ExternalRequestController.java

/*
 * Copyright 2025 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.genesys.server.api.v2.impl;

import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.extern.slf4j.Slf4j;

import org.genesys.server.api.ApiBaseController;
import org.genesys.server.api.v2.facade.ExternalRequestApiService;
import org.genesys.server.api.v2.model.impl.ExternalRequestDTO;
import org.genesys.server.api.v2.model.impl.ExternalRequestGenesysDTO;
import org.genesys.server.api.v2.model.impl.ExternalRequestItemDTO;
import org.genesys.server.exception.NotFoundElement;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import java.io.IOException;
import java.util.List;
import java.util.UUID;

@RestController("externalRequestApi2")
@RequestMapping(ExternalRequestController.CONTROLLER_URL)
@Tag(name = "ExternalRequest")
@Slf4j
public class ExternalRequestController extends ApiBaseController {

	/** The Constant CONTROLLER_URL. */
	public static final String CONTROLLER_URL = ApiBaseController.APIv2_BASE + "/request/external";

	@Autowired
	private ExternalRequestApiService externalRequestApiService;

	@Value("${frontend.url}")
	private String frontendUrl;

	/**
	 * Allow OAuth clients to register their users' intent to complete a request for
	 * material with Genesys.
	 *
	 * @param request Request for material
	 * @return UUID assigned to the external request, used to resume the requesting process in Genesys
	 * @throws ExternalRequestApiService.ExternalRequestAccessionsException List of material that cannot be requested with Genesys
	 */
	@PreAuthorize("hasRole('CLIENT') or hasRole('TRUSTED_CLIENT')")
	@PostMapping(value = "", produces = MediaType.APPLICATION_JSON_VALUE)
	public UUID processRequest(@RequestBody @Valid ExternalRequestDTO request, HttpServletRequest httpRequest) throws ExternalRequestApiService.ExternalRequestAccessionsException {
		log.info("External request from {}", httpRequest.getRemoteAddr());
		return externalRequestApiService.registerExternalRequest(request, httpRequest.getRemoteAddr());
	}

	@ExceptionHandler(ExternalRequestApiService.ExternalRequestAccessionsException.class)
	public ResponseEntity<List<ExternalRequestItemDTO>> handleBadRequestWithList(ExternalRequestApiService.ExternalRequestAccessionsException ex) {
		return ResponseEntity
			.badRequest()
			.body(ex.getMissingAccessions());
	}

	/**
	 * Redirect user to the frontend to resume the request process.
	 *
	 * @param key UUID of the registered external request
	 * @throws IOException When redirect cannot be completed
	 */
	@GetMapping(value = "", produces = { MediaType.APPLICATION_JSON_VALUE })
	public void handleRequest(@RequestParam("key") UUID key, HttpServletResponse response) throws IOException {
		if (externalRequestApiService.externalRequestIsAvailable(key)) {
			response.sendRedirect(frontendUrl + "/requests/external/" + key);
		} else {
			throw new NotFoundElement("No such request available");
		}
	}

	/**
	 * Get details of the external request by it's key.
	 * @param key UUID of the registered external request
	 */
	@PreAuthorize("isAuthenticated()")
	@GetMapping(value = "/{key}", produces = { MediaType.APPLICATION_JSON_VALUE })
	public ExternalRequestGenesysDTO getRequest(@PathVariable("key") UUID key) {
		if (externalRequestApiService.externalRequestIsAvailable(key)) {
			return externalRequestApiService.getRequest(key);
		} else {
			throw new NotFoundElement("No such request available");
		}
	}
}