update id

enrollments-events/app/config.py

@@ -10,6 +10,16 @@ BUCKET_NAME: str = os.getenv('BUCKET_NAME')  # type: ignore
 EMAIL_SENDER = ('EDUSEG®', 'noreply@eduseg.com.br')
 PAPERFORGE_API = 'https://paperforge.saladeaula.digital'
 
+
+DBNAME: str = os.getenv('POSTGRES_DB')  # type: ignore
+DBHOST: str = os.getenv('POSTGRES_HOST')  # type: ignore
+DBPORT: str = os.getenv('POSTGRES_PORT')  # type: ignore
+DBUSER: str = os.getenv('POSTGRES_USER')  # type: ignore
+DBPASS: str = os.getenv('POSTGRES_PASSWORD')  # type: ignore
+conninfo = f'dbname={DBNAME} user={DBUSER} password={DBPASS} \
+             host={DBHOST} port={DBPORT}'
+
+
 # Post-migration: Remove the following lines
 if os.getenv('AWS_LAMBDA_FUNCTION_NAME'):
     SQLITE_DATABASE = 'courses_export_2025-06-18_110214.db'

enrollments-events/template.yaml

@@ -39,6 +39,11 @@ Globals:
         ORDER_TABLE: !Ref OrderTable
         COURSE_TABLE: !Ref CourseTable
         BUCKET_NAME: !Ref BucketName
+        POSTGRES_DB: saladeaula.digital
+        POSTGRES_HOST: sp-node01.saladeaula.digital
+        POSTGRES_PORT: 5432
+        POSTGRES_USER: "{{resolve:ssm:/saladeaula/postgres_user}}"
+        POSTGRES_PASSWORD: "{{resolve:ssm:/saladeaula/postgres_password}}"
 
 Resources:
   EventLog:

id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py

@@ -4,6 +4,7 @@ import authlib.oauth2 as oauth2
 import authlib.oauth2.rfc6749.requests as requests
 from authlib.common.security import generate_token
 from authlib.oauth2.rfc6750 import BearerTokenGenerator
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.event_handler.api_gateway import Response
 from aws_lambda_powertools.event_handler.exceptions import NotFoundError
 from aws_lambda_powertools.utilities.data_classes.api_gateway_proxy_event import (
@@ -19,13 +20,13 @@ from .requests import APIGatewayJsonRequest, APIGatewayOAuth2Request
 
 DYNAMODB_SORT_KEY = os.getenv('DYNAMODB_SORT_KEY')
 OAUTH2_SCOPES_SUPPORTED = os.getenv('OAUTH2_SCOPES_SUPPORTED')
-
-
 GRANT_TYPES_EXPIRES_IN = {
     'refresh_token': 600,
     'authorization_code': 600,
 }
 
+logger = Logger(__name__)
+
 
 class AuthorizationServer(oauth2.AuthorizationServer):
     def __init__(

id.saladeaula.digital/app/routes/authorize.py

@@ -1,4 +1,4 @@
-from http import HTTPStatus, client
+from http import HTTPStatus
 from http.cookies import SimpleCookie
 
 import jwt
@@ -33,13 +33,11 @@ def authorize():
             request=router.current_event,
             end_user=sub,
         )
-        req_scopes = set(scope_to_list(grant.request.payload.scope))
-        user_scopes = set(scope_to_list(session_scope)) if session_scope else set()
         client_scopes = set(scope_to_list(grant.client.scope))
+        user_scopes = set(scope_to_list(session_scope)) if session_scope else set()
 
-        if not req_scopes.issubset(
+        if not client_scopes.issubset(
-            client_scopes
+            user_scopes | {'openid', 'email', 'profile', 'offline_access'}
-            & (user_scopes | {'openid', 'email', 'profile', 'offline_access'})
         ):
             raise errors.InvalidScopeError(status_code=HTTPStatus.UNAUTHORIZED)
 

id.saladeaula.digital/client/app/routes/authorize.ts

@@ -30,7 +30,7 @@ export async function loader({ request, context }: Route.LoaderArgs) {
       redirect: 'manual'
     })
 
-    if (r.status === httpStatus.BAD_REQUEST) {
+    if (r.status === httpStatus.FOUND) {
       return new Response(null, {
         status: httpStatus.FOUND,
         headers: {

id.saladeaula.digital/template.yaml

@@ -26,7 +26,7 @@ Globals:
         OAUTH2_TABLE: !Ref OAuth2Table
         ISSUER: https://id.saladeaula.digital
         JWT_SECRET: 7DUTFB1iLeSpiXvmxbOZim1yPVmQbmBpAzgscob0RDzrL2wVwRi1ti2ZSry7jJAf
-        OAUTH2_SCOPES_SUPPORTED: openid profile email offline_access read:users read:enrollments read:orders
+        OAUTH2_SCOPES_SUPPORTED: openid profile email offline_access read:users read:enrollments read:orders read:courses write:courses
 
 Resources:
   HttpLog:

id.saladeaula.digital/tests/routes/test_authorize.py

@@ -61,7 +61,7 @@ def test_unauthorized(
     http_api_proxy: HttpApiProxy,
     lambda_context: LambdaContext,
 ):
-    session_id = new_session(USER_ID, 'read:users')
+    session_id = new_session(USER_ID, 'read:enrollments')
 
     r = app.lambda_handler(
         http_api_proxy(

streams-events/app/config.py

@@ -8,3 +8,5 @@ POSTGRES_HOST: str = os.getenv('POSTGRES_HOST')  # type: ignore
 POSTGRES_PORT: str = os.getenv('POSTGRES_PORT')  # type: ignore
 POSTGRES_USER: str = os.getenv('POSTGRES_USER')  # type: ignore
 POSTGRES_PASSWORD: str = os.getenv('POSTGRES_PASSWORD')  # type: ignore
+CONNINFO = f'dbname={POSTGRES_DB} user={POSTGRES_USER} password={POSTGRES_PASSWORD} \
+            host={POSTGRES_HOST} port={POSTGRES_PORT}'

streams-events/app/events/replicate_into_postgres.py

@@ -14,13 +14,7 @@ from aws_lambda_powertools.utilities.typing import LambdaContext
 from layercake.strutils import md5_hash
 from psycopg import sql
 
-from config import (
+from config import CONNINFO
-    POSTGRES_DB,
-    POSTGRES_HOST,
-    POSTGRES_PASSWORD,
-    POSTGRES_PORT,
-    POSTGRES_USER,
-)
 from utils import table_from_arn
 
 
@@ -34,8 +28,6 @@ class JSONEncoder(Encoder):
 
 logger = Logger(__name__)
 tracer = Tracer()
-CONNINFO = f'dbname={POSTGRES_DB} user={POSTGRES_USER} password={POSTGRES_PASSWORD} \
-            host={POSTGRES_HOST} port={POSTGRES_PORT}'
 
 
 UPSERT_QUERY = sql.SQL("""