RequestsController.java

/*
 * Copyright 2022 Global Crop Diversity Trust
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.genesys.server.api.v2;

import java.io.IOException;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;

import org.genesys.blocks.security.SecurityContextUtil;
import org.genesys.server.api.ApiBaseController;
import org.genesys.server.model.genesys.MaterialRequest;
import org.genesys.server.service.RequestService;
import org.genesys.server.service.worker.ShortFilterProcessor;
import org.genesys.spring.CaptchaChecker;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.fasterxml.jackson.annotation.JsonProperty;

import io.swagger.v3.oas.annotations.tags.Tag;

/**
 * Updated Genesys request handling with DRAFT requests.
 */
@RestController("requestsApi2")
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = { RequestsController.CONTROLLER_URL })
@Tag(name = "Request")
public class RequestsController extends ApiBaseController {

	// Rest controller base URL
	public static final String CONTROLLER_URL = ApiBaseController.APIv2_BASE + "/requests";

	public static final String PARAM_KEY = "key";
	public static final String PARAM_TOKENUUID = "tokenUuid";

	@Autowired
	private RequestService requestService;

	/** The short filter service. */
	@Autowired
	protected ShortFilterProcessor shortFilterProcessor;

	@Autowired
	private CaptchaChecker captchaChecker;

	/**
	 * Create a new DRAFT request for material with DRAFT sub requests.
	 *
	 * @return DRAFT request
	 */
	@PostMapping(value = "/r/create", produces = { MediaType.APPLICATION_JSON_VALUE })
	public MaterialRequest createDraftRequest(@RequestBody Set<Long> accessionIds) throws RequestService.RequestException {

		return requestService.createDraftRequest(accessionIds);
	}

	/**
	 * Fill request with info and send validation email
	 *
	 * @return request
	 */
	@PostMapping(value = "/r/process", produces = {MediaType.APPLICATION_JSON_VALUE})
	public MaterialRequest processRequest(@RequestBody @Valid InitiateRequestData initiateRequestData, final HttpServletRequest request) throws RequestService.RequestException, IOException {

		if (SecurityContextUtil.getMe() == null) {
			// Validate the reCAPTCHA only for anonymous users
			captchaChecker.assureValidResponseForClient(initiateRequestData.captchaResponse, request.getRemoteAddr());
		}

		return requestService.processRequest(initiateRequestData.requestInfo, initiateRequestData.requestId);
	}

	public static class InitiateRequestData {
		@JsonProperty(value = "recaptcha")
		public String captchaResponse;

		public RequestService.RequestInfo requestInfo;

		public Long requestId;
	}
}