From aa9c8ba2f67f9ef52ae77dd08a9f2f987dd5a078 Mon Sep 17 00:00:00 2001 From: August Kilponen Date: Wed, 2 Oct 2024 15:44:45 +0300 Subject: [PATCH] =?UTF-8?q?Laitettu=20Lampi-lambdan=20autentikaatio=20p?= =?UTF-8?q?=C3=A4=C3=A4lle?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cdk/lambda/lampi/LampiFileChangedReceiver.ts | 32 ++++++++++++++++++++ cdk/lib/lambda-stack.ts | 20 ++++++++++++ 2 files changed, 52 insertions(+) diff --git a/cdk/lambda/lampi/LampiFileChangedReceiver.ts b/cdk/lambda/lampi/LampiFileChangedReceiver.ts index c8a5387..b36f8a4 100644 --- a/cdk/lambda/lampi/LampiFileChangedReceiver.ts +++ b/cdk/lambda/lampi/LampiFileChangedReceiver.ts @@ -1,20 +1,51 @@ +/* eslint @typescript-eslint/no-var-requires: "off" */ import { SendMessageCommand, SQSClient } from '@aws-sdk/client-sqs'; import { APIGatewayProxyEventV2 } from 'aws-lambda'; import { Context } from 'aws-lambda/handler'; import { LampiEvent, LampiS3Event, lampiKeyExists } from './common'; +const { SSMClient, GetParameterCommand } = require('@aws-sdk/client-ssm'); + exports.handler = async (event: APIGatewayProxyEventV2, context: Context) => { + const awsRegion = process.env.AWS_REGION; + console.log(`AWS Region: ${awsRegion}`); + + const lampiAuthTokenSecretName = process.env.lampiAuthTokenSecretName; + console.log(`lampiAuthTokenSecretName: ${lampiAuthTokenSecretName}`); + + const parameterCommand = new GetParameterCommand({ + Name: lampiAuthTokenSecretName, + WithDecryption: true, + }); + + const ssmClient = new SSMClient({ region: awsRegion }); + const ssmResponse = await ssmClient.send(parameterCommand); + + const lampiAuthToken = ssmResponse.Parameter.Value; + console.log(`lampiAuthToken: ${lampiAuthToken}`); + console.log(JSON.stringify(event, null, 4)); + if (!event?.body) { console.error('Viestissä ei ollut bodya tai viesti oli tyhjä'); return { statusCode: 500, }; } + const lampiEvent: LampiEvent = JSON.parse(event.body); + + if (lampiEvent.token !== lampiAuthToken) { + console.error('Autentikaatio epäonnistui!'); + return { + statusCode: 401, + }; + } + const lampiS3Event: LampiS3Event = lampiEvent.s3; const lampiKey = lampiS3Event.object.key; + if (lampiKeyExists(lampiKey)) { console.log( `Uusi tunnistettu tiedosto saapunut Lampeen (${lampiKey}). Lähetetään tiedosto ladattavaksi.` @@ -31,6 +62,7 @@ exports.handler = async (event: APIGatewayProxyEventV2, context: Context) => { } else { console.log(`Tuntematon tiedosto: ${lampiKey}`); } + return { statusCode: 200, }; diff --git a/cdk/lib/lambda-stack.ts b/cdk/lib/lambda-stack.ts index 0662d30..1c84828 100644 --- a/cdk/lib/lambda-stack.ts +++ b/cdk/lib/lambda-stack.ts @@ -434,6 +434,8 @@ export class LambdaStack extends cdk.Stack { } ); + const lampiAuthTokenSecretName = `/${config.environment}/lambda/lampi-auth-token`; + const lampiTiedostoMuuttunutLambda = new lambdaNodejs.NodejsFunction( this, lampiTiedostoMuuttunutLambdaName, @@ -451,6 +453,7 @@ export class LambdaStack extends cdk.Stack { environment: { environment: config.environment, lampiSiirtotiedostoQueueUrl: lampiSiirtotiedostoQueue.queueUrl, + lampiAuthTokenSecretName: lampiAuthTokenSecretName, }, bundling: { commandHooks: { @@ -470,6 +473,23 @@ export class LambdaStack extends cdk.Stack { }) ); + /* + const lampiAuthTokenParam = ssm.StringParameter.fromStringParameterName( + this, + 'LampiAuthTokenParam', + lampiAuthTokenSecretName, + ); + */ + + const lampiAuthTokenParam = ssm.StringParameter.fromSecureStringParameterAttributes( + this, + 'LampiAuthTokenParam', + { + parameterName: lampiAuthTokenSecretName, + } + ); + lampiAuthTokenParam.grantRead(lampiTiedostoMuuttunutLambda); + const lampiTiedostoMuuttunutLambdaUrl = lampiTiedostoMuuttunutLambda.addFunctionUrl({ authType: lambda.FunctionUrlAuthType.NONE, });