AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Parameters:
  UserTable:
    Type: String
    Default: betaeducacao-prod-users_d2o3r5gmm4it7j
  CourseTable:
    Type: String
    Default: saladeaula_courses
  EnrollmentTable:
    Type: String
    Default: betaeducacao-prod-enrollments
  OrderTable:
    Type: String
    Default: betaeducacao-prod-orders
  BucketName:
    Type: String
    Default: saladeaula.digital

Globals:
  Function:
    CodeUri: app/
    Runtime: python3.14
    Tracing: Active
    Architectures:
      - x86_64
    Layers:
      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:106
    Environment:
      Variables:
        TZ: America/Sao_Paulo
        LOG_LEVEL: DEBUG
        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
        POWERTOOLS_LOGGER_LOG_EVENT: true
        DYNAMODB_PARTITION_KEY: id
        USER_TABLE: !Ref UserTable
        COURSE_TABLE: !Ref CourseTable
        ENROLLMENT_TABLE: !Ref EnrollmentTable
        ORDER_TABLE: !Ref OrderTable
        BUCKET_NAME: !Ref BucketName

Resources:
  HttpLog:
    Type: AWS::Logs::LogGroup
    Properties:
      RetentionInDays: 90

  ScheduleLog:
    Type: AWS::Logs::LogGroup
    Properties:
      RetentionInDays: 7

  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      CorsConfiguration:
        AllowOrigins: ['*']
        AllowMethods: [GET, POST, PUT, DELETE, PATCH, OPTIONS]
        AllowHeaders: [Content-Type, X-Requested-With, Authorization]
        AllowCredentials: false
        MaxAge: 600 # 10 minutes
      Auth:
        DefaultAuthorizer: OAuth2Authorizer
        Authorizers:
          OAuth2Authorizer:
            IdentitySource: $request.header.Authorization
            JwtConfiguration:
              issuer: https://id.saladeaula.digital
              audience:
                - 1a5483ab-4521-4702-9115-5857ac676851 # saladeaula.digital
                - 6fd6a7ec-c956-4f0b-96d7-337ffec6eabb # insights.saladeaula.digital
                - 1db63660-063d-4280-b2ea-388aca4a9459 # admin.saladeaula.digital
                - 78a0819e-1f9b-4da1-b05f-40ec0eaed0c8 # studio.saladeaula.digital

  HttpApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: app.lambda_handler
      LoggingConfig:
        LogGroup: !Ref HttpLog
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref UserTable
        - DynamoDBCrudPolicy:
            TableName: !Ref CourseTable
        - DynamoDBCrudPolicy:
            TableName: !Ref EnrollmentTable
        - DynamoDBCrudPolicy:
            TableName: !Ref OrderTable
        - S3CrudPolicy:
            BucketName: !Ref BucketName
      Events:
        Preflight:
          Type: HttpApi
          Properties:
            Path: /{proxy+}
            Method: OPTIONS
            ApiId: !Ref HttpApi
        AnyRequest:
          Type: HttpApi
          Properties:
            Path: /{proxy+}
            Method: ANY
            ApiId: !Ref HttpApi
        Health:
          Type: HttpApi
          Properties:
            Path: /health
            Method: GET
            ApiId: !Ref HttpApi
            Auth:
              Authorizer: NONE
        Swagger:
          Type: HttpApi
          Properties:
            Path: /swagger
            Method: GET
            ApiId: !Ref HttpApi
            Auth:
              Authorizer: NONE

  EventKeepWarmScheduledFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: keep_warm.lambda_handler
      LoggingConfig:
        LogGroup: !Ref ScheduleLog
      Events:
        ScheduleEvent:
          Type: ScheduleV2
          Properties:
            ScheduleExpression: cron(*/5 5-23 * * ? *)
            ScheduleExpressionTimezone: America/Sao_Paulo

Outputs:
  HttpApiUrl:
    Description: URL of your API endpoint
    Value:
      Fn::Sub: 'https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}'
  HttpApiId:
    Description: Api ID of HttpApi
    Value:
      Ref: HttpApi