@gov-cy/govcy-express-services 0.1.3 β 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +50 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -141,7 +141,7 @@ Here are some details explaining the JSON structure:
|
|
|
141
141
|
A typical service flow that includes pages `index`, `question-1`, `question-2` under the `pages` array in the JSON file looks like this:
|
|
142
142
|
|
|
143
143
|
```mermaid
|
|
144
|
-
flowchart
|
|
144
|
+
flowchart LR
|
|
145
145
|
govcy-page --> isAuth{Is User Authenticated?}
|
|
146
146
|
isAuth -- Yes<br><br> Eligibility Check --> index([:siteId/index])
|
|
147
147
|
isAuth -- No --> cyLogin[cyLogin]
|
|
@@ -380,6 +380,32 @@ With the above config, when a user visits a page under the specific site, `/:sit
|
|
|
380
380
|
|
|
381
381
|
The response is cached to the session storage for the specified number of minutes. If the `cashingTimeoutMinutes` is set to `0`, the API endpoint will be called every time.
|
|
382
382
|
|
|
383
|
+
Here's a flowchart showing how the eligibility checks work:
|
|
384
|
+
|
|
385
|
+
```mermaid
|
|
386
|
+
flowchart LR
|
|
387
|
+
A[π§ User visits /:siteId/* page] --> B{{β Are eligibilityAPIEndpoints configured?}}
|
|
388
|
+
B -- No --> H[β
Access granted<br>Show page]
|
|
389
|
+
B -- Yes --> D[π Loop through API endpoints]
|
|
390
|
+
|
|
391
|
+
D --> D1{{β Is cached response still valid?}}
|
|
392
|
+
D1 -- Yes --> D2[ποΈ Use cached result]
|
|
393
|
+
D1 -- No --> E[π Send request with:<br>- Method GET or POST<br>- Auth header<br>- Params or body]
|
|
394
|
+
|
|
395
|
+
D2 --> F{{β Did cached result<br>have Succeeded: true?}}
|
|
396
|
+
E --> F
|
|
397
|
+
|
|
398
|
+
F -- Yes --> G{{β More endpoints to check?}}
|
|
399
|
+
G -- Yes --> D
|
|
400
|
+
G -- No --> H
|
|
401
|
+
|
|
402
|
+
F -- No --> I[π Check ErrorCode<br>in config]
|
|
403
|
+
I --> J{{β Is ErrorCode in config?}}
|
|
404
|
+
J -- Yes --> K[β Redirect to configured error page]
|
|
405
|
+
J -- No --> L[β Show generic error page]
|
|
406
|
+
|
|
407
|
+
```
|
|
408
|
+
|
|
383
409
|
#### Eligibility API request and response
|
|
384
410
|
|
|
385
411
|
For each eligibility API endpoint, the project sends a request to the API endpoint. The project uses the [CY Connect - OAuth 2.0 (CY Login)](https://dev.azure.com/cyprus-gov-cds/Documentation/_wiki/wikis/Documentation/122/CY-Connect-OAuth-2.0-(CY-Login)) authentication policy, so the user's `<access_token>` is sent in the `Authorization` header.
|
|
@@ -508,6 +534,27 @@ TEST_SUBMISSION_API_SERVIVE_ID=123
|
|
|
508
534
|
|
|
509
535
|
With the above config, when a user submits the `review` page, the service sends a request to the configured submission API endpoint.
|
|
510
536
|
|
|
537
|
+
Here's a flowchart showing how the submission work:
|
|
538
|
+
|
|
539
|
+
```mermaid
|
|
540
|
+
|
|
541
|
+
flowchart LR
|
|
542
|
+
A[π€ User submits review page] --> B[π Send POST request]
|
|
543
|
+
|
|
544
|
+
B --> C{{β Did response have Succeeded: true?}}
|
|
545
|
+
|
|
546
|
+
C -- Yes --> D[β
Show success confirmation with reference code]
|
|
547
|
+
|
|
548
|
+
C -- No --> E[π Check ErrorCode in config]
|
|
549
|
+
E --> F{{β Is ErrorCode in config?}}
|
|
550
|
+
F -- Yes --> G[β Redirect to configured error page]
|
|
551
|
+
F -- No --> H[β Show generic error page]
|
|
552
|
+
|
|
553
|
+
B --> I{{β Did request fail or return invalid response?}}
|
|
554
|
+
I -- Yes --> H
|
|
555
|
+
|
|
556
|
+
```
|
|
557
|
+
|
|
511
558
|
#### Submission API Request and Response
|
|
512
559
|
|
|
513
560
|
**Submission Request:**
|
|
@@ -602,7 +649,7 @@ The data is collected from the form elements and the data layer and are sent via
|
|
|
602
649
|
##### Submission Data Sample
|
|
603
650
|
|
|
604
651
|
<details>
|
|
605
|
-
<summary>
|
|
652
|
+
<summary>Click here for a sample submission data JSON</summary>
|
|
606
653
|
|
|
607
654
|
> βΉοΈ **Note:**
|
|
608
655
|
>
|
|
@@ -1120,6 +1167,7 @@ Absolutely! Hereβs a **ready-to-paste Troubleshooting / FAQ section** you can
|
|
|
1120
1167
|
|
|
1121
1168
|
## π Security note
|
|
1122
1169
|
- Always set a strong, random `SESSION_SECRET` in your `.env` file. Never commit secrets or credentials to version control.
|
|
1170
|
+
- Add `.gitignore` & `.npmignore`: Ensure no real `.env`, `server.key`, or other sensitive files are published.
|
|
1123
1171
|
- In production, ensure cookies are set with `secure`, `httpOnly`, and `sameSite` attributes to protect against common web vulnerabilities.
|
|
1124
1172
|
- Make sure your server is running behind HTTPS in production.
|
|
1125
1173
|
- Regularly rotate secrets and credentials, and restrict access to your `.env` and configuration files.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gov-cy/govcy-express-services",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.4",
|
|
4
4
|
"description": "An Express-based system that dynamically renders services using @gov-cy/govcy-frontend-renderer and posts data to a submission API.",
|
|
5
5
|
"author": "DMRID - DSF Team",
|
|
6
6
|
"license": "MIT",
|