Enhance security and modularize OCL Providers structure#161
Open
italomacedo wants to merge 15 commits intomainfrom
Open
Enhance security and modularize OCL Providers structure#161italomacedo wants to merge 15 commits intomainfrom
italomacedo wants to merge 15 commits intomainfrom
Conversation
Contributor
|
I don't see any documentation for the OCL functionality - how to configure it? And I don't see any test cases? Is there any way to test the OCL functionality? My basic rule for javascript is that if there's no tests, then it doesn't work |
Collaborator
Author
Added readme.MD for OCL Added test cases for >95% coverage |
…semantics The POST Parameters form of CodeSystem/-code was not internally equivalent to the GET query form for logically identical requests. GET behavior is the reference and was already correct, but POST could bypass the same display/code validation outcome. Why this change was needed: - Equivalent requests were producing different results depending on transport shape. - GET with system+code+display+version correctly invalidated mismatched display. - POST with parameter[coding] + parameter[display|version|displayLanguage] could take a different normalization path and not carry operation-level display/version into the internal Coding used for validation. - This created inconsistent validation behavior and made client behavior dependent on request encoding instead of terminology semantics. Root cause: - CodeSystem input normalization handled codeableConcept adjustments, but did not fully normalize the coding mode to merge operation parameters into the same internal model used by GET-style inputs. What was changed: - In CodeSystem normalization, for mode=coding: - map operation system/url to coding.system when missing - map operation code to coding.code when missing - map operation version to coding.version when missing - apply operation display to coding.display (so display checks match GET behavior) - Kept GET behavior unchanged as required. - Added regression test proving GET and POST(coding) produce identical result/message for equivalent parameters, with GET treated as source of truth. Why files outside tx/ocl changed: - The inconsistency is in shared -code request parsing/normalization logic (tx/workers/validate.js), not in OCL cache/data assets. - The safety net belongs in shared tx tests (tests/tx/validate.test.js) to prevent future regressions across all providers, including OCL-backed flows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant improvements to OCL (Open Concept Lab) integration, caching, and code system handling, as well as enhanced validation for NPM packages. The changes include the addition of new OCL provider support, robust caching and fingerprinting utilities, stricter package validation, and refactoring of code system provider data structures to improve consistency and reliability.
OCL Integration and Provider Enhancements:
Added OCL provider support to the terminology library, including new provider classes (
OCLCodeSystemProvider,OCLValueSetProvider,OCLConceptMapProvider) and configuration parsing for OCL endpoints and authentication. This enables the system to fetch and manage code systems, value sets, and concept maps from OCL sources. [1] [2] [3] [4]Implemented OCL-specific configuration parsing and registration logic, supporting multiple OCL sources, caching, and provider re-use keyed by base URL and organization. [1] [2]
OCL Caching and Fingerprinting Utilities:
Added new utility modules for OCL caching (
cache-paths.js,cache-utils.js) to manage cache directories, compute cache file paths, and handle cache aging. [1] [2]Introduced fingerprinting utilities (
fingerprint.js) to compute stable hashes for code systems and value set expansions, supporting cache validation and change detection.Added HTTP client and pagination helpers for OCL, enabling robust, paginated data retrieval with error handling and support for OCL API conventions. [1] [2]
NPM Package Validation Improvements:
PackageCrawlerto reject packages with install scripts (preinstall/install/postinstall) and to reject non-template packages containing JavaScript files, improving security and package hygiene. [1] [2] [3]Code System Provider Refactoring:
Refactored code system provider data structures: changed from using a
Mapto an array for storing code systems to improve compatibility and simplify logic, and updated related logic for assigning IDs and loading code systems. [1] [2] [3] [4]Improved error handling and documentation in code system provider APIs, including a new method for polling code system changes and enhanced version comparison logic. [1] [2] [3]
OCL Integration and Utilities:
cache-paths.js,cache-utils.js) and fingerprinting for code systems and value set expansions to support efficient caching and change detection. [1] [2] [3]NPM Package Validation:
PackageCrawlerto reject packages with install scripts and non-template packages containing JavaScript files, improving security and package quality. [1] [2] [3]Code System Provider Refactoring:
Mapto an array, updated ID assignment and loading logic, and improved error handling and documentation in provider APIs. [1] [2] [3] [4] [5] [6] [7]