Merge pull request #47 from PSNAppz/develop

Added Security Dependency + DB Optimizations

Author: venky-ganapathy

.github/workflows/openapi-push.yml

@@ -23,9 +23,9 @@ jobs:
           python-version: "3.10"
       - name: Install app
         run: |
-          python -m pip install git+https://github.com/openg2p/openg2p-fastapi-common@develop\#subdirectory=openg2p-fastapi-common
-          python -m pip install git+https://github.com/openg2p/openg2p-g2pconnect-common-lib@develop\#subdirectory=openg2p-g2pconnect-common-lib
-          python -m pip install git+https://github.com/openg2p/openg2p-g2pconnect-common-lib@develop\#subdirectory=openg2p-g2pconnect-mapper-lib
+          python -m pip install git+https://github.com/openg2p/openg2p-fastapi-common@1.0.0\#subdirectory=openg2p-fastapi-common
+          python -m pip install git+https://github.com/openg2p/openg2p-g2pconnect-common-lib@1.1.0\#subdirectory=openg2p-g2pconnect-common-lib
+          python -m pip install git+https://github.com/openg2p/openg2p-g2pconnect-common-lib@1.1.0\#subdirectory=openg2p-g2pconnect-mapper-lib
           python -m pip install .
       - name: Generate openapi json
         run: |

Dockerfile

@@ -20,9 +20,9 @@ ADD --chown=${container_user}:${container_user_group} . /app/src
 ADD --chown=${container_user}:${container_user_group} main.py /app
 
 RUN python3 -m pip install \
-  git+https://github.com/openg2p/openg2p-fastapi-common@develop\#subdirectory=openg2p-fastapi-common \
-  git+https://github.com/OpenG2P/openg2p-g2pconnect-common-lib@develop\#subdirectory=openg2p-g2pconnect-common-lib \
-  git+https://github.com/OpenG2P/openg2p-g2pconnect-common-lib@develop\#subdirectory=openg2p-g2pconnect-mapper-lib \
+  git+https://github.com/openg2p/openg2p-fastapi-common@1.0.0\#subdirectory=openg2p-fastapi-common \
+  git+https://github.com/OpenG2P/openg2p-g2pconnect-common-lib@1.1.0\#subdirectory=openg2p-g2pconnect-common-lib \
+  git+https://github.com/OpenG2P/openg2p-g2pconnect-common-lib@1.1.0\#subdirectory=openg2p-g2pconnect-mapper-lib \
   ./src
 
 ENV SPAR_MAPPER_WORKER_TYPE=gunicorn

README.md

@@ -11,3 +11,4 @@ FastAPI based micro service providing Beneficiary ID and Financial Account Mappi
 ## Licenses
 
 This repository is licensed under [MPL-2.0](LICENSE).
+

main.py

@@ -6,10 +6,11 @@
 
 from openg2p_fastapi_common.ping import PingInitializer
 
-main_init = Initializer()
+
+initializer = Initializer()
 PingInitializer()
 
-app = main_init.return_app()
+app = initializer.return_app()
 
 if __name__ == "__main__":
-    main_init.main()
+    initializer.main()

src/openg2p_spar_mapper_api/app.py

@@ -6,6 +6,7 @@
 _config = Settings.get_config()
 
 from openg2p_fastapi_common.app import Initializer as BaseInitializer
+from openg2p_g2pconnect_common_lib.oauth_token import OAuthTokenService
 
 from .controllers import (
     AsyncMapperController,
@@ -18,6 +19,7 @@
     IdFaMappingValidations,
     MapperService,
     RequestValidation,
+    SessionInitializer,
     SyncRequestHelper,
     SyncResponseHelper,
 )
@@ -27,6 +29,8 @@ class Initializer(BaseInitializer):
     def initialize(self, **kwargs):
         super().initialize()
 
+        OAuthTokenService()
+        SessionInitializer()
         MapperService()
         IdFaMappingValidations()
         SyncRequestHelper()

src/openg2p_spar_mapper_api/config.py

@@ -1,6 +1,6 @@
 from typing import Optional
 
-from openg2p_fastapi_common.config import Settings as BaseSettings
+from openg2p_g2pconnect_common_lib.config import Settings as BaseSettings
 from pydantic import AnyUrl
 from pydantic_settings import SettingsConfigDict
 

src/openg2p_spar_mapper_api/controllers/async_mapper_controller.py

@@ -1,9 +1,12 @@
 import asyncio
 import logging
 import uuid
+from typing import Annotated
 
 import httpx
+from fastapi import Depends
 from openg2p_fastapi_common.controller import BaseController
+from openg2p_g2pconnect_common_lib.jwt_signature_validator import JWTSignatureValidator
 from openg2p_g2pconnect_common_lib.schemas import (
     AsyncCallbackRequest,
     AsyncResponse,
@@ -89,8 +92,21 @@ def __init__(self, **kwargs):
             methods=["POST"],
         )
 
-    async def link_async(self, link_request: LinkRequest):
+    async def link_async(
+        self,
+        link_request: LinkRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         correlation_id = str(uuid.uuid4())
+        try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
+        except RequestValidationException as e:
+            error_response = (
+                AsyncResponseHelper.get_component().construct_error_async_response(
+                    link_request, e
+                )
+            )
+            return error_response
         await asyncio.create_task(
             self.handle_service_and_link_callback(link_request, correlation_id, "link")
         )
@@ -99,8 +115,21 @@ async def link_async(self, link_request: LinkRequest):
             correlation_id,
         )
 
-    async def update_async(self, update_request: UpdateRequest):
+    async def update_async(
+        self,
+        update_request: UpdateRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         correlation_id = str(uuid.uuid4())
+        try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
+        except RequestValidationException as e:
+            error_response = (
+                AsyncResponseHelper.get_component().construct_error_async_response(
+                    update_request, e
+                )
+            )
+            return error_response
         await asyncio.create_task(
             self.handle_service_and_update_callback(
                 update_request, correlation_id, "update"
@@ -111,8 +140,21 @@ async def update_async(self, update_request: UpdateRequest):
             correlation_id,
         )
 
-    async def resolve_async(self, resolve_request: ResolveRequest):
+    async def resolve_async(
+        self,
+        resolve_request: ResolveRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         correlation_id = str(uuid.uuid4())
+        try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
+        except RequestValidationException as e:
+            error_response = (
+                AsyncResponseHelper.get_component().construct_error_async_response(
+                    resolve_request, e
+                )
+            )
+            return error_response
         await asyncio.create_task(
             self.handle_service_and_resolve_callback(
                 resolve_request, correlation_id, "resolve"
@@ -123,8 +165,21 @@ async def resolve_async(self, resolve_request: ResolveRequest):
             correlation_id,
         )
 
-    async def unlink_async(self, unlink_request: UnlinkRequest):
+    async def unlink_async(
+        self,
+        unlink_request: UnlinkRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         correlation_id = str(uuid.uuid4())
+        try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
+        except RequestValidationException as e:
+            error_response = (
+                AsyncResponseHelper.get_component().construct_error_async_response(
+                    unlink_request, e
+                )
+            )
+            return error_response
         try:
             RequestValidation.get_component().validate_request(unlink_request)
             RequestValidation.get_component().validate_unlink_async_request_header(
@@ -148,7 +203,10 @@ async def unlink_async(self, unlink_request: UnlinkRequest):
         )
 
     async def handle_service_and_link_callback(
-        self, link_request: LinkRequest, correlation_id: str, action: str
+        self,
+        link_request: LinkRequest,
+        correlation_id: str,
+        action: str,
     ):
         try:
             RequestValidation.get_component().validate_async_request(link_request)

src/openg2p_spar_mapper_api/controllers/sync_mapper_controller.py

@@ -1,4 +1,8 @@
+from typing import Annotated
+
+from fastapi import Depends
 from openg2p_fastapi_common.controller import BaseController
+from openg2p_g2pconnect_common_lib.jwt_signature_validator import JWTSignatureValidator
 from openg2p_g2pconnect_mapper_lib.schemas import (
     LinkRequest,
     LinkResponse,
@@ -55,8 +59,13 @@ def __init__(self, **kwargs):
             methods=["POST"],
         )
 
-    async def link_sync(self, link_request: LinkRequest):
+    async def link_sync(
+        self,
+        link_request: LinkRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
             RequestValidation.get_component().validate_request(link_request)
             RequestValidation.get_component().validate_link_request_header(link_request)
         except RequestValidationException as e:
@@ -75,8 +84,13 @@ async def link_sync(self, link_request: LinkRequest):
             single_link_responses,
         )
 
-    async def update_sync(self, update_request: UpdateRequest):
+    async def update_sync(
+        self,
+        update_request: UpdateRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
             RequestValidation.get_component().validate_request(update_request)
             RequestValidation.get_component().validate_update_request_header(
                 update_request
@@ -99,8 +113,13 @@ async def update_sync(self, update_request: UpdateRequest):
             )
         )
 
-    async def resolve_sync(self, resolve_request: ResolveRequest):
+    async def resolve_sync(
+        self,
+        resolve_request: ResolveRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
             RequestValidation.get_component().validate_request(resolve_request)
             RequestValidation.get_component().validate_resolve_request_header(
                 resolve_request
@@ -123,8 +142,13 @@ async def resolve_sync(self, resolve_request: ResolveRequest):
             )
         )
 
-    async def unlink_sync(self, unlink_request: UnlinkRequest):
+    async def unlink_sync(
+        self,
+        unlink_request: UnlinkRequest,
+        is_signature_valid: Annotated[bool, Depends(JWTSignatureValidator())],
+    ):
         try:
+            RequestValidation.get_component().validate_signature(is_signature_valid)
             RequestValidation.get_component().validate_request(unlink_request)
             RequestValidation.get_component().validate_unlink_request_header(
                 unlink_request

src/openg2p_spar_mapper_api/services/__init__.py

@@ -4,3 +4,4 @@
 from .request_helper import AsyncRequestHelper, SyncRequestHelper
 from .request_validations import RequestValidation
 from .response_helper import AsyncResponseHelper, SyncResponseHelper
+from .session_service import SessionInitializer

src/openg2p_spar_mapper_api/services/id_fa_mapping_validations.py

@@ -94,28 +94,14 @@ async def validate_update_request(
         return None
 
     async def validate_resolve_request(
-        self, connection, single_resolve_request: SingleResolveRequest
+        self, single_resolve_request: SingleResolveRequest
     ) -> None:
         if not single_resolve_request.id and not single_resolve_request.fa:
             raise ResolveValidationException(
                 message="ID is required",
                 status=StatusEnum.rjct,
                 validation_error_type=ResolveStatusReasonCode.rjct_reference_id_invalid,
             )
-
-        result = await connection.execute(
-            select(IdFaMapping).where(
-                IdFaMapping.id_value == single_resolve_request.id,
-            )
-        )
-        resolve_request_from_db = result.first()
-
-        if not resolve_request_from_db:
-            raise ResolveValidationException(
-                message="ID doesnt exist please link first",
-                status=StatusEnum.succ,
-                validation_error_type=ResolveStatusReasonCode.succ_fa_not_linked_to_id,
-            )
         return None
 
     async def validate_unlink_request(