feat: await signature verification, test improvements

packages/backend/src/app.ts

@@ -399,7 +399,7 @@ export class App {
 
     koa.use(
       async (ctx: TenantedHttpSigContext, next: Koa.Next): Promise<void> => {
-        if (!verifyTenantOrOperatorApiSignature(ctx, this.config)) {
+        if (!(await verifyTenantOrOperatorApiSignature(ctx, this.config))) {
           ctx.throw(401, 'Unauthorized')
         }
         return next()

packages/backend/src/shared/utils.test.ts

@@ -441,8 +441,11 @@ describe('utils', (): void => {
 
       ctx.request.body = requestBody
 
+      const tenantService = await deps.use('tenantService')
+      const getSpy = jest.spyOn(tenantService, 'get')
       const result = await verifyTenantOrOperatorApiSignature(ctx, config)
       expect(result).toEqual(false)
+      expect(getSpy).toHaveBeenCalled()
       expect(ctx.tenant).toBeUndefined()
       expect(ctx.isOperator).toEqual(false)
     })

packages/backend/src/shared/utils.ts

@@ -198,8 +198,7 @@ export async function verifyTenantOrOperatorApiSignature(
 
   if (!tenant) return false
 
-  if (!(await canApiSignatureBeProcessed(signature as string, ctx, config)))
-    return false
+  if (!(await canApiSignatureBeProcessed(signature, ctx, config))) return false
 
   // First, try validating with the tenant api secret
   if (