From 289144259a0b3019e125b36cb686559d932803ef Mon Sep 17 00:00:00 2001
From: Matt Dean <matt.dean3@nhs.net>
Date: Tue, 6 Aug 2024 09:37:24 +0100
Subject: [PATCH] [NRL-796] Make X-Request-Id a required header for all API
 requests

---
 .../RaiseFault.400MissingRequestIdHeader.xml  | 26 +++++++++++++++++++
 proxies/live/apiproxy/proxies/default.xml     |  8 ++++++
 .../RaiseFault.400MissingRequestIdHeader.xml  | 26 +++++++++++++++++++
 proxies/sandbox/apiproxy/proxies/default.xml  |  8 ++++++
 4 files changed, 68 insertions(+)
 create mode 100644 proxies/live/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml
 create mode 100644 proxies/sandbox/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml

diff --git a/proxies/live/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml b/proxies/live/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml
new file mode 100644
index 0000000..3ad87cf
--- /dev/null
+++ b/proxies/live/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml
@@ -0,0 +1,26 @@
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.400MissingRequestIdHeader">
+    <FaultResponse>
+        <Set>
+            <Payload contentType="application/json">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "invalid",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode",
+                            "code": "MISSING_OR_INVALID_HEADER",
+                            "display": "There is a required header missing or invalid"
+                        } ]
+                    },
+                    "diagnostics": "The X-Request-Id header is missing or invalid"
+                } ]
+            }
+            </Payload>
+            <StatusCode>400</StatusCode>
+            <ReasonPhrase>Bad Request</ReasonPhrase>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>
diff --git a/proxies/live/apiproxy/proxies/default.xml b/proxies/live/apiproxy/proxies/default.xml
index 510fc4c..2179113 100644
--- a/proxies/live/apiproxy/proxies/default.xml
+++ b/proxies/live/apiproxy/proxies/default.xml
@@ -28,6 +28,14 @@
       <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))
       </Condition>
     </Flow>
+    <Flow name="Raise400ForMissingRequestIdHeader">
+      <Request>
+        <Step>
+          <Name>RaiseFault.400MissingRequestIdHeader</Name>
+        </Step>
+      </Request>
+      <Condition>request.verb != "OPTIONS" and (request.header.X-Request-Id = null or request.header.X-Request-Id = "")</Condition>
+    </Flow>
     <Flow name="Raise400ForMissingODSHeader">
       <Request>
         <Step>
diff --git a/proxies/sandbox/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml b/proxies/sandbox/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml
new file mode 100644
index 0000000..3ad87cf
--- /dev/null
+++ b/proxies/sandbox/apiproxy/policies/RaiseFault.400MissingRequestIdHeader.xml
@@ -0,0 +1,26 @@
+<RaiseFault async="false" continueOnError="false" enabled="true" name="RaiseFault.400MissingRequestIdHeader">
+    <FaultResponse>
+        <Set>
+            <Payload contentType="application/json">
+            {
+                "resourceType": "OperationOutcome",
+                "issue": [ {
+                    "severity": "error",
+                    "code": "invalid",
+                    "details": {
+                        "coding": [ {
+                            "system": "https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode",
+                            "code": "MISSING_OR_INVALID_HEADER",
+                            "display": "There is a required header missing or invalid"
+                        } ]
+                    },
+                    "diagnostics": "The X-Request-Id header is missing or invalid"
+                } ]
+            }
+            </Payload>
+            <StatusCode>400</StatusCode>
+            <ReasonPhrase>Bad Request</ReasonPhrase>
+        </Set>
+    </FaultResponse>
+    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
+</RaiseFault>
diff --git a/proxies/sandbox/apiproxy/proxies/default.xml b/proxies/sandbox/apiproxy/proxies/default.xml
index 9673016..3f7b9bd 100644
--- a/proxies/sandbox/apiproxy/proxies/default.xml
+++ b/proxies/sandbox/apiproxy/proxies/default.xml
@@ -29,6 +29,14 @@
       <Condition>(proxy.pathsuffix MatchesPath "/_status") and ((request.verb = "GET") or (request.verb = "HEAD"))
       </Condition>
     </Flow>
+    <Flow name="Raise400ForMissingRequestIdHeader">
+      <Request>
+        <Step>
+          <Name>RaiseFault.400MissingRequestIdHeader</Name>
+        </Step>
+      </Request>
+      <Condition>request.verb != "OPTIONS" and (request.header.X-Request-Id = null or request.header.X-Request-Id = "")</Condition>
+    </Flow>
     <Flow name="Raise400ForMissingODSHeader">
       <Request>
         <Step>