Cafienne Engine Release 1.1.18
Performance Booster
This release is all about performance on the REST APIs. The queries on user authentication have shifted to the moment it is needed, thereby reducing unnecessary database roundtrips. Furthermore this release has a set of small changes to make the engine more extensible from outside.
Performance
With the introduction of consent groups in release 1.1.16 it has become possible for users with a valid JWT token to access the case engine, even if they are not registered in the engine's tenant database. Every REST API call to the engine started with a database request to retrieve the full platform information on the user's background from the tenant and consent group tables. For cases and tasks another query to the case team tables was made to determine whether the user has access to the actual case and task instances. This behavior has been refactored to an "as-and-when-needed" implementation, providing more fine grained and fine tuned database requests, with some specific situations reaching a 600% performance improvement.
Security
The case statistics endpoint (GET /cases/stats/) has been removed for now, as it exposed a security threat.
Consent Group API alignment with Tenant APIs
Up until release 1.1.17, the Consent Group APIs consisted of group creation and adding or removing of individual group members.
Group creation is restricted to tenant owners, and for that matter belongs in the tenant API rather than in the group APIs.
Therefore the endpoint shifted from POST /consent-group/{tenant} to POST /tenant/{tenant}/consent-groups.
The endpoint POST /consent-group/{tenant} now provides a means for group owners to replace the entire consent group in one shot (next to the more cumbersome alternative to update member by member).
Logging & debugging improvements
Some of the deeper engine internal logging has been refactored and improved to render more meaningful messages upon failures. Furthermore the case debug logging events have been improved, especially json structures are no printed as escaped strings, but as the native json itself.
Housekeeping
Some dependencies have been updated, including using the openjdk:17-slim jre as the base docker image. Logging inside the Akka HTTP Web Server has been improved. The internal sbt build structures have been refactored and improved. The default branch in github has changed from master to main.