@adtrackify/at-service-common 3.17.4 → 3.17.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/helpers/api-key-authorizer-helper.d.ts +5 -5
- package/dist/cjs/helpers/api-key-authorizer-helper.js +11 -3
- package/dist/cjs/helpers/api-key-authorizer-helper.js.map +1 -1
- package/dist/cjs/services/db/api-keys-db-service.d.ts +10 -0
- package/dist/cjs/services/db/api-keys-db-service.js +37 -0
- package/dist/cjs/services/db/api-keys-db-service.js.map +1 -0
- package/dist/cjs/services/db/index.d.ts +1 -0
- package/dist/cjs/services/db/index.js +1 -0
- package/dist/cjs/services/db/index.js.map +1 -1
- package/dist/cjs/services/db/pixels-db-service.js +3 -3
- package/dist/cjs/services/db/pixels-db-service.js.map +1 -1
- package/dist/esm/helpers/api-key-authorizer-helper.d.ts +5 -5
- package/dist/esm/helpers/api-key-authorizer-helper.js +11 -3
- package/dist/esm/helpers/api-key-authorizer-helper.js.map +1 -1
- package/dist/esm/services/db/api-keys-db-service.d.ts +10 -0
- package/dist/esm/services/db/api-keys-db-service.js +33 -0
- package/dist/esm/services/db/api-keys-db-service.js.map +1 -0
- package/dist/esm/services/db/index.d.ts +1 -0
- package/dist/esm/services/db/index.js +1 -0
- package/dist/esm/services/db/index.js.map +1 -1
- package/dist/esm/services/db/pixels-db-service.js +1 -1
- package/dist/esm/services/db/pixels-db-service.js.map +1 -1
- package/package.json +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { Context } from 'aws-lambda';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
export interface ApiKeyAuthorizerConfig {
|
|
3
|
+
apiKeysTable: string;
|
|
4
|
+
apiKeysTableKey?: string;
|
|
5
|
+
pixelsTable: string;
|
|
6
6
|
}
|
|
7
7
|
interface AllowPolicy {
|
|
8
8
|
principalId: string;
|
|
@@ -32,5 +32,5 @@ interface DenyPolicy {
|
|
|
32
32
|
}[];
|
|
33
33
|
};
|
|
34
34
|
}
|
|
35
|
-
export declare const createApiKeyAuthorizerHandler: (
|
|
35
|
+
export declare const createApiKeyAuthorizerHandler: (config: ApiKeyAuthorizerConfig) => (event: any, context: Context) => Promise<AllowPolicy | DenyPolicy>;
|
|
36
36
|
export {};
|
|
@@ -4,6 +4,8 @@ exports.createApiKeyAuthorizerHandler = void 0;
|
|
|
4
4
|
const at_tracking_event_types_1 = require("@adtrackify/at-tracking-event-types");
|
|
5
5
|
const logging_helper_js_1 = require("./logging-helper.js");
|
|
6
6
|
const crypto_js_1 = require("../libs/crypto.js");
|
|
7
|
+
const api_keys_db_service_js_1 = require("../services/db/api-keys-db-service.js");
|
|
8
|
+
const pixels_db_service_js_1 = require("../services/db/pixels-db-service.js");
|
|
7
9
|
const toWildcardArn = (methodArn) => {
|
|
8
10
|
const parts = methodArn.split('/');
|
|
9
11
|
return `${parts[0]}/${parts[1]}/*`;
|
|
@@ -15,7 +17,9 @@ const generateDenyPolicy = (methodArn) => ({
|
|
|
15
17
|
Statement: [{ Action: 'execute-api:Invoke', Effect: 'Deny', Resource: methodArn }],
|
|
16
18
|
},
|
|
17
19
|
});
|
|
18
|
-
const createApiKeyAuthorizerHandler = (
|
|
20
|
+
const createApiKeyAuthorizerHandler = (config) => {
|
|
21
|
+
const apiKeysDb = new api_keys_db_service_js_1.ApiKeysDbService(config.apiKeysTable, config.apiKeysTableKey);
|
|
22
|
+
const pixelsDb = new pixels_db_service_js_1.PixelsDbService(config.pixelsTable);
|
|
19
23
|
return async function handler(event, context) {
|
|
20
24
|
const methodArn = event.methodArn;
|
|
21
25
|
try {
|
|
@@ -28,7 +32,7 @@ const createApiKeyAuthorizerHandler = (deps) => {
|
|
|
28
32
|
}
|
|
29
33
|
const keyHash = (0, crypto_js_1.generateSha256Hash)(apiKey);
|
|
30
34
|
const pk = `${pixelId}_${keyHash}`;
|
|
31
|
-
const apiKeyRecord = await
|
|
35
|
+
const apiKeyRecord = await apiKeysDb.getApiKeyByPk(pk);
|
|
32
36
|
if (!apiKeyRecord) {
|
|
33
37
|
logging_helper_js_1.Logger.info('ApiKeyAuthorizer: no matching key found');
|
|
34
38
|
return generateDenyPolicy(methodArn);
|
|
@@ -41,7 +45,11 @@ const createApiKeyAuthorizerHandler = (deps) => {
|
|
|
41
45
|
logging_helper_js_1.Logger.info('ApiKeyAuthorizer: key has expired', { expiresAt: apiKeyRecord.expiresAt });
|
|
42
46
|
return generateDenyPolicy(methodArn);
|
|
43
47
|
}
|
|
44
|
-
|
|
48
|
+
if (!Array.isArray(apiKeyRecord.scopes)) {
|
|
49
|
+
logging_helper_js_1.Logger.error('ApiKeyAuthorizer: record is missing scopes array', { pk: apiKeyRecord.pk });
|
|
50
|
+
return generateDenyPolicy(methodArn);
|
|
51
|
+
}
|
|
52
|
+
const pixel = await pixelsDb.getPixelById(pixelId);
|
|
45
53
|
if (!pixel || pixel.status !== at_tracking_event_types_1.PIXEL_STATUS.ACTIVE) {
|
|
46
54
|
logging_helper_js_1.Logger.info('ApiKeyAuthorizer: pixel is not active', { pixelId, status: pixel?.status });
|
|
47
55
|
return generateDenyPolicy(methodArn);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-authorizer-helper.js","sourceRoot":"","sources":["../../../src/helpers/api-key-authorizer-helper.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"api-key-authorizer-helper.js","sourceRoot":"","sources":["../../../src/helpers/api-key-authorizer-helper.ts"],"names":[],"mappings":";;;AAsBA,iFAAmF;AACnF,2DAA8D;AAC9D,iDAAuD;AACvD,kFAAyE;AACzE,8EAAsE;AAkCtE,MAAM,aAAa,GAAG,CAAC,SAAiB,EAAU,EAAE;IAElD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,SAAiB,EAAc,EAAE,CAAC,CAAC;IAC7D,WAAW,EAAE,WAAW;IACxB,cAAc,EAAE;QACd,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;KACnF;CACF,CAAC,CAAC;AAEI,MAAM,6BAA6B,GAAG,CAAC,MAA8B,EAAE,EAAE;IAC9E,MAAM,SAAS,GAAG,IAAI,yCAAgB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACpF,MAAM,QAAQ,GAAG,IAAI,sCAAe,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEzD,OAAO,KAAK,UAAU,OAAO,CAAC,KAAU,EAAE,OAAgB;QACxD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;QAElC,IAAI;YACF,IAAA,mCAAe,EAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC;YAC5E,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;YAE/E,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE;gBACvB,0BAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,MAAM,OAAO,GAAG,IAAA,8BAAkB,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,EAAE,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;YACnC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YAEvD,IAAI,CAAC,YAAY,EAAE;gBACjB,0BAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,IAAI,YAAY,CAAC,MAAM,KAAK,wCAAc,CAAC,MAAM,EAAE;gBACjD,0BAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;gBACpF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,IAAI,YAAY,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE;gBAC3E,0BAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC,SAAS,EAAE,CAAC,CAAC;gBACxF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAKD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE;gBACvC,0BAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE,EAAE,EAAE,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC1F,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,sCAAY,CAAC,MAAM,EAAE;gBAClD,0BAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBACzF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,0BAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC9C,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,QAAQ,EAAE,YAAY,CAAC,EAAE;aAC1B,CAAC,CAAC;YAEH,OAAO;gBACL,WAAW,EAAE,YAAY,CAAC,OAAO;gBACjC,cAAc,EAAE;oBACd,OAAO,EAAE,YAAY;oBACrB,SAAS,EAAE,CAAC;4BACV,MAAM,EAAE,oBAAoB;4BAC5B,MAAM,EAAE,OAAO;4BACf,QAAQ,EAAE,aAAa,CAAC,SAAS,CAAC;yBACnC,CAAC;iBACH;gBACD,OAAO,EAAE;oBACP,OAAO,EAAE,YAAY,CAAC,OAAO;oBAC7B,SAAS,EAAE,YAAY,CAAC,SAAS;oBACjC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;oBACrC,QAAQ,EAAE,YAAY,CAAC,EAAE;iBAC1B;aACF,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,0BAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;SACtC;IACH,CAAC,CAAC;AACJ,CAAC,CAAC;AA7EW,QAAA,6BAA6B,iCA6ExC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { type ApiKeyRecord } from '@adtrackify/at-tracking-event-types';
|
|
2
|
+
export declare class ApiKeysDbService {
|
|
3
|
+
TABLE_NAME: string;
|
|
4
|
+
TABLE_KEY: string;
|
|
5
|
+
constructor(tableName: string, tableKey?: string);
|
|
6
|
+
createApiKey: (record: ApiKeyRecord) => Promise<ApiKeyRecord>;
|
|
7
|
+
getApiKeyByPk: (pk: string) => Promise<ApiKeyRecord | null>;
|
|
8
|
+
getApiKeysByPixelId: (gsiName: string, pixelId: string) => Promise<ApiKeyRecord[]>;
|
|
9
|
+
deleteApiKey: (pk: string) => Promise<void>;
|
|
10
|
+
}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ApiKeysDbService = void 0;
|
|
4
|
+
const dynamodb_client_js_1 = require("../../clients/generic/dynamodb-client.js");
|
|
5
|
+
const dates_js_1 = require("../../libs/dates.js");
|
|
6
|
+
const http_error_js_1 = require("../../libs/http-error.js");
|
|
7
|
+
const logging_helper_js_1 = require("../../helpers/logging-helper.js");
|
|
8
|
+
class ApiKeysDbService {
|
|
9
|
+
TABLE_NAME;
|
|
10
|
+
TABLE_KEY;
|
|
11
|
+
constructor(tableName, tableKey = 'pk') {
|
|
12
|
+
this.TABLE_NAME = tableName;
|
|
13
|
+
this.TABLE_KEY = tableKey;
|
|
14
|
+
}
|
|
15
|
+
createApiKey = async (record) => {
|
|
16
|
+
record.updatedAt = (0, dates_js_1.getCurrentTimestamp)();
|
|
17
|
+
const res = await dynamodb_client_js_1.DynamoDbClient.safePut(this.TABLE_NAME, record);
|
|
18
|
+
if (!res) {
|
|
19
|
+
logging_helper_js_1.Logger.error('ApiKeysDbService: createApiKey failed', { record });
|
|
20
|
+
throw http_error_js_1.HttpError.internal();
|
|
21
|
+
}
|
|
22
|
+
return record;
|
|
23
|
+
};
|
|
24
|
+
getApiKeyByPk = async (pk) => {
|
|
25
|
+
const result = await dynamodb_client_js_1.DynamoDbClient.safeGet(this.TABLE_NAME, this.TABLE_KEY, pk);
|
|
26
|
+
return result ?? null;
|
|
27
|
+
};
|
|
28
|
+
getApiKeysByPixelId = async (gsiName, pixelId) => {
|
|
29
|
+
const records = await dynamodb_client_js_1.DynamoDbClient.safeQueryByGSI(this.TABLE_NAME, gsiName, 'pixelId', pixelId);
|
|
30
|
+
return records || [];
|
|
31
|
+
};
|
|
32
|
+
deleteApiKey = async (pk) => {
|
|
33
|
+
await dynamodb_client_js_1.DynamoDbClient.safeDelete(this.TABLE_NAME, this.TABLE_KEY, pk);
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
exports.ApiKeysDbService = ApiKeysDbService;
|
|
37
|
+
//# sourceMappingURL=api-keys-db-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-keys-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/api-keys-db-service.ts"],"names":[],"mappings":";;;AACA,iFAA0E;AAC1E,kDAA0D;AAC1D,4DAAqD;AACrD,uEAAyD;AAEzD,MAAa,gBAAgB;IACpB,UAAU,CAAS;IACnB,SAAS,CAAS;IAEzB,YAAY,SAAiB,EAAE,QAAQ,GAAG,IAAI;QAC5C,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAEM,YAAY,GAAG,KAAK,EAAE,MAAoB,EAAyB,EAAE;QAC1E,MAAM,CAAC,SAAS,GAAG,IAAA,8BAAmB,GAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,mCAAc,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,GAAG,EAAE;YACR,0BAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,MAAM,yBAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEK,aAAa,GAAG,KAAK,EAAE,EAAU,EAAgC,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,mCAAc,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACjF,OAAQ,MAAuB,IAAI,IAAI,CAAC;IAC1C,CAAC,CAAC;IAEK,mBAAmB,GAAG,KAAK,EAAE,OAAe,EAAE,OAAe,EAA2B,EAAE;QAC/F,MAAM,OAAO,GAAG,MAAM,mCAAc,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAClG,OAAQ,OAA0B,IAAI,EAAE,CAAC;IAC3C,CAAC,CAAC;IAEK,YAAY,GAAG,KAAK,EAAE,EAAU,EAAiB,EAAE;QACxD,MAAM,mCAAc,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC,CAAC;CACH;AAhCD,4CAgCC"}
|
|
@@ -26,4 +26,5 @@ __exportStar(require("./identity-cache-db-service.js"), exports);
|
|
|
26
26
|
__exportStar(require("./currency-exchange-rates-db-service.js"), exports);
|
|
27
27
|
__exportStar(require("./accounts-db-service.js"), exports);
|
|
28
28
|
__exportStar(require("./subscriptions-db-service.js"), exports);
|
|
29
|
+
__exportStar(require("./api-keys-db-service.js"), exports);
|
|
29
30
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/services/db/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+DAA6C;AAC7C,6DAA2C;AAC3C,yDAAuC;AACvC,uEAAqD;AACrD,qEAAmD;AACnD,kEAAgD;AAChD,yEAAuD;AACvD,uEAAqD;AACrD,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,gEAA8C"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/services/db/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+DAA6C;AAC7C,6DAA2C;AAC3C,yDAAuC;AACvC,uEAAqD;AACrD,qEAAmD;AACnD,kEAAgD;AAChD,yEAAuD;AACvD,uEAAqD;AACrD,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,gEAA8C;AAC9C,2DAAyC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PixelsDbService = void 0;
|
|
4
|
-
const
|
|
4
|
+
const dynamodb_client_js_1 = require("../../clients/generic/dynamodb-client.js");
|
|
5
5
|
class PixelsDbService {
|
|
6
6
|
TABLE_NAME;
|
|
7
7
|
TABLE_KEY;
|
|
@@ -16,7 +16,7 @@ class PixelsDbService {
|
|
|
16
16
|
id,
|
|
17
17
|
},
|
|
18
18
|
};
|
|
19
|
-
const pixel = await
|
|
19
|
+
const pixel = await dynamodb_client_js_1.DynamoDbClient.get(query);
|
|
20
20
|
return pixel?.Item ?? null;
|
|
21
21
|
};
|
|
22
22
|
getPixelsByAccountId = async (indexName, accountId) => {
|
|
@@ -28,7 +28,7 @@ class PixelsDbService {
|
|
|
28
28
|
':accountId': accountId,
|
|
29
29
|
},
|
|
30
30
|
};
|
|
31
|
-
const pixels = await
|
|
31
|
+
const pixels = await dynamodb_client_js_1.DynamoDbClient.queryAll(query);
|
|
32
32
|
return pixels || [];
|
|
33
33
|
};
|
|
34
34
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pixels-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/pixels-db-service.ts"],"names":[],"mappings":";;;AACA,
|
|
1
|
+
{"version":3,"file":"pixels-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/pixels-db-service.ts"],"names":[],"mappings":";;;AACA,iFAA0E;AAE1E,MAAa,eAAe;IACnB,UAAU,CAAS;IACnB,SAAS,CAAS;IAEzB,YAAY,SAAiB;QAC3B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAEM,YAAY,GAAG,KAAK,EAAE,EAAU,EAAyB,EAAE;QAChE,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,GAAG,EAAE;gBACH,EAAE;aACH;SACF,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,mCAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAQ,KAAK,EAAE,IAAc,IAAI,IAAI,CAAC;IACxC,CAAC,CAAC;IAEK,oBAAoB,GAAG,KAAK,EAAE,SAAiB,EAAE,SAAiB,EAAoB,EAAE;QAC7F,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,wBAAwB;YAChD,yBAAyB,EAAE;gBACzB,YAAY,EAAE,SAAS;aACxB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,mCAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC,CAAC;CACH;AAhCD,0CAgCC"}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { Context } from 'aws-lambda';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
2
|
+
export interface ApiKeyAuthorizerConfig {
|
|
3
|
+
apiKeysTable: string;
|
|
4
|
+
apiKeysTableKey?: string;
|
|
5
|
+
pixelsTable: string;
|
|
6
6
|
}
|
|
7
7
|
interface AllowPolicy {
|
|
8
8
|
principalId: string;
|
|
@@ -32,5 +32,5 @@ interface DenyPolicy {
|
|
|
32
32
|
}[];
|
|
33
33
|
};
|
|
34
34
|
}
|
|
35
|
-
export declare const createApiKeyAuthorizerHandler: (
|
|
35
|
+
export declare const createApiKeyAuthorizerHandler: (config: ApiKeyAuthorizerConfig) => (event: any, context: Context) => Promise<AllowPolicy | DenyPolicy>;
|
|
36
36
|
export {};
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { API_KEY_STATUS, PIXEL_STATUS } from '@adtrackify/at-tracking-event-types';
|
|
2
2
|
import { Logger, configureLogger } from './logging-helper.js';
|
|
3
3
|
import { generateSha256Hash } from '../libs/crypto.js';
|
|
4
|
+
import { ApiKeysDbService } from '../services/db/api-keys-db-service.js';
|
|
5
|
+
import { PixelsDbService } from '../services/db/pixels-db-service.js';
|
|
4
6
|
const toWildcardArn = (methodArn) => {
|
|
5
7
|
const parts = methodArn.split('/');
|
|
6
8
|
return `${parts[0]}/${parts[1]}/*`;
|
|
@@ -12,7 +14,9 @@ const generateDenyPolicy = (methodArn) => ({
|
|
|
12
14
|
Statement: [{ Action: 'execute-api:Invoke', Effect: 'Deny', Resource: methodArn }],
|
|
13
15
|
},
|
|
14
16
|
});
|
|
15
|
-
export const createApiKeyAuthorizerHandler = (
|
|
17
|
+
export const createApiKeyAuthorizerHandler = (config) => {
|
|
18
|
+
const apiKeysDb = new ApiKeysDbService(config.apiKeysTable, config.apiKeysTableKey);
|
|
19
|
+
const pixelsDb = new PixelsDbService(config.pixelsTable);
|
|
16
20
|
return async function handler(event, context) {
|
|
17
21
|
const methodArn = event.methodArn;
|
|
18
22
|
try {
|
|
@@ -25,7 +29,7 @@ export const createApiKeyAuthorizerHandler = (deps) => {
|
|
|
25
29
|
}
|
|
26
30
|
const keyHash = generateSha256Hash(apiKey);
|
|
27
31
|
const pk = `${pixelId}_${keyHash}`;
|
|
28
|
-
const apiKeyRecord = await
|
|
32
|
+
const apiKeyRecord = await apiKeysDb.getApiKeyByPk(pk);
|
|
29
33
|
if (!apiKeyRecord) {
|
|
30
34
|
Logger.info('ApiKeyAuthorizer: no matching key found');
|
|
31
35
|
return generateDenyPolicy(methodArn);
|
|
@@ -38,7 +42,11 @@ export const createApiKeyAuthorizerHandler = (deps) => {
|
|
|
38
42
|
Logger.info('ApiKeyAuthorizer: key has expired', { expiresAt: apiKeyRecord.expiresAt });
|
|
39
43
|
return generateDenyPolicy(methodArn);
|
|
40
44
|
}
|
|
41
|
-
|
|
45
|
+
if (!Array.isArray(apiKeyRecord.scopes)) {
|
|
46
|
+
Logger.error('ApiKeyAuthorizer: record is missing scopes array', { pk: apiKeyRecord.pk });
|
|
47
|
+
return generateDenyPolicy(methodArn);
|
|
48
|
+
}
|
|
49
|
+
const pixel = await pixelsDb.getPixelById(pixelId);
|
|
42
50
|
if (!pixel || pixel.status !== PIXEL_STATUS.ACTIVE) {
|
|
43
51
|
Logger.info('ApiKeyAuthorizer: pixel is not active', { pixelId, status: pixel?.status });
|
|
44
52
|
return generateDenyPolicy(methodArn);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api-key-authorizer-helper.js","sourceRoot":"","sources":["../../../src/helpers/api-key-authorizer-helper.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"api-key-authorizer-helper.js","sourceRoot":"","sources":["../../../src/helpers/api-key-authorizer-helper.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnF,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAkCtE,MAAM,aAAa,GAAG,CAAC,SAAiB,EAAU,EAAE;IAElD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,CAAC,SAAiB,EAAc,EAAE,CAAC,CAAC;IAC7D,WAAW,EAAE,WAAW;IACxB,cAAc,EAAE;QACd,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,oBAAoB,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;KACnF;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,MAA8B,EAAE,EAAE;IAC9E,MAAM,SAAS,GAAG,IAAI,gBAAgB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACpF,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEzD,OAAO,KAAK,UAAU,OAAO,CAAC,KAAU,EAAE,OAAgB;QACxD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;QAElC,IAAI;YACF,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC;YAC5E,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;YAE/E,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE;gBACvB,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBACxE,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,EAAE,GAAG,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;YACnC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YAEvD,IAAI,CAAC,YAAY,EAAE;gBACjB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,IAAI,YAAY,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE;gBACjD,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;gBACpF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,IAAI,YAAY,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE;gBAC3E,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC,SAAS,EAAE,CAAC,CAAC;gBACxF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAKD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE;gBACvC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE,EAAE,EAAE,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC1F,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,EAAE;gBAClD,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBACzF,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;aACtC;YAED,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBAC9C,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,QAAQ,EAAE,YAAY,CAAC,EAAE;aAC1B,CAAC,CAAC;YAEH,OAAO;gBACL,WAAW,EAAE,YAAY,CAAC,OAAO;gBACjC,cAAc,EAAE;oBACd,OAAO,EAAE,YAAY;oBACrB,SAAS,EAAE,CAAC;4BACV,MAAM,EAAE,oBAAoB;4BAC5B,MAAM,EAAE,OAAO;4BACf,QAAQ,EAAE,aAAa,CAAC,SAAS,CAAC;yBACnC,CAAC;iBACH;gBACD,OAAO,EAAE;oBACP,OAAO,EAAE,YAAY,CAAC,OAAO;oBAC7B,SAAS,EAAE,YAAY,CAAC,SAAS;oBACjC,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;oBACrC,QAAQ,EAAE,YAAY,CAAC,EAAE;iBAC1B;aACF,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACnD,OAAO,kBAAkB,CAAC,SAAS,CAAC,CAAC;SACtC;IACH,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { type ApiKeyRecord } from '@adtrackify/at-tracking-event-types';
|
|
2
|
+
export declare class ApiKeysDbService {
|
|
3
|
+
TABLE_NAME: string;
|
|
4
|
+
TABLE_KEY: string;
|
|
5
|
+
constructor(tableName: string, tableKey?: string);
|
|
6
|
+
createApiKey: (record: ApiKeyRecord) => Promise<ApiKeyRecord>;
|
|
7
|
+
getApiKeyByPk: (pk: string) => Promise<ApiKeyRecord | null>;
|
|
8
|
+
getApiKeysByPixelId: (gsiName: string, pixelId: string) => Promise<ApiKeyRecord[]>;
|
|
9
|
+
deleteApiKey: (pk: string) => Promise<void>;
|
|
10
|
+
}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { DynamoDbClient } from '../../clients/generic/dynamodb-client.js';
|
|
2
|
+
import { getCurrentTimestamp } from '../../libs/dates.js';
|
|
3
|
+
import { HttpError } from '../../libs/http-error.js';
|
|
4
|
+
import { Logger } from '../../helpers/logging-helper.js';
|
|
5
|
+
export class ApiKeysDbService {
|
|
6
|
+
TABLE_NAME;
|
|
7
|
+
TABLE_KEY;
|
|
8
|
+
constructor(tableName, tableKey = 'pk') {
|
|
9
|
+
this.TABLE_NAME = tableName;
|
|
10
|
+
this.TABLE_KEY = tableKey;
|
|
11
|
+
}
|
|
12
|
+
createApiKey = async (record) => {
|
|
13
|
+
record.updatedAt = getCurrentTimestamp();
|
|
14
|
+
const res = await DynamoDbClient.safePut(this.TABLE_NAME, record);
|
|
15
|
+
if (!res) {
|
|
16
|
+
Logger.error('ApiKeysDbService: createApiKey failed', { record });
|
|
17
|
+
throw HttpError.internal();
|
|
18
|
+
}
|
|
19
|
+
return record;
|
|
20
|
+
};
|
|
21
|
+
getApiKeyByPk = async (pk) => {
|
|
22
|
+
const result = await DynamoDbClient.safeGet(this.TABLE_NAME, this.TABLE_KEY, pk);
|
|
23
|
+
return result ?? null;
|
|
24
|
+
};
|
|
25
|
+
getApiKeysByPixelId = async (gsiName, pixelId) => {
|
|
26
|
+
const records = await DynamoDbClient.safeQueryByGSI(this.TABLE_NAME, gsiName, 'pixelId', pixelId);
|
|
27
|
+
return records || [];
|
|
28
|
+
};
|
|
29
|
+
deleteApiKey = async (pk) => {
|
|
30
|
+
await DynamoDbClient.safeDelete(this.TABLE_NAME, this.TABLE_KEY, pk);
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=api-keys-db-service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-keys-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/api-keys-db-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,iCAAiC,CAAC;AAEzD,MAAM,OAAO,gBAAgB;IACpB,UAAU,CAAS;IACnB,SAAS,CAAS;IAEzB,YAAY,SAAiB,EAAE,QAAQ,GAAG,IAAI;QAC5C,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAEM,YAAY,GAAG,KAAK,EAAE,MAAoB,EAAyB,EAAE;QAC1E,MAAM,CAAC,SAAS,GAAG,mBAAmB,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,MAAM,SAAS,CAAC,QAAQ,EAAE,CAAC;SAC5B;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEK,aAAa,GAAG,KAAK,EAAE,EAAU,EAAgC,EAAE;QACxE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACjF,OAAQ,MAAuB,IAAI,IAAI,CAAC;IAC1C,CAAC,CAAC;IAEK,mBAAmB,GAAG,KAAK,EAAE,OAAe,EAAE,OAAe,EAA2B,EAAE;QAC/F,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAClG,OAAQ,OAA0B,IAAI,EAAE,CAAC;IAC3C,CAAC,CAAC;IAEK,YAAY,GAAG,KAAK,EAAE,EAAU,EAAiB,EAAE;QACxD,MAAM,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC,CAAC;CACH"}
|
|
@@ -10,4 +10,5 @@ export * from './identity-cache-db-service.js';
|
|
|
10
10
|
export * from './currency-exchange-rates-db-service.js';
|
|
11
11
|
export * from './accounts-db-service.js';
|
|
12
12
|
export * from './subscriptions-db-service.js';
|
|
13
|
+
export * from './api-keys-db-service.js';
|
|
13
14
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/services/db/index.ts"],"names":[],"mappings":"AAAA,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sCAAsC,CAAC;AACrD,cAAc,oCAAoC,CAAC;AACnD,cAAc,iCAAiC,CAAC;AAChD,cAAc,wCAAwC,CAAC;AACvD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AACzC,cAAc,+BAA+B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/services/db/index.ts"],"names":[],"mappings":"AAAA,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,wBAAwB,CAAC;AACvC,cAAc,sCAAsC,CAAC;AACrD,cAAc,oCAAoC,CAAC;AACnD,cAAc,iCAAiC,CAAC;AAChD,cAAc,wCAAwC,CAAC;AACvD,cAAc,sCAAsC,CAAC;AACrD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AACzC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pixels-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/pixels-db-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"pixels-db-service.js","sourceRoot":"","sources":["../../../../src/services/db/pixels-db-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAE1E,MAAM,OAAO,eAAe;IACnB,UAAU,CAAS;IACnB,SAAS,CAAS;IAEzB,YAAY,SAAiB;QAC3B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAEM,YAAY,GAAG,KAAK,EAAE,EAAU,EAAyB,EAAE;QAChE,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,GAAG,EAAE;gBACH,EAAE;aACH;SACF,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAQ,KAAK,EAAE,IAAc,IAAI,IAAI,CAAC;IACxC,CAAC,CAAC;IAEK,oBAAoB,GAAG,KAAK,EAAE,SAAiB,EAAE,SAAiB,EAAoB,EAAE;QAC7F,MAAM,KAAK,GAAG;YACZ,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,wBAAwB;YAChD,yBAAyB,EAAE;gBACzB,YAAY,EAAE,SAAS;aACxB;SACF,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,MAAM,IAAI,EAAE,CAAC;IACtB,CAAC,CAAC;CACH"}
|