npm - @gov-cy/govcy-express-services - Versions diffs - 0.1.2 → 0.1.4 - Mend

@gov-cy/govcy-express-services 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +51 -3
package/package.json +1 -1
package/src/middleware/govcyReviewPostHandler.mjs +1 -1

package/README.md CHANGED Viewed

@@ -141,7 +141,7 @@ Here are some details explaining the JSON structure:
 A typical service flow that includes pages `index`, `question-1`, `question-2` under the `pages` array in the JSON file looks like this:
 ```mermaid
-flowchart TD
+flowchart LR
     govcy-page --> isAuth{Is User Authenticated?}
     isAuth -- Yes<br><br> Eligibility Check --> index([:siteId/index])
     isAuth -- No --> cyLogin[cyLogin]
@@ -380,6 +380,32 @@ With the above config, when a user visits a page under the specific site, `/:sit
 The response is cached to the session storage for the specified number of minutes. If the `cashingTimeoutMinutes` is set to `0`, the API endpoint will be called every time.
+Here's a flowchart showing how the eligibility checks work:
+```mermaid
+flowchart LR
+    A[🧭 User visits /:siteId/* page] --> B{{❓ Are eligibilityAPIEndpoints configured?}}
+    B -- No --> H[✅ Access granted<br>Show page]
+    B -- Yes --> D[🔁 Loop through API endpoints]
+    D --> D1{{❓ Is cached response still valid?}}
+    D1 -- Yes --> D2[🗃️ Use cached result]
+    D1 -- No --> E[🔄 Send request with:<br>- Method GET or POST<br>- Auth header<br>- Params or body]
+    D2 --> F{{❓ Did cached result<br>have Succeeded: true?}}
+    E --> F
+    F -- Yes --> G{{❓ More endpoints to check?}}
+    G -- Yes --> D
+    G -- No --> H
+    F -- No --> I[📄 Check ErrorCode<br>in config]
+    I --> J{{❓ Is ErrorCode in config?}}
+    J -- Yes --> K[❌ Redirect to configured error page]
+    J -- No --> L[❌ Show generic error page]
+```
 #### Eligibility API request and response
 For each eligibility API endpoint, the project sends a request to the API endpoint. The project uses the [CY Connect - OAuth 2.0 (CY Login)](https://dev.azure.com/cyprus-gov-cds/Documentation/_wiki/wikis/Documentation/122/CY-Connect-OAuth-2.0-(CY-Login)) authentication policy, so the user's `<access_token>` is sent in the `Authorization` header.
@@ -508,6 +534,27 @@ TEST_SUBMISSION_API_SERVIVE_ID=123
 With the above config, when a user submits the `review` page, the service sends a request to the configured submission API endpoint.
+Here's a flowchart showing how the submission work:
+```mermaid
+flowchart LR
+    A[📤 User submits review page] --> B[🔄 Send POST request]
+    B --> C{{❓ Did response have Succeeded: true?}}
+    C -- Yes --> D[✅ Show success confirmation with reference code]
+    C -- No --> E[📄 Check ErrorCode in config]
+    E --> F{{❓ Is ErrorCode in config?}}
+    F -- Yes --> G[❌ Redirect to configured error page]
+    F -- No --> H[❌ Show generic error page]
+    B --> I{{❓ Did request fail or return invalid response?}}
+    I -- Yes --> H
+```
 #### Submission API Request and Response
 **Submission Request:**
@@ -556,7 +603,7 @@ The API is expected to return a JSON response with the following structure (see
   "ErrorCode": 0,
   "ErrorMessage": null,
   "Data": {
-    "submission_id": "12345678-x"
+    "referenceValue": "12345678"
   }
 }
 ```
@@ -602,7 +649,7 @@ The data is collected from the form elements and the data layer and are sent via
 ##### Submission Data Sample
 <details>
-  <summary>Here's a sample submission data JSON (as an object, before stringification)</summary>
+  <summary>Click here for a sample submission data JSON</summary>
 > ℹ️ **Note:**
 >
@@ -1120,6 +1167,7 @@ Absolutely! Here’s a **ready-to-paste Troubleshooting / FAQ section** you can
 ## 🔒 Security note
 - Always set a strong, random `SESSION_SECRET` in your `.env` file. Never commit secrets or credentials to version control.
+- Add `.gitignore` & `.npmignore`: Ensure no real `.env`, `server.key`, or other sensitive files are published.
 - In production, ensure cookies are set with `secure`, `httpOnly`, and `sameSite` attributes to protect against common web vulnerabilities.
 - Make sure your server is running behind HTTPS in production.
 - Regularly rotate secrets and credentials, and restrict access to your `.env` and configuration files.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@gov-cy/govcy-express-services",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "An Express-based system that dynamically renders services using @gov-cy/govcy-frontend-renderer and posts data to a submission API.",
   "author": "DMRID - DSF Team",
   "license": "MIT",

package/src/middleware/govcyReviewPostHandler.mjs CHANGED Viewed

@@ -90,7 +90,7 @@ export function govcyReviewPostHandler() {
                 // Check if the response is successful
                 if (response.Succeeded) {
-                    let referenceNo = response?.Data?.submission_id || "";
+                    let referenceNo = response?.Data?.referenceValue || "";
                     // Add the reference number to the submission data
                     submissionData.referenceNumber = referenceNo;
                     logger.info("✅ Data submitted", siteId, referenceNo);