department-of-veterans-affairs · nfstern02 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -315,6 +315,7 @@ Lint/MissingSuper:
     - 'modules/va_notify/lib/va_notify/service.rb'
     - 'modules/vaos/app/services/vaos/session_service.rb'
     - 'modules/veteran/app/models/veteran/user.rb'
+    - 'modules/vye/lib/dgib/service.rb'
 
 # Offense count: 5
 Lint/NoReturnInBeginEndBlocks:
@@ -446,6 +447,9 @@ Metrics/BlockLength:
 Metrics/CyclomaticComplexity:
   Max: 29
 
+Metrics/ParameterLists:
+  Max: 6
+
 # Offense count: 181
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+VyePolicy = Struct.new(:user, :user_info) do
+  def access?
+    return true if user.present?
+
+    false
+  end
+
+  alias_method :claimant_lookup?, :access?
+end
@@ -18,7 +18,7 @@
   config.cache_classes = false
 
   # Do not eager load code on boot.
-  config.eager_load = false
+  config.eager_load = true
 
   # Show full error reports.
   config.consider_all_requests_local = true

@@ -6,6 +6,7 @@
 require 'central_mail/configuration'
 require 'debt_management_center/debts_configuration'
 require 'decision_review/configuration'
+require 'dgib/configuration'
 require 'evss/claims_service'
 require 'evss/common_service'
 require 'evss/dependents/configuration'
@@ -77,6 +78,7 @@
     SearchTypeahead::Configuration.instance.breakers_service,
     SearchClickTracking::Configuration.instance.breakers_service,
     VAOS::Configuration.instance.breakers_service,
+    Vye::DGIB::Configuration.instance.breakers_service,
     IAMSSOeOAuth::Configuration.instance.breakers_service,
     CovidVaccine::V0::VetextConfiguration.instance.breakers_service,
     VEText::Configuration.instance.breakers_service,

@@ -1443,10 +1443,21 @@ genisis:
   pass: bogus
 
 # Settings for connecting AFS Veteran Services
+# For locahost we can use the existing certs as long as we don't call out
 dgi:
+  # add med_api here? Will need to reach out to that team
   jwt:
-    public_key_path: modules/meb_api/spec/fixtures/dgi_public_test.pem
-    private_key_path: modules/meb_api/spec/fixtures/dgi_private_test.pem
+    public_key_path: ""
+    private_key_path: ""
+  vye:
+    jwt:
+      # May not need the public path
+      public_key_path: ""
+      private_key_path: ""
+      public_ica11_rca2_key_path: ""
+    vets:
+      url: ""
+      mock: false
   vets:
     url: "https://jenkins.ld.afsp.io:32512/vets-service/v1/" # Docker setup for microservice
     mock: false

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'dgib/service'
+
+module Vye
+  module Vye::V1
+    class Vye::V1::DgibVerificationsController < Vye::V1::ApplicationController
+      before_action { authorize :vye, :access? }
+
+      def verification_record
+        response = service.get_verification_record(params[:claimant_id])
+        serializer = Vye::ClaimantVerificationSerializer
+        process_response(response, serializer)
+      end
+
+      def verify_claimant
+        response = service.verify_claimant(
+          params[:claimant_id],
+          params[:verified_period_begin_date],
+          params[:verified_period_end_date],
+          params[:verified_through_date],
+          params[:verification_method],
+          params.dig(:app_communication, :response_type)
+        )
+
+        serializer = Vye::VerifyClaimantSerializer
+        process_response(response, serializer)
+      end
+
+      # the serializer for this endpoint is the same as for verify_claimant
+      def claimant_status
+        response = service.get_claimant_status(params[:claimant_id])
+        serializer = Vye::VerifyClaimantSerializer
+        process_response(response, serializer)
+      end
+
+      def claimant_lookup
+        response = service.claimant_lookup(current_user.ssn)
+        serializer = Vye::ClaimantLookupSerializer
+        process_response(response, serializer)
+      end
+
+      private
+
+      # Vye Services related stuff
+      def service
+        Vye::DGIB::Service.new(@current_user)
+      end
+
+      def process_response(response, serializer)
+        Rails.logger.debug { "Processing response with status: #{response&.status}" }
+        case response.status
+        when 200
+          Rails.logger.debug 'Rendering JSON response'
+          render json: serializer.new(response).to_json
+        when 204
+          Rails.logger.debug 'Sending no content'
+          head :no_content
+        when 403
+          Rails.logger.debug 'Sending forbidden'
+          head :forbidden
+        when 404
+          Rails.logger.debug 'Sending not found'
+          head :not_found
+        when 422
+          Rails.logger.debug 'Sending unprocessable entity'
+          head :unprocessable_entity
+        when nil
+          Rails.logger.debug 'No response from server'
+        else
+          Rails.logger.debug 'Sending internal server error'
+          head :internal_server_error
+        end
+      end
+      # End Vye Services
+    end
+  end
+end
@@ -12,13 +12,13 @@ def to_json(*)
 
     def serializable_hash
       {
-        award_id: @resource.award_id,
-        act_begin: @resource.act_begin,
-        act_end: @resource.act_end,
-        transact_date: @resource.transact_date,
-        monthly_rate: @resource.monthly_rate,
-        number_hours: @resource.number_hours,
-        source_ind: @resource.source_ind
+        award_id: @resource&.award_id,
+        act_begin: @resource&.act_begin,
+        act_end: @resource&.act_end,
+        transact_date: @resource&.transact_date,
+        monthly_rate: @resource&.monthly_rate,
+        number_hours: @resource&.number_hours,
+        source_ind: @resource&.source_ind
       }
     end
   end

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Vye
+  class VyeSerializer
+    attr_reader :resource
+
+    def initialize(resource)
+      @resource = resource
+    end
+
+    def to_json(*)
+      Oj.dump(serializable_hash, mode: :compat, time_format: :ruby)
+    end
+
+    def status
+      @resource&.status
+    end
+  end
+
+  class ClaimantLookupSerializer < VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id
+      }
+    end
+  end
+
+  class ClaimantVerificationSerializer < VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id,
+        delimiting_date: @resource&.delimiting_date,
+        enrollment_verifications: @resource&.enrollment_verifications,
+        verified_details: @resource&.verified_details,
+        payment_on_hold: @resource&.payment_on_hold
+      }
+    end
+  end
+
+  class VerifyClaimantSerializer < VyeSerializer
+    def serializable_hash
+      {
+        claimant_id: @resource&.claimant_id,
+        delimiting_date: @resource&.delimiting_date,
+        verified_details: @resource&.verified_details,
+        payment_on_hold: @resource&.payment_on_hold
+      }
+    end
+  end
+end
@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+# Zeitwerk was giving me fits until I added this.
+require Rails.root.join('modules', 'vye', 'lib', 'dgib', 'service')
@@ -6,5 +6,10 @@
     resource :verifications, only: [:create], path: '/verify'
     resource :address_changes, only: [:create], path: '/address'
     resource :direct_deposit_changes, only: [:create], path: '/bank_info'
+
+    post 'dgib_verifications/verification_record', to: 'dgib_verifications#verification_record'
+    post 'dgib_verifications/verify_claimant', to: 'dgib_verifications#verify_claimant'
+    post 'dgib_verifications/claimant_status', to: 'dgib_verifications#claimant_status'
+    get 'dgib_verifications/claimant_lookup', to: 'dgib_verifications#claimant_lookup'
   end
 end
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Vye
+  module DGIB
+    class AuthenticationTokenService
+      ALGORITHM_TYPE = 'RS256'
+      E = 'AQAB'
+      TYP = 'JWT'
+      KID = 'vye'
+      USE = 'sig'
+      SIGNING_KEY = Settings.dgi.vye.jwt.private_key_path
+      RSA_PRIVATE = OpenSSL::PKey::RSA.new(File.read(SIGNING_KEY)) if File.exist?(SIGNING_KEY)
+
+      def self.call
+        payload = {
+          exp: Time.now.to_i + (5 * 60), # JWT expiration time (5 minutes)
+          nbf: Time.now.to_i,
+          realm_access: {
+            roles: ['VYE']
+          }
+        }
+
+        header_fields = { kid: KID, typ: TYP }
+
+        JWT.encode payload, RSA_PRIVATE, ALGORITHM_TYPE, header_fields
+      end
+    end
+  end
+end
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Vye
+  module DGIB
+    class Configuration < Common::Client::Configuration::REST
+      def connection
+        @conn ||= Faraday.new(base_path, headers: base_request_headers, request: request_options) do |faraday|
+          faraday.use :breakers
+          faraday.ssl[:ca_file] = Settings.dgi.vye.public_ica11_rca2_key_path
+          faraday.request :json
+          faraday.use      Faraday::Response::RaiseError
+          faraday.response :betamocks if mock_enabled?
+          faraday.response :snakecase, symbolize: false
+          faraday.response :json, content_type: /\bjson/ # ensures only json content types parsed
+          faraday.adapter Faraday.default_adapter
+        end
+      end
+
+      def base_path
+        Settings.dgi.vye.vets.url.to_s
+      end
+
+      def service_name
+        'DGI'
+      end
+
+      def mock_enabled?
+        Settings.dgi.vye.vets.mock || false
+      end
+    end
+  end
+end