DHIS2-18837: add headers and query params auth schemes to Route API

dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/ApiHeadersAuthScheme.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2004-2025, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.hisp.dhis.common.auth;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.AbstractMap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.UnaryOperator;
+import java.util.stream.Collectors;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+import org.springframework.util.MultiValueMap;
+
+@Getter
+@Setter
+@EqualsAndHashCode(callSuper = true)
+@Accessors(chain = true)
+public class ApiHeadersAuthScheme extends AuthScheme {
+  public static final String API_HEADERS_TYPE = "api-headers";
+
+  @JsonProperty(required = true)
+  private Map<String, String> headers = new HashMap<>();
+
+  public ApiHeadersAuthScheme() {
+    super(API_HEADERS_TYPE);
+  }
+
+  @Override
+  public void apply(
+      MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
+    for (Map.Entry<String, String> header : this.headers.entrySet()) {
+      headers.set(header.getKey(), header.getValue());
+    }
+  }
+
+  @Override
+  public ApiHeadersAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
+    Map<String, String> encryptedHeaders =
+        headers.entrySet().stream()
+            .map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), encryptFunc.apply(e.getValue())))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+    return copy(encryptedHeaders);
+  }
+
+  @Override
+  public ApiHeadersAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
+    Map<String, String> encryptedHeaders =
+        headers.entrySet().stream()
+            .map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), decryptFunc.apply(e.getValue())))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+    return copy(encryptedHeaders);
+  }
+
+  protected ApiHeadersAuthScheme copy(Map<String, String> headers) {
+    ApiHeadersAuthScheme apiHeadersAuth = new ApiHeadersAuthScheme();
+    apiHeadersAuth.setHeaders(headers);
+
+    return apiHeadersAuth;
+  }
+}

dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/ApiQueryParamsAuthScheme.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2004-2025, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.hisp.dhis.common.auth;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.AbstractMap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.function.UnaryOperator;
+import java.util.stream.Collectors;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+import org.springframework.util.MultiValueMap;
+
+@Getter
+@Setter
+@EqualsAndHashCode(callSuper = true)
+@Accessors(chain = true)
+public class ApiQueryParamsAuthScheme extends AuthScheme {
+  public static final String API_QUERY_PARAMS_TYPE = "api-query-params";
+
+  @JsonProperty(required = true)
+  private Map<String, String> queryParams = new HashMap<>();
+
+  public ApiQueryParamsAuthScheme() {
+    super(API_QUERY_PARAMS_TYPE);
+  }
+
+  @Override
+  public void apply(
+      MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
+    for (Map.Entry<String, String> queryParam : this.queryParams.entrySet()) {
+      queryParams.set(queryParam.getKey(), queryParam.getValue());
+    }
+  }
+
+  @Override
+  public ApiQueryParamsAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
+    Map<String, String> encryptedQueryParams =
+        queryParams.entrySet().stream()
+            .map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), encryptFunc.apply(e.getValue())))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+    return copy(encryptedQueryParams);
+  }
+
+  @Override
+  public ApiQueryParamsAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
+    Map<String, String> encryptedQueryParams =
+        queryParams.entrySet().stream()
+            .map(e -> new AbstractMap.SimpleEntry<>(e.getKey(), decryptFunc.apply(e.getValue())))
+            .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
+    return copy(encryptedQueryParams);
+  }
+
+  protected ApiQueryParamsAuthScheme copy(Map<String, String> queryParams) {
+    ApiQueryParamsAuthScheme apiQueryParamsAuth = new ApiQueryParamsAuthScheme();
+    apiQueryParamsAuth.setQueryParams(queryParams);
+
+    return apiQueryParamsAuth;
+  }
+}

dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/ApiTokenAuth.java → dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/ApiTokenAuthScheme.java

@@ -28,6 +28,7 @@
 package org.hisp.dhis.common.auth;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.function.UnaryOperator;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
@@ -45,22 +46,40 @@
 @Setter
 @EqualsAndHashCode(callSuper = true)
 @Accessors(chain = true)
-public class ApiTokenAuth extends Auth {
-  public static final String TYPE = "api-token";
+public class ApiTokenAuthScheme extends AuthScheme {
+  public static final String API_TOKEN_TYPE = "api-token";
 
   @JsonProperty(required = true)
   private String token;
 
-  public ApiTokenAuth() {
-    super(TYPE);
+  public ApiTokenAuthScheme() {
+    super(API_TOKEN_TYPE);
   }
 
   @Override
-  public void apply(MultiValueMap<String, String> headers) {
+  public void apply(
+      MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
     if (!StringUtils.hasText(token)) {
       return;
     }
 
     headers.set("Authorization", "ApiToken " + token);
   }
+
+  @Override
+  public ApiTokenAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
+    return copy(encryptFunc.apply(token));
+  }
+
+  @Override
+  public AuthScheme decrypt(UnaryOperator<String> decryptFunc) {
+    return copy(decryptFunc.apply(token));
+  }
+
+  protected ApiTokenAuthScheme copy(String token) {
+    ApiTokenAuthScheme newApiTokenAuth = new ApiTokenAuthScheme();
+    newApiTokenAuth.setToken(token);
+
+    return newApiTokenAuth;
+  }
 }

dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/Auth.java → dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/AuthScheme.java

@@ -32,6 +32,7 @@
 import com.fasterxml.jackson.annotation.JsonSubTypes;
 import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import java.io.Serializable;
+import java.util.function.UnaryOperator;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.Setter;
@@ -50,16 +51,23 @@
     include = JsonTypeInfo.As.EXISTING_PROPERTY,
     property = "type")
 @JsonSubTypes({
-  @JsonSubTypes.Type(value = HttpBasicAuth.class, name = "http-basic"),
-  @JsonSubTypes.Type(value = ApiTokenAuth.class, name = "api-token")
+  @JsonSubTypes.Type(value = HttpBasicAuthScheme.class, name = "http-basic"),
+  @JsonSubTypes.Type(value = ApiTokenAuthScheme.class, name = "api-token"),
+  @JsonSubTypes.Type(value = ApiHeadersAuthScheme.class, name = "api-headers"),
+  @JsonSubTypes.Type(value = ApiQueryParamsAuthScheme.class, name = "api-query-params")
 })
-public abstract class Auth implements Serializable {
+public abstract class AuthScheme implements Serializable {
   @JsonProperty protected final String type;
 
   @JsonCreator
-  protected Auth(@JsonProperty("type") String type) {
+  protected AuthScheme(@JsonProperty("type") String type) {
     this.type = type;
   }
 
-  public abstract void apply(MultiValueMap<String, String> headers);
+  public abstract void apply(
+      MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams);
+
+  public abstract AuthScheme encrypt(UnaryOperator<String> encryptFunc);
+
+  public abstract AuthScheme decrypt(UnaryOperator<String> decryptFunc);
 }

dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/auth/HttpBasicAuthScheme.java

@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2004-2023, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.hisp.dhis.common.auth;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import java.util.Base64;
+import java.util.function.UnaryOperator;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+import org.springframework.util.MultiValueMap;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Morten Olav Hansen
+ */
+@Getter
+@Setter
+@EqualsAndHashCode(callSuper = true)
+@Accessors(chain = true)
+public class HttpBasicAuthScheme extends AuthScheme {
+  public static final String HTTP_BASIC_TYPE = "http-basic";
+
+  @JsonProperty(required = true)
+  private String username;
+
+  @JsonProperty(required = true)
+  private String password;
+
+  public HttpBasicAuthScheme() {
+    super(HTTP_BASIC_TYPE);
+  }
+
+  @Override
+  public void apply(
+      MultiValueMap<String, String> headers, MultiValueMap<String, String> queryParams) {
+    if (!(StringUtils.hasText(username) && StringUtils.hasText(password))) {
+      return;
+    }
+
+    headers.add("Authorization", getBasicAuth(username, password));
+  }
+
+  @Override
+  public HttpBasicAuthScheme encrypt(UnaryOperator<String> encryptFunc) {
+    return copy(encryptFunc.apply(password));
+  }
+
+  @Override
+  public HttpBasicAuthScheme decrypt(UnaryOperator<String> decryptFunc) {
+    return copy(decryptFunc.apply(password));
+  }
+
+  protected HttpBasicAuthScheme copy(String password) {
+    HttpBasicAuthScheme newHttpBasicAuth = new HttpBasicAuthScheme();
+    newHttpBasicAuth.setUsername(username);
+    newHttpBasicAuth.setPassword(password);
+
+    return newHttpBasicAuth;
+  }
+
+  private String getBasicAuth(String username, String password) {
+    String string = String.format("%s:%s", username, password);
+    return "Basic " + Base64.getEncoder().encodeToString(string.getBytes());
+  }
+}

dhis-2/dhis-api/src/main/java/org/hisp/dhis/eventhook/targets/WebhookTarget.java

@@ -35,7 +35,7 @@
 import lombok.Setter;
 import lombok.experimental.Accessors;
 import org.hisp.dhis.common.CodeGenerator;
-import org.hisp.dhis.common.auth.Auth;
+import org.hisp.dhis.common.auth.AuthScheme;
 import org.hisp.dhis.eventhook.Target;
 
 /**
@@ -59,7 +59,7 @@ public class WebhookTarget extends Target {
 
   @JsonProperty private Map<String, String> headers = new HashMap<>();
 
-  @JsonProperty private Auth auth;
+  @JsonProperty private AuthScheme auth;
 
   public WebhookTarget() {
     super(TYPE);