diff --git a/.ebextensions/01env-file-aws-ssm.config b/.ebextensions/01env-file-aws-ssm.config index a7f16a54ad..61262fda93 100644 --- a/.ebextensions/01env-file-aws-ssm.config +++ b/.ebextensions/01env-file-aws-ssm.config @@ -46,6 +46,7 @@ files: aws ssm get-parameter --name "${ENV_TYPE}-verified-fields" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env aws ssm get-parameter --name "${ENV_TYPE}-webhook-verified-content" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env aws ssm get-parameter --name "${ENV_TYPE}-wogaa" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env + aws ssm get-parameter --name "${ENV_TYPE}/formsg-sdk/jwks" --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env aws ssm get-parameter --name "${ENV_SITE_NAME}-sgid" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env aws ssm get-parameter --name "${ENV_SITE_NAME}-payment" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env aws ssm get-parameter --name "${ENV_SITE_NAME}-cron-payment" --with-decryption --region $AWS_REGION | jq -r '.Parameter.Value' >> $TARGET_DIR/.env diff --git a/src/app/config/features/formsg-sdk-jwks.config.ts b/src/app/config/features/formsg-sdk-jwks.config.ts new file mode 100644 index 0000000000..32529685f5 --- /dev/null +++ b/src/app/config/features/formsg-sdk-jwks.config.ts @@ -0,0 +1,17 @@ +import convict, { Schema } from 'convict' + +type FormSgSdkJwks = { + publicJwks: string +} + +const formSgSdkJwksSchema: Schema = { + publicJwks: { + doc: 'JSON Web Key Set for FormSG SDK', + form: '*', + default: null, // required field + env: 'FORMSG_SDK_PUBLIC_JWKS', + }, +} +export const formSgSdkJwksConfig = convict(formSgSdkJwksSchema) + .validate({ allowed: 'strict' }) + .getProperties() diff --git a/src/app/loaders/express/index.ts b/src/app/loaders/express/index.ts index abfeada8b8..b7c9647bb6 100644 --- a/src/app/loaders/express/index.ts +++ b/src/app/loaders/express/index.ts @@ -12,6 +12,7 @@ import * as IntranetMiddleware from '../../modules/intranet/intranet.middleware' import { MYINFO_ROUTER_PREFIX } from '../../modules/myinfo/myinfo.constants' import { MyInfoRouter } from '../../modules/myinfo/myinfo.routes' import { SgidRouter } from '../../modules/sgid/sgid.routes' +import { WellKnownRouter } from '../../routes/./.well-known' import { ApiRouter } from '../../routes/api' import { LegacyRedirectRouter } from '../../routes/legacy-redirect' import { SpOidcJwksRouter } from '../../routes/singpass' @@ -123,6 +124,8 @@ const loadExpressApp = async (connection: Connection) => { app.use('/sgid', SgidRouter) app.use(MYINFO_ROUTER_PREFIX, MyInfoRouter) + app.use('/.well-known', WellKnownRouter) + // Legacy frontend routes which may still be in use app.use(LegacyRedirectRouter) @@ -135,10 +138,7 @@ const loadExpressApp = async (connection: Connection) => { // If requests for known static asset patterns were not served by // the static handlers above, middleware should try to fetch from s3 static bucket or else return 404s - app.get( - /^\/(public|static|\.well-known)\//, - catchNonExistentStaticRoutesMiddleware, - ) + app.get(/^\/(public|static)\//, catchNonExistentStaticRoutesMiddleware) // Requests for root files (e.g. /robots.txt or /favicon.ico) that were // not served statically above will also return 404 diff --git a/src/app/routes/.well-known/index.ts b/src/app/routes/.well-known/index.ts new file mode 100644 index 0000000000..a82109fe8f --- /dev/null +++ b/src/app/routes/.well-known/index.ts @@ -0,0 +1,14 @@ +import express, { Router } from 'express' + +import { formSgSdkJwksConfig } from '../../config/features/formsg-sdk-jwks.config' + +export const WellKnownRouter = Router() + +/** + * Returns the FormSG's public json web key set (JWKS) for communication with FormSG SDK + * @route GET /.well-known/formsg/jwks.json + * @returns 200 + */ +WellKnownRouter.get('/formsg/jwks.json', (req, res) => { + return res.send(formSgSdkJwksConfig.publicJwks) +})