Release/v1.0.0 beta.3 (#139)

fix: npm audit vulnerability
feat: enable retries on commercetools client
feat: add correlation id header on extension and notifications

Author: denisand

docs/Deployment.md

@@ -28,27 +28,28 @@ Commercetools Mollie integration requires 1 environment variable to start. This
 
 Here is a table to show which environment variables are necessary, and which are optional:
 
-| Env variable name  | Required | Notes                                                                                                       |
-| ------------------ | -------- | ----------------------------------------------------------------------------------------------------------- |
-| `CT_MOLLIE_CONFIG` | YES      | Contains the commercetools & mollie project variables                                                       |
-| `mollie`           | YES      | Contains Mollie-specific project variables                                                                  |
-| `apiKey`           | YES      | API key for interacting with mollie, [found on the mollie dashboard](https://www.mollie.com/dashboard/)     |
-| `commercetools`    | YES      | Contains commercetools-specific project variables                                                           |
-| `projectKey`       | YES      | Commercetools project key                                                                                   |
-| `clientId`         | YES      | Commercetools client id, unique to the client                                                               |
-| `clientSecret`     | YES      | Commercetools client secret, unique to the client                                                           |
-| `authUrl`          | YES      | Commercetools authentication URL, something like https://auth.{LOCATION}.{CLOUD_PLATFORM}.commercetools.com |
-| `host`             | YES      | Commercetools host, something like https://api.{LOCATION}.{CLOUD_PLATFORM}.commercetools.com                |
-| `scopes`           | NO       | Constrains endpoints the client has access to in commercetools                                              |
-| `authentication`   | NO       | CommerceTools Authentication variables                                                                      |
-| `isBasicAuth`      | NO       | Enable/Disable basic authentication. Default is false                                                       |
-| `username`         | NO       | Username as configured in Commercetools                                                                     |
-| `password`         | NO       | Password as configured in Commercetools                                                                     |
-| `service`          | NO       | Contains service-specific project variables                                                                 |
-| `locale`           | NO       | Locale language tag, in `aa_AA` format, based on tags mollie supports \*                                    |
-| `port`             | NO       | Defaults to 3000 (extension) and 3001 (notifications)                                                       |
-| `logLevel`         | NO       | Specifies how verbose logs should be. Options are listed below.                                             |
-| `logTransports`    | NO       | Specifies where the logs are written to/stored. Options listed below                                        |
+| Env variable name  | Required | Notes                                                                                                         |
+| ------------------ | -------- | ------------------------------------------------------------------------------------------------------------- |
+| `CT_MOLLIE_CONFIG` | YES      | Contains the commercetools & mollie project variables                                                         |
+| `mollie`           | YES      | Contains Mollie-specific project variables                                                                    |
+| `apiKey`           | YES      | API key for interacting with mollie, [found on the mollie dashboard](https://www.mollie.com/dashboard/)       |
+| `commercetools`    | YES      | Contains commercetools-specific project variables                                                             |
+| `projectKey`       | YES      | Commercetools project key                                                                                     |
+| `clientId`         | YES      | Commercetools client id, unique to the client                                                                 |
+| `clientSecret`     | YES      | Commercetools client secret, unique to the client                                                             |
+| `authUrl`          | YES      | Commercetools authentication URL, something like `https://auth.{LOCATION}.{CLOUD_PLATFORM}.commercetools.com` |
+| `host`             | YES      | Commercetools host, something like `https://api.{LOCATION}.{CLOUD_PLATFORM}.commercetools.com`                |
+| `scopes`           | NO       | Constrains endpoints the client has access to in commercetools                                                |
+| `authentication`   | NO       | CommerceTools Authentication variables                                                                        |
+| `isBasicAuth`      | NO       | Enable/Disable basic authentication. Default is false                                                         |
+| `username`         | NO       | Username as configured in Commercetools                                                                       |
+| `password`         | NO       | Password as configured in Commercetools                                                                       |
+| `enableRetry`      | NO       | [Retry policy for Commercetools](https://commercetools.github.io/nodejs/sdk/api/sdkMiddlewareHttp.html#retrying-requests) on 500 or network error. Default is true                                     |
+| `service`          | NO       | Contains service-specific project variables                                                                   |
+| `locale`           | NO       | Locale language tag, in `aa_AA` format, based on tags mollie supports \*                                      |
+| `port`             | NO       | Defaults to 3000 (extension) and 3001 (notifications)                                                         |
+| `logLevel`         | NO       | Specifies how verbose logs should be. Options are listed below.                                               |
+| `logTransports`    | NO       | Specifies where the logs are written to/stored. Options listed below                                          |
 
 - Valid tags are available here on mollie's documentation under [locale](https://docs.mollie.com/reference/v2/orders-api/create-order).
 
@@ -71,7 +72,8 @@ Below is an example of how these should be formatted:
         "isBasicAuth": true,
         "username": "username",
         "password": "password"
-      }
+      },
+      "enableRetry": true,
     },
     "service": {
       "port": 3050,

extension/azureHandler.ts

@@ -4,6 +4,7 @@ import { HandleRequestInput, HandleRequestSuccess } from './src/types';
 loadSettings();
 
 import handleRequest from './src/requestHandlers/handleRequest';
+import { createCorrelationId } from './src/utils';
 
 const httpTrigger: AzureFunction = async function (context: Context, req: HttpRequest): Promise<void> {
   /*
@@ -15,11 +16,13 @@ const httpTrigger: AzureFunction = async function (context: Context, req: HttpRe
   const result = await handleRequest(requestInput);
   if (result instanceof HandleRequestSuccess) {
     context.res = {
+      headers: { ...context?.res?.headers, 'x-correlation-id': req.headers['x-correlation-id'] ?? createCorrelationId() },
       status: result.status,
       body: { actions: result.actions },
     };
   } else {
     context.res = {
+      headers: { ...context?.res?.headers, 'x-correlation-id': req.headers['x-correlation-id'] ?? createCorrelationId() },
       status: result.status,
       body: { errors: result.errors },
     };

extension/config/config-model.ts

@@ -14,6 +14,7 @@ export interface Config {
       username?: string;
       password?: string;
     };
+    enableRetry?: boolean;
   };
   service: {
     port: number | string;

extension/config/config.ts

@@ -38,6 +38,7 @@ export function loadConfig(ctMollieConfig: string | undefined) {
       envConfig.service?.locale && envConfig.service.locale.match(localeRegex) && { locale: envConfig.service.locale },
     );
     Object.assign(config.commercetools, envConfig.commercetools?.authentication ? { authentication: envConfig.commercetools.authentication } : { authentication: { isBasicAuth: false } });
+    Object.assign(config.commercetools, { enableRetry: envConfig.commercetools.enableRetry ?? true });
 
     const { valid, message } = isConfigValid(config);
 

extension/expressHandler.ts

@@ -1,12 +1,14 @@
 import { Request, Response } from 'express';
 import handleRequest from './src/requestHandlers/handleRequest';
 import { HandleRequestInput, HandleRequestSuccess } from './src/types';
+import { createCorrelationId } from './src/utils';
 
 export default async function handler(req: Request, res: Response) {
   const headers = new Map([['authorization', req?.headers?.authorization ?? '']]);
   const requestInput = new HandleRequestInput(req.path, req.method, req.body, headers);
 
   const result = await handleRequest(requestInput);
+  res.setHeader('x-correlation-id', req?.headers?.['x-correlation-id'] ?? createCorrelationId());
   if (result instanceof HandleRequestSuccess) {
     if (result.actions && result.actions.length > 0) {
       return res.status(result.status).send({ actions: result.actions });

extension/gcpFunctionHandler.ts

@@ -1,11 +1,13 @@
 import { Request, Response } from 'express';
 import handleRequest from './src/requestHandlers/handleRequest';
 import { HandleRequestInput, HandleRequestSuccess } from './src/types';
+import { createCorrelationId } from './src/utils';
 
 exports.handler = async (req: Request, res: Response) => {
   const headers = new Map([['authorization', req?.headers?.authorization ?? '']]);
   const requestInput = new HandleRequestInput(req.path, req.method, req.body, headers);
   const result = await handleRequest(requestInput);
+  res.setHeader('x-correlation-id', req?.headers?.['x-correlation-id'] ?? createCorrelationId());
   if (result instanceof HandleRequestSuccess) {
     if (result.actions && result.actions.length > 0) {
       return res.status(result.status).send({ actions: result.actions });

extension/lambdaHandler.ts

@@ -1,4 +1,5 @@
 import { APIGatewayProxyEvent } from 'aws-lambda';
+import { createCorrelationId } from './src/utils';
 import handleRequest from './src/requestHandlers/handleRequest';
 import { HandleRequestInput, HandleRequestSuccess } from './src/types';
 
@@ -12,6 +13,7 @@ exports.handler = async (event: APIGatewayProxyEvent) => {
 
   if (result instanceof HandleRequestSuccess) {
     return {
+      headers: { ...event.headers, 'x-correlation-id': event.headers['x-correlation-id'] ?? createCorrelationId() },
       statusCode: result.status,
       body: JSON.stringify({
         responseType: 'UpdateRequest',
@@ -20,6 +22,7 @@ exports.handler = async (event: APIGatewayProxyEvent) => {
     };
   } else {
     return {
+      headers: { ...event.headers, 'x-correlation-id': event.headers['x-correlation-id'] ?? createCorrelationId() },
       statusCode: result.status,
       body: JSON.stringify({
         responseType: 'FailedValidation',

extension/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "mollie-commercetools-extension-module",
-  "version": "1.0.0-beta.2",
+  "version": "1.0.0-beta.3",
   "author": "Mollie",
   "description": "Integration between commercetools and mollie payment service provider",
   "license": "MIT",
@@ -38,6 +38,7 @@
     "@types/supertest": "2.0.11",
     "@types/uuid": "8.3.4",
     "axios": "0.24.0",
+    "dotenv": "16.0.0",
     "jest": "27.4.7",
     "nock": "13.2.2",
     "node-mocks-http": "1.11.0",
@@ -53,6 +54,7 @@
     "@commercetools/platform-sdk": "2.1.0",
     "@commercetools/sdk-client": "2.1.2",
     "@commercetools/sdk-middleware-auth": "6.2.0",
+    "@commercetools/sdk-middleware-correlation-id": "2.1.4",
     "@commercetools/sdk-middleware-http": "6.1.0",
     "@commercetools/sdk-middleware-user-agent": "2.1.5",
     "@mollie/api-client": "3.6.0-beta.3",

extension/package.json

@@ -1,15 +1,17 @@
 import fetch from 'node-fetch-commonjs';
 import { createAuthMiddlewareForClientCredentialsFlow } from '@commercetools/sdk-middleware-auth';
+import { createCorrelationIdMiddleware } from '@commercetools/sdk-middleware-correlation-id';
 import { createHttpMiddleware } from '@commercetools/sdk-middleware-http';
 import { createUserAgentMiddleware } from '@commercetools/sdk-middleware-user-agent';
 import { createClient } from '@commercetools/sdk-client';
 
 import config from '../../config/config';
+import { createCorrelationId } from '../utils';
 import { version } from '../../package.json';
 
 export default function initialiseCommercetoolsClient(): any {
   const {
-    commercetools: { projectKey, clientId, clientSecret, host, authUrl, scopes },
+    commercetools: { projectKey, clientId, clientSecret, host, authUrl, scopes, enableRetry },
   } = config;
 
   const userAgentMiddleware = createUserAgentMiddleware({
@@ -28,11 +30,21 @@ export default function initialiseCommercetoolsClient(): any {
     fetch,
   });
 
-  const ctHttpMiddleWare = createHttpMiddleware({
+  // Retries are enabled with exponential backoff (recommended to prevent spamming of the server)
+  // The maxDelay sets an upper limit on long to wait before retrying, useful when the delay time grows
+  // exponentialy more than reasonable.
+  // https://commercetools.github.io/nodejs/sdk/api/sdkMiddlewareHttp.html#named-arguments-options
+  const httpOptions = {
     host,
+    enableRetry,
     fetch,
+  };
+  enableRetry && Object.assign(httpOptions, { retryConfig: { maxDelay: 10000 } });
+  const ctHttpMiddleWare = createHttpMiddleware(httpOptions);
+  const correlationIdMiddleWare = createCorrelationIdMiddleware({
+    generate: createCorrelationId,
   });
 
-  const commercetoolsClient = createClient({ middlewares: [userAgentMiddleware, ctAuthMiddleware, ctHttpMiddleWare] });
+  const commercetoolsClient = createClient({ middlewares: [userAgentMiddleware, ctAuthMiddleware, correlationIdMiddleWare, ctHttpMiddleWare] });
   return commercetoolsClient;
 }