[DOP-4171]: Add api key

mongodb · Jan 24, 2024 · 0c12728 · 0c12728
1 parent f595925
commit 0c12728
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 7 deletions.
diff --git a/api/controllers/v2/cache.ts b/api/controllers/v2/cache.ts
@@ -2,6 +2,7 @@ import { APIGatewayEvent, APIGatewayProxyResult } from 'aws-lambda';
 
 import { RepoInfo } from '../../../src/cache-updater/index';
 import { ECSClient, RunTaskCommand } from '@aws-sdk/client-ecs';
+import { validateJsonWebhook } from '../../handlers/github';
 
 /**
  * validates request
@@ -26,10 +27,7 @@ function isRebuildRequest(body: unknown): body is RepoInfo[] {
 }
 
 async function runCacheRebuildJob(repos: RepoInfo[]) {
-  const TASK_DEFINITION = process.env.TASK_DEFINITION;
-  const CONTAINER_NAME = process.env.CONTAINER_NAME;
-  const CLUSTER = process.env.CLUSTER;
-  const SUBNETS = process.env.SUBNETS;
+  const { TASK_DEFINITION, CONTAINER_NAME, CLUSTER, SUBNETS } = process.env;
 
   if (!TASK_DEFINITION) throw new Error('ERROR! process.env.TASK_DEFINITION is not defined');
   if (!CONTAINER_NAME) throw new Error('ERROR! process.env.CONTAINER_NAME is not defined');

diff --git a/cdk-infra/lib/constructs/cache-updater/cache-updater-api-construct.ts b/cdk-infra/lib/constructs/cache-updater/cache-updater-api-construct.ts
@@ -1,9 +1,16 @@
 import { Duration } from 'aws-cdk-lib';
-import { Cors, LambdaIntegration, LambdaRestApi } from 'aws-cdk-lib/aws-apigateway';
+import {
+  ApiKeySourceType,
+  Cors,
+  LambdaIntegration,
+  LambdaRestApi,
+  LogGroupLogDestination,
+} from 'aws-cdk-lib/aws-apigateway';
 import { Vpc } from 'aws-cdk-lib/aws-ec2';
 import { TaskDefinition } from 'aws-cdk-lib/aws-ecs';
 import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs';
+import { LogGroup } from 'aws-cdk-lib/aws-logs';
 import { Construct } from 'constructs';
 import path from 'path';
 
@@ -47,12 +54,35 @@ export class CacheUpdaterApiConstruct extends Construct {
       handler: 'RootEndpointLambda',
     });
 
-    const restApi = new LambdaRestApi(this, 'cacheUpdaterRestApi', { handler: rootEndpointLambda, proxy: false });
+    const apiLogGroup = new LogGroup(this, 'cacheUpdaterLogGroup');
+
+    const restApi = new LambdaRestApi(this, 'cacheUpdaterRestApi', {
+      handler: rootEndpointLambda,
+      proxy: false,
+      apiKeySourceType: ApiKeySourceType.HEADER,
+      deployOptions: {
+        accessLogDestination: new LogGroupLogDestination(apiLogGroup),
+      },
+    });
 
     restApi.root
       .addResource('webhook', {
         defaultCorsPreflightOptions: { allowOrigins: Cors.ALL_ORIGINS },
       })
-      .addMethod('POST', new LambdaIntegration(cacheWebhookLambda));
+      .addMethod('POST', new LambdaIntegration(cacheWebhookLambda), { apiKeyRequired: true });
+
+    const usagePlan = restApi.addUsagePlan('cacheUpdaterUsagePlan', {
+      name: 'defaultPlan',
+      apiStages: [
+        {
+          api: restApi,
+          stage: restApi.deploymentStage,
+        },
+      ],
+    });
+
+    const apiKey = restApi.addApiKey('cacheUpdaterApiKey');
+
+    usagePlan.addApiKey(apiKey);
   }
 }