[Snyk] Upgrade @middy/ssm from 2.5.6 to 2.5.7

.github/workflows/ci-master.yml

@@ -16,10 +16,21 @@ jobs:
     name: Tests
     steps:
     - uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
+    - uses: actions/setup-node@v2
       with:
-        node-version: '12.x'
-    - run: npm install
+        node-version: '14.x'
+    - name: Cache node modules
+      uses: actions/cache@v2
+      env:
+        cache-name: cache-node-modules
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - run: npm ci
     - run: npm run lint
     - run: npm run typecheck
     - run: npm run test

.github/workflows/ci-pull-request.yml

@@ -24,10 +24,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
+    - uses: actions/setup-node@v2
       with:
-        node-version: '12.x'
-    - run: npm install
+        node-version: '14.x'
+    - name: Cache node modules
+      uses: actions/cache@v2
+      env:
+        cache-name: cache-node-modules
+      with:
+        path: ~/.npm
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - run: npm ci
     - run: npm run lint
     - run: npm run typecheck
     - run: npm run test

.nvmrc

@@ -0,0 +1 @@
+lts/fermium

README.md

@@ -10,12 +10,12 @@ To get onboarded as a HealthCerts Issuer, please refer to the [Notarise FAQ (poi
 
 To start endorsing your **Pre-departure Test (PDT) HealthCerts** on Notarise.gov.sg, please take note of the respective endpoints for each version/environment:
 
-| **Environment** | **PDT Schema v1.0**\*      | **PDT Schema v2.0**           |
-| --------------- | -------------------------- | ----------------------------- |
-| Staging         | `/stg/notarise/pdt`        | `/stg/v2/notarise/pdt`        |
-| Production      | `/production/notarise/pdt` | `/production/v2/notarise/pdt` |
+| **Environment** | **PDT Schema v2.0**           |
+| --------------- | ----------------------------- |
+| Staging         | `/stg/v2/notarise/pdt`        |
+| Production      | `/production/v2/notarise/pdt` |
 
-> **Deprecation notice**: v1.0 endpoint is scheduled to be deprecated on 31 October 2021. Please refer to [this guide](https://github.com/Open-Attestation/schemata/pull/38) to migrate to PDT Schema v2.0.<br/><br/>Please be reminded that endorsement of documents utilising the new PDT HealthCert Schema v2.0 is only available in the new v2 Notarise endpoint: `/stg/v2/notarise/pdt` or `/production/v2/notarise/pdt`.
+> **Deprecation notice**: v1.0 endpoint is deprecated on 31 January 2022. Please refer to [this guide](https://github.com/Open-Attestation/schemata/pull/38) to migrate to PDT Schema v2.0.<br/><br/>Please be reminded that endorsement of documents utilising the new PDT HealthCert Schema v2.0 is only available in the new v2 Notarise endpoint: `/stg/v2/notarise/pdt` or `/production/v2/notarise/pdt`.
 
 **Request Format**:
 
@@ -33,7 +33,7 @@ curl -i -X POST \
 {
   "notarisedDocument": {...},
   "ttl": 1636629304073,
-  "url": "https://action.openattestation.com/?q=xxx",
+  "url": "https://www.verify.gov.sg/verify?q=xxx",
   "gpayCovidCardUrl": "https://pay.google.com/gp/v/save/xxx"
 }
 ```

package.json

@@ -25,30 +25,31 @@
   "dependencies": {
     "@ahryman40k/ts-fhir-types": "^4.0.36",
     "@govtechsg/oa-schemata": "^1.15.10",
-    "@govtechsg/oa-verify": "^7.7.0",
+    "@govtechsg/oa-verify": "^7.8.0",
     "@govtechsg/open-attestation": "^6.2.0",
-    "@middy/core": "^2.5.3",
-    "@middy/http-error-handler": "^2.5.3",
-    "@middy/http-json-body-parser": "^2.5.3",
-    "@middy/ssm": "^2.5.3",
-    "@notarise-gov-sg/gpay-covid-cards": "^1.0.4",
+    "@middy/core": "^2.5.6",
+    "@middy/http-error-handler": "^2.5.6",
+    "@middy/http-json-body-parser": "^2.5.6",
+    "@middy/ssm": "^2.5.7",
+    "@notarise-gov-sg/gpay-covid-cards": "^1.0.5",
     "@notarise-gov-sg/i18n-nationality": "^1.2.2",
     "@notarise-gov-sg/sns-notify-recipients": "^1.5.2",
     "@pathcheck/dcc-sdk": "0.0.17",
     "@types/url-join": "^4.0.1",
-    "aws-sdk": "^2.1036.0",
+    "aws-sdk": "^2.1062.0",
     "aws-xray-sdk-core": "^3.3.4",
     "axios": "^0.24.0",
-    "debug": "^4.3.2",
+    "debug": "^4.3.3",
     "fhir": "^4.11.1",
     "file-loader": "^6.2.0",
+    "file-type": "16.5.3",
     "he": "1.2.0",
     "http-errors": "1.8.1",
     "lodash": "^4.17.21",
     "middy-middleware-json-error-handler": "^3.0.0",
     "moment-timezone": "^0.5.34",
     "runtypes": "^6.5.0",
-    "serverless": "^2.66.2",
+    "serverless": "^2.72.1",
     "serverless-http": "^2.7.0",
     "serverless-offline-ses": "https://github.com/rjchow/serverless-offline-ses/tarball/release/1",
     "serverless-plugin-aws-alerts": "^1.7.4",
@@ -58,43 +59,44 @@
     "validate.js": "^0.13.1"
   },
   "devDependencies": {
-    "@babel/preset-env": "^7.16.4",
-    "@babel/preset-typescript": "^7.16.0",
-    "@govtechsg/serverless-selective-functions": "^0.1.1",
-    "@types/aws-lambda": "^8.10.85",
+    "@babel/preset-env": "^7.16.11",
+    "@babel/preset-typescript": "^7.16.7",
+    "@govtechsg/serverless-selective-functions": "^0.1.2",
+    "@types/aws-lambda": "^8.10.91",
     "@types/debug": "^4.1.7",
     "@types/dotenv": "^8.2.0",
     "@types/he": "^1.1.2",
-    "@types/http-errors": "^1.8.1",
-    "@types/jest": "^27.0.3",
-    "@types/lodash": "^4.14.177",
-    "@types/qrcode": "^1.4.1",
+    "@types/http-errors": "^1.8.2",
+    "@types/jest": "^27.4.0",
+    "@types/lodash": "^4.14.178",
+    "@types/qrcode": "^1.4.2",
     "@types/supertest": "^2.0.11",
-    "@types/uuid": "^8.3.3",
-    "@typescript-eslint/eslint-plugin": "^5.4.0",
-    "@typescript-eslint/parser": "^5.4.0",
+    "@types/uuid": "^8.3.4",
+    "@typescript-eslint/eslint-plugin": "^5.10.0",
+    "@typescript-eslint/parser": "^5.10.0",
     "cross-env": "^7.0.3",
-    "depcheck": "^1.4.2",
-    "eslint": "^8.3.0",
+    "depcheck": "^1.4.3",
+    "eslint": "^8.7.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-import": "^2.25.3",
-    "eslint-plugin-jest": "^25.3.0",
+    "eslint-plugin-import": "^2.25.4",
+    "eslint-plugin-jest": "^25.7.0",
     "eslint-plugin-prettier": "^4.0.0",
     "fork-ts-checker-webpack-plugin": "^6.4.2",
-    "jest": "^27.3.1",
+    "jest": "^27.4.7",
     "jest-raw-loader": "^1.0.1",
-    "prettier": "^2.5.0",
+    "prettier": "^2.5.1",
     "raw-loader": "^4.0.2",
     "serverless-attach-permission-boundary": "^0.1.0",
+    "serverless-domain-manager": "^5.4.1",
     "serverless-offline": "^8.3.1",
-    "serverless-s3-local": "^0.6.20",
+    "serverless-s3-local": "^0.6.21",
     "serverless-webpack": "^5.6.0",
-    "supertest": "^6.1.6",
-    "ts-jest": "^27.0.7",
+    "supertest": "^6.2.2",
+    "ts-jest": "^27.1.3",
     "ts-loader": "^9.2.6",
-    "typescript": "^4.5.2",
-    "webpack": "^5.64.4",
+    "typescript": "^4.5.5",
+    "webpack": "^5.67.0",
     "webpack-node-externals": "^3.0.0"
   }
 }

serverless.yml

@@ -2,7 +2,7 @@ service: api-notarise-healthcerts
 
 provider:
   name: aws
-  runtime: nodejs12.x
+  runtime: nodejs14.x
   memorySize: 256
   timeout: 30 # optional, in seconds, default is 6
   stage: ${opt:stage, "dev"}
@@ -70,43 +70,6 @@ provider:
       burstLimit: 200
       rateLimit: 100
 functions:
-  notarisePdt:
-    environment:
-      STAGE: ${self:provider.stage}
-      DEBUG: "*,-follow-redirects"
-      INFURA_API_KEY: ${self:custom.${self:custom.envSource}.INFURA_API_KEY}
-      SIGNING_DID_NAME: ${self:custom.${self:custom.envSource}.SIGNING_DID_NAME}
-      SIGNING_DNS_DID_LOCATION: ${self:custom.${self:custom.envSource}.SIGNING_DNS_DID_LOCATION}
-      SIGNING_DID: ${self:custom.${self:custom.envSource}.SIGNING_DID}
-      SIGNING_DID_KEY: ${self:custom.${self:custom.envSource}.SIGNING_DID_KEY}
-      SIGNING_DID_PRIVATE_KEY: ${self:custom.${self:custom.envSource}.SIGNING_DID_PRIVATE_KEY}
-      TRANSIENT_STORAGE_URL: ${self:custom.${self:custom.envSource}.TRANSIENT_STORAGE_URL}
-      TRANSIENT_STORAGE_API_KEY: ${self:custom.${self:custom.envSource}.TRANSIENT_STORAGE_API_KEY}
-      NOTIFICATION_ENABLED: ${self:custom.${self:custom.envSource}.NOTIFICATION_ENABLED}
-      NOTIFICATION_TOPIC_ARN: ${self:custom.${self:custom.envSource}.NOTIFICATION_TOPIC_ARN}
-      NOTIFICATION_SENDER_NAME: ${self:custom.${self:custom.envSource}.NOTIFICATION_SENDER_NAME}
-      NOTIFICATION_SENDER_LOGO: ${self:custom.${self:custom.envSource}.NOTIFICATION_SENDER_LOGO}
-      NOTIFICATION_TEMPLATE_ID: ${self:custom.${self:custom.envSource}.NOTIFICATION_TEMPLATE_ID}
-      AUTHORIZED_ISSUERS_MAP: ${self:custom.${self:custom.envSource}.AUTHORIZED_ISSUERS_MAP}
-      ETHEREUM_NETWORK: ${self:custom.ethereumConfig.${self:provider.stage}, self:custom.ethereumConfig.stg}
-      USE_API_AUTHORISED_ISSUER: ${self:custom.${self:custom.envSource}.USE_API_AUTHORISED_ISSUER}
-      AUTHORIZED_ISSUERS_API_URL: ${self:custom.${self:custom.envSource}.AUTHORIZED_ISSUERS_API_URL}
-      AUTHORIZED_ISSUERS_API_KEY: ${self:custom.${self:custom.envSource}.AUTHORIZED_ISSUERS_API_KEY}
-      OFFLINE_QR_ENABLED: ${self:custom.${self:custom.envSource}.OFFLINE_QR_ENABLED}
-      SIGNING_EU_QR_NAME: ${self:custom.${self:custom.envSource}.SIGNING_EU_QR_NAME}
-      SIGNING_EU_QR_PUBLIC_KEY: ${self:custom.${self:custom.envSource}.SIGNING_EU_QR_PUBLIC_KEY}
-      SIGNING_EU_QR_PRIVATE_KEY: ${self:custom.${self:custom.envSource}.SIGNING_EU_QR_PRIVATE_KEY}
-      WHITELIST_NRICS: ${self:custom.${self:custom.envSource}.WHITELIST_NRICS}
-    handler: src/functionHandlers/notarisePdt/v1/handler.handler
-    events:
-      - http:
-          path: /notarise/pdt
-          method: post
-          private: true
-      - http:
-          path: /v1/notarise/pdt
-          method: post
-          private: true
   notarisePdtV2:
     environment:
       STAGE: ${self:provider.stage}
@@ -162,10 +125,13 @@ custom:
   # ssm failure returns "undefined" while env failure returns ""
   vpcDiscovery:
     vpcName: "${env:VPC_NAME}"
-    subnetNames: # optional if securityGroupNames are specified
-      - "notarize-${self:custom.subnetEnvName.${self:provider.stage}, self:custom.subnetEnvName.other}-application-private-*"
-    securityGroupNames:
-      - "default"
+    subnets:
+      - tagKey: Name
+        tagValues:
+          - "notarize-${self:custom.subnetEnvName.${self:provider.stage}, self:custom.subnetEnvName.other}-application-private-*"
+    securityGroups:
+      - names:
+        - "default-application-vpc-*"
   subnetEnvName:
     stg: "stg"
     production: "prd"
@@ -174,6 +140,17 @@ custom:
     stg: "ssm"
     production: "ssm"
     other: "dotenv"
+  customDomainList:
+    production: "api-notarise-healthcerts.aws.notarise.gov.sg"
+    stg: "api-notarise-healthcerts.stg.notarise.io"
+    other: "api-notarise-healthcerts-${self:provider.stage}.stg.notarise.io"
+  customDomain:
+    domainName: "${self:custom.customDomainList.${self:provider.stage}, self:custom.customDomainList.other}"
+    basePath: ""
+    stage: ${self:provider.stage}
+    createRoute53Record: true
+    endpointType: regional
+    autoDomain: true
   envSource: ${self:custom.envSourceConfig.${self:provider.stage}, self:custom.envSourceConfig.other}
   KMS_ARN: ${env:KMS_ARN, "PLACEHOLDER_ARN"}
   ethereumConfig:
@@ -271,6 +248,7 @@ plugins:
   - serverless-s3-local
   - serverless-offline
   - serverless-offline-ses
+  - serverless-domain-manager
   - serverless-attach-permission-boundary
   - serverless-plugin-aws-alerts
   - "@govtechsg/serverless-selective-functions"

src/common/datetime.ts

@@ -1,5 +1,7 @@
 // Replica of https://github.com/Notarise-gov-sg/healthcert-renderer/blob/352bc3ce4e24308942dce295b604a13daa394b0e/src/util/datetime.ts
 
+import moment from "moment-timezone";
+
 const SG_LOCALE = "en-sg";
 
 // FIXME: "en-sg" locale may not be supported in user's browser
@@ -38,3 +40,15 @@ export const isoToDateOnlyString = (iso = ""): string =>
     day: "numeric",
     year: "numeric",
   });
+
+/**
+ * Returns a nicely formatted date-time string with GMT+08:00 timezone.
+ * @param iso "2020-09-28T06:15:00Z"
+ * @returns "9/28/20 6:15:00 AM GMT+08:00"
+ */
+export const parseDateTime = (dateString: string | undefined): string =>
+  dateString
+    ? `${moment
+        .tz(dateString, "Asia/Singapore")
+        .format("M/D/YY h:mm:ss A")} GMT+08:00`
+    : "";