@@ -7,8 +7,42 @@ import { validateNetId } from "api/functions/validation.js";
77import { FastifyPluginAsync } from "fastify" ;
88import { ValidationError } from "common/errors/index.js" ;
99import { getEntraIdToken } from "api/functions/entraId.js" ;
10+ import { genericConfig , roleArns } from "common/config.js" ;
11+ import { getRoleCredentials } from "api/functions/sts.js" ;
12+ import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager" ;
13+ import { DynamoDBClient } from "@aws-sdk/client-dynamodb" ;
1014
1115const membershipPlugin : FastifyPluginAsync = async ( fastify , _options ) => {
16+ const getAuthorizedClients = async ( ) => {
17+ if ( roleArns . Entra ) {
18+ fastify . log . info (
19+ `Attempting to assume Entra role ${ roleArns . Entra } ,
20+ ) ;
21+ const credentials = await getRoleCredentials ( roleArns . Entra ) ;
22+ const clients = {
23+ smClient : new SecretsManagerClient ( {
24+ region : genericConfig . AwsRegion ,
25+ credentials,
26+ } ) ,
27+ dynamoClient : new DynamoDBClient ( {
28+ region : genericConfig . AwsRegion ,
29+ credentials,
30+ } ) ,
31+ } ;
32+ fastify . log . info (
33+ `Assumed Entra role ${ roleArns . Entra } ,
34+ ) ;
35+ return clients ;
36+ } else {
37+ fastify . log . debug (
38+ "Did not assume Entra role as no env variable was present" ,
39+ ) ;
40+ return {
41+ smClient : fastify . secretsManagerClient ,
42+ dynamoClient : fastify . dynamoClient ,
43+ } ;
44+ }
45+ } ;
1246 fastify . get < {
1347 Body : undefined ;
1448 Querystring : { netId : string } ;
@@ -45,10 +79,7 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
4579 }
4680 // check AAD
4781 const entraIdToken = await getEntraIdToken (
48- {
49- smClient : fastify . secretsManagerClient ,
50- dynamoClient : fastify . dynamoClient ,
51- } ,
82+ await getAuthorizedClients ( ) ,
5283 fastify . environmentConfig . AadValidClientId ,
5384 ) ;
5485 const paidMemberGroup = fastify . environmentConfig . PaidMemberGroupId ;
0 commit comments