bcgov · krishnan-aot · Oct 23, 2024 · Oct 29, 2024 · Oct 29, 2024 · Oct 29, 2024
@@ -63,8 +63,8 @@ INSERT INTO
 VALUES
   (
     '3',
-    'POLICY-CONFIG',
-    'ENABLED',
+    'VALIDATE-WITH-POLICY-ENGINE',
+    'DISABLED',
     NULL,
     N'dbo',
     GETUTCDATE(),
@@ -301,7 +301,6 @@ VALUES
     N'dbo',
     GETUTCDATE()
   );
-
 SET
   IDENTITY_INSERT [dbo].[ORBC_FEATURE_FLAG] OFF
 GO
@@ -71,6 +71,7 @@
     "nest-winston": "^1.10.0",
     "nestjs-cls": "^4.5.0",
     "nestjs-typeorm-paginate": "^4.0.4",
+    "onroute-policy-engine": "^1.5.0",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
     "response-time": "^2.3.3",

@@ -20,4 +20,6 @@ export enum CacheKey {
   FEATURE_FLAG_TYPE = 'FEATURE_FLAG_TYPE',
   PERMIT_APPLICATION_ORIGIN = 'PERMIT_APPLICATION_ORIGIN',
   PERMIT_APPROVAL_SOURCE = 'PERMIT_APPROVAL_SOURCE',
+  POLICY_CONFIGURATIONS = 'POLICY_CONFIGURATIONS',
+  ORBC_SERVICE_ACCOUNT_ACCESS_TOKEN = 'ORBC_SERVICE_ACCOUNT_ACCESS_TOKEN',
 }
@@ -2,4 +2,5 @@ export enum GovCommonServices {
   COMMON_HOSTED_EMAIL_SERVICE = 'CHES',
   COMMON_DOCUMENT_GENERATION_SERVICE = 'CDOGS',
   CREDIT_ACCOUNT_SERVICE = 'CREDIT_ACCOUNT',
+  ORBC_SERVICE_ACCOUNT = 'SA',
 }
@@ -124,7 +124,12 @@ function getTokenCredentials(govCommonServices: GovCommonServices): {
       username = process.env.CFS_CREDIT_ACCOUNT_CLIENT_ID;
       password = process.env.CFS_CREDIT_ACCOUNT_CLIENT_SECRET;
       break;
-
+    case GovCommonServices.ORBC_SERVICE_ACCOUNT:
+      tokenCacheKey = CacheKey.ORBC_SERVICE_ACCOUNT_ACCESS_TOKEN;
+      tokenUrl = process.env.ORBC_SERVICE_ACCOUNT_TOKEN_URL;
+      username = process.env.ORBC_SERVICE_ACCOUNT_CLIENT_ID;
+      password = process.env.ORBC_SERVICE_ACCOUNT_CLIENT_SECRET;
+      break;
     default:
       break;
   }

@@ -1,6 +1,12 @@
+import { HttpService } from '@nestjs/axios';
+import { AxiosResponse } from 'axios';
+import { Cache } from 'cache-manager';
 import { Permit } from 'src/modules/permit-application-payment/permit/entities/permit.entity';
-import { PolicyApplication } from '../interface/policy-application.interface';
+import { ReadPolicyConfigDto } from '../../modules/policy/dto/response/read-policy-config.dto';
+import { GovCommonServices } from '../enum/gov-common-services.enum';
 import { PermitData } from '../interface/permit.template.interface';
+import { PolicyApplication } from '../interface/policy-application.interface';
+import { getAccessToken } from './gov-common-services.helper';
 
 export const convertToPolicyApplication = (
   application: Permit,
@@ -10,3 +16,32 @@ export const convertToPolicyApplication = (
     permitData: JSON.parse(application.permitData.permitData) as PermitData,
   };
 };
+
+export const getActivePolicyDefinitions = async (
+  httpService: HttpService,
+  cacheManager: Cache,
+) => {
+  const token = await getAccessToken(
+    GovCommonServices.ORBC_SERVICE_ACCOUNT,
+    httpService,
+    cacheManager,
+  );
+  const response = await httpService.axiosRef.get<
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    any,
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    AxiosResponse<Response, any>,
+    Request
+  >(process.env.ORBC_POLICY_URL + '/policy-configurations', {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/json',
+    },
+  });
+  const policyConfigArray =
+    (await response.data.json()) as ReadPolicyConfigDto[];
+  if (!policyConfigArray.length) {
+    return null;
+  }
+  return policyConfigArray[0];
+};
@@ -7,7 +7,7 @@ const correlationIdFormat = winston.format((info) => {
   const cls = ClsServiceManager.getClsService();
   const correlationId = cls.getId();
   if (correlationId) {
-    // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+    // eslint-disable-next-line @typescript-eslint/restrict-template-expressions, @typescript-eslint/no-base-to-string
     info.message = `[${correlationId}] ${info.message}`;
   }
   return info;

@@ -1,9 +1,22 @@
-import { Injectable } from '@nestjs/common';
+import {
+  Inject,
+  Injectable,
+  InternalServerErrorException,
+} from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
 import { Repository } from 'typeorm';
 import { Country } from './entities/country.entity';
 import { Province } from './entities/province.entity';
 import { LogAsyncMethodExecution } from '../../common/decorator/log-async-method-execution.decorator';
+import { Permit } from '../permit-application-payment/permit/entities/permit.entity';
+import { Policy, ValidationResults } from 'onroute-policy-engine';
+import { ReadPolicyConfigDto } from '../policy/dto/response/read-policy-config.dto';
+import { CACHE_MANAGER } from '@nestjs/cache-manager';
+import { Cache } from 'cache-manager';
+import { HttpService } from '@nestjs/axios';
+import { CacheKey } from '../../common/enum/cache-key.enum';
+import { getActivePolicyDefinitions } from '../../common/helper/policy-engine.helper';
+import { addToCache } from '../../common/helper/cache.helper';
 
 @Injectable()
 export class CommonService {
@@ -12,6 +25,9 @@ export class CommonService {
     private countryRepository: Repository<Country>,
     @InjectRepository(Province)
     private provinceRepository: Repository<Province>,
+    private readonly httpService: HttpService,
+    @Inject(CACHE_MANAGER)
+    private readonly cacheManager: Cache,
   ) {}
 
   @LogAsyncMethodExecution()
@@ -37,4 +53,52 @@ export class CommonService {
   async findAllProvinces(): Promise<Province[]> {
     return await this.provinceRepository.find({});
   }
+
+  /**
+   * Validates a permit application using the policy engine.
+   *
+   * This method retrieves the active policy definitions to validate
+   * the given permit application and returns the validation results.
+   *
+   * The policy definitions are fetched from the cache if available;
+   * otherwise, it retrieves them from the policy service and stores
+   * them in the cache for future requests.
+   * If the policy engine is unavailable, an InternalServerErrorException
+   * is thrown.
+   *
+   * @param {Permit} permitApplication - The permit application to be validated.
+   * @returns {Promise<ValidationResults>} - The results of the validation process.
+   * @throws {InternalServerErrorException} - If the policy engine is not available.
+   */
+  @LogAsyncMethodExecution()
+  async validateWithPolicyEngine(
+    permitApplication: Permit,
+  ): Promise<ValidationResults> {
+    const policyDefinitions: string = await this.cacheManager.get(
+      CacheKey.POLICY_CONFIGURATIONS,
+    );
+    if (!policyDefinitions) {
+      const policyDefinitions = await getActivePolicyDefinitions(
+        this.httpService,
+        this.cacheManager,
+      );
+      if (!policyDefinitions) {
+        throw new InternalServerErrorException(
+          'Policy engine is not available',
+        );
+      }
+      await addToCache(
+        this.cacheManager,
+        CacheKey.POLICY_CONFIGURATIONS,
+        JSON.stringify(policyDefinitions),
+      );
+    }
+    const activePolicyDefintion = JSON.parse(
+      policyDefinitions,
+    ) as ReadPolicyConfigDto;
+    const policy = new Policy(activePolicyDefintion.policy);
+    const validationResults: ValidationResults =
+      await policy.validate(permitApplication);
+    return validationResults;
+  }
 }
@@ -71,6 +71,7 @@ import { PermitData } from 'src/common/interface/permit.template.interface';
 import { isValidLoa } from 'src/common/helper/validate-loa.helper';
 import { PermitHistoryDto } from '../permit/dto/response/permit-history.dto';
 import { SpecialAuthService } from 'src/modules/special-auth/special-auth.service';
+import { CommonService } from '../../common/common.service';
 
 @Injectable()
 export class PaymentService {
@@ -91,6 +92,7 @@ export class PaymentService {
     @InjectMapper() private readonly classMapper: Mapper,
     @Inject(CACHE_MANAGER)
     private readonly cacheManager: Cache,
+    private readonly commonService: CommonService,
   ) {}
 
   private generateHashExpiry = (currDate?: Date) => {
@@ -282,6 +284,10 @@ export class PaymentService {
       createTransactionDto.transactionTypeId == TransactionType.REFUND ||
       createTransactionDto.paymentMethodTypeCode ===
         PaymentMethodTypeEnum.NO_PAYMENT;
+    const isPolicyEngineEnabled =
+      featureFlags?.['VALIDATE-WITH-POLICY-ENGINE'] &&
+      (featureFlags['VALIDATE-WITH-POLICY-ENGINE'] as FeatureFlagValue) ===
+        FeatureFlagValue.ENABLED;
 
     // If the user is a staff user,
     // transacation is NOT a refund or no payment and STAFF-CAN-PAY is disabled,
@@ -364,6 +370,15 @@ export class PaymentService {
         if (permitData.loas) {
           await isValidLoa(application, queryRunner, this.classMapper);
         }
+        if (isPolicyEngineEnabled) {
+          const validationResults =
+            await this.commonService.validateWithPolicyEngine(application);
+          if (validationResults?.violations?.length > 0) {
+            throw new BadRequestException(
+              'Application data does not meet policy engine requirements.',
+            );
+          }
+        }
       }
       const totalTransactionAmount = await this.validateApplicationAndPayment(
         createTransactionDto,