Implement Secure Upload Service API

[arnejduranovic]

User Story

As a stakeholder of ReportStream, I want a SECURE, RELIABLE, SCALABLE, and DECOUPLED way to handle incoming upload requests, so that we can minimize potential of unrelated-to-uploads ReportStream issues preventing senders from submitting reports.

Description/Use Case

Presently, ReportStream has two upload APIs:

• "reports API" - uses Azure Functions Key Auth
• "Waters API" - uses OAuth2.0 with homemade custom Authorization server embedded in the application

The reports API is coupled to an insecure auth method and both endpoints are tightly coupled to the main Azure Functions App where all the other services are running alongside. This ticket is to implement a new upload API, specific to UP, that is decoupled from the main app/database and uses the new secure Auth service.

Risks/Impacts/Considerations

Dev Notes

The implementation details of this service have (mostly) been thought through. Please see the Receive Step Software Requirements section in the UP Software Requirements Document.

Acceptance Criteria

• [ ] Upload Service (Spring App) implemented per the SRD. Any changes to SRD reviewed and Approved by @arnejduranovic
• [ ] SRD updated (if needed) and Approved by @arnejduranovic
• [ ] Auth skipped for now

[Andrey-Glazkv]

Hey team! Please add your planning poker estimate with Zenhub @adegolier @arnejduranovic @brick-green @david-navapbc @jack-h-wang @jalbinson @JFisk42 @mkalish @thetaurean