Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AMM-1050 | 104 Assam Error pop up issue in BenHealthId once click on registration #48

Merged
merged 4 commits into from
Nov 11, 2024
Merged

AMM-1050 | 104 Assam Error pop up issue in BenHealthId once click on registration #48

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
090650d
swapping HTTPRequestInterceptor to old version HTTPRequestInterceptor
Nov 4, 2024
0ebb125
Update build-on-pull-request.yml
srishtigrp78 Nov 4, 2024
ec5e33c
Update package.yml
srishtigrp78 Nov 4, 2024
fc0cca3
Update sast.yml
srishtigrp78 Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 30 additions & 41 deletions src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,71 +38,66 @@

@Component
public class HTTPRequestInterceptor implements HandlerInterceptor {
Logger logger = LoggerFactory.getLogger(this.getClass().getName());
private Validator validator;

Logger logger = LoggerFactory.getLogger(this.getClass().getSimpleName());

@Autowired
public void setValidator(Validator validator) {
this.validator = validator;
}

private SessionObject sessionObject;

@Autowired
public void setSessionObject(SessionObject sessionObject) {
this.sessionObject = sessionObject;
}

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
logger.info("http interceptor - pre Handle");
boolean status = true;

if (request.getRequestURI().toLowerCase().contains("swagger-ui"))
return status;

String authorization = null;
String preAuth = request.getHeader("Authorization");
if (null != preAuth && preAuth.contains("Bearer "))
authorization = preAuth.replace("Bearer ", "");
else
authorization = preAuth;
logger.debug("In preHandle we are Intercepting the Request");
String authorization = request.getHeader("Authorization");
logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization
+ " || method :: " + request.getMethod());
if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
try {
String[] requestURIParts = request.getRequestURI().split("/");
String requestAPI = requestURIParts[requestURIParts.length - 1];
switch (requestAPI) {

// case "patient":
case "swagger-ui.html":
break;
case "index.html":
break;
case "swagger-initializer.js":
break;
case "swagger-config":
break;
case "ui":
break;
case "swagger-resources":
break;
case "version":
case "api-docs":
break;

break;
case "error":
status = false;
break;
default:
logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization);
if (authorization == null)
throw new Exception(
"Authorization key is NULL, please pass valid session key to proceed further. ");
String userRespFromRedis = sessionObject.getSessionObject(authorization);
if (userRespFromRedis == null)
throw new Exception("invalid Authorization key, please pass a valid key to proceed further. ");
String remoteAddress = request.getHeader("X-FORWARDED-FOR");
if (remoteAddress == null || remoteAddress.trim().length() == 0) {
remoteAddress = request.getRemoteAddr();
}
validator.checkKeyExists(authorization, remoteAddress);
break;
}
} catch (Exception e) {
logger.error(e.getLocalizedMessage());

OutputResponse output = new OutputResponse();
output.setError(e);
response.getOutputStream().print(output.toString());
response.setContentType(MediaType.APPLICATION_JSON);

response.setContentLength(output.toString().length());
response.setHeader("Access-Control-Allow-Origin", "*");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Review CORS configuration

The Access-Control-Allow-Origin: * header allows requests from any origin. Consider restricting this to specific allowed origins.

Consider:

  1. Moving CORS configuration to a centralized configuration
  2. Using Spring's @CrossOrigin or CorsConfigurer
  3. Explicitly listing allowed origins

response.getOutputStream().print(output.toString());

Comment on lines 89 to +97
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

πŸ› οΈ Refactor suggestion

Enhance error handling specificity

The catch block handles all exceptions the same way. Consider:

  1. Catching specific exceptions (e.g., AuthenticationException) separately
  2. Adding different error codes/messages for different failure scenarios
  3. Logging the full exception stack trace at ERROR level for debugging
-			} catch (Exception e) {
+			} catch (AuthenticationException e) {
+				logger.debug("Authentication failed: {}", e.getMessage());
+				OutputResponse output = new OutputResponse();
+				output.setError(e);
+				response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+				response.setContentType(MediaType.APPLICATION_JSON);
+				response.setContentLength(output.toString().length());
+				response.setHeader("Access-Control-Allow-Origin", "*");
+				response.getOutputStream().print(output.toString());
+				status = false;
+			} catch (Exception e) {
+				logger.error("Unexpected error in request processing", e);

Committable suggestion skipped: line range outside the PR's diff.

status = false;
}
}

return status;
}

Expand All @@ -111,12 +106,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
throws Exception {
try {
logger.debug("In postHandle we are Intercepting the Request");
String authorization = null;
String postAuth = request.getHeader("Authorization");
if (null != postAuth && postAuth.contains("Bearer "))
authorization = postAuth.replace("Bearer ", "");
else
authorization = postAuth;
String authorization = request.getHeader("Authorization");
logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization);
if (authorization != null) {
sessionObject.updateSessionObject(authorization, sessionObject.getSessionObject(authorization));
Expand All @@ -129,8 +119,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception arg3)
throws Exception {
logger.info("http interceptor - after completion");

logger.debug("In afterCompletion Request Completed");
}

}
Loading