search

Gemeente-DenHaag / mijndenhaag-pwa

Progressive Web App based on React and Gatsby for the MijnDenHaag personal environment.
Other
1 stars 1 forks source link

Create Frontend Gateway to communicate with OpenZaak #15

Closed mjcarsjens closed 3 years ago

mjcarsjens commented 3 years ago

We need to create a Frontend Gateway to handle authentication which handles all the API requests from our PWA. My personal preference goes to a Node.JS application which for now simply mirrors the endpoints of OpenZaak and given a request BSN (no further authentication necessary atm) creates a request to OpenZaak and forwards the response to our PWA.

The creation of the JWT token and the client_id and secret for the OpenZaak API will live in this Frontend Gateway. For inspiration we can take a look at the spring boot (Java) application which was created with this exact purpose for the PoC in May of 2020. This can be found in Azure DevOps in the lopende_zaken repo (folder gateway) https://dev.azure.com/mijndenhaag/mdh/_git/lopende_zaken?path=%2Fgateway.

You can also build this project to see how it works (Java JRE and JDE required):

NOTE: This will get its own GIT repo

Goals

TASK:

mjcarsjens commented 3 years ago

@Gemeente-DenHaag/mdh-rysst

GewoonMaarten commented 3 years ago

@mjcarsjens The openzaak API exposes a lot more functionality than the FE gateway exposes. My guess is that only the endpoints in the Java FE gateway need to be exposed?

I think these stories need to be setup first.

  1. Research server.

    As a developer I want some knowledge about the architecture of the gateway, so that I can start implementing it. Acceptance Criterion:

    1. Researched server library for nodejs.
    2. Research hosting. Where is the server supposed to be hosted? Does that bring any advantages that we can use?
    3. Researched logging system. Also depends on the hosting.
    4. Researched secure file upload (eg. max file size, whitelisted extensions, av scanner, filename limit, etc.)
    5. Researcherd secure BSN storage (eg. encryption, store in nodejs or external server like redis?)

  2. Basic nodejs server.

    As a developer I want a basic nodejs server, so that I implement the other gateway stories. Acceptance Criterion:

    1. Ensure webserver is secure (ie. code).
      1. Create logging system (makes sure it works with the place where it is hosted (probably azure)).
      2. Create authentication with openzaak.

The Java FE gateway exposes lots of functionality. Some are relatively easy to implement as they only require a simple JSON GET/POST request, while others require the uploading of files to Azure blob storage. My suggestion is to split each bit of functionality into its own story. This has the benefit that each story is a small and manageable job (most of these stories would be 1 point, some 3). I suggest the following stories:

  1. Get all catalogs.

    As a developer I want to be able to retrieve all catalogs, so that these can be made available the PWA. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  2. Generating JWT tokens.

    As a developer I want to be able generate a JWT, so that I can use it to authenticate users. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  3. Get all "zaken" for a given BSN.

    As a developer I want to be able get all "zaken", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  4. Get specific "zaak" based on UUID.

    As a developer I want to be able get a specific "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  5. Get "taken" for a given "zaak".

    As a developer I want to be able get a specific "taak" for a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  6. Get all characteristics of a "zaak".

    As a developer I want to be able get all characteristics of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  7. Get a specific characteristic of a "zaak".

    As a developer I want to be able get a specific characteristic of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  8. Get a specific document based on UUID.

    As a developer I want to be able get a document based on UUID, so that the user can download it. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  9. Get all statuses of a "zaak".

    As a developer I want to be able get all statuses of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  10. Get a specific status of a "zaak".

    As a developer I want to be able get a specific status of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  11. Get a specific "zaak" type.

    As a developer I want to be able get a specific type of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  12. Get all status types.

    As a developer I want to be able get all status types, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  13. Get a specific status type based on UUID.

    As a developer I want to be able to get a specific status type based on UUID, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  14. Get "Zaakinformatieobjecten".

    As a developer I want to be able to get a Zaakinformatieobjecten, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  15. Get all results of a "zaak".

    As a developer I want to be able to all results of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  16. Get a specific result of a "zaak".

    As a developer I want to be able to a specific result of a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  17. Get a specific result type.

    As a developer I want to be able to a specific result type, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  18. Get all roles for a "zaak".

    As a developer I want to be able to get all roles for a "zaak", so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  19. Get a "EnkelVoudigZaakInformatieObject" based on UUID.

    As a developer I want to be able to get a "EnkelVoudigZaakInformatieObject" based on UUID, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  20. Get a "aanvraag" definition.

    As a developer I want to be able to get a "aanvraag" definition, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  21. Get form definition.

    As a developer I want to be able to get a form definition, so that I can provide it to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  22. Post "aanvraag".

    As a developer I want to be able to post a "aanvraag", so that I can provide this functionality to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  23. Post completed task.

    As a developer I want to be able to post a completed task, so that I can provide this functionality to the user. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  24. Post file to blob storage.

    As a developer I want to be able to upload a file to azure blob storage, so that the users files can be saved. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Authenticate to blob storage.
      2. Proper logging of errors to seperate file [need more insight].
      3. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  25. Get file from blob storage by UUID.

    As a developer I want to be able to download a file from azure blob storage, so that the user can retrieved their files. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Authenticate to blob storage.
      2. Proper logging of errors to seperate file [need more insight].
      3. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

  26. Set BSN in session.

    As a developer I want to be able to set a BSN number for a session, so that I can connect a user to a BSN. Acceptance Criterion:

    1. Mimic the functionality of the FE gateway [code].
      1. Proper logging of errors to seperate file [need more insight].
      2. Ensure API returns proper HTTP status codes with useful error code (we can use this to display error messages to the user).
    2. Create unit tests ~80% code coverage.

We probably want to hire some testers and pen testers after this project has progressed sufficiently far, because file upload is extremely dangerous.

GewoonMaarten commented 3 years ago

Closed in favour of the issues in https://github.com/Gemeente-DenHaag/mijngemeente-gateway.