-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
235 lines (213 loc) · 6.22 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
service:
name: crmapi
stage: dev
region: us-east-1
# app and org for use with dashboard.serverless.com
app: customersApi
org: amtest
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
tableNames:
Customers: ${self:provider.environment.CUSTOMER_TABLE}
dynamodb:
start:
migrate: true
stages:
- dev
endpoints:
dynamodb-url: 'http://localhost:8000'
# Add the serverless-webpack plugin
plugins:
- serverless-jest-plugin
- serverless-webpack
- serverless-dynamodb-local
- serverless-offline
provider:
name: aws
runtime: nodejs12.x
stage: dev
region: us-east-1
apiGateway:
minimumCompressionSize: 256 # Enable gzip compression for responses > 1 KB
environment:
AWS_NODEJS_CONNECTION_REUSE_ENABLED: 1
CUSTOMER_TABLE: "${opt:stage, self:provider.stage}-CustomersTable"
# USERS_TABLE: "${opt:stage, self:provider.stage}-UsersTable"
AWS_REGION_CONF: "${opt:region, self:provider.region}"
DYNAMODB_ENDPOINT: ${self:custom.endpoints.dynamodb-url}
OAUTH_AUDIENCE: ${file(./secrets.json):OAUTH_AUDIENCE}
OAUTH_CLIENT_ID: ${file(./secrets.json):OAUTH_CLIENT_ID}
OAUTH_DOMAIN: ${file(./secrets.json):OAUTH_DOMAIN}
OAUTH_CLIENT_SECRET: ${file(./secrets.json):OAUTH_CLIENT_SECRET}
OAUTH_CLIENT_PUBLIC_KEY: ${file(./oauth2_public_key.pem)}
MAX_PHOTO_SIZE: ${file(./settings.json):MAX_PHOTO_SIZE}
S3_BUCKET_NAME: "${opt:stage, self:provider.stage}-crmapi-photo-bucket"
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- s3:*
Resource: "*"
#Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:*:table/${self:provider.environment.CUSTOMER_TABLE}"
functions:
authorizerFunc:
handler: src/common/authorizerFunc.authorizerFunc
createCustomer:
handler: src/api/customerHandlers/createCustomer.createCustomer
events:
- http:
method: post
path: api/customers
authorizer:
name: authorizerFunc
updateCustomer:
handler: src/api/customerHandlers/updateCustomer.updateCustomer
events:
- http:
method: put
path: api/customers/{id}
authorizer:
name: authorizerFunc
deleteCustomer:
handler: src/api/customerHandlers/deleteCustomer.deleteCustomer
events:
- http:
method: delete
path: api/customers/{id}
authorizer:
name: authorizerFunc
getCustomer:
handler: src/api/customerHandlers/getCustomer.getCustomer
events:
- http:
method: get
path: api/customers/{id}
authorizer:
name: authorizerFunc
listCustomers:
handler: src/api/customerHandlers/listCustomers.listCustomers
events:
- http:
method: get
path: api/customers
authorizer:
name: authorizerFunc
addCustomerPhoto:
handler: src/api/customerHandlers/addCustomerPhoto.addCustomerPhoto
events:
- http:
method: put
path: api/customers/{id}/photo
authorizer:
name: authorizerFunc
getCustomerPhoto:
handler: src/api/customerHandlers/getCustomerPhoto.getCustomerPhoto
events:
- http:
method: get
path: api/customers/{id}/photo
listUsers:
handler: src/api/userHandlers/listUsers.listUsers
events:
- http:
method: get
path: api/users
authorizer:
name: authorizerFunc
createUser:
handler: src/api/userHandlers/createUser.createUser
events:
- http:
method: post
path: api/users
authorizer:
name: authorizerFunc
updateUser:
handler: src/api/userHandlers/updateUser.updateUser
events:
- http:
method: put
path: api/users/{id}
authorizer:
name: authorizerFunc
deleteUser:
handler: src/api/userHandlers/deleteUser.deleteUser
events:
- http:
method: delete
path: api/users/{id}
authorizer:
name: authorizerFunc
deleteUserByEmail:
handler: src/api/userHandlers/deleteUserByEmail.deleteUserByEmail
events:
- http:
method: delete
path: api/users
authorizer:
name: authorizerFunc
setUserRole:
handler: src/api/userHandlers/setUserRole.setUserRole
events:
- http:
method: post
path: api/users/role
authorizer:
name: authorizerFunc
authenticateUser:
handler: src/api/userHandlers/authenticateUser.authenticateUser
events:
- http:
method: post
path: api/authorize
resources:
Resources:
S3PhotosBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.S3_BUCKET_NAME}
Customers:
Type: 'AWS::DynamoDB::Table'
DeletionPolicy: Retain
Properties:
TableName: ${self:provider.environment.CUSTOMER_TABLE}
AttributeDefinitions:
- AttributeName: GroupId
AttributeType: S
- AttributeName: CustomerId
AttributeType: S
KeySchema:
- AttributeName: GroupId
KeyType: HASH
- AttributeName: CustomerId
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
# Authorizer Responses
GatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: EXPIRED_TOKEN
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'
AuthFailureGatewayResponse:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: UNAUTHORIZED
RestApiId:
Ref: 'ApiGatewayRestApi'
StatusCode: '401'