diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4d9378657e..245ec0a42c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,10 @@
version: 2
updates:
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 10
- package-ecosystem: npm
directory: "/"
schedule:
diff --git a/.github/workflows/add-documentation-to-repo.yaml b/.github/workflows/add-documentation-to-repo.yaml
index 3abe789b77..1ebf6b0b79 100644
--- a/.github/workflows/add-documentation-to-repo.yaml
+++ b/.github/workflows/add-documentation-to-repo.yaml
@@ -9,31 +9,51 @@ on:
jobs:
runService:
- runs-on: ubuntu-latest
+ name: Run Service
+ runs-on: [self-hosted, Linux, medium, ephemeral]
strategy:
matrix:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
+ - name: Install dependencies
+ run: yarn install
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Config Repo
run: |
git config --global user.name "envision-ci-agent"
git config --global user.email "envision-ci-agent@users.noreply.github.com"
git remote set-url origin https://x-access-token:${{ secrets.DOC_UPDATE_API_KEY }}@github.com/$GITHUB_REPOSITORY
git checkout "${GITHUB_REF:11}"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Build
run: |
yarn
@@ -51,6 +71,7 @@ jobs:
popd
env:
CI: true
+
- name: Run service
run: |
pushd api-gateway
@@ -60,6 +81,7 @@ jobs:
yarn start &
popd
sleep 30
+
- name: Download file
run: |
rm -fv swagger.yaml
diff --git a/.github/workflows/api-manual.yml b/.github/workflows/api-manual.yml
index 3357892219..1b0d764613 100644
--- a/.github/workflows/api-manual.yml
+++ b/.github/workflows/api-manual.yml
@@ -5,7 +5,8 @@ on:
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test (Manual)
+ runs-on: [self-hosted, Linux, medium, ephemeral]
services:
ipfs-node:
image: ipfs/kubo:latest
@@ -21,13 +22,27 @@ jobs:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
- name: Install dependencies
- run: yarn
+ run: yarn install
+
- name: Build packages
run: |
pushd interfaces
@@ -57,14 +72,17 @@ jobs:
pushd api-gateway
yarn run build
popd
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Run Guardian
run: |
pushd notification-service
@@ -110,8 +128,9 @@ jobs:
npm install --force
npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }}" --spec cypress/e2e/api-tests/**/*.cy.js
popd
+
- name: Publish API Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: e2e-tests/cypress/test_results/**/*.xml
diff --git a/.github/workflows/api.yml b/.github/workflows/api.yml
index e46265f772..48e7a917eb 100644
--- a/.github/workflows/api.yml
+++ b/.github/workflows/api.yml
@@ -5,7 +5,8 @@ on:
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test
+ runs-on: [self-hosted, Linux, medium, ephemeral]
services:
ipfs-node:
image: ipfs/kubo:latest
@@ -21,15 +22,29 @@ jobs:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
ref: 'develop'
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
- name: Install dependencies
- run: yarn
+ run: yarn install
+
- name: Build packages
run: |
pushd interfaces
@@ -59,14 +74,17 @@ jobs:
pushd api-gateway
yarn run build
popd
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Run Guardian
run: |
pushd notification-service
@@ -112,8 +130,9 @@ jobs:
npm install --force
npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }}" --spec cypress/e2e/api-tests/**/*.cy.js
popd
+
- name: Publish API Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: e2e-tests/cypress/test_results/**/*.xml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ebb3c36de1..736e5d3a4c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,16 +7,33 @@ on:
- 'dependabot/**'
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test (Manual - Main)
+ runs-on: [self-hosted, Linux, medium, ephemeral]
strategy:
matrix:
node-version: [ 20.10.0 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
+ - name: Install dependencies
+ run: yarn install
+
- name: Build
run: |
yarn
@@ -56,12 +73,14 @@ jobs:
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Detect secrets
run: |
yarn run detect-secrets
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Lint
run: |
pushd interfaces
@@ -94,6 +113,7 @@ jobs:
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Test
run: |
pushd common
@@ -110,8 +130,9 @@ jobs:
NODE_OPTIONS: --openssl-legacy-provider
OPERATOR_ID: ${{ secrets.CI_HEDERA_ACCOUNT }}
OPERATOR_KEY: ${{ secrets.CI_HEDERA_PRIV_KEY }}
+
- name: Publish Unit Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: test_results/**/*.xml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7f8521b698..da5c7f2ea8 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,14 +5,24 @@ on:
release:
types: [published]
+permissions:
+ contents: read
+
jobs:
docker:
- runs-on: ubuntu-latest
+ name: Publish to Docker
+ runs-on: [self-hosted, Linux, medium, ephemeral]
permissions:
id-token: write
contents: read
steps:
- - uses: haya14busa/action-cond@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Conditional values for Github Action
+ uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
id: latestTag
with:
cond: ${{ github.event.release.target_commitish == 'main' }}
@@ -20,27 +30,27 @@ jobs:
if_false: "hotfix"
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: get-npm-version
-
id: package-version
- uses: martinbeentjes/npm-get-version-action@main
+ uses: martinbeentjes/npm-get-version-action@3cf273023a0dda27efcd3164bdfb51908dd46a5b # v1.3.1
with:
path: guardian-service
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- - id: 'auth'
- name: 'Authenticate to Google Cloud'
- uses: 'google-github-actions/auth@v0'
+ - name: Authenticate to Google Cloud
+ id: auth
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
with:
workload_identity_provider: 'projects/101730247931/locations/global/workloadIdentityPools/hedera-registry-pool/providers/hedera-registry-gh-actions'
service_account: 'guardian-publisher@hedera-registry.iam.gserviceaccount.com'
token_format: 'access_token'
- - uses: 'docker/login-action@v1'
+ - name: Docker Login
+ uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: 'gcr.io' # or REGION-docker.pkg.dev
username: 'oauth2accesstoken'
@@ -48,7 +58,7 @@ jobs:
- name: application-events-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./application-events/Dockerfile
@@ -57,7 +67,7 @@ jobs:
- name: application-events
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./application-events/Dockerfile
@@ -66,7 +76,7 @@ jobs:
- name: ai-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./ai-service/Dockerfile
@@ -75,7 +85,7 @@ jobs:
- name: ai-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./ai-service/Dockerfile
@@ -84,7 +94,7 @@ jobs:
- name: logger-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./logger-service/Dockerfile
@@ -93,7 +103,7 @@ jobs:
- name: logger-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./logger-service/Dockerfile
@@ -102,7 +112,7 @@ jobs:
- name: notification-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./notification-service/Dockerfile
@@ -111,7 +121,7 @@ jobs:
- name: notification-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./notification-service/Dockerfile
@@ -120,7 +130,7 @@ jobs:
- name: auth-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile
@@ -129,7 +139,7 @@ jobs:
- name: auth-service-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile.demo
@@ -138,7 +148,7 @@ jobs:
- name: auth-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile
@@ -147,7 +157,7 @@ jobs:
- name: auth-service-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile.demo
@@ -156,7 +166,7 @@ jobs:
- name: api-gateway-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile
@@ -165,7 +175,7 @@ jobs:
- name: api-gateway-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile.demo
@@ -174,7 +184,7 @@ jobs:
- name: api-gateway
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile
@@ -183,7 +193,7 @@ jobs:
- name: api-gateway-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile.demo
@@ -192,7 +202,7 @@ jobs:
- name: policy-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./policy-service/Dockerfile
@@ -201,7 +211,7 @@ jobs:
- name: policy-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./policy-service/Dockerfile
@@ -210,7 +220,7 @@ jobs:
- name: guardian-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./guardian-service/Dockerfile
@@ -219,7 +229,7 @@ jobs:
- name: guardian-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./guardian-service/Dockerfile
@@ -228,7 +238,7 @@ jobs:
- name: worker-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./worker-service/Dockerfile
@@ -237,16 +247,34 @@ jobs:
- name: worker-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./worker-service/Dockerfile
push: true
tags: 'gcr.io/hedera-registry/worker-service:${{ steps.package-version.outputs.current-version}}'
+ - name: queue-service-latest
+ if: ${{ steps.latestTag.outputs.value == 'latest'}}
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+ with:
+ context: .
+ file: ./queue-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/queue-service:${{ steps.package-version.outputs.current-version}}, gcr.io/hedera-registry/queue-service:latest'
+
+ - name: queue-service
+ if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+ with:
+ context: .
+ file: ./queue-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/queue-service:${{ steps.package-version.outputs.current-version}}'
+
- name: topic-viewer-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./topic-viewer/Dockerfile
@@ -255,7 +283,7 @@ jobs:
- name: topic-viewer
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./topic-viewer/Dockerfile
@@ -264,7 +292,7 @@ jobs:
- name: mrv-sender-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./mrv-sender/Dockerfile
@@ -273,7 +301,7 @@ jobs:
- name: mrv-sender
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./mrv-sender/Dockerfile
@@ -282,7 +310,7 @@ jobs:
- name: analytics-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./analytics-service/Dockerfile
@@ -291,7 +319,7 @@ jobs:
- name: analytics-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./analytics-service/Dockerfile
@@ -300,7 +328,7 @@ jobs:
- name: web-proxy-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.ci
@@ -309,7 +337,7 @@ jobs:
- name: web-proxy
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.ci
@@ -318,7 +346,7 @@ jobs:
- name: web-proxy-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.demo
@@ -327,9 +355,81 @@ jobs:
- name: web-proxy-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.demo
push: true
tags: 'gcr.io/hedera-registry/frontend-demo:${{ steps.package-version.outputs.current-version}}'
+
+ - name: indexer-worker-service-latest
+ if: ${{ steps.latestTag.outputs.value == 'latest'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-worker-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-worker-service:${{ steps.package-version.outputs.current-version}}, gcr.io/hedera-registry/indexer-worker-service:latest'
+
+ - name: indexer-worker-service
+ if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-worker-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-worker-service:${{ steps.package-version.outputs.current-version}}'
+
+ - name: indexer-service-latest
+ if: ${{ steps.latestTag.outputs.value == 'latest'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-service:${{ steps.package-version.outputs.current-version}}, gcr.io/hedera-registry/indexer-service:latest'
+
+ - name: indexer-service
+ if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-service/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-service:${{ steps.package-version.outputs.current-version}}'
+
+ - name: indexer-api-gateway-latest
+ if: ${{ steps.latestTag.outputs.value == 'latest'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-api-gateway/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-api-gateway:${{ steps.package-version.outputs.current-version}}, gcr.io/hedera-registry/indexer-api-gateway:latest'
+
+ - name: indexer-api-gateway
+ if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-api-gateway/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-api-gateway:${{ steps.package-version.outputs.current-version}}'
+
+ - name: indexer-web-proxy-latest
+ if: ${{ steps.latestTag.outputs.value == 'latest'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-web-proxy/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-web-proxy:${{ steps.package-version.outputs.current-version}}, gcr.io/hedera-registry/indexer-web-proxy:latest'
+
+ - name: indexer-web-proxy
+ if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: ./indexer-web-proxy/Dockerfile
+ push: true
+ tags: 'gcr.io/hedera-registry/indexer-web-proxy:${{ steps.package-version.outputs.current-version}}'
diff --git a/Methodology Library/CDM/CDM ACM0001/ACM0001.policy b/Methodology Library/CDM/CDM ACM0001/ACM0001.policy
index 04a20e4abc..4cbaadae64 100644
Binary files a/Methodology Library/CDM/CDM ACM0001/ACM0001.policy and b/Methodology Library/CDM/CDM ACM0001/ACM0001.policy differ
diff --git a/Methodology Library/CDM/CDM ACM0001/readme.md b/Methodology Library/CDM/CDM ACM0001/readme.md
index fd7d457e48..a58974555d 100644
--- a/Methodology Library/CDM/CDM ACM0001/readme.md
+++ b/Methodology Library/CDM/CDM ACM0001/readme.md
@@ -10,6 +10,7 @@
- Available Roles
- Key Documents & Schemas
- Token (Carbon Emisison Reduction)
+- Policy Guide
- Workflow
- Step-by-Step
@@ -85,6 +86,10 @@ Monitoring Report – The monitoring report is to be filled out based on the m
Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
+## Policy Guide
+
+Policy IPFS Timestamp: 1719335230.464978003
+
## Policy Workflow
@@ -177,31 +182,3 @@ Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/Methodology Library/CDM/CDM ACM0018/ACM0018.policy b/Methodology Library/CDM/CDM ACM0018/ACM0018.policy
new file mode 100644
index 0000000000..f929455455
Binary files /dev/null and b/Methodology Library/CDM/CDM ACM0018/ACM0018.policy differ
diff --git a/Methodology Library/CDM/CDM ACM0018/readme.md b/Methodology Library/CDM/CDM ACM0018/readme.md
index 89df71db6f..cbb75ec480 100644
--- a/Methodology Library/CDM/CDM ACM0018/readme.md
+++ b/Methodology Library/CDM/CDM ACM0018/readme.md
@@ -93,7 +93,7 @@ Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
## IPFS Timestamp
-Coming Soon
+IPFS Timestamp: 1719335667.470799060
### Step By Step
diff --git a/Methodology Library/CDM/CDM AMS-I.A/CDM AMS-I.A.policy b/Methodology Library/CDM/CDM AMS-I.A/CDM AMS-I.A.policy
new file mode 100644
index 0000000000..cdbcf8b30a
Binary files /dev/null and b/Methodology Library/CDM/CDM AMS-I.A/CDM AMS-I.A.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-I.A/readme.md b/Methodology Library/CDM/CDM AMS-I.A/readme.md
index 9d52eb8c16..5438cf9a44 100644
--- a/Methodology Library/CDM/CDM AMS-I.A/readme.md
+++ b/Methodology Library/CDM/CDM AMS-I.A/readme.md
@@ -76,7 +76,7 @@ Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
## IPFS Timestamp
-Coming Soon
+IPFS Timestamp: 1719335903.250913631
### Step By Step
diff --git a/Methodology Library/CDM/CDM AMS-I.C/CDM AMS-I.C.policy b/Methodology Library/CDM/CDM AMS-I.C/CDM AMS-I.C.policy
new file mode 100644
index 0000000000..4d7e2d8537
Binary files /dev/null and b/Methodology Library/CDM/CDM AMS-I.C/CDM AMS-I.C.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-I.C/readme.md b/Methodology Library/CDM/CDM AMS-I.C/readme.md
index af17e3880d..d5d05d7946 100644
--- a/Methodology Library/CDM/CDM AMS-I.C/readme.md
+++ b/Methodology Library/CDM/CDM AMS-I.C/readme.md
@@ -77,7 +77,7 @@ Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
## IPFS Timestamp
-Coming Soon
+IPFS Timestamp: 1719336093.366124019
### Step By Step
diff --git a/Methodology Library/CDM/CDM AMS-I.F/CDM AMS-I.F Policy.policy b/Methodology Library/CDM/CDM AMS-I.F/CDM AMS-I.F Policy.policy
index 780fcacf07..385f86ad2a 100644
Binary files a/Methodology Library/CDM/CDM AMS-I.F/CDM AMS-I.F Policy.policy and b/Methodology Library/CDM/CDM AMS-I.F/CDM AMS-I.F Policy.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-I.F/readme.md b/Methodology Library/CDM/CDM AMS-I.F/readme.md
index 004679fa3b..05fe5db982 100644
--- a/Methodology Library/CDM/CDM AMS-I.F/readme.md
+++ b/Methodology Library/CDM/CDM AMS-I.F/readme.md
@@ -80,7 +80,7 @@ Certified Emission Reduction (CER) credits, each equivalent to one tonne of CO2.
## IPFS Timestamp
-Coming Soon
+Timestamp: 1719335529.448392003
### Step By Step
diff --git a/Methodology Library/CDM/CDM AMS-III.D/CDM AMS-III.D Policy.policy b/Methodology Library/CDM/CDM AMS-III.D/CDM AMS-III.D Policy.policy
index a507033b23..ca83db1144 100644
Binary files a/Methodology Library/CDM/CDM AMS-III.D/CDM AMS-III.D Policy.policy and b/Methodology Library/CDM/CDM AMS-III.D/CDM AMS-III.D Policy.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-III.D/readme.md b/Methodology Library/CDM/CDM AMS-III.D/readme.md
index 3942179ec3..8214505c80 100644
--- a/Methodology Library/CDM/CDM AMS-III.D/readme.md
+++ b/Methodology Library/CDM/CDM AMS-III.D/readme.md
@@ -55,7 +55,7 @@ In the context of modern emission reduction projects, the necessity for transpar
This policy is published to Hedera network and can either be imported via Github (.policy file) or IPSF timestamp.
-Policy: 1698756329.359347003
+Policy: 1719334564.410514079
### Available Roles
diff --git a/Methodology Library/CDM/CDM AMS-III.F/CDM AMS-III.F Policy.policy b/Methodology Library/CDM/CDM AMS-III.F/CDM AMS-III.F Policy.policy
index bf014dc214..0cece92f94 100644
Binary files a/Methodology Library/CDM/CDM AMS-III.F/CDM AMS-III.F Policy.policy and b/Methodology Library/CDM/CDM AMS-III.F/CDM AMS-III.F Policy.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-III.F/readme.md b/Methodology Library/CDM/CDM AMS-III.F/readme.md
index bbd2f581d5..d3bedaac7f 100644
--- a/Methodology Library/CDM/CDM AMS-III.F/readme.md
+++ b/Methodology Library/CDM/CDM AMS-III.F/readme.md
@@ -62,7 +62,7 @@ AMS-III.F's emphasis on controlled aerobic treatment of organic waste, notably t
## Policy Guide
-This policy is published to Hedera network and can either be imported via Github (.policy file) or IPSF timestamp.
+This policy is published to Hedera network and can either be imported via Github (.policy file) or IPSF timestamp = 1719334768.460755003
### Available Roles
diff --git a/Methodology Library/CDM/CDM AMS-III.H/AMS-III.H.policy b/Methodology Library/CDM/CDM AMS-III.H/AMS-III.H.policy
index bd5afa8bd3..e1426cd51b 100644
Binary files a/Methodology Library/CDM/CDM AMS-III.H/AMS-III.H.policy and b/Methodology Library/CDM/CDM AMS-III.H/AMS-III.H.policy differ
diff --git a/Methodology Library/CDM/CDM AMS-III.H/readme.md b/Methodology Library/CDM/CDM AMS-III.H/readme.md
index 743918ae40..315b7013c5 100644
--- a/Methodology Library/CDM/CDM AMS-III.H/readme.md
+++ b/Methodology Library/CDM/CDM AMS-III.H/readme.md
@@ -50,7 +50,7 @@ In the modern landscape of emission reduction initiatives, transparency and cred
## Policy Guide
-This policy is published to Hedera network and can either be imported via Github (.policy file) or IPSF timestamp.
+This policy is published to Hedera network and can either be imported via Github (.policy file) or IPSF timestamp = 1719334963.305320577
### Available Roles
diff --git a/Methodology Library/CDM/Tools/Tool 01/Tool 01.tool b/Methodology Library/CDM/Tools/Tool 01/Tool 01.tool
new file mode 100644
index 0000000000..1a8e052c27
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 01/Tool 01.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 02/Tool 02.tool b/Methodology Library/CDM/Tools/Tool 02/Tool 02.tool
new file mode 100644
index 0000000000..0993e0086f
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 02/Tool 02.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 03/Tool 03.tool b/Methodology Library/CDM/Tools/Tool 03/Tool 03.tool
new file mode 100644
index 0000000000..d15f8f4c60
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 03/Tool 03.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 04/Tool 04.tool b/Methodology Library/CDM/Tools/Tool 04/Tool 04.tool
new file mode 100644
index 0000000000..9d2396c353
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 04/Tool 04.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 05/Tool 05.tool b/Methodology Library/CDM/Tools/Tool 05/Tool 05.tool
new file mode 100644
index 0000000000..92ed6707c4
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 05/Tool 05.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 06/Tool 06.tool b/Methodology Library/CDM/Tools/Tool 06/Tool 06.tool
new file mode 100644
index 0000000000..5da41e62ea
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 06/Tool 06.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 07/Tool 07.tool b/Methodology Library/CDM/Tools/Tool 07/Tool 07.tool
new file mode 100644
index 0000000000..24aca2e2d5
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 07/Tool 07.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 09/Tool 09.tool b/Methodology Library/CDM/Tools/Tool 09/Tool 09.tool
new file mode 100644
index 0000000000..28cb523729
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 09/Tool 09.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 10/Tool 10.tool b/Methodology Library/CDM/Tools/Tool 10/Tool 10.tool
new file mode 100644
index 0000000000..0e88218ee9
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 10/Tool 10.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 12/Tool 12.tool b/Methodology Library/CDM/Tools/Tool 12/Tool 12.tool
new file mode 100644
index 0000000000..bc508025bc
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 12/Tool 12.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 13/Tool 13.tool b/Methodology Library/CDM/Tools/Tool 13/Tool 13.tool
new file mode 100644
index 0000000000..a2e79c8e94
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 13/Tool 13.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 14/Tool 14.tool b/Methodology Library/CDM/Tools/Tool 14/Tool 14.tool
new file mode 100644
index 0000000000..2623474a56
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 14/Tool 14.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 16/Tool 16.tool b/Methodology Library/CDM/Tools/Tool 16/Tool 16.tool
new file mode 100644
index 0000000000..46677760ed
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 16/Tool 16.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 19/Tool 19.tool b/Methodology Library/CDM/Tools/Tool 19/Tool 19.tool
new file mode 100644
index 0000000000..9771584b26
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 19/Tool 19.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 21/Tool 21.tool b/Methodology Library/CDM/Tools/Tool 21/Tool 21.tool
new file mode 100644
index 0000000000..7e46d1523e
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 21/Tool 21.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 30/Tool 30.tool b/Methodology Library/CDM/Tools/Tool 30/Tool 30.tool
new file mode 100644
index 0000000000..3b46fa2980
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 30/Tool 30.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 32/Tool 32.tool b/Methodology Library/CDM/Tools/Tool 32/Tool 32.tool
new file mode 100644
index 0000000000..d0d8f125d5
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 32/Tool 32.tool differ
diff --git a/Methodology Library/CDM/Tools/Tool 33/Tool 33.tool b/Methodology Library/CDM/Tools/Tool 33/Tool 33.tool
new file mode 100644
index 0000000000..c25b2d3959
Binary files /dev/null and b/Methodology Library/CDM/Tools/Tool 33/Tool 33.tool differ
diff --git a/Methodology Library/CDM/Tools/readme.md b/Methodology Library/CDM/Tools/readme.md
index 6cbed6d453..9269772495 100644
--- a/Methodology Library/CDM/Tools/readme.md
+++ b/Methodology Library/CDM/Tools/readme.md
@@ -16,23 +16,23 @@ Tools are used to calculate, determine, demonstrate, estimate, identify and/or t
| Tool Number | Description | IPFS Timestamp |
|---|---|---:|
-| Tool 1 | Tool for the demonstration and assessment of additionality | 1707834520.92598 |
-| Tool 2 | Tool to identify the baseline scenario and demonstrate additionality | 1706866036.37701 |
-| Tool 3 | Tool to calculate project or leakage CO2 emissions from fossil fuel combustion | 1706867833.67638 |
-| Tool 4 | Tool to Emissions from solid waste disposal sites | 1708005850.45346 |
-| Tool 5 | Tool to calculate baseline, project and/or leakage emissions from electricity consumption and monitoring of electricity generation | 1707833182.5032 |
-| Tool 6 | Tool to calculate project emissions from flaring | 1707068762.88647 |
-| Tool 7 | Tool to calculate the emission factor for an electricity system | 1706867530.88425 |
+| Tool 1 | Tool for the demonstration and assessment of additionality | 1707834520.925981198 |
+| Tool 2 | Tool to identify the baseline scenario and demonstrate additionality | 1706866036.377014003 |
+| Tool 3 | Tool to calculate project or leakage CO2 emissions from fossil fuel combustion | 1706867833.676387003 |
+| Tool 4 | Tool to Emissions from solid waste disposal sites | 1719308234.078552003 |
+| Tool 5 | Tool to calculate baseline, project and/or leakage emissions from electricity consumption and monitoring of electricity generation | 1707833182.503204122 |
+| Tool 6 | Tool to calculate project emissions from flaring | 1707068762.886477003 |
+| Tool 7 | Tool to calculate the emission factor for an electricity system | 1706867530.884259218 |
| Tool 8 | Tool to determine the mass flow of a greenhouse gas in a gaseous stream | |
-| Tool 9 | Tool to determinine the baseline efficiency of thermal or electric energy generation systems | -|
-| Tool 10 | Tool to determine the remaining lifetime of equipment | 1706867224.09846 |
-| Tool 12 | Tool to calculate project and leakage emissions from transportation of freight |1709106946.91315|
-| Tool 13 | Tool to calculate project and leakage emissions from composting |1711359002.029988003|
-| Tool 14 | Tool to calculate project and leakage emissions from anaerobic digesters | 1711360482.771988021 |
-| Tool 16 | Tool to calculate project and leakage emissions from biomass | 1711361537.374647879 |
-| Tool 19 | Tool to perform demonstration of additionality of microscale project activities | 1706869798.17793 |
-| Tool 21 | Tool to perform demonstration of additionality of small-scale project activities 3 | 1706873385.45582 |
-| Tool 22 | Tool to calculate leakage in biomass small-scale project activities | |
-| Tool 30 | Tool to determine calculation of the fraction of non-renewable biomass | 1707417996.17339 |
-| Tool 32 | Tool to determine positive lists of technologies | 1707901421.87317 |
-| Tool 33 | Tool to determine default values for common parameters | 1707915460.49358 |
+| Tool 9 | Tool to determinine the baseline efficiency of thermal or electric energy generation systems | 1713221704.169952003 |
+| Tool 10 | Tool to determine the remaining lifetime of equipment | 1706867224.098467003 |
+| Tool 12 | Tool to calculate project and leakage emissions from transportation of freight | 1709106946.913157840 |
+| Tool 13 | Tool to calculate project and leakage emissions from composting | 1719308448.665936003 |
+| Tool 14 | Tool to calculate project and leakage emissions from anaerobic digesters | 1719310223.735760003 |
+| Tool 16 | Tool to calculate project and leakage emissions from biomass | 1719310525.160214003 |
+| Tool 19 | Tool to perform demonstration of additionality of microscale project activities | 1706869798.177938003 |
+| Tool 21 | Tool to perform demonstration of additionality of small-scale project activities 3 | 1706873385.455822873 |
+| Tool 22 | Tool to calculate leakage in biomass small-scale project activities | |
+| Tool 30 | Tool to determine calculation of the fraction of non-renewable biomass | 1707417996.173398196 |
+| Tool 32 | Tool to determine positive lists of technologies | 1707901421.873176003 |
+| Tool 33 | Tool to determine default values for common parameters | 1707915460.493586896 |
diff --git a/Methodology Library/Global Climate Registry (GCR)/README.md b/Methodology Library/Global Climate Registry (GCR)/README.md
new file mode 100644
index 0000000000..359bb36541
--- /dev/null
+++ b/Methodology Library/Global Climate Registry (GCR)/README.md
@@ -0,0 +1,117 @@
+# GCR Policy Template Methodologies
+
+Global Climate Registry is a carbon registry which leverages Hedera Guardian as a core piece of technology to create customised policies/methodologies and onboard different players in the development of a carbon offset project such as project developers, auditors, credit buyers etc. GCR has create a template policy with a fixed steps flow so that different methodologies can be onboarded by change of schemas.
+
+GCR has created a [Middleware API](https://documenter.getpostman.com/view/23057894/2sA3Bj8ZD8) in order to perform policy operations in Guardian technology and further functionalities using hedera SDK. Apart from registry, GCR has also built social infrastructure to bring the carbon community together on a platform.
+
+## GCR policy template
+
+GCR platform is a one stop solution for carbon offset project creation. It has a step by step process to create a project and onboard different players/users involved in the project's development. Please view our policies subdirectory to get details on specific methodologies.
+
+### Every policy requires three user roles and one optional user role:
+- Standard Registry (Global Climate Regitry)
+- Project Developer/Project Proponent
+- Validation and Verification Body (VVB)/auditor
+- Credit Buyer (Optional)
+
+### Policy Schemas:
+- Project Developer Application
+- VVB Application
+- Project Listing Application
+- Project Design Document
+- Validation Report
+- Monitoring Report
+- Verification Report
+- Registry Final Mint
+
+
+### Policy workflow performed through GCR Guardian Middleware API ([API documentation](https://documenter.getpostman.com/view/23057894/2sA3Bj8ZD8)):
+
+- Project Developer application (PDA) submission by the project developer user role
+- VVB application (VVBA) submission by the VVB user role
+- Project listing application (PLA) with general information of the project to be submitted by the project developer
+- Project design document (PDD) with details, documentation and design of the project that will be executed by the project developer
+- Project developer to assign appropriate VVB for review of the PDD
+- Validation report submission by the assigned VVB after reviewing the project design document
+- After the validation report has been submitted, Project developer will execute the project on ground as per the design and submit Monitoring Report (MR)
+- Project developer will assign appropriate VVB for review of the MR
+- VVB will review the MR and submit a Verification report to the project developer as well as the standard registry
+- Standard Registry to review the Verification Report and issue appropriate amount of carbon credits to the project developer hedera account
+
+GCR is continously improving the GCR Guardian Middleware API and will continue to provide up-to-date changes and latest versions.
+
+## A demo of GCR platform to generate Guardian credits
+
+- Different users will first sign up to the GCR platform and then apply for specific user roles (Project developer/VVB).
+- Once reviewed and approved by the GCR registry then Project developer can go ahead and create a project profile on the plaform by submitting PLA. They can also add all the documents, images, videos etc. about the project on the project profile
+- Project Developer can also create an organisation on the platform to represent their entity.
+- Once the project is approved and published on the platform, the project developer can submit the Project Design Document and the workflow of the policy as mentioned above will be triggered
+
+Below is a demo video of how a project creation, development and credits minting process takes place on the guardian platform.
+
+[](https://www.youtube.com/watch?v=GarMI-1Y-7s&t=528s&ab_channel=StellaZhou)
+
+---
+Since this demo video we have gone through several rounds of improvements and added functionalities. We will be providing a latest demo of the platform soon.
+
+## Policy Versioning
+
+GCR's policies will continue to evolve and new policies are being developed by us, We will do our best effort to update them within this repository.
+
+## GCR Project Workflow Architecture
+
+
+
+
+## GCR Platform Features and Step by Step Project Creation, Execution and carbon credits minting
+
+- General Sign Up/Login to the platform
+
+
+
+- Browse Project or Organisations, Create Posts, Buy Carbon Credits from a particular project ( Once the payment is successful, hedera credits for the project will be transferred to the buyer account)
+
+ Browse Projects
+ 
+
+ Browse/Join organisations
+ 
+
+ Buy Carbon credits from a project
+ 
+
+ Creating Posts/engaging with the community
+ 
+
+
+- Project Creation/Execution
+
+ 1. In order for creation of project, first you will apply for the Project Developer or Validator role. Once approved by the registry admin then project developers can create a project by filling out the project listing application
+
+ 
+
+ 2. Once the project has been approved and published by the registry, PLA will reciprocate on the guardian through out middleware API. Then the Project Developer and Validator can go through the aforementioned flow
+
+ 
+
+ 3. Registry can review at the final step and decide to mint appropriate amount of carbon credits
+
+ 
+
+- Credit Retirement/Certificate
+
+ Carbon Credit owners can purchase/retire tokens through middleware Api where the corresponding carbon credits will be deleted on hedera blockchain
+
+ 
+
+ 
+
+
+
+
+
+
+
+
+
+
diff --git a/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/GCR - GS TPDDTEC v3.1.0.policy b/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/GCR - GS TPDDTEC v3.1.0.policy
new file mode 100644
index 0000000000..35f59853e5
Binary files /dev/null and b/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/GCR - GS TPDDTEC v3.1.0.policy differ
diff --git a/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/README.md b/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/README.md
new file mode 100644
index 0000000000..20736020d7
--- /dev/null
+++ b/Methodology Library/Global Climate Registry (GCR)/policies/GS-TPDDTEC(v3.1.0)/README.md
@@ -0,0 +1,182 @@
+## Table of content
+
+
+- [Table of content](#table-of-content)
+- [Introduction](#introduction)
+- [Demo Video](#demo-video)
+- [Policy Workflow Through GCR platform](#policy-workflow-through-gcr-platform)
+- [Policy Guide](#policy-guide)
+ - [Available Roles](#available-roles)
+ - [Important Documents \& Schemas](#important-documents--schemas)
+ - [Carbon credit](#carbon-credit)
+ - [Step By Step](#step-by-step)
+ - [Project Proponent Flow](#project-developer-flow)
+ - [VVB Flow](#vvb-flow)
+ - [Registry(Global Climate Registry) Flow](#registryglobal-climate-registry-flow)
+- [TODO](#todo)
+
+
+
+## Introduction
+
+According to a report by [Gold Standard](https://www.goldstandard.org/our-story/sector-community-based-energy-efficiency), 1 in every 9 person on the planet has no access to safe, clean water for them or their families and almost one-third of the world is struggling with access to clean cooking technologies. As a result, most people are still reliant on wood or fossil fuel based cookstoves which will attribute to grave GHG emissions in the future.
+
+Improved cookstove projects account for 14 percent of projects on the Voluntary Carbon Market (VCM). These projects continue to be demanding due to their benefits, such as reduced deforestation, reduced fuel consumption etc. Safe Water project type is growing exponentially in popularity as they address issues like water scarcity, water pollution, and public health, making them appealing to both environmental and social impact-focused investors.
+
+Gold Standard's Technologies and Practices to Displace Decentralized Thermal Energy Consumption (TPDDTEC v3.1.0) methodology is applicable to programmes or activities introducing technologies and/or practices that reduce or displace greenhouse gas (GHG) emissions from the thermal energy consumption of households and non-domestic premises. Examples of these technologies include the introduction of improved biomass or fossil fuel cookstoves, ovens, dryers, space and water heaters (solar and otherwise), heat retention cookers, solar cookers, bio-digesters , safe water supply and treatment technologies that displace the boiling of water, thermal insulation in cold climates, etc. Examples of practices include the improved application of such technologies, a shift from non-renewable to renewable fuel (e.g. shift to plant oil fired stoves) , humidity control through improved storage and drying of fuels, etc.
+
+Global Climate Registry (GCR) has built this Guardian Policy that tokenizes the carbon credits after verifying emissions reductions from improved cookstove projects according to Gold standard's TPDDTEC v3.1.0. GCR has digitised the calculation of the Baseline emissions for baseline scenario b in year y, Project emissions for project scenario p in year y, Leakage for project scenario p in year y and Emission reduction for total project activity in year y using formulas defined in the methodology. This Guardian policy, is a reflection of same methodology according to the [Gold standard's typical project lifecycle](https://academy.sustain-cert.com/wp-content/uploads/sites/3/2021/10/GS-Project-Cycle_15042021_Annyta.pdf).
+
+## Demo Video
+
+[Policy worklow demo on GCR](https://www.youtube.com/watch?v=GarMI-1Y-7s&t=528s&ab_channel=StellaZhou)
+
+[Policy worflow on guardian](https://drive.google.com/file/d/1ijr1yanmhVgKagSTaCkMfj13niptvul1/view?usp=sharing)
+
+## Policy Workflow Through GCR Platform
+
+
+
+## Policy Guide
+
+This policy is published to Hedera network and can either be imported via Github(.policy file) or IPSF timestamp.
+
+Hedera Topic (testnet) - [0.0.4234489](https://explore.lworks.io/testnet/topics/0.0.4234489)
+
+### Available Roles
+
+ - Project Developer - Project developer who proposes and executes carbon offset project relevent to the methodology and receives credits
+ - Validation & Verification Body(VVB) - Independent third party who audits project's critical documentation and monitoring reports and submits validation and verification reports before issuance of the credits
+ - Global Climate Registry(GCR) - GCR is the trusted registry overseeing the entire project design, development and execution cycle and issuing the credits.
+
+### Important Documents & Schemas
+
+ 1. Project Developer Application (PDA) - Application submitted by the Project Developer Entity with basic information about the developer.
+ 2. Validation & Verification Body Application (VVBA) - Application submitted by the VVB Entity with basic information about the VVB.
+ 3. Project Listing Application (PLA) - Preliminary design of project highlighting eligibility, additionality and methodology criteria along with stakeholder consultation report
+ 4. Project Design Document (PDD) - Submitted after PID is approved, detailed report on project execution, emissions calculations and sustainable development goals.
+ 5. Validation Report - Report submitted by the VVB after the review of the PDD submitted by the project developer
+ 6. Monitoring Report (MR) - Monitoring report contains analysis on usages on the sample group and estimates carbon avoided/reduced
+ 7. Verification Report - Report submitted by the VVB after the review of the MR submitted by the project developer.
+ 8. Submit Mint - Requesting specified number of credits into Hedera account of the project developer. This step is done by the registry
+
+### Policy Calculations
+
+Formulas have been incorporated in the methodology in order to calculate baseline emissions, project emissions, leakages and total emission reduction of the project in tons. The calculations are to calculate the estimated emission reductions for Project Design Document and actual emission reductions of the project for Monitoring report. (In order for the calculations to be done automatically, the formulas have been incorporated on Global Climate Registry platform)
+
+ 
+
+
+### Carbon credit
+ Carbon credits issued will be a Non-fungible token with 1 NFT equivalent to 1 ton of CO2 offset
+
+ [Example of a minted 1 ton credit NFT](https://explore.lworks.io/testnet/tokens/0.0.4318457/nfts/1)
+
+### Step By Step
+
+
+#### Project Developer Flow
+
+1. Select the project developer role and submit the project developer application
+
+ 
+
+ 
+
+
+2. The project developer can now submit a Project listing Application which is initial details about the project developer entity and the carbon offset project
+
+ 
+
+ 
+
+
+3. Once project is listed, a detailed PDD(project design document) needs to be submitted. This is the most important document highlighting the technical details of project. It includes calculations around baseline, project and leakage scenarios for accurate calculation of avoided emissions. After submitting the PDD, project developer will assign desired VVB for review of this PDD who will then submit a Validation Report in response.
+
+ 
+
+ 
+
+
+4. After VVB has approved the PDD and submitted a Validation Report, project developer will execute the project on ground and submit regular monitoring reports(MR)
+
+ 
+
+ 
+
+ 
+
+
+5. After VVB has approved the PDD and submitted a Validation Report. The credit minting request will be sent to the registry admin. Registry will review the Verification report and choose to mint the amount of credits suggested by the VVB or adjust the amount. Registry admin can also reject the request. Once approved by the registry, minted status will be shown and credits will be issued in the hedera account of the project developer
+
+
+
+#### VVB Flow
+
+VVB is the external independent third party responsible for reviewing Project Design Documents and Monitoring reports submitted by proponents. They can comment and reject/request changes as well.
+
+1. Select the VVB role and submit the Validator and Verification Body application
+
+ 
+
+ 
+
+
+2. Once VVB is created and project developer has assign VVB for PDD review, VVB can review and submit the Validation Report in response if PDD is approved
+
+ 
+
+ 
+
+ 
+
+
+3. After PDD has been approved and validation report has been sent by the VVB, project developer will submit monitoring reports and assign to the VVB for review. VVB can review and submit the Verification report in response of MR if approved. Verification Report will be sent to the project developer as well as the registry admin for review
+
+ 
+
+ 
+
+ 
+
+
+
+#### Registry(Global Climate Registry) Flow
+
+Registry is allowed to publish and edit policy config, schemas, tokens and all the workflow logic associated with it. They are responsible for approving projects, project proponents, VVBs, and credit issue requests.
+
+1. Login into the service using registry credentials.
+
+ 
+
+
+2. Policy Configuration, Schemas and Token
+
+ 
+
+ 
+
+ 
+
+
+5. Once PDD and MR are approved by VVB and VVB has submitted Validation report and Verification report, Registry can review the documents and decide on the amount of credits to be issued/minted to project developer account
+
+ Review Verification Report
+
+ 
+
+ Minting carbon credits
+
+ 
+
+
+7. Once carbon credits are minted to project developer account, an end-to-end trust chain can be viewed by the admin. Since everything is happening transparently on public ledger(Hedera), anyone can trace the source of credits and each step that happened in the process.
+
+ Trust Chain
+
+ 
+
+
+
+## Note
+You can reach out to the policy [author/contributor](https://github.com/saharshkhicha18) for reviewing or reporting issues relevant to this specific policy.
diff --git a/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/GS Rice Methodology Schema Design Review Ready.xlsx b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/GS Rice Methodology Schema Design Review Ready.xlsx
new file mode 100644
index 0000000000..56ca5f4bb2
Binary files /dev/null and b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/GS Rice Methodology Schema Design Review Ready.xlsx differ
diff --git a/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/Gold Standard Rice.policy b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/Gold Standard Rice.policy
new file mode 100644
index 0000000000..a682772cb6
Binary files /dev/null and b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/Gold Standard Rice.policy differ
diff --git a/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/readme.md b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/readme.md
new file mode 100644
index 0000000000..4ffb1c7f04
--- /dev/null
+++ b/Methodology Library/GoldStandard/Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation/readme.md
@@ -0,0 +1,185 @@
+## Table of Contents
+
+
+- Introduction
+- Key Features
+- Potential Impacts & Benefits
+- Demo Video
+- Policy Workflow
+- Policy Guide
+- Available Roles
+- Important Documents & Schemas
+- Token (Verified Emission Reduction)
+- Step by Step
+
+
+
+## Introduction
+
+The Methane Emission Reduction in Rice Cultivation methodology offers a comprehensive approach to mitigating greenhouse gas emissions associated with rice production. Rice cultivation accounts for approximately 8% of agricultural greenhouse gas emissions globally, primarily due to methane emissions. This methodology addresses this issue by implementing various measures to reduce methane generation during rice cultivation.
+
+## Key Features
+
+- Water Regime Optimization: By transitioning from continuously flooded conditions to intermittently flooded conditions or shortening the period of flooded conditions, this methodology reduces the anaerobic decomposition of organic matter, thereby lowering methane emissions.
+- Alternate Wetting and Drying (AWD) Method: AWD method allows for periodic drying and re-flooding of rice fields, creating aerobic conditions that inhibit methane production.
+- Aerobic Rice Cultivation Methods: Adopting aerobic rice cultivation techniques further promotes aerobic conditions in the soil, minimizing methane emissions.
+- Direct-Seeded Rice (DSR) Cultivation: Switching from transplanted to direct-seeded rice helps in reducing methane emissions by altering the water management practices and organic matter decomposition dynamics.
+
+## Potential Impacts and Benefits
+
+- Implementing this methodology not only contributes to mitigating climate change by reducing methane emissions but also offers additional benefits:
+- Income Generation for Farmers: By participating in emission reduction activities, farmers can generate additional income through the sale of carbon credits, contributing to their livelihoods.
+- Corporate Sustainability Goals: Companies can use purchased carbon credits to offset their emissions and meet sustainability targets, including Scope 3 emissions related to their supply chains.
+- Global Food Security: Sustainable rice production practices help safeguard local economies and ensure food security for millions of people worldwide, without compromising agricultural productivity.
+
+## Demo Video
+
+[Youtube](https://www.youtube.com/watch?v=UjngB_hnUUs)
+
+## Policy Workflow
+
+
+
+## Policy Guide
+
+This policy is published to Hedera network and can either be imported via Github (.policy file) or IPFS timestamp.
+
+### Available Roles
+
+- *Project Proponent - The project proponent is responsible for executing the emission reduction project. The project proponent must adhere to the requirements outlined by Gold Standard’s Methodology for Methane Emission Reduction by Adjusted Water Management Practice in Rice Cultivation. Upon successful verification, the project proponent receives VERs as an incentive for their emission reduction activities.
+- Gold Standard Verification and Validation Body (GS-VVB) - The VVB plays a critical role in independently verifying and validating the project data submitted by the project proponent. They thoroughly assess the project's emission reductions potential, methodologies, and adherence to the policy guidelines. Based on their evaluation, the VVB either approves or rejects the project for registration and certification.
+- Registry (Gold Standard) – With Gold Standard as the registry they take on responsibilities that encompass project intake, pipeline management, and final review of project descriptions and monitoring reports. This process ensures that emissions reduction projects meet the highest standards before credits are issued.
+
+## Important Documents & Schemas
+
+- Key Project Information - Key Information regarding the project activities and project developers.
+- Project Design Document - The project design document (PDD) is used by project developers to submit documentation for certification purposes.
+- Stakeholder Consultation – The aim of the stakeholder consultation is to meaningfully engage stakeholders and collect feedback.
+- Emission Reductions – The standard and simplified emission reductions form will collect all data that is required to calculate the projects reductions.
+- Annual Report - An annual report will be submitted with the monitoring report. This annual report will collect information about any changes that have occurred.
+- Monitoring Report – This monitoring report will cover information from all previous schemas allowing the project developer to make updates as needed.
+
+## Token (Verified Emission Reductions)
+
+Verified Emission Reductions (VER), each Gold Standard VER represents one metric ton of carbon dioxide equivalent (CO2e) emissions that the project has reduced or removed.
+
+## Step By Step
+
+1. Log in as the Standard Registry and import the policy either by file or through IPFS timestamp by selecting the third button at the top right.
+
+
+
+
+
+
+
+
+
+2. Once the policy has successfully imported, you will be redirected to the policy configurator. To start using the policy you must first change the status of the policy from “Draft” to “Dry Run” or “Publish”, then select the “Register” or “Go” button. This can be done through the policy configurator page or though the “Manage Policies” page.
+
+
+
+
+
+
+
+3. Create additional users by clicking the “Create User” button.
+
+
+
+4. Once the users have been created go to each one and assign the appropriate role (i.e. Project Proponent, VVB, Technical Advisory Committee and NGO Supporters).
+
+
+
+5. The VVB can provide their name or the name they would like users to see when reviewing projects.
+
+
+
+6. Log in as the SR and select the “Approve VVB” tab to view the documents submitted by the VVB. The SR can approve their request by clicking on the “Approve" button.
+
+
+
+7. Log in as the Project Proponent and create a new project by clicking on the "New Project" button.
+
+
+
+8. You can input all the project details and data associated with the project in the “New Project” form.
+
+
+
+9. The next step is to access the SR profile and include the project in the ”Project pipeline”. This can be achieved by navigating to the "Project Pipeline" tab and clicking on the "List" option.
+
+
+
+10. The Project Proponent assigns the VVB to verify it by navigating to the “Projects” tab and selecting the dropdown under “Assign”.
+
+
+
+11. After successfully assigning the VVB to the project, the next step is to access the VVB profile and click on the "validate" option located in the "Projects" tab. After clicking on the "Validate" button, the VVb needs to add a comment.
+
+
+
+
+
+12. Log in as Project Proponent and create a monitoring report by clicking on the “Add Report” button then fill out the monitoring report form.
+
+
+
+
+
+13. Log in as the VVB and click the “Monitoring Reports” tab to review the document submitted by the Project Proponent. After reviewing the monitoring report by selecting “View Document”, the VVB can select “Verify”.
+
+
+
+14. Log in as the SR to review the monitoring report by selecting the “View Document” button in the “Monitoring Reports” tab. The SR can approve the monitoring report by selecting “Approve”.
+
+
+
+15. After reviewing the monitoring report, the Technical Advisory Committee can provide comments. Log in as theTechnical Advisory Committee and create a comment by clicking on the “Comment” button in the “Monitoring Reports” tab.
+
+
+
+16. Similarly, you can leave comments for the “NGO supporter” profile. Log in as the NGO supporter and create a comment by clicking on the “Comment” button in the “Monitoring Reports” tab.
+
+
+
+17. The SR after approval of the monitoring report can start the minting process by clicking on the “mint” button.
+
+
+
+18. Once the minting process is completed, you can view the token amount by navigating to the “Token History” tab
+
+
+
+19. The TrustChain can also be viewed by clicking on the “View TrustChain” button.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Methodology Library/Hackathon/VMR0006/VMR0006.policy b/Methodology Library/Hackathon/VMR0006/VMR0006.policy
index 6ecb1c9c8f..3fbdcdfd75 100644
Binary files a/Methodology Library/Hackathon/VMR0006/VMR0006.policy and b/Methodology Library/Hackathon/VMR0006/VMR0006.policy differ
diff --git a/Methodology Library/readme.md b/Methodology Library/readme.md
index 628c2531a9..8a18daac35 100644
--- a/Methodology Library/readme.md
+++ b/Methodology Library/readme.md
@@ -14,6 +14,7 @@ This folder contains sub folders for each Methodology and their authors (with ma
- PWRM0001
- PWRM0002
- VM0041
+ - VMR0006 (Coming Soon)
4. DOVU Template Methodologies (10) - DOVU
- Agrecalc
- Cool Farm Tool
@@ -44,10 +45,10 @@ This folder contains sub folders for each Methodology and their authors (with ma
21. CDM AMS-III.AV - Envision
22. CDM AMS-III.H - Envision
23. CDM AMS-I.F - Envision
-24. CDM AMS-I.C (Coming Soon)
-25. CDM ACM0001 (Coming Soon)
-26. CDM ACM0018 (Coming Soon)
-27. CDM AMS-I.A (Coming Soon)
+24. CDM AMS-I.C - Envision
+25. CDM ACM0001 - Envision
+26. CDM ACM0018 - Envision
+27. CDM AMS-I.A - Envision
### Emission Policies
diff --git a/ai-service/.gitignore b/ai-service/.gitignore
index 4b0d8c5b69..e1597c74f3 100644
--- a/ai-service/.gitignore
+++ b/ai-service/.gitignore
@@ -1,3 +1,2 @@
-/faiss-vector
-/data
-
+/faiss-vector/
+/data/
diff --git a/ai-service/package.json b/ai-service/package.json
index e6203a958c..c128978107 100644
--- a/ai-service/package.json
+++ b/ai-service/package.json
@@ -1,13 +1,13 @@
{
"name": "ai-service",
- "version": "2.24.1",
+ "version": "2.26.0",
"main": "dist/app.js",
"license": "Apache-2.0",
"dependencies": {
- "@guardian/common": "^2.24.1",
- "@guardian/interfaces": "^2.24.1",
- "@mikro-orm/core": "^6.1.11",
- "@mikro-orm/mongodb": "^6.1.11",
+ "@guardian/common": "^2.26.0",
+ "@guardian/interfaces": "^2.26.0",
+ "@mikro-orm/core": "6.2.2",
+ "@mikro-orm/mongodb": "6.2.2",
"@nestjs/common": "^9.4.1",
"@nestjs/core": "^9.4.1",
"@types/express": "^4.17.18",
diff --git a/analytics-service/package.json b/analytics-service/package.json
index 49c0e2bc20..614b90d594 100644
--- a/analytics-service/package.json
+++ b/analytics-service/package.json
@@ -13,8 +13,8 @@
},
"author": "Envision Blockchain Solutions ",
"dependencies": {
- "@guardian/common": "^2.24.1",
- "@guardian/interfaces": "^2.24.1",
+ "@guardian/common": "^2.26.0",
+ "@guardian/interfaces": "^2.26.0",
"@nestjs/common": "^9.4.1",
"@nestjs/core": "^9.4.1",
"@nestjs/jwt": "^10.0.3",
@@ -82,5 +82,5 @@
"test": "mocha tests/**/*.test.js --reporter mocha-junit-reporter --reporter-options mochaFile=../test_results/ui-service.xml"
},
"type": "module",
- "version": "2.24.1"
+ "version": "2.26.0"
}
diff --git a/api-gateway/configs/.env.gateway b/api-gateway/configs/.env.gateway
index da59ece3f7..1012391d33 100644
--- a/api-gateway/configs/.env.gateway
+++ b/api-gateway/configs/.env.gateway
@@ -17,3 +17,4 @@ MQ_MAX_PAYLOAD="1048576"
#CACHE
HOST_CACHE='localhost'
PORT_CACHE='6379'
+ENABLE_CACHE='true'
diff --git a/api-gateway/configs/.env.gateway.develop b/api-gateway/configs/.env.gateway.develop
index 0171a49166..390ce9a37a 100644
--- a/api-gateway/configs/.env.gateway.develop
+++ b/api-gateway/configs/.env.gateway.develop
@@ -17,3 +17,4 @@ MQ_MAX_PAYLOAD="1048576"
#CACHE
HOST_CACHE='localhost'
PORT_CACHE='6379'
+ENABLE_CACHE='true'
\ No newline at end of file
diff --git a/api-gateway/configs/.env.gateway.template b/api-gateway/configs/.env.gateway.template
index 24697962cf..cee9d4566f 100644
--- a/api-gateway/configs/.env.gateway.template
+++ b/api-gateway/configs/.env.gateway.template
@@ -17,3 +17,4 @@ MQ_MAX_PAYLOAD=""
#CACHE
HOST_CACHE=''
PORT_CACHE=''
+ENABLE_CACHE='true'
\ No newline at end of file
diff --git a/api-gateway/package.json b/api-gateway/package.json
index c05f8e816e..30b5441e7b 100644
--- a/api-gateway/package.json
+++ b/api-gateway/package.json
@@ -1,82 +1,92 @@
{
- "packageManager": "yarn@1.22.21",
- "resolutions": {
- "@azure/core-rest-pipeline": "1.12.1",
- "image-size": "1.0.2"
- },
- "author": "Envision Blockchain Solutions ",
- "dependencies": {
- "@guardian/common": "^2.24.1",
- "@guardian/interfaces": "^2.24.1",
- "@nestjs/common": "^9.4.1",
- "@nestjs/core": "^9.4.1",
- "@nestjs/jwt": "^10.0.3",
- "@nestjs/microservices": "^9.4.1",
- "@nestjs/platform-express": "^9.4.2",
- "@nestjs/swagger": "^6.3.0",
- "@types/express-fileupload": "^1.4.1",
- "async-mutex": "^0.4.0",
- "axios": "^1.3.6",
- "class-transformer": "^0.5.1",
- "class-validator": "^0.14.0",
- "dotenv": "^16.0.0",
- "express": "^4.17.1",
- "express-fileupload": "^1.4.0",
- "gulp": "^4.0.2",
- "gulp-copy": "^4.0.1",
- "gulp-rename": "^2.0.0",
- "gulp-sourcemaps": "^3.0.0",
- "gulp-typescript": "^6.0.0-alpha.1",
- "hpp": "^0.2.3",
- "http-errors": "^2.0.0",
- "ioredis": "^5.3.2",
- "jsonwebtoken": "^8.5.1",
- "jszip": "^3.7.1",
- "module-alias": "^2.2.2",
- "prom-client": "^14.1.1",
- "prometheus-api-metrics": "3.2.2",
- "reflect-metadata": "^0.1.13",
- "rxjs": "^7.8.1",
- "ws": "^8.2.1",
- "yaml": "^2.3.1",
- "yup": "^1.1.1"
- },
- "description": "",
- "devDependencies": {
- "@types/express": "^4.17.13",
- "@types/gulp": "^4",
- "@types/gulp-rename": "^2",
- "@types/jszip": "^3.4.1",
- "@types/node": "^18.16.0",
- "@types/ws": "^8.2.2",
- "chai": "^4.3.4",
- "cross-env": "^7.0.3",
- "mocha": "^9.2.0",
- "mocha-junit-reporter": "^2.0.2",
- "nodemon": "^2.0.12",
- "rewire": "^6.0.0",
- "sinon": "^15.0.4",
- "tslint": "^6.1.3",
- "typescript": "^4.5.5"
- },
- "files": [
- "dist"
- ],
- "license": "Apache-2.0",
- "main": "dist/index.js",
- "module": "dist/index.js",
- "name": "api-gateway",
- "scripts": {
- "build": "gulp build:demo",
- "build:prod": "gulp build:prod",
- "build:demo": "gulp build:demo",
- "debug": "nodemon dist/index.js",
- "dev:docker": "npm run build && nodemon .",
- "dev": "gulp watch",
- "lint": "tslint --config ../tslint.json --project .",
- "start": "node dist/index.js",
- "test": "mocha tests/**/*.test.js --reporter mocha-junit-reporter --reporter-options mochaFile=../test_results/ui-service.xml"
- },
- "type": "module",
- "version": "2.24.1"
+ "author": "Envision Blockchain Solutions ",
+ "dependencies": {
+ "@fastify/formbody": "^7.4.0",
+ "@fastify/multipart": "^8.2.0",
+ "@fastify/static": "^7.0.0",
+ "@guardian/common": "^2.26.0",
+ "@guardian/interfaces": "^2.26.0",
+ "@nestjs/common": "^9.4.1",
+ "@nestjs/core": "^9.4.1",
+ "@nestjs/jwt": "^10.0.3",
+ "@nestjs/microservices": "^9.4.1",
+ "@nestjs/platform-express": "^9.4.2",
+ "@nestjs/platform-fastify": "^9.4.2",
+ "@nestjs/swagger": "^6.3.0",
+ "@types/express-fileupload": "^1.4.1",
+ "async-mutex": "^0.4.0",
+ "axios": "^1.3.6",
+ "class-transformer": "^0.5.1",
+ "class-validator": "^0.14.0",
+ "dotenv": "^16.0.0",
+ "express": "^4.17.1",
+ "express-fileupload": "^1.4.0",
+ "gulp": "^4.0.2",
+ "gulp-copy": "^4.0.1",
+ "gulp-rename": "^2.0.0",
+ "gulp-sourcemaps": "^3.0.0",
+ "gulp-typescript": "^6.0.0-alpha.1",
+ "hpp": "^0.2.3",
+ "http-errors": "^2.0.0",
+ "ioredis": "^5.3.2",
+ "jsonwebtoken": "^8.5.1",
+ "jszip": "^3.7.1",
+ "module-alias": "^2.2.2",
+ "prom-client": "^14.1.1",
+ "prometheus-api-metrics": "3.2.2",
+ "reflect-metadata": "^0.1.13",
+ "rxjs": "^7.8.1",
+ "ws": "^8.2.1",
+ "yaml": "^2.3.1",
+ "yup": "^1.1.1"
+ },
+ "description": "",
+ "devDependencies": {
+ "@types/express": "^4.17.13",
+ "@types/gulp": "^4",
+ "@types/gulp-rename": "^2",
+ "@types/jszip": "^3.4.1",
+ "@types/node": "^18.16.0",
+ "@types/ws": "^8.2.2",
+ "chai": "^4.3.4",
+ "cross-env": "^7.0.3",
+ "mocha": "^9.2.0",
+ "mocha-junit-reporter": "^2.0.2",
+ "nodemon": "^2.0.12",
+ "rewire": "^6.0.0",
+ "sinon": "^15.0.4",
+ "tslint": "^6.1.3",
+ "typescript": "^4.5.5"
+ },
+ "files": [
+ "dist"
+ ],
+ "imports": {
+ "#auth": "./dist/auth/index.js",
+ "#helpers": "./dist/helpers/index.js",
+ "#middlewares": "./dist/middlewares/index.js",
+ "#constants": "./dist/constants/index.js"
+ },
+ "license": "Apache-2.0",
+ "main": "dist/index.js",
+ "module": "dist/index.js",
+ "name": "api-gateway",
+ "packageManager": "yarn@1.22.21",
+ "resolutions": {
+ "@azure/core-rest-pipeline": "1.12.1",
+ "image-size": "1.0.2"
+ },
+ "scripts": {
+ "build": "gulp build:demo",
+ "build:demo": "gulp build:demo",
+ "build:prod": "gulp build:prod",
+ "debug": "nodemon dist/index.js",
+ "dev": "gulp watch",
+ "dev:docker": "npm run build && nodemon .",
+ "lint": "tslint --config ../tslint.json --project .",
+ "start": "node dist/index.js",
+ "test": "mocha tests/**/*.test.js --reporter mocha-junit-reporter --reporter-options mochaFile=../test_results/ui-service.xml"
+ },
+ "type": "module",
+ "version": "2.26.0"
}
diff --git a/api-gateway/src/api/service/account.ts b/api-gateway/src/api/service/account.ts
index b7da1f3d82..058baf798e 100644
--- a/api-gateway/src/api/service/account.ts
+++ b/api-gateway/src/api/service/account.ts
@@ -1,19 +1,15 @@
-import { Users } from '../../helpers/users.js';
import { IAuthUser, Logger, NotificationHelper } from '@guardian/common';
-import { Guardians } from '../../helpers/guardians.js';
-import { SchemaEntity, UserRole } from '@guardian/interfaces';
-import { PolicyEngine } from '../../helpers/policy-engine.js';
-import { PolicyListResponse } from '../../entities/policy.js';
-import { StandardRegistryAccountResponse } from '../../entities/account.js';
+import { Permissions, PolicyType, SchemaEntity, UserRole } from '@guardian/interfaces';
import { ClientProxy } from '@nestjs/microservices';
import { Body, Controller, Get, Headers, HttpCode, HttpException, HttpStatus, Inject, Post, Req } from '@nestjs/common';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import { AccountsResponseDTO, AccountsSessionResponseDTO, AggregatedDTOItem, BalanceResponseDTO, LoginUserDTO, RegisterUserDTO } from '../../middlewares/validation/schemas/accounts.js';
-import { ApiBearerAuth, ApiExtraModels, ApiForbiddenResponse, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiSecurity, ApiTags, ApiUnauthorizedResponse, getSchemaPath } from '@nestjs/swagger';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
+import { ApiBearerAuth, ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { AccountsResponseDTO, AccountsSessionResponseDTO, AggregatedDTOItem, BalanceResponseDTO, InternalServerErrorDTO, LoginUserDTO, RegisterUserDTO } from '#middlewares';
+import { Auth, AuthUser, checkPermission } from '#auth';
+import { EntityOwner, Guardians, InternalException, PolicyEngine, UseCache, Users } from '#helpers';
+import { PolicyListResponse } from '../../entities/policy.js';
+import { StandardRegistryAccountResponse } from '../../entities/account.js';
import { ApplicationEnvironment } from '../../environment.js';
import { CACHE } from '../../constants/index.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
/**
* User account route
@@ -22,34 +18,33 @@ import { UseCache } from '../../helpers/decorators/cache.js';
@ApiTags('accounts')
export class AccountApi {
- constructor(@Inject('GUARDIANS') public readonly client: ClientProxy) {
- }
+ constructor(@Inject('GUARDIANS') public readonly client: ClientProxy) {
+ }
/**
* getSession
* @param headers
*/
+ @Get('/session')
+ @ApiBearerAuth()
@ApiOperation({
summary: 'Returns current session of the user.',
description: 'Returns current user session.',
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(AccountsSessionResponseDTO),
- },
+ type: AccountsSessionResponseDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiBearerAuth()
- @HttpCode(HttpStatus.OK)
- @Get('/session')
+ @ApiExtraModels(AccountsSessionResponseDTO, InternalServerErrorDTO)
@UseCache()
- async getSession(@Headers() headers: { [key: string]: string }): Promise {
+ @HttpCode(HttpStatus.OK)
+ async getSession(
+ @Headers() headers: { [key: string]: string },
+ ): Promise {
const users = new Users();
try {
const authHeader = headers.authorization;
@@ -58,7 +53,6 @@ export class AccountApi {
} catch (error) {
new Logger().error(error, ['API_GATEWAY']);
return null;
- // throw new HttpException(error.message, HttpStatus.UNAUTHORIZED);
}
}
@@ -66,59 +60,47 @@ export class AccountApi {
* register
* @param body
*/
+ @Post('/register')
@ApiOperation({
summary: 'Registers a new user account.',
description: 'Object that contain username, password and role (optional) fields.',
})
- @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(AccountsResponseDTO),
- },
+ type: AccountsResponseDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO
})
- @Post('/register')
+ @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async register(@Body() body: RegisterUserDTO, @Req() req: any): Promise {
+ async register(
+ @Body() body: RegisterUserDTO,
+ @Req() req: any
+ ): Promise {
const users = new Users();
if (!ApplicationEnvironment.demoMode) {
const authHeader = req.headers.authorization;
const token = authHeader?.split(' ')[1];
- let user;
+ let user: IAuthUser | null;
try {
user = await users.getUserByToken(token) as IAuthUser;
} catch (e) {
user = null;
}
-
if (!user) {
throw new HttpException('UNAUTHORIZED', HttpStatus.UNAUTHORIZED);
}
try {
await checkPermission(UserRole.STANDARD_REGISTRY)(user);
} catch (error) {
- new Logger().error(error.message, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
try {
- const {username, password} = body;
- let {role} = body;
- // @deprecated 2022-10-01
- if (role === 'ROOT_AUTHORITY') {
- role = UserRole.STANDARD_REGISTRY;
- }
- const user = (await users.registerNewUser(
- username,
- password,
- role
- )) as any;
+ const { role, username, password } = body;
+ const user = (await users.registerNewUser(username, password, role));
await NotificationHelper.info(
'Welcome to guardian',
'Next register your account in hedera',
@@ -128,7 +110,7 @@ export class AccountApi {
} catch (error) {
new Logger().error(error, ['API_GATEWAY']);
if (error.message.includes('already exists')) {
- throw new HttpException('An account with the same name already exists.', HttpStatus.INTERNAL_SERVER_ERROR);
+ throw new HttpException(error.message, HttpStatus.CONFLICT);
}
throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
}
@@ -137,28 +119,26 @@ export class AccountApi {
/**
* Login
*/
+ @Post('/login')
@ApiOperation({
summary: 'Logs user into the system.',
})
- @ApiExtraModels(AccountsSessionResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(AccountsSessionResponseDTO),
- },
+ type: AccountsSessionResponseDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/login')
+ @ApiExtraModels(AccountsSessionResponseDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async login(@Body() body: LoginUserDTO): Promise {
- const users = new Users();
+ async login(
+ @Body() body: LoginUserDTO
+ ): Promise {
try {
- const {username, password} = body;
+ const { username, password } = body;
+ const users = new Users();
return await users.generateNewToken(username, password) as any;
} catch (error) {
new Logger().warn(error.message, ['API_GATEWAY']);
@@ -166,22 +146,24 @@ export class AccountApi {
}
}
+ /**
+ * Get Access Token
+ */
+ @Post('access-token')
@ApiOperation({
summary: 'Returns access token.',
description: 'Returns access token.'
})
@ApiOkResponse({
- description: 'Successful operation.',
- // schema: {
- // $ref: getSchemaPath(AccountsResponseDTO),
- // },
+ description: 'Successful operation.'
})
- @Post('access-token')
- async getAccessToken(@Body() body: any): Promise {
+ async getAccessToken(
+ @Body() body: any
+ ): Promise {
try {
- const {refreshToken} = body;
+ const { refreshToken } = body;
const users = new Users();
- const {accessToken} = await users.generateNewAccessToken(refreshToken);
+ const { accessToken } = await users.generateNewAccessToken(refreshToken);
if (!accessToken) {
throw new HttpException('UNAUTHORIZED', HttpStatus.UNAUTHORIZED);
}
@@ -196,238 +178,169 @@ export class AccountApi {
/**
* Accounts
*/
+ @Get('/')
+ @Auth(
+ Permissions.ACCOUNTS_ACCOUNT_READ
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Returns a list of users, excluding Standard Registry and Auditors.',
description: 'Returns all users except those with roles Standard ' +
'Registry and Auditor. Only users with the Standard ' +
'Registry role are allowed to make the request.',
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(AccountsResponseDTO),
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: AccountsResponseDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- // @UseGuards(AuthGuard)
- @HttpCode(HttpStatus.OK)
- @Get()
+ @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
@UseCache()
- async getAllAccounts(@Req() req): Promise {
- // await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const authHeader = req.headers.authorization;
- const token = authHeader?.split(' ')[1];
- const users = new Users();
- let user;
- try {
- user = await users.getUserByToken(token) as IAuthUser;
- } catch (e) {
- user = null;
- }
-
- if (!user) {
- throw new HttpException('UNAUTHORIZED', HttpStatus.UNAUTHORIZED);
- }
+ @HttpCode(HttpStatus.OK)
+ async getAllAccounts(): Promise {
try {
- await checkPermission(UserRole.STANDARD_REGISTRY)(user);
- return await users.getAllUserAccounts() as any[];
+ return await (new Users()).getAllUserAccounts();
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * Get SAs
+ * Get Standard Registries
*/
+ @Get('/standard-registries')
+ @Auth(
+ Permissions.ACCOUNTS_STANDARD_REGISTRY_READ
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Returns all Standard Registries.',
description: 'Returns all Standard Registries.'
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(AccountsResponseDTO),
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: AccountsResponseDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/standard-registries')
+ @ApiExtraModels(AccountsResponseDTO, InternalServerErrorDTO)
+ // @UseCache()
@HttpCode(HttpStatus.OK)
- @UseCache()
- async getStandatdRegistries(@Req() req): Promise {
- const authHeader = req.headers.authorization;
- const token = authHeader?.split(' ')[1];
- const users = new Users();
- let user;
+ async getStandardRegistries(): Promise {
try {
- user = await users.getUserByToken(token) as IAuthUser;
- } catch (e) {
- throw new HttpException(e.message, HttpStatus.UNAUTHORIZED);
- }
- if (!user) {
- throw new HttpException('UNAUTHORIZED', HttpStatus.UNAUTHORIZED);
- }
- try {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER, UserRole.AUDITOR)(user);
- } catch (e) {
- throw new HttpException(e.message, HttpStatus.FORBIDDEN);
- }
- try {
- return await users.getAllStandardRegistryAccounts();
+ return await (new Users()).getAllStandardRegistryAccounts();
} catch (error) {
- new Logger().error(error.message, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * Get aggregated SAs
+ * Get aggregated standard registries
*/
+ @Get('/standard-registries/aggregated')
+ @Auth(
+ Permissions.ACCOUNTS_STANDARD_REGISTRY_READ
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Returns all Standard Registries aggregated with polices and vcDocuments.',
description: 'Returns all Standard Registries aggregated with polices and vcDocuments'
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(AggregatedDTOItem, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- type: 'array',
- items: {
- '$ref': getSchemaPath(AggregatedDTOItem)
- }
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ isArray: true,
+ type: AggregatedDTOItem
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/standard-registries/aggregated')
+ @ApiExtraModels(AggregatedDTOItem, InternalServerErrorDTO)
+ // @UseCache()
@HttpCode(HttpStatus.OK)
- @UseCache()
async getAggregatedStandardRegistries(): Promise {
const engineService = new PolicyEngine();
const guardians = new Guardians();
try {
const users = new Users();
const standardRegistries = await users.getAllStandardRegistryAccounts() as StandardRegistryAccountResponse[];
- const promises = standardRegistries.filter(({did, username}) => !!did && !!username)
- .map(async ({did, username}) => {
- let vcDocument = {};
- const user = await users.getUser(username);
- const vcDocuments = await guardians.getVcDocuments({
- owner: did,
- type: SchemaEntity.STANDARD_REGISTRY
- });
- if (vcDocuments && vcDocuments.length) {
- vcDocument = vcDocuments[vcDocuments.length - 1];
- }
- const { policies } = await engineService.getPolicies(
- { filters: { owner: did }, userDid: did }
- ) as PolicyListResponse;
- return {
- did,
- vcDocument,
- policies,
- username,
- hederaAccountId: user.hederaAccountId
- }
+ const promises = standardRegistries
+ .filter(({ did, username }) => !!did && !!username)
+ .map(async ({ did, username }) => {
+ let vcDocument = {};
+ const user = await users.getUser(username);
+ const vcDocuments = await guardians.getVcDocuments({
+ owner: did,
+ type: SchemaEntity.STANDARD_REGISTRY
+ });
+ if (vcDocuments && vcDocuments.length) {
+ vcDocument = vcDocuments[vcDocuments.length - 1];
+ }
+
+ const { policies } = await engineService.getPolicies(
+ {
+ filters: {
+ status: { $in: [PolicyType.PUBLISH, PolicyType.DISCONTINUED] }
+ },
+ userDid: did
+ },
+ EntityOwner.sr(did)
+ ) as PolicyListResponse;
+ return {
+ did,
+ vcDocument,
+ policies,
+ username,
+ hederaAccountId: user.hederaAccountId
+ }
});
return await Promise.all(promises);
} catch (error) {
- new Logger().error(error.message, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * @param headers
+ * Get Hedera account balance
*/
+ @Get('/balance')
+ @Auth(
+ Permissions.PROFILES_BALANCE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Returns user\'s Hedera account balance.',
description: 'Requests current Hedera account balance.'
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(BalanceResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(BalanceResponseDTO)
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: BalanceResponseDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/balance')
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(BalanceResponseDTO, InternalServerErrorDTO)
@UseCache({ ttl: CACHE.SHORT_TTL })
- async getBalance(@Headers() headers): Promise {
+ @HttpCode(HttpStatus.OK)
+ async getBalance(
+ @AuthUser() user: IAuthUser,
+ ): Promise {
try {
- const authHeader = headers.authorization;
- const users = new Users();
- if (authHeader) {
- const token = authHeader.split(' ')[1];
- try {
- const user = await users.getUserByToken(token) as any;
- if (user) {
- const guardians = new Guardians();
- return await guardians.getBalance(user.username);
- // const balance = await this.client.send(MessageAPI.GET_BALANCE, { username: user.username }).toPromise()
- // return balance;
- }
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED)
-
- } catch (error) {
- throw new HttpException(error.message, HttpStatus.UNAUTHORIZED)
- }
- }
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED)
+ return await (new Guardians()).getBalance(user.username);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/ai-suggestions.ts b/api-gateway/src/api/service/ai-suggestions.ts
index 77b7c62c88..eb1732f0a5 100644
--- a/api-gateway/src/api/service/ai-suggestions.ts
+++ b/api-gateway/src/api/service/ai-suggestions.ts
@@ -1,10 +1,8 @@
-import { Logger } from '@guardian/common';
import { ClientProxy } from '@nestjs/microservices';
-import { Controller, Get, HttpCode, HttpStatus, Inject, Put, Req } from '@nestjs/common';
-import { ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags, getSchemaPath } from '@nestjs/swagger';
-import { AISuggestions } from '../../helpers/ai-suggestions.js';
-import { ApiImplicitParam } from '@nestjs/swagger/dist/decorators/api-implicit-param.decorator.js';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/index.js';
+import { Controller, Get, HttpCode, HttpStatus, Inject, Put, Query } from '@nestjs/common';
+import { ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags, ApiExtraModels, ApiQuery } from '@nestjs/swagger';
+import { AISuggestions, InternalException } from '#helpers';
+import { InternalServerErrorDTO } from '#middlewares';
/**
* AI suggestions route
@@ -18,7 +16,6 @@ export class AISuggestionsAPI {
/**
* Ask
*/
-
@Get('/ask')
@ApiOperation({
summary: 'Get methodology suggestion',
@@ -30,7 +27,7 @@ export class AISuggestionsAPI {
example: 'ACM0001, ACM0002, ACM0006, ACM0007, ACM0018'
},
})
- @ApiImplicitParam({
+ @ApiQuery({
name: 'q',
type: String,
description: 'The question of choosing a methodology',
@@ -39,42 +36,45 @@ export class AISuggestionsAPI {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getAIAnswer(@Req() req): Promise {
- const question = req.query.q as string;
- const aiSuggestions = new AISuggestions();
- let aiResponse;
+ async getAIAnswer(
+ @Query('q') q: string,
+ ): Promise {
try {
- aiResponse = await aiSuggestions.getAIAnswer(question);
- } catch (e) {
- aiResponse = null;
- new Logger().error(e, ['API_GATEWAY']);
- throw e;
+ const aiSuggestions = new AISuggestions();
+ return await aiSuggestions.getAIAnswer(q);
+ } catch (error) {
+ await InternalException(error);
}
-
- return aiResponse;
}
+ /**
+ * Rebuild AI vector
+ */
@Put('/rebuild-vector')
@ApiOperation({
summary: 'Rebuild AI vector',
description: 'Rebuilds vector based on policy data in the DB',
})
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: Boolean
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async rebuildVector(@Req() req): Promise {
- const aiSuggestions = new AISuggestions();
- let result = false;
+ async rebuildVector(): Promise {
try {
- result = await aiSuggestions.rebuildAIVector();
- } catch (e) {
- new Logger().error(e, ['API_GATEWAY']);
- throw e;
+ const aiSuggestions = new AISuggestions();
+ return await aiSuggestions.rebuildAIVector();
+ } catch (error) {
+ await InternalException(error);
}
-
- return result;
}
}
diff --git a/api-gateway/src/api/service/analytics.ts b/api-gateway/src/api/service/analytics.ts
index 7aee58253f..f1ff3052fc 100644
--- a/api-gateway/src/api/service/analytics.ts
+++ b/api-gateway/src/api/service/analytics.ts
@@ -1,34 +1,70 @@
-import { Guardians } from '../../helpers/guardians.js';
-import { Body, Controller, HttpCode, HttpException, HttpStatus, Post, Req } from '@nestjs/common';
-import {
- ApiInternalServerErrorResponse,
- ApiUnauthorizedResponse,
- ApiForbiddenResponse,
- ApiBody,
- ApiOkResponse,
- ApiOperation,
- ApiSecurity,
- ApiTags
-} from '@nestjs/swagger';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import { UserRole } from '@guardian/interfaces';
-import {
- FilterDocumentsDTO,
- FilterModulesDTO,
- FilterPoliciesDTO,
- FilterSchemasDTO,
- FilterSearchPoliciesDTO,
- InternalServerErrorDTO,
- CompareDocumentsDTO,
- CompareModulesDTO,
- ComparePoliciesDTO,
- CompareSchemasDTO,
- SearchPoliciesDTO,
- FilterToolsDTO,
- CompareToolsDTO
-} from '../../middlewares/validation/schemas/index.js';
+import { Body, Controller, HttpCode, HttpException, HttpStatus, Post, Query } from '@nestjs/common';
+import { ApiInternalServerErrorResponse, ApiBody, ApiOkResponse, ApiOperation, ApiTags, ApiExtraModels, ApiQuery } from '@nestjs/swagger';
+import { EntityOwner, Permissions } from '@guardian/interfaces';
+import { FilterDocumentsDTO, FilterModulesDTO, FilterPoliciesDTO, FilterSchemasDTO, FilterSearchPoliciesDTO, InternalServerErrorDTO, CompareDocumentsDTO, CompareModulesDTO, ComparePoliciesDTO, CompareSchemasDTO, SearchPoliciesDTO, FilterToolsDTO, CompareToolsDTO, FilterSearchBlocksDTO, SearchBlocksDTO, Examples } from '#middlewares';
+import { AuthUser, Auth } from '#auth';
+import { IAuthUser } from '@guardian/common';
+import { Guardians, ONLY_SR, InternalException } from '#helpers';
-const ONLY_SR = ' Only users with the Standard Registry role are allowed to make the request.'
+function getPolicyId(filters: FilterPoliciesDTO): {
+ type: 'id' | 'file' | 'message',
+ value: string | {
+ id: string,
+ name: string,
+ value: string
+ }
+}[] {
+ if (!filters) {
+ throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
+ if (Array.isArray(filters.policies) && filters.policies.length > 1) {
+ return filters.policies;
+ } else if (Array.isArray(filters.policyIds) && filters.policyIds.length > 1) {
+ return filters.policyIds.map((id) => {
+ return {
+ type: 'id',
+ value: id
+ }
+ })
+ } else if (filters.policyId1 && filters.policyId2) {
+ return [{
+ type: 'id',
+ value: filters.policyId1
+ }, {
+ type: 'id',
+ value: filters.policyId2
+ }];
+ } else {
+ throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
+}
+
+function getSchemaId(filters: FilterSchemasDTO): {
+ type: 'id' | 'policy-message' | 'policy-file',
+ value: string,
+ policy?: string | {
+ id: string,
+ name: string,
+ value: string
+ }
+}[] {
+ if (!filters) {
+ throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
+ if (Array.isArray(filters.schemas) && filters.schemas.length > 1) {
+ return filters.schemas;
+ } else if (filters.schemaId1 && filters.schemaId2) {
+ return [{
+ type: 'id',
+ value: filters.schemaId1
+ }, {
+ type: 'id',
+ value: filters.schemaId2
+ }];
+ } else {
+ throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
+}
@Controller('analytics')
@ApiTags('analytics')
@@ -37,7 +73,10 @@ export class AnalyticsApi {
* Search policies
*/
@Post('/search/policies')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_POLICY_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Search policies.',
description: 'Search policies.' + ONLY_SR,
@@ -49,7 +88,7 @@ export class AnalyticsApi {
examples: {
Filter: {
value: {
- policyId: '000000000000000000000000'
+ policyId: Examples.DB_ID
}
}
}
@@ -58,35 +97,22 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: SearchPoliciesDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterSearchPoliciesDTO, SearchPoliciesDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async searchPolicies(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const policyId = body ? body.policyId : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
- if (!policyId) {
- throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
- }
+ async searchPolicies(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterSearchPoliciesDTO
+ ): Promise {
try {
- return await guardians.searchPolicies(
- user,
- policyId,
- );
+ const owner = new EntityOwner(user);
+ const guardians = new Guardians();
+ return await guardians.searchPolicies(owner, filters);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -94,7 +120,10 @@ export class AnalyticsApi {
* Compare policies
*/
@Post('/compare/policies')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_POLICY_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare policies.',
description: 'Compare policies.' + ONLY_SR,
@@ -106,8 +135,8 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- policyId1: '000000000000000000000001',
- policyId2: '000000000000000000000002',
+ policyId1: Examples.DB_ID,
+ policyId2: Examples.DB_ID,
eventsLvl: '0',
propLvl: '0',
childrenLvl: '0',
@@ -116,7 +145,29 @@ export class AnalyticsApi {
},
Filter2: {
value: {
- policyIds: ['000000000000000000000001', '000000000000000000000002'],
+ policyIds: [Examples.DB_ID, Examples.DB_ID],
+ eventsLvl: '0',
+ propLvl: '0',
+ childrenLvl: '0',
+ idLvl: '0'
+ }
+ },
+ Filter3: {
+ value: {
+ policies: [{
+ type: 'id',
+ value: Examples.DB_ID
+ }, {
+ type: 'message',
+ value: Examples.MESSAGE_ID
+ }, {
+ type: 'file',
+ value: {
+ id: Examples.UUID,
+ name: 'File Name',
+ value: 'base64...'
+ }
+ }],
eventsLvl: '0',
propLvl: '0',
childrenLvl: '0',
@@ -129,54 +180,31 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: ComparePoliciesDTO
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterPoliciesDTO, ComparePoliciesDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async comparePolicies(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const policyId1 = body ? body.policyId1 : null;
- const policyId2 = body ? body.policyId2 : null;
- const policyIds = body ? body.policyIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
-
- let ids: string[];
- if (policyId1 && policyId2) {
- ids = [policyId1, policyId2];
- } else if (Array.isArray(policyIds) && policyIds.length > 1) {
- ids = policyIds;
- }
-
- if (!ids) {
- throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
- }
+ async comparePolicies(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterPoliciesDTO
+ ): Promise {
+ const policies = getPolicyId(filters);
+ const owner = new EntityOwner(user);
try {
+ const guardians = new Guardians();
return await guardians.comparePolicies(
- user,
+ owner,
null,
- ids,
- eventsLvl,
- propLvl,
- childrenLvl,
- idLvl
+ policies,
+ filters.eventsLvl,
+ filters.propLvl,
+ filters.childrenLvl,
+ filters.idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -184,7 +212,10 @@ export class AnalyticsApi {
* Compare modules
*/
@Post('/compare/modules')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare modules.',
description: 'Compare modules.' + ONLY_SR,
@@ -196,8 +227,8 @@ export class AnalyticsApi {
examples: {
Filter: {
value: {
- moduleId1: '000000000000000000000001',
- moduleId2: '000000000000000000000002',
+ moduleId1: Examples.DB_ID,
+ moduleId2: Examples.DB_ID,
propLvl: '0',
childrenLvl: '0',
idLvl: '0'
@@ -209,34 +240,27 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: CompareModulesDTO
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterModulesDTO, CompareModulesDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareModules(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const moduleId1 = body ? body.moduleId1 : null;
- const moduleId2 = body ? body.moduleId2 : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ async compareModules(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterModulesDTO
+ ): Promise {
+ const moduleId1 = filters ? filters.moduleId1 : null;
+ const moduleId2 = filters ? filters.moduleId2 : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
if (!moduleId1 || !moduleId2) {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareModules(
user,
null,
@@ -248,7 +272,7 @@ export class AnalyticsApi {
idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -256,7 +280,10 @@ export class AnalyticsApi {
* Compare schemas
*/
@Post('/compare/schemas')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_SCHEMA_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare schemas.',
description: 'Compare schemas.' + ONLY_SR,
@@ -268,8 +295,8 @@ export class AnalyticsApi {
examples: {
Filter: {
value: {
- schemaId1: '000000000000000000000001',
- schemaId2: '000000000000000000000002',
+ schemaId1: Examples.DB_ID,
+ schemaId2: Examples.DB_ID,
idLvl: '0'
}
}
@@ -279,34 +306,24 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: CompareSchemasDTO
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterSchemasDTO, CompareSchemasDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareSchemas(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const schemaId1 = body ? body.schemaId1 : null;
- const schemaId2 = body ? body.schemaId2 : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
- if (!schemaId1 || !schemaId2) {
- throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
- }
+ async compareSchemas(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterSchemasDTO
+ ): Promise {
+ const idLvl = filters ? filters.idLvl : null;
+ const schemas = getSchemaId(filters);
+ const owner = new EntityOwner(user);
try {
- return await guardians.compareSchemas(user, null, schemaId1, schemaId2, idLvl);
+ const guardians = new Guardians();
+ return await guardians.compareSchemas(owner, null, schemas, idLvl);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -314,7 +331,10 @@ export class AnalyticsApi {
* Compare documents
*/
@Post('/compare/documents')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_DOCUMENT_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare documents.',
description: 'Compare documents.' + ONLY_SR,
@@ -326,13 +346,13 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- documentId1: '000000000000000000000001',
- documentId2: '000000000000000000000002'
+ documentId1: Examples.DB_ID,
+ documentId2: Examples.DB_ID
}
},
Filter2: {
value: {
- documentIds: ['000000000000000000000001', '000000000000000000000002'],
+ documentIds: [Examples.DB_ID, Examples.DB_ID],
}
}
}
@@ -341,32 +361,25 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: CompareDocumentsDTO
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterDocumentsDTO, CompareDocumentsDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareDocuments(@Body() body, @Req() req): Promise {
- const guardians = new Guardians();
- const documentId1 = body ? body.documentId1 : null;
- const documentId2 = body ? body.documentId2 : null;
- const documentIds = body ? body.documentIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
+ async compareDocuments(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterDocumentsDTO
+ ): Promise {
+ const documentId1 = filters ? filters.documentId1 : null;
+ const documentId2 = filters ? filters.documentId2 : null;
+ const documentIds = filters ? filters.documentIds : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
const keyLvl = 0;
const refLvl = 0;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
let ids: string[];
if (documentId1 && documentId2) {
@@ -378,6 +391,7 @@ export class AnalyticsApi {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareDocuments(
user,
null,
@@ -390,7 +404,7 @@ export class AnalyticsApi {
refLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -398,7 +412,10 @@ export class AnalyticsApi {
* Compare tools
*/
@Post('/compare/tools')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_TOOL_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare tools.',
description: 'Compare tools.' + ONLY_SR,
@@ -410,13 +427,13 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- toolId1: '000000000000000000000001',
- toolId2: '000000000000000000000002'
+ toolId1: Examples.DB_ID,
+ toolId2: Examples.DB_ID
}
},
Filter2: {
value: {
- toolIds: ['000000000000000000000001', '000000000000000000000002'],
+ toolIds: [Examples.DB_ID, Examples.DB_ID],
}
}
}
@@ -425,30 +442,23 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: CompareToolsDTO
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterToolsDTO, CompareToolsDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareTools(@Body() body, @Req() req): Promise {
- const guardians = new Guardians();
- const toolId1 = body ? body.toolId1 : null;
- const toolId2 = body ? body.toolId2 : null;
- const toolIds = body ? body.toolIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ async compareTools(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterToolsDTO
+ ): Promise {
+ const toolId1 = filters ? filters.toolId1 : null;
+ const toolId2 = filters ? filters.toolId2 : null;
+ const toolIds = filters ? filters.toolIds : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
let ids: string[];
if (toolId1 && toolId2) {
@@ -460,6 +470,7 @@ export class AnalyticsApi {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareTools(
user,
null,
@@ -470,7 +481,7 @@ export class AnalyticsApi {
idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -478,11 +489,21 @@ export class AnalyticsApi {
* Compare policies (CSV)
*/
@Post('/compare/policies/export')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_POLICY_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare policies.',
description: 'Compare policies.' + ONLY_SR,
})
+ @ApiQuery({
+ name: 'type',
+ type: String,
+ description: 'File type',
+ required: true,
+ example: 'csv'
+ })
@ApiBody({
description: 'Filters.',
required: true,
@@ -490,8 +511,8 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- policyId1: '000000000000000000000001',
- policyId2: '000000000000000000000002',
+ policyId1: Examples.DB_ID,
+ policyId2: Examples.DB_ID,
eventsLvl: '0',
propLvl: '0',
childrenLvl: '0',
@@ -500,7 +521,29 @@ export class AnalyticsApi {
},
Filter2: {
value: {
- policyIds: ['000000000000000000000001', '000000000000000000000002'],
+ policyIds: [Examples.DB_ID, Examples.DB_ID],
+ eventsLvl: '0',
+ propLvl: '0',
+ childrenLvl: '0',
+ idLvl: '0'
+ }
+ },
+ Filter3: {
+ value: {
+ policies: [{
+ type: 'id',
+ value: Examples.DB_ID
+ }, {
+ type: 'message',
+ value: Examples.MESSAGE_ID
+ }, {
+ type: 'file',
+ value: {
+ id: Examples.UUID,
+ name: 'File Name',
+ value: 'base64...'
+ }
+ }],
eventsLvl: '0',
propLvl: '0',
childrenLvl: '0',
@@ -513,53 +556,32 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: String
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterPoliciesDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async comparePoliciesExport(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const type = req.query ? req.query.type : null;
- const policyId1 = body ? body.policyId1 : null;
- const policyId2 = body ? body.policyId2 : null;
- const policyIds = body ? body.policyIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
- let ids: string[];
- if (policyId1 && policyId2) {
- ids = [policyId1, policyId2];
- } else if (Array.isArray(policyIds) && policyIds.length > 1) {
- ids = policyIds;
- }
- if (!ids) {
- throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
- }
+ async comparePoliciesExport(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterPoliciesDTO,
+ @Query('type') type: string
+ ): Promise {
+ const policies = getPolicyId(filters);
+ const owner = new EntityOwner(user);
try {
+ const guardians = new Guardians();
return await guardians.comparePolicies(
- user,
+ owner,
type,
- ids,
- eventsLvl,
- propLvl,
- childrenLvl,
- idLvl
+ policies,
+ filters.eventsLvl,
+ filters.propLvl,
+ filters.childrenLvl,
+ filters.idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -567,11 +589,21 @@ export class AnalyticsApi {
* Compare modules (CSV)
*/
@Post('/compare/modules/export')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare modules.',
description: 'Compare modules.' + ONLY_SR,
})
+ @ApiQuery({
+ name: 'type',
+ type: String,
+ description: 'File type',
+ required: true,
+ example: 'csv'
+ })
@ApiBody({
description: 'Filters.',
required: true,
@@ -579,8 +611,8 @@ export class AnalyticsApi {
examples: {
Filter: {
value: {
- moduleId1: '000000000000000000000001',
- moduleId2: '000000000000000000000002',
+ moduleId1: Examples.DB_ID,
+ moduleId2: Examples.DB_ID,
propLvl: '0',
childrenLvl: '0',
idLvl: '0'
@@ -592,35 +624,28 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: String
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterModulesDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareModulesExport(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const type = req.query ? req.query.type : null;
- const moduleId1 = body ? body.moduleId1 : null;
- const moduleId2 = body ? body.moduleId2 : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ async compareModulesExport(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterModulesDTO,
+ @Query('type') type: string
+ ): Promise {
+ const moduleId1 = filters ? filters.moduleId1 : null;
+ const moduleId2 = filters ? filters.moduleId2 : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
if (!moduleId1 || !moduleId2) {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareModules(
user,
type,
@@ -632,7 +657,7 @@ export class AnalyticsApi {
idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -640,11 +665,21 @@ export class AnalyticsApi {
* Compare schemas (CSV)
*/
@Post('/compare/schemas/export')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_SCHEMA_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare schemas.',
description: 'Compare schemas.' + ONLY_SR,
})
+ @ApiQuery({
+ name: 'type',
+ type: String,
+ description: 'File type',
+ required: true,
+ example: 'csv'
+ })
@ApiBody({
description: 'Filters.',
required: true,
@@ -652,8 +687,8 @@ export class AnalyticsApi {
examples: {
Filter: {
value: {
- schemaId1: '000000000000000000000001',
- schemaId2: '000000000000000000000002',
+ schemaId1: Examples.DB_ID,
+ schemaId2: Examples.DB_ID,
idLvl: '0'
}
}
@@ -663,35 +698,25 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: String
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterSchemasDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareSchemasExport(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardians = new Guardians();
- const type = req.query ? req.query.type : null;
- const schemaId1 = body ? body.schemaId1 : null;
- const schemaId2 = body ? body.schemaId2 : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
- if (!schemaId1 || !schemaId2) {
- throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
- }
+ async compareSchemasExport(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterSchemasDTO,
+ @Query('type') type: string
+ ): Promise {
+ const idLvl = filters ? filters.idLvl : null;
+ const schemas = getSchemaId(filters);
+ const owner = new EntityOwner(user);
try {
- return await guardians.compareSchemas(user, type, schemaId1, schemaId2, idLvl);
+ const guardians = new Guardians();
+ return await guardians.compareSchemas(owner, type, schemas, idLvl);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -699,11 +724,21 @@ export class AnalyticsApi {
* Compare documents (CSV)
*/
@Post('/compare/documents/export')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_DOCUMENT_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare documents.',
description: 'Compare documents.' + ONLY_SR,
})
+ @ApiQuery({
+ name: 'type',
+ type: String,
+ description: 'File type',
+ required: true,
+ example: 'csv'
+ })
@ApiBody({
description: 'Filters.',
required: true,
@@ -711,13 +746,13 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- documentId1: '000000000000000000000001',
- documentId2: '000000000000000000000002'
+ documentId1: Examples.DB_ID,
+ documentId2: Examples.DB_ID
}
},
Filter2: {
value: {
- documentIds: ['000000000000000000000001', '000000000000000000000002'],
+ documentIds: [Examples.DB_ID, Examples.DB_ID],
}
}
}
@@ -726,33 +761,26 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: String
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterDocumentsDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareDocumentsExport(@Body() body, @Req() req): Promise {
- const guardians = new Guardians();
- const type = req.query ? req.query.type : null;
- const documentId1 = body ? body.documentId1 : null;
- const documentId2 = body ? body.documentId2 : null;
- const documentIds = body ? body.documentIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
+ async compareDocumentsExport(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterDocumentsDTO,
+ @Query('type') type: string
+ ): Promise {
+ const documentId1 = filters ? filters.documentId1 : null;
+ const documentId2 = filters ? filters.documentId2 : null;
+ const documentIds = filters ? filters.documentIds : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
const keyLvl = 0;
const refLvl = 0;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
let ids: string[];
if (documentId1 && documentId2) {
ids = [documentId1, documentId2];
@@ -763,6 +791,7 @@ export class AnalyticsApi {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareDocuments(
user,
type,
@@ -775,7 +804,7 @@ export class AnalyticsApi {
refLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -783,11 +812,21 @@ export class AnalyticsApi {
* Compare tools (CSV)
*/
@Post('/compare/tools/export')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_TOOL_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Compare tools.',
description: 'Compare tools.' + ONLY_SR,
})
+ @ApiQuery({
+ name: 'type',
+ type: String,
+ description: 'File type',
+ required: true,
+ example: 'csv'
+ })
@ApiBody({
description: 'Filters.',
required: true,
@@ -795,13 +834,13 @@ export class AnalyticsApi {
examples: {
Filter1: {
value: {
- toolId1: '000000000000000000000001',
- toolId2: '000000000000000000000002'
+ toolId1: Examples.DB_ID,
+ toolId2: Examples.DB_ID
}
},
Filter2: {
value: {
- toolIds: ['000000000000000000000001', '000000000000000000000002'],
+ toolIds: [Examples.DB_ID, Examples.DB_ID],
}
}
}
@@ -810,31 +849,24 @@ export class AnalyticsApi {
description: 'Successful operation.',
type: String
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterToolsDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async compareToolsExport(@Body() body, @Req() req): Promise {
- const guardians = new Guardians();
- const type = req.query ? req.query.type : null;
- const toolId1 = body ? body.toolId1 : null;
- const toolId2 = body ? body.toolId2 : null;
- const toolIds = body ? body.toolIds : null;
- const eventsLvl = body ? body.eventsLvl : null;
- const propLvl = body ? body.propLvl : null;
- const childrenLvl = body ? body.childrenLvl : null;
- const idLvl = body ? body.idLvl : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ async compareToolsExport(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterToolsDTO,
+ @Query('type') type: string
+ ): Promise {
+ const toolId1 = filters ? filters.toolId1 : null;
+ const toolId2 = filters ? filters.toolId2 : null;
+ const toolIds = filters ? filters.toolIds : null;
+ const eventsLvl = filters ? filters.eventsLvl : null;
+ const propLvl = filters ? filters.propLvl : null;
+ const childrenLvl = filters ? filters.childrenLvl : null;
+ const idLvl = filters ? filters.idLvl : null;
let ids: string[];
if (toolId1 && toolId2) {
ids = [toolId1, toolId2];
@@ -845,6 +877,7 @@ export class AnalyticsApi {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
+ const guardians = new Guardians();
return await guardians.compareTools(
user,
type,
@@ -855,7 +888,7 @@ export class AnalyticsApi {
idLvl
);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
@@ -863,7 +896,10 @@ export class AnalyticsApi {
* Search same blocks
*/
@Post('/search/blocks')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ANALYTIC_POLICY_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Search same blocks.',
description: 'Search same blocks.' + ONLY_SR,
@@ -871,7 +907,7 @@ export class AnalyticsApi {
@ApiBody({
description: 'Filters.',
required: true,
- type: FilterSearchPoliciesDTO,
+ type: FilterSearchBlocksDTO,
examples: {
Filter: {
value: {
@@ -883,35 +919,29 @@ export class AnalyticsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- type: SearchPoliciesDTO,
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: SearchBlocksDTO,
+ isArray: true
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO
})
+ @ApiExtraModels(FilterSearchBlocksDTO, SearchBlocksDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async searchBlocks(@Body() body, @Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async searchBlocks(
+ @AuthUser() user: IAuthUser,
+ @Body() filters: FilterSearchBlocksDTO
+ ): Promise {
const guardians = new Guardians();
- const id = body ? body.id : null;
- const config = body ? body.config : null;
- const user = req.user;
- if (!user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ const id = filters ? filters.id : null;
+ const config = filters ? filters.config : null;
if (!id || !config) {
throw new HttpException('Invalid parameters', HttpStatus.UNPROCESSABLE_ENTITY);
}
try {
return await guardians.searchBlocks(config, id, user);
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/artifact.ts b/api-gateway/src/api/service/artifact.ts
index 118a2b6344..ac2561f414 100644
--- a/api-gateway/src/api/service/artifact.ts
+++ b/api-gateway/src/api/service/artifact.ts
@@ -1,128 +1,233 @@
-import { UserRole } from '@guardian/interfaces';
-import { Logger } from '@guardian/common';
-import { Guardians } from '../../helpers/guardians.js';
-import {
- Controller,
- Delete,
- Get,
- HttpCode,
- HttpException,
- HttpStatus,
- Post,
- Req,
- Response,
- UploadedFiles,
- UseInterceptors,
-} from '@nestjs/common';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import {
- ApiExtraModels,
- ApiInternalServerErrorResponse,
- ApiOkResponse,
- ApiOperation,
- ApiSecurity,
- ApiTags,
- ApiUnauthorizedResponse,
- ApiForbiddenResponse,
- getSchemaPath,
- ApiBody,
- ApiConsumes
-} from '@nestjs/swagger';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
-import { ApiImplicitQuery } from '@nestjs/swagger/dist/decorators/api-implicit-query.decorator.js';
-import { ArtifactDTOItem } from '../../middlewares/validation/schemas/artifacts.js';
-import { ApiImplicitParam } from '@nestjs/swagger/dist/decorators/api-implicit-param.decorator.js';
-import { FilesInterceptor } from '@nestjs/platform-express';
+import { Permissions } from '@guardian/interfaces';
+import { Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Post, Query, Param, Response, UseInterceptors, Version, Req } from '@nestjs/common';
+import { ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags, ApiBody, ApiConsumes, ApiQuery, ApiParam } from '@nestjs/swagger';
+import { AuthUser, Auth } from '#auth';
+import { IAuthUser } from '@guardian/common';
+import { Guardians, InternalException, AnyFilesInterceptor, UploadedFiles, EntityOwner, CacheService, UseCache, getCacheKey } from '#helpers';
+import { pageHeader, Examples, InternalServerErrorDTO, ArtifactDTOItem } from '#middlewares';
+import { ARTIFACT_REQUIRED_PROPS, PREFIXES } from '#constants'
@Controller('artifacts')
@ApiTags('artifacts')
export class ArtifactApi {
+
+ constructor(private readonly cacheService: CacheService) {
+ }
/**
* Get artifacts
- * @param req
- * @param res
*/
@Get('/')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ARTIFACTS_FILE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Returns all artifacts.',
description: 'Returns all artifacts.',
})
- @ApiImplicitQuery({
+ @ApiQuery({
+ name: 'id',
+ type: String,
+ description: 'Artifact identifier',
+ required: false,
+ example: Examples.DB_ID
+ })
+ @ApiQuery({
name: 'type',
enum: ['tool', 'policy'],
description: 'Tool|Policy',
- required: false
+ required: false,
+ example: 'policy'
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'policyId',
type: String,
description: 'Policy identifier',
- required: false
+ required: false,
+ example: Examples.DB_ID
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'toolId',
type: String,
description: 'Tool identifier',
- required: false
+ required: false,
+ example: Examples.DB_ID
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageIndex',
type: Number,
description: 'The number of pages to skip before starting to collect the result set',
- required: false
+ required: false,
+ example: 0
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false
+ required: false,
+ example: 20
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(ArtifactDTOItem),
+ isArray: true,
+ headers: pageHeader,
+ type: ArtifactDTOItem
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(ArtifactDTOItem, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ @UseCache({isFastify: true})
+ async getArtifacts(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Req() req,
+ @Query('id') id: string,
+ @Query('type') type?: string,
+ @Query('policyId') policyId?: string,
+ @Query('toolId') toolId?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ ): Promise {
+ try {
+ const options: any = {
+ owner: new EntityOwner(user)
+ };
+ if (type) {
+ options.type = type;
+ }
+ if (policyId) {
+ options.policyId = policyId;
+ }
+ if (toolId) {
+ options.toolId = toolId;
}
- },
+ if (id) {
+ options.id = id;
+ }
+ if (pageIndex && pageSize) {
+ options.pageIndex = pageIndex;
+ options.pageSize = pageSize;
+ }
+ const guardians = new Guardians();
+ const { artifacts, count } = await guardians.getArtifacts(options);
+
+ req.locals = artifacts
+
+ return res.header('X-Total-Count', count).send(artifacts);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Get artifacts V2 04.06.2024
+ */
+ @Get('/')
+ @Auth(
+ Permissions.ARTIFACTS_FILE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Returns all artifacts.',
+ description: 'Returns all artifacts.',
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiQuery({
+ name: 'id',
+ type: String,
+ description: 'Artifact identifier',
+ required: false,
+ example: Examples.DB_ID
+ })
+ @ApiQuery({
+ name: 'type',
+ enum: ['tool', 'policy'],
+ description: 'Tool|Policy',
+ required: false,
+ example: 'policy'
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiQuery({
+ name: 'policyId',
+ type: String,
+ description: 'Policy identifier',
+ required: false,
+ example: Examples.DB_ID
+ })
+ @ApiQuery({
+ name: 'toolId',
+ type: String,
+ description: 'Tool identifier',
+ required: false,
+ example: Examples.DB_ID
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: ArtifactDTOItem
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO
})
@ApiExtraModels(ArtifactDTOItem, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getArtifacts(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @Version('2')
+ async getArtifactsV2(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('id') id: string,
+ @Query('type') type?: string,
+ @Query('policyId') policyId?: string,
+ @Query('toolId') toolId?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
try {
- const guardians = new Guardians();
const options: any = {
- owner: req.user.did,
+ owner: new EntityOwner(user)
+ };
+ if (type) {
+ options.type = type;
}
- if (req.query) {
- options.type = req.query.type;
- options.policyId = req.query.policyId;
- options.toolId = req.query.toolId;
- options.id = req.query.id;
+ if (policyId) {
+ options.policyId = policyId;
}
- if (req.query && req.query.pageIndex && req.query.pageSize) {
- options.pageIndex = req.query.pageIndex;
- options.pageSize = req.query.pageSize;
+ if (toolId) {
+ options.toolId = toolId;
}
- const { artifacts, count } = await guardians.getArtifacts(options);
- return res.setHeader('X-Total-Count', count).json(artifacts);
+ if (id) {
+ options.id = id;
+ }
+ if (pageIndex && pageSize) {
+ options.pageIndex = pageIndex;
+ options.pageSize = pageSize;
+ }
+
+ options.fields = Object.values(ARTIFACT_REQUIRED_PROPS)
+
+ const guardians = new Guardians();
+ const { artifacts, count } = await guardians.getArtifactsV2(options);
+
+ return res.header('X-Total-Count', count).send(artifacts);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
@@ -130,17 +235,20 @@ export class ArtifactApi {
* Upload artifact
*/
@Post('/:parentId')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ARTIFACTS_FILE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Upload artifact.',
description: 'Upload artifact. For users with the Standard Registry role only.',
})
- @ApiImplicitParam({
+ @ApiParam({
name: 'parentId',
type: String,
description: 'Parent ID',
required: true,
- example: '000000000000000000000001'
+ example: Examples.DB_ID
})
@ApiConsumes('multipart/form-data')
@ApiBody({
@@ -161,36 +269,27 @@ export class ArtifactApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(ArtifactDTOItem),
- }
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ isArray: true,
+ type: ArtifactDTOItem
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO
})
@ApiExtraModels(ArtifactDTOItem, InternalServerErrorDTO)
- @UseInterceptors(FilesInterceptor('artifacts'))
+ @UseInterceptors(AnyFilesInterceptor())
@HttpCode(HttpStatus.CREATED)
- async uploadArtifacts(@Req() req, @UploadedFiles() files): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async uploadArtifacts(
+ @AuthUser() user: IAuthUser,
+ @Param('parentId') parentId: string,
+ @UploadedFiles() files: any,
+ @Req() req,
+ ): Promise {
try {
if (!files) {
- throw new HttpException('There are no files to upload', HttpStatus.UNPROCESSABLE_ENTITY)
+ throw new HttpException('There are no files to upload', HttpStatus.BAD_REQUEST)
}
- const owner = req.user.did;
- const parentId = req.params.parentId;
+ const owner = new EntityOwner(user);
const uploadedArtifacts = [];
const guardian = new Guardians();
for (const artifact of files) {
@@ -199,10 +298,12 @@ export class ArtifactApi {
uploadedArtifacts.push(result);
}
}
+ const invalidedCacheKeys = [`/${PREFIXES.ARTIFACTS}`]
+ await this.cacheService.invalidate(getCacheKey([req.url, ...invalidedCacheKeys], user))
+
return uploadedArtifacts;
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
@@ -210,50 +311,44 @@ export class ArtifactApi {
* Delete artifact
*/
@Delete('/:artifactId')
- @ApiSecurity('bearerAuth')
+ @Auth(
+ Permissions.ARTIFACTS_FILE_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Delete artifact.',
description: 'Delete artifact.',
})
- @ApiImplicitParam({
+ @ApiParam({
name: 'artifactId',
type: String,
description: 'Artifact ID',
required: true,
- example: '000000000000000000000001'
+ example: Examples.DB_ID
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(ArtifactDTOItem),
- }
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO
})
@ApiExtraModels(ArtifactDTOItem, InternalServerErrorDTO)
- @HttpCode(HttpStatus.NO_CONTENT)
- async deleteArtifact(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @HttpCode(HttpStatus.OK)
+ async deleteArtifact(
+ @AuthUser() user: IAuthUser,
+ @Param('artifactId') artifactId: string,
+ @Req() req,
+ ): Promise {
try {
const guardian = new Guardians();
- await guardian.deleteArtifact(req.params.artifactId, req.user.did)
- return res.status(204).send();
+ const invalidedCacheTags = [PREFIXES.ARTIFACTS];
+ await this.cacheService.invalidate(getCacheKey([req.url, ...invalidedCacheTags], user));
+
+ return await guardian.deleteArtifact(artifactId, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/branding.ts b/api-gateway/src/api/service/branding.ts
index 3b8d6642ca..2b3875a56d 100644
--- a/api-gateway/src/api/service/branding.ts
+++ b/api-gateway/src/api/service/branding.ts
@@ -1,22 +1,49 @@
-import { Body, Controller, Get, HttpCode, HttpStatus, Post } from '@nestjs/common';
-import { Logger } from '@guardian/common';
-import { Guardians } from '../../helpers/guardians.js';
-import { ApiTags } from '@nestjs/swagger';
-import { Auth } from '../../auth/auth.decorator.js';
-import { UserRole } from '@guardian/interfaces';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { Body, Controller, Get, HttpCode, HttpStatus, Post, Req } from '@nestjs/common';
+import { ApiExtraModels, ApiTags, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiBody } from '@nestjs/swagger';
+import { Auth } from '#auth';
+import { Permissions } from '@guardian/interfaces';
+import { BrandingDTO, InternalServerErrorDTO } from '#middlewares';
+import { ONLY_SR, Guardians, UseCache, InternalException, getCacheKey, CacheService } from '#helpers';
/**
* Branding route
*/
@Controller('branding')
@ApiTags('branding')
-export class BrandingApi{
+export class BrandingApi {
+ constructor(private readonly cacheService: CacheService) {
+ }
- @Auth(UserRole.STANDARD_REGISTRY)
- @HttpCode(HttpStatus.NO_CONTENT)
+ /**
+ * Set branding
+ */
@Post('/')
- async setBranding(@Body() body: any): Promise {
+ @Auth(
+ Permissions.BRANDING_CONFIG_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Update branding.',
+ description: 'Update branding.' + ONLY_SR,
+ })
+ @ApiBody({
+ description: 'Object that contains config.',
+ required: true,
+ type: BrandingDTO
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(BrandingDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.NO_CONTENT)
+ async setBranding(
+ @Body() body: BrandingDTO,
+ @Req() req,
+ ): Promise {
try {
const {
headerColor,
@@ -39,27 +66,37 @@ export class BrandingApi{
headerColor1,
termsAndConditions
};
+ const guardians = new Guardians();
+ await guardians.setBranding(JSON.stringify(data));
- const guardians = new Guardians();
- await guardians.setBranding(JSON.stringify(data));
+ await this.cacheService.invalidate(getCacheKey([req.url], req.user))
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
-
- return;
}
+ /**
+ * Get branding
+ */
@Get('/')
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: BrandingDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(BrandingDTO, InternalServerErrorDTO)
@UseCache()
+ @HttpCode(HttpStatus.OK)
async getBranding(): Promise {
try {
const guardians = new Guardians();
const brandingDataString = await guardians.getBranding();
return JSON.parse(brandingDataString.config);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/contract.ts b/api-gateway/src/api/service/contract.ts
index e5317b459f..b251b0274c 100644
--- a/api-gateway/src/api/service/contract.ts
+++ b/api-gateway/src/api/service/contract.ts
@@ -1,42 +1,10 @@
-import { Guardians } from '../../helpers/guardians.js';
-import { ContractType, UserRole } from '@guardian/interfaces';
-import { Logger } from '@guardian/common';
-import {
- Controller,
- Delete,
- Get,
- HttpCode,
- HttpException,
- HttpStatus,
- Post,
- Req,
- Response,
-} from '@nestjs/common';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import {
- ApiInternalServerErrorResponse,
- ApiOkResponse,
- ApiCreatedResponse,
- ApiOperation,
- ApiUnauthorizedResponse,
- ApiExtraModels,
- ApiForbiddenResponse,
- ApiTags,
- ApiBody,
- ApiBearerAuth,
- ApiQuery,
- ApiParam,
-} from '@nestjs/swagger';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
-import {
- ContractDTO,
- RetirePoolDTO,
- RetirePoolTokenDTO,
- RetireRequestDTO,
- RetireRequestTokenDTO,
- WiperRequestDTO,
-} from '../../middlewares/validation/schemas/contracts.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { ContractType, Permissions } from '@guardian/interfaces';
+import { IAuthUser } from '@guardian/common';
+import { Body, Controller, Delete, Get, HttpCode, HttpStatus, Param, Post, Query, Req, Response } from '@nestjs/common';
+import { ApiInternalServerErrorResponse, ApiOkResponse, ApiCreatedResponse, ApiOperation, ApiExtraModels, ApiTags, ApiBody, ApiQuery, ApiParam, } from '@nestjs/swagger';
+import { ContractConfigDTO, ContractDTO, RetirePoolDTO, RetirePoolTokenDTO, RetireRequestDTO, RetireRequestTokenDTO, WiperRequestDTO, InternalServerErrorDTO, pageHeader } from '#middlewares';
+import { AuthUser, Auth } from '#auth';
+import { Guardians, UseCache, InternalException, EntityOwner, CacheService, getCacheKey } from '#helpers';
/**
* Contracts api
@@ -44,10 +12,20 @@ import { UseCache } from '../../helpers/decorators/cache.js';
@Controller('contracts')
@ApiTags('contracts')
export class ContractsApi {
+ constructor(private readonly cacheService: CacheService) {
+ }
+
//#region Common contract endpoints
+
+ /**
+ * Get all contracts
+ */
@Get()
- @ApiBearerAuth()
- @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_CONTRACT_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Return a list of all contracts.',
description: 'Returns all contracts.',
@@ -55,8 +33,7 @@ export class ContractsApi {
@ApiQuery({
name: 'pageIndex',
type: Number,
- description:
- 'The number of pages to skip before starting to collect the result set',
+ description: 'The number of pages to skip before starting to collect the result set',
required: false,
example: 0,
})
@@ -64,120 +41,103 @@ export class ContractsApi {
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false,
example: 20,
})
@ApiQuery({
name: 'type',
enum: ContractType,
description: 'Contract type',
- required: false,
example: ContractType.RETIRE,
})
@ApiOkResponse({
description: 'Contracts.',
isArray: true,
- headers: {
- 'x-total-count': {
- schema: {
- type: 'integer',
- },
- description: 'Total items in the collection.',
- },
- },
+ headers: pageHeader,
type: ContractDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getContracts(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ @UseCache()
+ async getContracts(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('type') type?: ContractType,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
const [contracts, count] = await guardians.getContracts(
- user.parent || user.did,
- req.query.type as any,
- req.query.pageIndex as any,
- req.query.pageSize as any
+ owner,
+ type,
+ pageIndex,
+ pageSize
);
- return res.setHeader('X-Total-Count', count).json(contracts);
+ return res.header('X-Total-Count', count).send(contracts);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Create new smart-contract
+ */
@Post('/')
- @ApiBearerAuth()
- @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_CONTRACT_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Create contract.',
- description:
- 'Create smart-contract. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Create smart-contract. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiBody({
- schema: {
- type: 'object',
- properties: {
- description: {
- type: 'string',
- },
- },
- },
+ type: ContractConfigDTO,
})
@ApiCreatedResponse({
description: 'Created contract.',
type: ContractDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async createContract(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async createContract(
+ @AuthUser() user: IAuthUser,
+ @Body() body: ContractConfigDTO,
+ @Req() req: any
+ ): Promise {
try {
- const user = req.user;
- const { description, type } = req.body;
+ const owner = new EntityOwner(user);
+ const { description, type } = body;
const guardians = new Guardians();
- return await guardians.createContract(user.did, description, type);
+
+ await this.cacheService.invalidate(getCacheKey([req.url], user))
+
+ return await guardians.createContract(owner, description, type);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Import new smart-contract
+ */
@Post('/import')
- @ApiBearerAuth()
- @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_CONTRACT_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Import contract.',
- description:
- 'Import smart-contract. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Import smart-contract. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiBody({
schema: {
@@ -199,47 +159,37 @@ export class ContractsApi {
description: 'Imported contract.',
type: ContractDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async importContract(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async importContract(
+ @AuthUser() user: IAuthUser,
+ @Body() body: any
+ ): Promise {
try {
- const user = req.user;
- const { contractId, description } = req.body;
+ const owner = new EntityOwner(user);
+ const { contractId, description } = body;
const guardians = new Guardians();
- return await guardians.importContract(
- user.did,
- contractId,
- description
- );
+ return await guardians.importContract(owner, contractId, description);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
/**
- * @param req
+ * Get contract permissions
*/
@Get('/:contractId/permissions')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_PERMISSIONS_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Get contract permissions.',
- description:
- 'Get smart-contract permissions. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Get smart-contract permissions. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -252,43 +202,37 @@ export class ContractsApi {
description: 'Contract permissions.',
type: Number,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(InternalServerErrorDTO)
@UseCache()
- async contractPermissions(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @HttpCode(HttpStatus.OK)
+ async contractPermissions(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return await guardians.checkContractPermissions(
- user.did,
- req.params.contractId
- );
+ return await guardians.checkContractPermissions(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove contract
+ */
@Delete('/:contractId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_CONTRACT_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Remove contract.',
- description:
- 'Remove smart-contract. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Remove smart-contract. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -301,56 +245,43 @@ export class ContractsApi {
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async removeContract(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async removeContract(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.removeContract(
- user?.did,
- req.params?.contractId as string
- )
- );
+ return await guardians.removeContract(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
//#endregion
//#region Wipe contract endpoints
/**
- * @param req
- * @param res
+ * Get list of all wipe requests
*/
@Get('/wipe/requests')
- @ApiBearerAuth()
- @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Return a list of all wipe requests.',
- description:
- 'Returns all wipe requests. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Returns all wipe requests. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiQuery({
name: 'pageIndex',
type: Number,
- description:
- 'The number of pages to skip before starting to collect the result set',
+ description: 'The number of pages to skip before starting to collect the result set',
required: false,
example: 0,
})
@@ -358,168 +289,144 @@ export class ContractsApi {
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false,
example: 20,
})
@ApiQuery({
name: 'contractId',
type: String,
description: 'Contract identifier',
- required: false,
example: '0.0.1',
})
@ApiOkResponse({
description: 'Successful operation.',
isArray: true,
- headers: {
- 'x-total-count': {
- schema: {
- type: 'integer',
- },
- description: 'Total items in the collection.',
- },
- },
+ headers: pageHeader,
type: WiperRequestDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
- @HttpCode(HttpStatus.OK)
// @UseCache({ isExpress: true })
- async getWipeRequests(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @ApiExtraModels(ContractDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getWipeRequests(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('contractId') contractId?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
const [contracts, count] = await guardians.getWipeRequests(
- user.parent || user.did,
- req.query.contractId as any,
- req.query.pageIndex as any,
- req.query.pageSize as any
+ owner,
+ contractId,
+ pageIndex,
+ pageSize
);
- res.locals.data = contracts
- return res.setHeader('X-Total-Count', count).json(contracts);
+ return res.header('X-Total-Count', count).send(contracts);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Enable wipe requests
+ */
@Post('/wipe/:contractId/requests/enable')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Enable wipe requests.',
- description:
- 'Enable wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Enable wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
type: String,
+ required: true,
description: 'Contract identifier',
- required: false,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async enableWipeRequests(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async enableWipeRequests(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.enableWipeRequests(
- user.did,
- req.params.contractId
- )
- );
+ return await guardians.enableWipeRequests(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Disable wipe requests
+ */
@Post('/wipe/:contractId/requests/disable')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Disable wipe requests.',
- description:
- 'Disable wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Disable wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
type: String,
+ required: true,
description: 'Contract identifier',
- required: false,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async disableWipeRequests(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async disableWipeRequests(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.disableWipeRequests(
- user.did,
- req.params.contractId
- )
- );
+ return await guardians.disableWipeRequests(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Approve wipe request
+ */
@Post('/wipe/requests/:requestId/approve')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Approve wipe request.',
- description:
- 'Approve wipe contract request. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Approve wipe contract request. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'requestId',
@@ -530,45 +437,38 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async approveWipeRequest(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async approveWipeRequest(
+ @AuthUser() user: IAuthUser,
+ @Param('requestId') requestId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.approveWipeRequest(
- user.did,
- req.params.requestId
- )
- );
+ return await guardians.approveWipeRequest(owner, requestId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Reject wipe request
+ */
@Delete('/wipe/requests/:requestId/reject')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Reject wipe request.',
- description:
- 'Reject wipe contract request. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Reject wipe contract request. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'requestId',
@@ -582,49 +482,47 @@ export class ContractsApi {
type: Boolean,
description: 'Reject and ban',
required: false,
+ example: true
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async rejectWipeRequest(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async rejectWipeRequest(
+ @AuthUser() user: IAuthUser,
+ @Param('requestId') requestId: string,
+ @Query('ban') ban?: boolean,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.rejectWipeRequest(
- user.did,
- req.params.requestId,
- req.query.ban?.toLowerCase() === 'true'
- )
+ return await guardians.rejectWipeRequest(
+ owner,
+ requestId,
+ String(ban).toLowerCase() === 'true'
);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove all wipe requests
+ */
@Delete('/wipe/:contractId/requests')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_REQUEST_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Clear wipe requests.',
- description:
- 'Clear wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Clear wipe contract requests. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -635,102 +533,88 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async clearWipeRequests(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async clearWipeRequests(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.clearWipeRequests(
- user.did,
- req.params.contractId
- )
- );
+ return await guardians.clearWipeRequests(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Add wipe admin
+ */
@Post('/wipe/:contractId/admin/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_ADMIN_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Add wipe admin.',
- description:
- 'Add wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Add wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
- type: String,
description: 'Contract identifier',
+ type: String,
required: true,
example: '652745597a7b53526de37c05',
})
@ApiParam({
name: 'hederaId',
- type: String,
description: 'Hedera identifier',
+ type: String,
required: true,
example: '0.0.1',
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeAddAdmin(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeAddAdmin(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.addWipeAdmin(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.addWipeAdmin(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove wipe admin
+ */
@Delete('/wipe/:contractId/admin/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_ADMIN_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Remove wipe admin.',
- description:
- 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -748,46 +632,39 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeRemoveAdmin(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeRemoveAdmin(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.removeWipeAdmin(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.removeWipeAdmin(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Add wipe manager
+ */
@Post('/wipe/:contractId/manager/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_MANAGER_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Add wipe manager.',
- description:
- 'Add wipe contract manager. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Add wipe contract manager. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -805,46 +682,39 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeAddManager(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeAddManager(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.addWipeManager(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.addWipeManager(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove wipe manager
+ */
@Delete('/wipe/:contractId/manager/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPE_MANAGER_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Remove wipe manager.',
- description:
- 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -862,46 +732,39 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeRemoveManager(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeRemoveManager(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.removeWipeManager(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.removeWipeManager(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Add wipe wiper
+ */
@Post('/wipe/:contractId/wiper/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPER_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Add wipe wiper.',
- description:
- 'Add wipe contract wiper. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Add wipe contract wiper. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -919,46 +782,39 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeAddWiper(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeAddWiper(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.addWipeWiper(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.addWipeWiper(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove wipe wiper
+ */
@Delete('/wipe/:contractId/wiper/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_WIPER_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Remove wipe wiper.',
- description:
- 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -976,96 +832,82 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async wipeRemoveWiper(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async wipeRemoveWiper(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.removeWipeWiper(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.removeWipeWiper(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
//#endregion
//#region Retire contract endpoints
+ /**
+ * Sync retire contract pools
+ */
@Post('/retire/:contractId/pools/sync')
- @ApiBearerAuth()
- @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_POOL_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Sync retire pools.',
- description:
- 'Sync retire contract pools. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Sync retire contract pools. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
type: String,
+ required: true,
description: 'Contract identifier',
- required: false,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Sync date.',
type: Date,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async retireSyncPools(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async retireSyncPools(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.syncRetirePools(user.did, req.params.contractId)
- );
+ return await guardians.syncRetirePools(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Get list of all retire requests
*/
@Get('/retire/requests')
- @ApiBearerAuth()
- @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Return a list of all retire requests.',
description: 'Returns all retire requests.',
@@ -1073,8 +915,7 @@ export class ContractsApi {
@ApiQuery({
name: 'pageIndex',
type: Number,
- description:
- 'The number of pages to skip before starting to collect the result set',
+ description: 'The number of pages to skip before starting to collect the result set',
required: false,
example: 0,
})
@@ -1082,73 +923,58 @@ export class ContractsApi {
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false,
example: 20,
})
@ApiQuery({
name: 'contractId',
type: String,
description: 'Contract identifier',
- required: false,
example: '0.0.1',
})
@ApiOkResponse({
description: 'Successful operation.',
isArray: true,
- headers: {
- 'x-total-count': {
- schema: {
- type: 'integer',
- },
- description: 'Total items in the collection.',
- },
- },
+ headers: pageHeader,
type: RetireRequestDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
// @UseCache({ isExpress: true })
- async getRetireRequests(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ @HttpCode(HttpStatus.OK)
+ async getRetireRequests(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('contractId') contractId?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
const [contracts, count] = await guardians.getRetireRequests(
- user.did,
- req.query.contractId as any,
- req.query.pageIndex as any,
- req.query.pageSize as any
+ owner,
+ contractId,
+ pageIndex,
+ pageSize
);
- res.locals.data = contracts
- return res.setHeader('X-Total-Count', count).json(contracts);
+ return res.header('X-Total-Count', count).send(contracts);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Get list of all retire pools
*/
@Get('/retire/pools')
- @ApiBearerAuth()
- @ApiExtraModels(RetirePoolDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_POOL_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Return a list of all retire pools.',
description: 'Returns all retire pools.',
@@ -1156,8 +982,7 @@ export class ContractsApi {
@ApiQuery({
name: 'pageIndex',
type: Number,
- description:
- 'The number of pages to skip before starting to collect the result set',
+ description: 'The number of pages to skip before starting to collect the result set',
required: false,
example: 0,
})
@@ -1165,181 +990,152 @@ export class ContractsApi {
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false,
example: 20,
})
@ApiQuery({
name: 'contractId',
type: String,
description: 'Contract identifier',
- required: false,
example: '0.0.1',
})
@ApiQuery({
name: 'tokens',
type: String,
description: 'Tokens',
- required: false,
example: '0.0.1,0.0.2,0.0.3',
})
@ApiOkResponse({
description: 'Successful operation.',
isArray: true,
- headers: {
- 'x-total-count': {
- schema: {
- type: 'integer',
- },
- description: 'Total items in the collection.',
- },
- },
+ headers: pageHeader,
type: RetirePoolDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(RetirePoolDTO, InternalServerErrorDTO)
// @UseCache({ isExpress: true })
- async getRetirePools(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ @HttpCode(HttpStatus.OK)
+ async getRetirePools(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('contractId') contractId?: string,
+ @Query('tokens') tokens?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
const [contracts, count] = await guardians.getRetirePools(
- user.did,
- req.query.tokens?.split(','),
- req.query.contractId as any,
- req.query.pageIndex as any,
- req.query.pageSize as any
+ owner,
+ tokens?.split(','),
+ contractId,
+ pageIndex,
+ pageSize
);
- res.locals.data = contracts
- return res.setHeader('X-Total-Count', count).json(contracts);
+ return res.header('X-Total-Count', count).send(contracts);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove retire requests.
+ */
@Delete('/retire/:contractId/requests')
- @ApiBearerAuth()
- @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Clear retire requests.',
- description:
- 'Clear retire contract requests. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Clear retire contract requests. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
type: String,
+ required: true,
description: 'Contract identifier',
- required: false,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async clearRetireRequests(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async clearRetireRequests(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.clearRetireRequests(
- user.did,
- req.params.contractId
- )
- );
+ return await guardians.clearRetireRequests(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Clear retire pools.
+ */
@Delete('/retire/:contractId/pools')
- @ApiBearerAuth()
- @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_POOL_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Clear retire pools.',
- description:
- 'Clear retire contract pools. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Clear retire contract pools. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
type: String,
+ required: true,
description: 'Contract identifier',
- required: false,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(RetireRequestDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async clearRetirePools(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async clearRetirePools(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.clearRetirePools(
- user.did,
- req.params.contractId
- )
- );
+ return await guardians.clearRetirePools(owner, contractId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Set retire pool.
+ */
@Post('/retire/:contractId/pools')
- @ApiBearerAuth()
- @ApiExtraModels(RetirePoolDTO, RetirePoolTokenDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_POOL_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Set retire pool.',
- description:
- 'Set retire contract pool. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Set retire contract pool. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiBody({
type: RetirePoolTokenDTO,
@@ -1348,145 +1144,126 @@ export class ContractsApi {
name: 'contractId',
type: String,
description: 'Contract identifier',
- required: false,
+ required: true,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: RetirePoolDTO,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(RetirePoolDTO, RetirePoolTokenDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async setRetirePool(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async setRetirePool(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Body() body: any
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.setRetirePool(
- user.did,
- req.params.contractId,
- req.body
- )
- );
+ return await guardians.setRetirePool(owner, contractId, body);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Unset retire pool.
+ */
@Delete('/retire/pools/:poolId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_POOL_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Unset retire pool.',
- description:
- 'Unset retire contract pool. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Unset retire contract pool. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'poolId',
type: String,
description: 'Pool Identifier',
- required: false,
+ required: true,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async unsetRetirePool(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async unsetRetirePool(
+ @AuthUser() user: IAuthUser,
+ @Param('poolId') poolId: string,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.unsetRetirePool(user.did, req.params.poolId)
- );
+ return await guardians.unsetRetirePool(owner, poolId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Unset retire request.
+ */
@Delete('/retire/requests/:requestId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Unset retire request.',
- description:
- 'Unset retire contract request. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Unset retire contract request. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'requestId',
type: String,
description: 'Request Identifier',
- required: false,
+ required: true,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async unsetRetireRequest(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async unsetRetireRequest(
+ @AuthUser() user: IAuthUser,
+ @Param('requestId') requestId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.unsetRetireRequest(
- user.did,
- req.params.requestId
- )
- );
+ return await guardians.unsetRetireRequest(owner, requestId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Retire tokens.
+ */
@Post('/retire/pools/:poolId/retire')
- @ApiBearerAuth()
- @ApiExtraModels(RetireRequestTokenDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_CREATE,
+ //???? UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Retire tokens.',
description: 'Retire tokens.',
@@ -1498,51 +1275,44 @@ export class ContractsApi {
name: 'poolId',
type: String,
description: 'Pool Identifier',
- required: false,
+ required: true,
example: '652745597a7b53526de37c05',
})
@ApiOkResponse({
description: 'Successful operation.',
type: Boolean,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
- })
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(RetireRequestTokenDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async retire(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ async retire(
+ @AuthUser() user: IAuthUser,
+ @Param('poolId') poolId: string,
+ @Body() body: any
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.retire(user.did, req.params.poolId, req.body)
- );
+ return await guardians.retire(owner, poolId, body);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Approve retire request
+ */
@Post('/retire/requests/:requestId/approve')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Approve retire request.',
- description:
- 'Approve retire contract request. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Approve retire contract request. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'requestId',
@@ -1553,38 +1323,36 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async approveRetire(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async approveRetire(
+ @AuthUser() user: IAuthUser,
+ @Param('requestId') requestId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.approveRetire(user.did, req.params.requestId)
- );
+ return await guardians.approveRetire(owner, requestId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Cancel retire request.
+ */
@Delete('/retire/requests/:requestId/cancel')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_REQUEST_CREATE,
+ //???? UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Cancel retire request.',
description: 'Cancel retire contract request.',
@@ -1598,45 +1366,38 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async cancelRetireRequest(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ async cancelRetireRequest(
+ @AuthUser() user: IAuthUser,
+ @Param('requestId') requestId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.cancelRetire(user.did, req.params.requestId)
- );
+ return await guardians.cancelRetire(owner, requestId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Add retire admin.
+ */
@Post('/retire/:contractId/admin/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_ADMIN_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Add retire admin.',
- description:
- 'Add retire contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Add retire contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -1654,46 +1415,39 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async retireAddAdmin(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async retireAddAdmin(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.addRetireAdmin(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.addRetireAdmin(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Remove wipe admin.
+ */
@Delete('/retire/:contractId/admin/:hederaId')
- @ApiBearerAuth()
- @ApiExtraModels(InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_RETIRE_ADMIN_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Remove wipe admin.',
- description:
- 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Remove wipe contract admin. Only users with the Standard Registry role are allowed to make the request.',
})
@ApiParam({
name: 'contractId',
@@ -1711,46 +1465,37 @@ export class ContractsApi {
})
@ApiOkResponse({
description: 'Successful operation.',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async retireRemoveAdmin(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async retireRemoveAdmin(
+ @AuthUser() user: IAuthUser,
+ @Param('contractId') contractId: string,
+ @Param('hederaId') hederaId: string
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- return res.json(
- await guardians.removeRetireAdmin(
- user.did,
- req.params.contractId,
- req.params.hederaId
- )
- );
+ return await guardians.removeRetireAdmin(owner, contractId, hederaId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Get a list of all retire vcs
*/
@Get('/retire')
- @ApiBearerAuth()
- @ApiExtraModels(RetirePoolDTO, InternalServerErrorDTO)
+ @Auth(
+ Permissions.CONTRACTS_DOCUMENT_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER
+ )
@ApiOperation({
summary: 'Return a list of all retire vcs.',
description: 'Returns all retire vcs.',
@@ -1758,8 +1503,7 @@ export class ContractsApi {
@ApiQuery({
name: 'pageIndex',
type: Number,
- description:
- 'The number of pages to skip before starting to collect the result set',
+ description: 'The number of pages to skip before starting to collect the result set',
required: false,
example: 0,
})
@@ -1767,55 +1511,39 @@ export class ContractsApi {
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false,
example: 20,
})
@ApiOkResponse({
description: 'Successful operation.',
isArray: true,
- headers: {
- 'x-total-count': {
- schema: {
- type: 'integer',
- },
- description: 'Total items in the collection.',
- },
- },
- type: 'object',
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ headers: pageHeader,
+ schema: {
+ type: 'array',
+ items: {
+ type: 'object'
+ }
+ }
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
type: InternalServerErrorDTO,
})
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(RetirePoolDTO, InternalServerErrorDTO)
// @UseCache({ isExpress: true })
- async getRetireVCs(@Req() req, @Response() res): Promise {
- await checkPermission(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER
- )(req.user);
+ @HttpCode(HttpStatus.OK)
+ async getRetireVCs(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ ): Promise {
try {
- const user = req.user;
+ const owner = new EntityOwner(user);
const guardians = new Guardians();
- const [vcs, count] = await guardians.getRetireVCs(
- user.did,
- req.query.pageIndex as any,
- req.query.pageSize as any
- );
- res.locals.data = vcs
- return res.setHeader('X-Total-Count', count).json(vcs);
+ const [vcs, count] = await guardians.getRetireVCs(owner, pageIndex, pageSize);
+ return res.header('X-Total-Count', count).send(vcs);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
//#endregion
diff --git a/api-gateway/src/api/service/demo.ts b/api-gateway/src/api/service/demo.ts
index 81c584950a..ca51fe805e 100644
--- a/api-gateway/src/api/service/demo.ts
+++ b/api-gateway/src/api/service/demo.ts
@@ -1,33 +1,33 @@
-import { Guardians } from '../../helpers/guardians.js';
-import { Users } from '../../helpers/users.js';
import { Logger, RunFunctionAsync } from '@guardian/common';
-import { TaskManager } from '../../helpers/task-manager.js';
-import { ServiceError } from '../../helpers/service-requests-base.js';
-import { Controller, Get, HttpCode, HttpException, HttpStatus } from '@nestjs/common';
-import { ApiOkResponse, ApiOperation, ApiTags, getSchemaPath } from '@nestjs/swagger';
-import { TaskAction, UserRole } from '@guardian/interfaces';
-import { RegisteredUsersDTO } from '../../middlewares/validation/schemas/index.js';
-import { AuthUser } from '../../auth/authorization-helper.js';
-import { Auth } from '../../auth/auth.decorator.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { Controller, Get, HttpCode, HttpStatus } from '@nestjs/common';
+import { ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { Permissions, TaskAction } from '@guardian/interfaces';
+import { InternalServerErrorDTO, RegisteredUsersDTO, TaskDTO } from '#middlewares';
+import { Auth, AuthUser } from '#auth';
+import { Guardians, InternalException, NewTask, ServiceError, TaskManager, Users } from '#helpers';
@Controller('demo')
@ApiTags('demo')
export class DemoApi {
+ /**
+ * Returns list of registered users
+ */
+ @Get('/registered-users')
@ApiOperation({
summary: 'Returns list of registered users.',
description: 'Returns list of registered users.',
})
- // @ApiExtraModels(AccountsSessionResponseDTO, InternalServerErrorDTO)
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- $ref: getSchemaPath(RegisteredUsersDTO),
- },
+ type: RegisteredUsersDTO
})
- @Get('/registered-users')
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(RegisteredUsersDTO, InternalServerErrorDTO)
+ // @UseCache()
@HttpCode(HttpStatus.OK)
- @UseCache()
async registeredUsers(): Promise {
const users = new Users();
const guardians = new Guardians();
@@ -44,26 +44,43 @@ export class DemoApi {
return demoUsers
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
+ /**
+ * Generate demo key
+ */
@Get('/random-key')
@Auth(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER,
- UserRole.AUDITOR
+ Permissions.DEMO_KEY_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
)
+ @ApiOperation({
+ summary: 'Generate demo key.',
+ description: 'Generate demo key.',
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async randomKey(@AuthUser() user: any): Promise {
+ async randomKey(
+ @AuthUser() user: any
+ ): Promise {
try {
const guardians = new Guardians();
const role = user?.role;
- return await guardians.generateDemoKey(role);
+ return await guardians.generateDemoKey(role, user.id.toString());
} catch (error) {
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR)
+ await InternalException(error);
}
// try {
// const guardians = new Guardians();
@@ -87,25 +104,42 @@ export class DemoApi {
// }
}
+ /**
+ * Generate demo key (async)
+ */
@Get('/push/random-key')
@Auth(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER,
- UserRole.AUDITOR
+ Permissions.DEMO_KEY_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
)
+ @ApiOperation({
+ summary: 'Generate demo key.',
+ description: 'Generate demo key.',
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: TaskDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(TaskDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async pushRandomKey(@AuthUser() user: any): Promise {
+ async pushRandomKey(
+ @AuthUser() user: any
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.CREATE_RANDOM_KEY, user?.id);
RunFunctionAsync(async () => {
const guardians = new Guardians();
- await guardians.generateDemoKeyAsync(user?.role, task);
+ await guardians.generateDemoKeyAsync(user?.role, task, user.id.toString());
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: error.message });
});
-
return task;
}
-
}
diff --git a/api-gateway/src/api/service/external.ts b/api-gateway/src/api/service/external.ts
index be1e952428..d3484d8c13 100644
--- a/api-gateway/src/api/service/external.ts
+++ b/api-gateway/src/api/service/external.ts
@@ -1,60 +1,41 @@
-import { PolicyEngine } from '../../helpers/policy-engine.js';
-import { Logger } from '@guardian/common';
-import { Controller, HttpCode, HttpStatus, Post, Req, Response } from '@nestjs/common';
-import { ApiBody, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags, getSchemaPath } from '@nestjs/swagger';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
+import { Body, Controller, HttpCode, HttpStatus, Post } from '@nestjs/common';
+import { ApiExtraModels, ApiBody, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { InternalServerErrorDTO, ExternalDocumentDTO } from '#middlewares';
+import { PolicyEngine, InternalException } from '#helpers';
@Controller('external')
@ApiTags('external')
export class ExternalApi {
+ /**
+ * Sends data from an external source
+ */
+ @Post('/')
@ApiOperation({
summary: 'Sends data from an external source.',
description: 'Sends data from an external source.',
})
@ApiBody({
description: 'Object that contains a VC Document.',
- schema: {
- 'type': 'object',
- 'required': [
- 'owner',
- 'policyTag',
- 'document'
- ],
- 'properties': {
- 'owner': {
- 'type': 'string'
- },
- 'policyTag': {
- 'type': 'string'
- },
- 'document': {
- 'type': 'object'
- }
- }
- }
+ type: ExternalDocumentDTO
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- type: 'boolean'
- }
+ type: Boolean
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO
})
- @Post('/')
+ @ApiExtraModels(ExternalDocumentDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async receiveExternalData(@Req() req, @Response() res): Promise {
- const engineService = new PolicyEngine();
-
+ async receiveExternalData(
+ @Body() document: ExternalDocumentDTO
+ ): Promise {
try {
- return res.send(await engineService.receiveExternalData(req.body));
+ const engineService = new PolicyEngine();
+ return await engineService.receiveExternalData(document);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/ipfs.ts b/api-gateway/src/api/service/ipfs.ts
index bc78b0ba5a..63cf928998 100644
--- a/api-gateway/src/api/service/ipfs.ts
+++ b/api-gateway/src/api/service/ipfs.ts
@@ -1,142 +1,209 @@
-import { Logger } from '@guardian/common';
-import { Guardians } from '../../helpers/guardians.js';
-import { Body, Controller, Get, HttpCode, HttpException, HttpStatus, Param, Post, Req, Response } from '@nestjs/common';
-import { ApiOperation, ApiSecurity, ApiTags } from '@nestjs/swagger';
-import { Auth } from '../../auth/auth.decorator.js';
-import { UserRole } from '@guardian/interfaces';
-import { CACHE } from '../../constants/index.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { Body, Controller, Get, HttpCode, HttpException, HttpStatus, Param, Post, StreamableFile } from '@nestjs/common';
+import { ApiBody, ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiParam, ApiTags } from '@nestjs/swagger';
+import { Permissions } from '@guardian/interfaces';
+import { Auth } from '#auth';
+import { Examples, InternalServerErrorDTO } from '#middlewares';
+import { Guardians, InternalException } from '#helpers';
@Controller('ipfs')
@ApiTags('ipfs')
export class IpfsApi {
+ /**
+ * Add file from ipfs
+ */
+ @Post('/file')
+ @Auth(
+ Permissions.IPFS_FILE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Add file from ipfs.',
description: 'Add file from ipfs.',
})
- @Auth(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER,
- UserRole.AUDITOR
- )
- @Post('/file')
+ @ApiBody({
+ description: 'Binary data.',
+ required: true,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: String
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async postFile(@Body() body: any): Promise {
+ async postFile(
+ @Body() body: any
+ ): Promise {
try {
if (!Object.values(body).length) {
throw new HttpException('Body content in request is empty', HttpStatus.UNPROCESSABLE_ENTITY)
}
const guardians = new Guardians();
- const {cid} = await guardians.addFileIpfs(body);
+ const { cid } = await guardians.addFileIpfs(body);
if (!cid) {
throw new HttpException('File is not uploaded', HttpStatus.BAD_REQUEST);
}
return JSON.stringify(cid);
} catch (error) {
- new Logger().error(error.message, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * @param body
- * @param policyId
+ * Add file from ipfs for dry run mode
*/
+ @Post('/file/dry-run/:policyId')
+ @Auth(
+ Permissions.IPFS_FILE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Add file from ipfs for dry run mode.',
description: 'Add file from ipfs for dry run mode.',
})
- @Auth(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER,
- UserRole.AUDITOR
- )
- @Post('/file/dry-run/:policyId')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiBody({
+ description: 'Binary data.',
+ required: true,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: String
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async postFileDryRun(@Body() body: any, @Param('policyId') policyId: any): Promise {
+ async postFileDryRun(
+ @Param('policyId') policyId: string,
+ @Body() body: any
+ ): Promise {
try {
if (!Object.values(body).length) {
throw new HttpException('Body content in request is empty', HttpStatus.UNPROCESSABLE_ENTITY)
}
const guardians = new Guardians();
- const {cid} = await guardians.addFileToDryRunStorage(body, policyId);
+ const { cid } = await guardians.addFileToDryRunStorage(body, policyId);
return JSON.stringify(cid);
} catch (error) {
- new Logger().error(error.message, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Get file
*/
+ @Get('/file/:cid')
+ @Auth(
+ Permissions.IPFS_FILE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Get file from ipfs.',
description: 'Get file from ipfs.',
})
- @ApiSecurity('bearerAuth')
- @Get('/file/:cid')
+ @ApiParam({
+ name: 'cid',
+ type: String,
+ description: 'File cid',
+ required: true,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ schema: {
+ type: 'string',
+ format: 'binary'
+ },
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
+ // @UseCache({ ttl: CACHE.LONG_TTL })
@HttpCode(HttpStatus.OK)
- @UseCache({ ttl: CACHE.LONG_TTL, isExpress: true })
- async getFile(@Req() req, @Response() res): Promise {
- if (!req.user) {
- throw new HttpException('Unauthorized', HttpStatus.UNAUTHORIZED);
- }
+ async getFile(
+ @Param('cid') cid: string
+ ): Promise {
try {
const guardians = new Guardians();
- const result = await guardians.getFileIpfs(req.params.cid, 'raw');
+ const result = await guardians.getFileIpfs(cid, 'raw');
if (result.type !== 'Buffer') {
throw new HttpException('File is not found', HttpStatus.NOT_FOUND)
}
- const resultBuffer = Buffer.from(result);
- res.writeHead(200, {
- 'Content-Type': 'binary/octet-stream',
- 'Content-Length': resultBuffer.length,
- });
- return res.end(resultBuffer, 'binary');
+ return new StreamableFile(Buffer.from(result));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * @param cid
- * @param res
+ * Get file (dry run)
*/
+ @Get('/file/:cid/dry-run')
+ @Auth(
+ Permissions.IPFS_FILE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR
+ )
@ApiOperation({
summary: 'Get file from ipfs for dry run mode.',
description: 'Get file from ipfs for dry run mode.',
})
- @Auth(
- UserRole.STANDARD_REGISTRY,
- UserRole.USER,
- UserRole.AUDITOR
- )
- @Get('/file/:cid/dry-run')
+ @ApiParam({
+ name: 'cid',
+ type: String,
+ description: 'File cid',
+ required: true,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ schema: {
+ type: 'string',
+ format: 'binary'
+ },
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
+ // @UseCache({ ttl: CACHE.LONG_TTL })
@HttpCode(HttpStatus.OK)
- @UseCache({ ttl: CACHE.LONG_TTL, isExpress: true })
- async getFileDryRun(@Param('cid') cid: string, @Response() res): Promise {
+ async getFileDryRun(
+ @Param('cid') cid: string
+ ): Promise {
try {
const guardians = new Guardians();
const result = await guardians.getFileFromDryRunStorage(cid, 'raw');
if (result.type !== 'Buffer') {
throw new HttpException('File is not found', HttpStatus.NOT_FOUND)
}
- const resultBuffer = Buffer.from(result);
- res.writeHead(200, {
- 'Content-Type': 'binary/octet-stream',
- 'Content-Length': resultBuffer.length,
- });
- return res.end(resultBuffer, 'binary');
+ return new StreamableFile(Buffer.from(result));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/logger.ts b/api-gateway/src/api/service/logger.ts
index 3b13125e9a..515f97d4cf 100644
--- a/api-gateway/src/api/service/logger.ts
+++ b/api-gateway/src/api/service/logger.ts
@@ -1,11 +1,11 @@
-import { IPageParameters, MessageAPI, UserRole } from '@guardian/interfaces';
-import { Logger } from '@guardian/common';
-import { Controller, Get, HttpCode, HttpStatus, Inject, Injectable, Post, Req, Response } from '@nestjs/common';
+import { Body, Controller, Get, HttpCode, HttpStatus, Inject, Injectable, Post, Query } from '@nestjs/common';
+import { ApiTags, ApiBody, ApiOperation, ApiOkResponse, ApiInternalServerErrorResponse, ApiQuery, ApiExtraModels } from '@nestjs/swagger';
+import { IPageParameters, MessageAPI, Permissions } from '@guardian/interfaces';
import { ClientProxy } from '@nestjs/microservices';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import { ApiTags } from '@nestjs/swagger';
+import { Auth } from '#auth';
+import { InternalServerErrorDTO, LogFilterDTO, LogResultDTO } from '#middlewares';
+import { UseCache, InternalException } from '#helpers';
import axios from 'axios';
-import { UseCache } from '../../helpers/decorators/cache.js';
@Injectable()
export class LoggerService {
@@ -33,68 +33,133 @@ export class LoggerApi {
constructor(private readonly loggerService: LoggerService) {
}
+ /**
+ * Get logs
+ */
@Post('/')
+ @Auth(
+ Permissions.LOG_LOG_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Return a list of all logs.',
+ description: 'Return a list of all logs. Only users with the Standard Registry role are allowed to make the request.',
+ })
+ @ApiBody({
+ description: 'Filters.',
+ required: true,
+ type: LogFilterDTO
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: LogResultDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(LogFilterDTO, LogResultDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getLogs(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async getLogs(
+ @Body() body: LogFilterDTO
+ ): Promise {
try {
const filters: any = {};
const pageParameters: IPageParameters = {};
- if (req.body.type) {
- filters.type = req.body.type;
+ if (!body) {
+ body = {};
}
- if (req.body.startDate && req.body.endDate) {
- const sDate = new Date(req.body.startDate);
+ if (body.type) {
+ filters.type = body.type;
+ }
+ if (body.startDate && body.endDate) {
+ const sDate = new Date(body.startDate);
sDate.setHours(0, 0, 0, 0);
- const eDate = new Date(req.body.endDate);
+ const eDate = new Date(body.endDate);
eDate.setHours(23, 59, 59, 999);
filters.datetime = {
$gte: sDate,
$lt: eDate
};
}
- if (req.body.attributes && req.body.attributes.length !== 0) {
- filters.attributes = { $in: req.body.attributes };
+ if (body.attributes && body.attributes.length !== 0) {
+ filters.attributes = { $in: body.attributes };
}
- if (req.body.message) {
+ if (body.message) {
filters.message = {
- $regex: `.*${escapeRegExp(req.body.message)}.*`,
+ $regex: `.*${escapeRegExp(body.message)}.*`,
$options: 'i'
}
}
- if (req.body.pageSize) {
- pageParameters.offset = (req.body.pageIndex || 0) * req.body.pageSize;
- pageParameters.limit = req.body.pageSize;
+ if (body.pageSize) {
+ pageParameters.offset = (body.pageIndex || 0) * body.pageSize;
+ pageParameters.limit = body.pageSize;
}
- const logsObj = await this.loggerService.getLogs(filters, pageParameters, req.body.sortDirection);
+ const logsObj = await this.loggerService.getLogs(filters, pageParameters, body.sortDirection);
const logs = await axios.get(logsObj.directLink);
- return res.send({
+ return {
totalCount: logsObj.totalCount,
logs: logs.data
- });
+ };
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
/**
- * @param req
+ * Get attributes
*/
@Get('attributes')
- @HttpCode(HttpStatus.OK)
+ @Auth(
+ Permissions.LOG_LOG_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Return a list of attributes.',
+ description: 'Return a list of attributes. Only users with the Standard Registry role are allowed to make the request.',
+ })
+ @ApiQuery({
+ name: 'name',
+ type: Number,
+ description: 'Name',
+ required: false,
+ example: 'Search'
+ })
+ @ApiQuery({
+ name: 'existingAttributes',
+ type: String,
+ isArray: true,
+ description: 'Existing attributes',
+ required: false,
+ example: ['WORKER']
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@UseCache()
- async getAttributes(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @HttpCode(HttpStatus.OK)
+ async getAttributes(
+ @Query('name') name: string,
+ @Query('existingAttributes') existingAttributes: string | string[],
+ ): Promise {
try {
- if (req.query.existingAttributes && !Array.isArray(req.query.existingAttributes)) {
- req.query.existingAttributes = [req.query.existingAttributes as string];
+ let attributes: string[];
+ if (existingAttributes) {
+ if (!Array.isArray(existingAttributes)) {
+ attributes = [existingAttributes as string];
+ } else {
+ attributes = existingAttributes
+ }
}
- return await this.loggerService.getAttributes(escapeRegExp(req.query.name as string), req.query.existingAttributes as string[]);
+ return await this.loggerService.getAttributes(escapeRegExp(name), attributes);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
@@ -113,6 +178,5 @@ function escapeRegExp(text: string): string {
if (!text) {
return '';
}
-
return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&');
}
diff --git a/api-gateway/src/api/service/map.ts b/api-gateway/src/api/service/map.ts
index ceece1cbb1..47fd5bb765 100644
--- a/api-gateway/src/api/service/map.ts
+++ b/api-gateway/src/api/service/map.ts
@@ -1,24 +1,56 @@
-import { Guardians } from '../../helpers/guardians.js';
import { Controller, Get, HttpCode, HttpStatus } from '@nestjs/common';
-import { ApiTags } from '@nestjs/swagger';
+import { ApiExtraModels, ApiTags, ApiOperation, ApiOkResponse, ApiInternalServerErrorResponse } from '@nestjs/swagger';
import { CACHE } from '../../constants/index.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { UseCache, Guardians } from '#helpers';
+import { InternalServerErrorDTO } from '#middlewares';
@Controller('map')
@ApiTags('map')
export class MapApi {
+ /**
+ * Get map key
+ */
@Get('/key')
+ @ApiOperation({
+ summary: 'Return map key.',
+ description: 'Return map key.',
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: String
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
@UseCache({ ttl: CACHE.LONG_TTL })
- async getKey() {
+ async getKey(): Promise {
const guardians = new Guardians();
return await guardians.getMapApiKey();
}
+ /**
+ * Get map sh
+ */
@Get('/sh')
+ @ApiOperation({
+ summary: 'Return map key.',
+ description: 'Return map key.',
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: String
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
@UseCache({ ttl: CACHE.LONG_TTL })
- async getSentinelKey() {
+ async getSentinelKey(): Promise {
const guardians = new Guardians();
return await guardians.getSentinelApiKey();
}
diff --git a/api-gateway/src/api/service/metrics.ts b/api-gateway/src/api/service/metrics.ts
index fb4c43ff47..4abf0d1481 100644
--- a/api-gateway/src/api/service/metrics.ts
+++ b/api-gateway/src/api/service/metrics.ts
@@ -8,7 +8,7 @@ export class MetricsApi {
@Get('/')
@HttpCode(HttpStatus.OK)
async getMetrics(@Response() res) {
- res.set('Content-Type', client.register.contentType);
+ res.header('Content-Type', client.register.contentType);
return res.send(await client.register.metrics());
}
}
diff --git a/api-gateway/src/api/service/module.ts b/api-gateway/src/api/service/module.ts
index 2b416f440d..6e40e8b233 100644
--- a/api-gateway/src/api/service/module.ts
+++ b/api-gateway/src/api/service/module.ts
@@ -1,658 +1,830 @@
-import { Logger } from '@guardian/common';
-import { Guardians } from '../../helpers/guardians.js';
-import { Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Post, Put, Query, Req, Res, Response } from '@nestjs/common';
-import { checkPermission } from '../../auth/authorization-helper.js';
-import { SchemaCategory, SchemaHelper, UserRole } from '@guardian/interfaces';
-import { ApiForbiddenResponse, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiSecurity, ApiTags, ApiUnauthorizedResponse, getSchemaPath } from '@nestjs/swagger';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
-import { ApiImplicitQuery } from '@nestjs/swagger/dist/decorators/api-implicit-query.decorator.js';
-import { SchemaUtils } from '../../helpers/schema-utils.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
+import { Logger, IAuthUser } from '@guardian/common';
+import { Body, Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Param, Post, Put, Query, Req, Response, Version } from '@nestjs/common';
+import { Permissions, SchemaCategory, SchemaHelper } from '@guardian/interfaces';
+import { ApiParam, ApiCreatedResponse, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiTags, ApiBody, ApiExtraModels, ApiQuery } from '@nestjs/swagger';
+import { AuthUser, Auth } from '#auth';
+import { ExportMessageDTO, ImportMessageDTO, ModuleDTO, ModulePreviewDTO, SchemaDTO, ModuleValidationDTO, Examples, pageHeader, InternalServerErrorDTO } from '#middlewares';
+import { Guardians, SchemaUtils, UseCache, InternalException, EntityOwner, CacheService, getCacheKey } from '#helpers';
+import { MODULE_REQUIRED_PROPS, PREFIXES } from '#constants';
+
+const ONLY_SR = ' Only users with the Standard Registry role are allowed to make the request.'
@Controller('modules')
@ApiTags('modules')
export class ModulesApi {
+ constructor(private readonly cacheService: CacheService) {
+ }
+
+ /**
+ * Creates a new module
+ */
+ @Post('/')
+ @Auth(
+ Permissions.MODULES_MODULE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Creates a new module.',
- description: 'Creates a new module. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Creates a new module.' + ONLY_SR,
+ })
+ @ApiBody({
+ description: 'Module config.',
+ type: ModuleDTO,
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
- description: 'Successful operation.'
+ description: 'Created module.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async postModules(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async postModules(
+ @AuthUser() user: IAuthUser,
+ @Body() body: ModuleDTO
+ ): Promise {
try {
const guardian = new Guardians();
- const module = req.body;
+ const module = body;
if (!module.config || module.config.blockType !== 'module') {
throw new HttpException('Invalid module config', HttpStatus.UNPROCESSABLE_ENTITY);
}
- const item = await guardian.createModule(module, req.user.did);
- return res.status(201).json(item);
+
+ return await guardian.createModule(module, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Get list of all modules
+ */
+ @Get('/')
+ @Auth(
+ Permissions.MODULES_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Return a list of all modules.',
- description: 'Returns all modules. Only users with the Standard Registry and Installer role are allowed to make the request.',
- })
- @ApiSecurity('bearerAuth')
- @ApiImplicitQuery({
- name: 'policyId',
- type: String,
- description: 'Policy identifier',
- required: false
+ description: 'Returns all modules.' + ONLY_SR,
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageIndex',
type: Number,
description: 'The number of pages to skip before starting to collect the result set',
- required: false
+ required: false,
+ example: 0
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false
+ required: false,
+ example: 20
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object',
- 'properties': {
- 'id': {
- 'type': 'string'
- },
- 'uuid': {
- 'type': 'string'
- },
- 'name': {
- 'type': 'string'
- },
- 'description': {
- 'type': 'string'
- },
- 'config': {
- 'type': 'object'
- },
- 'status': {
- 'type': 'string'
- },
- 'creator': {
- 'type': 'string'
- },
- 'owner': {
- 'type': 'string'
- },
- 'topicId': {
- 'type': 'string'
- },
- 'messageId': {
- 'type': 'string'
- },
- 'codeVersion': {
- 'type': 'string'
- },
- 'createDate': {
- 'type': 'string'
- },
- 'type': {
- 'type': 'string'
- }
- }
- },
+ isArray: true,
+ headers: pageHeader,
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getModules(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async getModules(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
try {
+ const options: any = {
+ pageIndex,
+ pageSize
+ };
const guardians = new Guardians();
+ const { items, count } = await guardians.getModule(options, new EntityOwner(user));
+ return res.header('X-Total-Count', count).send(items);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
- let pageIndex: any;
- let pageSize: any;
- if (req.query && req.query.pageIndex && req.query.pageSize) {
- pageIndex = req.query.pageIndex;
- pageSize = req.query.pageSize;
- }
- const { items, count } = await guardians.getModule({
- owner: req.user.did,
+ /**
+ * Get list of all modules V2 03.06.2024
+ */
+ @Get('/')
+ @Auth(
+ Permissions.MODULES_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Return a list of all modules.',
+ description: 'Returns all modules.' + ONLY_SR,
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: ModuleDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ @Version('2')
+ async getModulesV2(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
+ try {
+ const options: any = {
+ fields: Object.values(MODULE_REQUIRED_PROPS),
pageIndex,
pageSize
- });
- return res.setHeader('X-Total-Count', count).json(items);
+ };
+ const guardians = new Guardians();
+
+ const { items, count } = await guardians.getModuleV2(options, new EntityOwner(user));
+ return res.header('X-Total-Count', count).send(items);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
- * @param pageIndex
- * @param pageSize
- * @param topicId
+ * Get list of all schemas
*/
@Get('/schemas')
+ @Auth(
+ Permissions.SCHEMAS_SCHEMA_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Return a list of all module schemas.',
+ description: 'Returns all module schemas.' + ONLY_SR,
+ })
+ @ApiQuery({
+ name: 'topicId',
+ type: String,
+ description: 'Topic id',
+ required: false,
+ example: Examples.ACCOUNT_ID
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: SchemaDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(SchemaDTO, InternalServerErrorDTO)
+ // @UseCache({ isExpress: true })
@HttpCode(HttpStatus.OK)
- @UseCache({ isExpress: true })
async getModuleSchemas(
- @Req() req,
- @Res() res,
- @Query('pageIndex') pageIndex,
- @Query('pageSize') pageSize,
- @Query('topicId') topicId
- ): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ @Query('topicId') topicId?: string,
+ ): Promise {
try {
- const user = req.user;
const guardians = new Guardians();
- const owner = user.did;
-
+ const owner = new EntityOwner(user);
const { items, count } = await guardians.getSchemasByOwner({
category: SchemaCategory.MODULE,
- owner,
topicId,
pageIndex,
pageSize
- });
+ }, owner);
items.forEach((s) => {
- s.readonly = s.readonly || s.owner !== owner
+ s.readonly = s.readonly || s.owner !== owner.owner
});
- res.locals.data = SchemaUtils.toOld(items)
+ // res.locals.data = SchemaUtils.toOld(items)
return res
- .setHeader('X-Total-Count', count)
- .json(SchemaUtils.toOld(items));
+ .header('X-Total-Count', count)
+ .send(SchemaUtils.toOld(items));
} catch (error) {
await (new Logger()).error(error, ['API_GATEWAY']);
- throw error;
+ throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
}
}
+ /**
+ * Create schema
+ */
@Post('/schemas')
+ @Auth(
+ Permissions.SCHEMAS_SCHEMA_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Creates a new module schema.',
+ description: 'Creates a new module schema.' + ONLY_SR,
+ })
+ @ApiBody({
+ description: 'Schema config.',
+ type: SchemaDTO,
+ })
+ @ApiCreatedResponse({
+ description: 'Created schema.',
+ type: SchemaDTO,
+ isArray: true,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(SchemaDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async postSchemas(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async postSchemas(
+ @AuthUser() user: IAuthUser,
+ @Body() newSchema: SchemaDTO
+ ): Promise {
try {
- const user = req.user;
- const newSchema = req.body;
-
if (!newSchema) {
throw new HttpException('Schema does not exist.', HttpStatus.UNPROCESSABLE_ENTITY)
}
const guardians = new Guardians();
- const owner = user.did;
-
- SchemaUtils.fromOld(newSchema);
- delete newSchema.version;
- delete newSchema.id;
- delete newSchema._id;
- delete newSchema.status;
- delete newSchema.topicId;
+ const owner = new EntityOwner(user);
newSchema.category = SchemaCategory.MODULE;
+ SchemaUtils.fromOld(newSchema);
+ SchemaUtils.clearIds(newSchema);
SchemaHelper.updateOwner(newSchema, owner);
- const schema = await guardians.createSchema(newSchema);
- return res.status(201).json(SchemaUtils.toOld(schema));
+ const schemas = await guardians.createSchema(newSchema, owner);
+
+ return SchemaUtils.toOld(schemas);
} catch (error) {
await (new Logger()).error(error, ['API_GATEWAY']);
- throw error;
+
+ throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
}
}
+ /**
+ * Remove module
+ */
+ @Delete('/:uuid')
+ @Auth(
+ Permissions.MODULES_MODULE_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
- summary: 'Deletes the module with the provided module ID. Only users with the Standard Registry role are allowed to make the request.',
- description: 'Deletes the module.'
+ summary: 'Deletes the module.',
+ description: 'Deletes the module with the provided module ID.' + ONLY_SR
})
- @ApiSecurity('bearerAuth')
- @Delete('/:uuid')
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: Boolean,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async deleteModule(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async deleteModule(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string,
+ ): Promise {
try {
const guardian = new Guardians();
- if (!req.params.uuid) {
- throw new Error('Invalid uuid')
+ if (!uuid) {
+ throw new Error('Invalid uuid');
}
- const result = await guardian.deleteModule(req.params.uuid, req.user.did);
- return res.status(200).json(result);
+ return await guardian.deleteModule(uuid, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * @param req
+ * Get all modules
*/
+ @Get('/menu')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ Permissions.MODULES_MODULE_UPDATE,
+ Permissions.TOOLS_TOOL_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Return a list of modules.',
- description: 'Returns modules menu. Only users with the Standard Registry and Installer role are allowed to make the request.'
+ description: 'Returns modules menu.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
- schema: {
- type: 'array'
- }
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ description: 'Modules.',
+ isArray: true,
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/menu')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
+ // @UseCache()
@HttpCode(HttpStatus.OK)
- @UseCache()
- async getMenu(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async getMenu(
+ @AuthUser() user: IAuthUser,
+ ): Promise {
try {
const guardians = new Guardians();
- return await guardians.getMenuModule(req.user.did);
+ return await guardians.getMenuModule(new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Retrieves module configuration
*/
+ @Get('/:uuid')
+ @Auth(
+ Permissions.MODULES_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Retrieves module configuration.',
- description: 'Retrieves module configuration for the specified module ID. Only users with the Standard Registry role are allowed to make the request.'
- })
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ description: 'Retrieves module configuration for the specified module ID.' + ONLY_SR,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/:uuid')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getModule(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ @UseCache()
+ async getModule(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string,
+ ): Promise {
try {
- const guardian = new Guardians();
- if (!req.params.uuid) {
+ if (!uuid) {
throw new HttpException('Invalid uuid', HttpStatus.UNPROCESSABLE_ENTITY)
}
- const item = await guardian.getModuleById(req.params.uuid, req.user.did);
- return res.json(item);
+ const guardian = new Guardians();
+ return await guardian.getModuleById(uuid, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Updates module configuration
+ */
+ @Put('/:uuid')
+ @Auth(
+ Permissions.MODULES_MODULE_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Updates module configuration.',
- description: 'Updates module configuration for the specified module ID. Only users with the Standard Registry role are allowed to make the request.'
+ description: 'Updates module configuration for the specified module ID.' + ONLY_SR,
})
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID
})
- @ApiSecurity('bearerAuth')
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'Module config.',
+ type: ModuleDTO,
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Put('/:uuid')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async putModule(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- if (!req.params.uuid) {
+ async putModule(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string,
+ @Body() module: ModuleDTO,
+ @Req() req
+ ): Promise {
+ if (!uuid) {
throw new HttpException('Invalid uuid', HttpStatus.UNPROCESSABLE_ENTITY);
}
- const guardian = new Guardians();
- const module = req.body;
if (!module.config || module.config.blockType !== 'module') {
throw new HttpException('Invalid module config', HttpStatus.UNPROCESSABLE_ENTITY)
}
try {
- const result = await guardian.updateModule(req.params.uuid, module, req.user.did);
- return res.status(201).json(result);
+ const guardian = new Guardians();
+
+ const invalidedCacheKeys = [
+ `${PREFIXES.MODULES}${req.params.uuid}/export/file`,
+ `${PREFIXES.MODULES}${req.params.uuid}/export/message`
+ ];
+
+ await this.cacheService.invalidate(getCacheKey([req.url, ...invalidedCacheKeys], req.user));
+
+ return await guardian.updateModule(uuid, module, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Export module
+ */
+ @Get('/:uuid/export/file')
+ @Auth(
+ Permissions.MODULES_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Return module and its artifacts in a zip file format for the specified module.',
- description: 'Returns a zip file containing the published module and all associated artifacts, i.e. schemas and VCs. Only users with the Standard Registry role are allowed to make the request.'
+ description: 'Returns a zip file containing the published module and all associated artifacts, i.e. schemas and VCs.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'File.',
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/:uuid/export/file')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async moduleExportFile(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async moduleExportFile(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string,
+ @Response() res: any
+ ): Promise {
try {
- const file: any = await guardian.exportModuleFile(req.params.uuid, req.user.did);
- res.setHeader('Content-disposition', `attachment; filename=module_${Date.now()}`);
- res.setHeader('Content-type', 'application/zip');
+ const guardian = new Guardians();
+ const file: any = await guardian.exportModuleFile(uuid, new EntityOwner(user));
+ res.header('Content-disposition', `attachment; filename=module_${Date.now()}`);
+ res.header('Content-type', 'application/zip');
return res.send(file);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Export module
+ */
+ @Get('/:uuid/export/message')
+ @Auth(
+ Permissions.MODULES_MODULE_READ,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Return Heder message ID for the specified published module.',
- description: 'Returns the Hedera message ID for the specified module published onto IPFS. Only users with the Standard Registry role are allowed to make the request.'
+ description: 'Returns the Hedera message ID for the specified module published onto IPFS.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
- })
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Message.',
+ type: ExportMessageDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Get('/:uuid/export/message')
+ @ApiExtraModels(ExportMessageDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async moduleExportMessage(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async moduleExportMessage(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string
+ ): Promise {
try {
- return res.send(await guardian.exportModuleMessage(req.params.uuid, req.user.did));
+ const guardian = new Guardians();
+ return await guardian.exportModuleMessage(uuid, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Imports new module from IPFS
+ */
+ @Post('/import/message')
+ @Auth(
+ Permissions.MODULES_MODULE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Imports new module from IPFS.',
- description: 'Imports new module and all associated artifacts from IPFS into the local DB. Only users with the Standard Registry role are allowed to make the request.'
- })
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ description: 'Imports new module and all associated artifacts from IPFS into the local DB.' + ONLY_SR,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'Message.',
+ type: ImportMessageDTO,
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Created module.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/import/message')
+ @ApiExtraModels(ImportMessageDTO, ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async moduleImportMessage(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async moduleImportMessage(
+ @AuthUser() user: IAuthUser,
+ @Body() body: ImportMessageDTO
+ ): Promise {
+ const messageId = body?.messageId;
+ if (!messageId) {
+ throw new HttpException('Message ID in body is empty', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
try {
- const module = await guardian.importModuleMessage(req.body.messageId, req.user.did);
- return res.status(201).send(module);
+ const guardian = new Guardians();
+
+ return await guardian.importModuleMessage(messageId, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Imports new module from a zip file
+ */
+ @Post('/import/file')
+ @Auth(
+ Permissions.MODULES_MODULE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Imports new module from a zip file.',
- description: 'Imports new module and all associated artifacts, such as schemas and VCs, from the provided zip file into the local DB. Only users with the Standard Registry role are allowed to make the request.'
- })
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ description: 'Imports new module and all associated artifacts, such as schemas and VCs, from the provided zip file into the local DB.' + ONLY_SR,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'File.',
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Created module.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/import/file')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async moduleImportFile(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async moduleImportFile(
+ @AuthUser() user: IAuthUser,
+ @Body() body: any
+ ): Promise {
const guardian = new Guardians();
try {
- const module = await guardian.importModuleFile(req.body, req.user.did);
- return res.status(201).send(module);
+ return await guardian.importModuleFile(body, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Import preview
+ */
+ @Post('/import/message/preview')
+ @Auth(
+ Permissions.MODULES_MODULE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Imports new module from IPFS.',
- description: 'Imports new module and all associated artifacts from IPFS into the local DB. Only users with the Standard Registry role are allowed to make the request.'
+ description: 'Imports new module and all associated artifacts from IPFS into the local DB.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'Message.',
+ type: ImportMessageDTO,
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Module preview.',
+ type: ModulePreviewDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/import/message/preview')
+ @ApiExtraModels(ImportMessageDTO, ModulePreviewDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async moduleImportMessagePreview(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async moduleImportMessagePreview(
+ @AuthUser() user: IAuthUser,
+ @Body() body: ImportMessageDTO
+ ): Promise {
+ const messageId = body?.messageId;
+ if (!messageId) {
+ throw new HttpException('Message ID in body is empty', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
try {
- const module = await guardian.previewModuleMessage(req.body.messageId, req.user.did);
- return res.send(module);
+ const guardian = new Guardians();
+ return await guardian.previewModuleMessage(messageId, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Import preview
+ */
+ @Post('/import/file/preview')
+ @Auth(
+ Permissions.MODULES_MODULE_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Imports new module from a zip file.',
- description: 'Imports new module and all associated artifacts, such as schemas and VCs, from the provided zip file into the local DB. Only users with the Standard Registry role are allowed to make the request.'
- })
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ description: 'Imports new module and all associated artifacts, such as schemas and VCs, from the provided zip file into the local DB.' + ONLY_SR,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'File.',
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Module preview.',
+ type: ModulePreviewDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/import/file/preview')
+ @ApiExtraModels(ModulePreviewDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async moduleImportFilePreview(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async moduleImportFilePreview(
+ @AuthUser() user: IAuthUser,
+ @Body() body: any
+ ): Promise {
try {
- const module = await guardian.previewModuleFile(req.body, req.user.did);
- return res.send(module);
+ const guardian = new Guardians();
+ return await guardian.previewModuleFile(body, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Publish module
+ */
+ @Put('/:uuid/publish')
+ @Auth(
+ Permissions.MODULES_MODULE_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Publishes the module onto IPFS.',
- description: 'Publishes the module with the specified (internal) module ID onto IPFS, sends a message featuring its IPFS CID into the corresponding Hedera topic. Only users with the Standard Registry role are allowed to make the request.'
+ description: 'Publishes the module with the specified (internal) module ID onto IPFS, sends a message featuring its IPFS CID into the corresponding Hedera topic.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Module Identifier',
+ example: Examples.UUID
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'Module.',
+ type: ModuleDTO,
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: ModuleDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Put('/:uuid/publish')
+ @ApiExtraModels(ModuleDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async publishModule(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async publishModule(
+ @AuthUser() user: IAuthUser,
+ @Param('uuid') uuid: string,
+ @Body() module: ModuleDTO,
+ @Req() req
+ ): Promise {
try {
- const module = await guardian.publishModule(req.params.uuid, req.user.did, req.body);
- return res.json(module);
+ const guardian = new Guardians();
+
+ const invalidedCacheKeys = [
+ `${PREFIXES.MODULES}${req.params.uuid}/export/file`,
+ `${PREFIXES.MODULES}${req.params.uuid}/export/message`
+ ];
+
+ await this.cacheService.invalidate(getCacheKey([req.url, ...invalidedCacheKeys], req.user));
+
+ return await guardian.publishModule(uuid, new EntityOwner(user), module);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Validates selected module
+ */
+ @Post('/validate')
+ @Auth(
+ Permissions.MODULES_MODULE_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Validates selected module.',
- description: 'Validates selected module. Only users with the Standard Registry role are allowed to make the request.'
- })
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
- schema: {
- type: 'object'
- }
+ description: 'Validates selected module.' + ONLY_SR,
})
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ @ApiBody({
+ description: 'Module config.',
+ type: ModuleDTO,
})
- @ApiForbiddenResponse({
- description: 'Forbidden.',
+ @ApiOkResponse({
+ description: 'Validation result.',
+ type: ModuleValidationDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @Post('/validate')
+ @ApiExtraModels(ModuleDTO, ModuleValidationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async validateModule(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const guardian = new Guardians();
+ async validateModule(
+ @AuthUser() user: IAuthUser,
+ @Body() module: ModuleDTO
+ ): Promise {
try {
- return res.send(await guardian.validateModule(req.user.did, req.body));
+ const guardian = new Guardians();
+ return await guardian.validateModule(new EntityOwner(user), module);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/notifications.ts b/api-gateway/src/api/service/notifications.ts
index 1ffa720cc7..9e3983a12b 100644
--- a/api-gateway/src/api/service/notifications.ts
+++ b/api-gateway/src/api/service/notifications.ts
@@ -1,235 +1,201 @@
-import { AuthGuard } from '../../auth/auth-guard.js';
-import { Logger, NotificationService } from '@guardian/common';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
-import { NotificationDTO, ProgressDTO, } from '../../middlewares/validation/schemas/notifications.js';
-import { Controller, Delete, Get, HttpCode, HttpStatus, Post, Req, Response, UseGuards, } from '@nestjs/common';
-import { ApiBearerAuth, ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiParam, ApiSecurity, ApiTags, ApiUnauthorizedResponse, getSchemaPath, } from '@nestjs/swagger';
+import { IAuthUser, NotificationService } from '@guardian/common';
+import { Controller, Delete, Get, HttpCode, HttpStatus, Param, Post, Query, Response, } from '@nestjs/common';
+import { ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiParam, ApiQuery, ApiTags } from '@nestjs/swagger';
+import { Examples, InternalServerErrorDTO, NotificationDTO, ProgressDTO, pageHeader } from '#middlewares';
+import { AuthUser, Auth } from '#auth';
+import { InternalException, parseInteger } from '#helpers';
@Controller('notifications')
@ApiTags('notifications')
export class NotificationsApi {
- constructor(private readonly notifier: NotificationService) {}
+ constructor(private readonly notifier: NotificationService) { }
+ /**
+ * Get all notifications
+ */
+ @Get('/')
+ @Auth()
@ApiOperation({
summary: 'Get all notifications',
description: 'Returns all notifications.',
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
@ApiOkResponse({
- description:
- 'Successful operation. Returns notifications and count.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(NotificationDTO),
- },
- },
- headers: {
- 'X-Total-Count': {
- description: 'Count of notifications',
- },
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ description: 'Successful operation. Returns notifications and count.',
+ isArray: true,
+ headers: pageHeader,
+ type: NotificationDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO),
- },
+ type: InternalServerErrorDTO,
})
- @ApiBearerAuth()
- @UseGuards(AuthGuard)
- @Get('/')
+ @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getAllNotifications(@Req() req, @Response() res) {
+ async getAllNotifications(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ ): Promise {
try {
- let pageIndex: number;
- let pageSize: number;
- if (req.query && req.query.pageIndex && req.query.pageSize) {
- pageIndex = Number.parseInt(req.query.pageIndex, 10);
- pageSize = Number.parseInt(req.query.pageSize, 10);
- }
const [notifications, count] = await this.notifier.all(
- req.user.id,
- pageIndex,
- pageSize
+ user.id,
+ parseInteger(pageIndex),
+ parseInteger(pageSize)
);
- return res.setHeader('X-Total-Count', count).json(notifications);
+ return res.header('X-Total-Count', count).send(notifications);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
+ /**
+ * Get new notifications
+ */
+ @Get('/new')
+ @Auth()
@ApiOperation({
summary: 'Get new notifications',
description: 'Returns new notifications.',
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
@ApiOkResponse({
- description:
- 'Successful operation. Returns new notifications.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(NotificationDTO),
- },
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ description: 'Successful operation. Returns new notifications.',
+ isArray: true,
+ type: NotificationDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO),
- },
+ type: InternalServerErrorDTO,
})
- @ApiBearerAuth()
- @UseGuards(AuthGuard)
- @Get('/new')
+ @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getNewNotifications(@Req() req, @Response() res): Promise {
+ async getNewNotifications(
+ @AuthUser() user: IAuthUser
+ ): Promise {
try {
- if (!req.user.id) {
+ if (!user.id) {
throw Error('User is not registered');
}
- return res.json(
- await this.notifier.getNewNotifications(req.user.id)
- );
+ return await this.notifier.getNewNotifications(user.id);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
+ /**
+ * Get progresses
+ */
+ @Get('/progresses')
+ @Auth()
@ApiOperation({
summary: 'Get progresses',
description: 'Returns progresses.',
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(ProgressDTO, InternalServerErrorDTO)
@ApiOkResponse({
- description:
- 'Successful operation. Returns progresses.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(ProgressDTO),
- },
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ description: 'Successful operation. Returns progresses.',
+ isArray: true,
+ type: ProgressDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO),
- },
+ type: InternalServerErrorDTO,
})
- @ApiBearerAuth()
- @UseGuards(AuthGuard)
- @Get('/progresses')
+ @ApiExtraModels(ProgressDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getProgresses(@Req() req, @Response() res): Promise {
+ async getProgresses(
+ @AuthUser() user: IAuthUser
+ ): Promise {
try {
- if (!req.user.id) {
+ if (!user.id) {
throw Error('User is not registered');
}
- return res.json(await this.notifier.getProgresses(req.user.id));
+ return await this.notifier.getProgresses(user.id);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
+ /**
+ * Read all notifications
+ */
+ @Post('/read/all')
+ @Auth()
@ApiOperation({
summary: 'Read all notifications',
- description: 'Returns new notifications.',
+ description: 'Returns new notifications.'
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
@ApiOkResponse({
- description:
- 'Successful operation. Returns notifications.',
- schema: {
- type: 'array',
- items: {
- $ref: getSchemaPath(NotificationDTO),
- },
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ description: 'Successful operation. Returns notifications.',
+ isArray: true,
+ type: NotificationDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO),
- },
+ type: InternalServerErrorDTO
})
- @ApiBearerAuth()
- @UseGuards(AuthGuard)
- @Post('/read/all')
+ @ApiExtraModels(NotificationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async readAll(@Req() req, @Response() res): Promise {
+ async readAll(
+ @AuthUser() user: IAuthUser
+ ): Promise {
try {
- if (!req.user.id) {
+ if (!user.id) {
throw Error('User is not registered');
}
- return res.json(await this.notifier.readAll(req.user.id));
+ return await this.notifier.readAll(user.id);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
+ /**
+ * Delete notifications up to this point
+ */
+ @Delete('/delete/:notificationId')
+ @Auth()
@ApiOperation({
summary: 'Delete notifications up to this point',
- description: 'Returns deleted notifications count.',
+ description: 'Returns deleted notifications count.'
})
- @ApiSecurity('bearerAuth')
- @ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
name: 'notificationId',
type: 'string',
+ required: true,
+ description: 'Notification Identifier',
+ example: Examples.UUID
})
@ApiOkResponse({
- description:
- 'Successful operation. Returns deleted notifications count.',
- schema: {
- type: 'number',
- },
- })
- @ApiUnauthorizedResponse({
- description: 'Unauthorized.',
+ description: 'Successful operation. Returns deleted notifications count.',
+ type: Number
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO),
- },
+ type: InternalServerErrorDTO
})
- @ApiBearerAuth()
- @UseGuards(AuthGuard)
- @Delete('/delete/:notificationId')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async delete(@Req() req, @Response() res) {
+ async delete(
+ @AuthUser() user: IAuthUser,
+ @Param('notificationId') notificationId: string,
+ ): Promise {
try {
- return res.json(
- await this.notifier.deleteUpTo(
- req.user.id,
- req.params.notificationId
- )
- );
+ return await this.notifier.deleteUpTo(user.id, notificationId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw error;
+ await InternalException(error);
}
}
}
diff --git a/api-gateway/src/api/service/permissions.ts b/api-gateway/src/api/service/permissions.ts
new file mode 100644
index 0000000000..ae80525cc7
--- /dev/null
+++ b/api-gateway/src/api/service/permissions.ts
@@ -0,0 +1,796 @@
+import { IAuthUser } from '@guardian/common';
+import { AssignedEntityType, Permissions, UserPermissions } from '@guardian/interfaces';
+import { Body, Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Param, Post, Put, Query, Response } from '@nestjs/common';
+import { ApiTags, ApiInternalServerErrorResponse, ApiExtraModels, ApiOperation, ApiBody, ApiOkResponse, ApiParam, ApiQuery } from '@nestjs/swagger';
+import { AssignPolicyDTO, Examples, InternalServerErrorDTO, PermissionsDTO, PolicyDTO, RoleDTO, UserDTO, pageHeader } from '#middlewares';
+import { AuthUser, Auth } from '#auth';
+import { EntityOwner, Guardians, InternalException, Users } from '#helpers';
+import { WebSocketsService } from './websockets.js';
+
+@Controller('permissions')
+@ApiTags('permissions')
+export class PermissionsApi {
+ /**
+ * Return a list of all permissions
+ */
+ @Get('/')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_READ,
+ Permissions.DELEGATION_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Return a list of all permissions.',
+ description: 'Returns all permissions.',
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ type: PermissionsDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(RoleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getPermissions(): Promise {
+ try {
+ return await (new Users()).getPermissions();
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Return a list of all roles
+ */
+ @Get('/roles/')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_READ,
+ Permissions.DELEGATION_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Return a list of all roles.',
+ description: 'Returns all roles.',
+ })
+ @ApiQuery({
+ name: 'name',
+ type: String,
+ description: 'Filter by role name',
+ required: false,
+ example: 'name'
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: RoleDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(RoleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getRoles(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('name') name?: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
+ try {
+ const owner = user.parent || user.did;
+ const options: any = {
+ name,
+ owner,
+ user: user.did,
+ onlyOwn: !UserPermissions.has(user, Permissions.PERMISSIONS_ROLE_READ),
+ pageIndex,
+ pageSize
+ };
+ const { items, count } = await (new Users()).getRoles(options);
+ return res.header('X-Total-Count', count).send(items);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Create role
+ */
+ @Post('/roles/')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_CREATE
+ )
+ @ApiOperation({
+ summary: 'Creates new role.',
+ description: 'Creates new role.',
+ })
+ @ApiBody({
+ description: 'Object that contains role information.',
+ required: true,
+ type: RoleDTO,
+ })
+ @ApiOkResponse({
+ description: 'Created role.',
+ type: RoleDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(RoleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.CREATED)
+ async createRole(
+ @AuthUser() user: IAuthUser,
+ @Body() body: RoleDTO
+ ): Promise {
+ try {
+ const owner = new EntityOwner(user);
+ const role = await (new Users()).createRole(body, owner);
+ await (new Guardians()).createRole(role, owner);
+ return role;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Updates role
+ */
+ @Put('/roles/:id')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Updates role configuration.',
+ description: 'Updates role configuration for the specified role ID.'
+ })
+ @ApiParam({
+ name: 'id',
+ type: 'string',
+ required: true,
+ description: 'Role Identifier',
+ example: Examples.DB_ID,
+ })
+ @ApiBody({
+ description: 'Role configuration.',
+ type: RoleDTO,
+ })
+ @ApiOkResponse({
+ description: 'Role configuration.',
+ type: RoleDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(RoleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async updateRole(
+ @AuthUser() user: IAuthUser,
+ @Param('id') id: string,
+ @Body() role: RoleDTO
+ ): Promise {
+ let row: any;
+ const userService = new Users();
+ try {
+ row = await userService.getRoleById(id);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!row) {
+ throw new HttpException('Role does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const owner = new EntityOwner(user);
+ const result = await userService.updateRole(id, role, owner);
+ const users = await userService.refreshUserPermissions(id, user.did);
+ await (new Guardians()).updateRole(result, owner);
+ const wsService = new WebSocketsService();
+ wsService.updatePermissions(users);
+ return result;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Remove role
+ */
+ @Delete('/roles/:id')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_DELETE
+ )
+ @ApiOperation({
+ summary: 'Deletes the role.',
+ description: 'Deletes the role with the provided role ID.'
+ })
+ @ApiParam({
+ name: 'id',
+ type: 'string',
+ required: true,
+ description: 'Role Identifier',
+ example: Examples.DB_ID,
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: Boolean,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async deleteModule(
+ @AuthUser() user: IAuthUser,
+ @Param('id') id: string,
+ ): Promise {
+ try {
+ if (!id) {
+ throw new HttpException('Invalid id', HttpStatus.UNPROCESSABLE_ENTITY);
+ }
+ const owner = new EntityOwner(user);
+ const userService = new Users();
+ const result = await userService.deleteRole(id, owner);
+ const users = await userService.refreshUserPermissions(id, user.did);
+ await (new Guardians()).deleteRole(result, owner);
+ const wsService = new WebSocketsService();
+ wsService.updatePermissions(users);
+ return result;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Set default role
+ */
+ @Post('/roles/default')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_CREATE
+ )
+ @ApiOperation({
+ summary: 'Set default role.',
+ description: 'Set the role as default for new users.',
+ })
+ @ApiBody({
+ description: 'Object that contains role information.',
+ required: true,
+ schema: {
+ type: 'object',
+ properties: {
+ id: {
+ type: 'string',
+ description: 'Role Identifier',
+ example: Examples.DB_ID
+ }
+ },
+ required: ['id']
+ },
+ examples: {
+ Default: {
+ value: {
+ id: Examples.DB_ID
+ }
+ }
+ }
+ })
+ @ApiOkResponse({
+ description: 'Created role.',
+ type: RoleDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(RoleDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.CREATED)
+ async setDefaultRole(
+ @AuthUser() user: IAuthUser,
+ @Body() body: { id: string }
+ ): Promise {
+ try {
+ return await (new Users()).setDefaultRole(body?.id, user.did);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Return a list of all users
+ */
+ @Get('/users/')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_MANAGE,
+ Permissions.DELEGATION_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Return a list of all users.',
+ description: 'Returns all users.',
+ })
+ @ApiQuery({
+ name: 'role',
+ type: String,
+ description: 'Filter by role',
+ required: false,
+ example: Examples.DB_ID
+ })
+ @ApiQuery({
+ name: 'status',
+ type: String,
+ enum: ['Active', 'Inactive'],
+ description: 'Filter by status',
+ required: false,
+ example: 'Active'
+ })
+ @ApiQuery({
+ name: 'username',
+ type: String,
+ description: 'Filter by username',
+ required: false,
+ example: 'username'
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: UserDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(UserDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getUsers(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ @Query('role') role?: string,
+ @Query('status') status?: string,
+ @Query('username') username?: string
+ ): Promise {
+ try {
+ const options: any = {
+ filters: {
+ role,
+ status,
+ username,
+ did: { $ne: user.did }
+ },
+ parent: user.parent ? user.parent : user.did,
+ pageIndex,
+ pageSize
+ };
+ const { items, count } = await (new Users()).getWorkers(options);
+ const guardians = new Guardians();
+ for (const item of items) {
+ item.assignedEntities = await guardians.assignedEntities(item.did);
+ }
+ return res.header('X-Total-Count', count).send(items);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Get user
+ */
+ @Get('/users/:username')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_MANAGE,
+ Permissions.DELEGATION_ROLE_MANAGE
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Updates user permissions.',
+ description: 'Updates user permissions for the specified username.'
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiOkResponse({
+ description: 'User permissions.',
+ type: UserDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(UserDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getUser(
+ @AuthUser() user: IAuthUser,
+ @Param('username') username: string
+ ): Promise {
+ try {
+ const owner = user.parent || user.did;
+ const users = new Users();
+ const row = await users.getUserPermissions(username);
+ if (!row || row.parent !== owner || row.did === user.did) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND);
+ }
+ return row as any;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Updates user
+ */
+ @Put('/users/:username')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_MANAGE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Updates user permissions.',
+ description: 'Updates user permissions for the specified username.'
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiBody({
+ description: 'User permissions.',
+ type: String,
+ isArray: true,
+ examples: {
+ Roles: {
+ value: [Examples.DB_ID, Examples.DB_ID]
+ }
+ }
+ })
+ @ApiOkResponse({
+ description: 'User permissions.',
+ type: UserDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(UserDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async updateUser(
+ @AuthUser() user: IAuthUser,
+ @Param('username') username: string,
+ @Body() body: string[]
+ ): Promise {
+ let row: any;
+ const users = new Users();
+ try {
+ row = await users.getUserPermissions(username);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!row || row.parent !== user.did || row.did === user.did) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const owner = new EntityOwner(user);
+ const result = await users.updateUserRole(username, body, owner);
+ await (new Guardians()).setRole(result, owner);
+ const wsService = new WebSocketsService();
+ wsService.updatePermissions(result);
+ return result;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Get policies
+ */
+ @Get('/users/:username/policies')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_MANAGE,
+ Permissions.DELEGATION_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Return a list of all roles.',
+ description: 'Returns all roles.',
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiQuery({
+ name: 'status',
+ type: String,
+ enum: ['ALL', 'DRAFT', 'DRY-RUN', 'PUBLISH_ERROR', 'DISCONTINUED', 'PUBLISH'],
+ description: 'Filter by status',
+ required: false,
+ example: 'Active'
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: PolicyDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getAssignedPolicies(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Param('username') username: string,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ @Query('status') status?: string
+ ): Promise {
+ const owner = user.parent || user.did;
+ let target: any;
+ try {
+ target = await (new Users()).getUserPermissions(username);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!target || target.parent !== owner) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const options: any = {
+ owner,
+ user: user.did,
+ target: target.did,
+ onlyOwn: !UserPermissions.has(user, Permissions.PERMISSIONS_ROLE_READ),
+ pageIndex,
+ pageSize,
+ status
+ };
+ const { policies, count } = await (new Guardians()).getAssignedPolicies(options);
+ return res.header('X-Total-Count', count).send(policies);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Assign policy
+ */
+ @Post('/users/:username/policies/assign')
+ @Auth(
+ Permissions.PERMISSIONS_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Assign policy.',
+ description: 'Assign policy.',
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiBody({
+ description: 'Options.',
+ required: true,
+ type: AssignPolicyDTO,
+ })
+ @ApiOkResponse({
+ description: 'Assigned policy.',
+ type: PolicyDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.CREATED)
+ async assignPolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('username') username: string,
+ @Body() body: AssignPolicyDTO
+ ): Promise {
+ let row: any;
+ const users = new Users();
+ try {
+ row = await users.getUserPermissions(username);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!row || row.parent !== user.did || row.did === user.did) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const { policyIds, assign } = body;
+ return await (new Guardians()).assignEntity(
+ AssignedEntityType.Policy,
+ policyIds,
+ assign,
+ row.did,
+ user.did
+ );
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Delegate role
+ */
+ @Put('/users/:username/delegate')
+ @Auth(Permissions.DELEGATION_ROLE_MANAGE)
+ @ApiOperation({
+ summary: 'Delegate user permissions.',
+ description: 'Delegate user permissions for the specified username.'
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiBody({
+ description: 'User permissions.',
+ type: String,
+ isArray: true,
+ examples: {
+ Roles: {
+ value: [Examples.DB_ID, Examples.DB_ID]
+ }
+ }
+ })
+ @ApiOkResponse({
+ description: 'User permissions.',
+ type: UserDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(UserDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async delegateRole(
+ @AuthUser() user: IAuthUser,
+ @Param('username') username: string,
+ @Body() body: string[]
+ ): Promise {
+ let row: any;
+ const users = new Users();
+ try {
+ row = await users.getUserPermissions(username);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!row || row.parent !== user.parent || row.did === user.did) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const owner = new EntityOwner(user);
+ const result = await users.delegateUserRole(username, body, owner);
+ await (new Guardians()).setRole(result, owner);
+ const wsService = new WebSocketsService();
+ wsService.updatePermissions(result);
+ return result;
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Delegate policy
+ */
+ @Post('/users/:username/policies/delegate')
+ @Auth(
+ Permissions.DELEGATION_ROLE_MANAGE
+ )
+ @ApiOperation({
+ summary: 'Delegate policy.',
+ description: 'Delegate policy.',
+ })
+ @ApiParam({
+ name: 'username',
+ type: String,
+ description: 'User Identifier',
+ required: true,
+ example: 'username'
+ })
+ @ApiBody({
+ description: 'Options.',
+ required: true,
+ type: AssignPolicyDTO,
+ })
+ @ApiOkResponse({
+ description: 'Assigned policy.',
+ type: PolicyDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.CREATED)
+ async delegatePolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('username') username: string,
+ @Body() body: AssignPolicyDTO
+ ): Promise {
+ let row: any;
+ const users = new Users();
+ try {
+ row = await users.getUserPermissions(username);
+ } catch (error) {
+ await InternalException(error);
+ }
+ if (!row || row.parent !== user.parent || row.did === user.did) {
+ throw new HttpException('User does not exist.', HttpStatus.NOT_FOUND)
+ }
+ try {
+ const { policyIds, assign } = body;
+ return await (new Guardians()).delegateEntity(
+ AssignedEntityType.Policy,
+ policyIds,
+ assign,
+ row.did,
+ user.did
+ );
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+}
\ No newline at end of file
diff --git a/api-gateway/src/api/service/policy.ts b/api-gateway/src/api/service/policy.ts
index 78a9706595..de4a0338f2 100644
--- a/api-gateway/src/api/service/policy.ts
+++ b/api-gateway/src/api/service/policy.ts
@@ -1,158 +1,214 @@
-import { Auth } from '../../auth/auth.decorator.js';
-import { AuthUser, checkPermission } from '../../auth/authorization-helper.js';
+import { Auth, AuthUser } from '#auth';
import { IAuthUser, Logger, RunFunctionAsync } from '@guardian/common';
-import { DocumentType, PolicyType, TaskAction, UserRole } from '@guardian/interfaces';
-import { PolicyEngine } from '../../helpers/policy-engine.js';
-import { ProjectService } from '../../helpers/projects.js';
-import { ServiceError } from '../../helpers/service-requests-base.js';
-import { TaskManager } from '../../helpers/task-manager.js';
-import { Users } from '../../helpers/users.js';
-import { InternalServerErrorDTO } from '../../middlewares/validation/schemas/errors.js';
-import { MigrationConfigDTO, PolicyCategoryDTO, } from '../../middlewares/validation/schemas/policies.js';
-import { Body, Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Param, Post, Put, Query, Req, Response, UploadedFiles, UseInterceptors, } from '@nestjs/common';
-import { AnyFilesInterceptor } from '@nestjs/platform-express';
-import { ApiAcceptedResponse, ApiBody, ApiConsumes, ApiExtraModels, ApiForbiddenResponse, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiParam, ApiQuery, ApiSecurity, ApiTags, ApiUnauthorizedResponse, getSchemaPath, } from '@nestjs/swagger';
-import { ApiImplicitParam } from '@nestjs/swagger/dist/decorators/api-implicit-param.decorator.js';
-import { ApiImplicitQuery } from '@nestjs/swagger/dist/decorators/api-implicit-query.decorator.js';
-import { CACHE } from '../../constants/index.js';
-import { UseCache } from '../../helpers/decorators/cache.js';
-
-const ONLY_SR = ' Only users with the Standard Registry role are allowed to make the request.'
+import { DocumentType, Permissions, PolicyType, TaskAction, UserRole } from '@guardian/interfaces';
+import { Body, Controller, Delete, Get, HttpCode, HttpException, HttpStatus, Param, Post, Put, Query, Req, Response, UseInterceptors, Version } from '@nestjs/common';
+import { ApiAcceptedResponse, ApiBody, ApiConsumes, ApiExtraModels, ApiInternalServerErrorResponse, ApiOkResponse, ApiOperation, ApiParam, ApiQuery, ApiTags } from '@nestjs/swagger';
+import { CACHE, POLICY_REQUIRED_PROPS, PREFIXES } from '#constants';
+import { BlockDTO, Examples, ExportMessageDTO, ImportMessageDTO, InternalServerErrorDTO, MigrationConfigDTO, pageHeader, PoliciesValidationDTO, PolicyCategoryDTO, PolicyDTO, PolicyPreviewDTO, PolicyValidationDTO, TaskDTO } from '#middlewares';
+import { AnyFilesInterceptor, CacheService, EntityOwner, getCacheKey, InternalException, ONLY_SR, PolicyEngine, ProjectService, ServiceError, TaskManager, UploadedFiles, UseCache } from '#helpers';
+
+async function getOldResult(user: IAuthUser): Promise {
+ const options: any = {};
+ const owner = new EntityOwner(user);
+ const { policies } = await (new PolicyEngine()).getPolicies(options, owner);
+ return policies;
+}
@Controller('policies')
@ApiTags('policies')
export class PolicyApi {
+ constructor(private readonly cacheService: CacheService) {
+ }
+
+ /**
+ * Return a list of all policies
+ */
+ @Get('/')
+ @Auth(
+ Permissions.POLICIES_POLICY_READ,
+ Permissions.POLICIES_POLICY_EXECUTE,
+ Permissions.POLICIES_POLICY_AUDIT,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR,
+ )
@ApiOperation({
summary: 'Return a list of all policies.',
- description: 'Returns all policies. Only users with the Standard Registry and Installer role are allowed to make the request.',
+ description: 'Returns all policies.',
})
- @ApiSecurity('bearerAuth')
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageIndex',
type: Number,
description: 'The number of pages to skip before starting to collect the result set',
- required: false
+ required: false,
+ example: 0
})
- @ApiImplicitQuery({
+ @ApiQuery({
name: 'pageSize',
type: Number,
description: 'The numbers of items to return',
- required: false
+ required: false,
+ example: 20
})
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ isArray: true,
+ headers: pageHeader,
+ type: PolicyDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
+ @HttpCode(HttpStatus.OK)
+ async getPolicies(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
+ if (!user.did && user.role !== UserRole.AUDITOR) {
+ return res.header('X-Total-Count', 0).send([]);
+ }
+ try {
+ const options: any = {
+ filters: {},
+ pageIndex,
+ pageSize
+ };
+ const engineService = new PolicyEngine();
+ const owner = new EntityOwner(user);
+ const { policies, count } = await engineService.getPolicies(options, owner);
+ return res.header('X-Total-Count', count).send(policies);
+ } catch (error) {
+ await InternalException(error);
+ }
+ }
+
+ /**
+ * Return a list of all policies V2 05.06.2024
+ */
@Get('/')
+ @Auth(
+ Permissions.POLICIES_POLICY_READ,
+ Permissions.POLICIES_POLICY_EXECUTE,
+ Permissions.POLICIES_POLICY_AUDIT,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR,
+ )
+ @ApiOperation({
+ summary: 'Return a list of all policies.',
+ description: 'Returns all policies.',
+ })
+ @ApiQuery({
+ name: 'pageIndex',
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
+ })
+ @ApiQuery({
+ name: 'pageSize',
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ isArray: true,
+ headers: pageHeader,
+ type: PolicyDTO,
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getPolicies(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER, UserRole.AUDITOR)(req.user);
- const users = new Users();
- const engineService = new PolicyEngine();
+ @Version('2')
+ async getPoliciesV2(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number
+ ): Promise {
+ if (!user.did && user.role !== UserRole.AUDITOR) {
+ return res.header('X-Total-Count', 0).send([]);
+ }
try {
- const user = await users.getUser(req.user.username);
- if (!user.did && user.role !== UserRole.AUDITOR) {
- return res.setHeader('X-Total-Count', 0).json([]);
- }
- let pageIndex: any;
- let pageSize: any;
- if (req.query && req.query.pageIndex && req.query.pageSize) {
- pageIndex = req.query.pageIndex;
- pageSize = req.query.pageSize;
- }
- let result: any;
- if (user.role === UserRole.STANDARD_REGISTRY) {
- result = await engineService.getPolicies({
- filters: {
- owner: user.did,
- },
- userDid: user.did,
- pageIndex,
- pageSize
- });
- } else if (user.role === UserRole.AUDITOR) {
- const filters: any = {
- status: { $in: [PolicyType.PUBLISH, PolicyType.DISCONTINUED] },
- }
- result = await engineService.getPolicies({
- filters,
- userDid: user.did,
- pageIndex,
- pageSize
- });
- } else {
- const filters: any = {
- status: { $in: [PolicyType.PUBLISH, PolicyType.DISCONTINUED] },
- }
- if (user.parent) {
- filters.owner = user.parent;
- }
- result = await engineService.getPolicies({
- filters,
- userDid: user.did,
- pageIndex,
- pageSize
- });
- }
- const { policies, count } = result;
- return res.setHeader('X-Total-Count', count).json(policies);
+ const options: any = {
+ fields: Object.values(POLICY_REQUIRED_PROPS),
+ filters: {},
+ pageIndex,
+ pageSize
+ };
+ const engineService = new PolicyEngine();
+ const owner = new EntityOwner(user);
+ const { policies, count } = await engineService.getPoliciesV2(options, owner);
+ return res.header('X-Total-Count', count).send(policies);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Creates a new policy
+ */
+ @Post('/')
+ @Auth(
+ Permissions.POLICIES_POLICY_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Creates a new policy.',
description: 'Creates a new policy.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ isArray: true,
+ type: PolicyDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/')
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.CREATED)
- async createPolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async createPolicy(
+ @AuthUser() user: IAuthUser,
+ @Body() body: PolicyDTO
+ ): Promise {
try {
- const policies = await engineService.createPolicy(req.body, req.user)
- return res.status(201).json(policies);
+ const engineService = new PolicyEngine();
+ await engineService.createPolicy(body, new EntityOwner(user));
+ return await getOldResult(user);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Migrate policy data
+ */
+ @Post('/migrate-data')
+ @Auth(
+ Permissions.POLICIES_MIGRATION_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Migrate policy data.',
- description: 'Migrate policy data. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Migrate policy data.' + ONLY_SR,
})
- @ApiExtraModels(MigrationConfigDTO, InternalServerErrorDTO)
@ApiBody({
description: 'Migration config.',
- schema: {
- $ref: getSchemaPath(MigrationConfigDTO)
- }
+ type: MigrationConfigDTO,
})
@ApiOkResponse({
description: 'Errors while migration.',
@@ -173,229 +229,294 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/migrate-data')
+ @ApiExtraModels(MigrationConfigDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async migrateData(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async migrateData(
+ @AuthUser() user: IAuthUser,
+ @Body() body: MigrationConfigDTO
+ ): Promise {
const engineService = new PolicyEngine();
try {
- return res.send(await engineService.migrateData(
- req.user.did,
- req.body
- ));
+ return await engineService.migrateData(new EntityOwner(user), body as any);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Migrate policy data
+ */
+ @Post('/push/migrate-data')
+ @Auth(
+ Permissions.POLICIES_MIGRATION_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Migrate policy data asynchronous.',
- description: 'Migrate policy data asynchronous. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Migrate policy data asynchronous.' + ONLY_SR,
})
- @ApiExtraModels(MigrationConfigDTO, InternalServerErrorDTO)
@ApiBody({
- description: 'Migration config.',
- schema: {
- $ref: getSchemaPath(MigrationConfigDTO)
- }
+ description: 'Migration configuration.',
+ type: MigrationConfigDTO
})
@ApiAcceptedResponse({
description: 'Created task.',
- schema: {
- 'type': 'object'
- },
+ type: TaskDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/push/migrate-data')
+ @ApiExtraModels(TaskDTO, MigrationConfigDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async migrateDataAsync(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const user = req.user;
+ async migrateDataAsync(
+ @AuthUser() user: IAuthUser,
+ @Body() body: MigrationConfigDTO
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.MIGRATE_DATA, user.id);
RunFunctionAsync(async () => {
const engineService = new PolicyEngine();
- await engineService.migrateDataAsync(req.user.did, req.body, task);
+ await engineService.migrateDataAsync(new EntityOwner(user), body as any, task);
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: 'Unknown error: ' + error.message });
});
- return res.status(202).send(task);
+ return task;
}
+ /**
+ * Creates a new policy
+ */
+ @Post('/push')
+ @Auth(
+ Permissions.POLICIES_POLICY_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Creates a new policy.',
description: 'Creates a new policy.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: TaskDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/push')
+ @ApiExtraModels(TaskDTO, PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async createPolicyAsync(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const model = req.body;
- const user = req.user;
+ async createPolicyAsync(
+ @AuthUser() user: IAuthUser,
+ @Body() body: PolicyDTO
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.CREATE_POLICY, user.id);
RunFunctionAsync(async () => {
const engineService = new PolicyEngine();
- await engineService.createPolicyAsync(model, user, task);
+ await engineService.createPolicyAsync(body, new EntityOwner(user), task);
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: error.message });
});
- return res.status(202).send(task);
+ return task;
}
- @ApiOperation({})
- @ApiSecurity('bearerAuth')
+ /**
+ * Clone policy
+ */
+ @Post('/push/:policyId')
+ @Auth(
+ Permissions.POLICIES_POLICY_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Clones policy.',
+ description: 'Clones policy.' + ONLY_SR,
+ })
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: TaskDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/push/:policyId')
+ @ApiExtraModels(TaskDTO, PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async updatePolicyAsync(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const policyId = req.params.policyId;
- const model = req.body;
- const user = req.user;
+ async updatePolicyAsync(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: PolicyDTO
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.CLONE_POLICY, user.id);
RunFunctionAsync(async () => {
const engineService = new PolicyEngine();
- await engineService.clonePolicyAsync(policyId, model, user, task);
+ await engineService.clonePolicyAsync(policyId, body, new EntityOwner(user), task);
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: error.message });
});
- return res.status(202).send(task);
+ return task;
}
- @ApiSecurity('bearerAuth')
+ /**
+ * Delete policy
+ */
@Delete('/push/:policyId')
+ @Auth(
+ Permissions.POLICIES_POLICY_DELETE,
+ // UserRole.STANDARD_REGISTRY,
+ )
+ @ApiOperation({
+ summary: 'Remove policy.',
+ description: 'Remove policy.' + ONLY_SR,
+ })
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiOkResponse({
+ description: 'Successful operation.',
+ type: TaskDTO
+ })
+ @ApiInternalServerErrorResponse({
+ description: 'Internal server error.',
+ type: InternalServerErrorDTO,
+ })
+ @ApiExtraModels(TaskDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async deletePolicyAsync(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const policyId = req.params.policyId;
- const user = req.user;
+ async deletePolicyAsync(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.DELETE_POLICY, user.id);
RunFunctionAsync(async () => {
const engineService = new PolicyEngine();
- await engineService.deletePolicyAsync(policyId, user, task);
+ await engineService.deletePolicyAsync(policyId, new EntityOwner(user), task);
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: error.message });
});
- return res.status(202).send(task);
+ return task;
}
+ /**
+ * Get policy configuration
+ */
+ @Get('/:policyId')
+ @Auth(
+ Permissions.POLICIES_POLICY_READ,
+ Permissions.POLICIES_POLICY_EXECUTE,
+ Permissions.POLICIES_POLICY_AUDIT,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ // UserRole.AUDITOR,
+ )
@ApiOperation({
summary: 'Retrieves policy configuration.',
description: 'Retrieves policy configuration for the specified policy ID.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
- description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ description: 'Policy configuration.',
+ type: PolicyDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId')
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getPolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER, UserRole.AUDITOR)(req.user);
- const users = new Users();
- const engineService = new PolicyEngine();
+ async getPolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
try {
- const user = await users.getUser(req.user.username);
- const model = (await engineService.getPolicy({
- filters: req.params.policyId,
+ const engineService = new PolicyEngine();
+ return await engineService.getPolicy({
+ filters: policyId,
userDid: user.did,
- })) as any;
- return res.send(model);
+ }, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Updates policy
+ */
+ @Put('/:policyId')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Updates policy configuration.',
description: 'Updates policy configuration for the specified policy ID.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
@ApiOkResponse({
- description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ description: 'Policy configuration.',
+ type: PolicyDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/:policyId')
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async updatePolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async updatePolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() policy: PolicyDTO
+ ): Promise {
const engineService = new PolicyEngine();
- let model: any;
- try {
- model = await engineService.getPolicy({ filters: req.params.policyId }) as any;
- } catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
- }
+ const owner = new EntityOwner(user);
+ const model = await engineService.accessPolicy(policyId, owner, 'update');
if (!model) {
throw new HttpException('Policy does not exist.', HttpStatus.NOT_FOUND)
}
try {
- const policy = req.body;
model.config = policy.config;
model.name = policy.name;
model.version = policy.version;
@@ -408,236 +529,306 @@ export class PolicyApi {
model.policyGroups = policy.policyGroups;
model.categories = policy.categories;
model.projectSchema = policy.projectSchema;
- const result = await engineService.savePolicy(model, req.user, req.params.policyId);
- return res.json(result);
+ return await engineService.savePolicy(model, new EntityOwner(user), policyId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Publish policy
+ */
+ @Put('/:policyId/publish')
+ @Auth(
+ Permissions.POLICIES_POLICY_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Publishes the policy onto IPFS.',
description: 'Publishes the policy with the specified (internal) policy ID onto IPFS, sends a message featuring its IPFS CID into the corresponding Hedera topic.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: PoliciesValidationDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/:policyId/publish')
+ @ApiExtraModels(PoliciesValidationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async publishPolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async publishPolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: PolicyDTO
+ ): Promise {
try {
- return res.json(await engineService.publishPolicy(req.body, req.user, req.params.policyId));
+ const engineService = new PolicyEngine();
+ const result = await engineService.publishPolicy(body, new EntityOwner(user), policyId);
+ result.policies = await getOldResult(user);
+ return result;
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Publish policy
+ */
+ @Put('/push/:policyId/publish')
+ @Auth(
+ Permissions.POLICIES_POLICY_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Publishes the policy onto IPFS.',
description: 'Publishes the policy with the specified (internal) policy ID onto IPFS, sends a message featuring its IPFS CID into the corresponding Hedera topic.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
- @ApiOkResponse({
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
+ @ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: TaskDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/push/:policyId/publish')
+ @ApiExtraModels(TaskDTO, PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.ACCEPTED)
- async publishPolicyAsync(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const model = req.body;
- const user = req.user;
- const policyId = req.params.policyId;
+ async publishPolicyAsync(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: PolicyDTO
+ ): Promise {
const taskManager = new TaskManager();
const task = taskManager.start(TaskAction.PUBLISH_POLICY, user.id);
RunFunctionAsync(async () => {
const engineService = new PolicyEngine();
- await engineService.publishPolicyAsync(model, user, policyId, task);
+ await engineService.publishPolicyAsync(body, new EntityOwner(user), policyId, task);
}, async (error) => {
new Logger().error(error, ['API_GATEWAY']);
taskManager.addError(task.taskId, { code: 500, message: error.message || error });
});
-
- return res.status(202).send(task);
+ return task;
}
+ /**
+ * Go to dry-run policy
+ */
+ @Put('/:policyId/dry-run')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Dry Run policy.',
description: 'Run policy without making any persistent changes or executing transaction.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: PoliciesValidationDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/:policyId/dry-run')
+ @ApiExtraModels(PoliciesValidationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async dryRunPolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async dryRunPolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
try {
- return res.json(await engineService.dryRunPolicy(req.user, req.params.policyId));
+ const engineService = new PolicyEngine();
+ const result = await engineService.dryRunPolicy(policyId, new EntityOwner(user));
+ result.policies = await getOldResult(user);
+ return result;
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Discontunue policy
+ */
+ @Put('/:policyId/discontinue')
+ @Auth(
+ Permissions.POLICIES_POLICY_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
- summary: 'Discontunue policy.',
- description: 'Discontunue policy. Only users with the Standard Registry role are allowed to make the request.',
+ summary: 'Discontinue policy.',
+ description: 'Discontinue policy. Only users with the Standard Registry role are allowed to make the request.',
})
- @ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
name: 'policyId',
- description: 'Policy identifier.',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
@ApiBody({
description: 'Discontinue details.',
schema: {
type: 'object',
properties: {
- 'date': {
- type: 'date'
+ date: {
+ type: 'string'
}
}
}
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
- description: 'Policies.',
- schema: {
- 'type': 'array',
- items: {
- type: 'object'
- }
- },
+ description: 'Successful operation.',
+ isArray: true,
+ type: PolicyDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/:policyId/discontinue')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async discontinuePolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async discontinuePolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: any
+ ): Promise {
try {
- return res.json(await engineService.discontinuePolicy(req.user, req.params.policyId, req.body?.date));
+ const engineService = new PolicyEngine();
+ await engineService.discontinuePolicy(policyId, new EntityOwner(user), body?.date);
+ return await getOldResult(user);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Go to dry-run draft
+ */
+ @Put('/:policyId/draft')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
- summary: 'Dry Run policy.',
- description: 'Run policy without making any persistent changes or executing transaction.' + ONLY_SR,
+ summary: 'Return policy to editing.',
+ description: 'Return policy to editing.' + ONLY_SR,
+ })
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ isArray: true,
+ type: PolicyDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Put('/:policyId/draft')
+ @ApiExtraModels(PolicyDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async draftPolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async draftPolicy(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
try {
- return res.json(await engineService.draft(req.user, req.params.policyId));
+ const engineService = new PolicyEngine();
+ await engineService.draft(policyId, new EntityOwner(user));
+ return await getOldResult(user);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Validate
+ */
+ @Post('/validate')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ Permissions.POLICIES_POLICY_REVIEW,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Validates policy.',
description: 'Validates selected policy.' + ONLY_SR,
})
- @ApiSecurity('bearerAuth')
+ @ApiBody({
+ description: 'Policy configuration.',
+ type: PolicyDTO,
+ })
@ApiOkResponse({
- description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ description: 'Validation result.',
+ type: PolicyValidationDTO,
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/validate')
+ @ApiExtraModels(PolicyDTO, PolicyValidationDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async validatePolicy(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async validatePolicy(
+ @AuthUser() user: IAuthUser,
+ @Body() body: PolicyDTO
+ ): Promise {
try {
- return res.send(await engineService.validatePolicy(req.body, req.user));
+ const engineService = new PolicyEngine();
+ return await engineService.validatePolicy(body, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * use cache test dry run
- * @param req
+ * Policy navigation
*/
+ @Get('/:policyId/navigation')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Returns a policy navigation.',
description: 'Returns a policy navigation.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
description: 'Successful operation.',
schema: {
@@ -646,34 +837,43 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/navigation')
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(InternalServerErrorDTO)
// @UseCache()
- async getPolicyNavigation(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER)(req.user);
- const engineService = new PolicyEngine();
+ @HttpCode(HttpStatus.OK)
+ async getPolicyNavigation(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string
+ ): Promise {
try {
- return await engineService.getNavigation(req.user, req.params.policyId);
+ const engineService = new PolicyEngine();
+ return await engineService.getNavigation(user, policyId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * use cache need test
- * @param req
+ * Policy groups
*/
+ @Get('/:policyId/groups')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Returns a list of groups the user is a member of.',
description: 'Returns a list of groups the user is a member of.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
description: 'Successful operation.',
schema: {
@@ -682,109 +882,133 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/groups')
- @HttpCode(HttpStatus.OK)
+ @ApiExtraModels(InternalServerErrorDTO)
// @UseCache()
- async getPolicyGroups(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER)(req.user);
- const engineService = new PolicyEngine();
+ @HttpCode(HttpStatus.OK)
+ async getPolicyGroups(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
try {
- return await engineService.getGroups(req.user, req.params.policyId);
+ const engineService = new PolicyEngine();
+ return await engineService.getGroups(user, policyId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Get policy documents
+ */
+ @Get('/:policyId/documents')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Get policy documents.',
- description: 'Get policy documents. Only users with the Standard Registry role are allowed to make the request.',
+ description: 'Get policy documents.' + ONLY_SR,
})
@ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
- description: 'Policy identifier.',
name: 'policyId',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
@ApiQuery({
- description: 'Include document field.',
name: 'includeDocument',
- type: 'boolean'
+ type: Boolean,
+ description: 'Include document field.',
+ required: false,
+ example: true
})
@ApiQuery({
- description: 'Document type.',
name: 'type',
- enum: DocumentType
+ enum: DocumentType,
+ description: 'Document type.',
+ required: false,
+ example: DocumentType.VC
})
@ApiQuery({
- description: 'Page index.',
name: 'pageIndex',
- type: 'number'
+ type: Number,
+ description: 'The number of pages to skip before starting to collect the result set',
+ required: false,
+ example: 0
})
@ApiQuery({
- description: 'Page size.',
name: 'pageSize',
- type: 'number'
+ type: Number,
+ description: 'The numbers of items to return',
+ required: false,
+ example: 20
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
description: 'Documents.',
+ isArray: true,
+ headers: pageHeader,
schema: {
- 'type': 'array',
+ type: 'array',
items: {
type: 'object'
}
- },
- headers: {
- 'X-Total-Count': {
- description: 'Total documents count.'
- }
}
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/documents')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getPolicyDocuments(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async getPolicyDocuments(
+ @AuthUser() user: IAuthUser,
+ @Response() res: any,
+ @Param('policyId') policyId: string,
+ @Query('type') type?: DocumentType,
+ @Query('includeDocument') includeDocument?: boolean,
+ @Query('pageIndex') pageIndex?: number,
+ @Query('pageSize') pageSize?: number,
+ ): Promise {
try {
+ const engineService = new PolicyEngine();
const [documents, count] = await engineService.getDocuments(
- req.user.did,
- req.params.policyId,
- req.query?.includeDocument?.toLowerCase() === 'true',
- req.query?.type,
- req.query?.pageIndex,
- req.query?.pageSize,
+ new EntityOwner(user),
+ policyId,
+ String(includeDocument)?.toLowerCase() === 'true',
+ type,
+ pageIndex,
+ pageSize,
);
- return res.setHeader('X-Total-Count', count).json(documents);
+ return res.header('X-Total-Count', count).send(documents);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Get policy data
+ */
+ @Get('/:policyId/data')
+ @Auth(
+ Permissions.POLICIES_MIGRATION_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Get policy data.',
description: 'Get policy data.' + ONLY_SR,
})
@ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
- description: 'Policy identifier.',
name: 'policyId',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
description: 'Policy data.',
schema: {
@@ -794,49 +1018,43 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/data')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async downloadPolicyData(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async downloadPolicyData(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Response() res: any
+ ): Promise {
try {
- const policy = await engineService.getPolicy({
- userDid: req.user.did,
- filters: req.params.policyId,
- });
- if (!policy) {
- throw new Error(`Policy doesn't exist`);
- }
- const downloadResult = await engineService.downloadPolicyData(
- req.params.policyId,
- req.user.did
- );
- res.setHeader(
+ const engineService = new PolicyEngine();
+ const owner = new EntityOwner(user);
+ const policy = await engineService.accessPolicy(policyId, owner, 'read');
+ const downloadResult = await engineService.downloadPolicyData(policyId, owner);
+ res.header(
'Content-Disposition',
`attachment; filename=${policy.name}.data`
);
- res.setHeader('Content-Type', 'application/policy-data');
+ res.header('Content-Type', 'application/policy-data');
return res.send(downloadResult);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Upload policy data
+ */
+ @Post('/data')
+ @Auth(
+ Permissions.POLICIES_MIGRATION_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Upload policy data.',
description: 'Upload policy data.' + ONLY_SR,
})
- @ApiExtraModels(InternalServerErrorDTO)
- @ApiSecurity('bearerAuth')
@ApiBody({
description: 'Policy data file',
schema: {
@@ -852,38 +1070,41 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/data')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async uploadPolicyData(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async uploadPolicyData(
+ @AuthUser() user: IAuthUser,
+ @Body() body: any
+ ): Promise {
try {
- return await engineService.uploadPolicyData(req.user.did, req.body);
+ const engineService = new PolicyEngine();
+ return await engineService.uploadPolicyData(new EntityOwner(user), body);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Get policy tag map
+ */
+ @Get('/:policyId/tag-block-map')
+ @Auth(
+ Permissions.POLICIES_MIGRATION_CREATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Get policy tag block map.',
description: 'Get policy tag block map.' + ONLY_SR,
})
- @ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
- description: 'Policy identifier.',
name: 'policyId',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
description: 'Policy tag block map.',
schema: {
@@ -892,41 +1113,41 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/tag-block-map')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getTagBlockMap(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async getTagBlockMap(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ ): Promise {
try {
- return await engineService.getTagBlockMap(
- req.params.policyId,
- req.user.did
- );
+ const engineService = new PolicyEngine();
+ return await engineService.getTagBlockMap(policyId, new EntityOwner(user));
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Get policy virtual keys
+ */
+ @Get('/:policyId/virtual-keys')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Get policy virtual keys.',
description: 'Get policy virtual keys.' + ONLY_SR,
})
- @ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
- description: 'Policy identifier.',
name: 'policyId',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
- @ApiSecurity('bearerAuth')
@ApiOkResponse({
description: 'Policy virtual keys.',
schema: {
@@ -936,54 +1157,50 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/virtual-keys')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async downloadVirtualKeys(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
+ async downloadVirtualKeys(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Response() res: any
+ ): Promise {
const engineService = new PolicyEngine();
try {
- const policy = await engineService.getPolicy({
- userDid: req.user.did,
- filters: req.params.policyId,
- });
- if (!policy) {
- throw new Error(`Policy doesn't exist`);
- }
- const downloadResult = await engineService.downloadVirtualKeys(
- req.params.policyId,
- req.user.did
- );
- res.setHeader(
+ const owner = new EntityOwner(user);
+ const policy = await engineService.accessPolicy(policyId, owner, 'read');
+ const downloadResult = await engineService.downloadVirtualKeys(policyId, owner);
+ res.header(
'Content-Disposition',
`attachment; filename=${policy.name}.vk`
);
- res.setHeader('Content-Type', 'application/virtual-keys');
+ res.header('Content-Type', 'application/virtual-keys');
return res.send(downloadResult);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Upload policy virtual keys.
+ */
+ @Post('/:policyId/virtual-keys')
+ @Auth(
+ Permissions.POLICIES_POLICY_UPDATE,
+ // UserRole.STANDARD_REGISTRY,
+ )
@ApiOperation({
summary: 'Upload policy virtual keys.',
description: 'Upload policy virtual keys.' + ONLY_SR,
})
- @ApiExtraModels(InternalServerErrorDTO)
@ApiParam({
- description: 'Policy identifier.',
name: 'policyId',
- required: true
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
})
- @ApiSecurity('bearerAuth')
@ApiBody({
description: 'Virtual keys file',
schema: {
@@ -996,264 +1213,420 @@ export class PolicyApi {
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/:policyId/virtual-keys')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async uploadVirtualKeys(@Req() req): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY)(req.user);
- const engineService = new PolicyEngine();
+ async uploadVirtualKeys(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: any
+ ): Promise {
try {
- return await engineService.uploadVirtualKeys(
- req.user.did,
- req.body,
- req.params.policyId
- );
+ const engineService = new PolicyEngine();
+ return await engineService.uploadVirtualKeys(new EntityOwner(user), body, policyId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(
- error.message,
- HttpStatus.INTERNAL_SERVER_ERROR
- );
+ await InternalException(error);
}
}
+ /**
+ * Makes the selected group active.
+ */
+ @Post('/:policyId/groups')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Makes the selected group active.',
description: 'Makes the selected group active. if UUID is not set then returns the user to the default state.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiBody({
+ description: 'Group',
+ type: Object
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: Object
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/:policyId/groups')
+ @ApiExtraModels(InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async setPolicyGroups(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER)(req.user);
+ async setPolicyGroups(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Body() body: any
+ ): Promise {
const engineService = new PolicyEngine();
try {
- return res.send(await engineService.selectGroup(req.user, req.params.policyId, req.body.uuid));
+ return await engineService.selectGroup(user, policyId, body?.uuid);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
/**
- * @param req
- * @param res
+ * Retrieves data for the policy root block.
*/
+ @Get('/:policyId/blocks')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Retrieves data for the policy root block.',
description: 'Returns data from the root policy block. Only users with the Standard Registry and Installer role are allowed to make the request.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: BlockDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/blocks')
+ @ApiExtraModels(BlockDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getPolicyBlocks(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER)(req.user);
- const engineService = new PolicyEngine();
+ async getPolicyBlocks(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string
+ ): Promise {
try {
- return res.send(await engineService.getPolicyBlocks(req.user, req.params.policyId));
+ const engineService = new PolicyEngine();
+ return await engineService.getPolicyBlocks(user, policyId);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Requests block data.
+ */
+ @Get('/:policyId/blocks/:uuid')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Requests block data.',
description: 'Requests block data. Only users with a role that described in block are allowed to make the request.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Block Identifier',
+ example: Examples.UUID
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: BlockDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Get('/:policyId/blocks/:uuid')
+ @ApiExtraModels(BlockDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async getBlockData(@Req() req, @Response() res): Promise {
- await checkPermission(UserRole.STANDARD_REGISTRY, UserRole.USER)(req.user);
- const engineService = new PolicyEngine();
+ async getBlockData(
+ @AuthUser() user: IAuthUser,
+ @Param('policyId') policyId: string,
+ @Param('uuid') uuid: string
+ ): Promise {
try {
- return res.send(await engineService.getBlockData(req.user, req.params.policyId, req.params.uuid));
+ const engineService = new PolicyEngine();
+ return await engineService.getBlockData(user, policyId, uuid);
} catch (error) {
- new Logger().error(error, ['API_GATEWAY']);
- throw new HttpException(error.message, HttpStatus.INTERNAL_SERVER_ERROR);
+ await InternalException(error);
}
}
+ /**
+ * Sends data to the specified block
+ */
+ @Post('/:policyId/blocks/:uuid')
+ @Auth(
+ Permissions.POLICIES_POLICY_EXECUTE,
+ // UserRole.STANDARD_REGISTRY,
+ // UserRole.USER,
+ )
@ApiOperation({
summary: 'Sends data to the specified block.',
description: 'Sends data to the specified block.',
})
- @ApiSecurity('bearerAuth')
+ @ApiParam({
+ name: 'policyId',
+ type: String,
+ description: 'Policy Id',
+ required: true,
+ example: Examples.DB_ID
+ })
+ @ApiParam({
+ name: 'uuid',
+ type: 'string',
+ required: true,
+ description: 'Block Identifier',
+ example: Examples.UUID
+ })
+ @ApiBody({
+ description: 'Data',
+ type: Object
+ })
@ApiOkResponse({
description: 'Successful operation.',
- schema: {
- 'type': 'object'
- },
+ type: BlockDTO
})
@ApiInternalServerErrorResponse({
description: 'Internal server error.',
- schema: {
- $ref: getSchemaPath(InternalServerErrorDTO)
- }
+ type: InternalServerErrorDTO,
})
- @ApiSecurity('bearerAuth')
- @Post('/:policyId/blocks/:uuid')
+ @ApiExtraModels(BlockDTO, InternalServerErrorDTO)
@HttpCode(HttpStatus.OK)
- async setBlockData(@Req() req, @Response() res): Promise