feat: Added API validation to EligibilityCheck API endpoints

Justin-MacIntosh · Justin-MacIntosh · commit 23625898eadb · 2026-02-26T14:51:27.000-05:00
feat: Added error logging to JSON Validation Errors
diff --git a/builder-api/src/main/java/org/acme/api/error/JsonServerExceptionMappers.java b/builder-api/src/main/java/org/acme/api/error/JsonServerExceptionMappers.java
@@ -1,5 +1,6 @@
 package org.acme.api.error;
 
+import io.quarkus.logging.Log;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.exc.MismatchedInputException;
@@ -12,6 +13,7 @@ public class JsonServerExceptionMappers {
 
   @ServerExceptionMapper
   public Response map(MismatchedInputException e) {
+    Log.error(e);
     // e.g. screenerName is object but DTO expects String
     String field =
         e.getPath() != null && !e.getPath().isEmpty()
@@ -26,6 +28,7 @@ public Response map(MismatchedInputException e) {
 
   @ServerExceptionMapper
   public Response map(JsonParseException e) {
+    Log.error(e);
     // malformed JSON like { "schema": }
     return Response.status(Response.Status.BAD_REQUEST)
         .type(MediaType.APPLICATION_JSON)
@@ -35,6 +38,7 @@ public Response map(JsonParseException e) {
 
   @ServerExceptionMapper
   public Response map(WebApplicationException e) {
+    Log.error(e);
     return Response.status(Response.Status.BAD_REQUEST)
         .type(MediaType.APPLICATION_JSON)
         .entity(ApiError.of("Malformed JSON."))
@@ -43,6 +47,7 @@ public Response map(WebApplicationException e) {
 
   @ServerExceptionMapper
   public Response map(JsonMappingException e) {
+    Log.error(e);
     // other mapping errors
     return Response.status(Response.Status.BAD_REQUEST)
         .type(MediaType.APPLICATION_JSON)
diff --git a/builder-api/src/main/java/org/acme/controller/EligibilityCheckResource.java b/builder-api/src/main/java/org/acme/controller/EligibilityCheckResource.java
@@ -3,6 +3,7 @@
 import io.quarkus.logging.Log;
 import io.quarkus.security.identity.SecurityIdentity;
 import jakarta.inject.Inject;
+import jakarta.validation.Valid;
 import jakarta.ws.rs.*;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.MediaType;
@@ -11,9 +12,9 @@
 import org.acme.auth.AuthUtils;
 import org.acme.constants.CheckStatus;
 import org.acme.model.domain.EligibilityCheck;
-import org.acme.model.dto.CheckDmnRequest;
 import org.acme.model.dto.CreateCheckRequest;
-import org.acme.model.dto.UpdateCheckRequest;
+import org.acme.model.dto.EligibilityCheck.CheckDmnRequest;
+import org.acme.model.dto.EligibilityCheck.EditCheckRequest;
 import org.acme.persistence.EligibilityCheckRepository;
 import org.acme.persistence.StorageService;
 import org.acme.service.DmnService;
@@ -124,10 +125,11 @@ public Response getCustomCheck(@Context SecurityIdentity identity, @PathParam("c
     }
 
     @PATCH
+    @Consumes(MediaType.APPLICATION_JSON)
     @Path("/{checkId}")
     public Response updateCustomCheck(@Context SecurityIdentity identity,
-                                @PathParam("checkId") String checkId,
-                                UpdateCheckRequest request){
+                                      @PathParam("checkId") String checkId,
+                                      @Valid EditCheckRequest request){
         String userId = AuthUtils.getUserId(identity);
 
         // Check if the check exists and is not archived
@@ -144,11 +146,11 @@ public Response updateCustomCheck(@Context SecurityIdentity identity,
         }
 
         // Partial update: only update fields that are provided (non-null)
-        if (request.description != null) {
-            existingCheck.setDescription(request.description);
+        if (request.description() != null) {
+            existingCheck.setDescription(request.description());
         }
-        if (request.parameterDefinitions != null) {
-            existingCheck.setParameterDefinitions(request.parameterDefinitions);
+        if (request.parameterDefinitions() != null) {
+            existingCheck.setParameterDefinitions(request.parameterDefinitions());
         }
 
         try {
@@ -168,8 +170,8 @@ public Response updateCustomCheck(@Context SecurityIdentity identity,
     @Path("/{checkId}/dmn")
     public Response saveCheckDmn(@Context SecurityIdentity identity,
                                  @PathParam("checkId") String checkId,
-                                 CheckDmnRequest saveDmnRequest){
-        String dmnModel = saveDmnRequest.dmnModel;
+                                 @Valid CheckDmnRequest saveDmnRequest){
+        String dmnModel = saveDmnRequest.dmnModel();
 
         String userId = AuthUtils.getUserId(identity);
         Optional<EligibilityCheck> checkOpt = eligibilityCheckRepository.getWorkingCustomCheck(userId, checkId);
@@ -202,8 +204,8 @@ public Response saveCheckDmn(@Context SecurityIdentity identity,
     @Path("/{checkId}/dmn/validate")
     public Response validateCheckDmn(@Context SecurityIdentity identity,
                                      @PathParam("checkId") String checkId,
-                                     CheckDmnRequest validateDmnRequest){
-        String dmnModel = validateDmnRequest.dmnModel;
+                                     @Valid CheckDmnRequest validateDmnRequest){
+        String dmnModel = validateDmnRequest.dmnModel();
 
         String userId = AuthUtils.getUserId(identity);
         Optional<EligibilityCheck> checkOpt = eligibilityCheckRepository.getWorkingCustomCheck(userId, checkId);
diff --git a/builder-api/src/main/java/org/acme/controller/ScreenerResource.java b/builder-api/src/main/java/org/acme/controller/ScreenerResource.java
@@ -174,13 +174,6 @@ public Response saveFormSchema(
       return Response.status(400).entity(violations.toString()).build();
     }
 
-    // // Make sure request.schema is not null
-    // if (request.schema() == null || request.schema().isNull()) {
-    //   return Response.status(Response.Status.BAD_REQUEST)
-    //       .entity(ApiError.of("schema cannot be null."))
-    //       .build();
-    // }
-
     String userId = AuthUtils.getUserId(identity);
 
     // Fetch Screener record and confirm user is authorized
diff --git a/builder-api/src/main/java/org/acme/model/dto/CheckDmnRequest.java b/builder-api/src/main/java/org/acme/model/dto/CheckDmnRequest.java
diff --git a/builder-api/src/main/java/org/acme/model/dto/EligibilityCheck/CheckDmnRequest.java b/builder-api/src/main/java/org/acme/model/dto/EligibilityCheck/CheckDmnRequest.java
@@ -0,0 +1,3 @@
+package org.acme.model.dto.EligibilityCheck;
+
+public record CheckDmnRequest(String dmnModel) {}
diff --git a/builder-api/src/main/java/org/acme/model/dto/EligibilityCheck/EditCheckRequest.java b/builder-api/src/main/java/org/acme/model/dto/EligibilityCheck/EditCheckRequest.java
@@ -0,0 +1,11 @@
+package org.acme.model.dto.EligibilityCheck;
+
+import org.acme.api.validation.AtLeastOneProvided;
+import org.acme.model.domain.ParameterDefinition;
+import java.util.List;
+
+
+@AtLeastOneProvided(fields = {"description", "parameterDefinitions"})
+public record EditCheckRequest(
+    String description, List<ParameterDefinition> parameterDefinitions
+) {}
diff --git a/builder-api/src/main/java/org/acme/model/dto/UpdateCheckRequest.java b/builder-api/src/main/java/org/acme/model/dto/UpdateCheckRequest.java

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+package org.acme.model.dto.EligibilityCheck;`
	`2`	`+`
	`3`	`+public record CheckDmnRequest(String dmnModel) {}`