-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathhandler.ts
More file actions
81 lines (67 loc) · 3.13 KB
/
handler.ts
File metadata and controls
81 lines (67 loc) · 3.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from "aws-lambda";
import { initOpenTelemetry } from "../../open-telemetry/src/otel-setup";
import { BaseFunctionConfig } from "../../common/src/config/base-function-config";
import { CriError } from "../../common/src/errors/cri-error";
import { handleErrorResponse } from "../../common/src/errors/cri-error-response";
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
import { logger } from "../../common/src/util/logger";
import { retrieveSessionIdByAccessToken } from "./helpers/retrieve-session-by-access-token";
import { metrics } from "../../common/src/util/metrics";
import { countAttempts } from "../../common/src/database/count-attempts";
import { retrieveNinoUser } from "./helpers/retrieve-nino-user";
import { LambdaInterface } from "@aws-lambda-powertools/commons";
import { getRecordBySessionId } from "../../common/src/database/get-record-by-session-id";
import { SessionItem } from "../../common/src/database/types/session-item";
initOpenTelemetry();
const dynamoClient = new DynamoDBClient();
const functionConfig = new BaseFunctionConfig();
class IssueCredentialHandler implements LambdaInterface {
@logger.injectLambdaContext({ resetKeys: true })
@metrics.logMetrics({ throwOnEmptyMetrics: false, captureColdStartMetric: true })
public async handler({ headers }: APIGatewayProxyEvent, context: Context): Promise<APIGatewayProxyResult> {
try {
logger.info(`${context.functionName} invoked.`);
const accessToken = (headers["Authorization"]?.match(/^Bearer [a-zA-Z0-9_-]+$/) ?? [])[0];
if (!accessToken) throw new CriError(400, "You must provide a valid access token");
const sessionId = await retrieveSessionIdByAccessToken(
functionConfig.tableNames.sessionTable,
dynamoClient,
accessToken
);
const session = await getRecordBySessionId<SessionItem>(
dynamoClient,
functionConfig.tableNames.sessionTable,
sessionId,
"expiryDate"
);
logger.appendKeys({
govuk_signin_journey_id: session.clientSessionId,
});
logger.info(`Identified government journey id: ${session.clientSessionId}`);
const failedAttemptCount = await countAttempts(
functionConfig.tableNames.attemptTable,
dynamoClient,
session.sessionId,
"FAIL"
);
logger.info(`Identified ${failedAttemptCount} failed attempts.`);
const personIdentity = await getRecordBySessionId(
dynamoClient,
functionConfig.tableNames.personIdentityTable,
session.sessionId,
"expiryDate"
);
logger.info(`Retrieved person identity.`);
const ninoUser = await retrieveNinoUser(functionConfig.tableNames.ninoUserTable, dynamoClient, session.sessionId);
logger.info(`Retrieved NINo-user entry.`);
return {
statusCode: 200,
body: JSON.stringify({ failedAttemptCount, personIdentity, ninoUser }),
};
} catch (error) {
return handleErrorResponse(error, logger);
}
}
}
const handlerClass = new IssueCredentialHandler();
export const handler = handlerClass.handler.bind(handlerClass);