Add middleware, update README, update Makefile, and fix issue with JWT principal parsing

Signed-off-by: Andres Tobon <andrest2455@gmail.com>

Author: andrest50

charts/lfx-v2-project-service/values.yaml

@@ -3,6 +3,7 @@
 ---
 # ingress is the configuration for the ingress routing
 ingress:
+  # hostname is the hostname of the ingress
   hostname: lfx-api.k8s.orb.local
 
 # nats is the configuration for the NATS server

cmd/project-api/Makefile

@@ -1,27 +1,169 @@
 # Copyright The Linux Foundation and each contributor to LFX.
 # SPDX-License-Identifier: MIT
-.PHONY: deps apigen build run debug test
 
-# Install the goa CLI tool.
+# Variables
+BINARY_NAME=project-api
+BINARY_PATH=bin/$(BINARY_NAME)
+GO_MODULE=github.com/linuxfoundation/lfx-v2-project-service
+CMD_PATH=$(GO_MODULE)/cmd/project-api
+DESIGN_MODULE=$(CMD_PATH)/design
+GO_FILES=$(shell find . -name '*.go' -not -path './gen/*' -not -path './vendor/*')
+GOA_VERSION=v3
+
+# Docker variables
+DOCKER_IMAGE=linuxfoundation/lfx-v2-project-service
+DOCKER_TAG=0.1.0
+
+# Helm variables
+HELM_CHART_PATH=../../charts/lfx-v2-project-service
+HELM_RELEASE_NAME=lfx-v2-project-service
+HELM_NAMESPACE=lfx
+
+# Build variables
+BUILD_TIME=$(shell date -u '+%Y-%m-%d_%H:%M:%S')
+GIT_COMMIT=$(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
+VERSION=$(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
+LDFLAGS=-ldflags "-X main.Version=$(VERSION) -X main.BuildTime=$(BUILD_TIME) -X main.GitCommit=$(GIT_COMMIT)"
+
+# Test variables
+TEST_FLAGS=-v -race -cover
+TEST_TIMEOUT=5m
+
+.PHONY: all help deps apigen build run debug test test-verbose test-coverage clean lint fmt check verify docker helm-install helm-uninstall
+
+# Default target
+all: clean deps apigen fmt lint test build
+
+# Help target
+help:
+	@echo "Available targets:"
+	@echo "  all            - Run clean, deps, apigen, fmt, lint, test, and build"
+	@echo "  deps           - Install dependencies including goa CLI"
+	@echo "  apigen         - Generate API code from design files"
+	@echo "  build          - Build the binary"
+	@echo "  run            - Run the service"
+	@echo "  debug          - Run the service with debug logging"
+	@echo "  test           - Run unit tests"
+	@echo "  test-verbose   - Run tests with verbose output"
+	@echo "  test-coverage  - Run tests with coverage report"
+	@echo "  clean          - Remove generated files and binaries"
+	@echo "  lint           - Run golangci-lint"
+	@echo "  fmt            - Format Go code"
+	@echo "  check          - Run fmt and lint without modifying files"
+	@echo "  verify         - Verify API generation is up to date"
+	@echo "  docker         - Build Docker image"
+	@echo "  helm-install   - Install Helm chart"
+	@echo "  helm-uninstall - Uninstall Helm chart"
+
+# Install dependencies
 deps:
-	go install goa.design/goa/v3/cmd/goa@latest
+	@echo "==> Installing dependencies..."
+	go mod download
+	go install goa.design/goa/$(GOA_VERSION)/cmd/goa@latest
+	@command -v golangci-lint >/dev/null 2>&1 || { \
+		echo "==> Installing golangci-lint..."; \
+		go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest; \
+	}
 
-# Generate the API code from the design files.
+# Generate API code from design files
 apigen: deps
-	goa gen github.com/linuxfoundation/lfx-v2-project-service/cmd/project-api/design
+	@echo "==> Generating API code..."
+	goa gen $(DESIGN_MODULE)
+	@echo "==> API generation complete"
 
-# Build the go program to ensure there aren't any build errors.
-build:
-	go build -o bin/project-api .
+# Build the binary
+build: clean
+	@echo "==> Building $(BINARY_NAME)..."
+	@mkdir -p bin
+	go build $(LDFLAGS) -o $(BINARY_PATH) .
+	@echo "==> Build complete: $(BINARY_PATH)"
 
-# Run the service.
-run:
-	go run .
+# Run the service
+run: apigen
+	@echo "==> Running $(BINARY_NAME)..."
+	go run $(LDFLAGS) .
 
-# Run the service with debug logging.
-debug:
-	go run . -d
+# Run with debug logging
+debug: apigen
+	@echo "==> Running $(BINARY_NAME) in debug mode..."
+	go run $(LDFLAGS) . -d
 
-# Run the unit tests.
+# Run tests
 test:
-	go test .
+	@echo "==> Running tests..."
+	go test $(TEST_FLAGS) -timeout $(TEST_TIMEOUT) ./...
+
+# Run tests with verbose output
+test-verbose:
+	@echo "==> Running tests (verbose)..."
+	go test $(TEST_FLAGS) -v -timeout $(TEST_TIMEOUT) ./...
+
+# Run tests with coverage
+test-coverage:
+	@echo "==> Running tests with coverage..."
+	@mkdir -p coverage
+	go test $(TEST_FLAGS) -timeout $(TEST_TIMEOUT) -coverprofile=coverage/coverage.out ./...
+	go tool cover -html=coverage/coverage.out -o coverage/coverage.html
+	@echo "==> Coverage report: coverage/coverage.html"
+
+# Clean build artifacts
+clean:
+	@echo "==> Cleaning build artifacts..."
+	@rm -rf bin/ coverage/
+	@go clean -cache
+	@echo "==> Clean complete"
+
+# Run linter
+lint:
+	@echo "==> Running linter..."
+	@if command -v golangci-lint >/dev/null 2>&1; then \
+		golangci-lint run ./...; \
+	else \
+		echo "golangci-lint not found. Run 'make deps' to install it."; \
+		exit 1; \
+	fi
+
+# Format code
+fmt:
+	@echo "==> Formatting code..."
+	@go fmt ./...
+	@gofmt -s -w $(GO_FILES)
+
+# Check formatting and linting without modifying files
+check:
+	@echo "==> Checking code format..."
+	@if [ -n "$$(gofmt -l $(GO_FILES))" ]; then \
+		echo "The following files need formatting:"; \
+		gofmt -l $(GO_FILES); \
+		exit 1; \
+	fi
+	@echo "==> Code format check passed"
+	@$(MAKE) lint
+
+# Verify that generated code is up to date
+verify: apigen
+	@echo "==> Verifying generated code is up to date..."
+	@if [ -n "$$(git status --porcelain gen/)" ]; then \
+		echo "Generated code is out of date. Run 'make apigen' and commit the changes."; \
+		git status --porcelain gen/; \
+		exit 1; \
+	fi
+	@echo "==> Generated code is up to date"
+
+# Build Docker image
+docker:
+	@echo "==> Building Docker image..."
+	docker build -t $(DOCKER_IMAGE):$(DOCKER_TAG) -f ../../Dockerfile ../../
+	@echo "==> Docker image built: $(DOCKER_IMAGE):$(DOCKER_TAG)"
+
+# Install Helm chart
+helm-install:
+	@echo "==> Installing Helm chart..."
+	helm upgrade --install $(HELM_RELEASE_NAME) $(HELM_CHART_PATH) --namespace $(HELM_NAMESPACE)
+	@echo "==> Helm chart installed: $(HELM_RELEASE_NAME)"
+
+# Uninstall Helm chart
+helm-uninstall:
+	@echo "==> Uninstalling Helm chart..."
+	helm uninstall $(HELM_RELEASE_NAME) --namespace $(HELM_NAMESPACE)
+	@echo "==> Helm chart uninstalled: $(HELM_RELEASE_NAME)"

cmd/project-api/README.md

@@ -1,25 +1,28 @@
 # Project API
 
 This directory contains the Project API service. The service does a couple of things:
+
 - It serves HTTP requests via Traefik to perform CRUD operations on project data
 - It listens on a NATS connection for messages from external services to also perform operations on project data
 
 Applications with a BFF should use the REST API with HTTP requests to perform the needed operations on projects, while other resource API services should communicate with this service via NATS messages.
 
 This service contains the following API endpoints:
+
 - `/readyz`:
-    - `GET`: checks that the service is able to take in inbound requests
+  - `GET`: checks that the service is able to take in inbound requests
 - `/livez`:
-    - `GET`: checks that the service is alive
+  - `GET`: checks that the service is alive
 - `/projects`
-    - `GET`: fetch the list of projects (Note: this will be removed in favor of using the query service, once implemented)
-    - `POST` create a new project
+  - `GET`: fetch the list of projects (Note: this will be removed in favor of using the query service, once implemented)
+  - `POST` create a new project
 - `/projects/:id`
-    - `GET`: fetch a project by its UID
-    - `PUT`: update a project by its UID - only certain attributes can be updated, read the openapi spec for more details
-    - `DELETE`: delete a project by its UID
+  - `GET`: fetch a project by its UID
+  - `PUT`: update a project by its UID - only certain attributes can be updated, read the openapi spec for more details
+  - `DELETE`: delete a project by its UID
 
 This service handles the following NATS subjects:
+
 - `<lfx_environment>.lfx.projects-api.get_name`: Get a project name from a given project UID
 - `<lfx_environment>.lfx.projects-api.slug_to_uid`: Get a project UID from a given project slug
 
@@ -58,6 +61,7 @@ go install goa.design/goa/v3/cmd/goa@latest
 ```
 
 Verify the installation:
+
 ```bash
 goa version
 ```
@@ -76,6 +80,7 @@ goa gen github.com/linuxfoundation/lfx-v2-project-service/cmd/project-api/design
 ```
 
 This command generates:
+
 - HTTP server and client code
 - OpenAPI specification
 - Service interfaces and types
@@ -107,6 +112,9 @@ The service relies on some resources and external services being spun up prior t
 |LFX_ENVIRONMENT|the LFX environment (enum: prod, stg, dev)|dev|false|
 |LOG_LEVEL|the log level for outputted logs|info|false|
 |LOG_ADD_SOURCE|whether to add the source field to outputted logs|false|false|
+|JWKS_URL|the URL to the endpoint for verifying ID tokens and JWT access tokens||false|
+|AUDIENCE|the audience of the app that the JWT token should have set - for verification of the JWT token|lfx-v2-project-service|false|
+|JWT_AUTH_DISABLED_MOCK_LOCAL_PRINCIPAL|a mocked auth principal value for local development (to avoid needing a valid JWT token)||false|
 
 #### 4. Development Workflow
 
@@ -115,10 +123,13 @@ The service relies on some resources and external services being spun up prior t
 2. **Regenerate code**: Run `make apigen` after design changes
 
 3. **Build the service**:
+
    ```bash
    make build
    ```
+
 4. **Run the service**:
+
    ```bash
    make run
 
@@ -127,11 +138,21 @@ The service relies on some resources and external services being spun up prior t
 
    # or run with the go command to set custom flags
    # -bind string   interface to bind on (default "*")
-   # -d	         enable debug logging (default false)
+   # -d          enable debug logging (default false)
    # -p    string   listen port (default "8080")
    go run
    ```
+
+   Once the service is running, make a request to the `/livez` endpoint to ensure that the service is alive.
+
+   ```bash
+    curl http://localhost:8080/livez
+   ```
+
+   You should get a 200 status code response with a text/plain content payload of `OK`.
+
 5. **Run tests**:
+
    ```bash
    make test
 
@@ -140,6 +161,7 @@ The service relies on some resources and external services being spun up prior t
    ```
 
 6. **Lint the code**
+
    ```bash
    # From the root of the directory, run megalinter (https://megalinter.io/latest/mega-linter-runner/) to ensure the code passes the linter checks. The CI/CD has a check that uses megalinter.
    npx mega-linter-runner .
@@ -164,14 +186,18 @@ The service relies on some resources and external services being spun up prior t
     ```
 
 ### Add new API endpoints
+
 Note: follow the [Development Workflow](#4-development-workflow) section on how to run the service code
+
 1. **Update design files**: Edit project file in `design/` to include specicification of the new endpoint with all of its supported parameters, responses, and errors, etc.
 2. **Regenerate code**: Run `make apigen` after design changes
 3. **Implement code**: Implement the new endpoint in `service_endpoint.go`. Follow similar standards of the other endpoint methods. Include tests for the new endpoint in `service_endpoint_test.go`.
 4. **Update heimdall ruleset**: Ensure that `/charts/lfx-v2-project-service/templates/ruleset.yaml` has the route and method for the endpoint set so that authentication is configured when deployed
 
 ### Add new message handlers
+
 Note: follow the [Development Workflow](#4-development-workflow) section on how to run the service code
+
 1. **Update main.go**: In `main.go` is the code for subscribing the service to specific NATS queue subjects. Add the subscription code in the `createNatsSubcriptions` function. If a new subject needs to be subscribed, add the subject to the `../pkg/constants` directory in a similiar fashion as the other subject names (so that it can be referenced by other services that need to send messages for the subject).
 2. **Update service_handler.go**: Implement the NATS message handler. Add a new function, such as `HandleProjectGetName` for handling messages with respect to getting the name of a project. The `HandleNatsMessage` function switch statement should also be updated to include the new subject and function call.
 3. **Update service_handler_test.go**: Add unit tests for the new handler function. Mock external service calls so that the tests are modular.

cmd/project-api/design/project.go

@@ -94,7 +94,7 @@ var _ = Service("project-service", func() {
 			POST("/projects")
 			Param("version:v")
 			Header("bearer_token:Authorization")
-			Response(StatusOK)
+			Response(StatusCreated)
 			Response("BadRequest", StatusBadRequest)
 			Response("Conflict", StatusConflict)
 			Response("InternalServerError", StatusInternalServerError)

cmd/project-api/gen/http/openapi.json

@@ -127,8 +127,8 @@ paths:
                         - description
                         - name
             responses:
-                "200":
-                    description: OK response.
+                "201":
+                    description: Created response.
                     schema:
                         $ref: '#/definitions/Project'
                 "400":

cmd/project-api/gen/http/openapi.yaml

@@ -170,8 +170,8 @@ paths:
                                 - user123
                                 - user456
             responses:
-                "200":
-                    description: OK response.
+                "201":
+                    description: Created response.
                     content:
                         application/json:
                             schema: