CCM6126 respond with a json:api format for 413 errors

docs/tests/development/post_v1_message-batches/performance.md

@@ -1,9 +1,9 @@
 # Performance Tests
 
 
-## Scenario: An API consumer submitting a request with a request body containing 50,000 messages receives a 201 response
+## Scenario: An API consumer submitting a request with a request body containing 40,000 messages receives a 201 response
 
-**Given** the API consumer provides a message body of around 50k messages
+**Given** the API consumer provides a message body of around 40k messages
 <br/>
 **When** the request is submitted
 <br/>
@@ -16,9 +16,9 @@
 - Response returns a 201 status code
 
 
-## Scenario: An API consumer submitting a request with a large request body containing 50,000 duplicate messages receives a 400 response
+## Scenario: An API consumer submitting a request with a large request body containing 40,000 duplicate messages receives a 400 response
 
-**Given** the API consumer provides a message body of 50,000 duplicate messages
+**Given** the API consumer provides a message body of 40,000 duplicate messages
 <br/>
 **When** the request is submitted
 <br/>

docs/tests/integration/post_v1_message-batches/performance.md

@@ -1,9 +1,9 @@
 # Performance Tests
 
 
-## Scenario: An API consumer submitting a request with a request body containing 50,000 messages receives a 201 response
+## Scenario: An API consumer submitting a request with a request body containing 40,000 messages receives a 201 response
 
-**Given** the API consumer provides a message body of around 50k messages
+**Given** the API consumer provides a message body of around 40k messages
 <br/>
 **When** the request is submitted
 <br/>
@@ -16,9 +16,9 @@
 - Response returns a 201 status code
 
 
-## Scenario: An API consumer submitting a request with a large request body containing 50,000 duplicate messages receives a 400 response
+## Scenario: An API consumer submitting a request with a large request body containing 40,000 duplicate messages receives a 400 response
 
-**Given** the API consumer provides a message body of 50,000 duplicate messages
+**Given** the API consumer provides a message body of 40,000 duplicate messages
 <br/>
 **When** the request is submitted
 <br/>

docs/tests/production/post_v1_message-batches/performance.md

@@ -1,9 +1,9 @@
 # Performance Tests
 
 
-## Scenario: An API consumer submitting a request with a request body containing 50,000 messages receives a 201 response
+## Scenario: An API consumer submitting a request with a request body containing 40,000 messages receives a 201 response
 
-**Given** the API consumer provides a message body of around 50k messages
+**Given** the API consumer provides a message body of around 40k messages
 <br/>
 **When** the request is submitted
 <br/>
@@ -16,9 +16,9 @@
 - Response returns a 201 status code
 
 
-## Scenario: An API consumer submitting a request with a large request body containing 50,000 duplicate messages receives a 400 response
+## Scenario: An API consumer submitting a request with a large request body containing 40,000 duplicate messages receives a 400 response
 
-**Given** the API consumer provides a message body of 50,000 duplicate messages
+**Given** the API consumer provides a message body of 40,000 duplicate messages
 <br/>
 **When** the request is submitted
 <br/>

docs/tests/sandbox/post_v1_message-batches/performance.md

@@ -1,9 +1,9 @@
 # Performance Tests
 
 
-## Scenario: An API consumer submitting a request with a request body containing 50,000 messages receives a 201 response
+## Scenario: An API consumer submitting a request with a request body containing 40,000 messages receives a 201 response
 
-**Given** the API consumer provides a message body of around 50k messages
+**Given** the API consumer provides a message body of around 40k messages
 <br/>
 **When** the request is submitted
 <br/>
@@ -16,9 +16,9 @@
 - Response returns a 201 status code
 
 
-## Scenario: An API consumer submitting a request with a large request body containing 50,000 duplicate messages receives a 400 response
+## Scenario: An API consumer submitting a request with a large request body containing 40,000 duplicate messages receives a 400 response
 
-**Given** the API consumer provides a message body of 50,000 duplicate messages
+**Given** the API consumer provides a message body of 40,000 duplicate messages
 <br/>
 **When** the request is submitted
 <br/>
@@ -34,9 +34,9 @@
 - Response returns 100 error message blocks
 
 
-## Scenario: An API consumer submitting a request with a request body containing 50,000 messages receives a 201 response
+## Scenario: An API consumer submitting a request with a request body containing 40,000 messages receives a 201 response
 
-**Given** the API consumer provides a message body of around 50k messages
+**Given** the API consumer provides a message body of around 40k messages
 <br/>
 **When** the request is submitted
 <br/>

proxies/shared/partials/Partial.Flows.CreateMessageBatchEndpoint.xml

@@ -5,7 +5,7 @@
             <Name>JavaScript.MessageBatches.Create.Validate</Name>
         </Step>
         <Step>
-            <Name>RaiseFault.400BadRequest</Name>
+            <Name>RaiseFault.4xxGeneric</Name>
             <Condition>errors != null</Condition>
         </Step>
         <Step>
@@ -31,4 +31,4 @@
     <Condition>
         (proxy.pathsuffix MatchesPath "/v1/message-batches") and (request.verb = "POST")
     </Condition>
-</Flow>
+</Flow>

proxies/shared/partials/Partial.Flows.CreateMessageEndpoint.xml

@@ -5,7 +5,7 @@
             <Name>JavaScript.Messages.Create.Validate</Name>
         </Step>
         <Step>
-            <Name>RaiseFault.400BadRequest</Name>
+            <Name>RaiseFault.4xxGeneric</Name>
             <Condition>errors != null</Condition>
         </Step>
         <Step>
@@ -31,4 +31,4 @@
     <Condition>
         (proxy.pathsuffix MatchesPath "/v1/messages") and (request.verb = "POST")
     </Condition>
-</Flow>
+</Flow>

proxies/shared/partials/Partial.Target.FaultRules.xml

@@ -72,6 +72,12 @@
         <Name>RaiseFault.404NotFound</Name>
         <Condition>response.status.code = 404</Condition>
     </Step>
+    <Step>
+        <Name>RaiseFault.413RequestTooLarge</Name>
+        <Condition>
+            response.status.code = 413 and response.content Like "*Request Too Long*"
+        </Condition>
+    </Step>
     <Step>
         <Name>RaiseFault.400BackendException.OdsCodeRequired</Name>
         <Condition>response.status.code = 400 and response.content Like "*odsCode must be provided*"</Condition>

proxies/shared/policies/RaiseFault.413RequestTooLarge.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ This policy raises a 413 error response for a request that was too large
+
+ Valid values are:
+    * `*/*`
+    * `application/json`
+    * `application/vnd.api+json`
+
+ Raisefault policies stop the execution of the current flow and move to the error flow, which returns the error response defined here to the requesting application.
+
+ For more information on RaiseFault policies within Apigee see the following resource:
+    * https://docs.apigee.com/api-platform/reference/policies/raise-fault-policy
+-->
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.413RequestTooLarge">
+    <DisplayName>RaiseFault.413RequestTooLarge</DisplayName>
+    <Properties/>
+    <FaultResponse>
+        <Set>
+            <Headers/>
+            <StatusCode>413</StatusCode>
+            <Payload variablePrefix="@" variableSuffix="#">
+                {
+                    "errors" : [
+                        {
+                            "id" : "@messageid#.0",
+                            "code" : "CM_TOO_LARGE",
+                            "links" : {
+                                "about" : "{{ ERROR_ABOUT_LINK }}"
+                            },
+                            "status" : "413",
+                            "title" : "Request too large",
+                            "detail" : "Request message was larger than the service limit",
+                            "source": {"pointer": "/"}
+                        }
+                    ]
+                }
+            </Payload>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>

proxies/shared/policies/RaiseFault.400BadRequest.xml → proxies/shared/policies/RaiseFault.4xxGeneric.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <!--
- This policy raises a 400 error response containing an array of errors populated by the MessageBatches.Create.Validate.js script.
+ This policy raises a 4xx error response containing an array of errors populated by the MessageBatches.Create.Validate.js script, the exact status code depends on context variables.
 
  Since the payload is JSON we can't use the standard {variable.name} syntax for Apigee flow variables, this is where we use the variablePrefix and variableSuffix attributes.
 
@@ -9,8 +9,8 @@
  For more information on RaiseFault policies within Apigee see the following resource:
     * https://docs.apigee.com/api-platform/reference/policies/raise-fault-policy
 -->
-<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.400BadRequest">
-    <DisplayName>RaiseFault.400BadRequest</DisplayName>
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.4xxGeneric">
+    <DisplayName>RaiseFault.4xxGeneric</DisplayName>
     <Properties/>
     <FaultResponse>
         <Set>
@@ -20,8 +20,7 @@
                 "errors" : %errors#
             }
             </Payload>
-            <StatusCode>400</StatusCode>
-            <ReasonPhrase>Bad request</ReasonPhrase>
+            <StatusCode>{generic_status_code}</StatusCode>
         </Set>
     </FaultResponse>
     <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

proxies/shared/resources/jsc/MessageBatches.Create.Validate.js

@@ -41,6 +41,10 @@ const validate = () => {
         // $.data.attributes.messages
         const validArray = validateArray(errors, data.attributes.messages, "/data/attributes/messages", 1)
         if (validArray) {
+          if (data.attributes.messages.length > 45000) {
+            errors.push(tooManyItemsError("/data/attributes/messages"));
+            return null;
+          }
           // $.data.attributes.messages.x
           data.attributes.messages.forEach((message, index) => {
             var pointer = "/data/attributes/messages/" + index;
@@ -106,7 +110,9 @@ const validate = () => {
 validate();
 
 if (errors.length > 0) {
+  context.setVariable("generic_status_code", errors[0].status);
   context.setVariable("errors", JSON.stringify(errors));
 } else {
+  context.setVariable("generic_status_code", null);
   context.setVariable("errors", null);
 }

proxies/shared/resources/jsc/Messages.Create.Validate.js

@@ -72,7 +72,9 @@ const validate = () => {
 validate();
 
 if (errors.length > 0) {
+    context.setVariable("generic_status_code", errors[0].status);
     context.setVariable("errors", JSON.stringify(errors));
 } else {
+    context.setVariable("generic_status_code", null);
     context.setVariable("errors", null);
 }

proxies/shared/resources/jsc/helpers/validationErrors.js

@@ -1,9 +1,9 @@
-function createErrorObject(code, title, detail, pointer, links) {
+function createErrorObject(code, status_code, title, detail, pointer, links) {
     return {
         "id": messageId + "." + errors.length,
         "code": code,
         "links": Object.assign({}, { "about": "https://digital.nhs.uk/developer/api-catalogue/nhs-notify" }, links),  // NOSONAR
-        "status": "400",
+        "status": status_code,
         "title": title,
         "detail": detail,
         "source": {
@@ -15,6 +15,7 @@ function createErrorObject(code, title, detail, pointer, links) {
 function missingError(pointer) {
     return createErrorObject(
         "CM_MISSING_VALUE",
+        "400",
         "Missing property",
         "The property at the specified location is required, but was not present in the request.",
         pointer,
@@ -25,6 +26,7 @@ function missingError(pointer) {
 function nullError(pointer) {
     return createErrorObject(
         "CM_NULL_VALUE",
+        "400",
         "Property cannot be null",
         "The property at the specified location is required, but a null value was passed in the request.",
         pointer,
@@ -35,6 +37,7 @@ function nullError(pointer) {
 function invalidError(pointer) {
     return createErrorObject(
         "CM_INVALID_VALUE",
+        "400",
         "Invalid value",
         "The property at the specified location does not allow this value.",
         pointer,
@@ -45,6 +48,7 @@ function invalidError(pointer) {
 function duplicateError(pointer) {
     return createErrorObject(
         "CM_DUPLICATE_VALUE",
+        "400",
         "Duplicate value",
         "The property at the specified location is a duplicate, duplicated values are not allowed.",
         pointer,
@@ -55,20 +59,32 @@ function duplicateError(pointer) {
 function tooFewItemsError(pointer) {
     return createErrorObject(
         "CM_TOO_FEW_ITEMS",
+        "400",
         "Too few items",
         "The property at the specified location contains too few items.",
         pointer,
         {}
     )
 }
 
+function tooManyItemsError(pointer) {
+    return createErrorObject(
+        "CM_TOO_MANY_ITEMS",
+        "413",
+        "Too many items",
+        "The property at the specified location contains too many items.",
+        pointer,
+        {}
+    )
+}
+
 function invalidNhsNumberError(pointer) {
     return createErrorObject(
         "CM_INVALID_NHS_NUMBER",
+        "400",
         "Invalid nhs number",
         "The value provided in this nhsNumber field is not a valid NHS number.",
         pointer,
         { "nhsNumbers": "https://www.datadictionary.nhs.uk/attributes/nhs_number.html" }
     );
 }
-

specification/endpoints/create_message_batch.yaml

@@ -31,6 +31,8 @@ responses:
     $ref: ../responses/4xx/406_NotAcceptable.yaml
   '408':
     $ref: ../responses/4xx/408_RequestTimeout.yaml
+  '413':
+    $ref: ../responses/4xx/413_RequestEntityTooLarge.yaml
   '415':
     $ref: ../responses/4xx/415_UnsupportedMedia.yaml
   '425':

specification/responses/4xx/413_RequestEntityTooLarge.yaml

@@ -0,0 +1,12 @@
+description: |+
+  Either the whole of or some part of the request was too large for the host side to handle and was rejected.
+
+content:
+  application/vnd.api+json:
+    schema:
+      $ref: ../../schemas/responses/errors/RequestEntityTooLarge.yaml
+  application/json:
+    schema:
+      $ref: ../../schemas/responses/errors/RequestEntityTooLarge.yaml
+headers:
+  $ref: ../../snippets/StandardResponseHeaders.yaml

specification/schemas/enums/ErrorRequestEntityTooLarge.yaml

@@ -0,0 +1,6 @@
+title: Enum_Error_RequestEntityTooLarge
+type: string
+enum:
+  - CM_TOO_LARGE
+  - CM_TOO_MANY_ITEMS
+example: CM_TOO_LARGE