Check for disabled supplier

Author: stevebux

lambdas/authorizer/src/authorizer.ts

@@ -28,7 +28,7 @@ export function createAuthorizerHandler(deps: Deps): APIGatewayRequestAuthorizer
 
 
     checkCertificateExpiry(event.requestContext.identity.clientCert, deps)
-      .then(() => deps.supplierRepo.getSupplierByApimId(extractApimId(event.headers, deps)))
+      .then(() => getSupplier(event.headers, deps))
       .then((supplier: Supplier) => {
         deps.logger.info('Allow event');
         callback(null, generateAllow('me', event.methodArn, supplier.id));
@@ -40,15 +40,18 @@ export function createAuthorizerHandler(deps: Deps): APIGatewayRequestAuthorizer
   };
 }
 
-
-function extractApimId(headers: APIGatewayRequestAuthorizerEventHeaders | null, deps: Deps): string {
+async function getSupplier(headers: APIGatewayRequestAuthorizerEventHeaders | null, deps: Deps): Promise<Supplier> {
   const apimId = Object.entries(headers || {})
     .find(([headerName, _]) => headerName.toLowerCase() === deps.env.APIM_APPLICATION_ID_HEADER)?.[1] as string;
 
     if(!apimId) {
-      throw new Error("No APIM application ID found in header");
+      throw new Error('No APIM application ID found in header');
+    }
+    const supplier = await deps.supplierRepo.getSupplierByApimId(apimId);
+    if (supplier.status === 'DISABLED') {
+      throw new Error(`Supplier ${supplier.id} is disabled`);
     }
-    return apimId;
+    return supplier;
 }