Melhoria: A performance do deployment deve melhorar bastante pois só haverá uma única autenticação por function, na segunda camada. Avaliando o custo-beneficio de ter ou não ter a segunda camada, é melhor SEMPRE ter a segunda camada para permitir autenticar uma unica vez.

README.md

@@ -139,18 +139,16 @@ This is the **IDCS** service authorization by the token passed in BODY and will
 
 This is the main code for your authorization function and will be described in sequence.
 
-![img_1.png](images/authApi_2.png)
+![img.png](images/authApi_2.png)
 
-Authorization function works 2 times 
-The first call to the authorization function needs to validate your token from the **IDCS** and the first call always came with **body_schema_validation** = None.
-In the second call, the **body_schema_validation** came with some schema value from your OpenAPI spec, so the **IDCS** validation will be skiped.
+Remember that the API always will be deployed in 2 layers. The first layer will call the second layer. 
+Authorization function works only in the second layer for best performance. This will be explained in the next section (**applyValidationApi**)
 
 ![img_2.png](images/authApi_3.png)
 
-In the first authorization execution, the validation step will be skiped but in the second execution, the validation occurs with the same logic in the **body_schema_validation**.
-
-![img_3.png](images/authApi_4.png)
+This is the schema validation for Swagger and Open API 3
 
+![img.png](images/authApi_4.png)
 
 ## applyValidationApi
 
@@ -168,7 +166,7 @@ The validation respecting the Swagger 2.0 spec can be done by this component: [S
 
 The authorization function is deployed in the proxy API deployment and in the real API deployment, but the validation of the spec will be done only in the real API layer and **if** the HEADER **body_schema_validation** has a content.
 
-![img_8.png](images/img_8.png)
+![img.png](images/img_8.png)
 
 You need to deploy the API (you can see the **deployment** file [applyValidationApi.json](./files/applyValidationApi/applyValidationApi.json) in JSON format to understand the parameters):
 

files/applyValidationApi/func.py

@@ -183,10 +183,10 @@ def applyAuthApi(compartmentId, displayName, payload, functionId, host, api_gate
     for item in payload:
         methods = json.loads(json.dumps(item["METHOD"].split(" ")))
         path_prefix = item["PATH_PREFIX"]
+        callback_url = ("https://" + host + item["PATH_PREFIX"] + "validation-callback" + item["PATH"]).replace("{", "${request.path[").replace("}", "]}")
         if (item["SCHEMA_BODY_VALIDATION"] != ""):
-            callback_url = ("https://" + host + item["PATH_PREFIX"] + "validation-callback" + item["PATH"]).replace("{", "${request.path[").replace("}", "]}")
             put_logs_response = logging.put_logs(
-                log_id="ocid1.log.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+                log_id="ocid1.log.oc1.iad.amaaaaaaamaaaaaaamaaaaaaamaaaaaaamaaaaaaamaaaaaaamaaaaaaamaaaaaa",
                 put_logs_details=oci.loggingingestion.models.PutLogsDetails(
                     specversion="EXAMPLE-specversion-Value",
                     log_entry_batches=[
@@ -237,6 +237,14 @@ def applyAuthApi(compartmentId, displayName, payload, functionId, host, api_gate
 
         else:
             routes.append(
+                oci.apigateway.models.ApiSpecificationRoute(
+                    path=item["PATH"],
+                    backend=oci.apigateway.models.HTTPBackend(
+                        type="HTTP_BACKEND",
+                        url=callback_url,
+                        is_ssl_verify_disabled=False),
+                    methods=methods))
+            new_routes.append(
                 oci.apigateway.models.ApiSpecificationRoute(
                     path=item["PATH"],
                     backend=oci.apigateway.models.HTTPBackend(
@@ -245,6 +253,7 @@ def applyAuthApi(compartmentId, displayName, payload, functionId, host, api_gate
                         is_ssl_verify_disabled=False),
                     methods=methods))
 
+
     if (new_routes != [ ]):
         validation_deployment_details=oci.apigateway.models.UpdateDeploymentDetails(
             display_name=displayName + "-validation",
@@ -296,34 +305,12 @@ def applyAuthApi(compartmentId, displayName, payload, functionId, host, api_gate
         creeateOrUpdateDeployment(compartmendId=compartmentId, displayName=displayName + "-validation", validation_deployment_details=validation_deployment_details, create_deployment_details=create_deployment_details, api_gateway_id=api_gateway_id)
 
     if (routes != [ ]):
-        # apigateway_client.update_deployment(deployment_id=deployment_id, update_deployment_details=oci.apigateway.models.UpdateDeploymentDetails(
-        #     display_name=displayName,
-        #     specification=oci.apigateway.models.ApiSpecification(
-        #         request_policies=oci.apigateway.models.ApiSpecificationRequestPolicies(
-        #             authentication=oci.apigateway.models.CustomAuthenticationPolicy(
-        #                 type="CUSTOM_AUTHENTICATION",
-        #                 function_id=functionId,
-        #                 is_anonymous_access_allowed=False,
-        #                 parameters={
-        #                     'token': 'request.headers[token]',
-        #                     'body': 'request.body'},
-        #                 cache_key=["token"])),
-        #             routes=routes)))
-
+        # The 1st layer will not authenticate
         validation_deployment_details=oci.apigateway.models.UpdateDeploymentDetails(
             display_name=displayName,
             specification=oci.apigateway.models.ApiSpecification(
                 request_policies=oci.apigateway.models.ApiSpecificationRequestPolicies(
-                    rate_limiting=rate_limiting,
-                    authentication=oci.apigateway.models.CustomAuthenticationPolicy(
-                        type="CUSTOM_AUTHENTICATION",
-                        function_id=functionId,
-                        is_anonymous_access_allowed=False,
-                        parameters={
-                            'token': 'request.headers[token]',
-                            'body': 'request.body',
-                            'opc-request-id': 'request.headers[opc-request-id]'},
-                        cache_key=["token", "opc-request-id"])),
+                    rate_limiting=rate_limiting),
                 routes=routes))
 
         create_deployment_details=oci.apigateway.models.CreateDeploymentDetails(
@@ -333,17 +320,9 @@ def applyAuthApi(compartmentId, displayName, payload, functionId, host, api_gate
             path_prefix= path_prefix,
             specification=oci.apigateway.models.ApiSpecification(
                 request_policies=oci.apigateway.models.ApiSpecificationRequestPolicies(
-                    rate_limiting=rate_limiting,
-                    authentication=oci.apigateway.models.CustomAuthenticationPolicy(
-                        type="CUSTOM_AUTHENTICATION",
-                        function_id=functionId,
-                        is_anonymous_access_allowed=False,
-                        parameters={
-                            'token': 'request.headers[token]',
-                            'body': 'request.body',
-                            'opc-request-id': 'request.headers[opc-request-id]'},
-                        cache_key=["token", "opc-request-id"])),
+                    rate_limiting=rate_limiting),
                 routes=routes))
+
         creeateOrUpdateDeployment(compartmendId=compartmentId, displayName=displayName, validation_deployment_details=validation_deployment_details, create_deployment_details=create_deployment_details, api_gateway_id=api_gateway_id)