Merge branch '2893/multi-tenancy-v1' into issues/2915-mt-frontend

bruno/collections/Rafiki/Examples/Open Payments Without Quote/Get receiver wallet address.bru

@@ -37,7 +37,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path );
   } else {
       bru.setEnvVar("receiverOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Open Payments Without Quote/Get sender wallet address.bru

@@ -28,7 +28,7 @@ script:post-response {
   }
 
   const body = res.getBody()
-
+  
   bru.setEnvVar("senderAssetCode", body?.assetCode)
   bru.setEnvVar("senderAssetScale", body?.assetScale)
 
@@ -38,7 +38,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path );
   } else {
       bru.setEnvVar("senderOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Open Payments Without Quote/Grant Request Incoming Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{receiverOpenPaymentsAuthHost}}/
+  url: {{receiverOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Open Payments Without Quote/Grant Request Outgoing Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{senderOpenPaymentsAuthHost}}/
+  url: {{senderOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Open Payments/Get receiver wallet address.bru

@@ -22,11 +22,11 @@ script:pre-request {
 
 script:post-response {
   const url = require('url')
-
+  
   if (res.getStatus() !== 200) {
     return
   }
-
+  
   const body = res.getBody()
   bru.setEnvVar("receiverAssetCode", body?.assetCode)
   bru.setEnvVar("receiverAssetScale", body?.assetScale)
@@ -37,7 +37,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path);
   } else {
       bru.setEnvVar("receiverOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Open Payments/Get sender wallet address.bru

@@ -37,7 +37,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path );
   } else {
       bru.setEnvVar("senderOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Open Payments/Grant Request Incoming Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{receiverOpenPaymentsAuthHost}}/
+  url: {{receiverOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Open Payments/Grant Request Outgoing Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{senderOpenPaymentsAuthHost}}/
+  url: {{senderOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Open Payments/Grant Request Quote.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{senderOpenPaymentsAuthHost}}/
+  url: {{senderOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Web Monetization/Get receiver wallet address.bru

@@ -28,7 +28,7 @@ script:post-response {
   }
 
   const body = res.getBody()
-
+  
   bru.setEnvVar("receiverAssetCode", body?.assetCode)
   bru.setEnvVar("receiverAssetScale", body?.assetScale)
 
@@ -38,7 +38,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("receiverOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path );
   } else {
       bru.setEnvVar("receiverOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Web Monetization/Get sender wallet address.bru

@@ -37,7 +37,7 @@ script:post-response {
       authUrl.hostname.includes('happy-life-bank')
   ){
       const port = authUrl.hostname.includes('cloud-nine-wallet')? authUrl.port: Number(authUrl.port) + 1000
-      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port );
+      bru.setEnvVar("senderOpenPaymentsAuthHost", authUrl.protocol + '//localhost:' + port + authUrl.path );
   } else {
       bru.setEnvVar("senderOpenPaymentsAuthHost", body?.authServer);
   }

bruno/collections/Rafiki/Examples/Web Monetization/Grant Request Incoming Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{receiverOpenPaymentsAuthHost}}/
+  url: {{receiverOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Examples/Web Monetization/Grant Request Outgoing Payment.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{senderOpenPaymentsAuthHost}}/
+  url: {{senderOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/Open Payments Auth APIs/Grants/Grant Request.bru

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: {{receiverOpenPaymentsAuthHost}}/
+  url: {{receiverOpenPaymentsAuthHost}}
   body: json
   auth: none
 }

bruno/collections/Rafiki/environments/Local Playground.bru

@@ -31,4 +31,5 @@ vars {
   assetCode: USD
   assetScale: 2
   senderTenantId: 438fa74a-fa7d-4317-9ced-dde32ece1787
+  RafikiGraphqlHostTenantId: 438fa74a-fa7d-4317-9ced-dde32ece1787
 }

localenv/README.md

@@ -189,6 +189,14 @@ Authentication is disabled by default for ease of development, but it can be ena
 pnpm localenv:compose:adminauth up
 ```
 
+The Admin UI requires a valid API secret and tenant id to make requests to the Admin APIs, which must be submitted via a form on the frontend. For our convenience, we log a link on Mock Account Servicing Entity (MASE) start that can be used to access the Admin UI and set the credentials automatically. The credentials used pull from the MASE’s `SIGNATURE_SECRET` and `OPERATOR_TENANT_ID` environment variables.
+
+```
+cloud-nine-mock-ase-1  | Local Dev Setup:
+cloud-nine-mock-ase-1  | Use this URL to access the frontend with operator tenant credentials:
+cloud-nine-mock-ase-1  | http://localhost:3010/?tenantId=438fa74a-fa7d-4317-9ced-dde32ece1787&apiSecret=iyIgCprjb9uL8wFckR%2BpLEkJWMB7FJhgkvqhTQR%2F964%3D
+```
+
 For additional details on using the Rafiki Admin application within the Local Playground, including enabling authentication and managing users, see the [Local Playground Rafiki Admin](https://rafiki.dev/integration/playground/overview/#rafiki-admin) documentation.
 
 # Reference

packages/auth/migrations/20241206232423_add_tenant_to_grant.js

@@ -0,0 +1,30 @@
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = function (knex) {
+  return knex.schema
+    .alterTable('grants', function (table) {
+      table.uuid('tenantId').references('tenants.id').index()
+    })
+    .then(() => {
+      return knex.raw(
+        `UPDATE "grants" SET "tenantId" = (SELECT id from "tenants" LIMIT 1)`
+      )
+    })
+    .then(() => {
+      return knex.schema.alterTable('grants', (table) => {
+        table.uuid('tenantId').notNullable().alter()
+      })
+    })
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = function (knex) {
+  return knex.schema.alterTable('grants', function (table) {
+    table.dropColumn('tenantId')
+  })
+}

packages/auth/src/access/service.test.ts

@@ -1,19 +1,19 @@
-import { faker } from '@faker-js/faker'
 import nock from 'nock'
 import { Knex } from 'knex'
-import { v4 } from 'uuid'
 import { createTestApp, TestContainer } from '../tests/app'
 import { truncateTables } from '../tests/tableManager'
 import { Config } from '../config/app'
 import { IocContract } from '@adonisjs/fold'
 import { initIocContainer } from '../'
 import { AppServices } from '../app'
 import { AccessService } from './service'
-import { Grant, GrantState, StartMethod, FinishMethod } from '../grant/model'
+import { Grant } from '../grant/model'
 import { IncomingPaymentRequest, OutgoingPaymentRequest } from './types'
-import { generateNonce, generateToken } from '../shared/utils'
+import { generateBaseGrant } from '../tests/grant'
 import { AccessType, AccessAction } from '@interledger/open-payments'
 import { Access } from './model'
+import { Tenant } from '../tenant/model'
+import { generateTenant } from '../tests/tenant'
 
 describe('Access Service', (): void => {
   let deps: IocContract<AppServices>
@@ -22,19 +22,11 @@ describe('Access Service', (): void => {
   let trx: Knex.Transaction
   let grant: Grant
 
-  const generateBaseGrant = () => ({
-    state: GrantState.Pending,
-    startMethod: [StartMethod.Redirect],
-    continueToken: generateToken(),
-    continueId: v4(),
-    finishMethod: FinishMethod.Redirect,
-    finishUri: 'https://example.com/finish',
-    clientNonce: generateNonce(),
-    client: faker.internet.url({ appendSlash: false })
-  })
-
   beforeEach(async (): Promise<void> => {
-    grant = await Grant.query(trx).insertAndFetch(generateBaseGrant())
+    const tenant = await Tenant.query(trx).insertAndFetch(generateTenant())
+    grant = await Grant.query(trx).insertAndFetch(
+      generateBaseGrant({ tenantId: tenant.id })
+    )
   })
 
   beforeAll(async (): Promise<void> => {

packages/auth/src/access/utils.test.ts

@@ -17,6 +17,8 @@ import { createTestApp, TestContainer } from '../tests/app'
 import { truncateTables } from '../tests/tableManager'
 import { generateToken, generateNonce } from '../shared/utils'
 import { compareRequestAndGrantAccessItems } from './utils'
+import { Tenant } from '../tenant/model'
+import { generateTenant } from '../tests/tenant'
 
 describe('Access utilities', (): void => {
   let deps: IocContract<AppServices>
@@ -25,6 +27,7 @@ describe('Access utilities', (): void => {
   let identifier: string
   let grant: Grant
   let grantAccessItem: Access
+  let tenant: Tenant
 
   const receiver: string =
     'https://wallet.com/alice/incoming-payments/12341234-1234-1234-1234-123412341234'
@@ -36,6 +39,7 @@ describe('Access utilities', (): void => {
 
   beforeEach(async (): Promise<void> => {
     identifier = `https://example.com/${v4()}`
+    tenant = await Tenant.query(trx).insertAndFetch(generateTenant())
     grant = await Grant.query(trx).insertAndFetch({
       state: GrantState.Processing,
       startMethod: [StartMethod.Redirect],
@@ -44,7 +48,8 @@ describe('Access utilities', (): void => {
       finishMethod: FinishMethod.Redirect,
       finishUri: 'https://example.com/finish',
       clientNonce: generateNonce(),
-      client: faker.internet.url({ appendSlash: false })
+      client: faker.internet.url({ appendSlash: false }),
+      tenantId: tenant.id
     })
 
     grantAccessItem = await Access.query(trx).insertAndFetch({
@@ -241,7 +246,8 @@ describe('Access utilities', (): void => {
       finishMethod: FinishMethod.Redirect,
       finishUri: 'https://example.com/finish',
       clientNonce: generateNonce(),
-      client: faker.internet.url({ appendSlash: false })
+      client: faker.internet.url({ appendSlash: false }),
+      tenantId: tenant.id
     })
 
     const grantAccessItem = await Access.query(trx).insertAndFetch({

packages/auth/src/accessToken/routes.test.ts

@@ -24,6 +24,8 @@ import {
 import { GrantService } from '../grant/service'
 import { AccessTokenService } from './service'
 import { GNAPErrorCode } from '../shared/gnapErrors'
+import { generateTenant } from '../tests/tenant'
+import { Tenant } from '../tenant/model'
 
 describe('Access Token Routes', (): void => {
   let deps: IocContract<AppServices>
@@ -96,7 +98,11 @@ describe('Access Token Routes', (): void => {
     const method = 'POST'
 
     beforeEach(async (): Promise<void> => {
-      grant = await Grant.query(trx).insertAndFetch(BASE_GRANT)
+      const tenant = await Tenant.query().insertAndFetch(generateTenant())
+      grant = await Grant.query(trx).insertAndFetch({
+        ...BASE_GRANT,
+        tenantId: tenant.id
+      })
       access = await Access.query(trx).insertAndFetch({
         grantId: grant.id,
         ...BASE_ACCESS
@@ -367,7 +373,11 @@ describe('Access Token Routes', (): void => {
     let token: AccessToken
 
     beforeEach(async (): Promise<void> => {
-      grant = await Grant.query(trx).insertAndFetch(BASE_GRANT)
+      const tenant = await Tenant.query().insertAndFetch(generateTenant())
+      grant = await Grant.query(trx).insertAndFetch({
+        ...BASE_GRANT,
+        tenantId: tenant.id
+      })
       token = await AccessToken.query(trx).insertAndFetch({
         grantId: grant.id,
         ...BASE_TOKEN
@@ -406,7 +416,11 @@ describe('Access Token Routes', (): void => {
     let token: AccessToken
 
     beforeEach(async (): Promise<void> => {
-      grant = await Grant.query(trx).insertAndFetch(BASE_GRANT)
+      const tenant = await Tenant.query(trx).insertAndFetch(generateTenant())
+      grant = await Grant.query(trx).insertAndFetch({
+        ...BASE_GRANT,
+        tenantId: tenant.id
+      })
       access = await Access.query(trx).insertAndFetch({
         grantId: grant.id,
         ...BASE_ACCESS