Skip to main content

Repository: trade-tariff-dev-hub-backend

Express app giving FPO operators the ability to manage their own API credentials via a UI.

README

Express app giving FPO operators the ability to manage their own API credentials.

Local development

Prerequisites

Running localstack

To reduce feedback loops and improve developer efficiency, we simulate aws services with localstack. You can bring up localstack using docker-compose with a simple Makefile wrapper

make localstack

Starting the application

Make sure you have started localstack before running the application.

make run

Running tests

make test

Authentication

When this backend app is deployed to ECS we enable client credentials authentication using Cognito User Pools

sequenceDiagram
participant Client Application
participant Cognito Authorization Server
participant Protected Resource / API

Client Application->>Cognito Authorization Server: Request Access Token (Client ID, Client Secret)
Cognito Authorization Server->>Cognito Authorization Server: Validate Credentials
Cognito Authorization Server->>Client Application: Access Token
Client Application->>Protected Resource / API: API Request (Access Token)
Protected Resource / API->>Protected Resource / API: Validate Token
Protected Resource / API->>Client Application: API Response

Access tokens need to be refreshed by the client and the backend decodes/verifies the JWT in the Authorisation header.

Point in time recovery

When restoring from a PITR snapshot a new table will be generated with the data in it. Change the value of the env var in main.tf to update this to the new table name for all environments (e.g. development, staging and production) as this application is released.

See pitr-manual for how-to instructions on restoring from a Point in Time Recovery snapshot.

API Documentation

Once the application is running, open a web browser and navigate to the Swagger UI URL: http://localhost:5001/api-docs

This has been disabled to only run in development mode as the endpoints are designed to be be internal.