feat(integration): sign Admin API requests during integration tests

[mkurapov]

Changes proposed in this pull request

• Now that API_SECRET is required in backend (for seeding operator tenant in [Multi-Tenant] Create operator tenant #3149), we need to have request signing for the Admin API in all places. This PR adds signature signing to the integration tests

Context

Related to #3149

Checklist

• Related issues linked using fixes #number
• Tests added/updated
• Make sure that all checks pass
• Bruno collection updated (if necessary)
• Documentation issue created with user-docs label (if necessary)
• OpenAPI specs updated (if necessary)

[mkurapov]

Now that the API_SECRET is mandatory, sign graphql requests during tests as well. I was thinking of potentially bypassing signing in tests via flag like if (config.env === "test") don't add the auth middleware, but this was straightforward

[mkurapov]

edit: because of our replay attack checks, going to use if (config.env === "test") don't add the auth middleware method

[mkurapov]

Trying to debug some tests, we have test failures because of the fact that some tests send duplicate requests (with the same resulting signature). We explicitly check for duplicate requests in:

rafiki/packages/backend/src/shared/utils.ts

Lines 150 to 172 in ee45d61

	async function canApiSignatureBeProcessed(
	signature: string,
	ctx: AppContext,
	config: IAppConfig
	): Promise<boolean> {
	const { timestamp } = getSignatureParts(signature)
	const signatureTime = Number(timestamp) * 1000
	const currentTime = Date.now()
	const ttlMilliseconds = config.adminApiSignatureTtl * 1000
	if (currentTime - signatureTime > ttlMilliseconds) return false
	const redis = await ctx.container.use('redis')
	const key = `signature:${signature}`
	if (await redis.get(key)) return false
	const op = redis.multi()
	op.set(key, signature)
	op.expire(key, ttlMilliseconds)
	await op.exec()
	return true
	}

[njlie]

LGTM