Add OS Map Layer

[DilwoarH]

Preview Link

https://submit-753-use-os-base--dwmoqo.herokuapp.com/organisations/local-authority:BNE/conservation-area/overview

What type of PR is this? (check all applicable)

• Refactor
• Feature
• Bug Fix
• Optimization
• Documentation Update

Description

Please replace this line with a brief description of the changes made.

Related Tickets & Documents

• Ticket Link
• Related Issue #
• Closes Use OS base layer for maps #753

QA Instructions, Screenshots, Recordings

Before

After

Added/updated tests?

We encourage you to keep the code coverage percentage at 80% and above.

• Yes
• No, and this is why: Please replace this line with details on why tests have not been included
• I need help with writing tests

QA sign off

• Code has been checked and approved
• Design has been checked and approved
• Product and business logic has been checked and proved

[optional] Are there any post-deployment tasks we need to perform?

[optional] Are there any dependencies on other PRs or Work?

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for retrieving and managing OS Map API access tokens.
  • Implemented dynamic token authentication for map requests.
  • Introduced a new API endpoint for fetching access tokens.

• Bug Fixes

  • Improved token management to prevent unnecessary API calls.
  • Enhanced error handling for token retrieval and map initialisation.

• Chores

  • Updated build process to include static assets.
  • Added comprehensive unit tests for new token management functionality.

These changes improve the application's map functionality and authentication mechanism, ensuring more robust and efficient API interactions.

[coderabbitai]

Walkthrough

This pull request introduces significant enhancements for managing Ordnance Survey (OS) map API tokens. The changes include a new service for token retrieval, modifications to the map initialization process to handle API tokens, and the addition of a new endpoint for token access. The build process is also updated to include static assets. Comprehensive unit tests have been added to ensure the functionality of the new features and the robustness of the token management system.

Changes

File	Change Summary
package.json	Added cp -R src/assets/static/. public/static to build script
src/assets/js/map.js	Updated map initialization with API token handling and dynamic request transformation
src/assets/js/os-api-token.js	New file for managing API token retrieval and refresh
src/routes/api.js	Added new endpoint /os/get-access-token for token retrieval
src/services/osMapService.js	Added function to fetch OS map access token
test/unit/javascript/map.test.js	Added mock for getApiToken function and new test case for token fetch failure
test/unit/javascript/os-api-token.test.js	Added comprehensive unit tests for getFreshApiToken and getApiToken
test/unit/services/osMapService.test.js	Added unit tests for getOsMapAccessToken service

Assessment against linked issues

Objective	Addressed	Explanation
Endpoint to get token [#753]	✅
Implement OS map layer on map component [#753]	❌	The PR does not implement the OS map layer on the map component as required.

Possibly related PRs

• add unit tests for map.js #643: This PR adds unit tests for the map.js file, which includes the createMapFromServerContext function that is also modified in the main PR.
• Allows LPAs with no boundaries to display data #695: This PR modifies the Map class in map.js, enhancing its functionality and error handling, relevant to the changes made in the main PR.
• Adds popups to maps #759: This PR introduces new popup functionality in the Map class within map.js, directly related to the changes involving the map features.

Suggested reviewers

• GeorgeGoodall-GovUk
• rosado

Poem

🐰 A rabbit's tale of tokens bright,
Mapping secrets taking flight,
OS layers dancing with grace,
Code weaving through digital space,
Authentication's magic spell! 🗺️

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a747c05 and 56559fa.

📒 Files selected for processing (1)

• package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: run-tests / test

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	71%	5471 / 7705
🔵	Statements	71%	5471 / 7705
🔵	Functions	68.53%	220 / 321
🔵	Branches	82.94%	715 / 862

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
src/assets/js/map.js	64.92%	76.08%	80%	64.92%	42-56, 112-114, 166-204, 213-229, 237-286, 292, 335-357, 366-367, 419-420, 423-424
src/assets/js/os-api-token.js	100%	100%	100%	100%
src/routes/api.js	0%	0%	0%	0%	1-50
src/services/osMapService.js	100%	100%	100%	100%

Generated in workflow #601 for commit 56559fa by the Vitest Coverage Report Action

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

src/services/osMapService.js (1)

1-5: Handle unsuccessful responses gracefully
If the fetch call encounters a non-OK status or parsing error, .json() may cause runtime exceptions. Consider checking res.ok or adding error handling to avoid unhandled promise rejections.

src/assets/js/os-api-token.js (1)

21-36: Enhance error reporting for token fetch
Although you handle rejected fetch promises, also consider verifying res.ok before reading JSON. If multiple calls happen simultaneously, any callers after makingRequest is set to true wait for a single outcome. This is generally fine, but consider returning the same promise to avoid repeated fetch attempts.

test/unit/services/osMapService.test.js (1)

1-45: Comprehensive test coverage
These tests cover success, network failure, and JSON parse errors. You may wish to add a case where the response has a non-OK status code but still returns JSON, to confirm correct error handling for a wider range of response types.

src/routes/api.js (1)

42-48: Standardise HTTP error management
Returning a 500 for any retrieval error might be too broad. Consider refining response codes or structures to differentiate between various failure types.

test/unit/javascript/os-api-token.test.js (1)

5-11: Consider using numeric types for token expiration fields
Currently, expires_in is stored as a string ('299'). Converting it to a numeric type helps avoid potential parsing or comparison issues if your token logic evolves.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a93d20a and 53d6c28.

📒 Files selected for processing (8)

• package.json (1 hunks)
• src/assets/js/map.js (3 hunks)
• src/assets/js/os-api-token.js (1 hunks)
• src/routes/api.js (2 hunks)
• src/services/osMapService.js (1 hunks)
• test/unit/javascript/map.test.js (1 hunks)
• test/unit/javascript/os-api-token.test.js (1 hunks)
• test/unit/services/osMapService.test.js (1 hunks)

🔇 Additional comments (10)

src/assets/js/map.js (4)

3-3: Import module is valid
This import correctly references the new token management module.

---

34-34: Confirm availability of local style resource
Ensure that the JSON style file ('/public/static/OS_VTS_3857_3D.json') is hosted and accessible in all deployment environments, otherwise the map may fail to load.

---

37-37: Sensible default for interactivity
Using the nullish coalescing operator (opts.interactive ?? true) neatly sets a default interactive mode if none is provided.

---

38-53: Check 'key=null' approach
Appending key=null might cause issues if the OS endpoint strictly requires a real key. Verify that OS services accept this placeholder, or consider removing it. Also, consider resourceType checks if you only need transformations for specific request types (e.g. tiles).

src/assets/js/os-api-token.js (1)

1-1: Verify licence compliance
This file is copied from another repository. Make certain the original licence terms permit this usage.

src/routes/api.js (1)

4-4: New import structure
Successfully imports the getOsMapAccessToken function, aligning with the service-based architecture.

test/unit/javascript/os-api-token.test.js (2)

23-32: Tests thoroughly cover fetch success cases
The tests for getFreshApiToken correctly validate both success and error paths. No issues here.

---

64-75: Good approach to prevent multiple token refresh calls
Using a shared promise ensures that only one refresh attempt occurs, avoiding race conditions and redundant calls.

test/unit/javascript/map.test.js (1)

33-35: Mock usage is correct and enables isolated testing
Overriding getApiToken to return a mock token ensures the tests remain self-contained, which is beneficial for reliability.

package.json (1)

18-18: Ensuring static assets are copied is a positive step
Including cp -R src/assets/static/. public/static in your build script ensures all static assets are bundled for deployment. Great attention to detail.

[coderabbitai]

🛠️ Refactor suggestion

Add robust error handling for token acquisition
If getApiToken() fails, the map creation flow will proceed without a valid token, potentially leading to subsequent request errors. Consider surrounding this call with a try/catch block or logging the error.

[GeorgeGoodall-GovUk]

would it be worth falling back to the maptiler base map in this instance?

[coderabbitai]

@GeorgeGoodall-GovUk Certainly! Introducing a fallback to a different base map (e.g., MapTiler) could help maintain map functionality even if the OS token acquisition fails. One approach is to wrap the token request in a try/catch. If it throws an error, you can catch it, change the map style to MapTiler’s tiles, log a warning, and continue. A simplified example might look like this:

try {
  await getApiToken();
} catch (err) {
  console.warn('Failed to fetch OS map token, fallback to MapTiler base map.', err);
  // Replace the style with MapTiler base map or any other fallback style
  options.mapStyle = 'https://api.maptiler.com/maps/basic/style.json?key=YOUR_MAPTILER_KEY';
}

From there, you can pass that options.mapStyle to the maplibregl.Map constructor. This prevents the entire map from failing if the OS token is unavailable while still preserving as much user functionality as possible.

[DilwoarH]

done

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[coderabbitai]

🛠️ Refactor suggestion

Synchronous vs. asynchronous token refresh
getApiToken triggers a background refresh but returns the current token even if it is about to expire. Consider waiting for getFreshApiToken() if the expiry window is very short, to reduce the chance of using an expired token.

[GeorgeGoodall-GovUk]

looks good, left a small comment ontop of coderabbits comment on getApiToken Error handling. could be worth falling back to the maptiler basemap if we get an error here? but not sure if its necessary? will leave it up to you

[rosado]

Please ensure the token is fetched by awaiting getFreshApiToken() somewhere in createMapFromServerContext() (or before it's called).

It sucks that the request transform function can't be async, so no straightforward way to refresh it here 😔

[DilwoarH]

We call await getApiToken() in the initialisation script - with calls both

[rosado]

I know, unfortunately there's a race condition. getApiToken() is a synchronous function (which the initialisation code awaits; it should't). That means it returns a value immediately, possibly before the promise of getFreshApiToken() completes.

[DilwoarH]

Ah I see the problem - good catch, will update

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53d6c28 and a747c05.

📒 Files selected for processing (8)

• package.json (1 hunks)
• src/assets/js/map.js (3 hunks)
• src/assets/js/os-api-token.js (1 hunks)
• src/routes/api.js (2 hunks)
• src/services/osMapService.js (1 hunks)
• test/unit/javascript/map.test.js (2 hunks)
• test/unit/javascript/os-api-token.test.js (1 hunks)
• test/unit/services/osMapService.test.js (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (6)

• src/services/osMapService.js
• src/routes/api.js
• test/unit/javascript/os-api-token.test.js
• package.json
• src/assets/js/os-api-token.js
• test/unit/services/osMapService.test.js

🧰 Additional context used

🪛 Gitleaks (8.21.2)

src/assets/js/map.js

414-414: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

test/unit/javascript/map.test.js

214-214: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: run-tests / test

🔇 Additional comments (3)

test/unit/javascript/map.test.js (1)

34-36: LGTM! Clean mock implementation.

The mock implementation for getApiToken is clear and follows testing best practices.

src/assets/js/map.js (2)

4-4: LGTM! Clean import statement.

The import of getApiToken is clear and follows best practices.

---

41-56: ⚠️ Potential issue

Use async token fetch in transformRequest.

The synchronous call to getApiToken in transformRequest could cause issues as the token might not be available immediately. Consider using an async approach or ensuring the token is always available before making requests.

Apply this diff to handle the token more safely:

       transformRequest: (url, resourceType) => {
         if (url.indexOf('api.os.uk') > -1) {
           if (!/[?&]key=/.test(url)) url += '?key=null'
 
           const requestToMake = {
             url: url + '&srs=3857'
           }
 
-          const token = getApiToken()
+          const token = this.token // Store token during initialisation
           requestToMake.headers = {
             Authorization: 'Bearer ' + token
           }
 
           return requestToMake
         }
       }

Likely invalid or redundant comment.