coding is hard

Author: devksingh4

cloudformation/main.yml

@@ -258,6 +258,17 @@ Resources:
       FunctionResponseTypes:
         - ReportBatchItemFailures
 
+  SQSLambdaEventMappingSales:
+    Type: AWS::Lambda::EventSourceMapping
+    DependsOn:
+      - AppSqsLambdaFunction
+    Properties:
+      BatchSize: 5
+      EventSourceArn: !GetAtt AppSQSQueues.Outputs.SalesEmailQueueArn
+      FunctionName: !Sub ${ApplicationPrefix}-sqs-lambda
+      FunctionResponseTypes:
+        - ReportBatchItemFailures
+
   MembershipRecordsTable:
     Type: "AWS::DynamoDB::Table"
     DeletionPolicy: "Retain"
@@ -765,3 +776,7 @@ Outputs:
   CloudfrontDistributionId:
     Description: Cloudfront Distribution ID
     Value: !GetAtt AppFrontendCloudfrontDistribution.Id
+
+  SalesEmailQueueArn:
+    Description: Sales Email Queue Arn
+    Value: !GetAtt AppSQSQueues.Outputs.SalesEmailQueueArn

cloudformation/sqs.yml

@@ -24,6 +24,17 @@ Resources:
             - "AppDLQ"
             - "Arn"
         maxReceiveCount: 3
+  SalesEmailQueue:
+    Type: AWS::SQS::Queue
+    Properties:
+      QueueName: !Sub ${QueueName}-sales
+      VisibilityTimeout: !Ref MessageTimeout
+      RedrivePolicy:
+        deadLetterTargetArn:
+          Fn::GetAtt:
+            - "AppDLQ"
+            - "Arn"
+        maxReceiveCount: 3
 
 Outputs:
   MainQueueArn:
@@ -38,3 +49,9 @@ Outputs:
       Fn::GetAtt:
       - AppDLQ
       - Arn
+  SalesEmailQueueArn:
+    Description: Sales Email Queue Arn
+    Value:
+      Fn::GetAtt:
+      - SalesEmailQueue
+      - Arn

src/api/sqs/driver.ts

@@ -1,14 +1,17 @@
 import { SendMessageCommand, SQSClient } from "@aws-sdk/client-sqs";
 import { environmentConfig, genericConfig } from "common/config.js";
-import { parseSQSPayload } from "common/types/sqsMessage.js";
+import {
+  AvailableSQSFunctions,
+  parseSQSPayload,
+} from "common/types/sqsMessage.js";
 
 const queueUrl = environmentConfig["dev"].SqsQueueUrl;
 const sqsClient = new SQSClient({
   region: genericConfig.AwsRegion,
 });
 
 const payload = parseSQSPayload({
-  function: "ping",
+  function: AvailableSQSFunctions.Ping,
   payload: {},
   metadata: {
     reqId: "1",

src/api/sqs/index.ts

@@ -41,11 +41,16 @@ const handlers: SQSFunctionPayloadTypes = {
 export const runEnvironment = process.env.RunEnvironment as RunEnvironment;
 export const currentEnvironmentConfig = environmentConfig[runEnvironment];
 
+const restrictedQueues: Record<string, AvailableSQSFunctions[]> = {
+  "infra-core-api-sqs-sales": [AvailableSQSFunctions.SendSaleEmail],
+};
+
 export const handler = middy()
   .use(eventNormalizerMiddleware())
   .use(sqsPartialBatchFailure())
   .handler((event: SQSEvent, _context: Context, { signal: _signal }) => {
     const recordsPromises = event.Records.map(async (record, _index) => {
+      const sourceQueue = record.eventSourceARN.split(":").slice(-1)[0];
       try {
         let parsedBody = parseSQSPayload(record.body);
         if (parsedBody instanceof ZodError) {
@@ -58,6 +63,13 @@ export const handler = middy()
           });
         }
         parsedBody = parsedBody as AnySQSPayload;
+        if (
+          restrictedQueues[sourceQueue]?.includes(parsedBody.function) === false
+        ) {
+          throw new ValidationError({
+            message: `Queue ${sourceQueue} is not permitted to call the function ${parsedBody.function}!`,
+          });
+        }
         const childLogger = logger.child({
           sqsMessageId: record.messageId,
           metadata: parsedBody.metadata,