NHSDigital
diff --git a/‎proxies/sandbox/apiproxy/policies/AssignMessage.AddBaseUrlHeader.xml‎
Lines changed: 9 additions & 0 deletions b/‎proxies/sandbox/apiproxy/policies/AssignMessage.AddBaseUrlHeader.xml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎proxies/sandbox/apiproxy/targets/sandbox.xml‎
Lines changed: 6 additions & 2 deletions b/‎proxies/sandbox/apiproxy/targets/sandbox.xml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎sandbox/Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎sandbox/Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎sandbox/src/app.js‎
Lines changed: 9 additions & 1 deletion b/‎sandbox/src/app.js‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎sandbox/src/mocks/r4/retrieveAttachment/example_attachment.pdf‎
23.1 KB b/‎sandbox/src/mocks/r4/retrieveAttachment/example_attachment.pdf‎
23.1 KB
diff --git a/‎…rc/services/businessFunctionValidator.js‎ ‎…box/src/routes/common/validationUtils.js‎sandbox/src/services/businessFunctionValidator.js renamed to sandbox/src/routes/common/validationUtils.js
Lines changed: 19 additions & 4 deletions b/‎…rc/services/businessFunctionValidator.js‎ ‎…box/src/routes/common/validationUtils.js‎sandbox/src/services/businessFunctionValidator.js renamed to sandbox/src/routes/common/validationUtils.js
Lines changed: 19 additions & 4 deletions
diff --git a/‎sandbox/src/routes/index.js‎
Lines changed: 9 additions & 4 deletions b/‎sandbox/src/routes/index.js‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎sandbox/src/routes/objectStore.js‎
Lines changed: 22 additions & 0 deletions b/‎sandbox/src/routes/objectStore.js‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎sandbox/src/routes/r4/retrieveAttachment.js‎
Lines changed: 32 additions & 0 deletions b/‎sandbox/src/routes/r4/retrieveAttachment.js‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎sandbox/src/routes/r4/retrieveBinary.js‎
Lines changed: 0 additions & 34 deletions b/‎sandbox/src/routes/r4/retrieveBinary.js‎
Lines changed: 0 additions & 34 deletions
@@ -0,0 +1,9 @@
+<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddBaseUrlHeader">
+    <Set>
+        <Headers>
+            <Header name="x-ers-sandbox-baseurl">https://{request.header.Host}/{proxy.basepath}</Header>
+        </Headers>
+    </Set>
+    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
+    <AssignTo createNew="false"/>
+</AssignMessage>
@@ -7,8 +7,12 @@
         <Response/>
     </PostFlow>
     <PreFlow name="PreFlow">
-        <Request/>
-        <Response></Response>
+        <Request>
+            <Step>
+                <Name>AssignMessage.AddBaseUrlHeader</Name>
+            </Step>
+        </Request>
+        <Response/>
     </PreFlow>
     <HTTPTargetConnection>{{ HOSTED_TARGET_CONNECTION }}</HTTPTargetConnection>
 </TargetEndpoint>
@@ -1,6 +1,6 @@
 FROM node:18.3.0-alpine3.14
 
-ENV npm_config_cache /home/node/app/.npm
+ENV npm_config_cache=/home/node/app/.npm
 
 WORKDIR /app
 
 
@@ -4,16 +4,24 @@ const Inert = require('@hapi/inert')
 const process = require('process')
 const routes = require('./routes')
 
+/*
+The purpose of this logic is to mirror the transformations the API proxy currently applies to responses.
+This allows the sandbox to have the same behaviour locally.
+*/
 const addCommonHeaders = function (request, response) {
   // if a response doesn't include any headers provide an empty object to allow for the common headers to be appended.
   if (!response.headers) {
     response.headers = {}
   }
 
+  // API proxy always adds x-correlation-id to responses.
   if (request.headers["x-correlation-id"]) {
     response.headers["X-Correlation-ID"] = request.headers["x-correlation-id"]
   }
-  response.headers["X-Request-ID"] = '58621d65-d5ad-4c3a-959f-0438e355990e-1'
+
+  if (!request.path.includes("/ObjectStore")) {
+    response.headers["X-Request-ID"] = '58621d65-d5ad-4c3a-959f-0438e355990e-1'
+  }
 }
 
 const preResponse = function (request, h) {
 
@@ -1,6 +1,17 @@
+/**
+ * @file validationUtil.js
+ * @description Provides utility functions.
+ */
 
-module.exports = {
-  validateBusinessFunction: function (request, h, allowedBusinessFunctions) {
+function isValidUuid(string) {
+    return /^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i.test(string);
+  }
+
+function hasLegacyPrefix(string) {
+    return string.startsWith('att-');
+}
+
+function validateBusinessFunction(request, h, allowedBusinessFunctions) {
     const requestedBusinessFunction = request.headers["nhsd-ers-business-function"]
     const oboUserId = request.headers["nhsd-ers-on-behalf-of-user-id"]
 
@@ -13,7 +24,6 @@ module.exports = {
       if (requestedBusinessFunction === 'SERVICE_PROVIDER_CLINICIAN_ADMIN') {
         if (!oboUserId) {
           return h.response('SANDBOX_ERROR: When this endpoint is accessed using the e-RS SERVICE_PROVIDER_CLINICIAN_ADMIN Business Function then an On-Behalf-Of User ID must be provided').code(403)
-.code(403)
         }
       }
       else {
@@ -24,5 +34,10 @@ module.exports = {
     }
 
     return undefined;
-  }
 }
+
+module.exports = {
+    isValidUuid,
+    hasLegacyPrefix,
+    validateBusinessFunction
+};
@@ -42,8 +42,13 @@ const retrieveOboUsers = require('./r4/retrieveOboUsers')
 const retrieveHealthcareService = require('./r4/retrieveHealthcareService')
 const searchForHealthcareServices = require('./r4/searchForHealthcareServices')
 const searchServiceRequest = require('./r4/searchServiceRequest')
-const retrieveBinary = require('./r4/retrieveBinary')
-const retrieveBinaryHelper = require('./r4/retrieveBinaryHelper')
+const retrieveAttachmentR4 = require('./r4/retrieveAttachment')
+
+/**
+ * Services
+ */
+const objectStore = require('./objectStore')
+
 
 const routes = [].concat(
   getStatus,
@@ -83,8 +88,8 @@ const routes = [].concat(
   retrieveAdviceAndGuidanceOverviewPdf,
   searchServiceRequest,
   createAdviceAndGuidance,
-  retrieveBinary,
-  retrieveBinaryHelper
+  retrieveAttachmentR4,
+  objectStore
 )
 
 module.exports = routes
@@ -0,0 +1,22 @@
+module.exports = [
+  /**
+   * Sandbox implementation of an object store.
+   */
+  {
+    method: 'GET',
+    path: '/ObjectStore/{fileId}',
+    handler: (request, h) => {
+
+      const fileId = request.params.fileId;
+      const filePath = '../mocks/r4/retrieveAttachment/example_attachment.pdf';
+      const responseCode = 200;
+
+      if (fileId === 'd497bbe3-f88b-45f1-b3d4-9c563e4c0f5f') {
+        return h.file(filePath, { etagMethod: false })
+                .code(responseCode)
+                .header('Content-Disposition', `attachment; filename="=?UTF-8?Q?The_filenam=C3=A9.pdf?="; filename*=UTF-8''The%20filenam%C3%A9.pdf`)
+                .header('Content-Type', 'application/pdf');
+      }
+    }
+  }
+]
@@ -0,0 +1,32 @@
+const validationUtils = require('../common/validationUtils')
+
+module.exports = [
+  /**
+   * Sandbox implementation for Retrieve attachment A042 (R4) endpoint
+   */
+  {
+    method: 'GET',
+    path: '/FHIR/R4/Binary/{binaryId}',
+    handler: (request, h) => {
+
+      const allowedBusinessFunctions = ["REFERRING_CLINICIAN", "REFERRING_CLINICIAN_ADMIN", "SERVICE_PROVIDER_CLINICIAN", "SERVICE_PROVIDER_CLINICIAN_ADMIN"];
+      
+      const validationResult = validationUtils.validateBusinessFunction(request, h, allowedBusinessFunctions);
+      if (validationResult) {
+        return validationResult;
+      }
+
+      const binaryId = request.params.binaryId;
+      const objectStore = "/ObjectStore/d497bbe3-f88b-45f1-b3d4-9c563e4c0f5f";
+      const location = request.headers['x-ers-sandbox-baseurl'] + objectStore;
+
+      if ((validationUtils.hasLegacyPrefix(binaryId) || validationUtils.isValidUuid(binaryId)) && request.method === 'get') {
+        const response = h.response().code(307);
+        response.headers["Location"] = location;
+        return response;
+      } else {
+        return h.file('r4/R4-SandboxErrorOutcome.json').code(400);
+      }
+    }
+  }
+]