Préavis - Protéger l'URL de téléchargement des préavis avec Cerbère (#…

…3558)

## Linked issues

- Resolve #3391

----

- [ ] Tests E2E (Cypress)

Makefile

@@ -125,7 +125,7 @@ test-back: check-clean-archi
 		cd backend && ./gradlew clean test; \
 	else \
 		echo "Running single Backend test class $(class)..."; \
-		cd backend && ./gradlew test --tests "$(class)"; \
+		cd backend && ./gradlew test --console plain --no-continue --parallel --tests "$(class)"; \
 	fi
 
 test-back-watch:

backend/src/main/kotlin/fr/gouv/cnsp/monitorfish/infrastructure/api/bff/PriorNotificationController.kt

@@ -14,8 +14,13 @@ import io.swagger.v3.oas.annotations.Parameter
 import io.swagger.v3.oas.annotations.tags.Tag
 import jakarta.websocket.server.PathParam
 import org.springframework.data.domain.Sort
+import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpStatus
+import org.springframework.http.MediaType
+import org.springframework.http.ResponseEntity
 import org.springframework.web.bind.annotation.*
 import java.time.ZonedDateTime
+import java.time.format.DateTimeFormatter.ISO_DATE_TIME
 
 @RestController
 @RequestMapping("/bff/v1/prior_notifications")
@@ -24,13 +29,16 @@ class PriorNotificationController(
     private val computeManualPriorNotification: ComputeManualPriorNotification,
     private val createOrUpdateManualPriorNotification: CreateOrUpdateManualPriorNotification,
     private val getPriorNotification: GetPriorNotification,
+    private val getPriorNotificationPdfDocument: GetPriorNotificationPdfDocument,
     private val getPriorNotifications: GetPriorNotifications,
     private val getNumberToVerify: GetNumberToVerify,
     private val getPriorNotificationTypes: GetPriorNotificationTypes,
     private val updateLogbookPriorNotification: UpdateLogbookPriorNotification,
     private val verifyAndSendPriorNotification: VerifyAndSendPriorNotification,
     private val invalidatePriorNotification: InvalidatePriorNotification,
 ) {
+    data class Status(val status: String)
+
     @GetMapping("")
     @Operation(summary = "Get all prior notifications")
     fun getAll(
@@ -297,6 +305,41 @@ class PriorNotificationController(
             .fromPriorNotification(getPriorNotification.execute(reportId, operationDate, isManuallyCreated))
     }
 
+    @GetMapping("/{reportId}/pdf")
+    @Operation(summary = "Get the PDF document")
+    fun getPdfDocument(
+        @PathParam("Logbook message `reportId`")
+        @PathVariable(name = "reportId")
+        reportId: String,
+    ): ResponseEntity<ByteArray?> {
+        val pdfDocument = getPriorNotificationPdfDocument.execute(reportId = reportId, isVerifyingExistence = false)
+            ?: return ResponseEntity.status(HttpStatus.NOT_FOUND).body(null)
+
+        val fileName = "preavis_debarquement_${pdfDocument.generationDatetimeUtc.format(ISO_DATE_TIME)}.pdf"
+        val headers = HttpHeaders().apply {
+            contentType = MediaType.APPLICATION_PDF
+            setContentDispositionFormData("attachment", fileName)
+        }
+        headers.add("x-generation-date", pdfDocument.generationDatetimeUtc.format(ISO_DATE_TIME))
+
+        return ResponseEntity(pdfDocument.pdfDocument, headers, HttpStatus.OK)
+    }
+
+    @GetMapping("/{reportId}/pdf/exist")
+    @Operation(summary = "Check the PDF document")
+    fun getPdfDocumentExistence(
+        @PathParam("Logbook message `reportId`")
+        @PathVariable(name = "reportId")
+        reportId: String,
+    ): Status {
+        val pdfDocument = getPriorNotificationPdfDocument.execute(reportId = reportId, isVerifyingExistence = true)
+        if (pdfDocument?.pdfDocument == null) {
+            return Status(HttpStatus.NO_CONTENT.name)
+        }
+
+        return Status(HttpStatus.FOUND.name)
+    }
+
     @PostMapping("/{reportId}/verify_and_send")
     @Operation(summary = "Verify and send a prior notification by its `reportId`")
     fun verifyAndSend(

backend/src/test/kotlin/fr/gouv/cnsp/monitorfish/infrastructure/api/bff/PriorNotificationControllerUTests.kt

@@ -6,9 +6,7 @@ import com.nhaarman.mockitokotlin2.anyOrNull
 import fr.gouv.cnsp.monitorfish.config.SentryConfig
 import fr.gouv.cnsp.monitorfish.domain.entities.facade.SeafrontGroup
 import fr.gouv.cnsp.monitorfish.domain.entities.logbook.LogbookMessagePurpose
-import fr.gouv.cnsp.monitorfish.domain.entities.prior_notification.ManualPriorNotificationComputedValues
-import fr.gouv.cnsp.monitorfish.domain.entities.prior_notification.PriorNotificationState
-import fr.gouv.cnsp.monitorfish.domain.entities.prior_notification.PriorNotificationStats
+import fr.gouv.cnsp.monitorfish.domain.entities.prior_notification.*
 import fr.gouv.cnsp.monitorfish.domain.use_cases.prior_notification.*
 import fr.gouv.cnsp.monitorfish.domain.utils.PaginatedList
 import fr.gouv.cnsp.monitorfish.fakers.PriorNotificationFaker
@@ -26,8 +24,7 @@ import org.springframework.context.annotation.Import
 import org.springframework.http.MediaType
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*
-import org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath
-import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers.*
 import java.time.ZonedDateTime
 
 @Import(SentryConfig::class)
@@ -49,6 +46,9 @@ class PriorNotificationControllerUTests {
     @MockBean
     private lateinit var getPriorNotification: GetPriorNotification
 
+    @MockBean
+    private lateinit var getPriorNotificationPdfDocument: GetPriorNotificationPdfDocument
+
     @MockBean
     private lateinit var getPriorNotifications: GetPriorNotifications
 
@@ -394,6 +394,75 @@ class PriorNotificationControllerUTests {
             .andExpect(jsonPath("$.reportId", equalTo(fakePriorNotification.reportId)))
     }
 
+    @Test
+    fun `getPdf Should get the PDF of a prior notification`() {
+        val dummyPdfContent = """
+            %PDF-1.4
+            1 0 obj
+            << /Type /Catalog /Pages 2 0 R >>
+            endobj
+            2 0 obj
+            << /Type /Pages /Kids [3 0 R] /Count 1 >>
+            endobj
+            3 0 obj
+            << /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] /Contents 4 0 R >>
+            endobj
+            4 0 obj
+            << /Length 55 >>
+            stream
+            BT
+            /F1 24 Tf
+            100 700 Td
+            (Hello, World!) Tj
+            ET
+            endstream
+            endobj
+            xref
+            0 5
+            0000000000 65535 f
+            0000000010 00000 n
+            0000000062 00000 n
+            0000000113 00000 n
+            0000000218 00000 n
+            trailer
+            << /Size 5 /Root 1 0 R >>
+            startxref
+            291
+            %%EOF
+        """.trimIndent().toByteArray()
+
+        // Given
+        given(getPriorNotificationPdfDocument.execute("REPORT_ID", false))
+            .willReturn(
+                PdfDocument(
+                    reportId = "REPORT_ID",
+                    source = PriorNotificationSource.LOGBOOK,
+                    generationDatetimeUtc = ZonedDateTime.now(),
+                    pdfDocument = dummyPdfContent,
+                ),
+            )
+
+        // When
+        api.perform(get("/bff/v1/prior_notifications/REPORT_ID/pdf"))
+            // Then
+            .andExpect(status().isOk)
+            .andExpect(content().contentType(MediaType.APPLICATION_PDF))
+            .andExpect(content().bytes(dummyPdfContent))
+    }
+
+    @Test
+    fun `getPdfExistence Should get the PDF existence of a prior notification`() {
+        // Given
+        given(getPriorNotificationPdfDocument.execute("REPORT_ID", true)).willReturn(null)
+
+        // When
+        api.perform(get("/bff/v1/prior_notifications/REPORT_ID/pdf/exist"))
+            // Then
+            .andExpect(status().isOk)
+            .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+            .andExpect(jsonPath("$.status", equalTo("NO_CONTENT")))
+    }
+
     @Test
     fun `verify_and_send Should verify and send a prior notification by its reportId`() {
         val fakePriorNotification = PriorNotificationFaker.fakePriorNotification()