:Merge remote-tracking branch 'origin/master' into primary-res-req-body-fix

Author: rcrichton

.gitignore

@@ -24,3 +24,4 @@ coverage.lcov
 .nyc_output
 .data
 coverage/
+DockerfileARM

.travis.yml

@@ -1,4 +1,5 @@
 language: node_js
+dist: jammy
 node_js:
   - "lts/fermium"
   - "lts/gallium"

config/config.md

@@ -84,6 +84,8 @@ The following config option are provided by the OpenHIM. All of these options ha
     "openid": {
       // Openid connect provider realm url link
       "url": "http://localhost:9088/realms/platform-realm",
+      // (Optional) Openid connect provider issuer url incase this is different from the api url e.g. if you are using a proxy
+      "issuerUrl": "http://localhost:9088/realms/platform-realm",
       // Callback URL used by openid connect provider (should be the same callback URL specified in realm)
       "callbackUrl": "http://localhost:9000",
       // CLient ID specified in the realm
@@ -135,15 +137,18 @@ The following config option are provided by the OpenHIM. All of these options ha
     "enableJWTAuthentication": false,
     // JWT specific config
     "jwt": {
-      // The secret or public key used by the encryption algorithm in signing the token
+      // The URL to the JSON Web Key Set (JWKS) endpoint. Either this or the secretOrPublicKey must be provided.
+      "jwksUri": "",
+      // The secret or public key used by the encryption algorithm in signing the token. The value is either
+      // The secret as a string or a path to a public key. Either this or the jwksUri must be provided.
       "secretOrPublicKey": "",
-    // The algorithm used to sign the token. i.e. HS256, RS256, ES256, PS256, etc
+      // (required) The algorithm used to sign the token. i.e. HS256, RS256, ES256, PS256, etc
       "algorithms": "",
-    // The JWT Audience (aud) is a registered claim field in the payload.
-    // It identifies the intended recipients of the JWT. These values are usually case sensitive strings.
+      // (optional) The JWT Audience (aud) is a registered claim field in the payload.
+      // It identifies the intended recipients of the JWT. These values are usually case sensitive strings.
       "audience": "",
-    // The JWT Issuer (iss) is a registered claim field in the payload.
-    // It identifiers the principal JWT issuer. This value is a case sensitive string.
+      // (required) The JWT Issuer (iss) is a registered claim field in the payload.
+      // It identifiers the principal JWT issuer. This value is a case sensitive string.
       "issuer": ""
     }
   },

config/default.json

@@ -81,6 +81,7 @@
     "enableCustomTokenAuthentication": false,
     "enableJWTAuthentication": false,
     "jwt": {
+      "jwksUri": "",
       "secretOrPublicKey": "",
       "algorithms": "",
       "audience": "",
@@ -164,5 +165,6 @@
     "watchFSForCert": false,
     "certPath": "/etc/letsencrypt/live/openhim.jembi.org/cert.pem",
     "keyPath": "/etc/letsencrypt/live/openhim.jembi.org/privkey.pem"
-  }
+  },
+  "openhimConsoleBaseUrl": "http://localhost:9000"
 }

config/development.json

@@ -26,5 +26,6 @@
     "watchFSForCert": false,
     "certPath": "resources/certs/default/cert.pem",
     "keyPath": "resources/certs/default/key.pem"
-  }
+  },
+  "openhimConsoleBaseUrl": "http://localhost:9000"
 }

config/test.json

@@ -45,5 +45,6 @@
     "watchFSForCert": false,
     "certPath": "resources/certs/default/cert.pem",
     "keyPath": "resources/certs/default/key.pem"
-  }
+  },
+  "openhimConsoleBaseUrl": "http://localhost:9000"
 }

docker-compose.deps.yml

@@ -0,0 +1,39 @@
+version: "3"
+
+services:
+  zookeeper:
+    image: docker.io/bitnami/zookeeper:3.8
+    ports:
+      - "2181:2181"
+    volumes:
+      - "zookeeper_data:/bitnami"
+    environment:
+      - ALLOW_ANONYMOUS_LOGIN=yes
+
+  kafka:
+    image: docker.io/bitnami/kafka:3.4
+    ports:
+      - "9092:9092"
+    volumes:
+      - "kafka_data:/bitnami"
+    environment:
+      - KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
+      - ALLOW_PLAINTEXT_LISTENER=yes
+      - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092
+      - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092
+    depends_on:
+      - zookeeper
+
+  mongo-db:
+    container_name: mongo-db
+    image: mongo:4.0
+    ports:
+      - "27017:27017"
+    volumes:
+      - "mongo-data:/data/db"
+    restart: unless-stopped
+
+volumes:
+  mongo-data:
+  zookeeper_data:
+  kafka_data: