fix: enable auth, use PascalCase operationIds, fix schemas and indexes

Author: keshxvdayal

docs/middleware.md

@@ -87,7 +87,6 @@ specs:
       - api/middleware_management.yaml
     add_operation_fields:
       x-openapi-router-controller: pro_tes.api.middlewares.controllers
-    disable_auth: True
     connexion:
       strict_validation: True
       validate_responses: True
@@ -96,7 +95,7 @@ specs:
 This configuration tells FOCA to:
 - Load the OpenAPI spec from the api directory
 - Route requests to the middlewares controller module
-- Disable authentication for initial development (will be secured in Subtask 4)
+- Use existing authentication scheme for security
 - Enable strict validation of requests and responses
 
 The FOCA framework uses Connexion under the hood, which automatically generates routing, parameter validation, and response serialization based on the OpenAPI specification.
@@ -110,30 +109,9 @@ pro_tes/
 └── config.yaml                             (FOCA integration)
 
 docs/
-├── api/
-│   ├── middleware_management.md            (API documentation)
-│   ├── middleware_management.postman_collection.json
-│   └── QUICK_REFERENCE.md
-├── architecture/
-│   └── middleware_api_design.md            (Architecture decisions)
 └── middleware.md                           (This file)
-
-scripts/
-└── validate_openapi.sh                     (Validation utility)
 ```
 
-## Documentation Deliverables
-
-**API Documentation**: Comprehensive guide with request/response examples for each endpoint. Includes curl commands, common use cases, and troubleshooting tips.
-
-**Architecture Decision Record**: Documents twelve major design decisions with rationale, alternatives considered, and consequences. Serves as reference for future development.
-
-**Postman Collection**: Ready-to-use collection with fourteen pre-configured requests. Includes environment variables, test scripts, and example data for all scenarios.
-
-**Quick Reference**: Single-page reference with essential endpoints, parameters, and response codes. Designed for daily development use.
-
-**Validation Script**: Bash script that validates OpenAPI syntax using multiple tools. Checks for common errors like undefined schema references and invalid endpoint definitions.
-
 ## Testing Approach
 
 This subtask focuses on specification validation rather than runtime testing since no executable code is implemented yet. Validation performed:
@@ -150,19 +128,21 @@ Runtime testing will occur in Subtask 2 when controllers are implemented.
 
 ## Security Considerations
 
-While authentication is disabled for initial development, the specification includes security design:
+The specification includes comprehensive security design:
+
+**Authentication Required**: All middleware management endpoints require authentication through the existing proTES security scheme.
 
-**Input Validation**: All parameters include type, format, and constraint definitions. Connexion will automatically validate inputs before they reach controller code.
+**Input Validation**: All parameters include type, format, and constraint definitions. Connexion automatically validates inputs before they reach controller code.
 
 **MongoDB ObjectId Pattern**: Enforces 24-character hex pattern preventing injection attacks through malformed IDs.
 
 **Class Path Immutability**: Prevents code substitution attacks by making class paths unchangeable after creation.
 
-**Code Validation**: Separate validation endpoint allows testing code safety before deployment.
+**Database Constraints**: Unique indexes on both name and class_path fields prevent duplicate middleware registration.
 
 **Source Tracking**: Records code origin for audit and security review purposes.
 
-Full security implementation including authentication, authorization, and rate limiting will be added in Subtask 4.
+Authorization controls and role-based access will be added in Subtask 4.
 
 ## Future Work
 

pro_tes/api/middleware_management.yaml

@@ -27,7 +27,7 @@ paths:
       description: |
         Retrieve all configured middlewares with their order, metadata, and status.
         Results are sorted by execution order (ascending) by default.
-      operationId: listMiddlewares
+      operationId: ListMiddlewares
       tags:
         - Middleware Management
       parameters:
@@ -90,7 +90,7 @@ paths:
         local class paths or fetched from GitHub repositories. If order is not specified,
         the middleware is appended to the end of the stack. If order is specified, 
         existing middlewares at that position or higher are shifted up by one.
-      operationId: addMiddleware
+      operationId: AddMiddleware
       tags:
         - Middleware Management
       requestBody:
@@ -147,7 +147,7 @@ paths:
     get:
       summary: Get middleware details
       description: Retrieve detailed information about a specific middleware by ID
-      operationId: getMiddleware
+      operationId: GetMiddleware
       tags:
         - Middleware Management
       parameters:
@@ -183,7 +183,7 @@ paths:
       description: |
         Update middleware configuration. Only name, order, config, and enabled fields
         can be updated. class_path and source cannot be modified for security reasons.
-      operationId: updateMiddleware
+      operationId: UpdateMiddleware
       tags:
         - Middleware Management
       parameters:
@@ -237,7 +237,7 @@ paths:
       description: |
         Remove a middleware from the execution stack. By default performs soft delete
         (sets enabled=false). Use force=true query parameter for hard deletion.
-      operationId: deleteMiddleware
+      operationId: DeleteMiddleware
       tags:
         - Middleware Management
       parameters:
@@ -277,7 +277,7 @@ paths:
       description: |
         Reorder the entire middleware execution stack by providing an ordered array
         of middleware IDs. All middleware IDs must be provided in the desired execution order.
-      operationId: reorderMiddlewares
+      operationId: ReorderMiddlewares
       tags:
         - Middleware Management
       requestBody:
@@ -321,7 +321,7 @@ paths:
         Validate middleware code without adding it to the stack. Performs static
         analysis to check if the code is valid and safe. Useful for testing before
         deploying middleware.
-      operationId: validateMiddleware
+      operationId: ValidateMiddleware
       tags:
         - Middleware Management
       requestBody:
@@ -572,12 +572,10 @@ components:
     ValidationRequest:
       type: object
       description: Request body for validating middleware code
-      required:
-        - class_path
       properties:
         class_path:
           type: string
-          description: Class path or code to validate
+          description: Class path to validate
           example: "pro_tes.plugins.middlewares.task_distribution.distance.TaskDistributionDistance"
         github_url:
           type: string
@@ -587,8 +585,11 @@ components:
           example: "https://raw.githubusercontent.com/user/repo/main/middleware.py"
         code:
           type: string
-          description: Raw Python code to validate (alternative to class_path)
+          description: Raw Python code to validate
           nullable: true
+      oneOf:
+        - required: [class_path]
+        - required: [code]
 
     ValidationResponse:
       type: object
@@ -648,25 +649,14 @@ components:
       type: object
       description: Standard error response
       required:
-        - error
+        - code
         - message
       properties:
-        error:
-          type: string
-          description: Error type/code
-          example: "MiddlewareNotFound"
+        code:
+          type: integer
+          description: HTTP status code
+          example: 404
         message:
           type: string
           description: Human-readable error message
           example: "Middleware with ID '507f1f77bcf86cd799439011' not found"
-        details:
-          type: object
-          description: Additional error details
-          nullable: true
-          additionalProperties: true
-        timestamp:
-          type: string
-          format: date-time
-          description: Error timestamp
-          example: "2026-01-24T10:30:00Z"
-          

pro_tes/config.yaml

@@ -51,6 +51,12 @@ db:
           indexes:
             - keys:
                 name: 1
+              options:
+                "unique": True
+            - keys:
+                class_path: 1
+              options:
+                "unique": True
 
 # API configuration
 # Cf. https://foca.readthedocs.io/en/latest/modules/foca.models.html#foca.models.config.APIConfig
@@ -79,7 +85,6 @@ api:
         - api/middleware_management.yaml
       add_operation_fields:
         x-openapi-router-controller: pro_tes.api.middlewares.controllers
-      disable_auth: True
       connexion:
         strict_validation: True
         validate_responses: True
@@ -169,4 +174,3 @@ custom:
   middlewares:
     - - "pro_tes.plugins.middlewares.task_distribution.distance.TaskDistributionDistance"
       - "pro_tes.plugins.middlewares.task_distribution.random.TaskDistributionRandom"
-