feat(auth): move interaction choice to different port

Accept and reject interaction choices should not be exposed. but other routes can and must be
exposed. This is why we need to move the choice routes to different port

BREAKING CHANGE: Routes for accepting and rejecting choice are no longer exposed. Ideally, this must
be done through ASE backend service that checks for authentication / authorization

#2649

packages/auth/src/app.ts

@@ -103,6 +103,7 @@ export type AppContainer = IocContract<AppServices>
 
 export class App {
   private authServer!: Server
+  private authChoiceServer!: Server;
   private introspectionServer!: Server
   private adminServer!: Server
   private logger!: Logger
@@ -330,16 +331,6 @@ export class App {
       interactionRoutes.details
     )
 
-    // Grant accept/reject
-    router.post<DefaultState, ChooseContext>(
-      '/grant/:id/:nonce/:choice',
-      createValidatorMiddleware<ChooseContext>(openApi.idpSpec, {
-        path: '/grant/{id}/{nonce}/{choice}',
-        method: HttpMethod.POST
-      }),
-      interactionRoutes.acceptOrReject
-    )
-
     koa.use(cors())
     koa.keys = [this.config.cookieKey]
     koa.use(
@@ -391,6 +382,44 @@ export class App {
     this.introspectionServer = koa.listen(port)
   }
 
+  public async startAuthChoiceServer(port: number | string): Promise<void> {
+    const koa = await this.createKoaServer();
+
+    const router = new Router<DefaultState, AppContext>();
+    router.use(bodyParser());
+
+    const openApi = await this.container.use('openApi')
+    const interactionRoutes = await this.container.use('interactionRoutes');
+
+    // Grant accept/reject
+    router.post<DefaultState, ChooseContext>(
+      '/grant/:id/:nonce/:choice',
+      createValidatorMiddleware<ChooseContext>(openApi.idpSpec, {
+        path: '/grant/{id}/{nonce}/{choice}',
+        method: HttpMethod.POST
+      }),
+      interactionRoutes.acceptOrReject
+    )
+
+    koa.use(cors())
+    koa.keys = [this.config.cookieKey]
+    koa.use(
+      session(
+        {
+          key: 'sessionId',
+          maxAge: 60 * 1000,
+          signed: true
+        },
+        koa
+      )
+    )
+
+    koa.use(router.middleware())
+    koa.use(router.routes())
+
+    this.authChoiceServer = koa.listen(port);
+  }
+
   private async createKoaServer(): Promise<Koa<Koa.DefaultState, AppContext>> {
     const koa = new Koa<DefaultState, AppContext>({
       proxy: this.config.trustProxy
@@ -427,6 +456,9 @@ export class App {
     if (this.authServer) {
       await this.stopServer(this.authServer)
     }
+    if (this.authChoiceServer) {
+      await this.stopServer(this.authChoiceServer)
+    }
     if (this.adminServer) {
       await this.stopServer(this.adminServer)
     }
@@ -455,6 +487,10 @@ export class App {
     return this.getPort(this.authServer)
   }
 
+  public getAuthChoicePort(): number {
+    return this.getPort(this.authChoiceServer)
+  }
+
   public getIntrospectionPort(): number {
     return this.getPort(this.introspectionServer)
   }

packages/auth/src/config/app.ts

@@ -25,6 +25,7 @@ export const Config = {
   logLevel: envString('LOG_LEVEL', 'info'),
   adminPort: envInt('ADMIN_PORT', 3003),
   authPort: envInt('AUTH_PORT', 3006),
+  authChoiceServer: envInt('AUTH_CHOICE_SERVER', 3009),
   introspectionPort: envInt('INTROSPECTION_PORT', 3007),
   env: envString('NODE_ENV', 'development'),
   trustProxy: envBool('TRUST_PROXY', false),

packages/auth/src/index.ts

@@ -287,6 +287,9 @@ export const start = async (
   await app.startAuthServer(config.authPort)
   logger.info(`Auth server listening on ${app.getAuthPort()}`)
 
+  await app.startAuthChoiceServer(config.authChoiceServer)
+  logger.info(`Auth choice server listening on ${app.getAuthChoicePort()}`)
+
   await app.startIntrospectionServer(config.introspectionPort)
   logger.info(`Introspection server listening on ${app.getIntrospectionPort()}`)
 }