feat: add API to list user devices

Author: coderbyheart

cdk/BackendStack.ts

@@ -17,7 +17,7 @@ import {
 	type CustomDomainDetails,
 } from './resources/api/CustomDomain.js'
 import { ApiHealthCheck } from './resources/api/HealthCheck.js'
-import { DeviceManagementAPI } from './resources/DeviceManagementAPI.js'
+import { CreateDeviceAPI } from './resources/DeviceManagementAPI.js'
 import { DevicesAPI } from './resources/DevicesAPI.js'
 import { EmailConfirmationTokens } from './resources/EmailConfirmationTokens.js'
 import { JWKS } from './resources/JWKS.js'
@@ -92,7 +92,7 @@ export class BackendStack extends Stack {
 		new CfnOutput(this, 'publicDevicesTableIdIndexName', {
 			exportName: `${this.stackName}:publicDevicesTableIdIndexName`,
 			description: 'name of the public devices table id index',
-			value: publicDevices.idIndex,
+			value: publicDevices.publicDevicesTableIdIndex,
 		})
 
 		const api = new API(this)
@@ -140,6 +140,7 @@ export class BackendStack extends Stack {
 		api.addRoute('GET /share/status', shareAPI.sharingStatusFingerprintFn)
 		api.addRoute('GET /device/{id}', shareAPI.sharingStatusFn)
 		api.addRoute('GET /device/{id}/jwt', shareAPI.deviceJwtFn)
+		api.addRoute('GET /user/devices', shareAPI.listUserDevicesFn)
 
 		const devicesAPI = new DevicesAPI(this, {
 			baseLayer,
@@ -148,7 +149,7 @@ export class BackendStack extends Stack {
 		})
 		api.addRoute('GET /devices', devicesAPI.devicesFn)
 
-		const credentialsAPI = new DeviceManagementAPI(this, {
+		const createDeviceAPI = new CreateDeviceAPI(this, {
 			baseLayer,
 			lambdaSources,
 			openSSLContainerImage: {
@@ -164,8 +165,7 @@ export class BackendStack extends Stack {
 			},
 			publicDevices,
 		})
-
-		api.addRoute('POST /device', credentialsAPI.createDevice)
+		api.addRoute('POST /device', createDeviceAPI.createDevice)
 
 		// User accounts
 		const emailConfirmationTokens = new EmailConfirmationTokens(this)

cdk/packBackendLambdas.ts

@@ -7,6 +7,7 @@ export type BackendLambdas = {
 	sharingStatusFingerprint: PackedLambda
 	devicesData: PackedLambda
 	createDevice: PackedLambda
+	listUserDevices: PackedLambda
 	openSSL: PackedLambda
 	apiHealthCheck: PackedLambda
 	createCNAMERecord: PackedLambda
@@ -24,6 +25,7 @@ export const packBackendLambdas = async (): Promise<BackendLambdas> => ({
 	sharingStatusFingerprint: await pack('sharingStatusFingerprint'),
 	devicesData: await pack('devicesData'),
 	createDevice: await pack('createDevice'),
+	listUserDevices: await pack('listUserDevices'),
 	openSSL: await pack('openSSL'),
 	apiHealthCheck: await pack('apiHealthCheck'),
 	createCNAMERecord: await packLambdaFromPath(

cdk/resources/DeviceManagementAPI.ts

@@ -9,7 +9,7 @@ import type { BackendLambdas } from '../packBackendLambdas.js'
 import { STACK_NAME } from '../stackConfig.js'
 import type { PublicDevices } from './PublicDevices.js'
 
-export class DeviceManagementAPI extends Construct {
+export class CreateDeviceAPI extends Construct {
 	public readonly createDevice: Lambda.IFunction
 
 	constructor(
@@ -29,7 +29,7 @@ export class DeviceManagementAPI extends Construct {
 			publicDevices: PublicDevices
 		},
 	) {
-		super(parent, 'deviceManagementAPI')
+		super(parent, 'createDeviceAPI')
 
 		const openSSLFn = new Lambda.Function(this, 'openSSLFn', {
 			handler: Lambda.Handler.FROM_IMAGE,
@@ -60,7 +60,7 @@ export class DeviceManagementAPI extends Construct {
 					BACKEND_STACK_NAME: STACK_NAME,
 					OPENSSL_LAMBDA_FUNCTION_NAME: openSSLFn.functionName,
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 				},
 			},
 		).fn

cdk/resources/DevicesAPI.ts

@@ -31,7 +31,7 @@ export class DevicesAPI extends Construct {
 				layers: [baseLayer],
 				environment: {
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 					PUBLIC_DEVICES_TABLE_MODEL_TTL_INDEX_NAME:
 						publicDevices.publicDevicesTableModelTTLIndex,
 				},

cdk/resources/PublicDevices.ts

@@ -7,7 +7,8 @@ import { Construct } from 'constructs'
 export class PublicDevices extends Construct {
 	public readonly publicDevicesTable: DynamoDB.Table
 	public readonly publicDevicesTableModelTTLIndex = 'modelTTLIndex'
-	public readonly idIndex = 'idIndex'
+	public readonly publicDevicesTableOwnerEmailIndex = 'ownerEmailIndex'
+	public readonly publicDevicesTableIdIndex = 'idIndex'
 	constructor(parent: Construct) {
 		super(parent, 'public-devices')
 
@@ -26,7 +27,7 @@ export class PublicDevices extends Construct {
 		})
 
 		this.publicDevicesTable.addGlobalSecondaryIndex({
-			indexName: this.idIndex,
+			indexName: this.publicDevicesTableIdIndex,
 			partitionKey: {
 				name: 'id',
 				type: DynamoDB.AttributeType.STRING,
@@ -51,5 +52,19 @@ export class PublicDevices extends Construct {
 			projectionType: DynamoDB.ProjectionType.INCLUDE,
 			nonKeyAttributes: ['id', 'deviceId'],
 		})
+
+		this.publicDevicesTable.addGlobalSecondaryIndex({
+			indexName: this.publicDevicesTableOwnerEmailIndex,
+			partitionKey: {
+				name: 'ownerEmail',
+				type: DynamoDB.AttributeType.STRING,
+			},
+			sortKey: {
+				name: 'ttl',
+				type: DynamoDB.AttributeType.NUMBER,
+			},
+			projectionType: DynamoDB.ProjectionType.INCLUDE,
+			nonKeyAttributes: ['id', 'deviceId', 'model'],
+		})
 	}
 }

cdk/resources/ShareAPI.ts

@@ -9,6 +9,7 @@ export class ShareAPI extends Construct {
 	public readonly sharingStatusFn: Lambda.IFunction
 	public readonly deviceJwtFn: Lambda.IFunction
 	public readonly sharingStatusFingerprintFn: Lambda.IFunction
+	public readonly listUserDevicesFn: Lambda.IFunction
 	constructor(
 		parent: Construct,
 		{
@@ -26,6 +27,7 @@ export class ShareAPI extends Construct {
 				| 'sharingStatus'
 				| 'sharingStatusFingerprint'
 				| 'deviceJwt'
+				| 'listUserDevices'
 			>
 		},
 	) {
@@ -40,7 +42,7 @@ export class ShareAPI extends Construct {
 				layers: [baseLayer],
 				environment: {
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 					IS_TEST: this.node.getContext('isTest') === true ? '1' : '0',
 				},
 			},
@@ -56,7 +58,7 @@ export class ShareAPI extends Construct {
 				layers: [baseLayer],
 				environment: {
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 				},
 			},
 		).fn
@@ -72,7 +74,7 @@ export class ShareAPI extends Construct {
 				layers: [baseLayer],
 				environment: {
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 				},
 			},
 		).fn
@@ -90,10 +92,26 @@ export class ShareAPI extends Construct {
 				layers: [baseLayer, jwtLayer],
 				environment: {
 					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
-					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.idIndex,
+					PUBLIC_DEVICES_ID_INDEX_NAME: publicDevices.publicDevicesTableIdIndex,
 				},
 			},
 		).fn
 		publicDevices.publicDevicesTable.grantReadData(this.deviceJwtFn)
+
+		this.listUserDevicesFn = new PackedLambdaFn(
+			this,
+			'listUserDevicesFn',
+			lambdaSources.listUserDevices,
+			{
+				description: 'List user devices',
+				layers: [baseLayer, jwtLayer],
+				environment: {
+					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
+					PUBLIC_DEVICES_OWNER_EMAIL_INDEX_NAME:
+						publicDevices.publicDevicesTableOwnerEmailIndex,
+				},
+			},
+		).fn
+		publicDevices.publicDevicesTable.grantReadData(this.listUserDevicesFn)
 	}
 }

devices/hasItems.ts

@@ -0,0 +1,6 @@
+import type { AttributeValue } from '@aws-sdk/client-dynamodb'
+
+export const hasItems = (
+	res: unknown,
+): res is { Items: Record<string, AttributeValue>[] } =>
+	res !== null && typeof res === 'object' && 'Items' in res

devices/listDevicesByEmail.ts

@@ -0,0 +1,35 @@
+import { QueryCommand, type DynamoDBClient } from '@aws-sdk/client-dynamodb'
+import { unmarshall } from '@aws-sdk/util-dynamodb'
+import { normalizeEmail } from '../users/normalizeEmail.js'
+import { hasItems } from './hasItems.js'
+import type { PublicDeviceRecord } from './publicDevicesRepo.js'
+
+export const listDevicesByEmail =
+	({
+		db,
+		TableName,
+		emailIndexName,
+	}: {
+		db: DynamoDBClient
+		TableName: string
+		emailIndexName: string
+	}) =>
+	async (email: string): Promise<Array<PublicDeviceRecord>> => {
+		const res = await db.send(
+			new QueryCommand({
+				TableName,
+				IndexName: emailIndexName,
+				KeyConditionExpression: '#ownerEmail = :email',
+				ExpressionAttributeNames: {
+					'#ownerEmail': 'ownerEmail',
+				},
+				ExpressionAttributeValues: {
+					':email': {
+						S: normalizeEmail(email),
+					},
+				},
+			}),
+		)
+		if (!hasItems(res)) return []
+		return res.Items.map((i) => unmarshall(i) as PublicDeviceRecord)
+	}

features/DeviceJWT.feature.md

@@ -0,0 +1,43 @@
+---
+exampleContext:
+  fingerprint: 92b.y7i24q
+  deviceId: ed468852-a96d-4d88-9447-252730c396c2
+  publicDeviceId: outfling-swanherd-attaghan
+  API: "https://api.nordicsemi.world/2024-04-15"
+---
+
+# Acquiring a JWT for use with the hello.nrfcloud.com backend API
+
+> The device history is stored by the hello.nrfcloud.com backend but should only
+> be accessible for devices, that are currently shared. Therefore a JWT can be
+> generated by the nrfcloud.com/map backend that confirms that the device is
+> shared and this JWT is then presented to the nrfcloud.com backend when
+> retrieving the history.
+
+## Background
+
+Given I have the device id for a shared `thingy91x` device in `deviceId` and the
+public device id in `publicDeviceId`
+
+## Retrieve the JWT
+
+When I `GET` to `${API}/device/${publicDeviceId}/jwt`
+
+Then the status code of the last response should be `201`
+
+And I should receive a `https://github.com/hello-nrfcloud/proto-map/device-jwt`
+response
+
+And I store `jwt` of the last response into `jwt`
+
+Then the JWT in `jwt` for the audience `hello.nrfcloud.com` should encode the
+payload
+
+```json
+{
+  "@context": "https://github.com/hello-nrfcloud/proto-map/device-jwt",
+  "id": "${publicDeviceId}",
+  "deviceId": "${deviceId}",
+  "model": "thingy91x"
+}
+```

features/ListUserDevices.feature.md

@@ -0,0 +1,38 @@
+---
+exampleContext:
+  API: https://api.nordicsemi.world/2024-04-15
+  email: [email protected]
+  jwt: eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Ijg1NDdiNWIyLTdiNDctNDFlNC1iZjJkLTdjZGZmNDhiM2VhNCJ9.eyJAY29udGV4dCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9oZWxsby1ucmZjbG91ZC9wcm90by1tYXAvdXNlci1qd3QiLCJlbWFpbCI6ImVkYjJiZDM3QGV4YW1wbGUuY29tIiwiaWF0IjoxNzIyODcxNTYyLCJleHAiOjE3MjI5NTc5NjIsImF1ZCI6ImhlbGxvLm5yZmNsb3VkLmNvbSJ9.ALiHjxR7HIjuYQBvPVh5-GMs-2f-pMGs_FTz-x0HGzQ4amLASeUGEZ7X_y-_mgZpYu8VKGm6be0LtIIx9DgYBff1ASfmQH327rub0a2-DjXW-JUJQn_6t6H6_JhvPZ9jWBSzy3Tbpp9NmTUNmHgEwzyoctnmgp0oo26VEwc4r6YGQWkZ
+  bulkOpsRequestId: e360a26b-0175-428e-bebf-9125a5a4db04
+needs:
+  - Add Device
+---
+
+# List devices
+
+> Users can list their devices.
+
+## List devices
+
+Given the `Authorization` header of the next request is `Bearer ${jwt}`
+
+When I `GET` `${API}/user/devices`
+
+Then the status code of the last response should be `200`
+
+And I should receive a
+`https://github.com/hello-nrfcloud/proto-map/user-devices` response
+
+And `{"len": $count($.devices)}` of the last response should match
+
+```json
+{ "len": 1 }
+```
+
+And `$.devices[0]` of the last response should match
+
+```json
+{
+  "model": "thingy91x"
+}
+```