From f2f0d954c66f8373cb699d60cc51ac574cf65f3d Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Wed, 24 Sep 2025 16:47:50 +1000
Subject: [PATCH] Move source of truth of platforms into one place

The first test tokens had an inconsistent client_id and I had to
introduce multiple mappings to get the right config. But that has been
harmonised and we can put the config in one place.
---
 app/helpers/admin/enterprises_helper.rb       |  2 +-
 .../dfc_provider/platforms_controller.rb      | 14 +++-------
 engines/dfc_provider/app/services/api_user.rb | 26 ++++++++++++++++---
 .../app/services/proxy_notifier.rb            | 24 +++++++----------
 .../spec/services/proxy_notifier_spec.rb      |  6 ++---
 5 files changed, 38 insertions(+), 34 deletions(-)

diff --git a/app/helpers/admin/enterprises_helper.rb b/app/helpers/admin/enterprises_helper.rb
index a82d96dd4a..f315f8acb4 100644
--- a/app/helpers/admin/enterprises_helper.rb
+++ b/app/helpers/admin/enterprises_helper.rb
@@ -50,7 +50,7 @@ module Admin
     end
 
     def dfc_platforms_available?
-      DfcProvider::PlatformsController::PLATFORM_IDS.keys.any? do |id|
+      ApiUser::PLATFORMS.keys.any? do |id|
         feature?(id, spree_current_user)
       end
     end
diff --git a/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb b/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb
index 770cf07bfc..56ab267274 100644
--- a/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb
+++ b/engines/dfc_provider/app/controllers/dfc_provider/platforms_controller.rb
@@ -2,14 +2,6 @@
 
 module DfcProvider
   class PlatformsController < DfcProvider::ApplicationController
-    # List of platform identifiers.
-    #   local ID => semantic ID
-    PLATFORM_IDS = {
-      'cqcm-dev' => "https://api.proxy-dev.cqcm.startinblox.com/profile",
-      'cqcm-stg' => "https://api.proxy-stg.cqcm.startinblox.com/profile",
-      'cqcm' => "https://carte.cqcm.coop/profile",
-    }.freeze
-
     prepend_before_action :move_authenticity_token
     before_action :check_enterprise
 
@@ -48,7 +40,7 @@ module DfcProvider
         )
       end
 
-      ProxyNotifier.new.refresh(PLATFORM_IDS[key])
+      ProxyNotifier.new.refresh(key)
 
       render json: platform(key)
     end
@@ -70,7 +62,7 @@ module DfcProvider
     end
 
     def available_platforms
-      PLATFORM_IDS.keys.select do |platform|
+      ApiUser::PLATFORMS.keys.select do |platform|
         feature?(platform, current_user)
       end
     end
@@ -78,7 +70,7 @@ module DfcProvider
     def platform(key)
       {
         '@type': "dfc-t:Platform",
-        '@id': PLATFORM_IDS[key],
+        '@id': ApiUser.platform_url(key),
         localId: key,
         'dfc-t:hasAssignedScopes': {
           '@type': "rdf:List",
diff --git a/engines/dfc_provider/app/services/api_user.rb b/engines/dfc_provider/app/services/api_user.rb
index 434216c07b..580d2458e3 100644
--- a/engines/dfc_provider/app/services/api_user.rb
+++ b/engines/dfc_provider/app/services/api_user.rb
@@ -2,11 +2,29 @@
 
 # Authorised user or client using the API
 class ApiUser
-  CLIENT_MAP = {
-    "https://api.proxy-dev.cqcm.startinblox.com/profile" => "cqcm-dev",
-    "https://api.proxy-stg.cqcm.startinblox.com/profile" => "cqcm-stg",
-    "https://carte.cqcm.coop/profile" => "cqcm",
+  PLATFORMS = {
+    'cqcm-dev' => {
+      id: "https://api.proxy-dev.cqcm.startinblox.com/profile",
+      tokens: "https://kc.cqcm.startinblox.com/realms/startinblox/protocol/openid-connect/token",
+    },
+    'cqcm-stg' => {
+      id: "https://api.proxy-stg.cqcm.startinblox.com/profile",
+      tokens: "https://kc.cqcm.startinblox.com/realms/startinblox/protocol/openid-connect/token",
+    },
+    'cqcm' => {
+      id: "https://carte.cqcm.coop/profile",
+      tokens: "https://authentification.cqcm.coop/realms/cqcm/protocol/openid-connect/token",
+    },
   }.freeze
+  CLIENT_MAP = PLATFORMS.keys.index_by { |key| PLATFORMS.dig(key, :id) }.freeze
+
+  def self.platform_url(platform)
+    PLATFORMS.dig(platform, :id)
+  end
+
+  def self.token_endpoint(platform)
+    PLATFORMS.dig(platform, :tokens)
+  end
 
   def self.from_client_id(client_id)
     id = CLIENT_MAP[client_id]
diff --git a/engines/dfc_provider/app/services/proxy_notifier.rb b/engines/dfc_provider/app/services/proxy_notifier.rb
index 0e4b73b4bd..fe91f78279 100644
--- a/engines/dfc_provider/app/services/proxy_notifier.rb
+++ b/engines/dfc_provider/app/services/proxy_notifier.rb
@@ -5,20 +5,13 @@ require "private_address_check/tcpsocket_ext"
 
 # Call a webhook to notify a data proxy about changes in our data.
 class ProxyNotifier
-  TOKEN_ENDPOINTS = {
-    'https://api.proxy-dev.cqcm.startinblox.com/profile' => "https://kc.cqcm.startinblox.com/realms/startinblox/protocol/openid-connect/token",
-    'https://api.proxy-stg.cqcm.startinblox.com/profile' => "https://kc.cqcm.startinblox.com/realms/startinblox/protocol/openid-connect/token",
-    'https://carte.cqcm.coop/profile' => "https://authentification.cqcm.coop/realms/cqcm/protocol/openid-connect/token",
-
-  }.freeze
-
-  def refresh(platform_url)
+  def refresh(platform)
     PrivateAddressCheck.only_public_connections do
-      notify_proxy(platform_url)
+      notify_proxy(platform)
     end
   end
 
-  def request_token(platform_url)
+  def request_token(platform)
     connection = Faraday.new(
       request: { timeout: 5 },
     ) do |f|
@@ -27,7 +20,7 @@ class ProxyNotifier
       f.response :raise_error
     end
 
-    url = TOKEN_ENDPOINTS[platform_url]
+    url = ApiUser.token_endpoint(platform)
     data = {
       grant_type: "client_credentials",
       client_id: ENV.fetch("OPENID_APP_ID", nil),
@@ -38,8 +31,8 @@ class ProxyNotifier
     response.body["access_token"]
   end
 
-  def notify_proxy(platform_url)
-    token = request_token(platform_url)
+  def notify_proxy(platform)
+    token = request_token(platform)
     data = {
       eventType: "refresh",
       enterpriseUrlid: DfcProvider::Engine.routes.url_helpers.enterprises_url,
@@ -56,10 +49,11 @@ class ProxyNotifier
       f.response :json
       f.response :raise_error
     end
-    connection.post(webhook_url(platform_url), data)
+    connection.post(webhook_url(platform), data)
   end
 
-  def webhook_url(platform_url)
+  def webhook_url(platform)
+    platform_url = ApiUser.platform_url(platform)
     URI.parse(platform_url).tap do |url|
       url.path = "/djangoldp-dfc/webhook/"
     end
diff --git a/engines/dfc_provider/spec/services/proxy_notifier_spec.rb b/engines/dfc_provider/spec/services/proxy_notifier_spec.rb
index dfda2b5d37..2cf9cfd316 100644
--- a/engines/dfc_provider/spec/services/proxy_notifier_spec.rb
+++ b/engines/dfc_provider/spec/services/proxy_notifier_spec.rb
@@ -8,10 +8,10 @@ require_relative "../spec_helper"
 #     OPENID_APP_ID="..."
 #     OPENID_APP_SECRET="..."
 RSpec.describe ProxyNotifier do
-  let(:platform_url) { "https://api.proxy-dev.cqcm.startinblox.com/profile" }
+  let(:platform) { "cqcm-dev" }
 
   it "receives an access token", :vcr do
-    token = subject.request_token(platform_url)
+    token = subject.request_token(platform)
     expect(token).to be_a String
     expect(token.length).to be > 20
   end
@@ -21,7 +21,7 @@ RSpec.describe ProxyNotifier do
     # If you don't have valid credentials, you'll get an unauthorized error.
     # Correctly authenticated, the server fails to update its data.
     expect {
-      subject.refresh(platform_url)
+      subject.refresh(platform)
     }.to raise_error Faraday::ServerError
   end
 end