setup the scaffolding for linkry routes

Author: devksingh4

cloudformation/iam.yml

@@ -77,12 +77,13 @@ Resources:
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles/*
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles/*
-
+                - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-linkry
+                - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-linkry/*
         PolicyName: lambda-dynamo
 Outputs:
   MainFunctionRoleArn:
     Description: Main API IAM role ARN
     Value:
       Fn::GetAtt:
       - ApiLambdaIAMRole
-      - Arn
+      - Arn

cloudformation/main.yml

@@ -93,7 +93,7 @@ Resources:
       Environment:
         Variables:
           RunEnvironment: !Ref RunEnvironment
-      VpcConfig: 
+      VpcConfig:
         Ipv6AllowedForDualStack: !If [ShouldAttachVpc, True, !Ref AWS::NoValue]
         SecurityGroupIds: !If [ShouldAttachVpc, !FindInMap [EnvironmentToCidr, !Ref RunEnvironment, SecurityGroupIds], !Ref AWS::NoValue]
         SubnetIds: !If [ShouldAttachVpc, !FindInMap [EnvironmentToCidr, !Ref RunEnvironment, SubnetIds], !Ref AWS::NoValue]
@@ -107,7 +107,7 @@ Resources:
 
   IamGroupRolesTable:
     Type: 'AWS::DynamoDB::Table'
-    DeletionPolicy: "Retain"  
+    DeletionPolicy: "Retain"
     Properties:
       BillingMode: 'PAY_PER_REQUEST'
       TableName: infra-core-api-iam-grouproles
@@ -123,7 +123,7 @@ Resources:
 
   IamUserRolesTable:
     Type: 'AWS::DynamoDB::Table'
-    DeletionPolicy: "Retain"  
+    DeletionPolicy: "Retain"
     Properties:
       BillingMode: 'PAY_PER_REQUEST'
       TableName: infra-core-api-iam-userroles
@@ -139,7 +139,7 @@ Resources:
 
   EventRecordsTable:
     Type: 'AWS::DynamoDB::Table'
-    DeletionPolicy: "Retain"  
+    DeletionPolicy: "Retain"
     Properties:
       BillingMode: 'PAY_PER_REQUEST'
       TableName: infra-core-api-events
@@ -162,9 +162,37 @@ Resources:
         Projection:
           ProjectionType: ALL
 
+  LinkryRecordsTable:
+    Type: "AWS::DynamoDB::Table"
+    Properties:
+      BillingMode: "PAY_PER_REQUEST"
+      TableName: "infra-core-api-linkry"
+      DeletionProtectionEnabled: true
+      PointInTimeRecoverySpecification:
+        PointInTimeRecoveryEnabled: !If [IsProd, true, false]
+      AttributeDefinitions:
+        - AttributeName: "slug"
+          AttributeType: "S"
+        - AttributeName: "access"
+          AttributeType: "S"
+      KeySchema:
+        - AttributeName: "slug"
+          KeyType: "HASH"
+        - AttributeName: "access"
+          KeyType: "RANGE"
+      GlobalSecondaryIndexes:
+        - IndexName: "AccessIndex"
+          KeySchema:
+            - AttributeName: "access"
+              KeyType: "HASH"
+            - AttributeName: "slug"
+              KeyType: "RANGE"
+          Projection:
+            ProjectionType: "ALL"
+
   CacheRecordsTable:
     Type: 'AWS::DynamoDB::Table'
-    DeletionPolicy: "Retain"  
+    DeletionPolicy: "Retain"
     Properties:
       BillingMode: 'PAY_PER_REQUEST'
       TableName: infra-core-api-cache
@@ -183,7 +211,7 @@ Resources:
 
   AppApiGateway:
     Type: AWS::Serverless::Api
-    DependsOn: 
+    DependsOn:
       - AppApiLambdaFunction
     Properties:
       Name: !Sub ${ApplicationPrefix}-gateway
@@ -194,7 +222,7 @@ Resources:
           Name: AWS::Include
           Parameters:
             Location: ./phony-swagger.yml
-      Domain: 
+      Domain:
         DomainName: !Sub
           - "${ApplicationPrefix}.${BaseDomainName}"
           - BaseDomainName: !FindInMap
@@ -296,4 +324,4 @@ Resources:
           - !Ref AWS::AccountId
           - ":"
           - !Ref AppApiGateway
-          - "/*/*/*"
+          - "/*/*/*"

src/api/plugins/auth.ts

@@ -15,7 +15,7 @@ import {
 } from "../../common/errors/index.js";
 import { genericConfig, SecretConfig } from "../../common/config.js";
 
-function intersection<T>(setA: Set<T>, setB: Set<T>): Set<T> {
+export function intersection<T>(setA: Set<T>, setB: Set<T>): Set<T> {
   const _intersection = new Set<T>();
   for (const elem of setB) {
     if (setA.has(elem)) {

src/api/routes/linkry.ts

@@ -0,0 +1,110 @@
+import { FastifyPluginAsync } from "fastify";
+import { z } from "zod";
+import { AppRoles } from "../../common/roles.js";
+import { NotImplementedError } from "../../common/errors/index.js";
+import { intersection } from "../plugins/auth.js";
+import { NoDataRequest } from "../types.js";
+
+type LinkrySlugOnlyRequest = {
+  Params: { id: string };
+  Querystring: undefined;
+  Body: undefined;
+};
+
+const rawRequest = {
+  slug: z.string().min(1),
+  full: z.string().url().min(1),
+  groups: z.optional(z.array(z.string()).min(1)),
+};
+
+const createRequest = z.object(rawRequest);
+const patchRequest = z.object({ ...rawRequest, slug: z.undefined() });
+
+type LinkyCreateRequest = {
+  Params: undefined;
+  Querystring: undefined;
+  Body: z.infer<typeof createRequest>;
+};
+
+type LinkryPatchRequest = {
+  Params: { id: string };
+  Querystring: undefined;
+  Body: z.infer<typeof patchRequest>;
+};
+
+const linkryRoutes: FastifyPluginAsync = async (fastify, _options) => {
+  fastify.get<LinkrySlugOnlyRequest>("/redir/:id", async (request, reply) => {
+    throw new NotImplementedError({});
+  });
+  fastify.post<LinkyCreateRequest>(
+    "/redir",
+    {
+      preValidation: async (request, reply) => {
+        await fastify.zodValidateBody(request, reply, createRequest);
+      },
+      onRequest: async (request, reply) => {
+        await fastify.authorize(request, reply, [
+          AppRoles.LINKS_MANAGER,
+          AppRoles.LINKS_ADMIN,
+        ]);
+      },
+    },
+    async (request, reply) => {
+      throw new NotImplementedError({});
+    },
+  );
+  fastify.patch<LinkryPatchRequest>(
+    "/redir/:id",
+    {
+      preValidation: async (request, reply) => {
+        await fastify.zodValidateBody(request, reply, patchRequest);
+      },
+      onRequest: async (request, reply) => {
+        await fastify.authorize(request, reply, [
+          AppRoles.LINKS_MANAGER,
+          AppRoles.LINKS_ADMIN,
+        ]);
+      },
+    },
+    async (request, reply) => {
+      // make sure that a user can manage this link, either via owning or being in a group that has access to it, or is a LINKS_ADMIN.
+      throw new NotImplementedError({});
+    },
+  );
+  fastify.delete<LinkrySlugOnlyRequest>(
+    "/redir/:id",
+    {
+      preValidation: async (request, reply) => {
+        await fastify.zodValidateBody(request, reply, createRequest);
+      },
+      onRequest: async (request, reply) => {
+        await fastify.authorize(request, reply, [
+          AppRoles.LINKS_MANAGER,
+          AppRoles.LINKS_ADMIN,
+        ]);
+      },
+    },
+    async (request, reply) => {
+      // make sure that a user can manage this link, either via owning or being in a group that has access to it, or is a LINKS_ADMIN.
+      throw new NotImplementedError({});
+    },
+  );
+  fastify.get<NoDataRequest>(
+    "/redir",
+    {
+      onRequest: async (request, reply) => {
+        await fastify.authorize(request, reply, [
+          AppRoles.LINKS_MANAGER,
+          AppRoles.LINKS_ADMIN,
+        ]);
+      },
+    },
+    async (request, reply) => {
+      // if an admin, show all links
+      // if a links manager, show all my links + links I can manage
+      throw new NotImplementedError({});
+    },
+  );
+};
+
+export default linkryRoutes;

src/api/types.d.ts

@@ -27,3 +27,9 @@ declare module "fastify" {
     tokenPayload?: AadToken;
   }
 }
+
+export type NoDataRequest = {
+  Params: undefined;
+  Querystring: undefined;
+  Body: undefined;
+};

src/common/errors/index.ts

@@ -180,6 +180,17 @@ export class NotSupportedError extends BaseError<"NotSupportedError"> {
   }
 }
 
+export class DatabaseDeleteError extends BaseError<"DatabaseDeleteError"> {
+  constructor({ message }: { message: string }) {
+    super({
+      name: "DatabaseDeleteError",
+      id: 111,
+      message,
+      httpStatusCode: 500,
+    });
+  }
+}
+
 export class EntraGroupError extends BaseError<"EntraGroupError"> {
   group: string;
   constructor({
@@ -201,3 +212,4 @@ export class EntraGroupError extends BaseError<"EntraGroupError"> {
     this.group = group;
   }
 }
+

src/common/roles.ts

@@ -7,6 +7,8 @@ export enum AppRoles {
   TICKETS_MANAGER = "manage:tickets",
   IAM_ADMIN = "admin:iam",
   IAM_INVITE_ONLY = "invite:iam",
+  LINKS_MANAGER = "manage:links",
+  LINKS_ADMIN = "admin:links",
 }
 export const allAppRoles = Object.values(AppRoles).filter(
   (value) => typeof value === "string",

src/common/types/linkry.ts

@@ -0,0 +1,5 @@
+export type ShortLinkEntry = {
+  slug: string;
+  access: string;
+  redir?: string;
+}