Skip to content

Commit

Permalink
PIN-4572 Add PRODUCER_ALLOWED_ORIGINS to createVerifiedAttribute and …
Browse files Browse the repository at this point in the history
…createDeclaredAttribute (#33)
  • Loading branch information
nttdata-rtorsoli authored Feb 28, 2024
1 parent 4fc8d5e commit 7fe574a
Show file tree
Hide file tree
Showing 7 changed files with 26 additions and 14 deletions.
1 change: 1 addition & 0 deletions src/main/resources/application-standalone.conf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ akka {

attribute-registry-process {
port = 8088
producer-allowed-origins = ${PRODUCER_ALLOWED_ORIGINS}
jwt {
audience = ${ACCEPTED_AUDIENCES}
}
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/application.conf
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ akka {

attribute-registry-process {
port = 8088
producer-allowed-origins = ${PRODUCER_ALLOWED_ORIGINS}
jwt {
audience = ${ACCEPTED_AUDIENCES}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import it.pagopa.interop.attributeregistryprocess.common.readmodel.ReadModelRegi
import it.pagopa.interop.attributeregistryprocess.error.ResponseHandlers._
import it.pagopa.interop.attributeregistryprocess.error.AttributeRegistryProcessErrors.{
OrganizationIsNotACertifier,
OriginIsNotCompliant
OriginIsNotAllowed
}
import it.pagopa.interop.attributeregistryprocess.model._
import it.pagopa.interop.attributeregistryprocess.service._
Expand All @@ -27,6 +27,7 @@ import it.pagopa.interop.commons.utils.service.{OffsetDateTimeSupplier, UUIDSupp

import scala.concurrent.{ExecutionContext, Future}
import java.util.UUID
import it.pagopa.interop.attributeregistryprocess.common.system.ApplicationConfiguration

final case class AttributeRegistryApiServiceImpl(
attributeRegistryManagementService: AttributeRegistryManagementService,
Expand All @@ -39,8 +40,6 @@ final case class AttributeRegistryApiServiceImpl(
private implicit val logger: LoggerTakingImplicit[ContextFieldsToLog] =
Logger.takingImplicit[ContextFieldsToLog](this.getClass)

val IPA = "IPA"

private def getCertifier(tenantId: UUID): Future[String] = for {
tenant <- tenantManagementService.getTenantById(tenantId)
certifier = tenant.features
Expand Down Expand Up @@ -141,7 +140,9 @@ final case class AttributeRegistryApiServiceImpl(
private def checkIPAOrganization(contexts: Seq[(String, String)]): Future[Unit] = {
for {
origin <- getExternalIdOriginFuture(contexts)
_ <- if (origin == IPA) Future.unit else Future.failed(OriginIsNotCompliant(IPA))
_ <-
if (ApplicationConfiguration.producerAllowedOrigins.contains(origin)) Future.unit
else Future.failed(OriginIsNotAllowed(origin))
} yield ()
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ import it.pagopa.interop.commons.cqrs.model.ReadModelConfig
object ApplicationConfiguration {
val config: Config = ConfigFactory.load()

val serverPort: Int = config.getInt("attribute-registry-process.port")
val jwtAudience: Set[String] =
val serverPort: Int = config.getInt("attribute-registry-process.port")
val producerAllowedOrigins: Set[String] =
config.getString("attribute-registry-process.producer-allowed-origins").split(",").toSet.filter(_.nonEmpty)
val jwtAudience: Set[String] =
config.getString("attribute-registry-process.jwt.audience").split(",").toSet.filter(_.nonEmpty)

val attributeRegistryManagementURL: String =
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@ object AttributeRegistryProcessErrors {
final case class OrganizationIsNotACertifier(tenantId: UUID)
extends ComponentError("0003", s"Tenant ${tenantId.toString} is not a certifier")

final case class OriginIsNotCompliant(origin: String)
extends ComponentError("0004", s"Requester has not origin: $origin")
final case class OriginIsNotAllowed(origin: String)
extends ComponentError("0004", s"Requester origin: $origin is not allowed")
}
Original file line number Diff line number Diff line change
Expand Up @@ -34,18 +34,18 @@ object ResponseHandlers extends AkkaResponses {
success: T => Route
)(result: Try[T])(implicit contexts: Seq[(String, String)], logger: LoggerTakingImplicit[ContextFieldsToLog]): Route =
result match {
case Success(s) => success(s)
case Failure(ex: OriginIsNotCompliant) => forbidden(ex, logMessage)
case Failure(ex) => internalServerError(ex, logMessage)
case Success(s) => success(s)
case Failure(ex: OriginIsNotAllowed) => forbidden(ex, logMessage)
case Failure(ex) => internalServerError(ex, logMessage)
}

def createVerifiedAttributeResponse[T](logMessage: String)(
success: T => Route
)(result: Try[T])(implicit contexts: Seq[(String, String)], logger: LoggerTakingImplicit[ContextFieldsToLog]): Route =
result match {
case Success(s) => success(s)
case Failure(ex: OriginIsNotCompliant) => forbidden(ex, logMessage)
case Failure(ex) => internalServerError(ex, logMessage)
case Success(s) => success(s)
case Failure(ex: OriginIsNotAllowed) => forbidden(ex, logMessage)
case Failure(ex) => internalServerError(ex, logMessage)
}

def getAttributeByIdResponse[T](logMessage: String)(
Expand Down
7 changes: 7 additions & 0 deletions src/test/resources/application-test.conf
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,19 @@ akka {

attribute-registry-process {
port = 18088
producer-allowed-origins = "IPA"
jwt {
audience = "aud1"
}
services {
attribute-registry-management = "http://localhost:8086/attribute-registry-management/0.0"
}
read-model {
db {
name = "READ_MODEL_DB_NAME"
connection-string = "READ_MODEL_CONNECTION_STRING"
}
}
}

# interop-commons {
Expand Down

0 comments on commit 7fe574a

Please sign in to comment.