feat: notify users about expiring sharing

Author: coderbyheart

cdk/BackendStack.ts

@@ -21,6 +21,7 @@ import { CreateDeviceAPI } from './resources/DeviceManagementAPI.js'
 import { DevicesAPI } from './resources/DevicesAPI.js'
 import { EmailConfirmationTokens } from './resources/EmailConfirmationTokens.js'
 import { JWKS } from './resources/JWKS.js'
+import { Notifications } from './resources/Notifications.js'
 import { PublicDevices } from './resources/PublicDevices.js'
 import { ShareAPI } from './resources/ShareAPI.js'
 import { UserAuthAPI } from './resources/UserAuthAPI.js'
@@ -183,6 +184,13 @@ export class BackendStack extends Stack {
 		api.addRoute('POST /auth', userAuthAPI.requestTokenFn)
 		api.addRoute('POST /auth/jwt', userAuthAPI.createJWTFn)
 
+		new Notifications(this, {
+			baseLayer,
+			lambdaSources,
+			publicDevices,
+			domain,
+		})
+
 		// JWKS
 
 		const jwks = new JWKS(this, {

cdk/packBackendLambdas.ts

@@ -16,6 +16,7 @@ export type BackendLambdas = {
 	deviceJwt: PackedLambda
 	requestToken: PackedLambda
 	userJwt: PackedLambda
+	notifyAboutExpiringDevices: PackedLambda
 }
 
 const pack = async (id: string) => packLambdaFromPath(id, `lambda/${id}.ts`)
@@ -38,4 +39,5 @@ export const packBackendLambdas = async (): Promise<BackendLambdas> => ({
 	deviceJwt: await pack('deviceJwt'),
 	requestToken: await pack('requestToken'),
 	userJwt: await pack('userJwt'),
+	notifyAboutExpiringDevices: await pack('notifyAboutExpiringDevices'),
 })

cdk/resources/Notifications.ts

@@ -0,0 +1,55 @@
+import { PackedLambdaFn } from '@bifravst/aws-cdk-lambda-helpers/cdk'
+import {
+	type aws_lambda as Lambda,
+	Duration,
+	aws_events_targets as EventTargets,
+	aws_events as Events,
+} from 'aws-cdk-lib'
+import { Construct } from 'constructs'
+import type { BackendLambdas } from '../packBackendLambdas.js'
+import type { PublicDevices } from './PublicDevices.js'
+import { permissions } from './ses.js'
+
+export class Notifications extends Construct {
+	constructor(
+		parent: Construct,
+		{
+			domain,
+			baseLayer,
+			lambdaSources,
+			publicDevices,
+		}: {
+			domain: string
+			baseLayer: Lambda.ILayerVersion
+			lambdaSources: Pick<BackendLambdas, 'notifyAboutExpiringDevices'>
+			publicDevices: PublicDevices
+		},
+	) {
+		super(parent, 'notifications')
+
+		const notifyAboutExpiringDevicesFn = new PackedLambdaFn(
+			this,
+			'notifyAboutExpiringDevicesFn',
+			lambdaSources.notifyAboutExpiringDevices,
+			{
+				description: 'Notify users that their devices expire soon',
+				layers: [baseLayer],
+				environment: {
+					FROM_EMAIL: `notification@${domain}`,
+					IS_TEST: this.node.getContext('isTest') === true ? '1' : '0',
+					PUBLIC_DEVICES_TABLE_NAME: publicDevices.publicDevicesTable.tableName,
+				},
+				initialPolicy: [permissions(this, domain)],
+			},
+		).fn
+		publicDevices.publicDevicesTable.grantReadData(notifyAboutExpiringDevicesFn)
+
+		const rule = new Events.Rule(this, 'rule', {
+			description: `Rule to schedule email notifications`,
+			schedule: Events.Schedule.rate(Duration.days(1)),
+		})
+		rule.addTarget(
+			new EventTargets.LambdaFunction(notifyAboutExpiringDevicesFn),
+		)
+	}
+}

cdk/resources/UserAuthAPI.ts

@@ -1,8 +1,9 @@
 import { PackedLambdaFn } from '@bifravst/aws-cdk-lambda-helpers/cdk'
-import { aws_iam as IAM, type aws_lambda as Lambda, Stack } from 'aws-cdk-lib'
+import { type aws_lambda as Lambda } from 'aws-cdk-lib'
 import { Construct } from 'constructs'
 import type { BackendLambdas } from '../packBackendLambdas.js'
 import type { EmailConfirmationTokens } from './EmailConfirmationTokens.js'
+import { permissions } from './ses.js'
 
 export class UserAuthAPI extends Construct {
 	public readonly requestTokenFn: Lambda.IFunction
@@ -39,21 +40,7 @@ export class UserAuthAPI extends Construct {
 					FROM_EMAIL: `notification@${domain}`,
 					IS_TEST: this.node.getContext('isTest') === true ? '1' : '0',
 				},
-				initialPolicy: [
-					new IAM.PolicyStatement({
-						actions: ['ses:SendEmail'],
-						resources: [
-							`arn:aws:ses:${Stack.of(parent).region}:${
-								Stack.of(parent).account
-							}:identity/${domain}`,
-						],
-						conditions: {
-							StringLike: {
-								'ses:FromAddress': `notification@${domain}`,
-							},
-						},
-					}),
-				],
+				initialPolicy: [permissions(this, domain)],
 			},
 		).fn
 		emailConfirmationTokens.table.grantWriteData(this.requestTokenFn)

cdk/resources/ses.ts

@@ -0,0 +1,20 @@
+import { aws_iam as IAM, Stack } from 'aws-cdk-lib'
+import type { Construct } from 'constructs'
+
+export const permissions = (
+	stack: Construct,
+	domain: string,
+): IAM.PolicyStatement =>
+	new IAM.PolicyStatement({
+		actions: ['ses:SendEmail'],
+		resources: [
+			`arn:aws:ses:${Stack.of(stack).region}:${
+				Stack.of(stack).account
+			}:identity/${domain}`,
+		],
+		conditions: {
+			StringLike: {
+				'ses:FromAddress': `notification@${domain}`,
+			},
+		},
+	})

devices/listExpiringDevices.ts

@@ -0,0 +1,25 @@
+import { ScanCommand, type DynamoDBClient } from '@aws-sdk/client-dynamodb'
+import { unmarshall } from '@aws-sdk/util-dynamodb'
+import { hasItems } from './hasItems.js'
+import type { PublicDeviceRecord } from './PublicDeviceRecord.js'
+
+export const listExpiringDevices =
+	({ db, TableName }: { db: DynamoDBClient; TableName: string }) =>
+	async (expiresUntil: Date): Promise<Array<PublicDeviceRecord>> => {
+		const res = await db.send(
+			new ScanCommand({
+				TableName,
+				FilterExpression: '#ttl < :expiresUntil',
+				ExpressionAttributeNames: {
+					'#ttl': 'ttl',
+				},
+				ExpressionAttributeValues: {
+					':expiresUntil': {
+						N: (expiresUntil.getTime() / 1000).toString(),
+					},
+				},
+			}),
+		)
+		if (!hasItems(res)) return []
+		return res.Items.map((i) => unmarshall(i) as PublicDeviceRecord)
+	}

email/sendExpiryNotificationEmail.ts

@@ -0,0 +1,37 @@
+import type { SESClient } from '@aws-sdk/client-ses'
+import { SendEmailCommand } from '@aws-sdk/client-ses'
+
+export const sendExpiryNotificationEmail =
+	(ses: SESClient, fromEmail: string) =>
+	async ({
+		email,
+		ids,
+	}: {
+		email: string
+		ids: Array<string>
+	}): Promise<void> => {
+		await ses.send(
+			new SendEmailCommand({
+				Destination: {
+					ToAddresses: [email],
+				},
+				Message: {
+					Body: {
+						Text: {
+							Data: [
+								`The following devices will expire soon and no longer be shared on the map:`,
+								'',
+								...ids.map((id) => `- ${id}`),
+								'',
+								'Please visit the dashboard to extend the expiration date of your devices.',
+							].join('\n'),
+						},
+					},
+					Subject: {
+						Data: `[hello.nrfcloud.com] › Action needed: ${ids.length} of your devices will expire soon`,
+					},
+				},
+				Source: fromEmail,
+			}),
+		)
+	}

lambda/notifyAboutExpiringDevices.ts

@@ -0,0 +1,55 @@
+import { DynamoDBClient } from '@aws-sdk/client-dynamodb'
+import { SESClient } from '@aws-sdk/client-ses'
+import { fromEnv } from '@bifravst/from-env'
+import { requestLogger } from '@hello.nrfcloud.com/lambda-helpers/requestLogger'
+import middy from '@middy/core'
+import { STACK_NAME } from '../cdk/stackConfig.js'
+import { listExpiringDevices } from '../devices/listExpiringDevices.js'
+import { sendExpiryNotificationEmail } from '../email/sendExpiryNotificationEmail.js'
+
+const { publicDevicesTableName, fromEmail, isTestString } = fromEnv({
+	publicDevicesTableName: 'PUBLIC_DEVICES_TABLE_NAME',
+	version: 'VERSION',
+	fromEmail: 'FROM_EMAIL',
+	isTestString: 'IS_TEST',
+})({
+	STACK_NAME,
+	...process.env,
+})
+const list = listExpiringDevices({
+	db: new DynamoDBClient({}),
+	TableName: publicDevicesTableName,
+})
+const ses = new SESClient({})
+const isTest = isTestString === '1'
+const sendEmail = sendExpiryNotificationEmail(ses, fromEmail)
+
+/**
+ * Notify users that their devices expire soon
+ */
+const h = async (): Promise<void> => {
+	const devices = await list(new Date(Date.now() + 1000 * 60 * 60 * 24 * 3))
+
+	const devicesByEmail = devices.reduce(
+		(acc, d) => {
+			if (acc[d.ownerEmail] === undefined) {
+				acc[d.ownerEmail] = []
+			}
+			acc[d.ownerEmail]!.push(d.id)
+			return acc
+		},
+		{} as Record<string, Array<string>>,
+	)
+
+	for (const [email, ids] of Object.entries(devicesByEmail)) {
+		console.debug(email, ids.join(', '))
+		if (!isTest) {
+			await sendEmail({
+				email,
+				ids,
+			})
+		}
+	}
+}
+
+export const handler = middy().use(requestLogger()).handler(h)