Deployment updates

cisagov · Mar 15, 2024 · 951fde2 · 951fde2
1 parent 1ccfbb1
commit 951fde2
Show file tree

Hide file tree

Showing 22 changed files with 1,081 additions and 75 deletions.
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -51,6 +51,8 @@
     "uuid": "^9.0.1",
     "wappalyzer": "^6.10.63",
     "wappalyzer-core": "^6.10.63",
+    "winston": "^3.11.0",
+    "winston-cloudwatch": "^6.2.0",
     "ws": "^8.13.0"
   },
   "devDependencies": {
@@ -79,6 +81,7 @@
     "prettier": "^3.0.0",
     "sentencer": "^0.2.1",
     "serverless": "^3.30",
+    "serverless-better-credentials": "^1.2.0",
     "serverless-domain-manager": "^7.0",
     "serverless-dotenv-plugin": "^6.0.0",
     "serverless-webpack": "^5.11.0",
@@ -116,4 +119,4 @@
   },
   "author": "",
   "license": "ISC"
-}
+}
diff --git a/backend/src/api/app.ts b/backend/src/api/app.ts
@@ -110,12 +110,12 @@ app.use(
         defaultSrc: [
           "'self'",
           'https://cognito-idp.us-gov-west-1.amazonaws.com',
-          'https://api.staging.crossfeed.cyber.dhs.gov'
+          'https://api.crossfeed.cyber.dhs.gov'
         ],
         objectSrc: ["'none'"],
         scriptSrc: [
           "'self'",
-          'https://api.staging.crossfeed.cyber.dhs.gov'
+          'https://api.crossfeed.cyber.dhs.gov'
           // Add any other allowed script sources here
         ],
         frameAncestors: ["'none'"]

diff --git a/backend/src/api/auth.ts b/backend/src/api/auth.ts
@@ -122,13 +122,14 @@ export const callback = async (event, context) => {
   } catch (e) {
     return {
       statusCode: 500,
-      body: e
+      body: ''
     };
   }
+
   if (!userInfo.email_verified) {
     return {
       statusCode: 403,
-      body: 'Email is not verified'
+      body: ''
     };
   }
 
@@ -261,6 +262,15 @@ export const isGlobalViewAdmin = (event: APIGatewayProxyEvent) => {
     : false;
 };
 
+/** Check if a user has regionalAdmin view permissions */
+export const isRegionalAdmin = (event: APIGatewayProxyEvent) => {
+  return event.requestContext.authorizer &&
+    (event.requestContext.authorizer.userType === UserType.REGIONAL_ADMIN ||
+      event.requestContext.authorizer.userType === UserType.GLOBAL_ADMIN)
+    ? true
+    : false;
+};
+
 /** Checks if the current user is allowed to access (modify) a user with id userId */
 export const canAccessUser = (event: APIGatewayProxyEvent, userId?: string) => {
   return userId && (userId === getUserId(event) || isGlobalWriteAdmin(event));

diff --git a/backend/src/api/helpers.ts b/backend/src/api/helpers.ts
@@ -7,9 +7,11 @@ import {
 import { ValidationOptions, validateOrReject } from 'class-validator';
 import { ClassType } from 'class-transformer/ClassTransformer';
 import { plainToClass } from 'class-transformer';
+import S3Client from '../tasks/s3-client';
 import { SES } from 'aws-sdk';
 import * as nodemailer from 'nodemailer';
 import logger from '../tools/lambda-logger';
+import * as handlebars from 'handlebars';
 
 const AWS = require('aws-sdk');
 const httpProxy = require('https-proxy-agent');
@@ -75,12 +77,12 @@ export const wrapHandler: WrapHandler =
 
 export const NotFound: APIGatewayProxyResult = {
   statusCode: 404,
-  body: ''
+  body: 'Item not found. View logs for details.'
 };
 
 export const Unauthorized: APIGatewayProxyResult = {
   statusCode: 403,
-  body: ''
+  body: 'Unauthorized access. View logs for details.'
 };
 
 export const sendEmail = async (
@@ -121,3 +123,202 @@ export const sendEmail = async (
     throw error;
   }
 };
+
+export const sendRegistrationTextEmail = async (recipient: string) => {
+  process.env.HTTPS_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+  process.env.HTTP_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+  const proxyAgent = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+  AWS.config.update({
+    httpOptions: {
+      agent: proxyAgent ? httpProxy(proxyAgent) : undefined
+    }
+  });
+  const transporter = nodemailer.createTransport({
+    SES: new SES({
+      region: 'us-gov-west-1',
+      endpoint: 'https://email.us-gov-west-1.amazonaws.com'
+    })
+  });
+
+  const mailOptions = {
+    from: process.env.CROSSFEED_SUPPORT_EMAIL_SENDER!,
+    to: recipient,
+    subject: 'Crossfeed Registration Pending',
+    text: 'Your registration is pending approval.',
+    replyTo: process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO!
+  };
+
+  await transporter.sendMail(mailOptions, (error, data) => {
+    console.log(data);
+    if (error) {
+      console.log(error);
+    }
+  });
+};
+
+export const sendRegistrationHtmlEmail = async (recipient: string) => {
+  process.env.HTTPS_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+  process.env.HTTP_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+  const proxyAgent = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+  AWS.config.update({
+    httpOptions: {
+      agent: proxyAgent ? httpProxy(proxyAgent) : undefined
+    }
+  });
+  const transporter = nodemailer.createTransport({
+    SES: new SES({
+      region: 'us-gov-west-1',
+      endpoint: 'https://email.us-gov-west-1.amazonaws.com'
+    })
+  });
+
+  const mailOptions = {
+    from: process.env.CROSSFEED_SUPPORT_EMAIL_SENDER!,
+    to: recipient,
+    subject: 'Crossfeed Registration Pending',
+    html: '<p>Your registration is pending approval.</p>',
+    replyTo: process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO!
+  };
+
+  await transporter.sendMail(mailOptions, (error, data) => {
+    console.log(data);
+    if (error) {
+      console.log(error);
+    }
+  });
+};
+
+export const sendUserRegistrationEmail = async (
+  recepient: string,
+  subject: string,
+  firstName: string,
+  lastName: string,
+  templateFileName: string
+) => {
+  try {
+    const client = new S3Client();
+    const htmlTemplate = await client.getEmailAsset(templateFileName);
+    const template = handlebars.compile(htmlTemplate);
+    const data = {
+      firstName: firstName,
+      lastName: lastName
+    };
+
+    const htmlToSend = template(data);
+    const mailOptions = {
+      from: process.env.CROSSFEED_SUPPORT_EMAIL_SENDER!,
+      to: recepient,
+      subject: subject,
+      html: htmlToSend,
+      replyTo: process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO!
+    };
+
+    process.env.HTTPS_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    process.env.HTTP_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    const proxyAgent = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+    AWS.config.update({
+      httpOptions: {
+        agent: proxyAgent ? httpProxy(proxyAgent) : undefined
+      }
+    });
+    const transporter = nodemailer.createTransport({
+      SES: new SES({
+        region: 'us-gov-west-1',
+        endpoint: 'https://email.us-gov-west-1.amazonaws.com'
+      })
+    });
+    await transporter.sendMail(mailOptions);
+  } catch (errorMessage) {
+    console.log('Email error: ', errorMessage);
+  }
+};
+
+export const sendRegistrationDeniedEmail = async (
+  recepient: string,
+  subject: string,
+  firstName: string,
+  lastName: string,
+  templateFileName: string
+) => {
+  try {
+    const client = new S3Client();
+    const htmlTemplate = await client.getEmailAsset(templateFileName);
+    const template = handlebars.compile(htmlTemplate);
+    const data = {
+      firstName: firstName,
+      lastName: lastName
+    };
+
+    const htmlToSend = template(data);
+    const mailOptions = {
+      from: process.env.CROSSFEED_SUPPORT_EMAIL_SENDER!,
+      to: recepient,
+      subject: subject,
+      html: htmlToSend,
+      replyTo: process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO!
+    };
+
+    process.env.HTTPS_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    process.env.HTTP_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    const proxyAgent = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+    AWS.config.update({
+      httpOptions: {
+        agent: proxyAgent ? httpProxy(proxyAgent) : undefined
+      }
+    });
+    const transporter = nodemailer.createTransport({
+      SES: new SES({
+        region: 'us-gov-west-1',
+        endpoint: 'https://email.us-gov-west-1.amazonaws.com'
+      })
+    });
+    await transporter.sendMail(mailOptions);
+  } catch (errorMessage) {
+    console.log('Email error: ', errorMessage);
+  }
+};
+
+export const sendRegistrationApprovedEmail = async (
+  recepient: string,
+  subject: string,
+  firstName: string,
+  lastName: string,
+  templateFileName: string
+) => {
+  try {
+    const client = new S3Client();
+    const htmlTemplate = await client.getEmailAsset(templateFileName);
+    const template = handlebars.compile(htmlTemplate);
+    const data = {
+      firstName: firstName,
+      lastName: lastName
+    };
+
+    const htmlToSend = template(data);
+    const mailOptions = {
+      from: process.env.CROSSFEED_SUPPORT_EMAIL_SENDER!,
+      to: recepient,
+      subject: subject,
+      html: htmlToSend,
+      replyTo: process.env.CROSSFEED_SUPPORT_EMAIL_REPLYTO!
+    };
+
+    process.env.HTTPS_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    process.env.HTTP_PROXY = 'http://proxy.lz.us-cert.gov:8080';
+    const proxyAgent = process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+    AWS.config.update({
+      httpOptions: {
+        agent: proxyAgent ? httpProxy(proxyAgent) : undefined
+      }
+    });
+    const transporter = nodemailer.createTransport({
+      SES: new SES({
+        region: 'us-gov-west-1',
+        endpoint: 'https://email.us-gov-west-1.amazonaws.com'
+      })
+    });
+    await transporter.sendMail(mailOptions);
+  } catch (errorMessage) {
+    console.log('Email error: ', errorMessage);
+  }
+};
diff --git a/backend/src/api/users.ts b/backend/src/api/users.ts
@@ -36,6 +36,7 @@ import {
 import { Type, plainToClass } from 'class-transformer';
 import { IsNull } from 'typeorm';
 import { create } from './organizations';
+import logger from '../tools/lambda-logger';
 
 class UserSearch {
   @IsInt()

diff --git a/backend/src/tasks/checkUserExpiration.ts b/backend/src/tasks/checkUserExpiration.ts
@@ -7,7 +7,6 @@ import { getRepository } from 'typeorm';
 
 const cognito = new AWS.CognitoIdentityServiceProvider();
 const userPoolId = process.env.REACT_APP_USER_POOL_ID!;
-const ses = new AWS.SES({ region: 'us-east-1' }); // Assuming SES for email notifications
 
 export const handler: Handler = async (event) => {
   await connectToDatabase(true);

diff --git a/backend/src/tasks/s3-client.ts b/backend/src/tasks/s3-client.ts
@@ -94,6 +94,27 @@ class S3Client {
       throw e;
     }
   }
+
+  async getEmailAsset(fileName: string) {
+    try {
+      const params = {
+        Bucket: process.env.EMAIL_BUCKET_NAME!,
+        Key: fileName
+      };
+
+      const data = await this.s3
+        .getObject(params, function (err, data) {
+          if (err) throw err;
+        })
+        .promise();
+      if (data && data.Body) {
+        return data.Body.toString('utf-8');
+      }
+    } catch (e) {
+      console.error(e);
+      throw e;
+    }
+  }
 }
 
 export default S3Client;