Refactor the gRPC API

[Buwujiu]

Goal

Replace all GRPCs functions with REST API.

The list of RPC services that need to be replaced are found in https://github.com/icgc-argo/program-service/blob/develop/src/main/proto/ProgramService.proto

service ProgramService {

  rpc CreateProgram(CreateProgramRequest) returns (CreateProgramResponse);
  rpc RemoveProgram(RemoveProgramRequest) returns (google.protobuf.Empty);
  rpc UpdateProgram(UpdateProgramRequest) returns (UpdateProgramResponse);
  rpc ListPrograms(google.protobuf.Empty) returns (ListProgramsResponse);
  rpc GetProgram(GetProgramRequest) returns (GetProgramResponse);
  rpc ActivateProgram(ActivateProgramRequest) returns (GetProgramResponse);

  rpc InviteUser(InviteUserRequest) returns (InviteUserResponse);
  rpc GetJoinProgramInvite(GetJoinProgramInviteRequest) returns (GetJoinProgramInviteResponse);
  rpc JoinProgram(JoinProgramRequest) returns (JoinProgramResponse);

  rpc RemoveUser(RemoveUserRequest) returns (RemoveUserResponse);
  rpc ListUsers(ListUsersRequest) returns (ListUsersResponse);
  rpc UpdateUser(UpdateUserRequest) returns (google.protobuf.Empty);

  rpc ListCancers (google.protobuf.Empty) returns (ListCancersResponse);
  rpc ListPrimarySites (google.protobuf.Empty) returns (ListPrimarySitesResponse);
  rpc ListCountries (google.protobuf.Empty) returns (ListCountriesResponse);
  rpc ListRegions (google.protobuf.Empty) returns (ListRegionsResponse);
  rpc ListInstitutions (google.protobuf.Empty) returns (ListInstitutionsResponse);
  rpc AddInstitutions (AddInstitutionsRequest) returns (AddInstitutionsResponse);

}

We will work on this in chunks, first we will add the 5x CRUD requests for Programs then review the process and make changes as necessary.

The work required should be to create new REST endpoints in a new controller (not public) for these actions that parse request data into the DTO objects degined by the protobuf, and then send this data through to the existing ProgramService exposed through the ProgramServiceFacade. Because all the existing code is designed to handle incoming protobuff generated DTOs and then convert them to the DB model, it may be easiest to continue using these objects.

Additionally, we will need to make a new Authorization handler that works with REST to replace the GRPC Interceptor. The Auth interceptor should implement standard Oauth2 bearer token security, this will look for a Header in the incoming request called Authorization with a value Bearer <JWT>. The JWT needs to be validated agains the Ego public key. There should be standard Sping Security packages to handle this check and return the validated JWT. The class EgoAuthorizationService has the code for interpretting the JWT and converting it into the user's permissions. Any incoming request that does not have the correct permissions should be responded with the following code:

no token or invalid token = 401
valid token but incorrect permissions = 403

The permissions required for each endpoint can be found in the GRPC ProgramServiceImpl.

• CreateProgram(CreateProgramRequest) returns (CreateProgramResponse);
• RemoveProgram(RemoveProgramRequest) returns (google.protobuf.Empty);
• UpdateProgram(UpdateProgramRequest) returns (UpdateProgramResponse);
• ListPrograms(google.protobuf.Empty) returns (ListProgramsResponse);
• GetProgram(GetProgramRequest) returns (GetProgramResponse);