feature/addResourceDocsGuardsForHttp4s #2662
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add `Content-Type: application/json` header to all API response mappings in Http4s700 - Use a shared `jsonContentType` value for consistent configuration across routes
…ties - Refactor `getUserAndSessionContextFuture` to prioritize `CallContext` fields over `S.request` for http4s compatibility - Introduce `Http4sResourceDocSupport` with utilities for validation, middleware, and error handling - Remove redundant middleware and unused `CallContext` definition in `Http4s700` - Improve modularity and enable http4s request handling in v7.0.0 API routes
…support - Add ErrorResponseConverter for converting OBP errors to http4s Response[IO] - Add Http4sSupport with CallContext builder and vault keys for request attributes - Add ResourceDocMiddleware for validation chain middleware in http4s - Add Http4sSupport package object with utility functions and type aliases - Update Http4s700 to integrate new middleware and error handling utilities - Remove Http4sResourceDocSupport in favor of consolidated Http4sSupport module - Consolidate Http4s-related utilities into dedicated util/http4s package for better organization and reusability
- Strip API prefix (/obp/vX.X.X) from request paths before matching against ResourceDoc templates - Add apiPrefixPattern regex to ResourceDocMatcher for consistent path normalization - Refactor ResourceDocMiddleware.apply to properly handle OptionT wrapping - Enhance authentication error handling with proper error response conversion - Improve bank lookup error handling with ErrorResponseConverter integration - Replace manual Response construction with ErrorResponseConverter.createErrorResponse calls - Add JSON parsing fallback for exception messages in authentication flow - Simplify validation chain logic by removing redundant comments and consolidating code paths - Fix flatMap usage in authentication and bank lookup to properly handle IO operations
…and logging - Add debug logging for authentication requirements and error response bodies - Extract needsAuthentication check into variable for clarity and reusability - Improve anonymous access handling to gracefully handle auth errors without failing - Add detailed logging for anonymous access success and failure cases - Update Http4s700 root endpoint to use correct authentication message flag - Remove misleading comment about $UserNotLoggedIn triggering automatic auth check - Enhance error handling in anonymous access path to allow unauthenticated endpoints to function properly
- Add $UserNotLoggedIn to the error response list in apiInfoJSON - Include authentication error handling in API v7.0.0 documentation - Improve API error response completeness for unauthenticated requests
- Add `validatorFutureWithParams` function to validate DirectLogin parameters extracted from CallContext without depending on S.request - Enhance `getUserFromDirectLoginHeaderFuture` to prefer DirectLogin parameters from CallContext (http4s path) and fall back to S.request (Lift path) - Improve `extractDirectLoginParams` to support both new format (DirectLogin header) and old format (Authorization: DirectLogin header) - Enhance `parseDirectLoginHeader` to match Lift's parsing logic with support for quoted and unquoted parameter values - Update Http4s700 API info to remove UserNotLoggedIn error and add canGetRateLimits role requirement - This enables DirectLogin authentication to work seamlessly in http4s context where S.request is unavailable
…hentication improvements - Implement MdcLoggable for structured logging in ResourceDocMiddleware - Update authentication checks to include role validation for unauthenticated users - Replace println statements with logger.debug for better log management - Refactor role authorization logic to improve clarity and error handling - Update Http4s700 API info to include $UserNotLoggedIn in error responses
…k validation - Move role authorization check to execute immediately after authentication - Reorder validation sequence: auth → roles → bank → account → view → counterparty - Remove redundant debug logging for errorResponseBodies - Remove inline comments explaining anonymous access flow - Simplify bank validation logic by removing unnecessary comments - Update validation chain documentation to reflect new execution order - Improve early authorization failure detection before expensive bank lookups
- Implement counterparty existence validation in ResourceDocMiddleware step 6 - Extract BANK_ID, ACCOUNT_ID, and COUNTERPARTY_ID from path parameters - Call NewStyle.function.getCounterpartyTrait with extracted IDs for validation - Handle successful counterparty retrieval with updated CallContext - Convert APIFailureNewStyle exceptions to appropriate error responses - Return 404 CounterpartyNotFound error for invalid counterparty IDs - Add new GET endpoint for retrieving counterparty by ID with middleware - Register ResourceDoc for getCounterpartyByIdWithMiddleware endpoint - Document complete validation chain in endpoint description - Include counterparty endpoint in allRoutes combined route handler - Enables automatic counterparty validation through middleware pipeline
- Introduced centralized properties for hosted organization details, including email, phone, and website. - Updated JSONFactory classes to utilize the new centralized properties instead of direct property retrieval. - Simplified API info JSON generation by reducing redundancy in property access. - Enhanced clarity and maintainability of API information retrieval across different API versions.
- Refactored multiple API classes across various versions to improve code organization and readability. - Centralized common functionalities and reduced redundancy in API implementations. - Enhanced error handling and logging mechanisms for better debugging and traceability. - Updated tests to align with the refactored API structure, ensuring comprehensive coverage and reliability.
…handling - Replace static API info response with dynamic banks retrieval - Add Http4sCallContextBuilder to extract request context and API version - Integrate NewStyle.function.getBanks for fetching bank data from backend - Use IO.fromFuture to handle asynchronous bank retrieval operations - Convert bank data to JSON using JSONFactory400.createBanksJson - Maintain consistent response formatting with jsonContentType header - Enable proper call context propagation through the request lifecycle
…nses - Introduced a new private method to enforce JSON content type on responses. - Added `Content-Type` import and defined a constant for application/json. - Updated response handling to apply JSON content type if not already set.
…in responses - Updated ensureJsonContentType method to use pattern matching for content type validation. - Ensured that responses with a media type of application/json retain their content type. - Simplified response handling logic for better clarity and maintainability.
…tedUserIsRequired - Replaced instances of UserNotLoggedIn with AuthenticatedUserIsRequired across multiple API versions and utility classes. - Updated error response handling in ResourceDocMiddleware and APIUtil to reflect the new authentication requirement. - Ensured consistency in error messages and improved clarity in authentication checks throughout the codebase.
…dpoint and related ResourceDoc - Commented out the implementation of the getCounterpartyByIdWithMiddleware endpoint and its associated ResourceDoc to prevent its usage. - Updated the allRoutes definition to exclude the commented-out counterparty route, ensuring clarity in the current API structure.
- Add bank, bankAccount, view, and counterparty fields to CallContext case class - Remove individual Vault keys for User, Bank, BankAccount, View, and Counterparty from Http4sRequestAttributes - Simplify Http4sRequestAttributes to store only CallContext in request attributes - Update ResourceDocMiddleware to enrich CallContext with validated entities instead of storing them separately - Remove ValidatedContext case class as validated entities are now part of CallContext - Streamline request attribute management by centralizing all validated data in a single CallContext object - Improves code maintainability and reduces complexity in the validation chain
- Add withCallContext helper method to Http4sSupport for simplified endpoint code - Document use of http4s Vault for type-safe request attributes storage - Clarify that validated entities (bank, bankAccount, view, counterparty) are stored within CallContext - Reorder validation chain in ResourceDocMiddleware to check roles before entity validation - Add special handling for resource-docs endpoint with configurable role requirement - Extract runValidationChain method to support both middleware and endpoint wrapping patterns - Improve authentication error handling with better Box pattern matching - Add comprehensive documentation and usage examples for CallContext extraction - Enhance logging for validation chain execution and debugging
…s extension - Replace withCallContext helper method with implicit RequestOps extension class - Add `req.callContext` syntax for cleaner CallContext extraction in endpoints - Enhance Http4sRequestAttributes documentation with usage examples - Update Http4s700 endpoints to use new implicit CallContext accessor pattern - Remove nested callback pattern in favor of direct implicit CallContext availability - Improve code readability by eliminating withCallContext wrapper boilerplate - Add RequestOps import to Http4s700 for implicit extension method support
…tations - Add EndpointHelpers object with reusable endpoint execution patterns - Implement executeAndRespond helper for Future-based business logic execution - Implement withUser helper to extract and validate User from CallContext - Implement withBank helper to extract and validate Bank from CallContext - Implement withUserAndBank helper for endpoints requiring both User and Bank - Add comprehensive documentation and usage examples for each helper - Import EndpointHelpers in Http4s700 for endpoint implementation - Reduce boilerplate in endpoint implementations by centralizing common patterns - Improve code consistency and maintainability across http4s endpoints
# Conflicts: # .gitignore
…ndling and support utilities - Enhance ErrorResponseConverter documentation with detailed handler descriptions and response format details - Add comprehensive comments explaining error type handling (APIFailureNewStyle, Box Failure, unknown exceptions) - Document correlation-Id header inclusion and HTTP status code mapping in error responses - Simplify error matching logic in toHttp4sResponse using pattern matching - Improve Http4sSupport file documentation with clear component descriptions - Add usage examples for RequestOps implicit class in endpoint implementations - Clarify CallContext storage mechanism using http4s Vault (type-safe key-value store) - Document validated entity storage (user, bank, bankAccount, view, counterparty) within CallContext - Add inline comments explaining ResourceDocMatcher functionality and request matching process - Improve code readability with consistent formatting and clearer method documentation
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.