Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EDGPATRON-157: Implement secure endpoints to support congressional loans #137

Merged
merged 1 commit into from
Dec 9, 2024
Merged

EDGPATRON-157: Implement secure endpoints to support congressional loans #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 22 additions & 14 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,20 +32,28 @@ Configuration information is specified in two forms:

### System Properties

| Property | Default | Description |
|-------------------------------|---------------------|----------------------------------------------------------------------------|
| `port` | `8081` | Server port to listen on |
| `okapi_url` | *required* | Where to find Okapi (URL) |
| `secure_store` | `Ephemeral` | Type of secure store to use. Valid: `Ephemeral`, `AwsSsm`, `Vault` |
| `secure_store_props` | `NA` | Path to a properties file specifying secure store configuration |
| `token_cache_ttl_ms` | `3600000` | How long to cache JWTs, in milliseconds (ms) |
| `null_token_cache_ttl_ms` | `30000` | How long to cache login failures (null JWTs), in milliseconds (ms) |
| `token_cache_capacity` | `100` | Max token cache size |
| `patron_id_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_patron_id_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `patron_id_cache_capacity` | `1000` | Max token cache size |
| `log_level` | `INFO` | Log4j Log Level |
| `request_timeout_ms` | `30000` | Request Timeout |
| Property | Default | Description |
|----------------------------------|---------------------|----------------------------------------------------------------------------|
| `port` | `8081` | Server port to listen on |
| `okapi_url` | *required* | Where to find Okapi (URL) |
| `secure_store` | `Ephemeral` | Type of secure store to use. Valid: `Ephemeral`, `AwsSsm`, `Vault` |
| `secure_store_props` | `NA` | Path to a properties file specifying secure store configuration |
| `token_cache_ttl_ms` | `3600000` | How long to cache JWTs, in milliseconds (ms) |
| `null_token_cache_ttl_ms` | `30000` | How long to cache login failures (null JWTs), in milliseconds (ms) |
| `token_cache_capacity` | `100` | Max token cache size |
| `patron_id_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_patron_id_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `patron_id_cache_capacity` | `1000` | Max token cache size |
| `keycloak_key_cache_ttl_ms` | `3600000` | How long to cache patron ID mappings in milliseconds (ms) |
| `null_keycloak_key_cache_ttl_ms` | `30000` | How long to cache patron lookup failures in milliseconds (ms) |
| `keycloak_key_cache_capacity` | `1000` | Max token cache size |
| `log_level` | `INFO` | Log4j Log Level |
| `request_timeout_ms` | `30000` | Request Timeout |

### Env variables for secure requests
| Property | Default | Description |
|----------|----------------|------------------------------------------|
| `KC_URL` | `` | Keycloak url for secure token validation |

### Env variables for TLS configuration for Http server

Expand Down
9 changes: 7 additions & 2 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,13 @@
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
<artifactId>jjwt-impl</artifactId>
<version>0.12.6</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.6</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
Expand Down
318 changes: 318 additions & 0 deletions ramls/edge-patron.raml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,324 @@ types:
body:
text/plain:
example: internal server error, contact administrator
get:
description: (Secure) Return account details for the user provided in access token(x-okapi-token)
queryParameters:
includeLoans:
description: |
Indicates whether or not to include the loans array in
the response
required: false
type: boolean
default: false
includeCharges:
description: |
Indicates whether or not to include the charges array in
the response
required: false
type: boolean
default: false
includeHolds:
description: |
Indicates whether or not to include the holds array in
the response
required: false
type: boolean
default: false
apikey:
description: "API Key"
type: string
sortBy:
description: |
Part of CQL query, indicates the order of records within the lists of holds, charges, loans
example: item.title/sort.ascending
required: false
type: string
offset:
description: |
Skip over a number of elements by specifying an offset value for the query
type: integer
required: false
example: 1
minimum: 0
maximum: 2147483647
limit:
description: |
Limit the number of elements returned in the response
type: integer
required: false
example: 10
minimum: 0
maximum: 2147483647
responses:
200:
description: Returns the user account info
body:
application/json:
type: account
example: !include examples/account.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to get account -- unauthorized
404:
description: Item with a given ID not found
body:
text/plain:
example: account not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
500:
description: Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/item:
/{itemId}:
uriParameters:
itemId:
description: The UUID of a FOLIO item
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/hold:
displayName: Hold Management
description: (Secure) Services that provide hold management
post:
description: |
(Secure) Creates a hold request on an existing item for the user
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold
example: !include examples/hold.json
responses:
201:
description: |
Returns data for a new hold request on the specified item
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to create hold -- unauthorized
404:
description: Item with a given ID not found
body:
text/plain:
example: item not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/allowed-service-points:
displayName: Allowed service points
description: Service that provides a list of allowed pickup service points
get:
description: |
(Secure) Returns a list of pickup service points allowed for a particular patron and instance
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
responses:
200:
description: |
Successfully returns a list of allowed service points
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
422:
description: Validation error
body:
application/json:
type: errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/instance:
/{instanceId}:
uriParameters:
instanceId:
description: The UUID of a FOLIO instance
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/hold:
displayName: Hold Management
description: Services that provide hold management
post:
description: |
(Secure) Creates a hold request on an existing item by instance ID for the user
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold
example: !include examples/hold.json
responses:
201:
description: |
Returns data for a new hold request on the selected item
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to create hold -- unauthorized
404:
description: Instance with a given ID not found
body:
text/plain:
example: item not found
403:
description: Access Denied
body:
text/plain:
example: Access Denied
422:
description: Validation error
body:
application/json:
type : errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/allowed-service-points:
displayName: Allowed service points
description: Service that provides a list of allowed pickup service points
get:
description: |
(Secure) Returns a list of pickup service points allowed for a particular patron and instance
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
responses:
200:
description: |
Successfully returns a list of allowed service points
body:
application/json:
type: allowedServicePoints
example: !include examples/allowed-service-points-response.json
422:
description: Validation error
body:
application/json:
type: errors
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/hold:
displayName: Hold Management
description: Services that provide hold management
/{holdId}:
displayName: Hold Management By Id
description: Services that provide hold management by Id
uriParameters:
holdId:
description: The UUID of a FOLIO hold request
type: string
pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
/cancel:
post:
description: (Secure) Removes the specified hold request
queryParameters:
apikey:
description: "API Key"
type: string
body:
application/json:
type: hold-cancellation
example: !include examples/hold-cancellation.json
responses:
201:
description: The specified hold request was removed
body:
application/json:
type: hold
example: !include examples/hold.json
400:
description: Bad request
body:
text/plain:
example: |
unable to process request -- constraint violation
401:
description: Not authorized to perform requested action
body:
text/plain:
example: unable to cancel hold -- unauthorized
404:
description: hold with a given ID not found
body:
text/plain:
example: hold not found
403:
description: Access denied
body:
text/plain:
example: access denied
500:
description: |
Internal server error, e.g. due to misconfiguration
body:
text/plain:
example: internal server error, contact administrator
/external-patrons:
displayName: Get Accounts of External Patrons
description: Get accounts of external patrons based on flag
Expand Down
Loading
Loading