feature/addResourceDocsGuardsForHttp4s #2662
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add `Content-Type: application/json` header to all API response mappings in Http4s700 - Use a shared `jsonContentType` value for consistent configuration across routes
…ties - Refactor `getUserAndSessionContextFuture` to prioritize `CallContext` fields over `S.request` for http4s compatibility - Introduce `Http4sResourceDocSupport` with utilities for validation, middleware, and error handling - Remove redundant middleware and unused `CallContext` definition in `Http4s700` - Improve modularity and enable http4s request handling in v7.0.0 API routes
…support - Add ErrorResponseConverter for converting OBP errors to http4s Response[IO] - Add Http4sSupport with CallContext builder and vault keys for request attributes - Add ResourceDocMiddleware for validation chain middleware in http4s - Add Http4sSupport package object with utility functions and type aliases - Update Http4s700 to integrate new middleware and error handling utilities - Remove Http4sResourceDocSupport in favor of consolidated Http4sSupport module - Consolidate Http4s-related utilities into dedicated util/http4s package for better organization and reusability
…l execution settings
- Strip API prefix (/obp/vX.X.X) from request paths before matching against ResourceDoc templates - Add apiPrefixPattern regex to ResourceDocMatcher for consistent path normalization - Refactor ResourceDocMiddleware.apply to properly handle OptionT wrapping - Enhance authentication error handling with proper error response conversion - Improve bank lookup error handling with ErrorResponseConverter integration - Replace manual Response construction with ErrorResponseConverter.createErrorResponse calls - Add JSON parsing fallback for exception messages in authentication flow - Simplify validation chain logic by removing redundant comments and consolidating code paths - Fix flatMap usage in authentication and bank lookup to properly handle IO operations
…and logging - Add debug logging for authentication requirements and error response bodies - Extract needsAuthentication check into variable for clarity and reusability - Improve anonymous access handling to gracefully handle auth errors without failing - Add detailed logging for anonymous access success and failure cases - Update Http4s700 root endpoint to use correct authentication message flag - Remove misleading comment about $UserNotLoggedIn triggering automatic auth check - Enhance error handling in anonymous access path to allow unauthenticated endpoints to function properly
- Add $UserNotLoggedIn to the error response list in apiInfoJSON - Include authentication error handling in API v7.0.0 documentation - Improve API error response completeness for unauthenticated requests
- Add `validatorFutureWithParams` function to validate DirectLogin parameters extracted from CallContext without depending on S.request - Enhance `getUserFromDirectLoginHeaderFuture` to prefer DirectLogin parameters from CallContext (http4s path) and fall back to S.request (Lift path) - Improve `extractDirectLoginParams` to support both new format (DirectLogin header) and old format (Authorization: DirectLogin header) - Enhance `parseDirectLoginHeader` to match Lift's parsing logic with support for quoted and unquoted parameter values - Update Http4s700 API info to remove UserNotLoggedIn error and add canGetRateLimits role requirement - This enables DirectLogin authentication to work seamlessly in http4s context where S.request is unavailable
…hentication improvements - Implement MdcLoggable for structured logging in ResourceDocMiddleware - Update authentication checks to include role validation for unauthenticated users - Replace println statements with logger.debug for better log management - Refactor role authorization logic to improve clarity and error handling - Update Http4s700 API info to include $UserNotLoggedIn in error responses
…k validation - Move role authorization check to execute immediately after authentication - Reorder validation sequence: auth → roles → bank → account → view → counterparty - Remove redundant debug logging for errorResponseBodies - Remove inline comments explaining anonymous access flow - Simplify bank validation logic by removing unnecessary comments - Update validation chain documentation to reflect new execution order - Improve early authorization failure detection before expensive bank lookups
- Implement counterparty existence validation in ResourceDocMiddleware step 6 - Extract BANK_ID, ACCOUNT_ID, and COUNTERPARTY_ID from path parameters - Call NewStyle.function.getCounterpartyTrait with extracted IDs for validation - Handle successful counterparty retrieval with updated CallContext - Convert APIFailureNewStyle exceptions to appropriate error responses - Return 404 CounterpartyNotFound error for invalid counterparty IDs - Add new GET endpoint for retrieving counterparty by ID with middleware - Register ResourceDoc for getCounterpartyByIdWithMiddleware endpoint - Document complete validation chain in endpoint description - Include counterparty endpoint in allRoutes combined route handler - Enables automatic counterparty validation through middleware pipeline
- Introduced centralized properties for hosted organization details, including email, phone, and website. - Updated JSONFactory classes to utilize the new centralized properties instead of direct property retrieval. - Simplified API info JSON generation by reducing redundancy in property access. - Enhanced clarity and maintainability of API information retrieval across different API versions.
- Refactored multiple API classes across various versions to improve code organization and readability. - Centralized common functionalities and reduced redundancy in API implementations. - Enhanced error handling and logging mechanisms for better debugging and traceability. - Updated tests to align with the refactored API structure, ensuring comprehensive coverage and reliability.
…handling - Replace static API info response with dynamic banks retrieval - Add Http4sCallContextBuilder to extract request context and API version - Integrate NewStyle.function.getBanks for fetching bank data from backend - Use IO.fromFuture to handle asynchronous bank retrieval operations - Convert bank data to JSON using JSONFactory400.createBanksJson - Maintain consistent response formatting with jsonContentType header - Enable proper call context propagation through the request lifecycle
…nses - Introduced a new private method to enforce JSON content type on responses. - Added `Content-Type` import and defined a constant for application/json. - Updated response handling to apply JSON content type if not already set.
…in responses - Updated ensureJsonContentType method to use pattern matching for content type validation. - Ensured that responses with a media type of application/json retain their content type. - Simplified response handling logic for better clarity and maintainability.
…tedUserIsRequired - Replaced instances of UserNotLoggedIn with AuthenticatedUserIsRequired across multiple API versions and utility classes. - Updated error response handling in ResourceDocMiddleware and APIUtil to reflect the new authentication requirement. - Ensured consistency in error messages and improved clarity in authentication checks throughout the codebase.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.