From 3db12ee4b828c0315a014033ce0cd11a31a4a61f Mon Sep 17 00:00:00 2001
From: Jason Kulatunga <jason@thesparktree.com>
Date: Mon, 21 Aug 2023 17:20:17 -0700
Subject: [PATCH] adding information about the unsafe endpoints. Dashboard
 locations should be added to settings table.

---
 backend/pkg/config/config.go                           |  3 +++
 backend/pkg/web/handler/dashboard.go                   |  9 +++++++++
 .../medical-sources/medical-sources.component.html     | 10 ++++++++++
 3 files changed, 22 insertions(+)

diff --git a/backend/pkg/config/config.go b/backend/pkg/config/config.go
index de43da74..f56211df 100644
--- a/backend/pkg/config/config.go
+++ b/backend/pkg/config/config.go
@@ -24,6 +24,9 @@ func (c *configuration) Init() error {
 	c.SetDefault("web.listen.port", "8080")
 	c.SetDefault("web.listen.host", "0.0.0.0")
 	c.SetDefault("web.listen.basepath", "")
+
+	// allow unsafe endpoints should never be enabled in Production.
+	// It enables direct API access to healthcare providers without authentication.
 	c.SetDefault("web.allow_unsafe_endpoints", false)
 
 	c.SetDefault("web.src.frontend.path", "/opt/fasten/web")
diff --git a/backend/pkg/web/handler/dashboard.go b/backend/pkg/web/handler/dashboard.go
index 70252fb5..cca28e4d 100644
--- a/backend/pkg/web/handler/dashboard.go
+++ b/backend/pkg/web/handler/dashboard.go
@@ -29,6 +29,15 @@ func GetDashboard(c *gin.Context) {
 
 	if dashboardLocations := appConfig.GetStringSlice("dashboard.location"); dashboardLocations != nil && len(dashboardLocations) > 0 {
 		logger.Infof("Loading dashboard(s) from %v", dashboardLocations)
+
+		// TODO: these should be populated from the user settings table (each user can have their own dashboards).
+		// TODO: when enabled, used the following algorithm:
+		//- validate that the url is to a github gist, no other locations are supported
+		//- download the gist metadata
+		//- if more than 1 file found, look for a dashboard.json
+		//- check if the file sha exists on the file system  (content-addressible file system)
+		//- if it doesnt,
+
 		for _, dashboardLocation := range dashboardLocations {
 			if strings.HasPrefix(dashboardLocation, "http") {
 				c.JSON(http.StatusOK, gin.H{"success": false, "error": fmt.Sprintf("Remote Dashboard URL's are not supported yet: %v", dashboardLocations)})
diff --git a/frontend/src/app/pages/medical-sources/medical-sources.component.html b/frontend/src/app/pages/medical-sources/medical-sources.component.html
index 8e1441b4..960b5d6a 100644
--- a/frontend/src/app/pages/medical-sources/medical-sources.component.html
+++ b/frontend/src/app/pages/medical-sources/medical-sources.component.html
@@ -121,6 +121,16 @@
         <h6>About this Source</h6>
         <p >{{modalSelectedSourceListItem?.metadata?.patient_access_description}}</p>
       </ng-container>
+      <ng-container *ngIf="modalSelectedSourceListItem?.metadata.aliases?.length > 0">
+        <h6>Aliases</h6>
+        <ul>
+          <li *ngFor="let alias of modalSelectedSourceListItem?.metadata?.aliases">{{alias}}</li>
+        </ul>
+      </ng-container>
+      <ng-container *ngIf="modalSelectedSourceListItem?.metadata.platform_type">
+        <h6>Platform Type</h6>
+        <p>{{modalSelectedSourceListItem?.metadata.platform_type}}</p>
+      </ng-container>
       <ng-container *ngIf="modalSelectedSourceListItem?.metadata?.category?.length > 0">
         <h6>Categories</h6>
         <ul>