Stripe Link creation support in manage.acm (#48)

* basic setup

* basic setup

* use the stripe plink ID as the normal ID

* fix vitest resolution

* fix vitest module resolution  part 2

* try a basic test

* update mobile wallet test timeout

* add unit tests for the stripe routes

* update tests and utils

* update live tests to have auth in gh env

* fix live test

* update event tests

* fix linter warnings

* build the create panel

* basic create link panel tests

* some cleanup

Author: devksingh4

.github/workflows/deploy-dev.yml

@@ -92,6 +92,8 @@ jobs:
         run: make dev_health_check
       - name: Run live testing
         run: make test_live_integration
+        env:
+          JWT_KEY: ${{ secrets.JWT_KEY }}
       - name: Run E2E testing
         run: make test_e2e
         env:

.github/workflows/deploy-prod.yml

@@ -90,6 +90,8 @@ jobs:
           python-version: 3.11
       - name: Run live testing
         run: make test_live_integration
+        env:
+          JWT_KEY: ${{ secrets.JWT_KEY }}
       - name: Run E2E testing
         run: make test_e2e
         env:

cloudformation/iam.yml

@@ -106,6 +106,8 @@ Resources:
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles/*
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles
                 - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles/*
+                - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links
+                - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links/*
 
         PolicyName: lambda-dynamo
 Outputs:

cloudformation/main.yml

@@ -262,6 +262,34 @@ Resources:
         Projection:
           ProjectionType: ALL
 
+  StripeLinksTable:
+    Type: 'AWS::DynamoDB::Table'
+    DeletionPolicy: "Retain"
+    UpdateReplacePolicy: "Retain"
+    Properties:
+      BillingMode: 'PAY_PER_REQUEST'
+      TableName: infra-core-api-stripe-links
+      DeletionProtectionEnabled: true
+      PointInTimeRecoverySpecification:
+        PointInTimeRecoveryEnabled: false
+      AttributeDefinitions:
+        - AttributeName: userId
+          AttributeType: S
+        - AttributeName: linkId
+          AttributeType: S
+      KeySchema:
+        - AttributeName: userId
+          KeyType: "HASH"
+        - AttributeName: linkId
+          KeyType: "RANGE"
+      GlobalSecondaryIndexes:
+        - IndexName: LinkIdIndex
+          KeySchema:
+            - AttributeName: linkId
+              KeyType: "HASH"
+          Projection:
+            ProjectionType: "ALL"
+
   CacheRecordsTable:
     Type: 'AWS::DynamoDB::Table'
     DeletionPolicy: "Retain"

generate_jwt.js

@@ -1,36 +1,36 @@
-import jwt from 'jsonwebtoken';
+import jwt from "jsonwebtoken";
 import * as dotenv from "dotenv";
 dotenv.config();
 
-const username = process.env.JWTGEN_USERNAME || '[email protected]'
+const username = process.env.JWTGEN_USERNAME || "[email protected]"
 const payload = {
-    aud: "custom_jwt",
-    iss: "custom_jwt",
-    iat: Math.floor(Date.now() / 1000),
-    nbf: Math.floor(Date.now() / 1000),
-    exp: Math.floor(Date.now() / 1000) + (3600 * 24), // Token expires after 24 hour
-    acr: "1",
-    aio: "AXQAi/8TAAAA",
-    amr: ["pwd"],
-    appid: "your-app-id",
-    appidacr: "1",
-    email: username,
-    groups: ["0"],
-    idp: "https://login.microsoftonline.com",
-    ipaddr: "192.168.1.1",
-    name: "Doe, John",
-    oid: "00000000-0000-0000-0000-000000000000",
-    rh: "rh-value",
-    scp: "user_impersonation",
-    sub: "subject",
-    tid: "tenant-id",
-    unique_name: username,
-    uti: "uti-value",
-    ver: "1.0"
+  aud: "custom_jwt",
+  iss: "custom_jwt",
+  iat: Math.floor(Date.now() / 1000),
+  nbf: Math.floor(Date.now() / 1000),
+  exp: Math.floor(Date.now() / 1000) + 3600 * 24, // Token expires after 24 hour
+  acr: "1",
+  aio: "AXQAi/8TAAAA",
+  amr: ["pwd"],
+  appid: "your-app-id",
+  appidacr: "1",
+  email: username,
+  groups: ["0"],
+  idp: "https://login.microsoftonline.com",
+  ipaddr: "192.168.1.1",
+  name: "Doe, John",
+  oid: "00000000-0000-0000-0000-000000000000",
+  rh: "rh-value",
+  scp: "user_impersonation",
+  sub: "subject",
+  tid: "tenant-id",
+  unique_name: username,
+  uti: "uti-value",
+  ver: "1.0",
 };
 
 const secretKey = process.env.JwtSigningKey;
-const token = jwt.sign(payload, secretKey, { algorithm: 'HS256' });
-console.log(`USERNAME=${username}`)
-console.log('=====================')
-console.log(token)
+const token = jwt.sign(payload, secretKey, { algorithm: "HS256" });
+console.log(`USERNAME=${username}`);
+console.log("=====================");
+console.log(token);

package.json

@@ -81,4 +81,4 @@
   "resolutions": {
     "pdfjs-dist": "^4.8.69"
   }
-}
+}

src/api/functions/authorization.ts

@@ -1,8 +1,4 @@
-import {
-  DynamoDBClient,
-  GetItemCommand,
-  QueryCommand,
-} from "@aws-sdk/client-dynamodb";
+import { DynamoDBClient, GetItemCommand } from "@aws-sdk/client-dynamodb";
 import { unmarshall } from "@aws-sdk/util-dynamodb";
 import { genericConfig } from "../../common/config.js";
 import { DatabaseFetchError } from "../../common/errors/index.js";

src/api/functions/entraId.ts

@@ -6,7 +6,6 @@ import {
   officersGroupTestingId,
 } from "../../common/config.js";
 import {
-  BaseError,
   EntraFetchError,
   EntraGroupError,
   EntraInvitationError,
@@ -19,7 +18,6 @@ import {
   EntraGroupActions,
   EntraInvitationResponse,
 } from "../../common/types/iam.js";
-import { FastifyInstance } from "fastify";
 import { UserProfileDataBase } from "common/types/msGraphApi.js";
 import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 import { DynamoDBClient } from "@aws-sdk/client-dynamodb";

src/api/functions/membership.ts

@@ -1,4 +1,4 @@
-import { FastifyBaseLogger, FastifyInstance } from "fastify";
+import { FastifyBaseLogger } from "fastify";
 
 export async function checkPaidMembership(
   endpoint: string,
@@ -11,7 +11,13 @@ export async function checkPaidMembership(
   log.trace(`Got Membership API Payload for ${netId}: ${membershipApiPayload}`);
   try {
     return membershipApiPayload["isPaidMember"];
-  } catch (e: any) {
+  } catch (e: unknown) {
+    if (!(e instanceof Error)) {
+      log.error(
+        "Failed to get response from membership API (unknown error type.)",
+      );
+      throw e;
+    }
     log.error(`Failed to get response from membership API: ${e.toString()}`);
     throw e;
   }

src/api/functions/mobileWallet.ts

@@ -2,15 +2,12 @@ import { getSecretValue } from "../plugins/auth.js";
 import {
   ConfigType,
   genericConfig,
-  GenericConfigType,
   SecretConfig,
 } from "../../common/config.js";
 import {
   InternalServerError,
   UnauthorizedError,
 } from "../../common/errors/index.js";
-import { FastifyInstance, FastifyRequest } from "fastify";
-// these make sure that esbuild includes the files
 import icon from "../resources/MembershipPass.pkpass/icon.png";
 import logo from "../resources/MembershipPass.pkpass/logo.png";
 import strip from "../resources/MembershipPass.pkpass/strip.png";