feat(ojoi): Add auth to client endpoint

[jonbjarnio]

What

Adding auth to include bearer token to third party services

Why

To allow third party services to extract information from the bearer token

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• [] I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Enhanced API functionality by integrating user context into various operations, allowing for personalized and authorized interactions.
  • Introduced an authentication mechanism for API calls, improving security during application submissions and data retrieval.

• Bug Fixes

  • Adjusted method signatures to ensure proper handling of user and authentication parameters across multiple services.

• Documentation

  • Updated configuration schema for better accessibility and clarity regarding permissions and resource access.

[coderabbitai]

Walkthrough

The pull request introduces significant changes across multiple files, primarily focusing on integrating user context into GraphQL resolvers and service methods. The @CurrentUser() decorator is added to various methods to retrieve the current user's information, which is passed as an argument to enhance functionality. Additionally, authentication handling is improved in the client service, and configuration adjustments are made for the application client, emphasizing a shift towards user-specific operations and secure API interactions.

Changes

File	Change Summary
libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.resolver.ts libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.service.ts	Added @CurrentUser() decorator in resolvers and User parameter in service methods to incorporate user context for various operations related to comments, pricing, and attachments.
libs/application/template-api-modules/src/lib/modules/templates/official-journal-of-iceland/official-journal-of-iceland.service.ts	Modified postApplication method to include an auth parameter for enhanced security during application submissions.
libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.config.ts	Moved scope property to the top level of the configuration schema and updated its default value to ['api_resource.scope'], changing how permissions are defined.
libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.provider.ts	Integrated IdsClientConfig into the client provider to enable identity management features, enhancing authentication mechanisms.
libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.service.ts	Introduced ojoiApplicationApiWithAuth method to wrap API calls with authentication middleware and modified method signatures to include auth parameter, ensuring secure API interactions.

Possibly related PRs

• feat(ids-api): Add legal representative delegation type and return in delegation list. #15837: Introduces a new delegation type called "LegalRepresentative," potentially related to user context and authorization.
• feat(auth-admin): Delegation admin module #15867: Involves user permissions and roles in the delegation admin module, which could connect to the user context changes in the main PR.
• feat(auth-admin): General mandate delegation type #16005: Adds a new delegation type "GeneralMandate," which may connect with the user context changes regarding delegation management.
• fix(ojoi): Signature HTML and comments #16032: Modifies comments logic and introduces signature HTML, relating to user interactions and data handling similar to the user context changes.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.service.ts (1)

150-181: Remove the console.log statement.

The addApplicationAttachment, getApplicationAttachments, and deleteApplicationAttachment methods are updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API calls. This ensures that the application attachments are managed securely with the provided authentication.

However, the console.log statement in the addApplicationAttachment method should be removed as it is likely a debugging artifact and should not be present in production code.

Apply this diff to remove the console.log statement:

- console.log(auth)

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between bc0f27b and 32521b0.

Files selected for processing (6)

• libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.resolver.ts (7 hunks)
• libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.service.ts (3 hunks)
• libs/application/template-api-modules/src/lib/modules/templates/official-journal-of-iceland/official-journal-of-iceland.service.ts (1 hunks)
• libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.config.ts (2 hunks)
• libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.provider.ts (3 hunks)
• libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.service.ts (7 hunks)

Additional context used

Path-based instructions (6)

libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.resolver.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/application/template-api-modules/src/lib/modules/templates/official-journal-of-iceland/official-journal-of-iceland.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.config.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.provider.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.service.ts (1)

Pattern libs/**/*: "Confirm that the code adheres to the following:

• Reusability of components and hooks across different NextJS apps.
• TypeScript usage for defining props and exporting types.
• Effective tree-shaking and bundling practices."

Additional comments not posted (33)

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.config.ts (3)

9-9: LGTM! The scope property is now a top-level property in the schema.

Moving the scope property to the top level of the schema changes the structure of the configuration object, making it directly accessible as a top-level property. The Zod definition ensures that scope is an array of strings, providing type safety and validation.

Consider updating any code that accesses the scope property to reflect the new schema structure.

---

22-22: Verify the impact of the updated default value for the scope property.

The default value for the scope property has been changed from an empty array to ['api_resource.scope']. This change signifies a shift in how the application will handle the scope parameter, potentially impacting the way permissions or resource access are defined within the application.

Please ensure that the api_resource.scope value aligns with the intended functionality and security requirements of the application. Consider the following:

• Does api_resource.scope represent a valid and appropriate scope for the application?
• Are there any dependencies or configurations that need to be updated to support this new default scope?
• Have the necessary permissions and access controls been implemented to handle the api_resource.scope?

---

Line range hint 1-28: The code file adheres to TypeScript usage and configuration reusability.

The code file defines a configuration schema using Zod, which promotes type safety and validation. The configuration is defined using the defineConfig function from @island.is/nest/config, indicating a reusable configuration pattern.

However, the code file does not contain any components or hooks, so the reusability aspect cannot be fully assessed in this context. Additionally, the code file does not directly involve bundling or tree-shaking practices.

libs/application/template-api-modules/src/lib/modules/templates/official-journal-of-iceland/official-journal-of-iceland.service.ts (1)

37-42: LGTM!

The changes align with the PR objective of implementing authentication by including the auth parameter in the call to this.ojoiApplicationService.postApplication. The method is correctly propagating the auth parameter to the service layer for handling authentication.

Error handling is also implemented by catching exceptions and returning false.

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.provider.ts (3)

9-9: LGTM!

The import statement correctly adds the necessary configurations for integrating an Identity Service (IDS) client and XRoad, which aligns with the PR objective. The code follows the expected pattern and TypeScript usage.

---

19-33: Looks good!

The changes effectively integrate the Identity Service (IDS) client configuration into the useFactory function. The conditional configuration of autoAuth based on idsClientConfig.isConfigured allows flexibility in enabling/disabling the authentication mechanism. The code follows TypeScript best practices for defining the configuration type.

---

47-47: Looks good!

Adding IdsClientConfig.KEY to the inject array is necessary to make the IDS configuration available for dependency injection. This change ensures that the useFactory function can access the idsClientConfig as expected.

libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.resolver.ts (8)

39-43: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

---

49-53: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

---

59-60: LGTM!

The method correctly passes the id and user context to the service layer. The changes are consistent with the other methods in the file.

---

66-67: LGTM!

The method correctly passes the id and user context to the service layer. The changes are consistent with the other methods in the file.

---

76-78: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

---

87-89: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

---

98-100: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

---

109-111: LGTM!

The method correctly passes the input and user context to the service layer. The changes are consistent with the other methods in the file.

libs/api/domains/official-journal-of-iceland-application/src/lib/ojoiApplication.service.ts (9)

19-19: LGTM!

The import statement for the User type is correct and follows the proper syntax.

---

31-32: LGTM!

The getComments method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.getComments method. This allows for user-specific functionality or authorization checks.

---

35-44: LGTM!

The postComment method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.postComment method. This allows for user-specific functionality or authorization checks.

---

51-57: LGTM!

The getPdfUrl method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.getPdfUrl method. This allows for user-specific functionality or authorization checks.

---

60-64: LGTM!

The postApplication method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.postApplication method. This allows for user-specific functionality or authorization checks.

---

67-73: LGTM!

The getPrice method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.getPrice method. This allows for user-specific functionality or authorization checks.

---

78-92: LGTM!

The getPresignedUrl method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.getPresignedUrl method. This allows for user-specific functionality or authorization checks.

---

97-116: LGTM!

The addApplicationAttachment method is correctly updated to accept a user: User parameter, which is then passed to the ojoiApplicationService.addApplicationAttachment method. This allows for user-specific functionality or authorization checks.

---

133-157: LGTM!

The getApplicationAttachments and deleteApplicationAttachment methods are correctly updated to accept a user: User parameter, which is then passed to the respective methods of the ojoiApplicationService. This allows for user-specific functionality or authorization checks.

libs/clients/official-journal-of-iceland/application/src/lib/ojoiApplicationClient.service.ts (9)

21-21: LGTM!

The import statement for Auth and AuthMiddleware from @island.is/auth-nest-tools is correct and necessary for the authentication changes in this service.

---

33-35: LGTM!

The new private method ojoiApplicationApiWithAuth is implemented correctly. It encapsulates the logic of applying the AuthMiddleware to the API, which can be reused across other methods in the service. This is a good practice for code reusability and maintainability.

---

39-42: LGTM!

The getComments method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the comments are retrieved securely with the provided authentication.

---

55-57: LGTM!

The postComment method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the comments are posted securely with the provided authentication.

---

69-74: LGTM!

The postApplication method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the application is posted securely with the provided authentication.

---

88-93: LGTM!

The getPdfUrl method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the PDF URL is retrieved securely with the provided authentication.

---

95-101: LGTM!

The getPdf method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the PDF is retrieved securely with the provided authentication.

---

124-129: LGTM!

The getPrice method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the price is retrieved securely with the provided authentication.

---

143-145: LGTM!

The getPresignedUrl method is updated correctly to accept the auth parameter and use the new ojoiApplicationApiWithAuth method for the authenticated API call. This ensures that the presigned URL is retrieved securely with the provided authentication.

[thorkellmani]

Mostly cool, one comment

[codecov]

Codecov Report

Attention: Patch coverage is 13.69863% with 63 lines in your changes missing coverage. Please review.

Project coverage is 36.65%. Comparing base (3e2136e) to head (f917d98).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...plication/src/lib/ojoiApplicationClient.service.ts	3.33%	29 Missing ⚠️
...and-application/src/lib/ojoiApplication.service.ts	0.00%	18 Missing ⚠️
...nd-application/src/lib/ojoiApplication.resolver.ts	33.33%	14 Missing ⚠️
...-of-iceland/official-journal-of-iceland.service.ts	0.00%	1 Missing ⚠️
...lication/src/lib/ojoiApplicationClient.provider.ts	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16090      +/-   ##
==========================================
- Coverage   36.65%   36.65%   -0.01%     
==========================================
  Files        6749     6748       -1     
  Lines      138766   138774       +8     
  Branches    39422    39423       +1     
==========================================
- Hits        50863    50862       -1     
- Misses      87903    87912       +9     

Flag	Coverage Δ
api	3.39% <ø> (ø)
application-system-api	41.50% <13.69%> (-0.02%)	⬇️
application-template-api-modules	23.47% <0.00%> (ø)
web	1.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...-of-iceland/official-journal-of-iceland.service.ts	52.94% <0.00%> (ø)
...lication/src/lib/ojoiApplicationClient.provider.ts	88.88% <66.66%> (-11.12%)	⬇️
...nd-application/src/lib/ojoiApplication.resolver.ts	57.37% <33.33%> (-4.03%)	⬇️
...and-application/src/lib/ojoiApplication.service.ts	21.62% <0.00%> (ø)
...plication/src/lib/ojoiApplicationClient.service.ts	13.79% <3.33%> (+0.58%)	⬆️

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e2136e...f917d98. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs e157011 🔗

✅ 4 Total Test Services: 0 Failed, 4 Passed
🔻 Test Sessions change in coverage: 1 decreased (-0.01%), 6 no change

Test Services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
api	0	0	0	4	0	3.04s	1 no change	Link
application-system-api	0	0	0	111	2	3m 27.77s	1 decreased (-0.01%)	Link
application-template-api-modules	0	0	0	109	0	1m 49.92s	1 no change	Link
web	0	0	0	84	0	32.11s	1 no change	Link

🔻 Code Coverage Decreases vs Default Branch (1)

• application-system-api - jest 37.08% (-0.01%) - Details