add external list support

Author: devksingh4

cloudformation/iam.yml

@@ -68,6 +68,7 @@ Resources:
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-provisioning
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-external
 
           - Sid: DynamoDBCacheAccess
             Effect: Allow

cloudformation/main.yml

@@ -275,6 +275,23 @@ Resources:
         - AttributeName: email
           KeyType: HASH
 
+  ExternalMembershipRecordsTable:
+    Type: "AWS::DynamoDB::Table"
+    DeletionPolicy: "Retain"
+    UpdateReplacePolicy: "Retain"
+    Properties:
+      BillingMode: "PAY_PER_REQUEST"
+      TableName: infra-core-api-membership-external
+      DeletionProtectionEnabled: true
+      PointInTimeRecoverySpecification:
+        PointInTimeRecoveryEnabled: !If [IsProd, true, false]
+      AttributeDefinitions:
+        - AttributeName: netid_list
+          AttributeType: S
+      KeySchema:
+        - AttributeName: netid_list
+          KeyType: HASH
+
   IamGroupRolesTable:
     Type: "AWS::DynamoDB::Table"
     DeletionPolicy: "Retain"

src/api/functions/membership.ts

@@ -10,6 +10,29 @@ import { isUserInGroup, modifyGroup } from "./entraId.js";
 import { EntraGroupError } from "common/errors/index.js";
 import { EntraGroupActions } from "common/types/iam.js";
 
+export async function checkExternalMembership(
+  netId: string,
+  list: string,
+  dynamoClient: DynamoDBClient,
+): Promise<boolean> {
+  const { Items } = await dynamoClient.send(
+    new QueryCommand({
+      TableName: genericConfig.ExternalMembershipTableName,
+      KeyConditionExpression: "#pk = :pk",
+      ExpressionAttributeNames: {
+        "#pk": "netid_list",
+      },
+      ExpressionAttributeValues: marshall({
+        ":pk": `${netId}_${list}`,
+      }),
+    }),
+  );
+  if (!Items || Items.length == 0) {
+    return false;
+  }
+  return true;
+}
+
 export async function checkPaidMembershipFromTable(
   netId: string,
   dynamoClient: DynamoDBClient,

src/api/routes/membership.ts

@@ -1,4 +1,5 @@
 import {
+  checkExternalMembership,
   checkPaidMembershipFromEntra,
   checkPaidMembershipFromTable,
   setPaidMembershipInTable,
@@ -14,7 +15,7 @@ import { getEntraIdToken } from "api/functions/entraId.js";
 import { genericConfig, roleArns } from "common/config.js";
 import { getRoleCredentials } from "api/functions/sts.js";
 import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
-import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
+import { DynamoDBClient, QueryCommand } from "@aws-sdk/client-dynamodb";
 import rateLimiter from "api/plugins/rateLimiter.js";
 import { createCheckoutSession } from "api/functions/stripe.js";
 import { getSecretValue } from "api/plugins/auth.js";
@@ -70,9 +71,9 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
     });
     fastify.get<{
       Body: undefined;
-      Querystring: { netId: string };
+      Params: { netId: string };
     }>("/checkout/:netId", async (request, reply) => {
-      const netId = (request.params as Record<string, string>).netId;
+      const netId = request.params.netId;
       if (!validateNetId(netId)) {
         throw new ValidationError({
           message: `${netId} is not a valid Illinois NetID!`,
@@ -143,26 +144,50 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
     });
     fastify.get<{
       Body: undefined;
-      Querystring: { netId: string };
+      Querystring: { list?: string };
+      Params: { netId: string };
     }>("/:netId", async (request, reply) => {
-      const netId = (request.params as Record<string, string>).netId;
+      const netId = request.params.netId;
+      const list = request.query.list || "acmpaid";
       if (!validateNetId(netId)) {
         throw new ValidationError({
           message: `${netId} is not a valid Illinois NetID!`,
         });
       }
-      if (fastify.nodeCache.get(`isMember_${netId}`) !== undefined) {
+      if (fastify.nodeCache.get(`isMember_${netId}_${list}`) !== undefined) {
         return reply.header("X-ACM-Data-Source", "cache").send({
           netId,
-          isPaidMember: fastify.nodeCache.get(`isMember_${netId}`),
+          list: list === "acmpaid" ? undefined : list,
+          isPaidMember: fastify.nodeCache.get(`isMember_${netId}_${list}`),
+        });
+      }
+      if (list !== "acmpaid") {
+        const isMember = await checkExternalMembership(
+          netId,
+          list,
+          fastify.dynamoClient,
+        );
+        fastify.nodeCache.set(
+          `isMember_${netId}_${list}`,
+          isMember,
+          MEMBER_CACHE_SECONDS,
+        );
+        return reply.header("X-ACM-Data-Source", "dynamo").send({
+          netId,
+          list,
+          isPaidMember: isMember,
         });
       }
       const isDynamoMember = await checkPaidMembershipFromTable(
         netId,
         fastify.dynamoClient,
       );
       if (isDynamoMember) {
-        fastify.nodeCache.set(`isMember_${netId}`, true, MEMBER_CACHE_SECONDS);
+        fastify.nodeCache.set(
+          `isMember_${netId}_${list}`,
+          true,
+          MEMBER_CACHE_SECONDS,
+        );
         return reply
           .header("X-ACM-Data-Source", "dynamo")
           .send({ netId, isPaidMember: true });
@@ -178,15 +203,19 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => {
         paidMemberGroup,
       );
       if (isAadMember) {
-        fastify.nodeCache.set(`isMember_${netId}`, true, MEMBER_CACHE_SECONDS);
+        fastify.nodeCache.set(
+          `isMember_${netId}_${list}`,
+          true,
+          MEMBER_CACHE_SECONDS,
+        );
         reply
           .header("X-ACM-Data-Source", "aad")
           .send({ netId, isPaidMember: true });
         await setPaidMembershipInTable(netId, fastify.dynamoClient);
         return;
       }
       fastify.nodeCache.set(
-        `isMember_${netId}`,
+        `isMember_${netId}_${list}`,
         false,
         NONMEMBER_CACHE_SECONDS,
       );

src/common/config.ts

@@ -35,6 +35,7 @@ export type GenericConfigType = {
   TicketPurchasesTableName: string;
   TicketMetadataTableName: string;
   MembershipTableName: string;
+  ExternalMembershipTableName: string;
   MerchStoreMetadataTableName: string;
   IAMTablePrefix: string;
   ProtectedEntraIDGroups: string[]; // these groups are too privileged to be modified via this portal and must be modified directly in Entra ID.
@@ -70,6 +71,7 @@ const genericConfig: GenericConfigType = {
   IAMTablePrefix: "infra-core-api-iam",
   ProtectedEntraIDGroups: [infraChairsGroupId, officersGroupId],
   MembershipTableName: "infra-core-api-membership-provisioning",
+  ExternalMembershipTableName: "infra-membership-api-external-lists"
 } as const;
 
 const environmentConfig: EnvironmentConfigType = {