Merge pull request #3 from ruby-no-kai/attendee-gate

attendee-gate

Author: sorah

.github/workflows/docker-attendee-gate.jsonnet

@@ -0,0 +1 @@
+(import './docker-build-simple.libsonnet')('attendee-gate', 'us-west-2')

.github/workflows/docker-attendee-gate.yml

@@ -0,0 +1 @@
+3.3

attendee-gate/.ruby-version

@@ -0,0 +1,27 @@
+FROM public.ecr.aws/lambda/ruby:3.3 as builder
+RUN dnf install -y gcc gcc-c++ make pkg-config git
+
+COPY Gemfile* ${LAMBDA_TASK_ROOT}/
+WORKDIR ${LAMBDA_TASK_ROOT}/app
+
+ENV BUNDLE_GEMFILE ${LAMBDA_TASK_ROOT}/Gemfile
+ENV BUNDLE_PATH ${LAMBDA_TASK_ROOT}/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_JOBS 16
+ENV BUNDLE_WITHOUT development:test
+RUN bundle install
+
+COPY . ${LAMBDA_TASK_ROOT}/app
+
+FROM public.ecr.aws/lambda/ruby:3.3
+
+COPY --from=builder ${LAMBDA_TASK_ROOT}/vendor ${LAMBDA_TASK_ROOT}/vendor
+COPY . ${LAMBDA_TASK_ROOT}/app
+
+WORKDIR ${LAMBDA_TASK_ROOT}/app
+
+ENV BUNDLE_GEMFILE ${LAMBDA_TASK_ROOT}/Gemfile
+ENV BUNDLE_PATH ${LAMBDA_TASK_ROOT}/vendor/bundle
+ENV BUNDLE_DEPLOYMENT 1
+ENV BUNDLE_WITHOUT development:test
+CMD [ "index.AttendeeGate::Handlers.http" ]

attendee-gate/Dockerfile

@@ -0,0 +1,14 @@
+source 'https://rubygems.org'
+
+gem 'sqlite3'
+gem 'aws-sdk-s3'
+gem 'aws-sdk-ssm'
+gem 'sinatra'
+gem 'apigatewayv2_rack', '>= 0.2.2'
+gem 'httpx'
+gem 'rexml'
+gem 'base64'
+
+group :development do
+  gem 'puma'
+end

attendee-gate/Gemfile

@@ -0,0 +1,77 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    apigatewayv2_rack (0.2.2)
+      base64
+      rack
+      stringio
+    aws-eventstream (1.3.1)
+    aws-partitions (1.1061.0)
+    aws-sdk-core (3.220.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.99.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.182.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-ssm (1.191.0)
+      aws-sdk-core (~> 3, >= 3.216.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.11.0)
+      aws-eventstream (~> 1, >= 1.0.2)
+    base64 (0.2.0)
+    http-2 (1.0.2)
+    httpx (1.4.2)
+      http-2 (>= 1.0.0)
+    jmespath (1.6.2)
+    logger (1.6.6)
+    mini_portile2 (2.8.8)
+    mustermann (3.0.3)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.7.4)
+    puma (6.6.0)
+      nio4r (~> 2.0)
+    rack (3.1.11)
+    rack-protection (4.1.1)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.1.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rexml (3.4.1)
+    ruby2_keywords (0.0.5)
+    sinatra (4.1.1)
+      logger (>= 1.6.0)
+      mustermann (~> 3.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.1.1)
+      rack-session (>= 2.0.0, < 3)
+      tilt (~> 2.0)
+    sqlite3 (2.6.0)
+      mini_portile2 (~> 2.8.0)
+    stringio (3.1.5)
+    tilt (2.6.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  apigatewayv2_rack (>= 0.2.2)
+  aws-sdk-s3
+  aws-sdk-ssm
+  base64
+  httpx
+  puma
+  rexml
+  sinatra
+  sqlite3
+
+BUNDLED WITH
+   2.6.3

attendee-gate/Gemfile.lock

@@ -0,0 +1,113 @@
+require_relative './db'
+require 'base64'
+require 'aws-sdk-s3'
+require 'sinatra/base'
+
+module AttendeeGate
+  class App < Sinatra::Base
+    CONTEXT_NAME = 'attendeegate.ctx'
+    DB_NAME = 'attendeegate.db'
+
+    class DataCache
+      STALE_AFTER = 15
+      Head = Data.define(:last_modified, :etag, :ts) do
+        def self.from_s3_response(r)
+          new(
+            last_modified: r.last_modified,
+            etag: r.etag,
+            ts: Time.now,
+          )
+        end
+      end
+
+      def initialize(context)
+        @context = context
+        @db = nil
+        @file = nil
+        @head = nil
+      end
+
+      attr_reader :context
+
+      def value
+        return @db unless stale?
+        @db&.close
+        @file&.unlink
+        @db = nil
+        @file, @db, @head = fetch_db
+        @db
+      end
+
+      def stale?
+        return true unless @db && @head
+        return false if (Time.now - @head.ts) < STALE_AFTER
+        Head.from_s3_response(s3.head_object(bucket: context.s3_bucket, key: context.s3_key)) != @head
+      end
+
+      private def fetch_db
+        file = Tempfile.new
+        r = s3.get_object(bucket: context.s3_bucket, key: context.s3_key, response_target: file)
+        db = DB.open(path: file.path, hash_key: context.hash_key)
+        @file, @db, @head = file, db, Head.from_s3_response(r)
+      end
+
+      # @return [Aws::S3::Client]
+      private def s3
+        context.s3
+      end
+    end
+
+    Context = Data.define(:s3, :s3_bucket, :s3_key, :hash_key) do
+      def inspect
+        "#<#{self.class.name} #{self.__id__}>"
+      end
+    end
+
+    def self.rack(...)
+      ctx = Context.new(...)
+      db = DataCache.new(ctx)
+      lambda do |env|
+        env[CONTEXT_NAME] = ctx
+        env[DB_NAME] = db
+        self.call(env)
+      end
+    end
+
+    helpers do
+      def context
+        env.fetch(CONTEXT_NAME)
+      end
+
+      def db
+        env.fetch(DB_NAME).value
+      end
+    end
+
+    post '/validate' do
+      given_email_hashed = params[:email_hashed]&.to_s&.then { Base64.urlsafe_decode64(_1) } rescue nil
+      given_code = params[:code]&.to_s&.then { _1.include?('-') ? _1 : "#{_1}-1" }
+      halt(400, "email_hashed is required") if !given_email_hashed || given_email_hashed.empty?
+      halt(400, "code is required") if !given_code || given_code.empty?
+
+      result = nil
+
+      cand = db.find_attendee_by_code(given_code)
+      if cand
+        result = OpenSSL.fixed_length_secure_compare(cand.email_hashed, given_email_hashed) ? "ok" : "email_mismatch"
+      end
+
+      unless result
+        cands = db.find_attendees_by_email(given_email_hashed)
+        result = cands.empty? ? "not_found" : "code_mismatch"
+      end
+
+      content_type :json
+      JSON.pretty_generate(
+        meta: {
+          db: db.current.to_h,
+        },
+        result:,
+      )
+    end
+  end
+end

attendee-gate/app.rb

@@ -0,0 +1,11 @@
+require_relative './app'
+require_relative './index'
+require 'logger'
+logger = Logger.new($stdout)
+$stdout.sync = true
+run AttendeeGate::App.rack(
+  s3: Aws::S3::Client.new(logger:),
+  s3_bucket: ENV.fetch('S3_BUCKET','rk-attendee-gate'),
+  s3_key: ENV.fetch('S3_KEY','dev/dev.sqlite3'),
+  hash_key: '',
+)