only check dynamo for paid membership

devksingh4 · devksingh4 · commit eb53057acd79 · 2025-03-20T01:38:49.000Z
diff --git a/src/api/functions/entraId.ts b/src/api/functions/entraId.ts
@@ -26,6 +26,7 @@ import {
 import { UserProfileDataBase } from "common/types/msGraphApi.js";
 import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
+import { checkPaidMembershipFromTable } from "./membership.js";
 
 function validateGroupId(groupId: string): boolean {
   const groupIdPattern = /^[a-zA-Z0-9-]+$/; // Adjust the pattern as needed
@@ -198,6 +199,7 @@ export async function resolveEmailToOid(
  * @param email - The email address of the user to add or remove.
  * @param group - The group ID to take action on.
  * @param action - Whether to add or remove the user from the group.
+ * @param dynamoClient - DynamoDB client
  * @throws {EntraGroupError} If the group action fails.
  * @returns {Promise<boolean>} True if the action was successful.
  */
@@ -206,6 +208,7 @@ export async function modifyGroup(
   email: string,
   group: string,
   action: EntraGroupActions,
+  dynamoClient: DynamoDBClient,
 ): Promise<boolean> {
   email = email.toLowerCase().replace(/\s/g, "");
   if (!email.endsWith("@illinois.edu")) {
@@ -228,14 +231,8 @@ export async function modifyGroup(
     action === EntraGroupActions.ADD
   ) {
     const netId = email.split("@")[0];
-    const response = await fetch(
-      `https://membership.acm.illinois.edu/api/v1/checkMembership?netId=${netId}`,
-    );
-    const membershipStatus = (await response.json()) as {
-      netId: string;
-      isPaidMember: boolean;
-    };
-    if (!membershipStatus["isPaidMember"]) {
+    const isPaidMember = checkPaidMembershipFromTable(netId, dynamoClient); // we assume users have been provisioned into the table.
+    if (!isPaidMember) {
       throw new EntraGroupError({
         message: `${netId} is not a paid member. This group requires that all members are paid members.`,
         group,
diff --git a/src/api/functions/membership.ts b/src/api/functions/membership.ts
@@ -6,34 +6,10 @@ import {
 } from "@aws-sdk/client-dynamodb";
 import { marshall } from "@aws-sdk/util-dynamodb";
 import { genericConfig } from "common/config.js";
-import { FastifyBaseLogger } from "fastify";
 import { isUserInGroup, modifyGroup } from "./entraId.js";
 import { EntraGroupError } from "common/errors/index.js";
 import { EntraGroupActions } from "common/types/iam.js";
 
-export async function checkPaidMembership(
-  endpoint: string,
-  log: FastifyBaseLogger,
-  netId: string,
-) {
-  const membershipApiPayload = (await (
-    await fetch(`${endpoint}?netId=${netId}`)
-  ).json()) as { netId: string; isPaidMember: boolean };
-  log.trace(`Got Membership API Payload for ${netId}: ${membershipApiPayload}`);
-  try {
-    return membershipApiPayload["isPaidMember"];
-  } catch (e: unknown) {
-    if (!(e instanceof Error)) {
-      log.error(
-        "Failed to get response from membership API (unknown error type.)",
-      );
-      throw e;
-    }
-    log.error(`Failed to get response from membership API: ${e.toString()}`);
-    throw e;
-  }
-}
-
 export async function checkPaidMembershipFromTable(
   netId: string,
   dynamoClient: DynamoDBClient,
@@ -140,6 +116,7 @@ export async function setPaidMembership({
     `${netId}@illinois.edu`,
     paidMemberGroup,
     EntraGroupActions.ADD,
+    dynamoClient,
   );
 
   return { updated: true };
diff --git a/src/api/functions/mobileWallet.ts b/src/api/functions/mobileWallet.ts
@@ -104,7 +104,7 @@ export async function issueAppleWalletMembershipCard(
     pkpass.backFields.push({
       label: "Verification URL",
       key: "iss",
-      value: `https://membership.acm.illinois.edu/verify/${email.split("@")[0]}`,
+      value: "https://membership.acm.illinois.edu",
     });
   } else {
     pkpass.backFields.push({
diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts
@@ -314,12 +314,24 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
       );
       const addResults = await Promise.allSettled(
         request.body.add.map((email) =>
-          modifyGroup(entraIdToken, email, groupId, EntraGroupActions.ADD),
+          modifyGroup(
+            entraIdToken,
+            email,
+            groupId,
+            EntraGroupActions.ADD,
+            fastify.dynamoClient,
+          ),
         ),
       );
       const removeResults = await Promise.allSettled(
         request.body.remove.map((email) =>
-          modifyGroup(entraIdToken, email, groupId, EntraGroupActions.REMOVE),
+          modifyGroup(
+            entraIdToken,
+            email,
+            groupId,
+            EntraGroupActions.REMOVE,
+            fastify.dynamoClient,
+          ),
         ),
       );
       const response: Record<string, Record<string, string>[]> = {
diff --git a/src/api/routes/mobileWallet.ts b/src/api/routes/mobileWallet.ts
@@ -5,7 +5,7 @@ import {
   ValidationError,
 } from "../../common/errors/index.js";
 import { z } from "zod";
-import { checkPaidMembership } from "../functions/membership.js";
+import { checkPaidMembershipFromTable } from "../functions/membership.js";
 import {
   AvailableSQSFunctions,
   SQSPayload,
@@ -62,10 +62,9 @@ const mobileWalletRoute: FastifyPluginAsync = async (fastify, _options) => {
       const isPaidMember =
         (fastify.runEnvironment === "dev" &&
           request.query.email === "testinguser@illinois.edu") ||
-        (await checkPaidMembership(
-          fastify.environmentConfig.MembershipApiEndpoint,
-          request.log,
+        (await checkPaidMembershipFromTable(
           request.query.email.replace("@illinois.edu", ""),
+          fastify.dynamoClient,
         ));
       if (!isPaidMember) {
         throw new UnauthenticatedError({
diff --git a/src/common/config.ts b/src/common/config.ts
@@ -85,7 +85,7 @@ const environmentConfig: EnvironmentConfigType = {
     PasskitIdentifier: "pass.org.acmuiuc.qa.membership",
     PasskitSerialNumber: "0",
     MembershipApiEndpoint:
-      "https://infra-membership-api.aws.qa.acmuiuc.org/api/v1/checkMembership",
+      "https://core.aws.qa.acmuiuc.org/api/v1/membership",
     EmailDomain: "aws.qa.acmuiuc.org",
     SqsQueueUrl:
       "https://sqs.us-east-1.amazonaws.com/427040638965/infra-core-api-sqs",
@@ -104,7 +104,7 @@ const environmentConfig: EnvironmentConfigType = {
     PasskitIdentifier: "pass.edu.illinois.acm.membership",
     PasskitSerialNumber: "0",
     MembershipApiEndpoint:
-      "https://infra-membership-api.aws.acmuiuc.org/api/v1/checkMembership",
+      "https://core.acm.illinois.edu/api/v1/membership",
     EmailDomain: "acm.illinois.edu",
     SqsQueueUrl:
       "https://sqs.us-east-1.amazonaws.com/298118738376/infra-core-api-sqs",
