TBE-241: make mef requests async and add async webhook callbacks, and adjust tests to match new behavior (#52)

Author: mrotondo

Gemfile

@@ -15,6 +15,8 @@ gem "puma", ">= 5.0"
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem "tzinfo-data", platforms: %i[windows jruby]
 
+gem "solid_queue"
+
 # Reduces boot times through caching; required in config/boot.rb
 gem "bootsnap", require: false
 
@@ -33,17 +35,15 @@ gem "jwt"
 gem "aws-sdk-s3"
 gem "aws-sdk-secretsmanager"
 gem "open3"
+gem "faraday"
 
 group :development, :test do
   gem "dotenv-rails"
-
   gem "rspec-rails", "~> 8.0"
-
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", platforms: %i[mri windows], require: "debug/prelude"
-
   # Static analysis for security vulnerabilities [https://brakemanscanner.org/]
   gem "brakeman", require: false
-
   gem "standard", require: false
+  gem "webmock"
 end

Gemfile.lock

@@ -72,6 +72,8 @@ GEM
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.3)
     aws-eventstream (1.4.0)
     aws-partitions (1.1156.0)
@@ -105,6 +107,9 @@ GEM
     builder (3.3.0)
     concurrent-ruby (1.3.5)
     connection_pool (2.5.4)
+    crack (1.0.0)
+      bigdecimal
+      rexml
     crass (1.0.6)
     date (3.4.1)
     debug (1.11.0)
@@ -118,8 +123,20 @@ GEM
     drb (2.2.3)
     erb (5.0.2)
     erubi (1.13.1)
+    et-orbi (1.3.0)
+      tzinfo
+    faraday (2.13.4)
+      faraday-net_http (>= 2.0, < 3.5)
+      json
+      logger
+    faraday-net_http (3.4.1)
+      net-http (>= 0.5.0)
+    fugit (1.11.2)
+      et-orbi (~> 1, >= 1.2.11)
+      raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
+    hashdiff (1.2.0)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     io-console (0.8.1)
@@ -146,6 +163,8 @@ GEM
     mini_mime (1.1.5)
     minitest (5.25.5)
     msgpack (1.8.0)
+    net-http (0.6.0)
+      uri
     net-imap (0.5.10)
       date
       net-protocol
@@ -191,8 +210,10 @@ GEM
     psych (5.2.6)
       date
       stringio
+    public_suffix (6.0.2)
     puma (7.0.3)
       nio4r (~> 2.0)
+    raabro (1.4.0)
     racc (1.8.1)
     rack (3.2.1)
     rack-session (2.1.1)
@@ -239,6 +260,7 @@ GEM
     regexp_parser (2.11.2)
     reline (0.6.2)
       io-console (~> 0.5)
+    rexml (3.4.2)
     rspec-core (3.13.5)
       rspec-support (~> 3.13.0)
     rspec-expectations (3.13.5)
@@ -277,6 +299,13 @@ GEM
     ruby-progressbar (1.13.0)
     rubyzip (3.1.0)
     securerandom (0.4.1)
+    solid_queue (1.2.1)
+      activejob (>= 7.1)
+      activerecord (>= 7.1)
+      concurrent-ruby (>= 1.3.1)
+      fugit (~> 1.11.0)
+      railties (>= 7.1)
+      thor (>= 1.3.1)
     standard (1.51.1)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
@@ -304,6 +333,10 @@ GEM
     unicode-emoji (4.1.0)
     uri (1.0.3)
     useragent (0.16.11)
+    webmock (3.25.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     websocket-driver (0.8.0)
       base64
       websocket-extensions (>= 0.1.0)
@@ -329,6 +362,7 @@ DEPENDENCIES
   brakeman
   debug
   dotenv-rails
+  faraday
   jwt
   nokogiri
   open3
@@ -337,9 +371,11 @@ DEPENDENCIES
   rails (~> 8.0.2)
   rspec-rails (~> 8.0)
   rubyzip
+  solid_queue
   standard
   thruster
   tzinfo-data
+  webmock
 
 BUNDLED WITH
    2.6.9

Rakefile

@@ -2,5 +2,6 @@
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
 require_relative "config/application"
+require "standard/rake"
 
 Rails.application.load_tasks

app/controllers/api/v0/base_controller.rb

@@ -1,13 +1,18 @@
 class Api::V0::BaseController < ApplicationController
+  before_action :generate_api_request_id
   before_action :verify_client_name_and_signature
-  rescue_from MefService::RetryableError, with: :retryable_mef_error
+
   rescue_from ActionController::ParameterMissing, with: :showable_error
   rescue_from Aws::SecretsManager::Errors::ServiceError, with: :aws_error
   rescue_from JWT::VerificationError, with: :jwt_error
 
-  def retryable_mef_error(exception)
-    Rails.logger.error("Encountered retryable error while contacting MeF: #{exception}")
-    render json: "Error contacting MeF, please try again", status: :bad_gateway
+  # A random API Request ID is returned to the client synchronously and also included in all webhook requests.
+  # This is so that the client can correspond a webhook callback to the originating API request.
+  # This pattern requires that clients persist records of all API calls that so that they can look them up by request ID
+  # upon receiving a webhook callback and take appropriate steps to resolve whatever action initiated the API request.
+  attr_reader :api_request_id
+  def generate_api_request_id
+    @api_request_id = SecureRandom.uuid
   end
 
   def showable_error(exception)
@@ -29,7 +34,7 @@ def verify_client_name_and_signature
     authorization_header = request.headers["HTTP_AUTHORIZATION"]
     token = JWT::EncodedToken.new(authorization_header.delete_prefix("Bearer "))
 
-    client_credentials = get_api_client_mef_credentials
+    client_credentials = MefService.get_mef_credentials(api_client_name)
     client_public_key_base64 = client_credentials[:efiler_api_public_key]
     client_public_key = OpenSSL::PKey::RSA.new(Base64.decode64(client_public_key_base64))
     token.verify_signature!(algorithm: "RS256", key: client_public_key)
@@ -40,11 +45,4 @@ def api_client_name
     token = JWT::EncodedToken.new(authorization_header.delete_prefix("Bearer "))
     token.unverified_payload["iss"]
   end
-
-  def get_api_client_mef_credentials
-    aws_client = Aws::SecretsManager::Client.new
-    environment = Rails.env.production? ? "production" : "demo"
-    response = aws_client.get_secret_value(secret_id: "efiler-api/#{environment}/efiler-api-client-credentials/#{api_client_name}")
-    JSON.parse(response.secret_string).transform_keys { |k| k.to_sym }
-  end
 end

app/controllers/api/v0/efile_controller.rb

@@ -2,32 +2,30 @@ module Api::V0
   class EfileController < BaseController
     def submit
       submission_bundle = params.expect(:submission_bundle)
-
-      submission_filename = submission_bundle.original_filename
-      result = Dir.mktmpdir do |dir|
-        submission_path = File.join(dir, submission_filename)
-        FileUtils.mv submission_bundle.tempfile.path, submission_path
-        MefService.run_efiler_command(get_api_client_mef_credentials, "submit", submission_path)
-      end
-
-      doc = Nokogiri::XML(result)
-      if doc.css("SubmissionReceiptList SubmissionReceiptGrp SubmissionId").text.strip == File.basename(submission_filename, ".zip")
-        render json: {status: "transmitted", result: result}, status: :created
-      else
-        render json: {status: "failed", result: result}, status: :bad_request
-      end
+      base64_encoded_submission_bundle = Base64.strict_encode64(submission_bundle.read)
+      webhook_url = CGI.unescape(params.expect(:webhook_url))
+      Mef::SubmitJob.perform_later(
+        api_request_id,
+        webhook_url,
+        api_client_name,
+        submission_bundle.original_filename,
+        base64_encoded_submission_bundle
+      )
+      render json: {api_request_id:}
     end
 
     def submissions_status
       submission_ids = params.expect(id: [])
-      response = MefService.run_efiler_command(get_api_client_mef_credentials, "submissions-status", *submission_ids)
-      render json: Mef::SubmissionsStatus.handle_submission_status_response(response)
+      webhook_url = CGI.unescape(params.expect(:webhook_url))
+      Mef::SubmissionsStatusJob.perform_later(api_request_id, webhook_url, api_client_name, submission_ids)
+      render json: {api_request_id:}
     end
 
     def acks
       submission_ids = params.expect(id: [])
-      response = MefService.run_efiler_command(get_api_client_mef_credentials, "acks", *submission_ids)
-      render json: Mef::Acks.handle_ack_response(response)
+      webhook_url = CGI.unescape(params.expect(:webhook_url))
+      Mef::AcksJob.perform_later(api_request_id, webhook_url, api_client_name, submission_ids)
+      render json: {api_request_id:}
     end
   end
 end

app/jobs/mef/acks_job.rb

@@ -0,0 +1,9 @@
+module Mef
+  class AcksJob < MefJob
+    def perform_mef_request(submission_ids)
+      mef_response = MefService.run_efiler_command(mef_credentials, "acks", *submission_ids)
+      parsed_response = Mef::Acks.parse_acks_response(mef_response)
+      WebhookCallbackJob.perform_later(api_request_id, webhook_url, {result: parsed_response})
+    end
+  end
+end

app/jobs/mef/mef_job.rb

@@ -0,0 +1,28 @@
+module Mef
+  class MefJob < ApplicationJob
+    attr_accessor :webhook_url, :api_request_id, :mef_credentials
+
+    retry_on MefService::RetryableError
+
+    after_discard do |job, exception|
+      log_and_respond_with_error(job, exception)
+    end
+
+    def log_and_respond_with_error(job, exception)
+      Rails.logger.error("MefJob #{job} has been discarded due to #{exception}")
+      WebhookCallbackJob.perform_later(
+        api_request_id,
+        webhook_url,
+        {error: exception.detailed_message}
+      )
+    end
+
+    def perform(api_request_id, webhook_url, api_client_name, *args)
+      self.api_request_id = api_request_id
+      self.webhook_url = webhook_url
+      self.mef_credentials = MefService.get_mef_credentials(api_client_name)
+
+      perform_mef_request(*args)
+    end
+  end
+end

app/jobs/mef/submissions_status_job.rb

@@ -0,0 +1,9 @@
+module Mef
+  class SubmissionsStatusJob < MefJob
+    def perform_mef_request(submission_ids)
+      mef_response = MefService.run_efiler_command(mef_credentials, "submissions-status", *submission_ids)
+      parsed_response = Mef::SubmissionsStatus.parse_submissions_status_response(mef_response)
+      WebhookCallbackJob.perform_later(api_request_id, webhook_url, {result: parsed_response})
+    end
+  end
+end

app/jobs/mef/submit_job.rb

@@ -0,0 +1,17 @@
+module Mef
+  class SubmitJob < MefJob
+    def perform_mef_request(submission_bundle_filename, submission_bundle_contents_base64)
+      mef_response = Mef::Submit.send_submission_bundle(
+        mef_credentials,
+        submission_bundle_filename,
+        submission_bundle_contents_base64
+      )
+
+      if Mef::Submit.transmitted?(mef_response, submission_bundle_filename)
+        WebhookCallbackJob.perform_later(api_request_id, webhook_url, {status: "transmitted", result: mef_response})
+      else
+        WebhookCallbackJob.perform_later(api_request_id, webhook_url, {status: "failed", result: mef_response})
+      end
+    end
+  end
+end

app/jobs/webhook_callback_job.rb

@@ -0,0 +1,10 @@
+class WebhookCallbackJob < ApplicationJob
+  def perform(api_request_id, webhook_url, payload)
+    payload_with_api_request_id = payload.merge({api_request_id:})
+    uri = URI.parse(webhook_url)
+    conn = Faraday.new(url: "#{uri.scheme}://#{uri.host}", headers: {"Content-Type" => "application/json"})
+    conn.post(uri.path) do |req|
+      req.body = payload_with_api_request_id.to_json
+    end
+  end
+end