department-of-veterans-affairs · GcioGregg · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -315,6 +315,7 @@ Lint/MissingSuper:
     - 'modules/va_notify/lib/va_notify/service.rb'
     - 'modules/vaos/app/services/vaos/session_service.rb'
     - 'modules/veteran/app/models/veteran/user.rb'
+    - 'modules/vye/lib/dgib/service.rb'
 
 # Offense count: 5
 Lint/NoReturnInBeginEndBlocks:

@@ -77,6 +77,7 @@
     SearchTypeahead::Configuration.instance.breakers_service,
     SearchClickTracking::Configuration.instance.breakers_service,
     VAOS::Configuration.instance.breakers_service,
+    Vye::DGIB::Configuration.instance.breakers_service,
     IAMSSOeOAuth::Configuration.instance.breakers_service,
     CovidVaccine::V0::VetextConfiguration.instance.breakers_service,
     VEText::Configuration.instance.breakers_service,

@@ -1439,10 +1439,21 @@ genisis:
   pass: bogus
 
 # Settings for connecting AFS Veteran Services
+# For locahost we can use the existing certs as long as we don't call out
 dgi:
+  # add med_api here? Will need to reach out to that team
   jwt:
-    public_key_path: modules/meb_api/spec/fixtures/dgi_public_test.pem
-    private_key_path: modules/meb_api/spec/fixtures/dgi_private_test.pem
+    public_key_path: ""
+    private_key_path: ""
+  vye:
+    jwt:
+      # May not need the public path
+      public_key_path: ""
+      private_key_path: ""
+      public_ica11_rca2_key_path: ""
+    vets:
+      url: ""
+      mock: false
   vets:
     url: "https://jenkins.ld.afsp.io:32512/vets-service/v1/" # Docker setup for microservice
     mock: false

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+require 'dgib/claimant_lookup/service'
+require 'dgib/claimant_status/service'
+require 'dgib/verification_record/service'
+require 'dgib/verify_claimant/service'
+
+module Vye
+  module Vye::V1
+    class Vye::V1::DgibVerificationsController < Vye::V1::ApplicationController
+      def verification_record
+        head :forbidden unless authorize(user_info, policy_class: UserInfoPolicy)
+
+        response = verification_service.get_verification_record(params[:claimant_id])
+        serializer = Vye::ClaimantVerificationSerializer
+        process_response(response, serializer)
+      end
+
+      def verify_claimant
+        head :forbidden unless authorize(user_info, policy_class: UserInfoPolicy)
+
+        response = verify_claimant_service.verify_claimant(
+          params[:claimant_id],
+          params[:verified_period_begin_date],
+          params[:verified_period_end_date],
+          params[:verified_through_date],
+          params[:verification_method],
+          params.dig(:app_communication, :response_type)
+        )
+
+        serializer = Vye::VerifyClaimantSerializer
+        process_response(response, serializer)
+      end
+
+      # the serializer for this endpoint is the same as for verify_claimant
+      def claimant_status
+        head :forbidden unless authorize(user_info, policy_class: UserInfoPolicy)
+
+        response = claimant_status_service.get_claimant_status(params[:claimant_id])
+        serializer = Vye::VerifyClaimantSerializer
+        process_response(response, serializer)
+      end
+
+      def claimant_lookup
+        head :forbidden unless authorize(user_info, policy_class: UserInfoPolicy)
+
+        response = claimant_lookup_service.claimant_lookup(current_user.ssn)
+        serializer = Vye::ClaimantLookupSerializer
+        process_response(response, serializer)
+      end
+
+      private
+
+      # Vye Services related stuff
+      def claimant_lookup_service
+        Vye::DGIB::ClaimantLookup::Service.new(@current_user)
+      end
+
+      def claimant_status_service
+        Vye::DGIB::ClaimantStatus::Service.new(@current_user)
+      end
+
+      def verification_service
+        Vye::DGIB::VerificationRecord::Service.new(@current_user)
+      end
+
+      def verify_claimant_service
+        Vye::DGIB::VerifyClaimant::Service.new(@current_user)
+      end
+
+      def process_response(response, serializer)
+        Rails.logger.debug { "Processing response with status: #{response&.status}" }
+        case response.status
+        when 200
+          Rails.logger.debug 'Rendering JSON response'
+          render json: serializer.new(response).to_json
+        when 204
+          Rails.logger.debug 'Sending no content'
+          head :no_content
+        when 403
+          Rails.logger.debug 'Sending forbidden'
+          head :forbidden
+        when 404
+          Rails.logger.debug 'Sending not found'
+          head :not_found
+        when 422
+          Rails.logger.debug 'Sending unprocessable entity'
+          head :unprocessable_entity
+        when nil
+          Rails.logger.debug 'No response from server'
+        else
+          Rails.logger.debug 'Sending internal server error'
+          head :internal_server_error
+        end
+      end
+      # End Vye Services
+    end
+  end
+end
diff --git a/modules/vye/app/policies/vye/user_info_policy.rb b/modules/vye/app/policies/vye/user_info_policy.rb
@@ -9,5 +9,29 @@ def create?
     end
 
     alias_method :show?, :create?
+
+    def claimant_lookup?
+      return true if user.present?
+
+      false
+    end
+
+    def claimant_status?
+      return true if user.present?
+
+      false
+    end
+
+    def verify_claimant?
+      return true if user.present?
+
+      false
+    end
+
+    def verification_record?
+      return true if user.present?
+
+      false
+    end
   end
 end
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Vye
+  class ClaimantLookupSerializer < Vye::VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id
+      }
+    end
+  end
+end
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Vye
+  class ClaimantVerificationSerializer < Vye::VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id,
+        delimiting_date: @resource&.delimiting_date,
+        enrollment_verifications: @resource&.enrollment_verifications,
+        verified_details: @resource&.verified_details,
+        payment_on_hold: @resource&.payment_on_hold
+      }
+    end
+  end
+end
@@ -12,13 +12,13 @@ def to_json(*)
 
     def serializable_hash
       {
-        award_id: @resource.award_id,
-        act_begin: @resource.act_begin,
-        act_end: @resource.act_end,
-        transact_date: @resource.transact_date,
-        monthly_rate: @resource.monthly_rate,
-        number_hours: @resource.number_hours,
-        source_ind: @resource.source_ind
+        award_id: @resource&.award_id,
+        act_begin: @resource&.act_begin,
+        act_end: @resource&.act_end,
+        transact_date: @resource&.transact_date,
+        monthly_rate: @resource&.monthly_rate,
+        number_hours: @resource&.number_hours,
+        source_ind: @resource&.source_ind
       }
     end
   end

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Vye
+  class VerifyClaimantSerializer < Vye::VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id,
+        delimiting_date: @resource&.delimiting_date,
+        verified_details: @resource&.verified_details,
+        payment_on_hold: @resource&.payment_on_hold
+      }
+    end
+  end
+end
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Vye
+  class VyeSerializer
+    attr_reader :resource
+
+    def initialize(resource)
+      @resource = resource
+    end
+
+    def to_json(*)
+      Oj.dump(serializable_hash, mode: :compat, time_format: :ruby)
+    end
+
+    def status
+      @resource&.status
+    end
+  end
+end
diff --git a/modules/vye/config/initializers/breakers.rb b/modules/vye/config/initializers/breakers.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'common/client/configuration/base'
+require 'common/client/configuration/rest'
+require 'breakers/statsd_plugin'
+
+# Not sure if any or all of these are needed
+require 'dgib/claimant_lookup/configuration'
+require 'dgib/claimant_status/configuration'
+require 'dgib/verification_record/configuration'
+require 'dgib/verify_claimant/configuration'
+
+Rails.application.reloader.to_prepare do
+  redis_namespace = Redis::Namespace.new('breakers', redis: $redis)
+
+  services = [
+    Vye::DGIB::Configuration.instance.breakers_service
+  ]
+
+  plugin = Breakers::StatsdPlugin.new
+
+  client = Breakers::Client.new(
+    redis_connection: redis_namespace,
+    services:,
+    logger: Rails.logger,
+    plugins: [plugin]
+  )
+
+  # No need to prefix it when using the namespace
+  Breakers.redis_prefix = ''
+  Breakers.client = client
+  Breakers.disabled = true if Settings.breakers_disabled
+end
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Zeitwerk was giving me fits until I added this.
+# It's a little ugly, but it works.
+require Rails.root.join('modules', 'vye', 'lib', 'dgib', 'claimant_lookup', 'service')
+require Rails.root.join('modules', 'vye', 'lib', 'dgib', 'claimant_status', 'service')
+require Rails.root.join('modules', 'vye', 'lib', 'dgib', 'verification_record', 'service')
+require Rails.root.join('modules', 'vye', 'lib', 'dgib', 'verify_claimant', 'service')
@@ -6,5 +6,10 @@
     resource :verifications, only: [:create], path: '/verify'
     resource :address_changes, only: [:create], path: '/address'
     resource :direct_deposit_changes, only: [:create], path: '/bank_info'
+
+    post 'dgib_verifications/verification_record', to: 'dgib_verifications#verification_record'
+    post 'dgib_verifications/verify_claimant', to: 'dgib_verifications#verify_claimant'
+    post 'dgib_verifications/claimant_status', to: 'dgib_verifications#claimant_status'
+    get 'dgib_verifications/claimant_lookup', to: 'dgib_verifications#claimant_lookup'
   end
 end
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Vye
+  module DGIB
+    class AuthenticationTokenService
+      ALGORITHM_TYPE = 'RS256'
+      E = 'AQAB'
+      TYP = 'JWT'
+      KID = 'vye'
+      USE = 'sig'
+      SIGNING_KEY = Settings.dgi.vye.jwt.private_key_path
+      RSA_PRIVATE = OpenSSL::PKey::RSA.new(File.read(SIGNING_KEY)) if File.exist?(SIGNING_KEY)
+
+      def self.call
+        payload = {
+          exp: Time.now.to_i + (5 * 60), # JWT expiration time (5 minutes)
+          nbf: Time.now.to_i,
+          realm_access: {
+            roles: ['VYE']
+          }
+        }
+
+        header_fields = { kid: KID, typ: TYP }
+
+        JWT.encode payload, RSA_PRIVATE, ALGORITHM_TYPE, header_fields
+      end
+    end
+  end
+end
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'dgib/configuration'
+
+module Vye
+  module DGIB
+    module ClaimantLookup
+      class Configuration < Vye::DGIB::Configuration
+        def service_name
+          'DGIB/ClaimantLookup'
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'dgib/response'
+
+module Vye
+  module DGIB
+    module ClaimantLookup
+      class Response < Vye::DGIB::Response
+        attribute :claimant_id, Integer
+
+        def initialize(status, response = nil)
+          attributes = { claimant_id: response.body['claimant_id'] }
+
+          super(status, attributes)
+        end
+      end
+    end
+  end
+end