NPA-6139: Up Rate Limit, Update App Imports Plus Check for Allowed Li… (#81)

…st of URLs

# Pull Request

## 🧾 Ticket Link

https://nhsd-jira.digital.nhs.uk/browse/NPA-6139

---

## 📄 Description/Summary of Changes

<!-- Describe the changes made in this PR. Include the
purpose/scope/impact/context of the changes -->

- Up Rate Limit
- Update App Imports
- Check for Allowed List of URLs in application layer
- Set base url per supplier for each environment which is passed in an
environment variable

---

## 🧪 Developer Testing Carried Out

<!-- Describe what tests (automated/unit/manual etc.) have been done for
the ticket. Include: -->
<!-- - Any tests added/updated -->
<!-- - Evidence that each acceptance criterion from the Jira ticket is
met -->

- Unit tests added/updated
- End to end tests added/updated

---

## ✅ Developer Checklist

<!-- To be completed by the developer -->

- [ ] I have set the PR title to follow the format: `NPA-XXXX:
<short-description>`
- [ ] My branch name follows the convention:
`<type>/NPA-XXXX/<short-description>`
- [ ] My commit messages follow the template: `NPA-XXXX:
<short-description>`
- [ ] I have updated the documentation accordingly
- [ ] I have set assignees and added appropriate labels

---

## 👀 Reviewer Checklist

<!-- To be completed by the reviewer -->

- [ ] Changes meet the acceptance criteria of the Jira ticket
- [ ] Code is able to be merged (no conflicts and adheres to coding
standards)
- [ ] Sufficient test evidence is provided (manual and/or automated)

---

## Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others
privacy, we kindly ask you to NOT including [PII (Personal Identifiable
Information) / PID (Personal Identifiable
Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public)
or any other sensitive data in this PR (Pull Request) and the codebase
changes. We will remove any PR that do contain any sensitive
information. We really appreciate your cooperation in this matter.

- [ ] I confirm that neither PII/PID nor sensitive data are included in
this PR and the codebase changes.

Author: ellie-bound1-NHSD

.github/actions/build-container/action.yaml

@@ -5,10 +5,6 @@ inputs:
   type_of_deployment:
     description: "Type of deployment (app or sandbox)"
     required: true
-  use_mock:
-    description: "Whether or not the mock for routing requests is on or off"
-    type: string
-    required: false
 
 runs:
   using: "composite"
@@ -19,4 +15,3 @@ runs:
       env:
         PROXYGEN_DOCKER_REGISTRY_URL: example.com/${{ inputs.type_of_deployment }}
         CONTAINER_TAG: ${{ github.sha }}
-        USE_MOCK: ${{ inputs.use_mock }}

.github/workflows/cicd-stage-1-deploy-to-internal-qa.yml

@@ -13,7 +13,8 @@ jobs:
     with:
       environment: "internal-qa"
       type_of_deployment: "app"
-      use_mock: "True"
+      emis_base_url: https://nhs70apptest.emishealth.com
+      tpp_base_url: https://systmonline2.tpp-uk.com
     secrets:
       PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }}
       PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }}

.github/workflows/cicd-stage-2-deploy-to-int-and-sandbox.yml

@@ -12,7 +12,8 @@ jobs:
     with:
       environment: "int"
       type_of_deployment: "app"
-      use_mock: "True"
+      emis_base_url: https://nhs70apptest.emishealth.com
+      tpp_base_url: https://systmonline2.tpp-uk.com
     secrets:
       PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }}
       PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }}

.github/workflows/pull-request-checks.yml

@@ -32,7 +32,8 @@ jobs:
       environment: "internal-dev"
       type_of_deployment: "app"
       additional_path: "pr-${{ github.event.number }}"
-      use_mock: "True"
+      emis_base_url: https://nhs70apptest.emishealth.com
+      tpp_base_url: https://systmonline2.tpp-uk.com
     secrets:
       PROXYGEN_CLIENT_ID: ${{ secrets.PROXYGEN_CLIENT_ID }}
       PROXYGEN_KEY_ID: ${{ secrets.PROXYGEN_KEY_ID }}

.github/workflows/reusable-core-code-checks.yml

@@ -114,4 +114,3 @@ jobs:
         uses: ./.github/actions/build-container
         with:
           type_of_deployment: "app"
-          use_mock: "True"

.github/workflows/reusable-deploy.yml

@@ -19,10 +19,14 @@ on:
         description: "Type of deployment, e.g. 'app', 'sandbox'"
         required: true
         type: string
-      use_mock:
-        description: "Whether or not the mock for routing requests is on or off"
+      emis_base_url:
+        description: "The base url to connect to to EMIS APIs"
+        required: false
         type: string
+      tpp_base_url:
+        description: "The base url to connect to to TPP APIs"
         required: false
+        type: string
 
     outputs:
       environment_url:
@@ -48,7 +52,8 @@ permissions: {}
 env:
   CONTAINER_TAG: ${{inputs.type_of_deployment}}-${{ github.sha }}
   PROXYGEN_DOCKER_REGISTRY_URL: 958002497996.dkr.ecr.eu-west-2.amazonaws.com/im1-pfs-auth
-  USE_MOCK: ${{ inputs.use_mock }}
+  EMIS_BASE_URL: ${{ inputs.emis_base_url }}
+  TPP_BASE_URL: ${{ inputs.tpp_base_url }}
 
 jobs:
   validate-inputs:

Makefile

@@ -122,7 +122,7 @@ postman-test-pr-environment:
 app-build:
 	cp pyproject.toml app/
 	cp uv.lock app/
-	docker buildx build -t "$(PROXYGEN_DOCKER_REGISTRY_URL):$(CONTAINER_TAG)" --build-arg USE_MOCK=$(USE_MOCK) --load app/
+	docker buildx build -t "$(PROXYGEN_DOCKER_REGISTRY_URL):$(CONTAINER_TAG)" --build-arg EMIS_BASE_URL=$(EMIS_BASE_URL) --build-arg TPP_BASE_URL=$(TPP_BASE_URL) --load app/
 
 app-push:
 	proxygen docker get-login | bash

app/Dockerfile

@@ -8,13 +8,18 @@ RUN find /app -type d -name "test*" -exec rm -rf {} + && \
     find /app -type f \( -name "*cache*" -o -name "*.cache*" -o -name ".pytest_cache*" -o -name ".ruff_cache*" \) -exec rm -f {} + && \
     find /app -type d \( -name ".pytest_cache" -o -name ".ruff_cache" \) -exec rm -rf {} +
 
-ARG USE_MOCK
-ENV USE_MOCK=${USE_MOCK}
+ARG EMIS_BASE_URL
+ARG TPP_BASE_URL
+
+ENV EMIS_BASE_URL=${EMIS_BASE_URL}
+ENV TPP_BASE_URL=${TPP_BASE_URL}
+
 WORKDIR /app
+ENV PYTHONPATH="/app:/"
 
 RUN uv sync --project=app/pyproject.toml --only-group=app
 RUN rm pyproject.toml uv.lock Dockerfile
 
 EXPOSE 9000
 
-CMD ["uv", "run", "gunicorn", "api.app:app", "--bind=0.0.0.0:9000"]
+CMD ["uv", "run", "gunicorn", "app.api.app:app", "--bind=0.0.0.0:9000"]

app/api/app.py

@@ -2,10 +2,10 @@
 
 from flask import Flask, Response, make_response, request
 
-from .application.forward_request import route_and_forward
-from .application.jwt import get_nhs_number_from_jwt_token
-from .domain.exception import ApiError, InternalServerError
-from .domain.forward_request_model import ForwardRequest
+from app.api.application.forward_request import route_and_forward
+from app.api.application.jwt import get_nhs_number_from_jwt_token
+from app.api.domain.exception import ApiError, InternalServerError
+from app.api.domain.forward_request_model import ForwardRequest
 
 app = Flask(__name__)
 

app/api/application/forward_request.py

@@ -1,10 +1,14 @@
-from ..domain.exception import ApiError, DownstreamError
-from ..domain.forward_request_model import ForwardRequest
-from ..domain.forward_response_model import ForwardResponse
-from ..infrastructure.emis.client import EmisClient
-from ..infrastructure.tpp.client import TPPClient
+from os import environ
 
-client_map = {"https://emis.com": EmisClient, "https://tpp.com": TPPClient}
+from app.api.domain.exception import ApiError, DownstreamError, InvalidValueError
+from app.api.domain.forward_request_model import ForwardRequest
+from app.api.domain.forward_response_model import ForwardResponse
+from app.api.infrastructure.emis.client import EmisClient
+from app.api.infrastructure.tpp.client import TPPClient
+
+EMIS_BASE_URL = environ.get("EMIS_BASE_URL")
+TPP_BASE_URL = environ.get("TPP_BASE_URL")
+CLIENT_MAP = {EMIS_BASE_URL: EmisClient, TPP_BASE_URL: TPPClient}
 
 
 def route_and_forward(forward_request: ForwardRequest) -> ForwardResponse:
@@ -16,9 +20,12 @@ def route_and_forward(forward_request: ForwardRequest) -> ForwardResponse:
         ForwardResponse: Transformed response from client
     """
     try:
-        client = client_map[forward_request.forward_to](forward_request)
+        client = CLIENT_MAP[forward_request.forward_to](forward_request)
         response = client.forward_request()
         return client.transform_response(response)
+    except KeyError as exc:
+        msg = "Invalid URL"
+        raise InvalidValueError(msg) from exc
     except ApiError:
         raise
     except Exception as exc: