User story: Store diet introductions
xvnpw opened this issue · 1 comments
xvnpw commented
Store diet introductions
As Meal App, I want to store samples of diet introductions of dietitians, so that those can be later used to generate new diet introductions using ChatGPT..
Diagram
C4Container
title Container diagram for User Story: Store diet introductions
Container_Boundary(c0, "AI Nutrition-Pro") {
Container(api_gateway, "API Gateway", "Kong", "Authentication of clients, filtering of input, rate limiting")
Container(backend_api, "API Application", "Golang, AWS Elastic Container Service", "Provides AI Nutrition-Pro functionality via API")
ContainerDb(api_db, "API database", "Amazon RDS", "Stores dietitian' content samples, request and responses to LLM.")
}
System_Ext(mealApp, "Meal Planner", "Application to create diets by dietitians")
Rel(mealApp, api_gateway, "Stores dietitians' samples of diet introductions", "HTTPS/REST")
Rel(api_gateway, backend_api, "Proxy from Meal Planner: Stores dietitians sample of diet introductions", "HTTPS/REST")
Rel(backend_api, api_db, "Write sample of diet introductions to RDS instance", "TLS")
New API
New API to implement:
POST /api/v1/storeContent
{
"type": "introduction",
"dietitian-uuid": "3beddddb-d8f2-41a3-8b6e-38bf2a39a56c",
"client-uuid": "47dba491-8a34-4bca-934b-b32532de975b",
"content": [
"Hi Mark. I created this diet for you. Hope you will love it :)",
"Hi Joanna! Hope you are well. This 3 days diet will help you get started :)"
]
}
Parameters:
type
- REQUIRED, string - type of content. For now only one possible value:introduction
dietitian-uuid
- REQUIRED, uuid - id of dietitian already registered in AI Nutrition-Proclient-uuid
- REQUIRED, uuid - id of client application, that is Meal App, generated at onboardingcontent
- REQUIRED, NOT-EMPTY, list of strings - list of samples to store
Response
Positive response:
201 - Created
{
"samples-uuid": "f0511554-0328-4222-a911-a57de6b7f100"
}
Error response:
If dietitian is not found using uuid provided in request:
400 - Bad request
{
"error": "Cannot find dietitian of uuid: 3beddddb-d8f2-41a3-8b6e-38bf2a39a56c"
}
Storage
Samples will be stored in API Database, which is AWS RDS instance. In table called SAMPLES.
SAMPLES table will have following columns:
uuid
- uuid of samples, PRIMARY KEYclient-uuid
- id of client application, that is Meal App, generated at onboarding, NOT EMPTYtype
- type of content. For now only one possible value:introduction
, VARCHAR, NOT EMPTYdietitian-uuid
- id of dietitian already registered in AI Nutrition-Pro, NOT EMPTYcontent
- serialized JSON string, TEXT, NOT EMPTY
Tasks
Here is detailed breakdown of this story into tasks:
- update Swagger API description file with new API
- implement API in API Application
- create new table in API Database and update IAM policy used by API Application for access control of it
- update API definition (allow new API usage) in API Gateway
github-actions commented
(AI Generated) Security Related Acceptance Criteria
API Gateway
- AC1: The API Gateway must implement rate limiting per client to prevent denial of service attacks
- AC2: The API Gateway must sanitize and validate all inputs before passing them to backend services
- AC3: The API Gateway must terminate TLS to encrypt traffic between clients and itself
API Application
- AC4: The API Application must authenticate all requests from the API Gateway before processing them
- AC5: The API Application must sanitize and validate all inputs from the API Gateway before using them
- AC6: The API Application must use parameterized queries when accessing the API Database
API Database
- AC7: The API Database must require TLS client authentication for all connections
- AC8: The API Database must enforce least privilege permissions for the API Application