search

CDCgov / prime-reportstream

ReportStream is a public intermediary tool for delivery of data between different parts of the healthcare ecosystem.
https://reportstream.cdc.gov
Creative Commons Zero v1.0 Universal
73 stars 40 forks source link

Investigate Spring Cloud Gateway support for only allowing the proxying of certain URLs #15864

Closed jalbinson closed 2 weeks ago

jalbinson commented 1 month ago

User Story

Our current auth POC uses a simple global wildcard to forward all requests to their correct destination whether it exists or not. This is causing issues with serving swagger ui and also may be forwarding requests to invalid endpoints that could be handled at the gateway level.

Description/Use Case

See if requests could be set up via configuration as seen in Spring Cloud Gateway documentation

Dev Notes

Ensure Swagger can be used if added Investigate if Azure FrontDoor could be used for this.

Acceptance Criteria

if possible... -POC updated to route specific configuration (remove wildcard request mapping) -Requests that are forwarded are still being checked for authentication and 401 if missing/invalid -Swagger loads -unit tests continue to pass

if not possible... -Document reasoning in project and write ticket for alternative way to limit scope of possible forwarded requests

Andrey-Glazkv commented 1 month ago

Hey team! Please add your planning poker estimate with Zenhub @adegolier @arnejduranovic @brick-green @david-navapbc @jack-h-wang @jalbinson @JFisk42 @mkalish @thetaurean