updates

chtrembl · Nov 10, 2023 · c9e76a6 · c9e76a6
1 parent f2a9c7b
commit c9e76a6
Show file tree

Hide file tree

Showing 6 changed files with 81 additions and 17 deletions.
diff --git a/...tstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/PetStoreControllerAdvice.java b/...tstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/PetStoreControllerAdvice.java
@@ -1,6 +1,7 @@
 package com.chtrembl.petstoreapp.controller;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -10,6 +11,7 @@
 import org.springframework.cache.caffeine.CaffeineCache;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ModelAttribute;
@@ -39,7 +41,7 @@ public void setModel(HttpServletRequest request, Model model, OAuth2Authenticati
 		com.github.benmanes.caffeine.cache.Cache<Object, Object> nativeCache = caffeineCache.getNativeCache();
 
 		// this is used for n tier correlated Telemetry. Keep the same one for anonymous
-		// sessions that get authenticateds
+		// sessions that get authenticated so they can persist for seamless flow of logs (public user to private) use the jSessionId for true JSESSION use
 		if (this.sessionUser.getSessionId() == null) {
 			String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();
 			this.sessionUser.setSessionId(sessionId);
@@ -92,6 +94,19 @@ public void setModel(HttpServletRequest request, Model model, OAuth2Authenticati
 		MDC.put("session_Id", this.sessionUser.getSessionId());
 
 		model.addAttribute("sid", this.sessionUser.getSessionId());
+
+	    HttpSession session = request.getSession(false);
+		if (session != null) {
+			String jsessionId = session.getId();
+			this.sessionUser.setJSessionId(jsessionId);
+		}
+
+		String message = "";
+		if(!this.sessionUser.getSessionId().equals(this.sessionUser.getJSessionId()))
+		{
+			message = " these are different because the public user ended up logging in and we maintain the original for n-tiered correlated telemtry";
+		}
+		logger.info("session id: " + this.sessionUser.getSessionId() + " jsession id: " + this.sessionUser.getJSessionId()+ message);
 	}
 
 }
diff --git a/...tore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/RestAPIController.java b/...tore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/RestAPIController.java
@@ -1,19 +1,17 @@
 package com.chtrembl.petstoreapp.controller;
 
-import java.net.http.HttpRequest;
 import java.util.Map;
 import java.util.Optional;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -28,6 +26,7 @@
  */
 @RestController
 public class RestAPIController {
+	private static Logger logger = LoggerFactory.getLogger(RestAPIController.class);
 
 	@Autowired
 	private User sessionUser;
@@ -54,8 +53,12 @@ public String sessionid() {
 	// helper api call for soul machines dp demo... POST URL Encoding intermittent missing headers with POST/FORM Encoding hence the GET hack with UUID
 	@GetMapping(value = "/api/updatecart", produces = MediaType.TEXT_HTML_VALUE)
 	public String updatecart(Model model, @RequestParam Map<String, String> params, HttpServletRequest request) {
-		if(params.get("csrf") == null || !params.get("csrf").equals(new HttpSessionCsrfTokenRepository().loadToken(request).getToken().toString()))
-		{
+		logger.info("session: " + this.sessionUser.getSessionId());
+		logger.info("jsession: " + this.sessionUser.getJSessionId());
+		logger.info("csrf: " + this.sessionUser.getCsrfToken());
+
+		if(params.get("csrf") == null || !params.get("csrf").equals(this.sessionUser.getCsrfToken()))
+			{
 			return "Invalid CSRF token";
 		}
 
@@ -88,6 +91,10 @@ public String updatecart(Model model, @RequestParam Map<String, String> params,
 	// helper api call for soul machines dp demo... POST URL Encoding intermittent missing headers with POST/FORM Encoding hence the GET hack with UUID
 	@GetMapping(value = "/api/viewcart", produces = MediaType.TEXT_HTML_VALUE)
 	public String viewcart() {
+		logger.info("session: " + this.sessionUser.getSessionId());
+		logger.info("jsession: " + this.sessionUser.getJSessionId());
+		logger.info("csrf: " + this.sessionUser.getCsrfToken());
+
 		this.sessionUser.getTelemetryClient().trackEvent(
 				String.format("PetStoreApp user %s requesting view cart", this.sessionUser.getName()),
 				this.sessionUser.getCustomEventProperties(), null);
@@ -113,19 +120,23 @@ public String viewcart() {
 
 	// helper api call for soul machines dp demo... POST URL Encoding intermittent missing headers with POST/FORM Encoding hence the GET hack with UUID
 	@GetMapping(value = "/api/completecart", produces = MediaType.TEXT_HTML_VALUE)
-	public String completecart(Model model, @RequestParam Map<String, String> params, HttpServletRequest request, OAuth2AuthenticationToken token) {
-		if(params.get("csrf") == null || !params.get("csrf").equals(new HttpSessionCsrfTokenRepository().loadToken(request).getToken().toString()))
+	public String completecart(Model model, @RequestParam Map<String, String> params, HttpServletRequest request) {
+		logger.info("session: " + this.sessionUser.getSessionId());
+		logger.info("jsession: " + this.sessionUser.getJSessionId());
+		logger.info("csrf: " + this.sessionUser.getCsrfToken());
+
+		if(params.get("csrf") == null || !params.get("csrf").equals(this.sessionUser.getCsrfToken()))
 		{
-			return "Invalid CSRF token";
+			return "Invalid CSRF token incoming was '" + params.get("csrf")+"'";
 		}
 
 		this.sessionUser.getTelemetryClient().trackEvent(
 				String.format("PetStoreApp user %s requesting complete cart", this.sessionUser.getName()),
 				this.sessionUser.getCustomEventProperties(), null);
 
-		if(token == null)
+		if(this.sessionUser.getSessionId().equals(this.sessionUser.getJSessionId()))
 		{
-			return "You must be logged in to complete your order.";
+			return "Please login to complete your order.";
 		}
 
 		try
@@ -142,7 +153,10 @@ public String completecart(Model model, @RequestParam Map<String, String> params
 	// helper api call for soul machines dp demo...
 	@GetMapping(value = "/api/cartcount", produces = MediaType.TEXT_HTML_VALUE)
 	public String cartcount() {
-
+		logger.info("session: " + this.sessionUser.getSessionId());
+		logger.info("jsession: " + this.sessionUser.getJSessionId());
+		logger.info("csrf: " + this.sessionUser.getCsrfToken());
+
 		this.sessionUser.getTelemetryClient().trackEvent(
 				String.format("PetStoreApp user %s requesting cart count", this.sessionUser.getName()),
 				this.sessionUser.getCustomEventProperties(), null);

diff --git a/petstore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/WebAppController.java b/petstore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/controller/WebAppController.java
@@ -275,10 +275,15 @@ public String soulmachines(Model model, HttpServletRequest request, @RequestPara
 			return "redirect:/home";
 		}
 
+		if(new HttpSessionCsrfTokenRepository().loadToken(request) != null)
+		{
+			this.sessionUser.setCsrfToken(new HttpSessionCsrfTokenRepository().loadToken(request).getToken().toString());		
+		}
+
 		String url = request.getRequestURL().toString() + "?" + request.getQueryString();	
 		if(!url.contains("sid") || !url.contains("csrf"))
 		{
-			return "redirect:soulmachines?sid="+this.sessionUser.getSessionId()+"&csrf="+new HttpSessionCsrfTokenRepository().loadToken(request).getToken().toString();
+			return "redirect:soulmachines?sid="+this.sessionUser.getJSessionId()+"&csrf="+this.sessionUser.getCsrfToken();
 		}
 
 		return "soulmachines";

diff --git a/petstore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/model/User.java b/petstore/petstoreapp/src/main/java/com/chtrembl/petstoreapp/model/User.java
@@ -26,6 +26,9 @@ public class User implements Serializable {
 	private String sessionId = null;
 	private String email = null;
 
+	private String jSessionId = null;
+	private String csrfToken = null;
+
 	// intentionally avoiding spring cache to ensure service calls are made each
 	// time to show Telemetry with APIM requests
 	private List<Pet> pets;
@@ -75,6 +78,22 @@ public void setEmail(String email) {
 		this.email = email;
 	}
 
+	public void setJSessionId(String jSessionId) {
+		this.jSessionId = jSessionId;
+	}
+
+	public String getJSessionId() {
+		return jSessionId;
+	}
+
+	public void setCsrfToken(String csrfToken) {
+		this.csrfToken = csrfToken;
+	}
+
+	public String getCsrfToken() {
+		return csrfToken;
+	}
+
 	public TelemetryClient getTelemetryClient() {
 		return this.telemetryClient;
 	}

diff --git a/...petstoreassistant/src/main/java/com/chtrembl/petstoreassistant/service/AzurePetStore.java b/...petstoreassistant/src/main/java/com/chtrembl/petstoreassistant/service/AzurePetStore.java
@@ -19,9 +19,8 @@ public class AzurePetStore implements IAzurePetStore {
         @Autowired
         private ICosmosDB cosmosDB;
 
-        // investigate why GET is needed instead of POST
-        // POST URL Encoding intermittent missing headers with POST/FORM Encoding hence
-        // the GET hack with UUID
+        // investigate why POST with FORM URL ENCODING wasnt working with Azure Pet Store, the Content-Type is getting dropped in all client libraries
+        // GET is the hack for POC purposes
         private OkHttpClient client = new OkHttpClient().newBuilder().build();
 
         private String UPDATE_CART_URL = "https://azurepetstore.com/api/updatecart";

diff --git a/...tant/src/main/java/com/chtrembl/petstoreassistant/utility/PetStoreAssistantUtilities.java b/...tant/src/main/java/com/chtrembl/petstoreassistant/utility/PetStoreAssistantUtilities.java
@@ -60,6 +60,18 @@ public static DPResponse processAOAIProductsCompletion(String text, HashMap<Stri
             dpResponse.setResponseProductIDs(productIDs);
         }
 
+        // this should become a content card with a carousel of product(s) for now just display description if there is 1 product and override the stuff above
+        if(productIDs.size() == 1)
+        {
+             dpResponseText = "Here is a little information on the " + products.get(productIDs.get(0)).getName() + " " + products.get(productIDs.get(0)).getDescription();
+             dpResponse.setDpResponseText(dpResponseText);
+        }
+        else
+        {
+            // else display the raw AOAI response from our cog search index
+            dpResponseText = text;
+        }
+
         return dpResponse;
     }