Merge pull request #5799 from bcgov/chore/5692-1

chore(5692): optimize codebase

Author: Kolezhanchik

app/app/api/token-check/route.ts

@@ -1,13 +1,13 @@
-import { NextResponse } from 'next/server';
 import createApiHandler from '@/core/api-handler';
+import { OkResponse } from '@/core/responses';
 import { validateChesServiceAccountCredentials } from './validations/ches-service-account-credentials';
 import { validateKeycloakServiceAccount } from './validations/keycloak-service-account-credentials';
 import { validateKeycloakUserLogin } from './validations/keycloak-user-login-credentials';
 import { validateKubernetisDeletionCheckTokens } from './validations/kubernetis-deletion-check-tokens';
 import { validateKubernetisMetricsReaderTokens } from './validations/kubernetis-metrics-reader-tokens';
 import { validateMsGraphServiceAccountCredentials } from './validations/ms-graph-service-account-credentials';
 
-export const POST = createApiHandler({})(async () => {
+export const GET = createApiHandler({})(async () => {
   const [
     keycloakServiceAccountCredentials,
     keycloakUserLoginCredentials,
@@ -24,7 +24,7 @@ export const POST = createApiHandler({})(async () => {
     validateMsGraphServiceAccountCredentials(),
   ]);
 
-  return NextResponse.json({
+  return OkResponse({
     keycloakServiceAccountCredentials,
     keycloakUserLoginCredentials,
     kubernetisMetricsReaderTokens,

app/app/api/token-check/validations/helpers.ts

@@ -1,28 +1,24 @@
 import axios from 'axios';
-import { BASE_URL } from '@/config';
-import { Cluster } from '@/prisma/client';
-
-export function isClusterTokenPresent(getToken: (cluster: Cluster) => string, cluster: Cluster) {
-  try {
-    getToken(cluster);
-    return true;
-  } catch {
-    return false;
-  }
-}
 
 async function getClientCredentialsToken(tokenUrl: string, clientId: string, clientSecret: string, scope?: string) {
-  const params = new URLSearchParams();
-  params.append('grant_type', 'client_credentials');
-  params.append('client_id', clientId);
-  params.append('client_secret', clientSecret);
-  if (scope) params.append('scope', scope);
-
-  const res = await axios.post(tokenUrl, params, {
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+  const params = new URLSearchParams({
+    grant_type: 'client_credentials',
+    client_id: clientId,
+    client_secret: clientSecret,
+  });
+
+  if (scope) {
+    params.append('scope', scope);
+  }
+
+  const response = await axios.post<{ access_token?: string }>(tokenUrl, params.toString(), {
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    timeout: 5000,
   });
 
-  return res.data.access_token;
+  return response.data.access_token;
 }
 
 export async function validateClientCredentials(
@@ -32,26 +28,26 @@ export async function validateClientCredentials(
   scope?: string,
 ) {
   if (!(tokenUrl && clientId && clientSecret)) return false;
+
   const token = await getClientCredentialsToken(tokenUrl, clientId, clientSecret, scope);
   return Boolean(token);
 }
 
-export async function validateOAuthClientId(clientId: string) {
-  const authUrl = `${process.env.AUTH_SERVER_URL}/realms/${process.env.AUTH_RELM}/protocol/openid-connect/auth`;
-
+export async function validateOAuthClientId(authUrl: string, clientId: string, redirectUri: string) {
   const params = new URLSearchParams({
     client_id: clientId,
     response_type: 'code',
     scope: 'openid',
-    redirect_uri: BASE_URL,
-    state: 'test',
-    nonce: 'test',
+    redirect_uri: redirectUri,
+    state: 'test_state',
+    nonce: 'test_nonce',
   });
 
-  const response = await axios.get(`${authUrl}?${params.toString()}`, {
+  const response = await axios.get<string>(`${authUrl}?${params.toString()}`, {
+    timeout: 5000,
     maxRedirects: 0,
     validateStatus: () => true,
   });
 
-  return !response.status.toString().startsWith('4');
+  return response.status < 400;
 }

app/app/api/token-check/validations/keycloak-user-login-credentials.ts

@@ -1,7 +1,9 @@
-import { AUTH_RESOURCE } from '@/config';
+import { AUTH_RESOURCE, AUTH_SERVER_URL, AUTH_RELM, BASE_URL } from '@/config';
 import { validateOAuthClientId } from './helpers';
 
 export async function validateKeycloakUserLogin() {
-  const isValid = await validateOAuthClientId(AUTH_RESOURCE);
+  const authUrl = `${AUTH_SERVER_URL}/realms/${AUTH_RELM}/protocol/openid-connect/auth`;
+  const isValid = await validateOAuthClientId(authUrl, AUTH_RESOURCE, BASE_URL);
+
   return isValid;
 }

app/app/api/token-check/validations/kubernetis-deletion-check-tokens.ts

@@ -9,7 +9,6 @@ import {
 } from '@/config';
 import { Cluster } from '@/prisma/client';
 import { createK8sClusterConfigs } from '@/services/k8s/helpers';
-import { isClusterTokenPresent } from './helpers';
 
 const { getK8sClusterToken, getK8sClusterClients } = createK8sClusterConfigs({
   [Cluster.KLAB]: KLAB_SERVICE_ACCOUNT_TOKEN,
@@ -24,17 +23,24 @@ const { getK8sClusterToken, getK8sClusterClients } = createK8sClusterConfigs({
 export async function validateKubernetisDeletionCheckTokens() {
   const results = {};
 
-  for (const cluster of Object.values(Cluster)) {
-    if (!isClusterTokenPresent(getK8sClusterToken, cluster)) {
-      results[cluster] = false;
-      continue;
-    }
+  await Promise.all(
+    Object.values(Cluster).map(async (cluster) => {
+      try {
+        const token = getK8sClusterToken(cluster);
+        if (!token) {
+          results[cluster] = false;
+          return;
+        }
 
-    const { authClient } = getK8sClusterClients(cluster);
-    const res = await authClient.getAPIResources();
+        const { authClient } = getK8sClusterClients(cluster);
+        const res = await authClient.getAPIResources();
 
-    results[cluster] = !!res && Array.isArray(res.resources) && res.resources.length > 0;
-  }
+        results[cluster] = Array.isArray(res?.resources) && res.resources.length > 0;
+      } catch (error) {
+        results[cluster] = false;
+      }
+    }),
+  );
 
   return results;
 }

app/app/api/token-check/validations/kubernetis-metrics-reader-tokens.ts

@@ -9,7 +9,6 @@ import {
 } from '@/config';
 import { Cluster } from '@/prisma/client';
 import { createK8sClusterConfigs } from '@/services/k8s/helpers';
-import { isClusterTokenPresent } from './helpers';
 
 const { getK8sClusterToken, getK8sClusterClients } = createK8sClusterConfigs({
   [Cluster.KLAB]: KLAB_METRICS_READER_TOKEN,
@@ -24,17 +23,24 @@ const { getK8sClusterToken, getK8sClusterClients } = createK8sClusterConfigs({
 export async function validateKubernetisMetricsReaderTokens() {
   const results = {};
 
-  for (const cluster of Object.values(Cluster)) {
-    if (!isClusterTokenPresent(getK8sClusterToken, cluster)) {
-      results[cluster] = false;
-      continue;
-    }
+  await Promise.all(
+    Object.values(Cluster).map(async (cluster) => {
+      try {
+        const token = getK8sClusterToken(cluster);
+        if (!token) {
+          results[cluster] = false;
+          return;
+        }
 
-    const { authClient } = getK8sClusterClients(cluster);
-    const res = await authClient.getAPIResources();
+        const { authClient } = getK8sClusterClients(cluster);
+        const res = await authClient.getAPIResources();
 
-    results[cluster] = !!res && Array.isArray(res.resources) && res.resources.length > 0;
-  }
+        results[cluster] = Array.isArray(res?.resources) && res.resources.length > 0;
+      } catch (error) {
+        results[cluster] = false;
+      }
+    }),
+  );
 
   return results;
 }

app/services/k8s/helpers.ts

@@ -1,4 +1,5 @@
 import { KubeConfig, CoreV1Api, CustomObjectsApi, Metrics, AuthorizationV1Api } from '@kubernetes/client-node';
+import { logger } from '@/core/logging';
 import { Cluster } from '@/prisma/client';
 
 export function configureKubeConfig(cluster: string, token: string) {
@@ -45,8 +46,10 @@ export function createK8sClusterConfigs(tokens: Record<Cluster, string>) {
     const kc = k8sConfigs[cluster];
     const user = kc.getCurrentUser();
     if (!user?.token) {
-      throw new Error(`Missing token in KubeConfig for cluster ${cluster}`);
+      logger.error(`Missing token in KubeConfig for cluster ${cluster}`);
+      return null;
     }
+
     return user.token;
   }
 

app/services/k8s/metrics/core.ts

@@ -41,6 +41,7 @@ export { getK8sClusterToken, getK8sClients };
 export async function queryPrometheus(query: string, cluster: Cluster) {
   const METRICS_URL = `https://prometheus-k8s-openshift-monitoring.apps.${cluster}.devops.gov.bc.ca`;
   const METRICS_TOKEN = getK8sClusterToken(cluster);
+
   const response = await axios.get<PrometheusQueryResponse>(`${METRICS_URL}/api/v1/query`, {
     headers: { Authorization: `Bearer ${METRICS_TOKEN}` },
     params: { query },