Skip to content

Commit

Permalink
EDGPATRON-157: Implement secure endpoints to support congressional loans
Browse files Browse the repository at this point in the history
  • Loading branch information
izhunke committed Dec 5, 2024
1 parent 191d881 commit 4aa5065
Show file tree
Hide file tree
Showing 15 changed files with 1,053 additions and 130 deletions.
36 changes: 22 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,20 +32,28 @@ Configuration information is specified in two forms:

### System Properties

| Property | Default | Description |
|-------------------------------|---------------------|----------------------------------------------------------------------------|
| `port` | `8081` | Server port to listen on |
| `okapi_url` | *required* | Where to find Okapi (URL) |
| `secure_store` | `Ephemeral` | Type of secure store to use. Valid: `Ephemeral`, `AwsSsm`, `Vault` |
| `secure_store_props` | `NA` | Path to a properties file specifying secure store configuration |
| `token_cache_ttl_ms` | `3600000` | How long to cache JWTs, in milliseconds (ms) |
| `null_token_cache_ttl_ms` | `30000` | How long to cache login failures (null JWTs), in milliseconds (ms) |
| `token_cache_capacity` | `100` | Max token cache size |
| `patron_id_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_patron_id_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `patron_id_cache_capacity` | `1000` | Max token cache size |
| `log_level` | `INFO` | Log4j Log Level |
| `request_timeout_ms` | `30000` | Request Timeout |
| Property | Default | Description |
|----------------------------------|---------------------|----------------------------------------------------------------------------|
| `port` | `8081` | Server port to listen on |
| `okapi_url` | *required* | Where to find Okapi (URL) |
| `secure_store` | `Ephemeral` | Type of secure store to use. Valid: `Ephemeral`, `AwsSsm`, `Vault` |
| `secure_store_props` | `NA` | Path to a properties file specifying secure store configuration |
| `token_cache_ttl_ms` | `3600000` | How long to cache JWTs, in milliseconds (ms) |
| `null_token_cache_ttl_ms` | `30000` | How long to cache login failures (null JWTs), in milliseconds (ms) |
| `token_cache_capacity` | `100` | Max token cache size |
| `patron_id_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_patron_id_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `patron_id_cache_capacity` | `1000` | Max token cache size |
| `keycloak_key_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_keycloak_key_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `keycloak_key_cache_capacity` | `1000` | Max token cache size |
| `log_level` | `INFO` | Log4j Log Level |
| `request_timeout_ms` | `30000` | Request Timeout |

### Env variables for secure requests
| Property | Default | Description |
|----------|----------------|------------------------------------------|
| `KC_URL` | `` | Keycloak url for secure token validation |

### Env variables for TLS configuration for Http server

Expand Down
11 changes: 8 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.folio</groupId>
<artifactId>edge-patron</artifactId>
<version>5.3.0-SNAPSHOT</version>
<version>5.3.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>Edge API - Patron Empowerment</name>
Expand Down Expand Up @@ -86,8 +86,13 @@
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
<artifactId>jjwt-impl</artifactId>
<version>0.12.6</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
Expand Down
318 changes: 318 additions & 0 deletions ramls/edge-patron.raml
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,324 @@ types:
body:
text/plain:
example: internal server error, contact administrator
get:
description: (Secure) Return account details for the user provided in access token(x-okapi-token)
queryParameters:
includeLoans:
description: |
Indicates whether or not to include the loans array in
the response
required: false
type: boolean
default: false
includeCharges:
description: |
Indicates whether or not to include the charges array in
the response
required: false
type: boolean
default: false
includeHolds:
description: |
Indicates whether or not to include the holds array in
the response
required: false
type: boolean
default: false
apikey:
description: "API Key"
type: string
sortBy:
description: |
Part of CQL query, indicates the order of records within the lists of holds, charges, loans
example: item.title/sort.ascending
required: false
type: string
offset:
description: |
Skip over a number of elements by specifying an offset value for the query
type: integer
required: false
example: 1
minimum: 0
maximum: 2147483647
limit:
description: |
Limit the number of elements returned in the response
type: integer
required: false
example: 10
minimum: 0
maximum: 2147483647
responses:
200:
description: Returns the user account info
body:
application/json:
type: account
example: !include examples/account.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to get account -- unauthorized
404:
description: Item with a given ID not found
body:
text/plain:
example: account not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
500:
description: Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/item:
/{itemId}:
uriParameters:
itemId:
description: The UUID of a FOLIO item
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/hold:
displayName: Hold Management
description: (Secure) Services that provide hold management
post:
description: |
(Secure) Creates a hold request on an existing item for the user
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold
example: !include examples/hold.json
responses:
201:
description: |
Returns data for a new hold request on the specified item
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to create hold -- unauthorized
404:
description: Item with a given ID not found
body:
text/plain:
example: item not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/allowed-service-points:
displayName: Allowed service points
description: Service that provides a list of allowed pickup service points
get:
description: |
(Secure) Returns a list of pickup service points allowed for a particular patron and instance
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
responses:
200:
description: |
Successfully returns a list of allowed service points
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
422:
description: Validation error
body:
application/json:
type: errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/instance:
/{instanceId}:
uriParameters:
instanceId:
description: The UUID of a FOLIO instance
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/hold:
displayName: Hold Management
description: Services that provide hold management
post:
description: |
(Secure) Creates a hold request on an existing item by instance ID for the user
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold
example: !include examples/hold.json
responses:
201:
description: |
Returns data for a new hold request on the selected item
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to create hold -- unauthorized
404:
description: Instance with a given ID not found
body:
text/plain:
example: item not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
422:
description: Validation error
body:
application/json:
type : errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/allowed-service-points:
displayName: Allowed service points
description: Service that provides a list of allowed pickup service points
get:
description: |
(Secure) Returns a list of pickup service points allowed for a particular patron and instance
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
responses:
200:
description: |
Successfully returns a list of allowed service points
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
422:
description: Validation error
body:
application/json:
type: errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/hold:
displayName: Hold Management
description: Services that provide hold management
/{holdId}:
displayName: Hold Management By Id
description: Services that provide hold management by Id
uriParameters:
holdId:
description: The UUID of a FOLIO hold request
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/cancel:
post:
description: (Secure) Removes the specified hold request
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold-cancellation
example: !include examples/hold-cancellation.json
responses:
201:
description: The specified hold request was removed
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: |
unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to cancel hold -- unauthorized
404:
description: hold with a given ID not found
body:
text/plain:
example: hold not found
403:
description: Access denied
body:
text/plain:
example: access denied
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/external-patrons:
displayName: Get Accounts of External Patrons
description: Get accounts of external patrons based on flag
Expand Down
Loading

0 comments on commit 4aa5065

Please sign in to comment.