api with oauth2 provider

api.saladeaula.digital/Makefile

@@ -0,0 +1,11 @@
+build:
+	sam build --use-container
+
+deploy: build
+	sam deploy --debug
+
+stage: build
+	sam deploy --config-env staging --debug  
+
+start-api: build
+	sam local start-api

api.saladeaula.digital/app/api_gateway.py

@@ -0,0 +1,20 @@
+from typing import Generic, Mapping
+
+from aws_lambda_powertools.event_handler import content_types
+from aws_lambda_powertools.event_handler.api_gateway import Response, ResponseT
+
+
+class JSONResponse(Response, Generic[ResponseT]):
+    def __init__(
+        self,
+        status_code: int,
+        body: ResponseT | None = None,
+        headers: Mapping[str, str | list[str]] | None = None,
+    ):
+        super().__init__(
+            status_code,
+            content_types.APPLICATION_JSON,
+            body,
+            headers,
+            compress=True,
+        )

api.saladeaula.digital/app/app.py

@@ -0,0 +1,84 @@
+import json
+import os
+from datetime import date
+from functools import partial
+from typing import Any
+
+from aws_lambda_powertools import Logger, Tracer
+from aws_lambda_powertools.event_handler.api_gateway import (
+    APIGatewayHttpResolver,
+    CORSConfig,
+)
+from aws_lambda_powertools.event_handler.exceptions import NotFoundError, ServiceError
+from aws_lambda_powertools.logging import correlation_paths
+from aws_lambda_powertools.shared.json_encoder import Encoder
+from aws_lambda_powertools.utilities.typing import LambdaContext
+from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
+
+from api_gateway import JSONResponse
+from boto3clients import dynamodb_client
+from config import COURSE_TABLE
+
+dyn = DynamoDBPersistenceLayer(COURSE_TABLE, dynamodb_client)
+
+
+class JSONEncoder(Encoder):
+    def default(self, obj):
+        if isinstance(obj, date):
+            return obj.isoformat()
+
+        return super().default(obj)
+
+
+tracer = Tracer()
+logger = Logger(__name__)
+cors = CORSConfig(
+    allow_origin='*',
+    allow_headers=['Content-Type', 'X-Requested-With', 'Authorization', 'X-Tenant'],
+    max_age=600,
+    allow_credentials=False,
+)
+app = APIGatewayHttpResolver(
+    enable_validation=True,
+    cors=cors,
+    debug='AWS_SAM_LOCAL' in os.environ,
+    serializer=partial(json.dumps, separators=(',', ':'), cls=JSONEncoder),
+)
+
+
+@app.get('/users/<user_id>')
+@tracer.capture_method
+def get_user(user_id: str):
+    return {'id': user_id}
+
+
+@app.get('/users/<user_id>/emails')
+@tracer.capture_method
+def get_emails(user_id: str):
+    return [{'email': 'sergio@somosbeta.com.br'}]
+
+
+@app.get('/courses/<course_id>')
+@tracer.capture_method
+def get_course(course_id: str):
+    return dyn.collection.get_item(
+        KeyPair(course_id, '0'),
+        exc_cls=NotFoundError,
+    )
+
+
+@app.exception_handler(ServiceError)
+def exc_error(exc: ServiceError):
+    return JSONResponse(
+        body={
+            'type': type(exc).__name__,
+            'message': str(exc),
+        },
+        status_code=exc.status_code,
+    )
+
+
+@logger.inject_lambda_context(correlation_id_path=correlation_paths.API_GATEWAY_HTTP)
+@tracer.capture_lambda_handler
+def lambda_handler(event: dict[str, Any], context: LambdaContext) -> dict[str, Any]:
+    return app.resolve(event, context)

api.saladeaula.digital/app/boto3clients.py

@@ -0,0 +1,22 @@
+import os
+from typing import TYPE_CHECKING
+
+import boto3
+
+if TYPE_CHECKING:
+    from mypy_boto3_dynamodb.client import DynamoDBClient
+else:
+    DynamoDBClient = object
+
+AWS_SAM_LOCAL = os.getenv('AWS_SAM_LOCAL')
+
+
+def get_dynamodb_client() -> DynamoDBClient:
+    if not AWS_SAM_LOCAL:
+        return boto3.client('dynamodb')
+
+    host = 'host.docker.internal' if AWS_SAM_LOCAL else '127.0.0.1'
+    return boto3.client('dynamodb', endpoint_url=f'http://{host}:8000')
+
+
+dynamodb_client: DynamoDBClient = get_dynamodb_client()

api.saladeaula.digital/app/config.py

@@ -0,0 +1,3 @@
+import os
+
+COURSE_TABLE: str = os.getenv('COURSE_TABLE')  # type: ignore

api.saladeaula.digital/pyproject.toml

@@ -0,0 +1,38 @@
+[project]
+name = "api-saladeaula-digital"
+version = "0.1.0"
+description = ""
+readme = ""
+requires-python = ">=3.13"
+dependencies = ["layercake"]
+
+[dependency-groups]
+dev = [
+    "boto3-stubs[cognito-idp,essential]>=1.38.26",
+    "jsonlines>=4.0.0",
+    "psycopg2-binary>=2.9.10",
+    "pycouchdb>=1.16.0",
+    "pytest>=8.3.4",
+    "pytest-cov>=6.0.0",
+    "ruff>=0.9.1",
+    "sqlite-utils>=3.38",
+    "tqdm>=4.67.1",
+]
+
+[tool.pytest.ini_options]
+pythonpath = ["app/"]
+addopts = "--cov --cov-report html -v"
+
+[tool.ruff]
+target-version = "py311"
+src = ["app"]
+
+[tool.ruff.format]
+quote-style = "single"
+
+[tool.ruff.lint]
+select = ["E", "F", "I"]
+
+
+[tool.uv.sources]
+layercake = { path = "../layercake" }

api.saladeaula.digital/samconfig.toml

@@ -0,0 +1,14 @@
+version = 0.1
+[default.deploy.parameters]
+stack_name = "api-saladeaula-digital"
+resolve_s3 = true
+s3_prefix = "api.saladeaula.digital"
+region = "sa-east-1"
+confirm_changeset = false
+capabilities = "CAPABILITY_IAM"
+image_repositories = []
+
+
+[default.local_start_api.parameters]
+debug = true
+warm_containers = "EAGER"

api.saladeaula.digital/template.yaml

@@ -0,0 +1,95 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Transform: "AWS::Serverless-2016-10-31"
+
+Parameters:
+  CourseTable:
+    Type: String
+    Default: saladeaula_courses
+
+Globals:
+  Function:
+    CodeUri: app/
+    Runtime: python3.13
+    Tracing: Active
+    Architectures:
+      - x86_64
+    Layers:
+      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:96
+    Environment:
+      Variables:
+        TZ: America/Sao_Paulo
+        LOG_LEVEL: DEBUG
+        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
+        POWERTOOLS_LOGGER_LOG_EVENT: true
+        DYNAMODB_PARTITION_KEY: id
+        COURSE_TABLE: !Ref CourseTable
+
+Resources:
+  HttpLog:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      RetentionInDays: 90
+
+  HttpApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      CorsConfiguration:
+        AllowOrigins: ["*"]
+        AllowMethods: [GET, POST, PUT, DELETE, PATCH, OPTIONS]
+        AllowHeaders: [Content-Type, X-Requested-With, Authorization]
+        AllowCredentials: false
+        MaxAge: 600
+      Auth:
+        DefaultAuthorizer: OAuth2Authorizer
+        Authorizers:
+          OAuth2Authorizer:
+            IdentitySource: "$request.header.Authorization"
+            # AuthorizationScopes:
+            #   - openid
+            #   - profile
+            #   - email
+            #   - offline_access
+            #   - read:users
+            #   - read:enrollments
+            #   - read:orders
+            #   - read:courses
+            #   - write:courses
+            JwtConfiguration:
+              issuer: "https://id.saladeaula.digital"
+              audience:
+                - "1a5483ab-4521-4702-9115-5857ac676851"
+                - "1db63660-063d-4280-b2ea-388aca4a9459"
+                - "78a0819e-1f9b-4da1-b05f-40ec0eaed0c8"
+
+  HttpApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: app.lambda_handler
+      LoggingConfig:
+        LogGroup: !Ref HttpLog
+      Policies:
+        - DynamoDBReadPolicy:
+            TableName: !Ref CourseTable
+      Events:
+        Preflight:
+          Type: HttpApi
+          Properties:
+            Path: /{proxy+}
+            Method: OPTIONS
+            ApiId: !Ref HttpApi
+        AnyRequest:
+          Type: HttpApi
+          Properties:
+            Path: /{proxy+}
+            Method: ANY
+            ApiId: !Ref HttpApi
+
+Outputs:
+  HttpApiUrl:
+    Description: URL of your API endpoint
+    Value:
+      Fn::Sub: "https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}"
+  HttpApiId:
+    Description: Api id of HttpApi
+    Value:
+      Ref: HttpApi