Skip to content

Commit

Permalink
MOSIP-21009 : Sonar Security Hotspots Of Admin Module (#947)
Browse files Browse the repository at this point in the history
* Update KeyManagerProxyController.java

Signed-off-by: Gokulraj C <[email protected]>

* Segregated HTTP methods in MasterData & KeyManager ProxyControllers

Signed-off-by: GOKULRAJ136 <[email protected]>

* Updated new changes

Signed-off-by: GOKULRAJ136 <[email protected]>

---------

Signed-off-by: Gokulraj C <[email protected]>
Signed-off-by: GOKULRAJ136 <[email protected]>
  • Loading branch information
GOKULRAJ136 authored Apr 1, 2024
1 parent 0c94828 commit c1e0080
Show file tree
Hide file tree
Showing 2 changed files with 135 additions and 30 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package io.mosip.admin.controller;

import javax.servlet.http.HttpServletRequest;

import io.mosip.admin.packetstatusupdater.util.AuditUtil;
import io.mosip.admin.packetstatusupdater.util.EventEnum;
import io.mosip.admin.service.AdminProxyService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
Expand All @@ -15,8 +15,8 @@
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
import io.mosip.admin.packetstatusupdater.util.AuditUtil;
import io.mosip.admin.packetstatusupdater.util.EventEnum;

import javax.servlet.http.HttpServletRequest;

@RestController
@RequestMapping("/keymanager/")
Expand All @@ -32,16 +32,70 @@ public class KeyManagerProxyController {
@Value("${mosip.admin.keymanager.service.url}")
private String url;

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = { RequestMethod.GET,
RequestMethod.POST, RequestMethod.DELETE,RequestMethod.PATCH,RequestMethod.PUT })
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller")
@ApiResponses(value = { @ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized" ,content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden" ,content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found" ,content = @Content(schema = @Schema(hidden = true)))})
public ResponseEntity<?> keyManagerProxyController(@RequestBody(required = false) String body,
HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.KEYMANAGER_PROXY_API_CALLED,null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request,url));
@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> getKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.KEYMANAGER_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> postKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE)
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> deleteKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PUT)
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy", tags = "KeyManager-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> putKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PATCH)
@Operation(summary = "KeyManager proxy", description = "KeyManager proxy for PATCH requests", tags = "KeyManager-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> patchKeyManagerProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}

}

Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,7 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;

Expand All @@ -35,17 +32,71 @@ public class MasterdataProxyController {
@Value("${mosip.admin.masterdata.service.url}")
private String url;

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = { RequestMethod.GET,
RequestMethod.POST, RequestMethod.DELETE,RequestMethod.PATCH,RequestMethod.PUT })
@Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller")
@ApiResponses(value = { @ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized" ,content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden" ,content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found" ,content = @Content(schema = @Schema(hidden = true)))})
public ResponseEntity<?> masterDataProxyController(@RequestBody(required = false) String body,
HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED,null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request,url));
@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
@Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> getMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
@Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> postMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE)
@Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> deleteMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(null, request, url));
}

@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PUT)
@Operation(summary = "Master data proxy", description = "Master data proxy", tags = "proxy-masterdata-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> putMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}


@RequestMapping(path = "/**", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.PATCH)
@Operation(summary = "Master data proxy", description = "Master data proxy for PATCH requests", tags = "proxy-masterdata-controller")
@ApiResponses(value = {
@ApiResponse(responseCode = "200", description = "OK"),
@ApiResponse(responseCode = "401", description = "Unauthorized", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "403", description = "Forbidden", content = @Content(schema = @Schema(hidden = true))),
@ApiResponse(responseCode = "404", description = "Not Found", content = @Content(schema = @Schema(hidden = true)))
})
public ResponseEntity<?> patchMasterDataProxyController(@RequestBody(required = false) String body, HttpServletRequest request) {
auditUtil.setAuditRequestDto(EventEnum.MASTERDATA_PROXY_API_CALLED, null);
return ResponseEntity.status(HttpStatus.OK).body(service.getResponse(body, request, url));
}

}

0 comments on commit c1e0080

Please sign in to comment.