feat: setting xray segment user on api-gateway level

packages/api-gateway/src/Bootstrap/Container.ts

@@ -35,6 +35,8 @@ export class ContainerConfigLoader {
     const container = new Container()
 
     const isConfiguredForHomeServer = env.get('MODE', true) === 'home-server'
+    const isConfiguredForSelfHosting = env.get('MODE', true) === 'self-hosted'
+    const isConfiguredForAWSProduction = !isConfiguredForHomeServer && !isConfiguredForSelfHosting
     const isConfiguredForInMemoryCache = env.get('CACHE_TYPE', true) === 'memory'
 
     const winstonFormatters = [winston.format.splat(), winston.format.json()]
@@ -90,6 +92,9 @@ export class ContainerConfigLoader {
       .bind(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL)
       .toConstantValue(+env.get('CROSS_SERVICE_TOKEN_CACHE_TTL', true))
     container.bind(TYPES.ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER).toConstantValue(isConfiguredForHomeServer)
+    container
+      .bind<boolean>(TYPES.ApiGateway_IS_CONFIGURED_FOR_AWS_PRODUCTION)
+      .toConstantValue(isConfiguredForAWSProduction)
 
     // Middleware
     container

packages/api-gateway/src/Bootstrap/Types.ts

@@ -15,6 +15,7 @@ export const TYPES = {
   ApiGateway_VERSION: Symbol.for('ApiGateway_VERSION'),
   ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL: Symbol.for('ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL'),
   ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER: Symbol.for('ApiGateway_IS_CONFIGURED_FOR_HOME_SERVER'),
+  ApiGateway_IS_CONFIGURED_FOR_AWS_PRODUCTION: Symbol.for('ApiGateway_IS_CONFIGURED_FOR_AWS_PRODUCTION'),
   // Middleware
   ApiGateway_RequiredCrossServiceTokenMiddleware: Symbol.for('ApiGateway_RequiredCrossServiceTokenMiddleware'),
   ApiGateway_OptionalCrossServiceTokenMiddleware: Symbol.for('ApiGateway_OptionalCrossServiceTokenMiddleware'),

packages/api-gateway/src/Controller/AuthMiddleware.ts

@@ -8,6 +8,7 @@ import { Logger } from 'winston'
 
 import { CrossServiceTokenCacheInterface } from '../Service/Cache/CrossServiceTokenCacheInterface'
 import { ServiceProxyInterface } from '../Service/Http/ServiceProxyInterface'
+import { Segment, getSegment } from 'aws-xray-sdk'
 
 export abstract class AuthMiddleware extends BaseMiddleware {
   constructor(
@@ -16,6 +17,7 @@ export abstract class AuthMiddleware extends BaseMiddleware {
     private crossServiceTokenCacheTTL: number,
     private crossServiceTokenCache: CrossServiceTokenCacheInterface,
     private timer: TimerInterface,
+    private isConfiguredForAWSProduction: boolean,
     protected logger: Logger,
   ) {
     super()
@@ -73,6 +75,13 @@ export abstract class AuthMiddleware extends BaseMiddleware {
       response.locals.roles = decodedToken.roles
       response.locals.sharedVaultOwnerContext = decodedToken.shared_vault_owner_context
       response.locals.belongsToSharedVaults = decodedToken.belongs_to_shared_vaults ?? []
+
+      if (this.isConfiguredForAWSProduction) {
+        const segment = getSegment()
+        if (segment instanceof Segment) {
+          segment.setUser(decodedToken.user.uuid)
+        }
+      }
     } catch (error) {
       const errorMessage = (error as AxiosError).isAxiosError
         ? JSON.stringify((error as AxiosError).response?.data)

packages/api-gateway/src/Controller/OptionalCrossServiceTokenMiddleware.ts

@@ -16,9 +16,18 @@ export class OptionalCrossServiceTokenMiddleware extends AuthMiddleware {
     @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
     @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
     @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_IS_CONFIGURED_FOR_AWS_PRODUCTION) isConfiguredForAWSProduction: boolean,
     @inject(TYPES.ApiGateway_Logger) logger: Logger,
   ) {
-    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
+    super(
+      serviceProxy,
+      jwtSecret,
+      crossServiceTokenCacheTTL,
+      crossServiceTokenCache,
+      timer,
+      isConfiguredForAWSProduction,
+      logger,
+    )
   }
 
   protected override handleSessionValidationResponse(

packages/api-gateway/src/Controller/RequiredCrossServiceTokenMiddleware.ts

@@ -16,9 +16,18 @@ export class RequiredCrossServiceTokenMiddleware extends AuthMiddleware {
     @inject(TYPES.ApiGateway_CROSS_SERVICE_TOKEN_CACHE_TTL) crossServiceTokenCacheTTL: number,
     @inject(TYPES.ApiGateway_CrossServiceTokenCache) crossServiceTokenCache: CrossServiceTokenCacheInterface,
     @inject(TYPES.ApiGateway_Timer) timer: TimerInterface,
+    @inject(TYPES.ApiGateway_IS_CONFIGURED_FOR_AWS_PRODUCTION) isConfiguredForAWSProduction: boolean,
     @inject(TYPES.ApiGateway_Logger) logger: Logger,
   ) {
-    super(serviceProxy, jwtSecret, crossServiceTokenCacheTTL, crossServiceTokenCache, timer, logger)
+    super(
+      serviceProxy,
+      jwtSecret,
+      crossServiceTokenCacheTTL,
+      crossServiceTokenCache,
+      timer,
+      isConfiguredForAWSProduction,
+      logger,
+    )
   }
 
   protected override handleSessionValidationResponse(

packages/auth/src/Bootstrap/Container.ts

@@ -747,7 +747,6 @@ export class ContainerConfigLoader {
       .toConstantValue(
         new RequiredCrossServiceTokenMiddleware(
           container.get<TokenDecoderInterface<CrossServiceTokenData>>(TYPES.Auth_CrossServiceTokenDecoder),
-          isConfiguredForAWSProduction && this.mode === 'server',
           container.get<winston.Logger>(TYPES.Auth_Logger),
         ),
       )
@@ -756,7 +755,6 @@ export class ContainerConfigLoader {
       .toConstantValue(
         new OptionalCrossServiceTokenMiddleware(
           container.get<TokenDecoderInterface<CrossServiceTokenData>>(TYPES.Auth_CrossServiceTokenDecoder),
-          isConfiguredForAWSProduction && this.mode === 'server',
           container.get<winston.Logger>(TYPES.Auth_Logger),
         ),
       )

packages/auth/src/Infra/InversifyExpressUtils/Middleware/ApiGatewayAuthMiddleware.ts

@@ -2,12 +2,10 @@ import { CrossServiceTokenData, TokenDecoderInterface } from '@standardnotes/sec
 import { NextFunction, Request, Response } from 'express'
 import { BaseMiddleware } from 'inversify-express-utils'
 import { Logger } from 'winston'
-import { Segment, getSegment } from 'aws-xray-sdk'
 
 export abstract class ApiGatewayAuthMiddleware extends BaseMiddleware {
   constructor(
     private tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>,
-    private isConfiguredForAWSProduction: boolean,
     private logger: Logger,
   ) {
     super()
@@ -41,13 +39,6 @@ export abstract class ApiGatewayAuthMiddleware extends BaseMiddleware {
       response.locals.session = token.session
       response.locals.readOnlyAccess = token.session?.readonly_access ?? false
 
-      if (this.isConfiguredForAWSProduction) {
-        const segment = getSegment()
-        if (segment instanceof Segment) {
-          segment.setUser(token.user.uuid)
-        }
-      }
-
       return next()
     } catch (error) {
       return next(error)

packages/auth/src/Infra/InversifyExpressUtils/Middleware/OptionalCrossServiceTokenMiddleware.ts

@@ -5,12 +5,8 @@ import { Logger } from 'winston'
 import { ApiGatewayAuthMiddleware } from './ApiGatewayAuthMiddleware'
 
 export class OptionalCrossServiceTokenMiddleware extends ApiGatewayAuthMiddleware {
-  constructor(
-    tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>,
-    isConfiguredForAWSProduction: boolean,
-    logger: Logger,
-  ) {
-    super(tokenDecoder, isConfiguredForAWSProduction, logger)
+  constructor(tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>, logger: Logger) {
+    super(tokenDecoder, logger)
   }
 
   protected override handleMissingToken(request: Request, _response: Response, next: NextFunction): boolean {

packages/auth/src/Infra/InversifyExpressUtils/Middleware/RequiredCrossServiceTokenMiddleware.ts

@@ -5,12 +5,8 @@ import { Logger } from 'winston'
 import { ApiGatewayAuthMiddleware } from './ApiGatewayAuthMiddleware'
 
 export class RequiredCrossServiceTokenMiddleware extends ApiGatewayAuthMiddleware {
-  constructor(
-    tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>,
-    isConfiguredForAWSProduction: boolean,
-    logger: Logger,
-  ) {
-    super(tokenDecoder, isConfiguredForAWSProduction, logger)
+  constructor(tokenDecoder: TokenDecoderInterface<CrossServiceTokenData>, logger: Logger) {
+    super(tokenDecoder, logger)
   }
 
   protected override handleMissingToken(request: Request, response: Response, _next: NextFunction): boolean {