Merge pull request #645 from bcgov/tech-spike-canadapost

CCFRI-4492 - implement Canada Post AddressComplete API

Author: vietle-cgi

.github/workflows/deploy-to-openshift-backend-dev.yml

@@ -179,7 +179,9 @@ jobs:
               ${{ secrets.SOAM_CLIENT_SECRET_IDIR }} \
               ${{ secrets.SPLUNK_TOKEN }} \
               ${{ secrets.REDIS_PASSWORD }} \
-              ${{ secrets.D365_API_PREFIX }}
+              ${{ secrets.D365_API_PREFIX }} \
+              ${{ secrets.CANADA_POST_API_ENDPOINT }} \
+              ${{ secrets.CANADA_POST_API_KEY }} 
 
           # Start rollout of the application
           oc rollout restart deployment/${{ env.APP_NAME }}-${{ env.IMAGE_NAME }}-${{ env.APP_ENVIRONMENT }} 2> /dev/null \
@@ -191,4 +193,4 @@ jobs:
       - name: ZAP Scan
         uses: zaproxy/[email protected]
         with:
-          target: 'https://${{ env.HOST_ROUTE }}/api'
+          target: "https://${{ env.HOST_ROUTE }}/api"

backend/package-lock.json

@@ -39,6 +39,7 @@
     "dotenv": "^8.0.0",
     "express": "^4.21.2",
     "express-prometheus-middleware": "^1.2.0",
+    "express-rate-limit": "^7.5.0",
     "express-session": "^1.18.1",
     "express-validator": "^6.9.2",
     "fast-safe-stringify": "^2.0.7",
@@ -63,6 +64,7 @@
     "path": "0.12.7",
     "puppeteer": "^23.5.0",
     "querystring": "0.2.0",
+    "rate-limit-redis": "^4.2.0",
     "redlock": "^4.2.0",
     "strip-ansi": "^6.0.0",
     "uuid": "^8.3.2",

backend/package.json

@@ -34,7 +34,10 @@ const licenseUploadRouter = require('./routes/licenseUpload');
 const supportingDocumentUploadRouter = require('./routes/supportingDocuments');
 const changeRequestRouter = require('./routes/changeRequest');
 const pdfRouter = require('./routes/pdf');
+const canadaPostRouter = require('./routes/canadaPost');
 const connectRedis = require('connect-redis');
+const { RedisStore } = require('rate-limit-redis');
+const rateLimit = require('express-rate-limit');
 
 const promMid = require('express-prometheus-middleware');
 
@@ -188,6 +191,16 @@ utils.getOidcDiscovery().then((discovery) => {
 passport.serializeUser((user, next) => next(null, user));
 passport.deserializeUser((obj, next) => next(null, obj));
 
+// Setup Rate limit for the number of frontend requests allowed per windowMs to avoid DDOS attack
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+  store: dbSession ? new RedisStore({ sendCommand: (...args) => dbSession.client.call(...args) }) : undefined,
+});
+app.use('/api/canadaPost', limiter);
+
 app.use(morgan(config.get('server:morganFormat'), { stream: logStream }));
 //set up routing to auth and main API
 app.use(/(\/api)?/, apiRouter);
@@ -206,6 +219,7 @@ apiRouter.use('/licenseUpload', licenseUploadRouter);
 apiRouter.use('/supportingDocument', supportingDocumentUploadRouter);
 apiRouter.use('/changeRequest', changeRequestRouter);
 apiRouter.use('/pdf', pdfRouter);
+apiRouter.use('/canadaPost', canadaPostRouter);
 
 //Handle 500 error
 app.use((err, _req, res, next) => {

backend/src/app.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const axios = require('axios');
+const cache = require('memory-cache');
+const config = require('../config/index');
+const log = require('./logger');
+const HttpStatus = require('http-status-codes');
+const { ApiError } = require('./error');
+
+const addressSearchResultsCache = new cache.Cache();
+const ONE_DAY_MS = 24 * 60 * 60 * 1000; // Cache timeout set for one day
+
+/* 
+  The documentation of the Canada Post's AddressComplete API: https://www.canadapost-postescanada.ca/ac/support/api/
+*/
+async function findAddresses(req, res) {
+  try {
+    let url = `${config.get('canadaPostApi:apiEndpoint')}?key=${config.get('canadaPostApi:apiKey')}`;
+
+    if (req?.query?.searchTerm) {
+      const cachedSearchResult = addressSearchResultsCache.get(req?.query?.searchTerm);
+      if (cachedSearchResult) {
+        log.info(`Canada Post findAddresses :: Cache hit for search term: '${req?.query?.searchTerm}'`);
+        return res.status(HttpStatus.OK).json(cachedSearchResult);
+      }
+      url += `&SearchTerm=${req.query.searchTerm}`;
+    }
+
+    if (req?.query?.lastId) {
+      url += `&LastId=${req.query.lastId}`;
+    }
+
+    const headers = {
+      Accept: 'text/plain',
+      'Content-Type': 'application/json',
+    };
+    const response = await axios.get(url, headers);
+    if (req?.query?.searchTerm) {
+      addressSearchResultsCache.put(req?.query?.searchTerm, response.data, ONE_DAY_MS);
+    }
+    log.info(`Canada Post findAddresses :: Cache miss for search term: '${req?.query?.searchTerm}'. Calling AddressComplete API.`);
+    return res.status(HttpStatus.OK).json(response.data);
+  } catch (e) {
+    log.error(e);
+    throw new ApiError(HttpStatus.INTERNAL_SERVER_ERROR, { message: 'API Find error' }, e);
+  }
+}
+
+module.exports = {
+  findAddresses,
+};

backend/src/components/canadaPost.js

@@ -80,7 +80,7 @@ function mapCCFRIObjectForFront(data) {
 }
 
 async function getFacilityByFacilityId(facilityId) {
-  const operation = `accounts(${facilityId})?$select=ccof_accounttype,name,ccof_facilitystartdate,address1_line1,address1_city,address1_stateorprovince,address1_postalcode,ccof_position,emailaddress1,address1_primarycontactname,telephone1,ccof_facilitylicencenumber,ccof_licensestartdate,ccof_formcomplete,ccof_everreceivedfundingundertheccofprogram,ccof_facilityreceived_ccof_funding,accountnumber,ccof_facilitystatus`;
+  const operation = `accounts(${facilityId})?$select=ccof_accounttype,name,ccof_facilitystartdate,address1_line1,address1_city,address1_stateorprovince,address1_postalcode,ccof_position,emailaddress1,address1_primarycontactname,telephone1,ccof_facilitylicencenumber,ccof_licensestartdate,ccof_formcomplete,ccof_everreceivedfundingundertheccofprogram,ccof_facilityreceived_ccof_funding,accountnumber,ccof_facilitystatus,ccof_is_facility_address_entered_manually`;
   const facility = await getOperation(operation);
 
   if (ACCOUNT_TYPE.FACILITY != facility?.ccof_accounttype) {
@@ -92,7 +92,7 @@ async function getFacilityByFacilityId(facilityId) {
 
 async function getFacility(req, res) {
   try {
-    let facility = await getFacilityByFacilityId(req.params.facilityId);
+    const facility = await getFacilityByFacilityId(req.params.facilityId);
 
     if (facility === null) {
       return res.status(HttpStatus.NOT_FOUND).json({ message: 'Account found but is not facility.' });

backend/src/components/facility.js

@@ -6,7 +6,8 @@ dotenv.config();
 
 const env = process.env.NODE_ENV || 'local';
 
-nconf.argv()
+nconf
+  .argv()
   .env()
   .file({ file: path.join(__dirname, `${env}.json`) });
 
@@ -17,12 +18,10 @@ nconf.overrides({
   server: {
     logLevel: process.env.LOG_LEVEL,
     morganFormat: 'dev',
-    port: 8080
-  }
+    port: 8080,
+  },
 });
 
-
-
 nconf.defaults({
   environment: env,
   logoutEndpoint: process.env.SOAM_URL,
@@ -31,15 +30,15 @@ nconf.defaults({
     frontend: process.env.SERVER_FRONTEND,
     logLevel: process.env.LOG_LEVEL,
     morganFormat: 'dev',
-    port: process.env.SERVER_PORT
+    port: process.env.SERVER_PORT,
   },
   oidc: {
     publicKey: process.env.SOAM_PUBLIC_KEY,
     clientId: process.env.SOAM_CLIENT_ID,
     clientSecret: process.env.SOAM_CLIENT_SECRET,
     clientIdIDIR: process.env.SOAM_CLIENT_ID_IDIR,
     clientSecretIDIR: process.env.SOAM_CLIENT_SECRET_IDIR,
-    discovery: process.env.SOAM_DISCOVERY
+    discovery: process.env.SOAM_DISCOVERY,
   },
   secureExchange: {
     apiEndpoint: process.env.CCOF_API_ENDPOINT,
@@ -48,31 +47,34 @@ nconf.defaults({
     privateKey: process.env.UI_PRIVATE_KEY,
     publicKey: process.env.UI_PUBLIC_KEY,
     audience: process.env.SERVER_FRONTEND,
-    issuer: process.env.ISSUER
+    issuer: process.env.ISSUER,
   },
   organization: {
     apiEndpoint: process.env.ORGANIZATION_API_ENDPOINT,
   },
   dynamicsApi: {
-    apiEndpoint: process.env.D365_API_ENDPOINT
+    apiEndpoint: process.env.D365_API_ENDPOINT,
   },
-  messaging:{
-    natsUrl:process.env.NATS_URL,
-    natsCluster:process.env.NATS_CLUSTER
+  messaging: {
+    natsUrl: process.env.NATS_URL,
+    natsCluster: process.env.NATS_CLUSTER,
   },
   ccof: {
     rootURL: process.env.CCOF_API_ENDPOINT,
     organizationUR: process.env.CCOF_API_ENDPOINT + '/organizations',
-    ccofFormURL: process.env.CCOF_API_ENDPOINT + '/ccof'
+    ccofFormURL: process.env.CCOF_API_ENDPOINT + '/ccof',
   },
   redis: {
     use: process.env.USE_REDIS,
     host: process.env.REDIS_HOST,
     port: process.env.REDIS_PORT,
     password: process.env.REDIS_PASSWORD,
     clustered: process.env.REDIS_USE_CLUSTERED,
-    facilityTTL: process.env.REDIS_FACILITY_TTL
-  }
-
+    facilityTTL: process.env.REDIS_FACILITY_TTL,
+  },
+  canadaPostApi: {
+    apiEndpoint: process.env.CANADA_POST_API_ENDPOINT,
+    apiKey: process.env.CANADA_POST_API_KEY,
+  },
 });
 module.exports = nconf;

backend/src/config/index.js

@@ -0,0 +1,24 @@
+const express = require('express');
+const passport = require('passport');
+const router = express.Router();
+const auth = require('../components/auth');
+const isValidBackendToken = auth.isValidBackendToken();
+const { findAddresses } = require('../components/canadaPost');
+const { oneOf, query, validationResult } = require('express-validator');
+
+module.exports = router;
+
+router.get(
+  '/find',
+  passport.authenticate('jwt', { session: false }),
+  isValidBackendToken,
+  oneOf([query('searchTerm').notEmpty(), query('lastId').notEmpty()], {
+    message: 'URL query: [searchTerm or lastId] is required',
+  }),
+  (req, res) => {
+    validationResult(req).throw();
+    return findAddresses(req, res);
+  },
+);
+
+module.exports = router;

backend/src/routes/canadaPost.js

@@ -19,10 +19,9 @@ const OrganizationMappings = [
   // { back: 'ccof_typeoforganization@OData.Community.Display.V1.FormattedValue', front: 'organizationTypeDesc' },
   { back: 'ccof_formcomplete', front: 'isOrganizationComplete' },
   { back: 'ccof_is_mailing_address_same', front: 'isSameAsMailing' },
-  { back: 'ccof_is_mailing_address_same', front: 'isSameAsMailing' },
+  { back: 'ccof_is_org_mailing_address_entered_manually', front: 'isOrgMailingAddressEnteredManually' },
+  { back: 'ccof_is_org_street_address_entered_manually', front: 'isOrgStreetAddressEnteredManually' },
   { back: 'ccof_providername', front: 'nameOfCareProvider' },
-  // { back: 'QQQQQQQQ', front: 'nameOfCareProvider' },
-  // { back: 'QQQQQQQQ', front: 'facilityName' },
 ];
 
 const FacilityMappings = [
@@ -42,9 +41,7 @@ const FacilityMappings = [
   { back: 'ccof_formcomplete', front: 'isFacilityComplete' },
   { back: 'accountnumber', front: 'facilityAccountNumber' },
   { back: '_ccof_change_request_value', front: 'changeRequestId' }, //likely won't stay here
-
-  // XXXXXXXXXXXXX: 'licenseEffectiveDate',
-  // XXXXXXXXXXXXX: 'hasReceivedFunding',
+  { back: 'ccof_is_facility_address_entered_manually', front: 'isFacilityAddressEnteredManually' },
 ];
 
 const CCFRIFacilityMappings = [