Added default authorizer, updated event.jsons to reflect httpv2 api s…

…yntax, added waf, cloudfront, s3, acm cloudformation
seanturner026 · Jan 17, 2021 · ff0ffbf · ff0ffbf
1 parent 5152439
commit ff0ffbf
Show file tree

Hide file tree

Showing 42 changed files with 435 additions and 140 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -13,6 +13,6 @@ indent_style = tab
 indent_size = 4
 indent_style = space
 
-[*.{json,sh,tf,tfvars,vue,yaml,yml}]
+[*.{js,json,sh,tf,tfvars,vue,yaml,yml}]
 indent_size = 2
 indent_style = space
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 .serverless
 
 # golang output binary directory
+archive
 bin
 
 # golang vendor (dependencies) directory
@@ -22,5 +23,3 @@ vendor
 
 .env.*
 .DS_Store
-
-cmd/scratch*
diff --git a/Makefile b/Makefile
@@ -11,6 +11,8 @@ build:
 	env GOOS=linux go build -ldflags="-s -w" -o bin/login_user          cmd/login_user/main.go
 	env GOOS=linux go build -ldflags="-s -w" -o bin/release             cmd/release/main.go
 	env GOOS=linux go build -ldflags="-s -w" -o bin/reset_user_password cmd/reset_user_password/main.go
+	env GOOS=linux go build -ldflags="-s -w" -o bin/verify_auth         cmd/verify_auth/main.go
+
 
 test:
 	@printf "\n"
@@ -24,8 +26,22 @@ test:
 	./cmd/login_user \
 	./cmd/release \
 	./cmd/reset_user_password \
+	./cmd/verify_auth \
+
+compress:
+	@printf "\n"
+	zip archive/CreateRepo.zip        bin/create_repo
+	zip archive/CreateUser.zip        bin/create_user
+	zip archive/DeleteRepo.zip        bin/delete_repo
+	zip archive/DeleteUser.zip        bin/delete_user
+	zip archive/ListRepos.zip         bin/list_repos
+	zip archive/ListUsers.zip         bin/list_users
+	zip archive/LoginUser.zip         bin/login_user
+	zip archive/Release.zip           bin/release
+	zip archive/ResetUserPassword.zip bin/reset_user_password
+	zip archive/VerifyAuth.zip        bin/verify_auth
 
-deploy: build test
+deploy: build test compress
 	@printf "\n"
 	serverless deploy --verbose  --aws-profile ${AWS_DEFAULT_PROFILE}
 

diff --git a/cmd/create_repo/event.json b/cmd/create_repo/event.json
@@ -1,6 +1,18 @@
 {
-  "repo_name": "pygithub-go-github-playground",
-  "repo_owner": "seanturner026",
-  "branch_head": "new",
-  "branch_base": "develop"
+  "resource": "/",
+  "path": "/create/repo",
+  "httpMethod": "POST",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "POST",
+    "path": "/create/repo"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{\"repo_name\": \"string\", \"repo_owner\": \"string\", \"branch_head\": \"string\", \"branch_base\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/create_repo/main.go b/cmd/create_repo/main.go
@@ -43,7 +43,7 @@ func generatePutItemInput(e createRepoEvent) (createRepoEvent, map[string]*dynam
 	return e, itemInput, nil
 }
 
-func (app *application) writeRepoToDB(e createRepoEvent, itemInput map[string]*dynamodb.AttributeValue) error {
+func (app application) writeRepoToDB(e createRepoEvent, itemInput map[string]*dynamodb.AttributeValue) error {
 	input := &dynamodb.PutItemInput{
 		ReturnConsumedCapacity: aws.String("TOTAL"),
 		TableName:              aws.String(app.config.TableName),
@@ -62,7 +62,7 @@ func (app *application) writeRepoToDB(e createRepoEvent, itemInput map[string]*d
 	return nil
 }
 
-func (app *application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := createRepoEvent{}

diff --git a/cmd/create_user/event.json b/cmd/create_user/event.json
@@ -1,3 +1,18 @@
 {
-  "email_address": "string"
+  "resource": "/",
+  "path": "/create/user",
+  "httpMethod": "POST",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "POST",
+    "path": "/create/user"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{\"email_address\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/create_user/main.go b/cmd/create_user/main.go
@@ -29,7 +29,7 @@ type configuration struct {
 	idp        cidpif.CognitoIdentityProviderAPI
 }
 
-func (app *application) createUser(e createUserEvent) error {
+func (app application) createUser(e createUserEvent) error {
 	input := &cidp.AdminCreateUserInput{
 		UserPoolId:             aws.String(app.config.UserPoolID),
 		Username:               aws.String(e.EmailAddress),
@@ -55,7 +55,7 @@ func (app *application) createUser(e createUserEvent) error {
 	return nil
 }
 
-func (app *application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := createUserEvent{}

diff --git a/cmd/delete_repo/event.json b/cmd/delete_repo/event.json
@@ -1,3 +1,18 @@
 {
-  "repo_name": "pygithub-go-github-playground"
+  "resource": "/",
+  "path": "/delete/repo",
+  "httpMethod": "POST",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "POST",
+    "path": "/delete/repo"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{\"repo_name\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/delete_repo/main.go b/cmd/delete_repo/main.go
@@ -29,7 +29,7 @@ type configuration struct {
 	db        dynamodbiface.DynamoDBAPI
 }
 
-func (app *application) deleteRepo(e deleteRepoEvent) error {
+func (app application) deleteRepo(e deleteRepoEvent) error {
 	input := &dynamodb.DeleteItemInput{
 		Key: map[string]*dynamodb.AttributeValue{
 			"pk": {
@@ -57,7 +57,7 @@ func (app *application) deleteRepo(e deleteRepoEvent) error {
 	return nil
 }
 
-func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := deleteRepoEvent{}

diff --git a/cmd/delete_user/event.json b/cmd/delete_user/event.json
@@ -1,3 +1,18 @@
 {
-  "email_address": "string"
+  "resource": "/",
+  "path": "/delete/user",
+  "httpMethod": "POST",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "POST",
+    "path": "/delete/user"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{\"email_address\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/delete_user/main.go b/cmd/delete_user/main.go
@@ -29,7 +29,7 @@ type configuration struct {
 	idp        cidpif.CognitoIdentityProviderAPI
 }
 
-func (app *application) deleteUser(e deleteUserEvent) error {
+func (app application) deleteUser(e deleteUserEvent) error {
 	input := &cidp.AdminDeleteUserInput{
 		UserPoolId: aws.String(os.Getenv("USER_POOL_ID")),
 		Username:   aws.String(e.EmailAddress),
@@ -47,7 +47,7 @@ func (app *application) deleteUser(e deleteUserEvent) error {
 	return nil
 }
 
-func (app *application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := deleteUserEvent{}

diff --git a/cmd/list_repos/event.json b/cmd/list_repos/event.json
@@ -1,3 +1,18 @@
 {
-  "repo_owner": "seanturner026"
+  "resource": "/",
+  "path": "/list/repos",
+  "httpMethod": "GET",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "GET",
+    "path": "/list/repos"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{\"repo_owner\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/list_repos/main.go b/cmd/list_repos/main.go
@@ -39,7 +39,7 @@ type configuration struct {
 	db                       dynamodbiface.DynamoDBAPI
 }
 
-func (app *application) listRepos(e listReposEvent) (dynamodb.QueryOutput, error) {
+func (app application) listRepos(e listReposEvent) (dynamodb.QueryOutput, error) {
 	input := &dynamodb.QueryInput{
 		ExpressionAttributeValues: map[string]*dynamodb.AttributeValue{
 			":type": {
@@ -68,7 +68,7 @@ func (app *application) listRepos(e listReposEvent) (dynamodb.QueryOutput, error
 	return *resp, err
 }
 
-func (app *application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := listReposEvent{}
@@ -100,8 +100,7 @@ func (app *application) handler(event events.APIGatewayProxyRequest) (events.API
 	var buf bytes.Buffer
 	json.HTMLEscape(&buf, body)
 
-	log.Printf("[DEBUG] body %v", buf.String())
-	resp := events.APIGatewayProxyResponse{
+	resp := events.APIGatewayV2HTTPResponse{
 		StatusCode:      statusCode,
 		Headers:         headers,
 		Body:            buf.String(),

diff --git a/cmd/list_users/main.go b/cmd/list_users/main.go
@@ -37,7 +37,7 @@ func (userNames *listUsersResponse) appendUserToResponse(user userName) {
 	userNames.Users = append(userNames.Users, user)
 }
 
-func (app *application) listUsers() (listUsersResponse, error) {
+func (app application) listUsers() (listUsersResponse, error) {
 	input := &cidp.ListUsersInput{
 		AttributesToGet: aws.StringSlice([]string{"email"}),
 		Limit:           aws.Int64(60),
@@ -63,7 +63,7 @@ func (app *application) listUsers() (listUsersResponse, error) {
 	return *userNames, nil
 }
 
-func (app *application) handler() (events.APIGatewayProxyResponse, error) {
+func (app application) handler() (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	userNames, err := app.listUsers()
@@ -81,7 +81,7 @@ func (app *application) handler() (events.APIGatewayProxyResponse, error) {
 
 	var buf bytes.Buffer
 	json.HTMLEscape(&buf, body)
-	resp := events.APIGatewayProxyResponse{
+	resp := events.APIGatewayV2HTTPResponse{
 		StatusCode:      statusCode,
 		Headers:         headers,
 		Body:            buf.String(),

diff --git a/cmd/login_user/event.json b/cmd/login_user/event.json
@@ -1,4 +1,18 @@
 {
-  "email_address": "string",
-  "password": "string"
+  "resource": "/",
+  "path": "/login/user",
+  "httpMethod": "POST",
+  "requestContext": {
+    "resourcePath": "/",
+    "httpMethod": "POST",
+    "path": "/login/user"
+  },
+  "headers": {},
+  "multiValueHeaders": {},
+  "queryStringParameters": null,
+  "multiValueQueryStringParameters": null,
+  "pathParameters": null,
+  "stageVariables": null,
+  "body": "{ \"email_address\": \"string\",\"password\": \"string\"}",
+  "isBase64Encoded": false
 }
diff --git a/cmd/login_user/main.go b/cmd/login_user/main.go
@@ -38,7 +38,7 @@ type loginUserResponse struct {
 	UserID              string `json:"user_id,omitempty"`
 }
 
-func (app *application) getUserPoolClientSecret() (string, error) {
+func (app application) getUserPoolClientSecret() (string, error) {
 	input := &cidp.DescribeUserPoolClientInput{
 		UserPoolId: aws.String(app.config.UserPoolID),
 		ClientId:   aws.String(app.config.ClientPoolID),
@@ -57,7 +57,7 @@ func (app *application) getUserPoolClientSecret() (string, error) {
 	return *resp.UserPoolClient.ClientSecret, nil
 }
 
-func (app *application) loginUser(e loginUserEvent, secretHash string) (loginUserResponse, error) {
+func (app application) loginUser(e loginUserEvent, secretHash string) (loginUserResponse, error) {
 	input := &cidp.InitiateAuthInput{
 		AuthFlow: aws.String("USER_PASSWORD_AUTH"),
 		AuthParameters: map[string]*string{
@@ -80,21 +80,24 @@ func (app *application) loginUser(e loginUserEvent, secretHash string) (loginUse
 		return loginUserResp, err
 	}
 
-	if *resp.ChallengeName == "NEW_PASSWORD_REQUIRED" {
-		log.Printf("[INFO] New password required for %v", e.EmailAddress)
-		loginUserResp.NewPasswordRequired = true
-		loginUserResp.SessionID = *resp.Session
-		loginUserResp.UserID = *resp.ChallengeParameters["USER_ID_FOR_SRP"]
-		return loginUserResp, nil
+	if resp.ChallengeName != nil {
+		if *resp.ChallengeName == "NEW_PASSWORD_REQUIRED" {
+			log.Printf("[INFO] New password required for %v", e.EmailAddress)
+			loginUserResp.NewPasswordRequired = true
+			loginUserResp.SessionID = *resp.Session
+			loginUserResp.UserID = *resp.ChallengeParameters["USER_ID_FOR_SRP"]
+			return loginUserResp, nil
+		}
 	}
 
 	log.Printf("[INFO] Authenticated user %v successfully", e.EmailAddress)
+
 	loginUserResp.AccessToken = *resp.AuthenticationResult.AccessToken
 	loginUserResp.NewPasswordRequired = false
 	return loginUserResp, nil
 }
 
-func (app *application) handler(event events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
+func (app application) handler(event events.APIGatewayV2HTTPRequest) (events.APIGatewayV2HTTPResponse, error) {
 	headers := map[string]string{"Content-Type": "application/json"}
 
 	e := loginUserEvent{}