Skip to content

Commit

Permalink
add auth api
Browse files Browse the repository at this point in the history
  • Loading branch information
@cnuss
cnuss committed Feb 6, 2024
1 parent 6ea268b commit d823dc9
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 35 deletions.
6 changes: 5 additions & 1 deletion github-app.cjs → config.cjs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
module.exports.GH_APP_URL = process.env[`GH_APP_URL`];
module.exports.GH_APP_ID = process.env[`GH_APP_ID`];
module.exports.GH_CLIENT_ID = process.env[`GH_CLIENT_ID`].toUpperCase();
module.exports.GH_APP_SECRETS = JSON.stringify({

module.exports.SECRETS = JSON.stringify({
[`GITHUB_${module.exports.GH_CLIENT_ID.replace(".", "_")}`]:
process.env[`GH_CLIENT_SECRET`],
[`GITHUB_CLIENT_ID_${process.env[`GH_APP_ID`]}`]: process.env[`GH_CLIENT_ID`],
Expand All @@ -11,3 +12,6 @@ module.exports.GH_APP_SECRETS = JSON.stringify({
[`GITHUB_WEBHOOK_SECRET_${process.env[`GH_APP_ID`]}`]:
process.env[`GH_WEBHOOK_SECRET`],
});

module.exports.AUTH_VERSION = 4;
module.exports.GITHUB_VERSION = 22;
124 changes: 90 additions & 34 deletions serverless.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,6 @@ configValidationMode: off
disabledDeprecations:
- "*"

# plugins:
# - serverless-esbuild
# - serverless-react
# - serverless-dotenv-plugin
# - serverless-offline-resources
# - serverless-offline

provider:
name: aws
runtime: nodejs18.x
Expand All @@ -34,17 +27,46 @@ provider:
lambda: true
environment:
STAGE: ${self:provider.stage}
GITHUB_APP_ID: ${file(github-app.cjs):GH_APP_ID}
GITHUB_CLIENT_IDS: ${file(github-app.cjs):GH_CLIENT_ID}
GITHUB_APP_URL: ${file(github-app.cjs):GH_APP_URL}
GITHUB_APP_ID: ${file(config.cjs):GH_APP_ID}
GITHUB_CLIENT_ID: ${file(config.cjs):GH_CLIENT_ID}
GITHUB_CLIENT_IDS: ${file(config.cjs):GH_CLIENT_ID}
GITHUB_APP_URL: ${file(config.cjs):GH_APP_URL}
SELF_HOSTED: true

functions:
auth:
handler: /opt/src/lambda.handler
timeout: 29
layers:
- arn:aws:lambda:us-east-1:580360238192:layer:nonlive-auth-sls-rest-api:${file(config.cjs):AUTH_VERSION}
environment:
SERVICE_NAME: auth-sls-rest-api
SERVICE_SLUG: auth
events:
- http:
path: /auth
method: any
- http:
path: /auth
method: options
- http:
path: /auth/{proxy+}
method: any
- http:
path: /auth/{proxy+}
method: options
- stream:
type: dynamodb
batchSize: 1
maximumRecordAgeInSeconds: 600
arn:
Fn::GetAtt: [AuthTable, StreamArn]
github:
handler: /opt/src/lambda.handler
timeout: 29
layers:
- arn:aws:lambda:us-east-1:034541671702:layer:openssl-lambda:1
- arn:aws:lambda:us-east-1:580360238192:layer:nonlive-github-sls-rest-api:17
- arn:aws:lambda:us-east-1:580360238192:layer:nonlive-github-sls-rest-api:${file(config.cjs):GITHUB_VERSION}
environment:
SERVICE_NAME: github-sls-rest-api
SERVICE_SLUG: github
Expand All @@ -61,24 +83,18 @@ functions:
- http:
path: /github/{proxy+}
method: options
# - sns:
# arn: ${file(serverless.config.js):topic-arn}
# - sns:
# arn: ${file(serverless.config.js):auth-topic-arn}
# - sns:
# arn: arn:aws:sns:us-east-1:580360238192:cf-hook
- sns:
arn: !Ref AuthTopic
topicName: auth-sls-rest-api-${self:provider.stage}
- sns:
arn: !Ref GithubTopic
topicName: github-sls-rest-api-${self:provider.stage}
- stream:
type: dynamodb
batchSize: 1
maximumRecordAgeInSeconds: 600
arn:
Fn::GetAtt: [GithubTable, StreamArn]
# - stream:
# type: kinesis
# batchSize: 1
# maximumRecordAgeInSeconds: 86400
# arn:
# Fn::GetAtt: [Stream, Arn]

resources:
Resources:
Expand All @@ -91,21 +107,61 @@ resources:
AliasName: alias/${self:provider.stage}
TargetKeyId: !Ref KmsKey

AuthSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: lambda/${self:provider.stage}/auth-sls-rest-api
SecretString: ${file(config.cjs):SECRETS}

GithubSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: lambda/${self:provider.stage}/github-sls-rest-api
SecretString: ${file(github-app.cjs):GH_APP_SECRETS}
SecretString: ${file(config.cjs):SECRETS}

AuthTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: auth-sls-rest-api-${self:provider.stage}

# Topic:
# Type: AWS::SNS::Topic
# Properties:
# TopicName: ${self:service}-${self:provider.stage}
GithubTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: github-sls-rest-api-${self:provider.stage}

# Queue:
# Type: AWS::SQS::Queue
# Properties:
# QueueName: ${self:service}-${self:provider.stage}
AuthTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.stage}-auth-sls-rest-api
KeySchema:
- AttributeName: pk
KeyType: HASH
- AttributeName: sk
KeyType: RANGE
AttributeDefinitions:
- AttributeName: pk
AttributeType: S
- AttributeName: sk
AttributeType: S
GlobalSecondaryIndexes:
- IndexName: sk-pk-index
KeySchema:
- AttributeName: sk
KeyType: HASH
- AttributeName: pk
KeyType: RANGE
Projection:
ProjectionType: ALL
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
TimeToLiveSpecification:
AttributeName: expires
Enabled: true
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: true
SSESpecification:
SSEEnabled: true
BillingMode: PAY_PER_REQUEST

GithubTable:
Type: AWS::DynamoDB::Table
Expand Down Expand Up @@ -141,7 +197,7 @@ resources:
SSEEnabled: true
BillingMode: PAY_PER_REQUEST

IdpRequestsTable:
GithubIdpRequestsTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.stage}-github-sls-rest-api-idp-requests
Expand Down Expand Up @@ -175,7 +231,7 @@ resources:
SSEEnabled: true
BillingMode: PAY_PER_REQUEST

CachedConfigTable:
GithubCachedConfigTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ${self:provider.stage}-github-sls-rest-api-cached-config
Expand Down

0 comments on commit d823dc9

Please sign in to comment.