verint.com/kme_content_adapter
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kme_content_adapter/specs/003-kme-content-fetch/spec.md
Peter.Morton f840587e5e feat: content fetch, sitemap fixes, remove oidcAuthFlow 
- Add contentFetchFlow() to proxy (FR-001 through FR-012)
- Add extractArticleBody() helper with vkm:articleBody / articleBody fallback
- Dynamic proxyBaseUrl derivation from x-forwarded-proto/host headers
- Forward query/size/category params on /sitemap.xml requests
- Add Accept: application/ld+json header to content API calls
- Remove oidcAuthFlow() - unmatched requests now return 404 Not Found
- Fix xmlbuilder2 import: default import, call as xmlbuilder2.create(...)
- Version bump 0.2.0 → 0.3.0
- 45/45 tests passing

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-23 16:40:06 -05:00

10 KiB
Raw Permalink Blame History

Feature Specification: KME Article Content Fetch

Feature Branch: 003-kme-content-fetch
Created: 2025-07-15
Status: Draft

User Scenarios & Testing (mandatory)

User Story 1 — Happy Path Article Fetch (Priority: P1)

A downstream consumer (e.g. a CMS or search front-end) sends a request to the proxy with a kmeURL query parameter containing the verbatim vkm:url value it received from the KME Search API. The proxy authenticates the request to the KME Content Service, fetches the article, and streams back the HTML body of that article so the consumer can render it.

Why this priority: This is the core business value of the feature. Without a working happy path there is nothing to build on.

Independent Test: Issue a GET request to the proxy with a valid, reachable kmeURL. Verify the response body is HTML matching the vkm:articleBody field in the KME Content Service response, status 200 and Content-Type: text/html.

Acceptance Scenarios:

  1. Given the proxy receives a GET request whose URL does not end in /sitemap.xml, When the request contains ?kmeURL=https://content.kme.example/articles/123, Then the proxy fetches that URL from the KME Content Service with Authorization: OIDC_id_token {token}, extracts vkm:articleBody from the JSON-LD response, and returns it as the HTTP response body with status 200 and Content-Type: text/html.
  2. Given the token cache holds a valid OIDC token, When the proxy makes the upstream request, Then it uses the cached token without a new token acquisition round-trip.
  3. Given the token cache has expired, When the proxy makes the upstream request, Then getValidToken() refreshes the token transparently before the upstream call is made.

User Story 2 — Missing or Empty kmeURL Parameter (Priority: P2)

A consumer sends a request that matches the content-fetch route (not a sitemap URL) but omits the kmeURL parameter or provides it as an empty string. The proxy must reject the request immediately with a clear 400 response rather than making a malformed upstream call.

Why this priority: Bad-input rejection prevents meaningless upstream calls and gives consumers a clear, actionable error signal.

Independent Test: Send a GET request to the proxy without kmeURL, or with kmeURL=. Verify a 400 Bad Request response is returned.

Acceptance Scenarios:

  1. Given the proxy receives a request with no kmeURL query parameter, When the request is processed, Then the proxy returns HTTP 400 without making any upstream request.
  2. Given the proxy receives a request with ?kmeURL= (empty value), When the request is processed, Then the proxy returns HTTP 400 without making any upstream request.

User Story 3 — Upstream Content Fetch Failure or Missing Article Body (Priority: P3)

The KME Content Service is unreachable, returns an HTTP error status, times out, or returns a valid JSON-LD document that does not contain vkm:articleBody. The proxy must surface an appropriate error to the consumer.

Why this priority: Robust error handling avoids silent failures and lets consumers distinguish between "article not found" and "upstream service error".

Independent Test: Simulate or stub each failure mode and verify the correct HTTP error code is returned by the proxy.

Acceptance Scenarios:

  1. Given the KME Content Service returns a 4xx response for the requested URL, When the proxy processes the response, Then the proxy returns HTTP 404 to the caller.
  2. Given the KME Content Service returns a 5xx response or the request times out (exceeding 10 seconds), When the proxy processes the response, Then the proxy returns HTTP 502 to the caller.
  3. Given the KME Content Service returns a 200 JSON-LD response but the vkm:articleBody field is absent or null, When the proxy processes the response, Then the proxy returns HTTP 404 to the caller.
  4. Given a network-level error prevents the upstream request from completing, When the proxy processes the error, Then the proxy returns HTTP 502 to the caller.

User Story 4 — Existing Passthrough Behaviour Preserved (Priority: P4)

Requests that do not match the sitemap route and do not carry a kmeURL parameter must continue to receive the existing 200 OK response (auth-check passthrough) without any change in behaviour.

Why this priority: Non-regression of existing behaviour is required to avoid breaking active consumers that rely on the passthrough route.

Independent Test: Send a GET request to the proxy with neither a /sitemap.xml suffix nor a kmeURL parameter. Verify a 200 OK response is returned, identical to current behaviour.

Acceptance Scenarios:

  1. Given the proxy receives a request with no kmeURL parameter and a URL not ending in /sitemap.xml, When the request is processed, Then the proxy returns HTTP 200 (the existing auth-check passthrough).

Edge Cases

  • What happens when kmeURL contains an already-encoded URL (percent-encoded characters)? The value must be used verbatim; double-encoding must not occur.
  • What happens if the JSON-LD response body from the KME Content Service is not valid JSON? The proxy should treat this as a 502 upstream error.
  • What happens if the upstream response contains vkm:articleBody but its value is an empty string? Treat as absent → return 404.
  • What happens if the OIDC token cannot be acquired (e.g. auth service down)? Surface this as a 502 upstream error.
  • What happens if kmeURL is present but the URL is not a well-formed absolute URL? Return 400 Bad Request (same as missing/empty).

Requirements (mandatory)

Functional Requirements

  • FR-001: The proxy MUST detect when an incoming request URL does NOT end in /sitemap.xml AND contains a non-empty kmeURL query parameter, and route such requests through the content-fetch flow.
  • FR-002: The proxy MUST use the kmeURL parameter value exactly as provided — without any manipulation, re-encoding, or URL construction — as the target URL for the upstream GET request.
  • FR-003: The proxy MUST attach an Authorization: OIDC_id_token {token} header to the upstream GET request, obtaining the token via getValidToken() from kmeContentSourceAdapterHelpers.
  • FR-004: The upstream GET request MUST have a timeout of 10 seconds.
  • FR-005: On a successful upstream response, the proxy MUST extract the vkm:articleBody field from the JSON-LD response body.
  • FR-006: The proxy MUST return the vkm:articleBody value as the HTTP response body with status 200 and Content-Type: text/html.
  • FR-007: If kmeURL is absent, empty, or blank, the proxy MUST return HTTP 400 without making an upstream request.
  • FR-008: If kmeURL is present but not a well-formed absolute URL, the proxy MUST return HTTP 400.
  • FR-009: If the upstream request results in a 4xx response, or the vkm:articleBody field is absent, null, or empty in an otherwise successful response, the proxy MUST return HTTP 404 to the caller.
  • FR-010: If the upstream request results in a 5xx response, a timeout, a network error, or an unparseable response body, the proxy MUST return HTTP 502 to the caller.
  • FR-011: If the OIDC token cannot be acquired, the proxy MUST return HTTP 502 to the caller.
  • FR-012: Requests that neither end in /sitemap.xml nor carry a kmeURL parameter MUST continue to receive the existing 200 OK passthrough response, unchanged.
  • FR-013: The content-fetch flow MUST be implemented entirely within the VM sandbox file (src/proxyScripts/kmeContentSourceAdapter.js) using only the injected context variables (axios, kmeContentSourceAdapterHelpers, kme_CSA_settings, console, URLSearchParams, URL, req, res) — no new imports or module-level exports are permitted.

Key Entities

  • KME Article Content: Represents a single article fetched from the KME Content Service. Identified by its vkm:url. Key field: vkm:articleBody (HTML string).
  • OIDC Token: A short-lived bearer credential used to authenticate requests to the KME Content Service. Managed by getValidToken(), which handles caching (Redis) and refresh transparently.
  • Proxy Request: An incoming HTTP request received by the proxy script, carrying routing signals in the URL path (sitemap detection) and query string (kmeURL).

Success Criteria (mandatory)

Measurable Outcomes

  • SC-001: A consumer submitting a valid kmeURL receives the corresponding article HTML body in under 11 seconds end-to-end (10 s upstream timeout + 1 s proxy overhead) under normal network conditions.
  • SC-002: 100% of requests with a missing, empty, or malformed kmeURL parameter receive a 400 response without triggering any upstream call.
  • SC-003: 100% of upstream 4xx responses and missing/empty vkm:articleBody scenarios result in a 404 response to the caller.
  • SC-004: 100% of upstream 5xx, timeout, and network-error scenarios result in a 502 response to the caller.
  • SC-005: All existing proxy routes (sitemap flow and passthrough) continue to behave identically to their pre-feature behaviour — zero regression.
  • SC-006: The unit test suite for the proxy script achieves ≥90% branch coverage across the content-fetch flow, including all four error paths.

Assumptions

  • The kmeURL value provided by callers is the verbatim vkm:url value from the KME Search API response — the spec does not need to validate its domain or path structure beyond confirming it is a well-formed absolute URL.
  • getValidToken() is already implemented, tested, and handles all OIDC token edge cases (expiry, Redis connectivity, refresh). This feature does not modify it.
  • The axios instance injected into the VM context supports a timeout configuration option and throws a recognisable error on timeout (following standard axios behaviour).
  • The KME Content Service always returns Content-Type: application/ld+json (or similar JSON) for valid article requests; no binary or streaming responses are expected.
  • HTTP method is always GET for the content-fetch flow; no authentication or session concept exists on the proxy's inbound side.
  • The existing sitemap route detection (URL ends in /sitemap.xml) takes priority over the kmeURL check — a URL ending in /sitemap.xml?kmeURL=... would route to the sitemap flow, not the content-fetch flow.
  • Error response bodies are plain text or minimal JSON — no prescribed format is required beyond the correct HTTP status code.
Reference in New Issue View Git Blame Copy Permalink