Enterprise-CMCS · benjaminpaige · Jun 28, 2023 · Jun 23, 2023 · Jun 26, 2023 · Jun 27, 2023
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -85,33 +85,33 @@ jobs:
       - name: Test
         run: yarn test-ci
 
-  e2e:
-    timeout-minutes: 5
-    runs-on: ubuntu-20.04
-    needs:
-      - deploy
-    env:
-      baseurl: ${{ needs.deploy.outputs.app-url }}
-    if: ${{ github.ref != 'refs/heads/production' }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Setup
-        uses: ./.github/actions/setup
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
-          aws-region: us-east-1
-          role-duration-seconds: 10800
-      - name: Run e2e tests
-        run: run e2e
-      - uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: playwright-report
-          path: src/services/ui/playwright-report/
-          retention-days: 30
+  # e2e:
+  #   timeout-minutes: 5
+  #   runs-on: ubuntu-20.04
+  #   needs:
+  #     - deploy
+  #   env:
+  #     baseurl: ${{ needs.deploy.outputs.app-url }}
+  #   if: ${{ github.ref != 'refs/heads/production' }}
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v3
+  #     - name: Setup
+  #       uses: ./.github/actions/setup
+  #     - name: Configure AWS credentials
+  #       uses: aws-actions/configure-aws-credentials@v2
+  #       with:
+  #         role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
+  #         aws-region: us-east-1
+  #         role-duration-seconds: 10800
+  #     - name: Run e2e tests
+  #       run: run e2e
+  #     - uses: actions/upload-artifact@v3
+  #       if: always()
+  #       with:
+  #         name: playwright-report
+  #         path: src/services/ui/playwright-report/
+  #         retention-days: 30
 
   cfn-nag:
     runs-on: ubuntu-20.04

diff --git a/src/packages/shared-types/errors.ts b/src/packages/shared-types/errors.ts
@@ -0,0 +1,3 @@
+export type ReactQueryApiError = {
+  response: { data: { message: string } };
+};
diff --git a/src/packages/shared-types/index.ts b/src/packages/shared-types/index.ts
@@ -1,2 +1,4 @@
 export * from "./issue";
 export * from "./user";
+export * from "./seatoolData";
+export * from "./errors";
diff --git a/src/packages/shared-types/seatoolData.ts b/src/packages/shared-types/seatoolData.ts
@@ -0,0 +1,6 @@
+export type SeatoolData = {
+  ID: string;
+  SUBMISSION_DATE: number;
+  PLAN_TYPE: string; // should be enum
+  STATE_CODE: string; // should be enum
+};
diff --git a/src/packages/shared-types/user.ts b/src/packages/shared-types/user.ts
@@ -1,9 +1,9 @@
-export interface CognitoUserAttributes {
+export type CognitoUserAttributes = {
   sub: string;
   "custom:roles": string[];
   email_verified: boolean;
   "custom:state_codes": string[];
   given_name: string;
   family_name: string;
   email: string;
-}
+};
diff --git a/src/services/api/handlers/getSeatoolData.ts b/src/services/api/handlers/getSeatoolData.ts
@@ -1,24 +1,68 @@
 import { response } from "../libs/handler";
 import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
 import { SeatoolService } from "../services/seatoolService";
+import { APIGatewayEvent } from "aws-lambda";
+import { getAuthDetails, lookupUserAttributes } from "../libs/auth/user";
 
+// Create an instance of DynamoDB client
 const dynamoInstance = new DynamoDBClient({ region: process.env.region });
 
-export const getSeatoolData = async () => {
+// Handler function to get Seatool data
+export const getSeatoolData = async (event: APIGatewayEvent) => {
   try {
+    // Retrieve authentication details of the user
+    const authDetails = getAuthDetails(event);
+
+    // Look up user attributes from Cognito
+    const userAttributes = await lookupUserAttributes(
+      authDetails.userId,
+      authDetails.poolId
+    );
+
+    // Retrieve the state code from the path parameters
+    const stateCode = event.pathParameters?.stateCode;
+
+    // Check if stateCode is provided
+    if (!stateCode) {
+      return response({
+        statusCode: 400,
+        body: { message: "State code is missing" },
+      });
+    }
+
+    // Check if user is authorized to access the resource based on their attributes
+    if (
+      !userAttributes ||
+      !userAttributes["custom:state_codes"]?.includes(stateCode)
+    ) {
+      return response({
+        statusCode: 403,
+        body: { message: "User is not authorized to access this resource" },
+      });
+    }
+
+    // Retrieve Seatool data using the SeatoolService
     const seaData = await new SeatoolService(dynamoInstance).getIssues({
       tableName: process.env.tableName,
+      stateCode: stateCode,
     });
 
+    if (!seaData) {
+      return response({
+        statusCode: 404,
+        body: { message: "No Seatool data found for the provided state code" },
+      });
+    }
+
     return response<unknown>({
       statusCode: 200,
       body: seaData,
     });
   } catch (error) {
     console.error({ error });
     return response({
-      statusCode: 404,
-      body: { message: JSON.stringify(error) },
+      statusCode: 500,
+      body: { message: "Internal server error" },
     });
   }
 };

diff --git a/src/services/api/libs/auth/user.ts b/src/services/api/libs/auth/user.ts
@@ -0,0 +1,96 @@
+import {
+  CognitoIdentityProviderClient,
+  ListUsersCommand,
+  UserType as CognitoUserType,
+} from "@aws-sdk/client-cognito-identity-provider";
+import { CognitoUserAttributes } from "shared-types";
+import { APIGatewayEvent } from "aws-lambda";
+
+// Retrieve user authentication details from the APIGatewayEvent
+export function getAuthDetails(event: APIGatewayEvent) {
+  const authProvider =
+    event.requestContext.identity.cognitoAuthenticationProvider;
+  const parts = authProvider.split(":");
+  const userPoolIdParts = parts[parts.length - 3].split("/");
+  const userPoolId = userPoolIdParts[userPoolIdParts.length - 1];
+  const userPoolUserId = parts[parts.length - 1];
+
+  return { userId: userPoolUserId, poolId: userPoolId };
+}
+
+// Convert Cognito user attributes to a dictionary format
+function userAttrDict(cognitoUser: CognitoUserType): CognitoUserAttributes {
+  const attributes = {};
+
+  if (cognitoUser.Attributes) {
+    cognitoUser.Attributes.forEach((attribute) => {
+      if (attribute.Value && attribute.Name) {
+        attributes[attribute.Name] = attribute.Value;
+      }
+    });
+  }
+
+  return attributes as CognitoUserAttributes;
+}
+
+// Parse object values as JSON if possible
+export const getParsedObject = (obj: CognitoUserAttributes) =>
+  Object.fromEntries(
+    Object.entries(obj).map(([key, value]) => {
+      try {
+        return [key, JSON.parse(value as string)];
+      } catch (error) {
+        return [key, value];
+      }
+    })
+  );
+
+// Retrieve and parse user attributes from Cognito using the provided userId and poolId
+export async function lookupUserAttributes(
+  userId: string,
+  poolId: string
+): Promise<CognitoUserAttributes> {
+  const fetchResult = await fetchUserFromCognito(userId, poolId);
+
+  if (fetchResult instanceof Error) {
+    throw fetchResult;
+  }
+
+  const currentUser = fetchResult as CognitoUserType;
+  const attributes = userAttrDict(currentUser);
+
+  return getParsedObject(attributes) as CognitoUserAttributes;
+}
+
+// Fetch user data from Cognito based on the provided userId and poolId
+async function fetchUserFromCognito(
+  userID: string,
+  poolID: string
+): Promise<CognitoUserType | Error> {
+  const cognitoClient = new CognitoIdentityProviderClient({
+    region: process.env.region,
+  });
+
+  const subFilter = `sub = "${userID}"`;
+
+  const commandListUsers = new ListUsersCommand({
+    UserPoolId: poolID,
+    Filter: subFilter,
+  });
+
+  try {
+    const listUsersResponse = await cognitoClient.send(commandListUsers);
+
+    if (
+      listUsersResponse.Users === undefined ||
+      listUsersResponse.Users.length !== 1
+    ) {
+      throw new Error("No user found with this sub");
+    }
+
+    const currentUser = listUsersResponse.Users[0];
+    return currentUser;
+  } catch (error) {
+    throw new Error("Error fetching user from Cognito");
+  }
+}
diff --git a/src/services/api/serverless.yml b/src/services/api/serverless.yml
@@ -36,6 +36,11 @@ provider:
             - dynamodb:BatchWrite*
             - dynamodb:BatchGet*
           Resource: "*"
+        - Effect: Allow
+          Action:
+            - cognito-idp:GetUser
+            - cognito-idp:ListUsers
+          Resource: "*"
 
 custom:
   project: ${env:PROJECT}
@@ -69,7 +74,7 @@ functions:
       region: ${self:provider.region}
     events:
       - http:
-          path: /seatool
+          path: /seatool/{stateCode}
           method: get
           cors: true
           authorizer: aws_iam

diff --git a/src/services/api/services/seatoolService.ts b/src/services/api/services/seatoolService.ts
@@ -1,4 +1,4 @@
-import { DynamoDBClient, ScanCommand } from "@aws-sdk/client-dynamodb";
+import { DynamoDBClient, QueryCommand } from "@aws-sdk/client-dynamodb";
 import { unmarshall } from "@aws-sdk/util-dynamodb";
 
 export class SeatoolService {
@@ -8,10 +8,25 @@ export class SeatoolService {
     this.#dynamoInstance = dynamoInstance;
   }
 
-  async getIssues({ tableName }: { tableName: string }) {
+  async getIssues({
+    tableName,
+    stateCode,
+  }: {
+    tableName: string;
+    stateCode: string;
+  }) {
     const data = await this.#dynamoInstance.send(
-      new ScanCommand({
+      new QueryCommand({
         TableName: tableName,
+        IndexName: "STATE_CODE-SUBMISSION_DATE-index",
+        KeyConditionExpression: "STATE_CODE = :state",
+
+        ExpressionAttributeValues: {
+          ":state": { S: stateCode },
+        },
+
+        ScanIndexForward: false,
+        Limit: 300,
       })
     );
 

diff --git a/src/services/seatool/handlers/sink.ts b/src/services/seatool/handlers/sink.ts
@@ -9,14 +9,35 @@ export const handler: Handler = async (event) => {
       ({ key, value }: { key: string; value: string }) => {
         if (!value) {
           records.push({
-            id: JSON.parse(decode(key)),
+            ID: JSON.parse(decode(key)),
             isTombstone: true,
           });
         } else {
-          records.push({
-            id: JSON.parse(decode(key)),
-            ...JSON.parse(decode(value)),
-          });
+          const jsonRecord = { ...JSON.parse(decode(value)) };
+
+          const STATE_CODE = jsonRecord?.["STATES"]?.[0]?.["STATE_CODE"];
+          const PLAN_TYPE = jsonRecord?.["PLAN_TYPES"]?.[0]?.["PLAN_TYPE_NAME"];
+          const SUBMISSION_DATE =
+            jsonRecord?.["STATE_PLAN"]?.["SUBMISSION_DATE"];
+
+          const record = {
+            ID: JSON.parse(decode(key)),
+            ...jsonRecord,
+          };
+
+          if (STATE_CODE) {
+            record.STATE_CODE = STATE_CODE;
+          }
+
+          if (PLAN_TYPE) {
+            record.PLAN_TYPE = PLAN_TYPE;
+          }
+
+          if (SUBMISSION_DATE) {
+            record.SUBMISSION_DATE = SUBMISSION_DATE;
+          }
+
+          records.push(record);
         }
       }
     );
@@ -28,7 +49,10 @@ export const handler: Handler = async (event) => {
 
     for (const item of records) {
       if (item.isTombstone) {
-        await deleteItem({ tableName: process.env.tableName, key: { id: item.id } });
+        await deleteItem({
+          tableName: process.env.tableName,
+          key: { ID: item.ID },
+        });
       } else {
         await putItem({
           tableName: process.env.tableName,