OJ-3197 - Second pass at single-Lambda check HMRC

Author: barnabycollins

lambdas/common/src/database/exceptions/errors.ts

@@ -1,4 +1,6 @@
 export class RecordExpiredError extends Error {
+  public readonly name = "RecordExpiredError";
+
   constructor(
     public readonly tableName: string,
     public readonly sessionId: string,
@@ -7,7 +9,7 @@ export class RecordExpiredError extends Error {
     super();
   }
 
-  get message() {
+  public get message() {
     return `Found only expired records on the ${
       this.tableName
     } table for sessionId ${this.sessionId}: ${this.expiryDates
@@ -18,14 +20,32 @@ export class RecordExpiredError extends Error {
 }
 
 export class RecordNotFoundError extends Error {
+  public readonly name = "RecordNotFoundError";
+
   constructor(
     public readonly tableName: string,
     public readonly sessionId: string
   ) {
     super();
   }
 
-  get message() {
+  public get message() {
     return `Failed to find a valid entry in the ${this.tableName} table with session ID ${this.sessionId}.`;
   }
 }
+
+export class TooManyRecordsError extends Error {
+  public readonly name = "TooManyRecordsError";
+
+  constructor(
+    public readonly tableName: string,
+    public readonly sessionId: string,
+    public readonly recordCount: number
+  ) {
+    super();
+  }
+
+  public get message() {
+    return `Found ${this.recordCount} records in ${this.tableName} for sessionId ${this.sessionId}! This should not be possible as sessionId should be unique.`;
+  }
+}

lambdas/common/src/database/get-record-by-session-id.ts

@@ -11,12 +11,20 @@ import { Logger } from "@aws-lambda-powertools/logger";
  * The array will usually have length 1, but it's possible that multiple rows will be returned.
  *
  * Use a type parameter to set the type of the entity that will be returned.
+ *
+ * NB: as some tables may not guarantee that sessionId is unique (eg, multiple attempts for the
+ * same session), this function only guarantees that there will be at least one non-expired
+ * record in the returned array. If you're expecting only one, you can check the length of the
+ * returned array and use the TooManyRecordsException available in ./exceptions/errors if it
+ * suits your needs.
  */
 export async function getRecordBySessionId<
   /**
-   * The type that will be returned by the function. Must include sessionId and expiryDate keys.
+   * The type that will be returned by the function. Must include sessionId key.
+   *
+   * If an expiryDate column exists, it will validate it.
    */
-  ReturnType extends { sessionId: string; expiryDate: number },
+  ReturnType extends { sessionId: string; expiryDate?: number },
 >(
   /** The name of the table in DynamoDB. Probably looks like "some-table-some-stack". */
   tableName: string,
@@ -61,7 +69,7 @@ export async function getRecordBySessionId<
     throw new RecordExpiredError(
       tableName,
       sessionId,
-      retrievedRecords.map((v) => v.expiryDate)
+      retrievedRecords.map((v) => v.expiryDate ?? -1)
     );
   }
 

lambdas/common/src/database/insert-record.ts

@@ -0,0 +1,24 @@
+import { Logger } from "@aws-lambda-powertools/logger";
+import {
+  DynamoDBClient,
+  PutItemCommand,
+  PutItemCommandOutput,
+} from "@aws-sdk/client-dynamodb";
+import { marshall } from "@aws-sdk/util-dynamodb";
+
+// TODO NB: This function needs review - retry logic, error handling etc are missing.
+export async function insertRecord<T>(
+  tableName: string,
+  record: T,
+  logger: Logger,
+  dynamoClient: DynamoDBClient = new DynamoDBClient()
+): Promise<PutItemCommandOutput> {
+  const saveCmd = new PutItemCommand({
+    TableName: tableName,
+    Item: marshall(record),
+  });
+
+  const saveRes = await dynamoClient.send(saveCmd);
+
+  return saveRes;
+}

lambdas/common/src/database/update-record-by-session-id.ts

@@ -0,0 +1,32 @@
+import { Logger } from "@aws-lambda-powertools/logger";
+import {
+  DynamoDBClient,
+  PutItemCommand,
+  PutItemCommandOutput,
+} from "@aws-sdk/client-dynamodb";
+import { marshall } from "@aws-sdk/util-dynamodb";
+
+// TODO NB: This function needs review - retry logic, error handling etc are missing.
+export async function updateRecordBySessionId<T extends { sessionId: string }>(
+  tableName: string,
+  record: Partial<T> & { sessionId: string },
+  logger: Logger,
+  dynamoClient: DynamoDBClient = new DynamoDBClient()
+): Promise<PutItemCommandOutput> {
+  const { sessionId, ...properties } = record;
+
+  const txnCmd = new PutItemCommand({
+    TableName: tableName,
+    ConditionExpression: "sessionId = :value",
+    ExpressionAttributeValues: {
+      ":value": {
+        S: sessionId,
+      },
+    },
+    Item: marshall(properties),
+  });
+
+  const txnRes = await dynamoClient.send(txnCmd);
+
+  return txnRes;
+}

lambdas/common/src/database/util/is-record-expired.ts

@@ -1,5 +1,8 @@
-export function isRecordExpired(record: { expiryDate: number }) {
-  // expiryDate is in Unix seconds, not milliseconds
-  const now = Math.floor(Date.now() / 1000);
-  return now > record.expiryDate;
+export function isRecordExpired(record: { expiryDate?: number }) {
+  if ("expiryDate" in record) {
+    // expiryDate is in Unix seconds, not milliseconds
+    const now = Math.floor(Date.now() / 1000);
+    return now > (record.expiryDate ?? 0);
+  }
+  return false;
 }

lambdas/common/src/types/brands.ts

@@ -0,0 +1,7 @@
+export type Brand<T, N extends string> = T & {
+  ___brand___: N;
+};
+
+export type UnixTimestamp = Brand<number, "UnixTimestamp">;
+
+export type ISO8601DateString = Brand<string, "ISO8601DateString">;

lambdas/common/tests/database/insert-record.test.ts

@@ -0,0 +1,74 @@
+import {
+  DynamoDBClient,
+  PutItemCommand,
+  PutItemCommandInput,
+} from "@aws-sdk/client-dynamodb";
+import { insertRecord } from "../../src/database/insert-record";
+import { SessionItem } from "../../src/database/types/session-item";
+import { mockLogger } from "../logger";
+import { marshall } from "@aws-sdk/util-dynamodb";
+
+const mockTableName = "some-stack-some-table";
+
+const mockSessionItem: SessionItem = {
+  expiryDate: 999,
+  sessionId: "some-session",
+  clientId: "aaa-aaa-aaa-aaa",
+  clientSessionId: "blahblah-blahblah",
+  authorizationCodeExpiryDate: 987,
+  redirectUri: "example.com/redirect",
+  accessToken: "yes-go-ahead",
+  accessTokenExpiryDate: 456,
+  clientIpAddress: "127.0.0.1",
+  subject: "bob",
+};
+
+jest.mock("@aws-sdk/client-dynamodb", () => ({
+  PutItemCommand: jest.fn().mockImplementation((input) => ({
+    type: "PutItemCommandClassInstance",
+    input,
+  })),
+  DynamoDBClient: jest.fn().mockImplementation(() => ({
+    send: jest.fn(),
+  })),
+}));
+
+const mockPutItemInput: PutItemCommandInput = {
+  TableName: mockTableName,
+  Item: marshall(mockSessionItem),
+};
+
+const mockPutItemCommand = new PutItemCommand(mockPutItemInput);
+
+const dynamoClient = new DynamoDBClient();
+
+function buildMockInsertRes(status: number) {
+  return {
+    Attributes: undefined,
+    ConsumedCapacity: undefined,
+    ItemCollectionMetrics: undefined,
+    $metadata: {
+      httoStatusCode: status,
+    },
+  };
+}
+
+const mockSuccessRes = buildMockInsertRes(201);
+
+describe("insertRecord()", () => {
+  it("calls the Dynamo client correctly for a given record", async () => {
+    dynamoClient.send = jest.fn().mockResolvedValue(mockSuccessRes);
+
+    const result = await insertRecord<SessionItem>(
+      mockTableName,
+      mockSessionItem,
+      mockLogger,
+      dynamoClient
+    );
+
+    expect(result).toEqual(mockSuccessRes);
+    expect(dynamoClient.send).toHaveBeenCalledTimes(1);
+    expect(dynamoClient.send).toHaveBeenCalledWith(mockPutItemCommand);
+    expect(PutItemCommand).toHaveBeenCalledWith(mockPutItemInput);
+  });
+});

lambdas/common/tests/database/update-record-by-session-id.test.ts

@@ -0,0 +1,81 @@
+import {
+  DynamoDBClient,
+  PutItemCommand,
+  PutItemCommandInput,
+} from "@aws-sdk/client-dynamodb";
+import { SessionItem } from "../../src/database/types/session-item";
+import { mockLogger } from "../logger";
+import { marshall } from "@aws-sdk/util-dynamodb";
+import { updateRecordBySessionId } from "../../src/database/update-record-by-session-id";
+
+const mockTableName = "some-stack-some-table";
+
+const sessionId = "some-session";
+
+const mockSessionData: Omit<SessionItem, "sessionId"> = {
+  expiryDate: 999,
+  clientId: "aaa-aaa-aaa-aaa",
+  clientSessionId: "blahblah-blahblah",
+  authorizationCodeExpiryDate: 987,
+  redirectUri: "example.com/redirect",
+  accessToken: "yes-go-ahead",
+  accessTokenExpiryDate: 456,
+  clientIpAddress: "127.0.0.1",
+  subject: "bob",
+};
+
+jest.mock("@aws-sdk/client-dynamodb", () => ({
+  PutItemCommand: jest.fn().mockImplementation((input) => ({
+    type: "PutItemCommandClassInstance",
+    input,
+  })),
+  DynamoDBClient: jest.fn().mockImplementation(() => ({
+    send: jest.fn(),
+  })),
+}));
+
+const mockPutItemInput: PutItemCommandInput = {
+  TableName: mockTableName,
+  ConditionExpression: "sessionId = :value",
+  ExpressionAttributeValues: {
+    ":value": {
+      S: sessionId,
+    },
+  },
+  Item: marshall(mockSessionData),
+};
+
+const mockPutItemCommand = new PutItemCommand(mockPutItemInput);
+
+const dynamoClient = new DynamoDBClient();
+
+function buildMockInsertRes(status: number) {
+  return {
+    Attributes: undefined,
+    ConsumedCapacity: undefined,
+    ItemCollectionMetrics: undefined,
+    $metadata: {
+      httoStatusCode: status,
+    },
+  };
+}
+
+const mockSuccessRes = buildMockInsertRes(201);
+
+describe("updateRecordBySessionId()", () => {
+  it("calls the Dynamo client correctly for a given record", async () => {
+    dynamoClient.send = jest.fn().mockResolvedValue(mockSuccessRes);
+
+    const result = await updateRecordBySessionId<SessionItem>(
+      mockTableName,
+      { sessionId, ...mockSessionData },
+      mockLogger,
+      dynamoClient
+    );
+
+    expect(result).toEqual(mockSuccessRes);
+    expect(dynamoClient.send).toHaveBeenCalledTimes(1);
+    expect(dynamoClient.send).toHaveBeenCalledWith(mockPutItemCommand);
+    expect(PutItemCommand).toHaveBeenCalledWith(mockPutItemInput);
+  });
+});

lambdas/common/tests/database/util/is-record-expired.test.ts

@@ -0,0 +1,19 @@
+import { isRecordExpired } from "../../../src/database/util/is-record-expired";
+
+describe("isRecordExpired()", () => {
+  it("returns true for times in the past", () => {
+    expect(
+      isRecordExpired({ expiryDate: Date.now() / 1000 - 30 })
+    ).toStrictEqual(true);
+  });
+
+  it(`returns false for times in the future`, () => {
+    expect(
+      isRecordExpired({ expiryDate: Date.now() / 1000 + 30 })
+    ).toStrictEqual(false);
+  });
+
+  it(`returns true for negative times`, () => {
+    expect(isRecordExpired({ expiryDate: -300 })).toStrictEqual(true);
+  });
+});

lambdas/common/tests/logger.ts

@@ -7,3 +7,12 @@ export const mockLogger = {
   error: jest.fn(),
   critical: jest.fn(),
 } as unknown as Logger;
+
+export const mockLogHelper = {
+  context: {},
+  govJourneyId: "my-journey",
+  logger: mockLogger,
+  handlerStartTime: new Date().toISOString(),
+  logEntry: jest.fn(),
+  logError: jest.fn(),
+};