BC-5522-Implementation of an API for deleting data

ansible/roles/schulcloud-server-core/templates/deployment.yml.j2

@@ -49,6 +49,9 @@ spec:
         - containerPort: 3030
           name: api
           protocol: TCP
+        - containerPort: 4030
+          name: api-admin
+          protocol: TCP
         - containerPort: 9090
           name: api-metrics
           protocol: TCP

ansible/roles/schulcloud-server-core/templates/svc.yml.j2

@@ -12,6 +12,10 @@ spec:
       targetPort: 3030
       protocol: TCP
       name: api
+    - port: {{ PORT_ADMIN_SERVER }}
+      targetPort: 4030
+      protocol: TCP
+      name: api-admin
     - port: {{ PORT_METRICS_SERVER }}
       targetPort: 9090
       protocol: TCP

apps/server/src/apps/server.app.ts

@@ -8,10 +8,10 @@
 import { Mail, MailService } from '@infra/mail';
 import { LegacyLogger, Logger } from '@src/core/logger';
 import { AccountService } from '@modules/account';
 import { TeamService } from '@modules/teams/service/team.service';
 import { AccountValidationService } from '@modules/account/services/account.validation.service';
 import { AccountUc } from '@modules/account/uc/account.uc';
 import { CollaborativeStorageUc } from '@modules/collaborative-storage/uc/collaborative-storage.uc';
 import { GroupService } from '@modules/group';
 import { RocketChatService } from '@modules/rocketchat';
 import { ServerModule } from '@modules/server';
@@ -21,6 +21,8 @@
 // register source-map-support for debugging
 import { install as sourceMapInstall } from 'source-map-support';
 import { FeathersRosterService } from '@modules/pseudonym';
+import { Configuration } from '@hpi-schul-cloud/commons/lib';
+import { AdminApiServerModule } from '@src/modules/server/admin-api.server.module';
 import legacyAppPromise = require('../../../../src/app');
 
 import { AppStartLoggable } from './helpers/app-start-loggable';
@@ -29,6 +31,28 @@
 	createAndStartPrometheusMetricsAppIfEnabled,
 } from './helpers/prometheus-metrics';
 
+const createAndStartAdminApiServer = async (logger: Logger) => {
+	const nestAdminServerExpress = express();
+	nestAdminServerExpress.disable('x-powered-by');
+	const nestAdminServerExpressAdapter = new ExpressAdapter(nestAdminServerExpress);
+	const nestAdminServerApp = await NestFactory.create(AdminApiServerModule, nestAdminServerExpressAdapter);
+
+	nestAdminServerApp.setGlobalPrefix('/admin/api/v1');
+	await nestAdminServerApp.init();
+
+	const adminApiServerPort = Configuration.get('ADMIN_API__PORT') as number;
+
+	nestAdminServerExpress.listen(adminApiServerPort, () => {
+		logger.info(
+			new AppStartLoggable({
+				appName: 'Admin API server app',
+				port: adminApiServerPort,
+				mountsDescription: `/admin/api/v1 --> Admin API Server`,
+			})
+		);
+	});
+};
+
 async function bootstrap() {
 	sourceMapInstall();
 
@@ -127,6 +151,10 @@
 		createAndStartPrometheusMetricsAppIfEnabled(logger);
 	});
 
+	if (Configuration.get('ADMIN_API__ENABLED') === true) {
+		await createAndStartAdminApiServer(logger);
+	}
+
 	console.log('#################################');
 	console.log(`### Start Server              ###`);
 	console.log(`### Port: ${port}                ###`);

apps/server/src/modules/authentication/authentication.module.ts

@@ -18,6 +18,7 @@ import { JwtStrategy } from './strategy/jwt.strategy';
 import { LdapStrategy } from './strategy/ldap.strategy';
 import { LocalStrategy } from './strategy/local.strategy';
 import { Oauth2Strategy } from './strategy/oauth2.strategy';
+import { XApiKeyStrategy } from './strategy/x-api-key.strategy';
 
 // values copied from Algorithm definition. Type does not exist at runtime and can't be checked anymore otherwise
 const algorithms = [
@@ -76,6 +77,7 @@ const jwtModuleOptions: JwtModuleOptions = {
 		LdapService,
 		LdapStrategy,
 		Oauth2Strategy,
+		XApiKeyStrategy,
 	],
 	exports: [AuthenticationService],
 })

apps/server/src/modules/authentication/config/x-api-key.config.ts

@@ -0,0 +1,3 @@
+export interface IXApiKeyConfig {
+	ADMIN_API__ALLOWED_API_KEYS: string[];
+}

apps/server/src/modules/authentication/strategy/x-api-key.strategy.spec.ts

@@ -0,0 +1,70 @@
+import { UnauthorizedException } from '@nestjs/common';
+import { Test, TestingModule } from '@nestjs/testing';
+import { ConfigService } from '@nestjs/config';
+import { createMock } from '@golevelup/ts-jest';
+import { XApiKeyStrategy } from './x-api-key.strategy';
+import { IXApiKeyConfig } from '../config/x-api-key.config';
+
+describe('XApiKeyStrategy', () => {
+	let module: TestingModule;
+	let strategy: XApiKeyStrategy;
+	let configService: ConfigService<IXApiKeyConfig, true>;
+
+	beforeAll(async () => {
+		module = await Test.createTestingModule({
+			imports: [],
+			providers: [
+				XApiKeyStrategy,
+				{
+					provide: ConfigService,
+					useValue: createMock<ConfigService<IXApiKeyConfig, true>>({ get: () => ['1ab2c3d4e5f61ab2c3d4e5f6'] }),
+				},
+			],
+		}).compile();
+
+		strategy = module.get(XApiKeyStrategy);
+		configService = module.get(ConfigService<IXApiKeyConfig, true>);
+	});
+
+	afterAll(async () => {
+		await module.close();
+	});
+
+	beforeEach(() => {
+		jest.resetAllMocks();
+	});
+
+	describe('validate', () => {
+		const setup = () => {
+			const CORRECT_API_KEY = '1ab2c3d4e5f61ab2c3d4e5f6';
+			const INVALID_API_KEY = '1ab2c3d4e5f61ab2c3d4e5f6778173';
+			// eslint-disable-next-line @typescript-eslint/no-unused-vars
+			const done = jest.fn((error: Error | null, data: boolean | null) => {});
+
+			return { CORRECT_API_KEY, INVALID_API_KEY, done };
+		};
+		describe('when a valid api key is provided', () => {
+			it('should do nothing', () => {
+				const { CORRECT_API_KEY, done } = setup();
+				strategy.validate(CORRECT_API_KEY, done);
+				expect(done).toBeCalledWith(null, true);
+			});
+		});
+
+		describe('when a invalid api key is provided', () => {
+			it('should throw error', () => {
+				const { INVALID_API_KEY, done } = setup();
+				strategy.validate(INVALID_API_KEY, done);
+				expect(done).toBeCalledWith(new UnauthorizedException(), null);
+			});
+		});
+	});
+
+	describe('constructor', () => {
+		it('should create strategy', () => {
+			const ApiKeyStrategy = new XApiKeyStrategy(configService);
+			expect(ApiKeyStrategy).toBeDefined();
+			expect(ApiKeyStrategy).toBeInstanceOf(XApiKeyStrategy);
+		});
+	});
+});

apps/server/src/modules/authentication/strategy/x-api-key.strategy.ts

@@ -0,0 +1,22 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ConfigService } from '@nestjs/config';
+import Strategy from 'passport-headerapikey';
+import { IXApiKeyConfig } from '../config/x-api-key.config';
+
+@Injectable()
+export class XApiKeyStrategy extends PassportStrategy(Strategy, 'api-key') {
+	private readonly allowedApiKeys: string[];
+
+	constructor(private readonly configService: ConfigService<IXApiKeyConfig, true>) {
+		super({ header: 'X-API-KEY' }, false);
+		this.allowedApiKeys = this.configService.get<string[]>('ADMIN_API__ALLOWED_API_KEYS');
+	}
+
+	public validate = (apiKey: string, done: (error: Error | null, data: boolean | null) => void) => {
+		if (this.allowedApiKeys.includes(apiKey)) {
+			done(null, true);
+		}
+		done(new UnauthorizedException(), null);
+	};
+}

apps/server/src/modules/deletion/controller/api-test/deletion-executions.api.spec.ts

@@ -0,0 +1,67 @@
+import { ExecutionContext, INestApplication } from '@nestjs/common';
+import { Test, TestingModule } from '@nestjs/testing';
+import { ApiValidationError } from '@shared/common';
+import { Request } from 'express';
+import request from 'supertest';
+import { AuthGuard } from '@nestjs/passport';
+import { AdminApiServerTestModule } from '../../../server/admin-api.server.module';
+import { DeletionExecutionParams } from '../dto';
+
+const baseRouteName = '/deletionExecutions';
+
+class API {
+	app: INestApplication;
+
+	constructor(app: INestApplication) {
+		this.app = app;
+	}
+
+	async post(query?: DeletionExecutionParams) {
+		const response = await request(this.app.getHttpServer())
+			.post(`${baseRouteName}`)
+			.set('Accept', 'application/json')
+			.query(query || {});
+
+		return {
+			error: response.body as ApiValidationError,
+			status: response.status,
+		};
+	}
+}
+
+describe(`deletionExecution (api)`, () => {
+	let app: INestApplication;
+	let api: API;
+	const API_KEY = '1ab2c3d4e5f61ab2c3d4e5f6';
+
+	beforeAll(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			imports: [AdminApiServerTestModule],
+		})
+			.overrideGuard(AuthGuard('api-key'))
+			.useValue({
+				canActivate(context: ExecutionContext) {
+					const req: Request = context.switchToHttp().getRequest();
+					req.headers['X-API-KEY'] = API_KEY;
+					return true;
+				},
+			})
+			.compile();
+
+		app = module.createNestApplication();
+		await app.init();
+		api = new API(app);
+	});
+
+	afterAll(async () => {
+		await app.close();
+	});
+
+	describe('when execute deletionRequests with default limit', () => {
+		it('should return status 204', async () => {
+			const response = await api.post();
+
+			expect(response.status).toEqual(204);
+		});
+	});
+});

apps/server/src/modules/deletion/controller/api-test/deletion-request-create.api.spec.ts

@@ -0,0 +1,129 @@
+import { ExecutionContext, INestApplication } from '@nestjs/common';
+import { Test, TestingModule } from '@nestjs/testing';
+import { ApiValidationError } from '@shared/common';
+import { Request } from 'express';
+import request from 'supertest';
+import { AuthGuard } from '@nestjs/passport';
+import { EntityManager } from '@mikro-orm/mongodb';
+import { AdminApiServerTestModule } from '../../../server/admin-api.server.module';
+import { DeletionRequestBodyProps, DeletionRequestResponse } from '../dto';
+import { DeletionDomainModel } from '../../domain/types';
+import { DeletionRequestEntity } from '../../entity';
+
+const baseRouteName = '/deletionRequests';
+
+class API {
+	app: INestApplication;
+
+	constructor(app: INestApplication) {
+		this.app = app;
+	}
+
+	async post(requestBody: object) {
+		const response = await request(this.app.getHttpServer())
+			.post(`${baseRouteName}`)
+			.set('Accept', 'application/json')
+			.send(requestBody);
+
+		return {
+			result: response.body as DeletionRequestResponse,
+			error: response.body as ApiValidationError,
+			status: response.status,
+		};
+	}
+}
+
+describe(`deletionRequest create (api)`, () => {
+	let app: INestApplication;
+	let em: EntityManager;
+	let api: API;
+	const API_KEY = '1ab2c3d4e5f61ab2c3d4e5f6';
+
+	beforeAll(async () => {
+		const module: TestingModule = await Test.createTestingModule({
+			imports: [AdminApiServerTestModule],
+		})
+			.overrideGuard(AuthGuard('api-key'))
+			.useValue({
+				canActivate(context: ExecutionContext) {
+					const req: Request = context.switchToHttp().getRequest();
+					req.headers['X-API-KEY'] = API_KEY;
+					return true;
+				},
+			})
+			.compile();
+
+		app = module.createNestApplication();
+		await app.init();
+		em = module.get(EntityManager);
+		api = new API(app);
+	});
+
+	afterAll(async () => {
+		await app.close();
+	});
+
+	const setup = () => {
+		const deletionRequestToCreate: DeletionRequestBodyProps = {
+			targetRef: {
+				domain: DeletionDomainModel.USER,
+				id: '653e4833cc39e5907a1e18d2',
+			},
+		};
+
+		const deletionRequestToImmediateRemoval: DeletionRequestBodyProps = {
+			targetRef: {
+				domain: DeletionDomainModel.USER,
+				id: '653e4833cc39e5907a1e18d2',
+			},
+			deleteInMinutes: 0,
+		};
+
+		return { deletionRequestToCreate, deletionRequestToImmediateRemoval };
+	};
+
+	describe('when create deletionRequest', () => {
+		it('should return status 202', async () => {
+			const { deletionRequestToCreate } = setup();
+
+			const response = await api.post(deletionRequestToCreate);
+
+			expect(response.status).toEqual(202);
+		});
+
+		it('should return the created deletionRequest', async () => {
+			const { deletionRequestToCreate } = setup();
+
+			const { result } = await api.post(deletionRequestToCreate);
+
+			expect(result.requestId).toBeDefined();
+		});
+
+		it('should create deletionRequest with default deletion time (add 43200 minutes to current time) ', async () => {
+			const { deletionRequestToCreate } = setup();
+
+			const { result } = await api.post(deletionRequestToCreate);
+
+			const createdDeletionRequestId = result.requestId;
+
+			const createdItem = await em.findOneOrFail(DeletionRequestEntity, createdDeletionRequestId);
+
+			const deletionPlannedAt = createdItem.createdAt;
+			deletionPlannedAt.setMinutes(deletionPlannedAt.getMinutes() + 43200);
+
+			expect(createdItem.deleteAfter).toEqual(deletionPlannedAt);
+		});
+
+		it('should create deletionRequest with deletion time (0 minutes to current time) ', async () => {
+			const { deletionRequestToImmediateRemoval } = setup();
+
+			const { result } = await api.post(deletionRequestToImmediateRemoval);
+
+			const createdDeletionRequestId = result.requestId;
+
+			const createdItem = await em.findOneOrFail(DeletionRequestEntity, createdDeletionRequestId);
+
+			expect(createdItem.createdAt).toEqual(createdItem.deleteAfter);
+		});
+	});
+});