dscf-credit 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48da97a9ea6344abf871d97bda581670dbe6091760ff9a0eab34d1816d548236
-  data.tar.gz: 1eee4be4d65744fde0baa13e865a82dc1482789a6c6cdabbd16deab05c2f6683
+  metadata.gz: b35f1bc98830d1d76e49d13013a97834b16869ec489051f568c46c4903cef9ec
+  data.tar.gz: 44a24524ca9e31bf9cdb5cff42f646797e0e0b37272af32a16e3360639bc4265
 SHA512:
-  metadata.gz: 5b5ecf3fb9ccd373f8ba718348f52d5b06a5c033e0b7a706ef8cc2eb60e35b7a43d5a315e5bb3b9cf7896198ff935cdce46ef6ac2b65f0d6eb6891c90a5a4a42
-  data.tar.gz: 66377466c007cb2880434c37fc25db5da940c644e1d2c8c5131e39e7e451fb5e73d1a38e2fa44b383b4692bfc9913e4a8bfbc73dd9fa657dd7fa8b451a0536f2
+  metadata.gz: 472712641c58af0d94c581c153a1123137224bcac23ad1f30fab921c8d327868de5a24cf5bac794720334b8a82a26b21ed047f52e933a55c1bccc6003965b992
+  data.tar.gz: 89205acba56392bae6b7da14ef7c096e22f685bd558544c421a25e6399642d3ada0e5eef182440c1acfe8f6ceff07e7f6d11ebe0dfac4497ecb7dcef05bd6416

data/app/controllers/concerns/dscf/core/authenticatable.rb

@@ -0,0 +1,81 @@
+module Dscf
+  module Core
+    module Authenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :authenticate_user, if: :authentication_required?
+        rescue_from AuthenticationError, with: :handle_authentication_error
+      end
+
+      def current_user
+        @current_user ||= authenticate_from_token
+      end
+
+      def authenticate_user!
+        raise AuthenticationError, "Authentication required" unless current_user
+      end
+
+      def authenticate_user
+        authenticate_user! if authentication_required?
+      end
+
+      def sign_in(user, request)
+        tokens = user.generate_auth_tokens(request)
+        @current_user = user
+        tokens
+      end
+
+      def sign_out
+        # Revoke the current refresh token if available
+        refresh_token_value = extract_refresh_token_from_params
+        AuthService.revoke_refresh_token(refresh_token_value) if refresh_token_value
+        @current_user = nil
+      end
+
+      def refresh_token
+        refresh_token_value = extract_refresh_token_from_params
+        return nil unless refresh_token_value
+
+        begin
+          AuthService.refresh_access_token(refresh_token_value, request)
+        rescue AuthenticationError
+          nil
+        end
+      end
+
+      private
+
+      def authenticate_from_token
+        access_token = extract_access_token_from_header
+        return nil unless access_token
+
+        payload = TokenService.decode(access_token)
+        return nil unless payload && payload["type"] == "access"
+
+        User.find_by(id: payload["user_id"])
+      rescue AuthenticationError
+        nil
+      end
+
+      def extract_access_token_from_header
+        auth_header = request.headers["Authorization"]
+        return nil unless auth_header&.start_with?("Bearer ")
+
+        auth_header.split(" ").last
+      end
+
+      def extract_refresh_token_from_params
+        params[:refresh_token]
+      end
+
+      def authentication_required?
+        true # Override in specific controllers if needed
+      end
+
+      def handle_authentication_error(error)
+        render json: error.to_hash, status: error.status_code
+      end
+    end
+  end
+end

data/app/controllers/concerns/dscf/core/common.rb

@@ -0,0 +1,200 @@
+module Dscf
+  module Core
+    module Common
+      extend ActiveSupport::Concern
+      include Dscf::Core::Pagination
+      include Dscf::Core::JsonResponse
+      include Dscf::Core::Filterable
+
+      included do
+        before_action :set_clazz
+        before_action :set_object, only: %i[show update]
+      end
+
+      def index
+        data = nil
+        options = {}
+        if block_given?
+          incoming = yield
+          if incoming.instance_of?(Array)
+            data, options = incoming
+          elsif incoming.instance_of?(Hash)
+            options = incoming
+          else
+            data = incoming
+          end
+        else
+          data = @clazz.all
+        end
+
+        # Apply eager loading if defined
+        data = data.includes(eager_loaded_associations) if eager_loaded_associations.present?
+
+        # Apply Ransack filtering
+        data = filter_records(data)
+
+        # Get total count before pagination
+        total_count = data.count if params[:page]
+
+        data = data.then(&paginate) if params[:page]
+
+        # Add action specific serializer includes
+        includes = serializer_includes_for_action(:index)
+        options[:include] = includes if includes.present?
+
+        # Add pagination metadata if paginated
+        if params[:page]
+          total_pages = (total_count.to_f / per_page).ceil
+          count = data.is_a?(Array) ? data.length : data.count
+
+          options[:pagination] = {
+            current_page: page_no,
+            per_page: per_page,
+            count: count,
+            total_count: total_count,
+            total_pages: total_pages,
+            links: pagination_links(total_pages)
+          }
+        end
+
+        render_success(data: data, serializer_options: options)
+      end
+
+      def show
+        data = nil
+        options = {}
+        if block_given?
+          incoming = yield
+          if incoming.instance_of?(Array)
+            data, options = incoming
+          elsif incoming.instance_of?(Hash)
+            data = @obj
+            options = incoming
+          else
+            data = incoming
+          end
+        else
+          data = @obj
+        end
+
+        data = @clazz.includes(eager_loaded_associations).find(params[:id]) if data.is_a?(@clazz) && eager_loaded_associations.present?
+
+        includes = serializer_includes_for_action(:show)
+        options[:include] = includes if includes.present?
+
+        render_success(data: data, serializer_options: options)
+      end
+
+      def create
+        obj = nil
+        options = {}
+        if block_given?
+          incoming = yield
+          if incoming.instance_of?(Array)
+            obj, options = incoming
+          elsif incoming.instance_of?(Hash)
+            obj = @clazz.new(model_params)
+            options = incoming
+          else
+            obj = incoming
+          end
+        else
+          obj = @clazz.new(model_params)
+        end
+
+        if obj.save
+          obj = @clazz.includes(eager_loaded_associations).find(obj.id) if eager_loaded_associations.present?
+
+          includes = serializer_includes_for_action(:create)
+          options[:include] = includes if includes.present?
+
+          render_success(data: obj, serializer_options: options, status: :created)
+        else
+          render_error(errors: obj.errors.full_messages[0], status: :unprocessable_entity)
+        end
+      rescue StandardError => e
+        render_error(error: e.message)
+      end
+
+      def update
+        obj = nil
+        options = {}
+        if block_given?
+          incoming = yield
+          if incoming.instance_of?(Array)
+            obj, options = incoming
+          elsif incoming.instance_of?(Hash)
+            obj = set_object
+            options = incoming
+          else
+            obj = incoming
+          end
+        else
+          obj = set_object
+        end
+
+        if obj.update(model_params)
+          obj = @clazz.includes(eager_loaded_associations).find(obj.id) if eager_loaded_associations.present?
+
+          includes = serializer_includes_for_action(:update)
+          options[:include] = includes if includes.present?
+
+          render_success(data: obj, serializer_options: options)
+        else
+          render_error(errors: obj.errors.full_messages[0], status: :unprocessable_entity)
+        end
+      rescue StandardError => e
+        render_error(error: e.message)
+      end
+
+      private
+
+      def set_clazz
+        model_name = controller_name.classify
+
+        controller_namespace = self.class.name.deconstantize
+        engine_namespace = controller_namespace.split("::")[0..1].join("::")
+
+        @clazz = "#{engine_namespace}::#{model_name}".constantize
+      rescue NameError
+        @clazz = "Dscf::Core::#{model_name}".constantize
+      end
+
+      def set_object
+        @obj = if eager_loaded_associations.present?
+                 @clazz.includes(eager_loaded_associations).find(params[:id])
+               else
+                 @clazz.find(params[:id])
+               end
+      end
+
+      # Override in controllers to define what to eager load
+      def eager_loaded_associations
+        []
+      end
+
+      # Override in controllers to define allowed order columns for pagination
+      def allowed_order_columns
+        %w[id created_at updated_at]
+      end
+
+      # Override in controllers to define serializer includes
+      def default_serializer_includes
+        {}
+      end
+
+      def serializer_includes_for_action(action)
+        includes = default_serializer_includes
+
+        if includes.is_a?(Hash)
+          includes[action] || includes[:default] || []
+        else
+          includes.present? ? includes : []
+        end
+      end
+
+      # This method should be overridden by respective child controllers
+      def model_params; end
+    end
+  end
+end

data/app/controllers/concerns/dscf/core/filterable.rb

@@ -0,0 +1,12 @@
+module Dscf
+  module Core
+    module Filterable
+      extend ActiveSupport::Concern
+
+      def filter_records(records)
+        @q = records.ransack(params[:q])
+        @q.result(distinct: true)
+      end
+    end
+  end
+end

data/app/controllers/concerns/dscf/core/json_response.rb

@@ -0,0 +1,77 @@
+module Dscf
+  module Core
+    module JsonResponse
+      extend ActiveSupport::Concern
+
+      def serialize(data, options = {})
+        case data
+        when ActiveRecord::Base, ActiveRecord::Relation
+          ActiveModelSerializers::SerializableResource.new(data, options)
+        when Hash
+          # Handle hash data with potential serializer options
+          serialized_hash = {}
+          data.each do |key, value|
+            if options[key] && value.is_a?(ActiveRecord::Base)
+              # Use specific serializer for this key if provided
+              serializer_opts = options[key].is_a?(Hash) ? options[key] : {}
+              serialized_hash[key] = ActiveModelSerializers::SerializableResource.new(value, serializer_opts)
+            else
+              serialized_hash[key] = serialize(value, options)
+            end
+          end
+          serialized_hash
+        when Array
+          data.map { |value| serialize(value, options) }
+        else
+          data
+        end
+      end
+
+      def render_success(message_key = nil, data: nil, status: :ok, serializer_options: {}, **options)
+        response = {success: true}
+
+        if message_key
+          response[:message] = I18n.t(message_key)
+        else
+          model_key  = @clazz&.name&.demodulize&.underscore
+          action_key = action_name
+          i18n_key   = "#{model_key}.success.#{action_key}"
+
+          response[:message] = I18n.t(i18n_key) if I18n.exists?(i18n_key)
+        end
+
+        if data
+          serialized_data = serialize(data, serializer_options)
+          response[:data] = serialized_data
+        end
+
+        # Add pagination metadata if present (handled by Common concern)
+        response[:pagination] = serializer_options[:pagination] if serializer_options[:pagination]
+
+        response.merge!(options)
+        render json: response, status: status
+      end
+
+      def render_error(message_key = nil, status: :unprocessable_entity, errors: nil, **options)
+        response = {
+          success: false
+        }
+
+        if message_key
+          response[:error] = I18n.t(message_key)
+        else
+          model_key  = @clazz&.name&.demodulize&.underscore
+          action_key = action_name
+          i18n_key   = "#{model_key}.errors.#{action_key}"
+
+          response[:error] = I18n.t(i18n_key) if I18n.exists?(i18n_key)
+        end
+
+        response[:errors] = errors if errors
+        response.merge!(options)
+
+        render json: response, status: status
+      end
+    end
+  end
+end

data/app/controllers/concerns/dscf/core/pagination.rb

@@ -0,0 +1,71 @@
+module Dscf
+  module Core
+    module Pagination
+      extend ActiveSupport::Concern
+
+      def default_per_page
+        10
+      end
+
+      def page_no
+        params[:page]&.to_i || 1
+      end
+
+      def per_page
+        params[:per_page]&.to_i || default_per_page
+      end
+
+      def paginate_offset
+        (page_no - 1) * per_page
+      end
+
+      def order_by
+        allowed_columns = if respond_to?(:allowed_order_columns, true)
+                            allowed_order_columns
+                          else
+                            %w[id created_at updated_at]
+                          end
+        requested_column = params.fetch(:order_by, "id").to_s
+        allowed_columns.include?(requested_column) ? requested_column : "id"
+      end
+
+      def order_direction
+        if %w[asc desc].include?(params.fetch(:order_direction, "asc").to_s.downcase)
+          params.fetch(:order_direction, "asc").to_s.downcase
+        else
+          "asc"
+        end
+      end
+
+      def paginate
+        ->(it) { it.limit(per_page).offset(paginate_offset).order("#{order_by}": order_direction) }
+      end
+
+      # Generate HATEOAS pagination links
+      def pagination_links(total_pages)
+        base_path = request.path
+        current_params = request.query_parameters.except("page")
+
+        links = {}
+
+        links[:first] = build_page_url(base_path, current_params, 1)
+
+        links[:prev] = (build_page_url(base_path, current_params, page_no - 1) if page_no > 1)
+
+        links[:next] = (build_page_url(base_path, current_params, page_no + 1) if page_no < total_pages)
+
+        links[:last] = build_page_url(base_path, current_params, total_pages)
+
+        links
+      end
+
+      private
+
+      def build_page_url(base_path, params, page)
+        params_with_page = params.merge(page: page, per_page: per_page)
+        query_string = params_with_page.to_query
+        "#{base_path}?#{query_string}"
+      end
+    end
+  end
+end

data/app/controllers/concerns/dscf/core/token_authenticatable.rb

@@ -0,0 +1,53 @@
+module Dscf
+  module Core
+    module TokenAuthenticatable
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :validate_token_expiry
+        before_action :validate_device_consistency, if: :current_user
+      end
+
+      def validate_token_expiry
+        return unless current_user
+
+        access_token = extract_access_token_from_header
+        return unless access_token
+
+        payload = TokenService.decode(access_token)
+        return unless payload
+
+        # Check if token is close to expiry (within 5 minutes)
+        if payload["exp"] && payload["exp"] - Time.current.to_i < 300
+          Rails.logger.info("Access token close to expiry for user #{current_user.id}")
+        end
+      rescue AuthenticationError
+        handle_expired_token
+      end
+
+      def validate_device_consistency
+        return unless current_user && request.params[:device_id]
+
+        refresh_token_record = current_user.refresh_tokens.active.find_by(device: request.params[:device_id])
+        return if refresh_token_record
+
+        # Device mismatch - could indicate suspicious activity
+        Rails.logger.warn("Device mismatch for user #{current_user.id}: #{request.params[:device_id]}")
+      end
+
+      def require_valid_refresh_token
+        refresh_token_value = extract_refresh_token_from_params
+        return if refresh_token_value && RefreshToken.active.exists?(refresh_token: refresh_token_value)
+
+        raise AuthenticationError, "Valid refresh token required"
+      end
+
+      private
+
+      def handle_expired_token
+        Rails.logger.warn("Expired token detected for request to #{request.path}")
+        raise AuthenticationError, "Session expired"
+      end
+    end
+  end
+end

data/app/controllers/concerns/dscf/credit/reviewable.rb

@@ -0,0 +1,112 @@
+module Dscf
+  module Credit
+    module Reviewable
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :set_reviewable_resource, only: %i[approve reject request_modification resubmit]
+      end
+
+      # PATCH /resource/:id/approve
+      def approve
+        if reviewable_resource.update(
+            status: :approved,
+            reviewed_by: current_reviewer,
+            review_date: Time.current
+          )
+          render_success(data: reviewable_resource)
+        else
+          render_error(errors: reviewable_resource.errors.full_messages)
+        end
+      end
+
+      # PATCH /resource/:id/request_modification
+      def request_modification
+        feedback = safe_feedback_param! or return
+
+        if reviewable_resource.update(
+            status: :modify,
+            review_feedback: feedback,
+            reviewed_by: current_reviewer,
+            review_date: Time.current
+          )
+          render_success(data: reviewable_resource)
+        else
+          render_error(errors: reviewable_resource.errors.full_messages)
+        end
+      end
+
+      # PATCH /resource/:id/reject
+      def reject
+        feedback = safe_feedback_param! or return
+
+        unless feedback.key?("message")
+          return render_error(errors: "Provide review_feedback with a 'message' key")
+        end
+
+        if reviewable_resource.update(
+            status: :rejected,
+            review_feedback: feedback,
+            reviewed_by: current_reviewer,
+            review_date: Time.current
+          )
+          render_success(data: reviewable_resource)
+        else
+          render_error(errors: reviewable_resource.errors.full_messages)
+        end
+      end
+
+      # PATCH /resource/:id/resubmit
+      def resubmit
+        unless reviewable_resource.status.to_s == "modify"
+          return render_error(errors: "Only items with status 'modify' can be resubmitted", status: :unprocessable_entity)
+        end
+
+        updates = model_params.merge(
+          status: :pending,
+          review_feedback: {},
+        )
+
+        if reviewable_resource.update(updates)
+          render_success(data: reviewable_resource)
+        else
+          render_error(errors: reviewable_resource.errors.full_messages)
+        end
+      end
+
+      private
+
+      def safe_feedback_param!
+        feedback = params[:review_feedback]
+        unless feedback.respond_to?(:to_unsafe_h)
+          render_error(errors: "review_feedback must be a JSON object") and return
+        end
+        feedback.to_unsafe_h
+      end
+
+      def model_class
+        model_name = controller_name.classify
+
+        controller_namespace = self.class.name.deconstantize
+        "#{controller_namespace}::#{model_name}".constantize
+      rescue NameError
+        model_name.constantize
+      end
+
+      def reviewable_resource
+        @reviewable_resource ||= model_class.find(params[:id])
+      end
+
+      # Override if current_user is not the reviewer
+      def current_reviewer
+        current_user
+      end
+
+      def set_reviewable_resource
+        reviewable_resource
+      rescue ActiveRecord::RecordNotFound => e
+        render_error("errors.record_not_found", status: :not_found, errors: [ e.message ])
+      end
+    end
+  end
+end

data/app/controllers/dscf/credit/categories_controller.rb

@@ -8,24 +8,25 @@ module Dscf::Credit
       params.require(:category).permit(
         :type,
         :name,
-        :description
+        :description,
+        :document_reference
       )
     end
 
     def eager_loaded_associations
-      [ :credit_lines ]
+      [ :credit_lines, :scoring_tables, :scoring_parameters ]
     end
 
     def allowed_order_columns
-      %w[id type name description created_at updated_at]
+      %w[id type name description document_reference created_at updated_at]
     end
 
     def default_serializer_includes
       {
         index: [],
-        show: [ :credit_lines ],
+        show: [ :credit_lines, :scoring_tables, :scoring_parameters ],
         create: [],
-        update: [ :credit_lines ]
+        update: [ :credit_lines, :scoring_tables, :scoring_parameters ]
       }
     end
   end

data/app/controllers/dscf/credit/credit_limit_calculations_controller.rb

@@ -0,0 +1,50 @@
+module Dscf::Credit
+  class CreditLimitCalculationsController < ApplicationController
+    def create
+      loan_profile = Dscf::Credit::LoanProfile.find(params[:loan_profile_id])
+      category = Dscf::Credit::Category.find(params[:category_id])
+
+      service = Dscf::Credit::CreditLimitCalculationService.new(loan_profile, category)
+      result = service.calculate_credit_limits
+
+      if result[:success]
+        render_success(
+          "credit_limit_calculation.success.create",
+          data: {
+            loan_profile: loan_profile,
+            category: category,
+            eligible_credit_lines: result[:data],
+            calculation_summary: {
+              total_credit_lines_processed: result[:count],
+              calculated_at: Time.current
+            }
+          },
+          serializer_options: {
+            include: [
+              :eligible_credit_lines,
+              { eligible_credit_lines: [ :credit_line ] }
+            ]
+          }
+        )
+      else
+        render_error(
+          "credit_limit_calculation.errors.create",
+          errors: [ result[:error] ],
+          status: :unprocessable_entity
+        )
+      end
+    rescue ActiveRecord::RecordNotFound => e
+      render_error(
+        "credit_limit_calculation.errors.not_found",
+        errors: [ e.message ],
+        status: :not_found
+      )
+    rescue StandardError => e
+      render_error(
+        "credit_limit_calculation.errors.create",
+        errors: [ e.message ],
+        status: :internal_server_error
+      )
+    end
+  end
+end