merging the updated SNS and SES vars.

Merge branch 'bulk-delete' into nat-removal
APTrust · Feb 1, 2024 · 85e4f84 · 85e4f84
2 parents c7c0b03 + cbd8386
commit 85e4f84
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 4 deletions.
diff --git a/common/config.go b/common/config.go
@@ -28,6 +28,7 @@ var allowedConfigs = []string{
 	"uidemo",
 }
 
+// DBConfig contains info for connecting to the Postgres database.
 type DBConfig struct {
 	Host     string
 	Name     string
@@ -56,20 +57,33 @@ type LoggingConfig struct {
 	LogSql       bool
 }
 
+// TwoFactorConfig contains info for sending push messages
+// through Authy and SMS text messages through AWS SNS.
+// If SNSEndpoint is empty, we'll use the default public
+// SNS endpoint for the specified region. If non-empty,
+// we'll use the explicit SNSEndpoint. Should be non-empty
+// if we're on a private subnet without a NAT gateway.
 type TwoFactorConfig struct {
 	AuthyEnabled  bool
 	AuthyAPIKey   string `json:"-"`
 	AWSRegion     string
 	SMSEnabled    bool
 	OTPExpiration time.Duration
+	SNSEndpoint   string
 }
 
+// EmailConfig describes how to connect to Amazon SES or
+// another SMTP service. If SesEndpoint is empty, we'll use
+// the default public SES endpoint for the specified region.
+// If non-empty, we'll use the explicit SesEndpoint. Should
+// be non-empty if we're on a private subnet without a NAT gateway.
 type EmailConfig struct {
 	AWSRegion   string
 	Enabled     bool
 	FromAddress string
 	SesUser     string
 	SesPassword string
+	SesEndpoint string
 }
 
 type RedisConfig struct {
@@ -190,13 +204,15 @@ func loadConfig() *Config {
 			AWSRegion:     v.GetString("AWS_REGION"),
 			SMSEnabled:    v.GetBool("ENABLE_TWO_FACTOR_SMS"),
 			OTPExpiration: v.GetDuration("OTP_EXPIRATION"),
+			SNSEndpoint:   v.GetString("SNS_ENDPOINT"),
 		},
 		Email: &EmailConfig{
 			AWSRegion:   v.GetString("AWS_REGION"),
 			Enabled:     v.GetBool("EMAIL_ENABLED"),
 			FromAddress: v.GetString("EMAIL_FROM_ADDRESS"),
 			SesUser:     sesUser,
 			SesPassword: sesPassword,
+			SesEndpoint: v.GetString("SES_ENDPOINT"),
 		},
 		Redis: &RedisConfig{
 			DefaultDB: v.GetInt("REDIS_DEFAULT_DB"),

diff --git a/common/context.go b/common/context.go
@@ -62,8 +62,8 @@ func Context() *APTContext {
 			Log:         zlogger,
 			AuthyClient: network.NewAuthyClient(config.TwoFactor.AuthyEnabled, config.TwoFactor.AuthyAPIKey, zlogger),
 			NSQClient:   network.NewNSQClient(config.NsqUrl, zlogger),
-			SESClient:   network.NewSESClient(config.Email.Enabled, config.TwoFactor.AWSRegion, config.Email.SesUser, config.Email.SesPassword, config.Email.FromAddress, zlogger),
-			SNSClient:   network.NewSNSClient(config.TwoFactor.SMSEnabled, config.TwoFactor.AWSRegion, config.Email.SesUser, config.Email.SesPassword, zlogger),
+			SESClient:   network.NewSESClient(config.Email.Enabled, config.TwoFactor.AWSRegion, config.Email.SesEndpoint, config.Email.SesUser, config.Email.SesPassword, config.Email.FromAddress, zlogger),
+			SNSClient:   network.NewSNSClient(config.TwoFactor.SMSEnabled, config.TwoFactor.AWSRegion, config.TwoFactor.SNSEndpoint, config.Email.SesUser, config.Email.SesPassword, zlogger),
 			RedisClient: redisClient,
 		}
 	}

diff --git a/network/ses_client.go b/network/ses_client.go
@@ -18,7 +18,7 @@ type SESClient struct {
 	Service        *ses.SES
 }
 
-func NewSESClient(serviceEnabled bool, awsRegion, sesUser, sesPassword, fromAddress string, logger zerolog.Logger) *SESClient {
+func NewSESClient(serviceEnabled bool, awsRegion, endpointUrl, sesUser, sesPassword, fromAddress string, logger zerolog.Logger) *SESClient {
 	client := &SESClient{
 		logger:         logger,
 		ServiceEnabled: serviceEnabled,
@@ -28,6 +28,7 @@ func NewSESClient(serviceEnabled bool, awsRegion, sesUser, sesPassword, fromAddr
 		client.Session = session.Must(session.NewSession(&aws.Config{
 			Region:      aws.String(awsRegion),
 			Credentials: credentials.NewStaticCredentials(sesUser, sesPassword, ""),
+			Endpoint:    aws.String(endpointUrl),
 		}))
 		client.Service = ses.New(client.Session)
 		logger.Info().Msgf("Email service is enabled. Alerts will be sent through AWS SES service with from address %s.", fromAddress)

diff --git a/network/sns_client.go b/network/sns_client.go
@@ -17,7 +17,7 @@ type SNSClient struct {
 	Service        *sns.SNS
 }
 
-func NewSNSClient(serviceEnabled bool, awsRegion, sesUser, sesPassword string, logger zerolog.Logger) *SNSClient {
+func NewSNSClient(serviceEnabled bool, awsRegion, endpoint, sesUser, sesPassword string, logger zerolog.Logger) *SNSClient {
 	client := &SNSClient{
 		logger:         logger,
 		ServiceEnabled: serviceEnabled,
@@ -26,6 +26,7 @@ func NewSNSClient(serviceEnabled bool, awsRegion, sesUser, sesPassword string, l
 		client.Session = session.Must(session.NewSession(&aws.Config{
 			Region:      aws.String(awsRegion),
 			Credentials: credentials.NewStaticCredentials(sesUser, sesPassword, ""),
+			Endpoint:    aws.String(endpoint),
 		}))
 		client.Service = sns.New(client.Session)
 		logger.Info().Msg("Two-factor SMS is enabled. OTP codes will be sent through AWS SNS service.")