O3-310: allow Put operations on an application-writable config.json file to openmrs/data/frontends/config.json

[jnsereko]

Description of what I changed

This is a continuation of openmrs/openmrs-module-spa#57 cc @dkayiwa

Issue I worked on

see https://issues.openmrs.org/browse/O3-310

Checklist: I completed these to help reviewers :)

• My IDE is configured to follow the code style of this project.

  No? Unsure? -> configure your IDE, format the code and add the changes with git add . && git commit --amend

• I have added tests to cover my changes. (If you refactored
  existing code that was well tested you do not have to add tests)

  No? -> write tests and add them to this commit git add . && git commit --amend

• I ran mvn clean package right before creating this pull request and
  added all formatting changes to my commit.

  No? -> execute above command

• All new and existing tests passed.

  No? -> figure out why and add the fix to your commit. It is your responsibility to make sure your code works.

• My pull request is based on the latest changes of the master branch.

  No? Unsure? -> execute command git pull --rebase upstream master

[dkayiwa]

@jnsereko shouldn't we also have the option to locally download the config.json file from the server storage via a GET HTTP request?

[ibacher]

Why do we even have an authorization check here? This can be handled by the filter in this module and we should be able to just reject things if there's no user or the user isn't an administrator.

[jnsereko]

I have some doubts regarding our current authorisation filters.
When i execute a request with/without an Auth header, it fails the first time but succeeds on subsequent tries, hence i resorted to retaining the authorisation confirmation logic. However, i am going to remove it.

[ibacher]

Why ModuleException? That shouldn't be used here. Also, it's not great to echo a file path back in response to a web request...

[jnsereko]

I think throwing an IOException is better

[dkayiwa]

The formatting here looks ... 😊

[dkayiwa]

Did you address the formatting?

[jnsereko]

I have removed the extra spaces

[dkayiwa]

And the indention?

[dkayiwa]

Don't we have a library like IOUtils or any other to read this?

[dkayiwa]

And are we doing all this simply for the sake of validating that it is a JSON file?

[jnsereko]

new ObjectMapper().readTree(requestBody);
this is the only line that validates the JSON file. Is it so expensive?

[dkayiwa]

Then why is the entire method block surrounded with a try catch for JsonProcessingException?

[jnsereko]

Then why is the entire method block surrounded with a try catch for JsonProcessingException?

I've made the try block specific to parsing

[dkayiwa]

@jnsereko can you respond to all my comments?

[jnsereko]

@jnsereko can you respond to all my comments?

Sorry i had missed some of them. This PR has quite many comments. I hope i have addressed all of them now

[dkayiwa]

Is the above line also for validation?

[jnsereko]

no, this is just for reading the request body. Line 86 does the validation

[ibacher]

There's some inconsistency in spacing here. This line uses a tab character, but most lines are indented by spaces.

[jnsereko]

i am wondering, what brought that tab, locally it doesn't exist. I will re-push

[ibacher]

IDEs have a nasty habit of doing this on auto-indent.

[ibacher]

This is the other line I see indented by a tab.

[jnsereko]

same as here #595 (comment)

[ibacher]

Suggested change

	log.error("Error reading Configuration file: " + jsonConfigFile.getAbsolutePath(), e);
	log.error("Error reading Configuration file {}", jsonConfigFile.getAbsolutePath(), e);

[ibacher]

Adding Content-Disposition: attachment makes it impossible to use this on the frontend because you're not returning the JSON file as a REST response. You're returning a response instructing the user agent to download that as a file. Without some kind of endpoint that allows us to make a get request and get the JSON document back as part of the response without the Content-Disposition we cannot make use of this configuration file. (I'd suggest adding an optional parameter, e.g., ?download so that:

GET /openmrs/ws/rest/v1/frontend/config.json returns like requesting any other JSON file and GET /openmrs/ws/rest/v1/frontend/config.json?download sends it as an attachment.

[jnsereko]

i have added the Content-Disposition: attachment for both GET /openmrs/ws/rest/v1/frontend/config.json?download and GET /openmrs/ws/rest/v1/frontend/config.json?download=true. As an addition, i have Set their content type to application/x-download
Thank you for this clarification

[ibacher]

I'd keep the content type! It's still a JSON document.

[ibacher]

Suggested change

	log.debug("Configuration file does not exist");
	log.warn("Configuration file does not exist");

[ibacher]

Suggested change

	log.error("Invalid JSON format", e);
	log.error("Invalid JSON format when reading: {}", requestBody, e);

[ibacher]

This check is unnecessary. copyFile() would've thrown an exception (which should potentially be handled here) if there was a failure.

[ibacher]

Suggested change

	try {
	// verify that is in a valid JSON format
	new ObjectMapper().readTree(requestBody);
	} catch (JsonProcessingException e) {
	log.error("Invalid JSON format", e);
	response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid JSON format");
	}
	try {
	// verify that is in a valid JSON format
	new ObjectMapper().readTree(requestBody);
	} catch (JsonProcessingException e) {
	log.error("Invalid JSON format", e);
	response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Invalid JSON format");
	}

[ibacher]

Never end a function like this with an if without an else. What response would the consumer get if the jsonConfigFile.exists() check returned false? (This is just intended as a pedagogic remark; as I said above, the entire if is unnecessary

[ibacher]

This is fine, but:

1. The error should be logged
2. The consuming code should probably catch this exception and return something without the full path

[ibacher]

It'd be great to have some tests for this.

[brandones]

@jnsereko Do you think you could add some tests that verify that this works as expected?