sourcery-ai-experiments · Hellebore · May 1, 2025 · May 1, 2025 · Hellebore · May 2, 2025
diff --git a/api/application.ts b/api/application.ts
@@ -72,22 +72,25 @@ tunnel.init();
  */
 health.addReformHealthCheck(app);
 
-app.use(getXuiNodeMiddleware());
+(async () => {
+  const xuiNodeMiddleware = await getXuiNodeMiddleware();
+  app.use(xuiNodeMiddleware);
 
-// applyProxy needs to be used before bodyParser
-initProxy(app);
+  // applyProxy needs to be used before bodyParser
+  initProxy(app);
 
-app.use(bodyParser.json({ limit: '5mb' }));
-app.use(bodyParser.urlencoded({ limit: '5mb', extended: true }));
+  app.use(bodyParser.json({ limit: '5mb' }));
+  app.use(bodyParser.urlencoded({ limit: '5mb', extended: true }));
 
-app.use('/am', amRoutes);
-app.use('/api', routes);
-app.use('/external', openRoutes);
-app.use('/workallocation', workAllocationRouter);
-app.use(csrf({ cookie: { key: 'XSRF-TOKEN', httpOnly: false, secure: true }, ignoreMethods: ['GET'] }));
+  app.use('/am', amRoutes);
+  app.use('/api', routes);
+  app.use('/external', openRoutes);
+  app.use('/workallocation', workAllocationRouter);
+  app.use(csrf({ cookie: { key: 'XSRF-TOKEN', httpOnly: false, secure: true }, ignoreMethods: ['GET'] }));
 
-logger.info(`Started up using ${getConfigValue(PROTOCOL)}`);
+  logger.info(`Started up using ${getConfigValue(PROTOCOL)}`);
 
-new Promise(idamCheck).then(() => 'IDAM is up and running');
-// EUI-2028 - Get the caseworkers, ideally prior to a user logging into application
-new Promise(getNewUsersByServiceName).then(() => 'Caseworkers have been loaded');
+  new Promise(idamCheck).then(() => 'IDAM is up and running');
+  // EUI-2028 - Get the caseworkers, ideally prior to a user logging into application
+  new Promise(getNewUsersByServiceName).then(() => 'Caseworkers have been loaded');
+})();
diff --git a/api/auth/index.ts b/api/auth/index.ts
@@ -29,6 +29,8 @@ import {
 import { client, trackTrace } from '../lib/appInsights';
 import * as log4jui from '../lib/log4jui';
 import { EnhancedRequest } from '../lib/models';
+import axios from 'axios';
+import qs = require('qs');
 
 const logger = log4jui.getLogger('auth');
 
@@ -72,7 +74,7 @@ export const failureCallback = (req: EnhancedRequest, res: Response) => {
 xuiNode.on(AUTH.EVENT.AUTHENTICATE_SUCCESS, successCallback);
 xuiNode.on(AUTH.EVENT.AUTHENTICATE_FAILURE, failureCallback);
 
-export const getXuiNodeMiddleware = () => {
+export const getXuiNodeMiddleware = async () => {
   const idamWebUrl = getConfigValue(SERVICES_IDAM_LOGIN_URL);
   const authorizationUrl = `${idamWebUrl}/login`;
   const secret = getConfigValue(IDAM_SECRET);
@@ -83,6 +85,7 @@ export const getXuiNodeMiddleware = () => {
   const tokenUrl = `${getConfigValue(SERVICES_IDAM_API_URL)}/oauth2/token`;
   const userName = getConfigValue(SYSTEM_USER_NAME);
   const password = getConfigValue(SYSTEM_USER_PASSWORD);
+  const clientServiceDetailsUrl = `${getConfigValue(SERVICES_IDAM_API_URL)}/api/v2/services/${idamClient}`;
 
   const routeCredential = {
     password,
@@ -169,6 +172,43 @@ export const getXuiNodeMiddleware = () => {
     session: showFeature(FEATURE_REDIS_ENABLED) ? redisStoreOptions : fileStoreOptions
   };
 
+  const getToken = async () => {
+    const data = qs.stringify({
+      grant_type: 'client_credentials',
+      client_id: idamClient,
+      client_secret: secret,
+      scope: 'profile roles view-service-provider'
+    });
+    try {
+      const response = await axios.post(tokenUrl, data, {
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded'
+        }
+      });
+      return response.data.access_token;
+    } catch (error) {
+      logger.error('Error fetching token:', error);
+    }
+  };
+
+  const getClientServiceDetails = async () => {
+    try {
+      const accessToken = await getToken();
+      if (!accessToken) {
+        throw new Error('Failed to get access token');
+      }
+      const response = await axios.get(clientServiceDetailsUrl, { headers: {
+        'Authorization': `Bearer ${accessToken}`
+      } });
+      logger.info('Successfully retrieved service override from API');
+      return response.data.oauth2.issuerOverride;
+    } catch (error) {
+      logger.error('Error retrieving service override from API, falling back to config value', error);
+      return getConfigValue(SERVICES_IDAM_SERVICE_OVERRIDE);
+    }
+  };
+
+  options.serviceOverride = await getClientServiceDetails();
   const type = showFeature(FEATURE_OIDC_ENABLED) ? 'oidc' : 'oauth2';
   nodeLibOptions.auth[type] = options;
   logger._logger.info('Setting XuiNodeLib options');