AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31

Parameters:
  UserTable:
    Type: String
    Default: betaeducacao-prod-users_d2o3r5gmm4it7j
  OrderTable:
    Type: String
    Default: betaeducacao-prod-orders
  EnrollmentTable:
    Type: String
    Default: betaeducacao-prod-enrollments
  CourseTable:
    Type: String
    Default: saladeaula_courses

Globals:
  Function:
    CodeUri: .
    Runtime: python3.12
    Tracing: Active
    Architectures:
      - x86_64
    Layers:
      - !Sub arn:aws:lambda:sa-east-1:336641857101:layer:layercake:17
    Environment:
      Variables:
        TZ: America/Sao_Paulo
        LOG_LEVEL: DEBUG
        POWERTOOLS_LOGGER_SAMPLE_RATE: 0.1
        POWERTOOLS_LOGGER_LOG_EVENT: true
        DYNAMODB_PARTITION_KEY: id
        USER_TABLE: !Ref UserTable
        ORDER_TABLE: !Ref OrderTable
        ENROLLMENT_TABLE: !Ref EnrollmentTable
        COURSE_TABLE: !Ref CourseTable
        ELASTIC_CLOUD_ID: "{{resolve:ssm:/betaeducacao/elastic/cloud_id/str}}"
        ELASTIC_AUTH_PASS: "{{resolve:ssm:/betaeducacao/elastic/auth_pass/str}}"
        KONVIVA_API_URL: https://saladeaula.digital
        KONVIVA_SECRET_KEY: "{{resolve:ssm:/betaeducacao/konviva/secret_key/str}}"

Resources:
  HttpLog:
    Type: AWS::Logs::LogGroup
    Properties:
      RetentionInDays: 90

  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      CorsConfiguration:
        AllowOrigins: ["*"]
        AllowMethods: [GET, POST, PUT, DELETE, PATCH, OPTIONS]
        AllowHeaders: [Content-Type, X-Requested-With, Authorization, X-Tenant]
      Auth:
        DefaultAuthorizer: LambdaRequestAuthorizer
        Authorizers:
          LambdaRequestAuthorizer:
            FunctionArn: !GetAtt AuthFunction.Arn
            AuthorizerPayloadFormatVersion: "2.0"
            EnableFunctionDefaultPermissions: true
            EnableSimpleResponses: true
            Identity:
              Headers: [Authorization]

  HttpApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: app.lambda_handler
      LoggingConfig:
        LogGroup: !Ref HttpLog
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref UserTable
        - DynamoDBCrudPolicy:
            TableName: !Ref CourseTable
      Events:
        AnyRequest:
          Type: HttpApi
          Properties:
            Path: /{proxy+}
            Method: ANY
            ApiId: !Ref HttpApi
        Lookup:
          Type: HttpApi
          Properties:
            Path: /lookup/{username}
            Method: GET
            ApiId: !Ref HttpApi
            Auth:
              Authorizer: NONE

  AuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: auth.lambda_handler
      LoggingConfig:
        LogGroup: !Ref HttpLog