From e0b7956a396f9e8f0494301e0baa5467ce8c18bd Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Thu, 9 Jan 2025 23:31:56 -0600 Subject: [PATCH 1/3] creating membership api dynamo tables Co-authored-by: krivera28 --- cloudformation/iam.yml | 4 +++- cloudformation/main.yml | 32 ++++++++++++++++++++++++-------- 2 files changed, 27 insertions(+), 9 deletions(-) diff --git a/cloudformation/iam.yml b/cloudformation/iam.yml index 756c970..d779558 100644 --- a/cloudformation/iam.yml +++ b/cloudformation/iam.yml @@ -77,6 +77,8 @@ Resources: - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-userroles/* - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-iam-grouproles/* + - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-logs + - !Sub arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-logs/* PolicyName: lambda-dynamo Outputs: @@ -85,4 +87,4 @@ Outputs: Value: Fn::GetAtt: - ApiLambdaIAMRole - - Arn \ No newline at end of file + - Arn diff --git a/cloudformation/main.yml b/cloudformation/main.yml index 823e594..7c1da46 100644 --- a/cloudformation/main.yml +++ b/cloudformation/main.yml @@ -93,7 +93,7 @@ Resources: Environment: Variables: RunEnvironment: !Ref RunEnvironment - VpcConfig: + VpcConfig: Ipv6AllowedForDualStack: !If [ShouldAttachVpc, True, !Ref AWS::NoValue] SecurityGroupIds: !If [ShouldAttachVpc, !FindInMap [EnvironmentToCidr, !Ref RunEnvironment, SecurityGroupIds], !Ref AWS::NoValue] SubnetIds: !If [ShouldAttachVpc, !FindInMap [EnvironmentToCidr, !Ref RunEnvironment, SubnetIds], !Ref AWS::NoValue] @@ -107,7 +107,7 @@ Resources: IamGroupRolesTable: Type: 'AWS::DynamoDB::Table' - DeletionPolicy: "Retain" + DeletionPolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-iam-grouproles @@ -123,7 +123,7 @@ Resources: IamUserRolesTable: Type: 'AWS::DynamoDB::Table' - DeletionPolicy: "Retain" + DeletionPolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-iam-userroles @@ -139,7 +139,7 @@ Resources: EventRecordsTable: Type: 'AWS::DynamoDB::Table' - DeletionPolicy: "Retain" + DeletionPolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-events @@ -162,9 +162,25 @@ Resources: Projection: ProjectionType: ALL + MembershipRecordsTable: + Type: 'AWS::DynamoDB::Table' + DeletionPolicy: "Retain" + Properties: + BillingMode: 'PAY_PER_REQUEST' + TableName: infra-core-api-membership-logs + DeletionProtectionEnabled: true + PointInTimeRecoverySpecification: + PointInTimeRecoveryEnabled: !If [IsProd, true, false] + AttributeDefinitions: + - AttributeName: email + AttributeType: S + KeySchema: + - AttributeName: email + KeyType: HASH + CacheRecordsTable: Type: 'AWS::DynamoDB::Table' - DeletionPolicy: "Retain" + DeletionPolicy: "Retain" Properties: BillingMode: 'PAY_PER_REQUEST' TableName: infra-core-api-cache @@ -183,7 +199,7 @@ Resources: AppApiGateway: Type: AWS::Serverless::Api - DependsOn: + DependsOn: - AppApiLambdaFunction Properties: Name: !Sub ${ApplicationPrefix}-gateway @@ -194,7 +210,7 @@ Resources: Name: AWS::Include Parameters: Location: ./phony-swagger.yml - Domain: + Domain: DomainName: !Sub - "${ApplicationPrefix}.${BaseDomainName}" - BaseDomainName: !FindInMap @@ -296,4 +312,4 @@ Resources: - !Ref AWS::AccountId - ":" - !Ref AppApiGateway - - "/*/*/*" \ No newline at end of file + - "/*/*/*" From 28a89026f69cd436e9c88f8a848ec2de4ac92fff Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Fri, 10 Jan 2025 00:31:42 -0600 Subject: [PATCH 2/3] scaffold the check membership route Co-authored-by: krivera28 --- src/api/functions/validation.ts | 5 +++++ src/api/index.ts | 2 ++ src/api/routes/membership.ts | 34 +++++++++++++++++++++++++++++++++ src/common/config.ts | 3 +++ 4 files changed, 44 insertions(+) create mode 100644 src/api/routes/membership.ts diff --git a/src/api/functions/validation.ts b/src/api/functions/validation.ts index b9f241f..d861667 100644 --- a/src/api/functions/validation.ts +++ b/src/api/functions/validation.ts @@ -5,3 +5,8 @@ export function validateEmail(email: string): boolean { const result = emailSchema.safeParse(email); return result.success; } + +export function validateNetId(netId: string): boolean { + // TODO: write this function to check if the netid matches this regex: [a-zA-Z0-9\-]+ + return true; +} diff --git a/src/api/index.ts b/src/api/index.ts index f82b9d8..21d5888 100644 --- a/src/api/index.ts +++ b/src/api/index.ts @@ -17,6 +17,7 @@ import vendingPlugin from "./routes/vending.js"; import * as dotenv from "dotenv"; import iamRoutes from "./routes/iam.js"; import ticketsPlugin from "./routes/tickets.js"; +import membershipPlugin from "./routes/membership.js"; dotenv.config(); const now = () => Date.now(); @@ -75,6 +76,7 @@ async function init() { api.register(organizationsPlugin, { prefix: "/organizations" }); api.register(icalPlugin, { prefix: "/ical" }); api.register(iamRoutes, { prefix: "/iam" }); + api.register(membershipPlugin, { prefix: "/membership" }); api.register(ticketsPlugin, { prefix: "/tickets" }); if (app.runEnvironment === "dev") { api.register(vendingPlugin, { prefix: "/vending" }); diff --git a/src/api/routes/membership.ts b/src/api/routes/membership.ts new file mode 100644 index 0000000..f7a7c72 --- /dev/null +++ b/src/api/routes/membership.ts @@ -0,0 +1,34 @@ +import { validateNetId } from "api/functions/validation.js"; +import { FastifyPluginAsync } from "fastify"; +import { ValidationError } from "zod-validation-error"; + +const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => { + fastify.get<{ + Body: undefined; + Querystring: { netId: string }; + }>("/:netId", { + schema: { + querystring: { + type: "object", + properties: { + netId: { + type: "string", + }, + }, + }, + }, + }, async (request, reply) => { + const netId = (request.params as Record).netId; + if (!validateNetId(netId)) { // TODO: implement the validateNetId function + throw new ValidationError(`${netId} is not a valid Illinois NetID!`); + } + // TODOs below: + // 1. Check Dynamo table infra-core-api-membership-logs to see if `netid@illinois.edu` has an entry. if yes, return the json {netid: netid, isPaidMember: true} + // 2. Call checkGroupMembership(token, `netid@acm.illinois.edu`, groupId). if yes, {netid: netid, isPaidMember: result} + // 3. If AAD says they're a member, insert this yes result into infra-core-api-membership-logs so that it's cached for the next time. + // request.log.debug(`Checking the group ID ${fastify.environmentConfig.PaidMemberGroupId} for membership`) + reply.send(`Hello, ${netId}!`); + }); +}; + +export default membershipPlugin; diff --git a/src/common/config.ts b/src/common/config.ts index 77857fe..d89b8fb 100644 --- a/src/common/config.ts +++ b/src/common/config.ts @@ -16,6 +16,7 @@ export type ConfigType = { UserRoleMapping: UserRoleMapping; ValidCorsOrigins: ValueOrArray | OriginFunction; AadValidClientId: string; + PaidMemberGroupId: string; }; type GenericConfigType = { @@ -79,6 +80,7 @@ const environmentConfig: EnvironmentConfigType = { /^https:\/\/(?:.*\.)?acmuiuc\.pages\.dev$/, ], AadValidClientId: "39c28870-94e4-47ee-b4fb-affe0bf96c9f", + PaidMemberGroupId: "9222451f-b354-4e64-ba28-c0f367a277c2" }, prod: { GroupRoleMapping: { @@ -109,6 +111,7 @@ const environmentConfig: EnvironmentConfigType = { /^https:\/\/(?:.*\.)?acmuiuc\.pages\.dev$/, ], AadValidClientId: "5e08cf0f-53bb-4e09-9df2-e9bdc3467296", + PaidMemberGroupId: "172fd9ee-69f0-4384-9786-41ff1a43cf8e" }, }; From 8bb0ec76d49ce8788a69bc3140e4174cbe42e140 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Fri, 10 Jan 2025 00:32:08 -0600 Subject: [PATCH 3/3] fix linting --- src/api/routes/membership.ts | 43 ++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/src/api/routes/membership.ts b/src/api/routes/membership.ts index f7a7c72..917bd7b 100644 --- a/src/api/routes/membership.ts +++ b/src/api/routes/membership.ts @@ -6,29 +6,34 @@ const membershipPlugin: FastifyPluginAsync = async (fastify, _options) => { fastify.get<{ Body: undefined; Querystring: { netId: string }; - }>("/:netId", { - schema: { - querystring: { - type: "object", - properties: { - netId: { - type: "string", + }>( + "/:netId", + { + schema: { + querystring: { + type: "object", + properties: { + netId: { + type: "string", + }, }, }, }, }, - }, async (request, reply) => { - const netId = (request.params as Record).netId; - if (!validateNetId(netId)) { // TODO: implement the validateNetId function - throw new ValidationError(`${netId} is not a valid Illinois NetID!`); - } - // TODOs below: - // 1. Check Dynamo table infra-core-api-membership-logs to see if `netid@illinois.edu` has an entry. if yes, return the json {netid: netid, isPaidMember: true} - // 2. Call checkGroupMembership(token, `netid@acm.illinois.edu`, groupId). if yes, {netid: netid, isPaidMember: result} - // 3. If AAD says they're a member, insert this yes result into infra-core-api-membership-logs so that it's cached for the next time. - // request.log.debug(`Checking the group ID ${fastify.environmentConfig.PaidMemberGroupId} for membership`) - reply.send(`Hello, ${netId}!`); - }); + async (request, reply) => { + const netId = (request.params as Record).netId; + if (!validateNetId(netId)) { + // TODO: implement the validateNetId function + throw new ValidationError(`${netId} is not a valid Illinois NetID!`); + } + // TODOs below: + // 1. Check Dynamo table infra-core-api-membership-logs to see if `netid@illinois.edu` has an entry. if yes, return the json {netid: netid, isPaidMember: true} + // 2. Call checkGroupMembership(token, `netid@acm.illinois.edu`, groupId). if yes, {netid: netid, isPaidMember: result} + // 3. If AAD says they're a member, insert this yes result into infra-core-api-membership-logs so that it's cached for the next time. + // request.log.debug(`Checking the group ID ${fastify.environmentConfig.PaidMemberGroupId} for membership`) + reply.send(`Hello, ${netId}!`); + }, + ); }; export default membershipPlugin;