diff --git a/.github/workflows/build-on-pull-request.yml b/.github/workflows/build-on-pull-request.yml index fd22ac2..744b905 100644 --- a/.github/workflows/build-on-pull-request.yml +++ b/.github/workflows/build-on-pull-request.yml @@ -13,10 +13,10 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven run: mvn clean install diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml index d0de9e7..5cc0ca0 100644 --- a/.github/workflows/package.yml +++ b/.github/workflows/package.yml @@ -22,10 +22,10 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven @@ -35,7 +35,7 @@ jobs: run: mvn -B package --file pom.xml - name: Upload WAR file as artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: FHIR-API path: target/fhirapi-v1.0.war diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index c79277e..eb8d6b3 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -37,10 +37,10 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v2 - - name: Setup JDK 8 + - name: Setup JDK 17 uses: actions/setup-java@v2 with: - java-version: 8 + java-version: 17 distribution: 'adopt' - name: Build with Maven diff --git a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java index 6da354f..f32abb1 100644 --- a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java +++ b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java @@ -38,71 +38,66 @@ @Component public class HTTPRequestInterceptor implements HandlerInterceptor { - Logger logger = LoggerFactory.getLogger(this.getClass().getName()); + private Validator validator; + + Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName()); @Autowired + public void setValidator(Validator validator) { + this.validator = validator; + } + private SessionObject sessionObject; + @Autowired + public void setSessionObject(SessionObject sessionObject) { + this.sessionObject = sessionObject; + } + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception { - logger.info("http interceptor - pre Handle"); boolean status = true; - - if (request.getRequestURI().toLowerCase().contains("swagger-ui")) - return status; - - String authorization = null; - String preAuth = request.getHeader("Authorization"); - if (null != preAuth && preAuth.contains("Bearer ")) - authorization = preAuth.replace("Bearer ", ""); - else - authorization = preAuth; + logger.debug("In preHandle we are Intercepting the Request"); + String authorization = request.getHeader("Authorization"); + logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization + + " || method :: " + request.getMethod()); if (!request.getMethod().equalsIgnoreCase("OPTIONS")) { try { String[] requestURIParts = request.getRequestURI().split("/"); String requestAPI = requestURIParts[requestURIParts.length - 1]; switch (requestAPI) { + + // case "patient": case "swagger-ui.html": - break; - case "index.html": - break; - case "swagger-initializer.js": - break; - case "swagger-config": - break; case "ui": - break; case "swagger-resources": - break; + case "version": case "api-docs": - break; + break; case "error": status = false; break; default: - logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization); - if (authorization == null) - throw new Exception( - "Authorization key is NULL, please pass valid session key to proceed further. "); - String userRespFromRedis = sessionObject.getSessionObject(authorization); - if (userRespFromRedis == null) - throw new Exception("invalid Authorization key, please pass a valid key to proceed further. "); + String remoteAddress = request.getHeader("X-FORWARDED-FOR"); + if (remoteAddress == null || remoteAddress.trim().length() == 0) { + remoteAddress = request.getRemoteAddr(); + } + validator.checkKeyExists(authorization, remoteAddress); break; } } catch (Exception e) { - logger.error(e.getLocalizedMessage()); - OutputResponse output = new OutputResponse(); output.setError(e); - response.getOutputStream().print(output.toString()); response.setContentType(MediaType.APPLICATION_JSON); + response.setContentLength(output.toString().length()); response.setHeader("Access-Control-Allow-Origin", "*"); + response.getOutputStream().print(output.toString()); + status = false; } } - return status; } @@ -111,12 +106,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, throws Exception { try { logger.debug("In postHandle we are Intercepting the Request"); - String authorization = null; - String postAuth = request.getHeader("Authorization"); - if (null != postAuth && postAuth.contains("Bearer ")) - authorization = postAuth.replace("Bearer ", ""); - else - authorization = postAuth; + String authorization = request.getHeader("Authorization"); logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization); if (authorization != null) { sessionObject.updateSessionObject(authorization, sessionObject.getSessionObject(authorization)); @@ -129,8 +119,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception arg3) throws Exception { - logger.info("http interceptor - after completion"); - + logger.debug("In afterCompletion Request Completed"); } }