interledger
diff --git a/‎bruno/collections/Rafiki/environments/Local Playground.bru‎
Lines changed: 1 addition & 1 deletion b/‎bruno/collections/Rafiki/environments/Local Playground.bru‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localenv/cloud-nine-wallet/docker-compose.yml‎
Lines changed: 1 addition & 1 deletion b/‎localenv/cloud-nine-wallet/docker-compose.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localenv/happy-life-bank/docker-compose.yml‎
Lines changed: 1 addition & 1 deletion b/‎localenv/happy-life-bank/docker-compose.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/jest.env.js‎
Lines changed: 1 addition & 0 deletions b/‎packages/auth/jest.env.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/auth/migrations/20251007160028_seed_operator_tenant_api_secret.js‎
Lines changed: 46 additions & 0 deletions b/‎packages/auth/migrations/20251007160028_seed_operator_tenant_api_secret.js‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎packages/auth/src/access/service.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/auth/src/access/service.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/src/access/utils.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/auth/src/access/utils.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/src/accessToken/routes.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/auth/src/accessToken/routes.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/src/accessToken/service.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎packages/auth/src/accessToken/service.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/src/app.ts‎
Lines changed: 32 additions & 11 deletions b/‎packages/auth/src/app.ts‎
Lines changed: 32 additions & 11 deletions
@@ -26,7 +26,7 @@ vars {
   backendApiSignatureVersion: 1
   backendApiSignatureSecret: iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964=
   authApiSignatureVersion: 1
-  authApiSignatureSecret: rPoZpe9tVyBNCigm05QDco7WLcYa0xMao7lO5KG1XG4=
+  authApiSignatureSecret: iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964=
   assetIdTigerBeetle: 1
   assetCode: USD
   assetScale: 2
 
@@ -121,7 +121,7 @@ services:
       IDENTITY_SERVER_URL: http://localhost:3030/mock-idp/
       IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=
       COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37
-      ADMIN_API_SECRET: rPoZpe9tVyBNCigm05QDco7WLcYa0xMao7lO5KG1XG4=
+      ADMIN_API_SECRET: iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964=
       OPERATOR_TENANT_ID: 438fa74a-fa7d-4317-9ced-dde32ece1787
       SERVICE_API_PORT: 3011
     depends_on:
 
@@ -113,7 +113,7 @@ services:
       IDENTITY_SERVER_URL: http://localhost:3031/mock-idp/
       IDENTITY_SERVER_SECRET: 2pEcn2kkCclbOHQiGNEwhJ0rucATZhrA807HTm2rNXE=
       COOKIE_KEY: 42397d1f371dd4b8b7d0308a689a57c882effd4ea909d792302542af47e2cd37
-      ADMIN_API_SECRET: rPoZpe9tVyBNCigm05QDco7WLcYa0xMao7lO5KG1XG4=
+      ADMIN_API_SECRET: iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964=
       OPERATOR_TENANT_ID: cf5fd7d3-1eb1-4041-8e43-ba45747e9e5d
       SERVICE_API_PORT: 4011
     depends_on:
 
@@ -5,3 +5,4 @@ process.env.IDENTITY_SERVER_SECRET =
 process.env.AUTH_SERVER_URL = 'http://localhost:3006'
 process.env.IDENTITY_SERVER_URL = 'http://localhost:3030/mock-idp/'
 process.env.OPERATOR_TENANT_ID = 'cf5fd7d3-1eb1-4041-8e43-ba45747e9e5d'
+process.env.ADMIN_API_SECRET = 'iyIgCprjb9uL8wFckR+pLEkJWMB7FJhgkvqhTQR/964='
@@ -0,0 +1,46 @@
+const OPERATOR_TENANT_ID = process.env['OPERATOR_TENANT_ID']
+const ADMIN_API_SECRET = process.env['ADMIN_API_SECRET']
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = function (knex) {
+  if (!OPERATOR_TENANT_ID) {
+    throw new Error(
+      'Could not seed operator tenant API secret. Please configure OPERATOR_TENANT_ID environment variable'
+    )
+  }
+
+  if (!ADMIN_API_SECRET) {
+    throw new Error(
+      'Could not seed operator tenant API secret. Please configure ADMIN_API_SECRET environment variable'
+    )
+  }
+
+  return knex.schema
+    .alterTable('tenants', function (table) {
+      table.string('apiSecret')
+    })
+    .then(() => {
+      return knex.raw(`
+        UPDATE "tenants" SET "apiSecret" = '${ADMIN_API_SECRET}'
+        WHERE "id" = '${OPERATOR_TENANT_ID}'
+    `)
+    })
+    .then(() => {
+      return knex.schema.alterTable('tenants', (table) => {
+        table.string('apiSecret').notNullable().alter()
+      })
+    })
+}
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = function (knex) {
+  return knex.schema.alterTable('tenants', function (table) {
+    table.dropColumn('apiSecret')
+  })
+}
@@ -37,7 +37,7 @@ describe('Access Service', (): void => {
   })
 
   afterEach(async (): Promise<void> => {
-    await truncateTables(appContainer.knex)
+    await truncateTables(deps)
   })
 
   afterAll(async (): Promise<void> => {
 
@@ -69,7 +69,7 @@ describe('Access utilities', (): void => {
   })
 
   afterEach(async (): Promise<void> => {
-    await truncateTables(appContainer.knex)
+    await truncateTables(deps)
   })
 
   afterAll(async (): Promise<void> => {
 
@@ -47,7 +47,7 @@ describe('Access Token Routes', (): void => {
 
   afterEach(async (): Promise<void> => {
     jest.useRealTimers()
-    await truncateTables(appContainer.knex)
+    await truncateTables(deps)
   })
 
   afterAll(async (): Promise<void> => {
 
@@ -37,7 +37,7 @@ describe('Access Token Service', (): void => {
 
   afterEach(async (): Promise<void> => {
     jest.useRealTimers()
-    await truncateTables(appContainer.knex)
+    await truncateTables(deps)
   })
 
   afterAll(async (): Promise<void> => {
 
@@ -53,8 +53,13 @@ import { ApolloArmor } from '@escape.tech/graphql-armor'
 import { Redis } from 'ioredis'
 import { LoggingPlugin } from './graphql/plugin'
 import { gnapServerErrorMiddleware } from './shared/gnapErrors'
-import { verifyApiSignature } from './shared/utils'
+import {
+  authenticatedTenantMiddleware,
+  unauthenticatedTenantMiddleware
+} from './signature/tenant'
 import { TenantService } from './tenant/service'
+import { TenantRoutes } from './tenant/routes'
+import { Tenant } from './tenant/model'
 
 export interface AppContextData extends DefaultContext {
   logger: Logger
@@ -90,6 +95,18 @@ export interface DatabaseCleanupRule {
   defaultExpirationOffsetDays: number
 }
 
+export interface TenantedAppContext extends AppContext {
+  tenantApiSignatureResult: {
+    tenant: Tenant
+    isOperator: boolean
+  }
+}
+
+export interface TenantedApolloContext extends ApolloContext {
+  tenant: Tenant
+  isOperator: boolean
+}
+
 export interface AppServices {
   logger: Promise<Logger>
   knex: Promise<Knex>
@@ -104,6 +121,7 @@ export interface AppServices {
   interactionRoutes: Promise<InteractionRoutes>
   redis: Promise<Redis>
   tenantService: Promise<TenantService>
+  tenantRoutes: Promise<TenantRoutes>
 }
 
 export type AppContainer = IocContract<AppServices>
@@ -218,20 +236,23 @@ export class App {
       }
     )
 
-    if (this.config.adminApiSecret) {
-      koa.use(async (ctx, next: Koa.Next): Promise<void> => {
-        if (!(await verifyApiSignature(ctx, this.config))) {
-          ctx.throw(401, 'Unauthorized')
-        }
-
-        return next()
-      })
-    }
+    // For tests, we still need to get the tenant in the middleware, but
+    // we don't need to verify the signature nor prevent replay attacks
+    koa.use(
+      this.config.env !== 'test'
+        ? authenticatedTenantMiddleware
+        : unauthenticatedTenantMiddleware
+    )
 
     koa.use(
       koaMiddleware(apolloServer, {
-        context: async (): Promise<ApolloContext> => {
+        context: async ({
+          ctx
+        }: {
+          ctx: TenantedAppContext
+        }): Promise<TenantedApolloContext> => {
           return {
+            ...ctx.tenantApiSignatureResult,
             container: this.container,
             logger: await this.container.use('logger')
           }