api with oauth2 provider

2025-09-25 23:17:28 -03:00
parent a3e13a113c
commit 187a064687
11 changed files with 1580 additions and 0 deletions
--- a/api.saladeaula.digital/template.yaml
+++ b/api.saladeaula.digital/template.yaml
@@ -0,0 +1,95 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Transform: "AWS::Serverless-2016-10-31"
+
+Parameters:
+  CourseTable:
+    Type: String
+    Default: saladeaula_courses
+
+Globals:
+  Function:
+    CodeUri: app/
+    Runtime: python3.13
+    Tracing: Active
+    Architectures:
+      - x86_64
+    Layers:
+      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:96
+    Environment:
+      Variables:
+        TZ: America/Sao_Paulo
+        LOG_LEVEL: DEBUG
+        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
+        POWERTOOLS_LOGGER_LOG_EVENT: true
+        DYNAMODB_PARTITION_KEY: id
+        COURSE_TABLE: !Ref CourseTable
+
+Resources:
+  HttpLog:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+
+  HttpApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      CorsConfiguration:
+        AllowOrigins: ["*"]
+        AllowMethods: [GET, POST, PUT, DELETE, PATCH, OPTIONS]
+        AllowHeaders: [Content-Type, X-Requested-With, Authorization]
+        AllowCredentials: false
+        MaxAge: 600
+      Auth:
+        DefaultAuthorizer: OAuth2Authorizer
+        Authorizers:
+          OAuth2Authorizer:
+            IdentitySource: "$request.header.Authorization"
+            # AuthorizationScopes:
+            #   - openid
+            #   - profile
+            #   - email
+            #   - offline_access
+            #   - read:users
+            #   - read:enrollments
+            #   - read:orders
+            #   - read:courses
+            #   - write:courses
+            JwtConfiguration:
+              issuer: "https://id.saladeaula.digital"
+              audience:
+                - "1a5483ab-4521-4702-9115-5857ac676851"
+                - "1db63660-063d-4280-b2ea-388aca4a9459"
+                - "78a0819e-1f9b-4da1-b05f-40ec0eaed0c8"
+
+  HttpApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: app.lambda_handler
+      LoggingConfig:
+        LogGroup: !Ref HttpLog
+      Policies:
+        - DynamoDBReadPolicy:
+            TableName: !Ref CourseTable
+      Events:
+        Preflight:
+          Type: HttpApi
+          Properties:
+            Path: /{proxy+}
+            Method: OPTIONS
+            ApiId: !Ref HttpApi
+        AnyRequest:
+          Type: HttpApi
+          Properties:
+            Path: /{proxy+}
+            Method: ANY
+            ApiId: !Ref HttpApi
+
+Outputs:
+  HttpApiUrl:
+    Description: URL of your API endpoint
+    Value:
+      Fn::Sub: "https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}"
+  HttpApiId:
+    Description: Api id of HttpApi
+    Value:
+      Ref: HttpApi