From 8675edc36e80d23080c274c18eb7a1da84b9ab3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9rgio=20Rafael=20Siqueira?= Date: Sun, 14 Sep 2025 23:11:49 -0300 Subject: [PATCH] update id --- enrollments-events/app/config.py | 10 ++++++++++ enrollments-events/template.yaml | 5 +++++ .../apigateway_oauth2/authorization_server.py | 5 +++-- id.saladeaula.digital/app/routes/authorize.py | 10 ++++------ id.saladeaula.digital/client/app/routes/authorize.ts | 2 +- id.saladeaula.digital/template.yaml | 2 +- id.saladeaula.digital/tests/routes/test_authorize.py | 2 +- streams-events/app/config.py | 2 ++ streams-events/app/events/replicate_into_postgres.py | 10 +--------- 9 files changed, 28 insertions(+), 20 deletions(-) diff --git a/enrollments-events/app/config.py b/enrollments-events/app/config.py index 0e787f8..f8ca848 100644 --- a/enrollments-events/app/config.py +++ b/enrollments-events/app/config.py @@ -10,6 +10,16 @@ BUCKET_NAME: str = os.getenv('BUCKET_NAME') # type: ignore EMAIL_SENDER = ('EDUSEGĀ®', 'noreply@eduseg.com.br') PAPERFORGE_API = 'https://paperforge.saladeaula.digital' + +DBNAME: str = os.getenv('POSTGRES_DB') # type: ignore +DBHOST: str = os.getenv('POSTGRES_HOST') # type: ignore +DBPORT: str = os.getenv('POSTGRES_PORT') # type: ignore +DBUSER: str = os.getenv('POSTGRES_USER') # type: ignore +DBPASS: str = os.getenv('POSTGRES_PASSWORD') # type: ignore +conninfo = f'dbname={DBNAME} user={DBUSER} password={DBPASS} \ + host={DBHOST} port={DBPORT}' + + # Post-migration: Remove the following lines if os.getenv('AWS_LAMBDA_FUNCTION_NAME'): SQLITE_DATABASE = 'courses_export_2025-06-18_110214.db' diff --git a/enrollments-events/template.yaml b/enrollments-events/template.yaml index 5df6ff0..e5268f9 100644 --- a/enrollments-events/template.yaml +++ b/enrollments-events/template.yaml @@ -39,6 +39,11 @@ Globals: ORDER_TABLE: !Ref OrderTable COURSE_TABLE: !Ref CourseTable BUCKET_NAME: !Ref BucketName + POSTGRES_DB: saladeaula.digital + POSTGRES_HOST: sp-node01.saladeaula.digital + POSTGRES_PORT: 5432 + POSTGRES_USER: "{{resolve:ssm:/saladeaula/postgres_user}}" + POSTGRES_PASSWORD: "{{resolve:ssm:/saladeaula/postgres_password}}" Resources: EventLog: diff --git a/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py b/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py index ecf6256..469efa0 100644 --- a/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py +++ b/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py @@ -4,6 +4,7 @@ import authlib.oauth2 as oauth2 import authlib.oauth2.rfc6749.requests as requests from authlib.common.security import generate_token from authlib.oauth2.rfc6750 import BearerTokenGenerator +from aws_lambda_powertools import Logger from aws_lambda_powertools.event_handler.api_gateway import Response from aws_lambda_powertools.event_handler.exceptions import NotFoundError from aws_lambda_powertools.utilities.data_classes.api_gateway_proxy_event import ( @@ -19,13 +20,13 @@ from .requests import APIGatewayJsonRequest, APIGatewayOAuth2Request DYNAMODB_SORT_KEY = os.getenv('DYNAMODB_SORT_KEY') OAUTH2_SCOPES_SUPPORTED = os.getenv('OAUTH2_SCOPES_SUPPORTED') - - GRANT_TYPES_EXPIRES_IN = { 'refresh_token': 600, 'authorization_code': 600, } +logger = Logger(__name__) + class AuthorizationServer(oauth2.AuthorizationServer): def __init__( diff --git a/id.saladeaula.digital/app/routes/authorize.py b/id.saladeaula.digital/app/routes/authorize.py index 3c1f305..e821775 100644 --- a/id.saladeaula.digital/app/routes/authorize.py +++ b/id.saladeaula.digital/app/routes/authorize.py @@ -1,4 +1,4 @@ -from http import HTTPStatus, client +from http import HTTPStatus from http.cookies import SimpleCookie import jwt @@ -33,13 +33,11 @@ def authorize(): request=router.current_event, end_user=sub, ) - req_scopes = set(scope_to_list(grant.request.payload.scope)) - user_scopes = set(scope_to_list(session_scope)) if session_scope else set() client_scopes = set(scope_to_list(grant.client.scope)) + user_scopes = set(scope_to_list(session_scope)) if session_scope else set() - if not req_scopes.issubset( - client_scopes - & (user_scopes | {'openid', 'email', 'profile', 'offline_access'}) + if not client_scopes.issubset( + user_scopes | {'openid', 'email', 'profile', 'offline_access'} ): raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED) diff --git a/id.saladeaula.digital/client/app/routes/authorize.ts b/id.saladeaula.digital/client/app/routes/authorize.ts index fb4d2dd..9829b14 100644 --- a/id.saladeaula.digital/client/app/routes/authorize.ts +++ b/id.saladeaula.digital/client/app/routes/authorize.ts @@ -30,7 +30,7 @@ export async function loader({ request, context }: Route.LoaderArgs) { redirect: 'manual' }) - if (r.status === httpStatus.BAD_REQUEST) { + if (r.status === httpStatus.FOUND) { return new Response(null, { status: httpStatus.FOUND, headers: { diff --git a/id.saladeaula.digital/template.yaml b/id.saladeaula.digital/template.yaml index 8da5db3..dd77258 100644 --- a/id.saladeaula.digital/template.yaml +++ b/id.saladeaula.digital/template.yaml @@ -26,7 +26,7 @@ Globals: OAUTH2_TABLE: !Ref OAuth2Table ISSUER: https://id.saladeaula.digital JWT_SECRET: 7DUTFB1iLeSpiXvmxbOZim1yPVmQbmBpAzgscob0RDzrL2wVwRi1ti2ZSry7jJAf - OAUTH2_SCOPES_SUPPORTED: openid profile email offline_access read:users read:enrollments read:orders + OAUTH2_SCOPES_SUPPORTED: openid profile email offline_access read:users read:enrollments read:orders read:courses write:courses Resources: HttpLog: diff --git a/id.saladeaula.digital/tests/routes/test_authorize.py b/id.saladeaula.digital/tests/routes/test_authorize.py index a682888..70d8153 100644 --- a/id.saladeaula.digital/tests/routes/test_authorize.py +++ b/id.saladeaula.digital/tests/routes/test_authorize.py @@ -61,7 +61,7 @@ def test_unauthorized( http_api_proxy: HttpApiProxy, lambda_context: LambdaContext, ): - session_id = new_session(USER_ID, 'read:users') + session_id = new_session(USER_ID, 'read:enrollments') r = app.lambda_handler( http_api_proxy( diff --git a/streams-events/app/config.py b/streams-events/app/config.py index 240c5a2..b344958 100644 --- a/streams-events/app/config.py +++ b/streams-events/app/config.py @@ -8,3 +8,5 @@ POSTGRES_HOST: str = os.getenv('POSTGRES_HOST') # type: ignore POSTGRES_PORT: str = os.getenv('POSTGRES_PORT') # type: ignore POSTGRES_USER: str = os.getenv('POSTGRES_USER') # type: ignore POSTGRES_PASSWORD: str = os.getenv('POSTGRES_PASSWORD') # type: ignore +CONNINFO = f'dbname={POSTGRES_DB} user={POSTGRES_USER} password={POSTGRES_PASSWORD} \ + host={POSTGRES_HOST} port={POSTGRES_PORT}' diff --git a/streams-events/app/events/replicate_into_postgres.py b/streams-events/app/events/replicate_into_postgres.py index 09049ba..2cd059f 100644 --- a/streams-events/app/events/replicate_into_postgres.py +++ b/streams-events/app/events/replicate_into_postgres.py @@ -14,13 +14,7 @@ from aws_lambda_powertools.utilities.typing import LambdaContext from layercake.strutils import md5_hash from psycopg import sql -from config import ( - POSTGRES_DB, - POSTGRES_HOST, - POSTGRES_PASSWORD, - POSTGRES_PORT, - POSTGRES_USER, -) +from config import CONNINFO from utils import table_from_arn @@ -34,8 +28,6 @@ class JSONEncoder(Encoder): logger = Logger(__name__) tracer = Tracer() -CONNINFO = f'dbname={POSTGRES_DB} user={POSTGRES_USER} password={POSTGRES_PASSWORD} \ - host={POSTGRES_HOST} port={POSTGRES_PORT}' UPSERT_QUERY = sql.SQL("""