Use in-memory token store when developing locally (#273)

* Use in-memory token store when developing locally Removes the need for a local Redis container * Remove docker-compose dependency * Default to disabled when running locally * Rename to InMemoryTokenStore + explicitly create session MemoryStore
ministryofjustice · Nov 29, 2023 · 3949b48 · 3949b48
1 parent ca2cfee
commit 3949b48
Show file tree

Hide file tree

Showing 17 changed files with 73 additions and 38 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -72,9 +72,8 @@ jobs:
 
   integration_test:
     executor:
-      name: hmpps/node_redis
-      node_tag: << pipeline.parameters.node-version >>
-      redis_tag: "7.0"
+      name: hmpps/node
+      tag: << pipeline.parameters.node-version >>
     steps:
       - checkout
       - attach_workspace:

diff --git a/README.md b/README.md
@@ -89,7 +89,7 @@ And then, to build the assets and start the app with nodemon:
 
 ### Running integration tests
 
-For local running, start a test db, redis, and wiremock instance by:
+For local running, start a test db and wiremock instance by:
 
 `docker compose -f docker-compose-test.yml up`
 

diff --git a/docker-compose-test.yml b/docker-compose-test.yml
@@ -1,13 +1,6 @@
 version: '3.1'
 services:
 
-  redis:
-    image: 'redis:7.2'
-    networks:
-      - hmpps_int
-    ports:
-      - '6379:6379'
-
   wiremock:
     image: wiremock/wiremock
     networks:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,16 +1,6 @@
 version: '3.1'
 services:
 
-  redis:
-    image: 'redis:7.2'
-    networks:
-      - hmpps
-    container_name: redis
-    environment:
-      - ALLOW_EMPTY_PASSWORD=yes
-    ports:
-      - '6379:6379'
-
   hmpps-auth:
     image: quay.io/hmpps/hmpps-auth:latest
     networks:
@@ -33,12 +23,11 @@ services:
         GIT_BRANCH: main
     networks:
       - hmpps
-    depends_on: [redis]
     ports:
       - "3000:3000"
     environment:
       - PRODUCT_ID=UNASSIGNED
-      - REDIS_HOST=redis
+      - REDIS_ENABLED=false
       - HMPPS_AUTH_EXTERNAL_URL=http://localhost:9090/auth
       - HMPPS_AUTH_URL=http://hmpps-auth:8080/auth
       # These will need to match new creds in the seed auth service auth

diff --git a/feature.env b/feature.env
@@ -3,6 +3,7 @@ HMPPS_AUTH_URL=http://localhost:9091/auth
 MANAGE_USERS_API_URL=http://localhost:9091/manage-users-api
 TOKEN_VERIFICATION_API_URL=http://localhost:9091/verification
 TOKEN_VERIFICATION_ENABLED=true
+REDIS_ENABLED=false
 NODE_ENV=development
 API_CLIENT_ID=clientid
 API_CLIENT_SECRET=clientsecret

diff --git a/helm_deploy/hmpps-template-typescript/values.yaml b/helm_deploy/hmpps-template-typescript/values.yaml
@@ -31,6 +31,7 @@ generic-service:
   # Environment variables to load into the deployment
   env:
     NODE_ENV: "production"
+    REDIS_ENABLED: "true"
     REDIS_TLS_ENABLED: "true"
     TOKEN_VERIFICATION_ENABLED: "true"
     APPLICATIONINSIGHTS_CONNECTION_STRING: "InstrumentationKey=$(APPINSIGHTS_INSTRUMENTATIONKEY);IngestionEndpoint=https://northeurope-0.in.applicationinsights.azure.com/;LiveEndpoint=https://northeurope.livediagnostics.monitor.azure.com/"

diff --git a/server/config.ts b/server/config.ts
@@ -38,6 +38,7 @@ export default {
   https: production,
   staticResourceCacheDuration: '1h',
   redis: {
+    enabled: get('REDIS_ENABLED', 'false', requiredInProduction) === 'true',
     host: get('REDIS_HOST', 'localhost', requiredInProduction),
     port: parseInt(process.env.REDIS_PORT, 10) || 6379,
     password: process.env.REDIS_AUTH_TOKEN,

diff --git a/server/data/hmppsAuthClient.test.ts b/server/data/hmppsAuthClient.test.ts
@@ -2,9 +2,9 @@ import nock from 'nock'
 
 import config from '../config'
 import HmppsAuthClient from './hmppsAuthClient'
-import TokenStore from './tokenStore'
+import TokenStore from './tokenStore/redisTokenStore'
 
-jest.mock('./tokenStore')
+jest.mock('./tokenStore/redisTokenStore')
 
 const tokenStore = new TokenStore(null) as jest.Mocked<TokenStore>
 

diff --git a/server/data/hmppsAuthClient.ts b/server/data/hmppsAuthClient.ts
@@ -2,7 +2,7 @@ import { URLSearchParams } from 'url'
 
 import superagent from 'superagent'
 
-import type TokenStore from './tokenStore'
+import type TokenStore from './tokenStore/tokenStore'
 import logger from '../../logger'
 import config from '../config'
 import generateOauthClientToken from '../authentication/clientCredentials'

diff --git a/server/data/index.ts b/server/data/index.ts
@@ -13,13 +13,17 @@ buildAppInsightsClient(applicationInfo)
 import HmppsAuthClient from './hmppsAuthClient'
 import ManageUsersApiClient from './manageUsersApiClient'
 import { createRedisClient } from './redisClient'
-import TokenStore from './tokenStore'
+import RedisTokenStore from './tokenStore/redisTokenStore'
+import InMemoryTokenStore from './tokenStore/inMemoryTokenStore'
+import config from '../config'
 
 type RestClientBuilder<T> = (token: string) => T
 
 export const dataAccess = () => ({
   applicationInfo,
-  hmppsAuthClient: new HmppsAuthClient(new TokenStore(createRedisClient())),
+  hmppsAuthClient: new HmppsAuthClient(
+    config.redis.enabled ? new RedisTokenStore(createRedisClient()) : new InMemoryTokenStore(),
+  ),
   manageUsersApiClient: new ManageUsersApiClient(),
 })
 

diff --git a/server/data/manageUsersApiClient.test.ts b/server/data/manageUsersApiClient.test.ts
@@ -3,7 +3,7 @@ import nock from 'nock'
 import config from '../config'
 import ManageUsersApiClient from './manageUsersApiClient'
 
-jest.mock('./tokenStore')
+jest.mock('./tokenStore/redisTokenStore')
 
 const token = { access_token: 'token-1', expires_in: 300 }
 

diff --git a/server/data/tokenStore/inMemoryTokenStore.test.ts b/server/data/tokenStore/inMemoryTokenStore.test.ts
@@ -0,0 +1,19 @@
+import TokenStore from './inMemoryTokenStore'
+
+describe('inMemoryTokenStore', () => {
+  let tokenStore: TokenStore
+
+  beforeEach(() => {
+    tokenStore = new TokenStore()
+  })
+
+  it('Can store and retrieve token', async () => {
+    await tokenStore.setToken('user-1', 'token-1', 10)
+    expect(await tokenStore.getToken('user-1')).toBe('token-1')
+  })
+
+  it('Expires token', async () => {
+    await tokenStore.setToken('user-2', 'token-2', -1)
+    expect(await tokenStore.getToken('user-2')).toBe(null)
+  })
+})
diff --git a/server/data/tokenStore/inMemoryTokenStore.ts b/server/data/tokenStore/inMemoryTokenStore.ts
@@ -0,0 +1,17 @@
+import TokenStore from './tokenStore'
+
+export default class InMemoryTokenStore implements TokenStore {
+  map = new Map<string, { token: string; expiry: Date }>()
+
+  public async setToken(key: string, token: string, durationSeconds: number): Promise<void> {
+    this.map.set(key, { token, expiry: new Date(Date.now() + durationSeconds * 1000) })
+    return Promise.resolve()
+  }
+
+  public async getToken(key: string): Promise<string> {
+    if (!this.map.has(key) || this.map.get(key).expiry.getTime() < Date.now()) {
+      return Promise.resolve(null)
+    }
+    return Promise.resolve(this.map.get(key).token)
+  }
+}
diff --git a/server/data/tokenStore.test.ts → ...r/data/tokenStore/redisTokenStore.test.ts b/server/data/tokenStore.test.ts → ...r/data/tokenStore/redisTokenStore.test.ts
@@ -1,5 +1,5 @@
-import { RedisClient } from './redisClient'
-import TokenStore from './tokenStore'
+import { RedisClient } from '../redisClient'
+import TokenStore from './redisTokenStore'
 
 const redisClient = {
   get: jest.fn(),

diff --git a/server/data/tokenStore.ts → server/data/tokenStore/redisTokenStore.ts b/server/data/tokenStore.ts → server/data/tokenStore/redisTokenStore.ts
@@ -1,8 +1,9 @@
-import type { RedisClient } from './redisClient'
+import type { RedisClient } from '../redisClient'
 
-import logger from '../../logger'
+import logger from '../../../logger'
+import TokenStore from './tokenStore'
 
-export default class TokenStore {
+export default class RedisTokenStore implements TokenStore {
   private readonly prefix = 'systemToken:'
 
   constructor(private readonly client: RedisClient) {

diff --git a/server/data/tokenStore/tokenStore.ts b/server/data/tokenStore/tokenStore.ts
@@ -0,0 +1,4 @@
+export default interface TokenStore {
+  setToken(key: string, token: string, durationSeconds: number): Promise<void>
+  getToken(key: string): Promise<string>
+}
diff --git a/server/middleware/setUpWebSession.ts b/server/middleware/setUpWebSession.ts
@@ -1,19 +1,25 @@
 import { v4 as uuidv4 } from 'uuid'
-import session from 'express-session'
+import session, { MemoryStore, Store } from 'express-session'
 import RedisStore from 'connect-redis'
 import express, { Router } from 'express'
 import { createRedisClient } from '../data/redisClient'
 import config from '../config'
 import logger from '../../logger'
 
 export default function setUpWebSession(): Router {
-  const client = createRedisClient()
-  client.connect().catch((err: Error) => logger.error(`Error connecting to Redis`, err))
+  let store: Store
+  if (config.redis.enabled) {
+    const client = createRedisClient()
+    client.connect().catch((err: Error) => logger.error(`Error connecting to Redis`, err))
+    store = new RedisStore({ client })
+  } else {
+    store = new MemoryStore()
+  }
 
   const router = express.Router()
   router.use(
     session({
-      store: new RedisStore({ client }),
+      store,
       cookie: { secure: config.https, sameSite: 'lax', maxAge: config.session.expiryMinutes * 60 * 1000 },
       secret: config.session.secret,
       resave: false, // redis implements touch so shouldn't need this