From 6f4067d1792d1067b3a836840a246048c78128d3 Mon Sep 17 00:00:00 2001 From: Jason Kulatunga Date: Tue, 17 Oct 2023 21:35:30 -0700 Subject: [PATCH] adding unsafe selective sync endpoint for testing purposes. --- backend/pkg/web/handler/unsafe.go | 77 +++++++++++++++++++++++++++++++ backend/pkg/web/server.go | 1 + 2 files changed, 78 insertions(+) diff --git a/backend/pkg/web/handler/unsafe.go b/backend/pkg/web/handler/unsafe.go index 5b6de167a..4cbaebe64 100644 --- a/backend/pkg/web/handler/unsafe.go +++ b/backend/pkg/web/handler/unsafe.go @@ -105,3 +105,80 @@ func UnsafeResourceGraph(c *gin.Context) { GetResourceFhirGraph(c) } + +func UnsafeSyncResourceNames(c *gin.Context) { + logger := c.MustGet(pkg.ContextKeyTypeLogger).(*logrus.Entry) + appConfig := c.MustGet(pkg.ContextKeyTypeConfig).(config.Interface) + databaseRepo := c.MustGet(pkg.ContextKeyTypeDatabase).(database.DatabaseRepository) + + //safety check incase this function is called in another way + if !appConfig.GetBool("web.allow_unsafe_endpoints") { + c.JSON(http.StatusServiceUnavailable, gin.H{"success": false}) + return + } + + //verify that c.QueryArray("resourceNames") is not empty + if len(c.QueryArray("resourceNames")) == 0 { + c.JSON(http.StatusBadRequest, gin.H{"success": false, "error": "resourceNames query parameter is required"}) + return + } + + //!!!!!!INSECURE!!!!!!S + //We're setting the username to a user provided value, this is insecure, but required for calling databaseRepo fns + c.Set(pkg.ContextKeyTypeAuthUsername, c.Param("username")) + + foundSource, err := databaseRepo.GetSource(c, c.Param("sourceId")) + if err != nil { + logger.Errorf("An error occurred while finding source credential: %v", err) + c.JSON(http.StatusInternalServerError, gin.H{"success": false, "error": err.Error()}) + return + } + + if foundSource == nil { + logger.Errorf("Did not source credentials for %s", c.Param("sourceType")) + c.JSON(http.StatusNotFound, gin.H{"success": false, "error": err.Error()}) + return + } + + client, err := factory.GetSourceClient(sourcePkg.GetFastenLighthouseEnv(), foundSource.SourceType, c, logger, foundSource) + if err != nil { + logger.Errorf("Could not initialize source client %v", err) + c.JSON(http.StatusInternalServerError, gin.H{"success": false, "error": err.Error()}) + return + } + + parsedUrl, err := url.Parse(strings.TrimSuffix(c.Param("path"), "/")) + if err != nil { + logger.Errorf("Error parsing request, %v", err) + c.JSON(http.StatusInternalServerError, gin.H{"success": false, "error": err.Error()}) + return + } + //make sure we include all query string parameters with the raw request. + parsedUrl.RawQuery = c.Request.URL.Query().Encode() + + //make sure we store the source credential information in the database, even if the request fails + defer func() { + //update source incase the access token/refresh token has been updated + sourceCredential := client.GetSourceCredential() + sourceCredentialConcrete, ok := sourceCredential.(*models.SourceCredential) + if !ok { + logger.Errorln("An error occurred while updating source credential, source credential is not of type *models.SourceCredential") + return + } + err = databaseRepo.UpdateSource(c, sourceCredentialConcrete) + if err != nil { + logger.Errorf("An error occurred while updating source credential: %v", err) + return + } + logger.Info("Successfully updated source credential") + }() + + upsertSummary, err := client.SyncAllByResourceName(databaseRepo, c.QueryArray("resourceNames")) + if err != nil { + logger.Errorf("Error making raw request, %v", err) + c.JSON(http.StatusInternalServerError, gin.H{"success": false, "error": err.Error(), "data": upsertSummary}) + return + } + + c.JSON(http.StatusOK, gin.H{"success": true, "data": upsertSummary}) +} diff --git a/backend/pkg/web/server.go b/backend/pkg/web/server.go index 6f469771e..9a032cd5e 100644 --- a/backend/pkg/web/server.go +++ b/backend/pkg/web/server.go @@ -112,6 +112,7 @@ func (ae *AppEngine) Setup() (*gin.RouterGroup, *gin.Engine) { //http://localhost:9090/api/unsafe/testuser1/3508f8cf-6eb9-4e4b-8174-dd69a493a2b4/Patient/smart-1288992 unsafe.GET("/:username/:sourceId/*path", handler.UnsafeRequestSource) unsafe.GET("/:username/graph/:graphType", handler.UnsafeResourceGraph) + unsafe.GET("/:username/sync/:sourceId", handler.UnsafeSyncResourceNames) } }