SIMSBIOHUB-424: Support Artifact Intake + Misc Enhancements

api/src/app.ts

@@ -5,9 +5,10 @@
 import swaggerUIExperss from 'swagger-ui-express';
 import { defaultPoolConfig, initDBPool } from './database/db';
 import { initDBConstants } from './database/db-constants';
-import { ensureHTTPError, HTTPErrorType } from './errors/http-error';
+import { ensureHTTPError, HTTP400, HTTPErrorType } from './errors/http-error';
 import { rootAPIDoc } from './openapi/root-api-doc';
 import { authenticateRequest, authenticateRequestOptional } from './request-handlers/security/authentication';
+import { scanFileForVirus } from './utils/file-utils';
 import { getLogger } from './utils/logger';
 
 const defaultLog = getLogger('app');
@@ -55,7 +56,7 @@
     'application/json': express.json({ limit: MAX_REQ_BODY_SIZE }),
     'multipart/form-data': function (req, res, next) {
       const multerRequestHandler = multer({
-        storage: multer.memoryStorage(),
+        storage: multer.memoryStorage(), // TOOD change to local/PVC storage and stream file uploads to S3?
         limits: { fileSize: MAX_UPLOAD_FILE_SIZE }
       }).array('media', MAX_UPLOAD_NUM_FILES);
 
@@ -67,7 +68,14 @@
         if (req.files && req.files.length) {
           // Set original request file field to empty string to satisfy OpenAPI validation
           // See: https://www.npmjs.com/package/express-openapi#argsconsumesmiddleware
-          (req.files as Express.Multer.File[]).forEach((file) => (req.body[file.fieldname] = ''));
+          (req.files as Express.Multer.File[]).forEach((file) => {
+            req.body[file.fieldname] = '';
+
+            // Scan file for malicious content, if enabled
+            if (!scanFileForVirus(file)) {
+              throw new HTTP400('Malicious file content detected.', [{ file_name: file.originalname }]);
+            }
+          });
         }
 
         return next();

api/src/database/db-utils.ts

@@ -41,7 +41,7 @@
  */
 const parseError = (error: any) => {
   if (error instanceof z.ZodError) {
-    throw new ApiExecuteSQLError('SQL response failed schema check', [error]);
+    throw new ApiExecuteSQLError('SQL response failed schema check', [error as Record<string, any>]);
   }
 
   if (error.message === 'CONCURRENCY_EXCEPTION') {

api/src/database/db.ts

@@ -392,7 +392,7 @@
 
       _systemUserId = response?.rows?.[0].api_set_context;
     } catch (error) {
-      throw new ApiExecuteSQLError('Failed to set user context', [error as object]);
+      throw new ApiExecuteSQLError('Failed to set user context', [error as Record<string, unknown>]);
     }
   };
 

api/src/errors/api-error.ts

@@ -6,9 +6,9 @@ export enum ApiErrorType {
 }
 
 export class ApiError extends Error {
-  errors?: (string | object)[];
+  errors?: (string | Record<string, unknown>)[];
 
-  constructor(name: ApiErrorType, message: string, errors?: (string | object)[], stack?: string) {
+  constructor(name: ApiErrorType, message: string, errors?: (string | Record<string, unknown>)[], stack?: string) {
     super(message);
 
     this.name = name;
@@ -33,7 +33,7 @@ export class ApiError extends Error {
  * @extends {ApiError}
  */
 export class ApiGeneralError extends ApiError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(ApiErrorType.GENERAL, message, errors);
   }
 }
@@ -46,7 +46,7 @@ export class ApiGeneralError extends ApiError {
  * @extends {ApiError}
  */
 export class ApiUnknownError extends ApiError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(ApiErrorType.UNKNOWN, message, errors);
   }
 }
@@ -63,7 +63,7 @@ export class ApiUnknownError extends ApiError {
  * @extends {ApiError}
  */
 export class ApiExecuteSQLError extends ApiError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(ApiErrorType.EXECUTE_SQL, message, errors);
   }
 }

api/src/errors/http-error.ts

@@ -11,9 +11,15 @@ export enum HTTPErrorType {
 
 export class HTTPError extends Error {
   status: number;
-  errors?: (string | object)[];
-
-  constructor(name: HTTPErrorType, status: number, message: string, errors?: (string | object)[], stack?: string) {
+  errors?: (string | Record<string, unknown>)[];
+
+  constructor(
+    name: HTTPErrorType,
+    status: number,
+    message: string,
+    errors?: (string | Record<string, unknown>)[],
+    stack?: string
+  ) {
     super(message);
 
     this.name = name;
@@ -38,7 +44,7 @@ export class HTTPError extends Error {
  * @extends {HTTPError}
  */
 export class HTTP400 extends HTTPError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(HTTPErrorType.BAD_REQUEST, 400, message, errors);
   }
 }
@@ -51,7 +57,7 @@ export class HTTP400 extends HTTPError {
  * @extends {HTTPError}
  */
 export class HTTP401 extends HTTPError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(HTTPErrorType.UNAUTHORIZE, 401, message, errors);
   }
 }
@@ -64,7 +70,7 @@ export class HTTP401 extends HTTPError {
  * @extends {HTTPError}
  */
 export class HTTP403 extends HTTPError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(HTTPErrorType.FORBIDDEN, 403, message, errors);
   }
 }
@@ -77,7 +83,7 @@ export class HTTP403 extends HTTPError {
  * @extends {HTTPError}
  */
 export class HTTP409 extends HTTPError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(HTTPErrorType.CONFLICT, 409, message, errors);
   }
 }
@@ -90,7 +96,7 @@ export class HTTP409 extends HTTPError {
  * @extends {HTTPError}
  */
 export class HTTP500 extends HTTPError {
-  constructor(message: string, errors?: (string | object)[]) {
+  constructor(message: string, errors?: (string | Record<string, unknown>)[]) {
     super(HTTPErrorType.INTERNAL_SERVER_ERROR, 500, message, errors);
   }
 }

api/src/openapi/root-api-doc.ts

@@ -147,56 +147,27 @@ export const rootAPIDoc = {
         required: ['id', 'type', 'properties', 'features'],
         properties: {
           id: {
-            title: 'Unique id of the feature',
+            description: 'Unique id of the feature',
             type: 'string'
           },
           type: {
-            title: 'Feature type',
+            description: 'Feature type',
             type: 'string'
           },
           properties: {
-            title: 'Feature properties',
+            description: 'Feature properties',
             type: 'object',
             properties: {}
           },
           features: {
-            title: 'Feature child features',
+            description: 'Child features',
             type: 'array',
             items: {
               $ref: '#/components/schemas/SubmissionFeature'
             }
           }
         },
         additionalProperties: false
-      },
-      feature: {
-        type: 'object',
-        required: ['submission_feature_id', 'submission_id', 'feature_type', 'data', 'parent_submission_feature_id'],
-        properties: {
-          submission_feature_id: {
-            type: 'number'
-          },
-          submission_id: {
-            type: 'number'
-          },
-          feature_type: {
-            type: 'string'
-          },
-          data: {
-            type: 'object'
-          },
-          submission_feature_security_ids: {
-            nullable: true,
-            type: 'array',
-            items: {
-              type: 'number'
-            }
-          },
-          parent_submission_feature_id: {
-            type: 'number',
-            nullable: true
-          }
-        }
       }
     }
   }

api/src/paths/administrative/submission/published.test.ts

@@ -51,6 +51,8 @@ describe('getPublishedSubmissionsForAdmins', () => {
       {
         submission_id: 1,
         uuid: '123-456-789',
+        source_id: '321',
+        system_user_id: 3,
         security_review_timestamp: '2023-12-12',
         submitted_timestamp: '2023-12-12',
         publish_timestamp: '2023-12-12',
@@ -69,6 +71,8 @@ describe('getPublishedSubmissionsForAdmins', () => {
       {
         submission_id: 2,
         uuid: '789-456-123',
+        source_id: '123',
+        system_user_id: 3,
         security_review_timestamp: '2023-12-12',
         submitted_timestamp: '2023-12-12',
         source_system: 'SIMS',

api/src/paths/administrative/submission/reviewed.test.ts

@@ -51,9 +51,11 @@ describe('getReviewedSubmissionsForAdmins', () => {
       {
         submission_id: 1,
         uuid: '123-456-789',
+        source_id: '321',
         security_review_timestamp: '2023-12-12',
         submitted_timestamp: '2023-12-12',
         publish_timestamp: '2023-12-12',
+        system_user_id: 3,
         source_system: 'SIMS',
         name: 'name',
         description: 'description',
@@ -69,8 +71,10 @@ describe('getReviewedSubmissionsForAdmins', () => {
       {
         submission_id: 2,
         uuid: '789-456-123',
+        source_id: '321',
         security_review_timestamp: '2023-12-12',
         submitted_timestamp: '2023-12-12',
+        system_user_id: 3,
         source_system: 'SIMS',
         publish_timestamp: '2023-12-12',
         name: 'name',

api/src/paths/administrative/submission/unreviewed.test.ts

@@ -51,9 +51,11 @@ describe('getUnreviewedSubmissionsForAdmins', () => {
       {
         submission_id: 1,
         uuid: '123-456-789',
+        source_id: '321',
         security_review_timestamp: null,
         submitted_timestamp: '2023-12-12',
         publish_timestamp: '2023-12-12',
+        system_user_id: 3,
         source_system: 'SIMS',
         name: 'name',
         description: 'description',
@@ -69,9 +71,11 @@ describe('getUnreviewedSubmissionsForAdmins', () => {
       {
         submission_id: 2,
         uuid: '789-456-123',
+        source_id: '321',
         security_review_timestamp: null,
         submitted_timestamp: '2023-12-12',
         publish_timestamp: '2023-12-12',
+        system_user_id: 3,
         source_system: 'SIMS',
         name: 'name',
         description: 'description',

api/src/paths/administrative/submission/{submissionId}/index.test.ts

@@ -5,6 +5,7 @@ import sinonChai from 'sinon-chai';
 import { patchSubmissionRecord } from '.';
 import * as db from '../../../../database/db';
 import { HTTPError } from '../../../../errors/http-error';
+import { SubmissionRecord } from '../../../../repositories/submission-repository';
 import { SubmissionService } from '../../../../services/submission-service';
 import { getMockDBConnection, getRequestHandlerMocks } from '../../../../__mocks__/db';
 
@@ -47,12 +48,14 @@ describe('patchSubmissionRecord', () => {
 
     const submissionId = 1;
 
-    const mockSubmissionRecord = {
+    const mockSubmissionRecord: SubmissionRecord = {
       submission_id: 3,
       uuid: '999-456-123',
+      source_id: '321',
       security_review_timestamp: '2023-12-12',
       publish_timestamp: '2023-12-12',
       submitted_timestamp: '2023-12-12',
+      system_user_id: 3,
       source_system: 'SIMS',
       name: 'name',
       description: 'description',