Skip to content

Commit dc91ac3

Browse files
devksingh4devksingh4
committed
port code from old branch
1 parent b1bdb7e commit dc91ac3

File tree

6 files changed

+152
-90
lines changed

6 files changed

+152
-90
lines changed

cloudformation/iam.yml

Lines changed: 92 additions & 90 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
1-
AWSTemplateFormatVersion: '2010-09-09'
1+
AWSTemplateFormatVersion: "2010-09-09"
22
Description: Stack IAM Roles
33
Transform: AWS::Serverless-2016-10-31
44
Parameters:
55
RunEnvironment:
66
Type: String
77
AllowedValues:
8-
- dev
9-
- prod
8+
- dev
9+
- prod
1010
LambdaFunctionName:
1111
Type: String
1212
AllowedPattern: ^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$
@@ -21,99 +21,101 @@ Resources:
2121
ManagedPolicyArns:
2222
- arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
2323
AssumeRolePolicyDocument:
24-
Version: '2012-10-17'
24+
Version: "2012-10-17"
2525
Statement:
26-
- Action:
27-
- sts:AssumeRole
28-
Effect: Allow
29-
Principal:
30-
Service:
31-
- lambda.amazonaws.com
32-
Policies:
33-
- PolicyDocument:
34-
Version: '2012-10-17'
35-
Statement:
36-
- Action:
37-
- ses:SendEmail
38-
- ses:SendRawEmail
39-
Effect: Allow
40-
Resource: "*"
41-
Condition:
42-
StringEquals:
43-
ses:FromAddress: !Sub "membership@${SesEmailDomain}"
44-
ForAllValues:StringLike:
45-
ses:Recipients:
46-
- "*@illinois.edu"
47-
PolicyName: ses-membership
48-
- PolicyDocument:
49-
Version: '2012-10-17'
50-
Statement:
5126
- Action:
52-
- sqs:SendMessage
27+
- sts:AssumeRole
5328
Effect: Allow
54-
Resource: !Ref SqsQueueArn
55-
PolicyName: lambda-sqs
56-
- PolicyDocument:
57-
Version: '2012-10-17'
58-
Statement:
59-
- Action:
60-
- logs:CreateLogGroup
61-
- logs:CreateLogStream
62-
- logs:PutLogEvents
63-
Effect: Allow
64-
Resource:
65-
- Fn::Sub: arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${LambdaFunctionName}:*
66-
- Effect: Allow
67-
Action:
68-
- ec2:CreateNetworkInterface
69-
- ec2:DescribeNetworkInterfaces
70-
- ec2:DeleteNetworkInterface
71-
- ec2:DescribeSubnets
72-
- ec2:DeleteNetworkInterface
73-
- ec2:AssignPrivateIpAddresses
74-
- ec2:UnassignPrivateIpAddresses
75-
Resource: '*'
76-
PolicyName: lambda
77-
- PolicyDocument:
78-
Version: 2012-10-17
79-
Statement:
80-
- Action:
81-
- secretsmanager:GetSecretValue
82-
Effect: Allow
83-
Resource:
84-
- !Sub arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:infra-core-api-config*
85-
PolicyName: lambda-db-secrets
86-
- PolicyDocument:
87-
Version: 2012-10-17
88-
Statement:
89-
- Action:
90-
- dynamodb:*
91-
Effect: Allow
92-
Resource:
93-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events/*
94-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events
95-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache
96-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache/*
97-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-purchase-history/*
98-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-purchase-history
99-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-tickets
100-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-tickets/*
101-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-ticketing-metadata/*
102-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-ticketing-metadata
103-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-metadata/*
104-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-metadata
105-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles
106-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles/*
107-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles
108-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles/*
109-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links
110-
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links/*
29+
Principal:
30+
Service:
31+
- lambda.amazonaws.com
32+
Policies:
33+
- PolicyDocument:
34+
Version: "2012-10-17"
35+
Statement:
36+
- Action:
37+
- ses:SendEmail
38+
- ses:SendRawEmail
39+
Effect: Allow
40+
Resource: "*"
41+
Condition:
42+
StringEquals:
43+
ses:FromAddress: !Sub "membership@${SesEmailDomain}"
44+
ForAllValues:StringLike:
45+
ses:Recipients:
46+
- "*@illinois.edu"
47+
PolicyName: ses-membership
48+
- PolicyDocument:
49+
Version: "2012-10-17"
50+
Statement:
51+
- Action:
52+
- sqs:SendMessage
53+
Effect: Allow
54+
Resource: !Ref SqsQueueArn
55+
PolicyName: lambda-sqs
56+
- PolicyDocument:
57+
Version: "2012-10-17"
58+
Statement:
59+
- Action:
60+
- logs:CreateLogGroup
61+
- logs:CreateLogStream
62+
- logs:PutLogEvents
63+
Effect: Allow
64+
Resource:
65+
- Fn::Sub: arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${LambdaFunctionName}:*
66+
- Effect: Allow
67+
Action:
68+
- ec2:CreateNetworkInterface
69+
- ec2:DescribeNetworkInterfaces
70+
- ec2:DeleteNetworkInterface
71+
- ec2:DescribeSubnets
72+
- ec2:DeleteNetworkInterface
73+
- ec2:AssignPrivateIpAddresses
74+
- ec2:UnassignPrivateIpAddresses
75+
Resource: "*"
76+
PolicyName: lambda
77+
- PolicyDocument:
78+
Version: 2012-10-17
79+
Statement:
80+
- Action:
81+
- secretsmanager:GetSecretValue
82+
Effect: Allow
83+
Resource:
84+
- !Sub arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:infra-core-api-config*
85+
PolicyName: lambda-db-secrets
86+
- PolicyDocument:
87+
Version: 2012-10-17
88+
Statement:
89+
- Action:
90+
- dynamodb:*
91+
Effect: Allow
92+
Resource:
93+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events/*
94+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events
95+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache
96+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-cache/*
97+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-purchase-history/*
98+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-purchase-history
99+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-tickets
100+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-tickets/*
101+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-ticketing-metadata/*
102+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-events-ticketing-metadata
103+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-metadata/*
104+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-metadata
105+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles
106+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles/*
107+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles
108+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles/*
109+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links
110+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links/*
111+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-provisioning
112+
- !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-provisioning/*
111113

112-
PolicyName: lambda-dynamo
114+
PolicyName: lambda-dynamo
113115
Outputs:
114116
MainFunctionRoleArn:
115117
Description: Main API IAM role ARN
116118
Value:
117119
Fn::GetAtt:
118-
- ApiLambdaIAMRole
119-
- Arn
120+
- ApiLambdaIAMRole
121+
- Arn

cloudformation/main.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,22 @@ Resources:
253253
FunctionResponseTypes:
254254
- ReportBatchItemFailures
255255

256+
MembershipRecordsTable:
257+
Type: "AWS::DynamoDB::Table"
258+
DeletionPolicy: "Retain"
259+
Properties:
260+
BillingMode: "PAY_PER_REQUEST"
261+
TableName: infra-core-api-membership-provisioning
262+
DeletionProtectionEnabled: true
263+
PointInTimeRecoverySpecification:
264+
PointInTimeRecoveryEnabled: !If [IsProd, true, false]
265+
AttributeDefinitions:
266+
- AttributeName: email
267+
AttributeType: S
268+
KeySchema:
269+
- AttributeName: email
270+
KeyType: HASH
271+
256272
IamGroupRolesTable:
257273
Type: "AWS::DynamoDB::Table"
258274
DeletionPolicy: "Retain"

src/api/functions/validation.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,8 @@ export function validateEmail(email: string): boolean {
55
const result = emailSchema.safeParse(email);
66
return result.success;
77
}
8+
9+
export function validateNetId(netId: string): boolean {
10+
const regex = /^[a-zA-Z0-9\-]+$/;
11+
return regex.test(netId);
12+
}

src/api/index.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
2323
import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
2424
import mobileWalletRoute from "./routes/mobileWallet.js";
2525
import stripeRoutes from "./routes/stripe.js";
26+
import membershipPlugin from "./routes/membership.js";
2627

2728
dotenv.config();
2829

@@ -110,6 +111,7 @@ async function init() {
110111
api.register(protectedRoute, { prefix: "/protected" });
111112
api.register(eventsPlugin, { prefix: "/events" });
112113
api.register(organizationsPlugin, { prefix: "/organizations" });
114+
api.register(membershipPlugin, { prefix: "/membership" });
113115
api.register(icalPlugin, { prefix: "/ical" });
114116
api.register(iamRoutes, { prefix: "/iam" });
115117
api.register(ticketsPlugin, { prefix: "/tickets" });

src/api/routes/membership.ts

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
import { validateNetId } from "api/functions/validation.js";
2+
import { NotImplementedError } from "common/errors/index.js";
3+
import { FastifyPluginAsync } from "fastify";
4+
import { ValidationError } from "zod-validation-error";
5+
6+
const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
7+
fastify.get<{
8+
Body: undefined;
9+
Querystring: { netId: string };
10+
}>(
11+
"/:netId",
12+
{
13+
schema: {
14+
querystring: {
15+
type: "object",
16+
properties: {
17+
netId: {
18+
type: "string",
19+
},
20+
},
21+
},
22+
},
23+
},
24+
async (request, reply) => {
25+
const netId = (request.params as Record<string, string>).netId;
26+
if (!validateNetId(netId)) {
27+
throw new ValidationError(`${netId} is not a valid Illinois NetID!`);
28+
}
29+
throw new NotImplementedError({});
30+
},
31+
);
32+
};
33+
34+
export default membershipPlugin;

src/common/config.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ export type ConfigType = {
1717
MembershipApiEndpoint: string;
1818
EmailDomain: string;
1919
SqsQueueUrl: string;
20+
PaidMemberGroupId: string;
2021
};
2122

2223
export type GenericConfigType = {
@@ -83,6 +84,7 @@ const environmentConfig: EnvironmentConfigType = {
8384
EmailDomain: "aws.qa.acmuiuc.org",
8485
SqsQueueUrl:
8586
"https://sqs.us-east-1.amazonaws.com/427040638965/infra-core-api-sqs",
87+
PaidMemberGroupId: "9222451f-b354-4e64-ba28-c0f367a277c2",
8688
},
8789
prod: {
8890
AzureRoleMapping: { AutonomousWriters: [AppRoles.EVENTS_MANAGER] },
@@ -100,6 +102,7 @@ const environmentConfig: EnvironmentConfigType = {
100102
EmailDomain: "acm.illinois.edu",
101103
SqsQueueUrl:
102104
"https://sqs.us-east-1.amazonaws.com/298118738376/infra-core-api-sqs",
105+
PaidMemberGroupId: "172fd9ee-69f0-4384-9786-41ff1a43cf8e",
103106
},
104107
};
105108

0 commit comments

Comments
 (0)