Merge branch 'main' into feature/#3666-add-base-queue-to-schedulers

devops/helm/crunchy-postgres/values-0c27fb-prod.yaml

@@ -27,11 +27,11 @@ instances:
     storage: 5Gi
     storageClassName: netapp-block-standard
   requests:
-    cpu: 250m
-    memory: 512Mi
+    cpu: "2"
+    memory: 2Gi
   limits:
-    cpu: "1"
-    memory: 1Gi
+    cpu: "4"
+    memory: 4Gi
   replicaCertCopy:
     requests:
       cpu: 50m

devops/openshift/api-deploy.yml

@@ -303,6 +303,38 @@ objects:
       to:
         kind: Service
         name: ${NAME}
+  - apiVersion: route.openshift.io/v1
+    kind: Route
+    metadata:
+      name: ${EXTERNAL_SWAGGER_NAME}-route
+      annotations:
+        haproxy.router.openshift.io/balance: leastconn
+        haproxy.router.openshift.io/disable_cookies: "true"
+        haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload
+        haproxy.router.openshift.io/timeout: 30s
+    spec:
+      host: ${HOST_NAME}
+      path: ${EXTERNAL_SWAGGER_PATH}
+      port:
+        targetPort: http
+      tls:
+        insecureEdgeTerminationPolicy: Redirect
+        termination: edge
+        certificate: |
+          -----BEGIN CERTIFICATE-----
+          ${TLS_CERTIFICATE}
+          -----END CERTIFICATE-----
+        key: |
+          -----BEGIN PRIVATE KEY-----
+          ${TLS_KEY}
+          -----END PRIVATE KEY-----
+        caCertificate: |
+          -----BEGIN CERTIFICATE-----
+          ${TLS_CA_CERTIFICATE}
+          -----END CERTIFICATE-----
+      to:
+        kind: Service
+        name: ${NAME}
   - apiVersion: autoscaling/v2
     kind: HorizontalPodAutoscaler
     metadata:
@@ -345,6 +377,12 @@ parameters:
   - name: SWAGGER_PATH
     value: /swagger
     required: true
+  - name: EXTERNAL_SWAGGER_NAME
+    value: external-swagger
+    required: true
+  - name: EXTERNAL_SWAGGER_PATH
+    value: /external/swagger
+    required: true
   - name: PROJECT
     value: sims
   - name: SERVICE_NAME

sources/packages/backend/apps/api/src/app.external.module.ts

@@ -0,0 +1,21 @@
+import { Module } from "@nestjs/common";
+import { StudentExternalController } from "./route-controllers";
+import { AuthModule } from "./auth/auth.module";
+import { StudentService } from "./services";
+import {
+  DisbursementOverawardService,
+  NoteSharedService,
+  SFASIndividualService,
+} from "@sims/services";
+
+@Module({
+  imports: [AuthModule],
+  controllers: [StudentExternalController],
+  providers: [
+    StudentService,
+    SFASIndividualService,
+    DisbursementOverawardService,
+    NoteSharedService,
+  ],
+})
+export class AppExternalModule {}

sources/packages/backend/apps/api/src/app.module.ts

@@ -30,6 +30,7 @@ import { ConfigModule } from "@sims/utilities/config";
 import { DatabaseModule } from "@sims/sims-db";
 import { NotificationsModule } from "@sims/services/notifications";
 import { QueueModule } from "@sims/services/queue";
+import { AppExternalModule } from "./app.external.module";
 
 @Module({
   imports: [
@@ -43,6 +44,7 @@ import { QueueModule } from "@sims/services/queue";
     AppAESTModule,
     AppInstitutionsModule,
     AppStudentsModule,
+    AppExternalModule,
     AppSupportingUsersModule,
     QueueModule,
     ClamAntivirusModule,
@@ -63,6 +65,10 @@ import { QueueModule } from "@sims/services/queue";
         path: ClientTypeBaseRoute.SupportingUser,
         module: AppSupportingUsersModule,
       },
+      {
+        path: ClientTypeBaseRoute.External,
+        module: AppExternalModule,
+      },
     ]),
   ],
   controllers: [

sources/packages/backend/apps/api/src/auth/audiences.enum.ts

@@ -0,0 +1,17 @@
+/**
+ * Audiences recognized by the API.
+ * This is present on aud token claim.
+ */
+export enum Audiences {
+  /**
+   * Audience for the SIMS API.
+   * Every user token must have this audience to be considered valid.
+   */
+  SIMSApi = "sims-api",
+
+  /**
+   * Audience for the SIMS API External.
+   * External access user token must have this additional audience to be considered valid.
+   */
+  SIMSApiExternal = "sims-api-external",
+}

sources/packages/backend/apps/api/src/auth/authorized-parties.enum.ts

@@ -7,4 +7,5 @@ export enum AuthorizedParties {
   student = "student",
   aest = "aest",
   supportingUsers = "supporting-users",
+  external = "external",
 }

sources/packages/backend/apps/api/src/auth/guards/authorized-parties.guard.ts

@@ -12,6 +12,7 @@ import { IdentityProviders } from "@sims/sims-db";
 import { ConfigService } from "@sims/utilities/config";
 import { ApiProcessError } from "../../types";
 import { INVALID_BETA_USER } from "../../constants";
+import { Audiences } from "../../auth/audiences.enum";
 
 /**
  * Inspect the token to check if the correct authorized party
@@ -42,7 +43,13 @@ export class AuthorizedPartiesGuard implements CanActivate {
         "Client is not authorized under the expected authorized party(azp).",
       );
     }
-
+    if (
+      userToken.azp === AuthorizedParties.external &&
+      Array.isArray(userToken.aud) &&
+      userToken.aud.includes(Audiences.SIMSApiExternal)
+    ) {
+      return true;
+    }
     const isAllowedIDP = this.isAllowedIDP(
       userToken.azp,
       userToken.identityProvider,

sources/packages/backend/apps/api/src/auth/jwt.strategy.ts

@@ -13,6 +13,7 @@ import { KeycloakConfig } from "@sims/auth/config";
 import { ConfigService } from "@sims/utilities/config";
 import { INVALID_BETA_USER } from "../constants";
 import { ApiProcessError } from "../types";
+import { Audiences } from "./audiences.enum";
 
 /**
  * Inspect the header looking for the authentication header,
@@ -31,7 +32,7 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
       ignoreExpiration: false,
       secretOrKey: KeycloakConfig.PEM_PublicKey,
-      audience: "sims-api",
+      audience: Audiences.SIMSApi,
     });
   }
 

sources/packages/backend/apps/api/src/auth/userToken.interface.ts

@@ -95,6 +95,10 @@ export interface IUserToken {
    * Authorized party, Keycloak client used for the authentication.
    */
   azp: AuthorizedParties;
+  /**
+   * Audience, Keycloak audience used for the authentication.
+   */
+  aud: string | string[];
   /**
    * When the user is authenticated using the bceidboth IDP and the user has a business BCeID account,
    * this property contains the guid that identifies his business.

sources/packages/backend/apps/api/src/main.ts

@@ -12,6 +12,7 @@ import { Request, Response } from "express";
 import { KeycloakConfig } from "@sims/auth/config";
 import helmet from "helmet";
 import { SystemUsersService } from "@sims/services";
+import { AppExternalModule } from "./app.external.module";
 
 async function bootstrap() {
   await KeycloakConfig.load();
@@ -73,8 +74,7 @@ async function bootstrap() {
   // Configure Swagger.
   if (process.env.SWAGGER_ENABLED?.toLowerCase() === "true") {
     const options = new DocumentBuilder()
-      .setTitle(process.env.PROJECT_NAME)
-      .setDescription(`The ${process.env.PROJECT_NAME} API description`)
+      .setTitle("StudentAid BC")
       .setVersion("1.0.0")
       .addBearerAuth(
         {
@@ -87,6 +87,12 @@ async function bootstrap() {
       .build();
     const document = SwaggerModule.createDocument(app, options);
     SwaggerModule.setup("swagger", app, document);
+
+    // External swagger
+    const externalDocument = SwaggerModule.createDocument(app, options, {
+      include: [AppExternalModule], // Includes only AppExternalModule.
+    });
+    SwaggerModule.setup("external/swagger", app, externalDocument);
   }
 
   // Starting application

sources/packages/backend/apps/api/src/route-controllers/cas-supplier/_tests_/cas-supplier.aest.controller.getCASSupplier.e2e-spec.ts

@@ -23,14 +23,23 @@ describe("CASSupplierAESTController(e2e)-getCASSuppliers", () => {
     db = createE2EDataSources(dataSource);
   });
 
-  it("Should get all the CAS suppliers for a student when CAS suppliers info is requested for a student.", async () => {
+  it("Should get all the CAS suppliers with and without error for a student when CAS suppliers info is requested for a student.", async () => {
     // Arrange
     const savedCASSupplier1 = await saveFakeCASSupplier(db);
     const student = savedCASSupplier1.student;
     const savedCASSupplier2 = await saveFakeCASSupplier(
       db,
       { student },
-      { initialValues: { supplierStatus: SupplierStatus.VerifiedManually } },
+      {
+        initialValues: {
+          supplierStatus: SupplierStatus.ManualIntervention,
+          status: "ACTIVE",
+          errors: [
+            "[0034] SIN is already in use.",
+            "[9999] Duplicate Supplier , Reason: [0065]- Possible duplicate exists, please use online form",
+          ],
+        },
+      },
     );
 
     const endpoint = `/aest/cas-supplier/student/${student.id}`;
@@ -44,16 +53,24 @@ describe("CASSupplierAESTController(e2e)-getCASSuppliers", () => {
       .expect({
         items: [
           {
+            id: savedCASSupplier2.id,
             dateCreated: savedCASSupplier2.createdAt.toISOString(),
+            status: savedCASSupplier2.status,
             supplierNumber: savedCASSupplier2.supplierNumber,
-            supplierProtected: null,
+            supplierProtected: true,
             supplierStatus: savedCASSupplier2.supplierStatus,
             isValid: savedCASSupplier2.isValid,
             supplierSiteCode:
               savedCASSupplier2.supplierAddress.supplierSiteCode,
+            siteStatus: savedCASSupplier2.supplierAddress.status,
+            addressLine1: savedCASSupplier2.supplierAddress.addressLine1,
+            siteProtected: savedCASSupplier2.supplierAddress.siteProtected,
+            errors: savedCASSupplier2.errors,
           },
           {
+            id: savedCASSupplier1.id,
             dateCreated: savedCASSupplier1.createdAt.toISOString(),
+            status: savedCASSupplier1.status,
             supplierNumber: savedCASSupplier1.supplierNumber,
             supplierProtected: savedCASSupplier1.supplierProtected,
             supplierStatus: savedCASSupplier1.supplierStatus,
@@ -63,6 +80,7 @@ describe("CASSupplierAESTController(e2e)-getCASSuppliers", () => {
             siteStatus: savedCASSupplier1.supplierAddress.status,
             addressLine1: savedCASSupplier1.supplierAddress.addressLine1,
             siteProtected: savedCASSupplier1.supplierAddress.siteProtected,
+            errors: null,
           },
         ],
       });

sources/packages/backend/apps/api/src/route-controllers/cas-supplier/cas-supplier.aest.controller.ts

@@ -61,7 +61,9 @@ export class CASSupplierAESTController extends BaseController {
       studentId,
     );
     const casSupplierInfoDTOList = casSuppliers.map((casSupplier) => ({
+      id: casSupplier.id,
       dateCreated: casSupplier.createdAt,
+      status: casSupplier.status,
       supplierNumber: casSupplier.supplierNumber,
       supplierProtected: casSupplier.supplierProtected,
       supplierStatus: casSupplier.supplierStatus,
@@ -70,6 +72,7 @@ export class CASSupplierAESTController extends BaseController {
       addressLine1: casSupplier.supplierAddress?.addressLine1,
       siteStatus: casSupplier.supplierAddress?.status,
       siteProtected: casSupplier.supplierAddress?.siteProtected,
+      errors: casSupplier?.errors,
     }));
     return { items: casSupplierInfoDTOList };
   }

sources/packages/backend/apps/api/src/route-controllers/cas-supplier/models/cas-supplier.dto.ts

@@ -6,7 +6,9 @@ export class CASSupplierInfoAPIOutDTO {
 }
 
 export class CASSupplierInfoItemAPIOutDTO {
+  id: number;
   dateCreated: Date;
+  status: string;
   supplierNumber?: string;
   supplierProtected?: boolean;
   supplierStatus: SupplierStatus;
@@ -15,6 +17,7 @@ export class CASSupplierInfoItemAPIOutDTO {
   addressLine1?: string;
   siteStatus?: CASSupplierSiteStatus;
   siteProtected?: string;
+  errors?: string[];
 }
 
 export class AddCASSupplierAPIInDTO {

sources/packages/backend/apps/api/src/route-controllers/index.ts

@@ -82,3 +82,4 @@ export * from "./program-year/program-year.controller.service";
 export * from "./cas-supplier/cas-supplier.aest.controller";
 export * from "./application-restriction-bypass/application-restriction-bypass.aest.controller";
 export * from "./audit/audit.controller";
+export * from "./student/student.external.controller";

sources/packages/backend/apps/api/src/route-controllers/student/models/student.dto.ts

@@ -300,3 +300,23 @@ export class UpdateStudentDetailsAPIInDTO {
   @MaxLength(NOTE_DESCRIPTION_MAX_LENGTH)
   noteDescription: string;
 }
+
+/**
+ * Student details.
+ */
+export class StudentDetailsAPIOutDTO {
+  firstName: string;
+  lastName: string;
+  sin: string;
+  dateOfBirth: string;
+  address: AddressAPIOutDTO;
+  applicationNumbers: string[];
+}
+
+/**
+ * Student external search parameters.
+ */
+export class ExternalSearchStudentAPIInDTO {
+  @IsValidSIN()
+  sin: string;
+}