Fix more bugs

Co-authored-by: Ezequiel Bellver <ebellver@itba.edu.ar>

.gitignore

@@ -64,3 +64,4 @@ ses/
 ses.tf
 backup/
 backup.tf
+.vscode

terraform/modules/cognito/main.tf

@@ -47,6 +47,10 @@ resource "aws_cognito_user_pool" "this" {
     }
   }
 
+  lambda_config {
+    pre_sign_up = var.lambda_pre_sign_up
+  }
+
   username_configuration {
     case_sensitive = var.enable_username_case_sensitivity
   }
@@ -74,8 +78,6 @@ resource "aws_cognito_user_pool" "this" {
   email_configuration {
     email_sending_account = "COGNITO_DEFAULT"
   }
-
-  # auto_verified_attributes = ["email"]
 }
 
 resource "aws_cognito_user_pool_client" "this" {
@@ -88,16 +90,16 @@ resource "aws_cognito_user_pool_client" "this" {
   allowed_oauth_flows                  = ["code"]
   allowed_oauth_scopes                 = ["email", "openid", "phone"]
   supported_identity_providers         = ["COGNITO"]
-  id_token_validity                    = "60"
-  access_token_validity                = "60"
+  id_token_validity                    = "1"
+  access_token_validity                = "1"
   explicit_auth_flows                  = ["ALLOW_CUSTOM_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_SRP_AUTH"]
   prevent_user_existence_errors        = "ENABLED"
   read_attributes                      = ["address", "birthdate", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo"]
   write_attributes                     = ["address", "birthdate", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo"]
 
   token_validity_units {
-    access_token  = "minutes"
-    id_token      = "minutes"
+    access_token  = "days"
+    id_token      = "days"
     refresh_token = "days"
   }
 }
@@ -105,5 +107,12 @@ resource "aws_cognito_user_pool_client" "this" {
 resource "aws_cognito_user_pool_domain" "this" {
   domain       = var.domain
   user_pool_id = aws_cognito_user_pool.this.id
-  # certificate_arn = var.certificate_arn
+}
+
+resource "aws_lambda_permission" "this" {
+  statement_id  = "AllowExecutionFromUserPool"
+  action        = "lambda:InvokeFunction"
+  function_name = var.lambda_function_name
+  principal     = "cognito-idp.amazonaws.com"
+  source_arn    = aws_cognito_user_pool.this.arn
 }

terraform/modules/cognito/variables.tf

@@ -3,22 +3,22 @@
 
 variable "name" {
   type        = string
-  description = "(Required) The name of the user pool."
+  description = "The name of the user pool."
 }
 
 variable "client_name" {
   type        = string
-  description = "(Required) The name of the client user pool."
+  description = "The name of the client user pool."
 }
 
 variable "alias_attributes" {
   type        = set(string)
-  description = "(Optional) Attributes supported as an alias for this user pool. Possible values: 'phone_number', 'email', or 'preferred_username'. Conflicts with username_attributes."
+  description = "Attributes supported as an alias for this user pool. Possible values: 'phone_number', 'email', or 'preferred_username'. Conflicts with username_attributes."
   default     = null
 }
 
 variable "domain" {
-  description = "(Optional) Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens."
+  description = "Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens."
   type        = string
   default     = null
 }
@@ -31,69 +31,78 @@ variable "redirect_url" {
 
 variable "account_recovery_mechanisms" {
   type        = any
-  description = "(Optional) A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri  fied_email, verified_phone_number, and admin_only."
+  description = "A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri  fied_email, verified_phone_number, and admin_only."
   default     = []
 }
 
 variable "enable_username_case_sensitivity" {
   type        = bool
-  description = "(Optional) Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs."
+  description = "Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs."
   default     = false
 }
 
 variable "password_minimum_length" {
   type        = number
-  description = "(Optional) The minimum length of the password policy that you have set."
+  description = "The minimum length of the password policy that you have set."
   default     = 20
 }
 
 variable "password_require_lowercase" {
   type        = bool
-  description = "(Optional) Whether you have required users to use at least one lowercase letter in their password."
+  description = "Whether you have required users to use at least one lowercase letter in their password."
   default     = true
 }
 
 variable "password_require_numbers" {
   type        = bool
-  description = "(Optional) Whether you have required users to use at least one number in their password."
+  description = "Whether you have required users to use at least one number in their password."
   default     = true
 }
 
 variable "password_require_symbols" {
   type        = bool
-  description = "(Optional) Whether you have required users to use at least one symbol in their password."
+  description = "Whether you have required users to use at least one symbol in their password."
   default     = true
 }
 
 variable "password_require_uppercase" {
   type        = bool
-  description = "(Optional) Whether you have required users to use at least one uppercase letter in their password."
+  description = "Whether you have required users to use at least one uppercase letter in their password."
   default     = true
 }
 
 variable "temporary_password_validity_days" {
   type        = number
-  description = "(Optional) In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator."
+  description = "In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator."
   default     = 1
 }
 
 variable "schema_attributes" {
-  description = "(Optional) A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes."
+  description = "A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes."
   type        = any
   default     = []
 }
 
 variable "tags" {
   type        = map(string)
-  description = "(Optional) A mapping of tags to assign to the resource."
+  description = "A mapping of tags to assign to the resource."
   default     = {}
 }
 
 variable "auto_verified_attributes" {
   type        = set(string)
-  description = "(Optional) The attributes to be auto-verified. Possible values: 'email', 'phone_number'."
+  description = "The attributes to be auto-verified. Possible values: 'email', 'phone_number'."
   default = [
     "email"
   ]
 }
 
+variable "lambda_pre_sign_up" {
+  type        = string
+  description = "The ARN of a pre-registration AWS Lambda trigger."
+}
+
+variable "lambda_function_name" {
+  description = "Lambda name"
+  type        = string
+}

terraform/organization/cloudfront.tf

@@ -22,6 +22,7 @@ module "cloudfront" {
   origin = {
     api-gateway = {
       domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
+      origin_path = "/api"
 
       custom_origin_config = {
         http_port              = 80
@@ -37,7 +38,7 @@ module "cloudfront" {
         http_port              = 80
         https_port             = 443
         origin_protocol_policy = "match-viewer"
-        origin_ssl_protocols   = ["TLSv1.2"]
+        origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
       }
     }
   }

terraform/organization/cognito.tf

@@ -1,6 +1,10 @@
 module "cognito" {
   source = "../modules/cognito"
 
+  depends_on = [
+    module.lambda
+  ]
+
   providers = {
     aws = aws.aws
   }
@@ -12,7 +16,6 @@ module "cognito" {
 
   alias_attributes = [
     "email",
-    # "phone_number",
     "preferred_username",
   ]
 
@@ -46,4 +49,7 @@ module "cognito" {
       required                 = true
     }
   ]
+
+  lambda_pre_sign_up   = module.lambda["lambdaTopicSNS"].function_arn
+  lambda_function_name = module.lambda["lambdaTopicSNS"].function_name
 }

terraform/organization/datasources.tf

@@ -14,7 +14,6 @@ data "template_file" "userdata" {
   template = file("${path.module}/html/index.html")
   vars = {
     ENDPOINT = "${module.apigw.endpoint}"
-    token = ""
   }
 }
 

terraform/organization/html/index.html

@@ -5,6 +5,7 @@
 <head>
     <title>BSMSapp</title>
     <div align="center">
+    <link rel="icon" href="favicon.ico" type="image/x-icon">
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
 </head>
 
@@ -17,6 +18,8 @@
 
         <button class="style" id="login">Login</button>
 
+        <div id="loading" style="display:none"></div>
+
         <form id="myForm" class="form-style" style="display:none">
             <ul>
                 <li>
@@ -68,16 +71,25 @@
             }
         });
     } else {
-        $("#myForm").show();
-        $("#tableBtn").show();
         $("#login").hide();
+        $("#loading").show();
 
         username = get_user(token)
 
         var prom = username.then(function(result) {
+            $("#loading").hide();
+            if (result.hasOwnProperty('error')){
+                $("#login").show();
+                localStorage.removeItem('token')
+            } else {
+                $("#myForm").show();
+                $("#tableBtn").show();
+                $("#login").hide();
+
                 username = result["username"]
                 localStorage.setItem('username', token);
                 console.log(username)
+            }
         });
     }
 
@@ -102,7 +114,6 @@
             body: str.replace(/"([\d\.]+)"/g, "$1")
         });
 
-        // const result = await response.json();
         const result = await response;
     });
 
@@ -198,12 +209,19 @@
 
         return await response.json()
     }
-
-
-
 </script>
 
 <style type="text/css">
+    #loading {
+        background: url('loading.gif') no-repeat center center;
+        position: absolute;
+        top: 0;
+        left: 0;
+        height: 100%;
+        width: 100%;
+        z-index: 9999999;
+    }
+
     body {
         background: linear-gradient(-45deg, #ee7752, #df6493, #23a6d5, #23d5ab);
         background-size: 400% 400%;

terraform/organization/locals.tf

@@ -15,17 +15,13 @@ locals {
       }
 
       objects = {
-        error = {
-          filename     = "html/error.html"
-          content_type = "text/html"
+        favicon = {
+          filename     = "favicon.ico"
+          content_type = "image/x-icon"
         }
-        image1 = {
-          filename     = "images/image1.png"
-          content_type = "image/png"
-        }
-        image2 = {
-          filename     = "images/image2.jpg"
-          content_type = "image/jpeg"
+        loading = {
+          filename     = "loading.gif"
+          content_type = "image/gif"
         }
       }
     }
@@ -82,9 +78,6 @@ locals {
       handler            = "lambda_handler.main"
       runtime            = "python3.7",
       security_group_ids = aws_security_group.sns_sg.id
-      # environment_variables = {
-      #   apigw = "${module.apigw.endpoint}"
-      # }
     }
     lambdaUpdate = {
       package            = "${local.path}/lambda/lambdaUpdate.zip"
@@ -118,6 +111,14 @@ locals {
       runtime            = "python3.9",
       security_group_ids = aws_security_group.dynamodb_sg.id
     }
+    lambdaTopicSNS = {
+      package            = "${local.path}/lambda/lambdaTopicSNS.zip"
+      function_name      = "AWSLambdaHandlerTopicSNSg3"
+      role               = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
+      handler            = "lambda_handler.main"
+      runtime            = "python3.9",
+      security_group_ids = aws_security_group.sns_sg.id
+    }
   }
 
   private_inbound = [

terraform/resources/html/error.html

@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<meta charset="UTF-8">
-
-<html>
-<div align="center">
-
-    <head>
-        <title>ITBA - Cloud</title>
-    </head>
-
-    <body bgcolor="#FFFFFF" text="Black">
-        <h1>Ups... algo ha salido mal...</h1>
-       
-        <img src="images/image2.jpg">
-
-        <p>Por favor intenta de nuevo en algunos minutos</p>
-    </body>
-</div>
-
-</html>

terraform/resources/lambda/lambdaGET/lambda_handler.py

@@ -6,8 +6,22 @@ import os
 
 def main(event, context):
     print(event)
+    record = event['Records'][0]
+    print(record)
+    sqs_message = json.dumps(event)
+    print(sqs_message)
+    body = record["body"]
+    body = body.replace('\n', '')
+    body = json.loads(body)
+    query = body["body-json"]
+    print(query)
 
-    response = requests.get("http://api.slococo.com.ar:2555/items")
+    response = requests.get("http://api.slococo.com.ar:2555/api/items?user=" + query["username"] + "&id=" + str(query["id"]))
     print(response.json())
 
+    response = response.json()
+
+    if response["stock"] != query["stock"]:
+        raise 'Error'
+
     return event

terraform/resources/lambda/lambdaSNS/lambda_handler.py

@@ -4,8 +4,15 @@ import boto3
 
 def main(event, context):
     print(event)
-    message = "Probando SNS desde lambda..."
+    record = event['Records'][0]
+    body = record["body"]
+    body = body.replace('\n', '')
+    body = json.loads(body)
+    query = body["body-json"]
+    
+    message = "Id: " + str(query["id"]) + " - Stock: " + str(query["stock"])
     subject = "BSMSapp"
+
     client = boto3.client("sns")
-    topic_arn = "arn:aws:sns:us-east-1:025685231147:slococo"
+    topic_arn = "arn:aws:sns:us-east-1:025685231147:" + query["username"]
     client.publish(TopicArn=topic_arn, Message=message, Subject=subject)

terraform/resources/lambda/lambdaTopicSNS/lambda_handler.py

@@ -0,0 +1,16 @@
+import json
+import boto3
+
+
+def main(event, context):
+    client = boto3.client("sns")
+    client.create_topic(
+        Name=event['userName']
+    )
+    client.subscribe(
+        TopicArn='arn:aws:sns:us-east-1:025685231147:' + event['userName'],
+        Protocol='email',
+        Endpoint=event['request']['userAttributes']['email'],
+    )
+
+    return event

terraform/resources/lambda/lambdaUpdate/lambda_handler.py

@@ -3,12 +3,16 @@ import boto3
 
 
 def main(event, context):
-    payload = event
-    payload = payload["Records"][0]
-    body = payload["body"]
+    print(event)
+    record = event['Records'][0]
+    print(record)
+    sqs_message = json.dumps(event)
+    print(sqs_message)
+    body = record["body"]
     body = body.replace('\n', '')
     body = json.loads(body)
     query = body["body-json"]
+    print(query)
 
     client = boto3.resource('dynamodb', region_name="us-east-1")
     table = client.Table("AWSDynamoDB-g3")