feat(kyc): validate provider config at boot and expose readiness (#213)#1
Open
driftsorbit wants to merge 1 commit into
Open
feat(kyc): validate provider config at boot and expose readiness (#213)#1driftsorbit wants to merge 1 commit into
driftsorbit wants to merge 1 commit into
Conversation
- Add KYC_PROVIDER_URL, KYC_PROVIDER_API_KEY, KYC_PROVIDER_SECRET to the central Zod schema in src/config/index.js; superRefine rejects partial config (URL without key or key without URL) in non-test envs - Update getKycProviderConfig() in kycService.js to read from the validated config module instead of process.env directly - Add checkKycHealth() to health.js: skips when disabled, probes the provider URL via HEAD with Authorization header (key never leaked in response); wire into performHealthChecks() so /ready returns 503 when the provider is unreachable - Document KYC vars in .env.example with pairing requirement - Add tests/kyc.gating.test.js: 15 tests covering valid config, partial- config rejection, disabled passthrough, and degraded /ready state Closes Liquifact#213
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the silent mock-fallback risk described in Liquifact#213.
Changes
src/config/index.js— AddedKYC_PROVIDER_URL,KYC_PROVIDER_API_KEY, andKYC_PROVIDER_SECRETto the central Zod schema. AsuperRefinerule rejects partial config (URL without key, or key without URL) at boot in non-test environments — consistent with the existing Stellar network validation pattern.src/services/kycService.js—getKycProviderConfig()now reads from the validated config module instead ofprocess.envdirectly, with a safe fallback for tests that don't callvalidate().src/services/health.js— AddedcheckKycHealth(): returns{ status: 'disabled' }when the provider is not configured; otherwise probes the provider URL with a lightweightHEADrequest. The API key is sent only in theAuthorizationheader and never appears in the response.performHealthChecks()now runs the KYC check in parallel and factors it into thehealthyboolean, so/readyreturns 503 when the provider is unreachable..env.example— Documented all three KYC vars with the pairing requirement and/readybehaviour.tests/kyc.gating.test.js— 15 tests: valid config, partial-config rejection (URL-only, key-only), test-env bypass, disabled passthrough, healthy probe (200, auth header, HEAD method, 4xx reachable), degraded probe (5xx, network error), and/readydegraded state.Test output
Security notes
NODE_ENV=test.HEADprobe sends no request body, minimising data exposure.