serverless.yml

# serverless.yml
org: photonadmin
app: photonranch

service: photonranch-api

package:
  patterns:
    - '!venv/**'
    - '!node_modules/**'
    - '!.pytest_cache/**'
    - '!.vscode/**'

plugins:
  - serverless-python-requirements
  - serverless-domain-manager
  - serverless-prune-plugin
  - serverless-offline

custom:
  # This is the 'variable' for the customDomain.basePath value, based on the stage.
  # Run as `sls deploy --stage <stage_name>`
  stage:
    prod: api
    dev: dev
    test: test

  # Make sure to first run 'serverless create_domain'
  customDomain:
    domainName: 'api.photonranch.org'
    basePath: ${self:custom.stage.${self:provider.stage}}
    stage: ${self:provider.stage}
    createRoute53Record: true

  pythonRequirements:
    dockerizePip: non-linux
    useDownloadCache: false
    useStaticCache: false
    slim: true

  # Serverless prune plugin automatically prunes function versions older than
  # the last 3. This prevents the lambda function from exceeding storage limits.
  prune:
    automatic: true
    number: 3

provider:
  name: aws
  stage: ${opt:stage, "test"}
  runtime: python3.9
  region: us-east-1
  environment:
    S3_BUCKET_NAME: 'photonranch-001'
    CONFIG_TABLE_NAME: site_configurations
    UPLOADS_LOG_TABLE_NAME: recent-uploads-log
    REGION: ${self:provider.region}
    INFO_IMAGES_TABLE: 'info-images'
    REMOTEHQ_ROOMS_TABLE: 'remotehq-control-rooms'
    NIGHT_LOG_TABLE: 'night-log'
    AUTH0_CLIENT_ID: ${file(./secrets.json):AUTH0_CLIENT_ID}
    AUTH0_CLIENT_PUBLIC_KEY: ${file(./public_key)}

  iam:
    role:
      statements:
        - Effect: Allow
          Action:
            - s3:GetObject
            - s3:PutObject
            - s3:ListBucket
            - s3:ListBucketVersions
          Resource:
            - "arn:aws:s3:::photonranch-001/*"
            - "arn:aws:s3:::photonranch-001"

        - Effect: Allow
          Action:
            - ssm:GetParameter
          Resource: "arn:aws:ssm:${self:provider.region}:*:parameter/*"

        - Effect: Allow
          Action:
            - "dynamodb:PutItem"
            - "dynamodb:GetItem"
            - "dynamodb:UpdateItem"
            - "dynamodb:DeleteItem"
            - "dynamodb:Scan"
            - "dynamodb:Query"
          Resource:
            - "arn:aws:dynamodb:${self:provider.region}:*:*"

        - Effect: Allow
          Action:
            - sqs:*
          Resource: arn:aws:sqs:*:*:*

        - Effect: Allow
          Action:
            - "lambda:InvokeFunction"
          Resource:
            - "arn:aws:lambda:us-east-1:306389350997:function:zip-downloads-dev-zip"

resources:  # CloudFormation template syntax from here on.
  Resources:

    # Configure API gateway "Gateway Responses" to work with CORS restrictions
    GatewayResponseDefault4XX:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
        ResponseType: DEFAULT_4XX
        RestApiId:
          Ref: 'ApiGatewayRestApi'
    GatewayResponseDefault5XX:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
        ResponseType: DEFAULT_5XX
        RestApiId:
          Ref: 'ApiGatewayRestApi'
    GatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: EXPIRED_TOKEN
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'
    AuthFailureGatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseType: UNAUTHORIZED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '401'

functions:
  authorizerFunc:
    handler: api/authorizer.auth

  dummyRequiresAuth:
    handler: api/handler.dummy_requires_auth
    events:
      - http:
          path: dummy-requires-auth
          method: post
          authorizer:
            name: authorizerFunc
            type: request
            resultTtlInSeconds: 0  # Don't cache the policy or other tasks will fail!
          cors: true
  home:
    handler: api/handler.default
    events:
      - http:
          path: /
          method: get
          cors: true
  upload:
    handler: api/handler.upload
    events:
      - http:
          path: upload
          method: post
          cors: true
  download:
    handler: api/handler.download
    memorySize: 2024
    timeout: 30
    events:
      - http:
          path: download
          method: post
          cors: true

  downloadzip:
    handler: api/handler.download_zip
    memorySize: 1024
    timeout: 30
    events:
      - http:
          path: downloadzip
          method: post
          cors: true

  getRecentUploads:
    handler: api/handler.get_recent_uploads
    memorySize: 2024
    timeout: 30
    events:
      - http:
          path: recentuploads
          method: get
          cors: true

  # Image package for a single info image
  get_info_image:
    handler: api/info_images.get_info_image_package
    events:
      - http:
          path: infoimage/{site}/{channel}
          method: get
          cors: true

  # Image package for a single image
  get_image_by_filename:
    handler: api/db.get_image_by_filename_handler
    layers:
      - arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p38-SQLAlchemy:10
      # note: layer sourced from https://github.com/keithrozario/Klayers
    events:
      - http:
          path: image/{base_filename}
          method: get
          cors: true

  # List of image packages for last k images at the given site
  latestImages:
    handler: api/db.get_latest_site_images_handler
    memorySize: 2024
    timeout: 30
    layers:
      - arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p38-SQLAlchemy:10
    events:
      - http:
          path: /{site}/latest_images/{number_of_images}
          method: get
          cors: true

  latestImageAllSites:
    handler: api/db.get_latest_images_all_sites_handler
    layers:
      - arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p38-SQLAlchemy:10
    events:
      - http:
          path: /latest_image_all_sites/
          method: get
          cors: true

  getFitsHeader:
    handler: api/db.get_fits_header_from_db_handler
    layers:
      - arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p38-SQLAlchemy:10
    events:
      - http:
          path: /fitsheader/{base_filename}
          method: get
          cors: true

  filteredImageQuery:
    handler: api/db.filtered_images_query_handler
    memorySize: 2024
    timeout: 30
    layers:
      - arn:aws:lambda:us-east-1:770693421928:layer:Klayers-p38-SQLAlchemy:10
    events:
      - http:
          path: /filtered_images
          method: get
          cors: true

  ### Config Endpoints
  getConfig:
    handler: api/site_configs.get_config
    events:
      - http:
          path: /{site}/config
          method: get
          cors: true
  putConfig:
    handler: api/site_configs.put_config
    events:
      - http:
          path: /{site}/config
          method: put
          cors: true
  deleteConfig:
    handler: api/site_configs.delete_config
    events:
      - http:
          path: /{site}/config
          method: delete
          cors: true
  allConfig:
    handler: api/site_configs.all_config
    events:
      - http:
          path: /all/config
          method: get
          cors: true

  ### RemoteHQ api proxy
  newRemoteHQBrowser:
    handler: api/remotehq_helpers.handle_new_remotehq_browser
    events:
      - http:
          path: /new_remotehq_browser
          method: post
          authorizer:
            name: authorizerFunc
            type: request
            resultTtlInSeconds: 0  # Don't cache the policy or other tasks will fail!
          cors: true

  getControlRoom:
    handler: api/control_rooms.get_control_room
    events:
      - http:
          path: /control_room/{site}
          method: get
          cors: true

  deleteControlRoom:
    handler: api/control_rooms.delete_control_room
    events:
      - http:
          path: /control_room/{site}
          method: delete
          cors: true

  restartControlRoom:
    handler: api/control_rooms.restart_control_room_handler
    events:
      - http:
          path: /control_room/{site}/restart
          method: get
          cors: true

  restartAllRooms:
    handler: api/control_rooms.restart_all_rooms_handler
    events:
      - schedule:
          rate: cron(0 * * * ? *)  # Run once every hour

  ### Night Log Endpoints
  getNightLogNote:
    handler: api/night_log.get_note_handler
    events:
      - http:
          path: /nightlog/{site}
          method: get
          cors: true

  createNightLogNote:
    handler: api/night_log.create_note_handler
    events:
      - http:
          path: /nightlog/{site}
          method: post
          authorizer:
            name: authorizerFunc
            type: request
            resultTtlInSeconds: 0  # Don't cache the policy or other tasks will fail!
          cors: true

  deleteNightLogNote:
    handler: api/night_log.delete_note_handler
    events:
      - http:
          path: /nightlog/{site}
          method: delete
          authorizer:
            name: authorizerFunc
            type: request
            resultTtlInSeconds: 0  # Don't cache the policy or other tasks will fail!
          cors: true

  ### Site Events Endpoints
  siteEvents:
    handler: api/events_handler.siteevents
    events:
      - http:
          path: /events
          method: get
          cors: true

  moonRiseSetIllum:
    handler: api/events_handler.get_moon_riseset_illum_handler
    events:
      - http:
          path: /events/moon/rise-set-illum
          method: get
          cors: true