wip

2025-03-28 20:37:04 -03:00
parent a1141dcce8
commit dbe7a924e2
10 changed files with 89 additions and 105 deletions
--- a/http-api/middlewares.py
+++ b/http-api/middlewares.py
@@ -12,15 +12,21 @@ from aws_lambda_powertools.shared.functions import (
 from layercake.dateutils import now, ttl
 from layercake.dynamodb import ComposeKey, DynamoDBCollection, KeyPair
 from layercake.funcs import pick
-from pydantic import UUID4, BaseModel, Field
+from pydantic import UUID4, BaseModel, EmailStr, Field
+
+from auth import AuthFlowType

 LOG_RETENTION_DAYS = 365 * 2  # 2 years


-class AuthenticatedUser(BaseModel):
-    id: str = Field(alias='custom:user_id')
+class User(BaseModel):
+    id: str
    name: str
-    email: str
+    email: EmailStr
+
+
+class CognitoUser(User):
+    id: str = Field(alias='custom:user_id')
    email_verified: bool
    sub: UUID4

@@ -33,12 +39,31 @@ class AuthorizerMiddleware(BaseMiddlewareHandler):
    ) -> Response:
        # Gets the Lambda authorizer associated with the current API Gateway event.
        # You can check the file `auth.py` for more details.
-        authorizer = app.current_event.request_context.authorizer.get_lambda
+        context = app.current_event.request_context.authorizer.get_lambda
+        auth_flow_type = context.get('auth_flow_type')

-        if 'user' in authorizer:
-            user = authorizer['user']
-            app.append_context(authenticated_user=AuthenticatedUser(**user))
+        if not auth_flow_type:
+            return next_middleware(app)

+        cls = {
+            AuthFlowType.USER_AUTH: CognitoUser,
+            AuthFlowType.API_AUTH: User,
+        }.get(auth_flow_type)
+
+        if cls:
+            app.append_context(user=cls(**context['user']))
+
+        return next_middleware(app)
+
+
+class TenantMiddleware(BaseMiddlewareHandler):
+    def handler(
+        self,
+        app: APIGatewayHttpResolver,
+        next_middleware: NextMiddleware,
+    ) -> Response:
+        context = app.current_event.request_context.authorizer.get_lambda
+        auth_flow_type = context.get('auth_flow_type')
        return next_middleware(app)


@@ -78,11 +103,10 @@ class AuditLogMiddleware(BaseMiddlewareHandler):
        app: APIGatewayHttpResolver,
        next_middleware: NextMiddleware,
    ) -> Response:
-        collect = self.collect
+        user = app.context.get('user')
+        req_context = app.current_event.request_context
+        ip_addr = req_context.http.source_ip
        response = next_middleware(app)
-        user = app.context.get('authenticated_user')
-        request_ctx = app.current_event.request_context
-        ip_addr = request_ctx.http.source_ip

        # Successful request
        if 200 <= response.status_code < 300 and user:
@@ -98,7 +122,7 @@ class AuditLogMiddleware(BaseMiddlewareHandler):
                else None
            )

-            collect.put_item(
+            self.collect.put_item(
                key=KeyPair(
                    pk=ComposeKey(user.id, prefix='logs'),
                    sk=now_.isoformat(),