refactor(calm-hub): improve decorator query validation and storage layer

Move query parameter validation from custom methods to Jakarta Bean
Validation annotations (@SiZe, @pattern). Refactor decorator store
implementations into smaller, more maintainable methods.

- Replace sanitizeQueryParam with @pattern validation
- Add QUERY_PARAM_NO_WHITESPACE_REGEX constant (^[A-Za-z0-9_/-]+$)
- Break down getDecoratorsForNamespace into focused methods
- Update tests for new validation behavior

Refs #2168

Author: harveymmaunders

calm-hub/src/main/java/org/finos/calm/resources/DecoratorResource.java

@@ -2,6 +2,7 @@
 
 import jakarta.inject.Inject;
 import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.PathParam;
@@ -20,6 +21,8 @@
 
 import static org.finos.calm.resources.ResourceValidationConstants.NAMESPACE_MESSAGE;
 import static org.finos.calm.resources.ResourceValidationConstants.NAMESPACE_REGEX;
+import static org.finos.calm.resources.ResourceValidationConstants.QUERY_PARAM_NO_WHITESPACE_MESSAGE;
+import static org.finos.calm.resources.ResourceValidationConstants.QUERY_PARAM_NO_WHITESPACE_REGEX;
 
 /**
  * Resource for managing decorators in a given namespace
@@ -53,44 +56,14 @@ public DecoratorResource(DecoratorStore decoratorStore) {
     @PermittedScopes({CalmHubScopes.ARCHITECTURES_ALL, CalmHubScopes.ARCHITECTURES_READ})
     public Response getDecoratorsForNamespace(
             @PathParam("namespace") @Pattern(regexp = NAMESPACE_REGEX, message = NAMESPACE_MESSAGE) String namespace,
-            @QueryParam("target") String target,
-            @QueryParam("type") String type
+            @QueryParam("target") @Size(max = 500) @Pattern(regexp = QUERY_PARAM_NO_WHITESPACE_REGEX, message = QUERY_PARAM_NO_WHITESPACE_MESSAGE) String target,
+            @QueryParam("type") @Size(max = 100) @Pattern(regexp = QUERY_PARAM_NO_WHITESPACE_REGEX, message = QUERY_PARAM_NO_WHITESPACE_MESSAGE) String type
     ) {
         try {
-            // Sanitize query parameters
-            String sanitizedTarget = sanitizeQueryParam(target, 500);
-            String sanitizedType = sanitizeQueryParam(type, 100);
-            
-            return Response.ok(new ValueWrapper<>(decoratorStore.getDecoratorsForNamespace(namespace, sanitizedTarget, sanitizedType))).build();
+            return Response.ok(new ValueWrapper<>(decoratorStore.getDecoratorsForNamespace(namespace, target, type))).build();
         } catch (NamespaceNotFoundException e) {
             logger.error("Invalid namespace [{}] when retrieving decorators", namespace, e);
             return CalmResourceErrorResponses.invalidNamespaceResponse(namespace);
-        } catch (IllegalArgumentException e) {
-            logger.error("Invalid query parameter when retrieving decorators for namespace [{}]", namespace, e);
-            return Response.status(Response.Status.BAD_REQUEST)
-                    .entity(e.getMessage())
-                    .build();
         }
     }
-    
-    /**
-     * Sanitizes a query parameter by trimming and validating length
-     *
-     * @param param the parameter to sanitize
-     * @param maxLength maximum allowed length
-     * @return null if param is null/empty, otherwise the trimmed value
-     * @throws IllegalArgumentException if parameter exceeds max length
-     */
-    private String sanitizeQueryParam(String param, int maxLength) {
-        if (param == null || param.trim().isEmpty()) {
-            return null;
-        }
-        
-        String trimmed = param.trim();
-        if (trimmed.length() > maxLength) {
-            throw new IllegalArgumentException("Query parameter exceeds maximum length of " + maxLength);
-        }
-        
-        return trimmed;
-    }
 }

calm-hub/src/main/java/org/finos/calm/resources/ResourceValidationConstants.java

@@ -10,6 +10,8 @@ public class ResourceValidationConstants {
     public static final String DOMAIN_NAME_MESSAGE = "domain name must match pattern '^[A-Za-z0-9-]+$'";
     public static final String VERSION_REGEX = "^(0|[1-9][0-9]*)[-.]?(0|[1-9][0-9]*)[-.]?(0|[1-9][0-9]*)$";
     public static final String VERSION_MESSAGE = "version must match pattern '^(0|[1-9][0-9]*)[-.]?(0|[1-9][0-9]*)[-.]?(0|[1-9][0-9]*)$'";
+    public static final String QUERY_PARAM_NO_WHITESPACE_REGEX = "^[A-Za-z0-9_/-]+$";
+    public static final String QUERY_PARAM_NO_WHITESPACE_MESSAGE = "Query parameter must contain only alphanumeric characters, hyphens, underscores, and forward slashes";
     public static final PolicyFactory STRICT_SANITIZATION_POLICY = new HtmlPolicyBuilder().toFactory();
 
 }

calm-hub/src/main/java/org/finos/calm/store/mongo/MongoDecoratorStore.java

@@ -34,58 +34,107 @@ public MongoDecoratorStore(MongoDatabase database, MongoNamespaceStore namespace
 
     @Override
     public List<Integer> getDecoratorsForNamespace(String namespace, String target, String type) throws NamespaceNotFoundException {
+        validateNamespace(namespace);
+        
+        Document namespaceDocument = fetchNamespaceDocument(namespace);
+        if (namespaceDocument == null || namespaceDocument.isEmpty()) {
+            LOG.debug("No decorators found for namespace '{}'", namespace);
+            return List.of();
+        }
+
+        List<Document> decorators = extractDecorators(namespaceDocument, namespace);
+        if (decorators.isEmpty()) {
+            return List.of();
+        }
+
+        List<Integer> decoratorIds = filterDecorators(decorators, target, type);
+
+        LOG.debug("Retrieved {} decorators for namespace '{}' with filters (target: {}, type: {})", 
+                decoratorIds.size(), namespace, target, type);
+        return decoratorIds;
+    }
+
+    /**
+     * Validates that the namespace exists, throwing an exception if it doesn't
+     */
+    private void validateNamespace(String namespace) throws NamespaceNotFoundException {
         if (!namespaceStore.namespaceExists(namespace)) {
             LOG.warn("Namespace '{}' not found when retrieving decorators", namespace);
             throw new NamespaceNotFoundException();
         }
+    }
 
-        Document namespaceDocument = decoratorCollection.find(Filters.eq("namespace", namespace)).first();
-
-        // Protects from an unpopulated mongo collection
-        if (namespaceDocument == null || namespaceDocument.isEmpty()) {
-            LOG.debug("No decorators found for namespace '{}'", namespace);
-            return List.of();
-        }
+    /**
+     * Fetches the namespace document from MongoDB
+     */
+    private Document fetchNamespaceDocument(String namespace) {
+        return decoratorCollection.find(Filters.eq("namespace", namespace)).first();
+    }
 
+    /**
+     * Extracts the list of decorators from the namespace document
+     */
+    private List<Document> extractDecorators(Document namespaceDocument, String namespace) {
         List<Document> decorators = namespaceDocument.getList("decorators", Document.class);
         if (decorators == null || decorators.isEmpty()) {
             LOG.debug("Decorators list is empty for namespace '{}'", namespace);
             return List.of();
         }
+        return decorators;
+    }
 
+    /**
+     * Filters decorators based on target and type criteria
+     */
+    private List<Integer> filterDecorators(List<Document> decorators, String target, String type) {
         List<Integer> decoratorIds = new ArrayList<>();
+        
         for (Document decoratorDoc : decorators) {
             Integer decoratorId = decoratorDoc.getInteger("decoratorId");
             if (decoratorId == null) {
                 continue;
             }
 
-            // Apply filters if provided
             Document decorator = decoratorDoc.get("decorator", Document.class);
-            if (decorator != null) {
-                // Filter by type if provided
-                if (type != null && !type.isEmpty()) {
-                    String decoratorType = decorator.getString("type");
-                    if (decoratorType == null || !decoratorType.equals(type)) {
-                        continue;
-                    }
-                }
-
-                // Filter by target if provided
-                if (target != null && !target.isEmpty()) {
-                    @SuppressWarnings("unchecked")
-                    List<String> targets = (List<String>) decorator.get("target");
-                    if (targets == null || !targets.contains(target)) {
-                        continue;
-                    }
-                }
+            if (decorator != null && matchesFilters(decorator, target, type)) {
+                decoratorIds.add(decoratorId);
+            } else if (decorator == null) {
+                decoratorIds.add(decoratorId);
             }
+        }
+        
+        return decoratorIds;
+    }
+
+    /**
+     * Checks if a decorator matches the provided filters
+     */
+    private boolean matchesFilters(Document decorator, String target, String type) {
+        return matchesTypeFilter(decorator, type) && matchesTargetFilter(decorator, target);
+    }
 
-            decoratorIds.add(decoratorId);
+    /**
+     * Checks if the decorator matches the type filter (if provided)
+     */
+    private boolean matchesTypeFilter(Document decorator, String type) {
+        if (type == null || type.isEmpty()) {
+            return true;
         }
+        
+        String decoratorType = decorator.getString("type");
+        return decoratorType != null && decoratorType.equals(type);
+    }
 
-        LOG.debug("Retrieved {} decorators for namespace '{}' with filters (target: {}, type: {})", 
-                decoratorIds.size(), namespace, target, type);
-        return decoratorIds;
+    /**
+     * Checks if the decorator matches the target filter (if provided)
+     */
+    private boolean matchesTargetFilter(Document decorator, String target) {
+        if (target == null || target.isEmpty()) {
+            return true;
+        }
+        
+        @SuppressWarnings("unchecked")
+        List<String> targets = (List<String>) decorator.get("target");
+        return targets != null && targets.contains(target);
     }
 }

calm-hub/src/main/java/org/finos/calm/store/nitrite/NitriteDecoratorStore.java

@@ -45,65 +45,115 @@ public NitriteDecoratorStore(@StandaloneQualifier Nitrite db, NitriteNamespaceSt
 
     @Override
     public List<Integer> getDecoratorsForNamespace(String namespace, String target, String type) throws NamespaceNotFoundException {
+        validateNamespace(namespace);
+        
+        Document namespaceDoc = fetchNamespaceDocument(namespace);
+        if (namespaceDoc == null) {
+            LOG.debug("No decorators found for namespace '{}'", namespace);
+            return List.of();
+        }
+
+        List<Document> decorators = extractDecorators(namespaceDoc, namespace);
+        if (decorators.isEmpty()) {
+            return List.of();
+        }
+
+        List<Integer> decoratorIds = filterDecorators(decorators, target, type);
+
+        LOG.debug("Retrieved {} decorators for namespace '{}' with filters (target: {}, type: {})", 
+                decoratorIds.size(), namespace, target, type);
+        return decoratorIds;
+    }
+
+    /**
+     * Validates that the namespace exists, throwing an exception if it doesn't
+     */
+    private void validateNamespace(String namespace) throws NamespaceNotFoundException {
         if (!namespaceStore.namespaceExists(namespace)) {
             LOG.warn("Namespace '{}' not found when retrieving decorators", namespace);
             throw new NamespaceNotFoundException();
         }
+    }
 
+    /**
+     * Fetches the namespace document from NitriteDB
+     */
+    private Document fetchNamespaceDocument(String namespace) {
         Filter filter = where(NAMESPACE_FIELD).eq(namespace);
-        Document namespaceDoc = decoratorCollection.find(filter).firstOrNull();
-
-        if (namespaceDoc == null) {
-            LOG.debug("No decorators found for namespace '{}'", namespace);
-            return List.of();
-        }
+        return decoratorCollection.find(filter).firstOrNull();
+    }
 
+    /**
+     * Extracts the list of decorators from the namespace document
+     */
+    private List<Document> extractDecorators(Document namespaceDoc, String namespace) {
         TypeSafeNitriteDocument<Document> typeSafeDoc = new TypeSafeNitriteDocument<>(namespaceDoc, Document.class);
         List<Document> decorators = typeSafeDoc.getList(DECORATORS_FIELD);
 
         if (decorators == null || decorators.isEmpty()) {
             LOG.debug("Decorators list is empty for namespace '{}'", namespace);
             return List.of();
         }
+        return decorators;
+    }
 
+    /**
+     * Filters decorators based on target and type criteria
+     */
+    private List<Integer> filterDecorators(List<Document> decorators, String target, String type) {
         List<Integer> decoratorIds = new ArrayList<>();
+        
         for (Document decoratorDoc : decorators) {
             Integer decoratorId = decoratorDoc.get(DECORATOR_ID_FIELD, Integer.class);
             if (decoratorId == null) {
                 continue;
             }
 
-            // Apply filters if provided
             Document decorator = decoratorDoc.get("decorator", Document.class);
-            if (decorator != null) {
-                // Filter by type if provided
-                if (type != null && !type.isEmpty()) {
-                    String decoratorType = decorator.get("type", String.class);
-                    if (decoratorType == null || !decoratorType.equals(type)) {
-                        continue;
-                    }
-                }
-
-                // Filter by target if provided
-                if (target != null && !target.isEmpty()) {
-                    Object targetObj = decorator.get("target");
-                    List<String> targets = null;
-                    if (targetObj instanceof List) {
-                        @SuppressWarnings("unchecked")
-                        List<String> targetList = (List<String>) targetObj;
-                        targets = targetList;
-                    }
-                    if (targets == null || !targets.contains(target)) {
-                        continue;
-                    }
-                }
+            if (decorator != null && matchesFilters(decorator, target, type)) {
+                decoratorIds.add(decoratorId);
+            } else if (decorator == null) {
+                decoratorIds.add(decoratorId);
             }
+        }
+        
+        return decoratorIds;
+    }
 
-            decoratorIds.add(decoratorId);
+    /**
+     * Checks if a decorator matches the provided filters
+     */
+    private boolean matchesFilters(Document decorator, String target, String type) {
+        return matchesTypeFilter(decorator, type) && matchesTargetFilter(decorator, target);
+    }
+
+    /**
+     * Checks if the decorator matches the type filter (if provided)
+     */
+    private boolean matchesTypeFilter(Document decorator, String type) {
+        if (type == null || type.isEmpty()) {
+            return true;
         }
+        
+        String decoratorType = decorator.get("type", String.class);
+        return decoratorType != null && decoratorType.equals(type);
+    }
 
-        LOG.debug("Retrieved {} decorators for namespace '{}' with filters (target: {}, type: {})", 
-                decoratorIds.size(), namespace, target, type);
-        return decoratorIds;
+    /**
+     * Checks if the decorator matches the target filter (if provided)
+     */
+    private boolean matchesTargetFilter(Document decorator, String target) {
+        if (target == null || target.isEmpty()) {
+            return true;
+        }
+        
+        Object targetObj = decorator.get("target");
+        if (!(targetObj instanceof List)) {
+            return false;
+        }
+        
+        @SuppressWarnings("unchecked")
+        List<String> targets = (List<String>) targetObj;
+        return targets.contains(target);
     }
 }