validator": "^6.15.0",
+    "express-validator": "^7.0.1",
     "fs": "0.0.1-security",
     "handlebars": "^4.7.7",
     "hapi-auth-bearer-token": "^8.0.0",
     "hapi-openapi": "^3.0.0",
-    "hapi-swagger": "^16.0.1",
+    "hapi-swagger": "^17.0.0",
     "ilp-packet": "^3.1.3",
     "js-yaml": "^4.1.0",
     "json-refs": "^3.0.15",
     "json-rules-engine": "6.1.2",
     "lodash": "^4.17.21",
     "mongo-uri-builder": "^4.0.0",
-    "mongoose": "^7.0.3",
+    "mongoose": "^7.3.1",
     "multer": "^1.4.3",
     "mustache": "4.2.0",
     "mv": "^2.1.1",
     "node-dir": "0.1.17",
     "node-strings": "^1.0.2",
     "npm-run-all": "4.1.5",
-    "openapi-backend": "5.9.1",
+    "openapi-backend": "5.9.2",
     "parse-strings-in-object": "1.6.0",
     "passport": "0.6.0",
     "passport-jwt": "4.0.1",
     "path": "^0.12.7",
     "postman-collection": "^4.1.7",
-    "postman-sandbox": "^4.2.4",
+    "postman-sandbox": "^4.2.6",
     "rc": "1.2.8",
     "request": "^2.88.2",
     "request-promise-native": "1.0.8",
     "request-to-curl": "^0.1.6",
     "selectn": "^1.1.2",
-    "socket.io": "^4.6.1",
-    "socket.io-client": "^4.6.1",
+    "socket.io": "^4.6.2",
+    "socket.io-client": "^4.6.2",
     "uuid": "9.0.0",
     "uuid4": "2.0.3",
     "ws": "^7.5.5"
   },
   "devDependencies": {
-    "@types/jest": "^29.5.0",
+    "@types/jest": "^29.5.2",
     "audit-ci": "^6.6.1",
-    "get-port": "6.1.2",
+    "get-port": "7.0.0",
     "jest": "^28.1.3",
-    "jest-junit": "^15.0.0",
+    "jest-junit": "^16.0.0",
     "nodemon": "^2.0.22",
     "npm-check-updates": "16.7.10",
     "nyc": "^15.1.0",
     "parse-strings-in-object": "1.6.0",
     "pre-commit": "1.2.2",
     "proxyquire": "2.1.3",
     "replace": "^1.2.2",
-    "sinon": "15.0.3",
-    "standard": "^17.0.0",
+    "sinon": "15.2.0",
+    "standard": "^17.1.0",
     "standard-version": "^9.5.0",
     "supertest": "^6.3.3"
   },

spec_files/system_config.json

@@ -143,5 +143,9 @@
   "SOCKET_IO_ENGINE_OPTIONS": {
     "pingInterval": 25000,
     "pingTimeout": 300000
-  }
+  },
+  "CORS_WHITELIST": [
+    "http://localhost:6060"
+  ],
+  "ALLOW_CREDENTIALS": true
 }

src/lib/api-server.js

@@ -37,13 +37,14 @@ const OAuthHelper = require('./oauth/OAuthHelper')
 
 const initServer = () => {
   // For CORS policy
-  app.use(cors({
+  const corsOptions = {
     allowedHeaders: ['Origin', 'X-Requested-With', 'Content-Type', 'Accept', 'Authorization'],
     exposedHeaders: ['Content-Disposition'],
     methods: ['GET', 'POST', 'PATCH', 'PUT', 'DELETE', 'OPTIONS'],
-    origin: true,
-    credentials: true
-  }))
+    origin: (Config.getSystemConfig().CORS_WHITELIST === undefined) ? true : Config.getSystemConfig().CORS_WHITELIST,
+    credentials: (Config.getSystemConfig().ALLOW_CREDENTIALS === undefined) ? true : Config.getSystemConfig().ALLOW_CREDENTIALS
+  }
+  app.use(cors(corsOptions))
 
   // For parsing incoming JSON requests
   app.use(express.json({ limit: '50mb' }))

src/lib/db/models/mongoDBWrapper.js

@@ -60,10 +60,9 @@ const models = {
   })
 }
 
-process.on('SIGINT', () => {
-  mongoose.connection.close(() => {
-    process.exit(0)
-  })
+process.on('SIGINT', async () => {
+  await mongoose.connection.close()
+  process.exit(0)
 })
 
 module.exports = {

src/lib/objectStore/inMemoryImpl.js

@@ -1,4 +1,3 @@
-
 /*****
  License
  --------------

src/lib/server-logs/adapters/elastic-search.js

@@ -1,4 +1,3 @@
-
 /*****
  License
  --------------

test/unit/lib/api-routes/config.test.js

@@ -112,7 +112,7 @@ describe('API route /config', () => {
       }
       const res = await request(app).put(`/api/config/user`).send(newConfig)
       expect(res.statusCode).toEqual(422)
-      expect(res.body.errors).toStrictEqual([{"location": "body", "msg": "Invalid value", "param": "CALLBACK_ENDPOINT", "value": ""}])
+      expect(res.body.errors).toStrictEqual([{"location": "body", "msg": "Invalid value", "path": "CALLBACK_ENDPOINT", "type": "field", "value": ""}])
     })
     it('Editting config should throw 404 if setStoredUserConfig fails', async () => {
       const newConfig = {