Update 6 files

- /src1/main/resources/application.yml - /src1/main/java/com/v2d/document/config/AppProperties.java - /src1/main/java/com/v2d/document/service/ExternalApiService.java - /src1/main/java/com/v2d/document/controller/GenerateController.java - /src1/test/AppPropertiesTest.java - /README.md
2026-06-15 18:01:52 +02:00 · 2025-12-09 17:59:09 +01:00
parent 283b4ed6af
commit 55555bcc37
6 changed files with 154 additions and 0 deletions
@@ -91,3 +91,46 @@ For open source projects, say how it is licensed.
 ## Project status
 If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
 ## 🔐 Secure API Key Management (Sprint 4 – V2D Document)
 This project uses secure environment variables to store and manage all external API keys
 (required for LLM/Transcription APIs). No API key is ever committed into the repository.
 ### ✔ How the API Key Works
 The application reads the key from an environment variable named:
 `LLM_API_KEY`
 Spring Boot loads it automatically using the following configuration in `application.yml`:
 ### ✔ Local Development (developer machines)
 Developers must manually set their API key locally:
 ### ✔ GitLab CI/CD Setup (secure by default)
 To provide the key for all environments securely:
 1. Go to **GitLab → Settings → CI/CD → Variables**
 2. Add variable:
   - **Key:** `LLM_API_KEY`
   - **Value:** your real API key
   - **Masked:** ✓ Enable  
   - **Protected:** (optional)
 3. Save.
 Pipelines will automatically use the secure key without exposing it.
 ### ✔ Security Guarantees
 - The API key is **not stored** in the repository  
 - `.env` files are ignored through `.gitignore`  
 - The key is **never printed**, logged, or exposed to users  
 - Every new user of V2D Document can use the system **without needing their own key**
 ### ✔ Files Added in This User Story
 - `src/main/resources/application.yml`
 - `src/main/java/com/v2d/document/config/AppProperties.java`
 - `src/main/java/com/v2d/document/service/ExternalApiService.java`
 - `src/test/java/com/v2d/document/config/AppPropertiesTest.java`
 This completes Sprint 4 User Story: **Backend – Secure Management & Storage of API Keys**.
@@ -0,0 +1,13 @@
 package com.v2d.document.config;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
@ConfigurationProperties(prefix = "app.external")
 public class AppProperties {
    private String apiKey;
    public String getApiKey() { return apiKey; }
    public void setApiKey(String apiKey) { this.apiKey = apiKey; }
 }
@@ -0,0 +1,26 @@
 package com.v2d.document.controller;
 import com.v2d.document.service.ExternalApiService;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import java.util.Map;
@RestController
@RequestMapping("/api/generate")
 public class GenerateController {
    private final ExternalApiService externalApiService;
    public GenerateController(ExternalApiService externalApiService) {
        this.externalApiService = externalApiService;
    }
    @PostMapping
    public ResponseEntity<String> generate(@RequestBody Map<String,Object> body) {
        // Build provider payload from the user's body (transform safely)
        String payload = "{\"text\": \"use this text\"}"; // adapt for real usage
        String providerResponse = externalApiService.callProvider(payload);
        return ResponseEntity.ok(providerResponse);
    }
 }
@@ -0,0 +1,45 @@
 package com.v2d.document.service;
 import com.v2d.document.config.AppProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
@Service
 public class ExternalApiService {
    private final Logger log = LoggerFactory.getLogger(ExternalApiService.class);
    private final AppProperties props;
    private final HttpClient http = HttpClient.newHttpClient();
    public ExternalApiService(AppProperties props) {
        this.props = props;
    }
    public String callProvider(String jsonPayload) {
        String key = props.getApiKey();
        if (key == null || key.isBlank()) {
            log.warn("External API key is not configured.");
            throw new IllegalStateException("External API key missing");
        }
        try {
            HttpRequest req = HttpRequest.newBuilder()
                    .uri(URI.create("https://api.example.com/endpoint")) // replace with real endpoint
                    .header("Authorization", "Bearer " + key)
                    .header("Content-Type", "application/json")
                    .POST(HttpRequest.BodyPublishers.ofString(jsonPayload))
                    .build();
            HttpResponse<String> resp = http.send(req, HttpResponse.BodyHandlers.ofString());
            return resp.body();
        } catch (Exception e) {
            log.error("External API call failed: {}", e.getMessage());
            throw new RuntimeException("External API call failed", e);
        }
    }
 }
@@ -0,0 +1,7 @@
 spring:
  application:
    name: v2d-document
 app:
  external:
    apiKey: ${LLM_API_KEY:}
@@ -0,0 +1,20 @@
 package com.v2d.document.config;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import static org.assertj.core.api.Assertions.assertThat;
 public class AppPropertiesTest {
    private final ApplicationContextRunner contextRunner = new ApplicationContextRunner()
            .withUserConfiguration(AppProperties.class)
            .withPropertyValues("app.external.apiKey=TEST_KEY");
    @Test
    void bindsApiKey() {
        contextRunner.run(context -> {
            AppProperties props = context.getBean(AppProperties.class);
            assertThat(props.getApiKey()).isEqualTo("TEST_KEY");
        });
    }
 }