Merged sig-details-api

Author: eeen17

.devcontainer/devcontainer.json

@@ -1,41 +1,39 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the
 // README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu
 {
-	"name": "Ubuntu",
-	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-	"image": "mcr.microsoft.com/devcontainers/base:jammy",
-	"features": {
-		"ghcr.io/devcontainers/features/node:1": {},
+  "name": "Ubuntu",
+  // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
+  "image": "mcr.microsoft.com/devcontainers/base:jammy",
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {},
     "ghcr.io/devcontainers/features/aws-cli:1": {},
-		"ghcr.io/jungaretti/features/make:1": {},
-	  "ghcr.io/customink/codespaces-features/sam-cli:1": {},
-	  "ghcr.io/devcontainers/features/python:1": {}
-	},
+    "ghcr.io/jungaretti/features/make:1": {},
+    "ghcr.io/customink/codespaces-features/sam-cli:1": {},
+    "ghcr.io/devcontainers/features/python:1": {},
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
+  },
 
-	// Features to add to the dev container. More info: https://containers.dev/features.
-	// "features": {},
+  // Features to add to the dev container. More info: https://containers.dev/features.
+  // "features": {},
 
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	"forwardPorts": [
-		8080,
-		5173
-	],
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"EditorConfig.EditorConfig",
-				"waderyan.gitblame",
-				"Gruntfuggly.todo-tree"
-			]
-		}
-	}
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  "forwardPorts": [8080, 5173],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "EditorConfig.EditorConfig",
+        "waderyan.gitblame",
+        "Gruntfuggly.todo-tree"
+      ]
+    }
+  }
 
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "uname -a",
+  // Use 'postCreateCommand' to run commands after the container is created.
+  // "postCreateCommand": "uname -a",
 
-	// Configure tool-specific properties.
-	// "customizations": {},
+  // Configure tool-specific properties.
+  // "customizations": {},
 
-	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-	// "remoteUser": "root"
+  // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
+  // "remoteUser": "root"
 }

.github/workflows/deploy-dev.yml

@@ -81,7 +81,7 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::427040638965:role/GitHubActionsRole
-          role-session-name: Core_Dev_Deployment
+          role-session-name: Core_Dev_Deployment_${{ github.run_id }}
           aws-region: us-east-1
 
       - name: Publish to AWS

.github/workflows/deploy-prod.yml

@@ -42,6 +42,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 22.x
+
       - uses: actions/checkout@v4
         env:
           HUSKY: "0"
@@ -55,7 +56,7 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::427040638965:role/GitHubActionsRole
-          role-session-name: Core_Dev_Prod_Deployment
+          role-session-name: Core_Dev_Prod_Deployment_${{ github.run_id }}
           aws-region: us-east-1
       - name: Publish to AWS
         run: make deploy_dev
@@ -90,6 +91,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 22.x
+
       - uses: actions/checkout@v4
         env:
           HUSKY: "0"
@@ -103,7 +105,7 @@ jobs:
       - uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::298118738376:role/GitHubActionsRole
-          role-session-name: Core_Dev_Prod_Deployment
+          role-session-name: Core_Dev_Prod_Deployment_${{ github.run_id }}
           aws-region: us-east-1
       - name: Publish to AWS
         run: make deploy_prod

.gitignore

@@ -142,3 +142,4 @@ __pycache__
 /blob-report/
 /playwright/.cache/
 dist_devel/
+!src/ui/pages/logs

Makefile

@@ -58,7 +58,9 @@ build: src/ cloudformation/ docs/
 	VITE_BUILD_HASH=$(GIT_HASH) yarn build
 	cp -r src/api/resources/ dist/api/resources
 	rm -rf dist/lambda/sqs
-	sam build --template-file cloudformation/main.yml
+	sam build --template-file cloudformation/main.yml --use-container
+	mkdir -p .aws-sam/build/AppApiLambdaFunction/node_modules/aws-crt/
+	cp -r node_modules/aws-crt/dist .aws-sam/build/AppApiLambdaFunction/node_modules/aws-crt
 
 local:
 	VITE_BUILD_HASH=$(GIT_HASH) yarn run dev
@@ -80,7 +82,7 @@ deploy_dev: check_account_dev build
 invalidate_cloudfront:
 	@echo "Creating CloudFront invalidation..."
 	$(eval DISTRIBUTION_ID := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontDistributionId'].OutputValue" --output text))
-	$(eval DISTRIBUTION_ID_2 := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontSecondaryDistributionId'].OutputValue" --output text))
+	$(eval DISTRIBUTION_ID_2 := $(shell aws cloudformation describe-stacks --stack-name $(application_key) --query "Stacks[0].Outputs[?OutputKey=='CloudfrontIcalDistributionId'].OutputValue" --output text))
 	$(eval INVALIDATION_ID := $(shell aws cloudfront create-invalidation --distribution-id $(DISTRIBUTION_ID) --paths "/*" --query 'Invalidation.Id' --output text --no-cli-page))
 	$(eval INVALIDATION_ID_2 := $(shell aws cloudfront create-invalidation --distribution-id $(DISTRIBUTION_ID_2) --paths "/*" --query 'Invalidation.Id' --output text --no-cli-page))
 	@echo "Waiting on job $(INVALIDATION_ID)..."

README.md

@@ -7,4 +7,4 @@ This repository is split into multiple parts:
 ## Getting Started
 You will need node>=22 installed, as well as the AWS CLI and the AWS SAM CLI. The best way to work with all of this is to open the environment in a container within your IDE (VS Code should prompt you to do so: use "Clone in Container" for best performance). This container will have all needed software installed.
 
-Then, run `make install` to install all packages, and `make local` to start the UI and API servers! The UI will be accessible on `http://localhost:5173/` and the API on `http://localhost:8080/`.
+Then, run `make install` to install all packages, and `make local` to start the UI and API servers! The UI will be accessible on `http://localhost:5173/` and the API on `http://localhost:8080/`.

cloudformation/iam.yml

@@ -15,6 +15,8 @@ Parameters:
     Type: String
   SqsQueueArn:
     Type: String
+  LinkryKvArn:
+    Type: String
 
 Conditions:
   IsDev: !Equals [!Ref RunEnvironment, "dev"]
@@ -74,12 +76,15 @@ Resources:
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-membership-external
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-room-requests
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-room-requests-status
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-linkry
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-keys
               # Index accesses
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links/index/*
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events/index/*
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-merchstore-purchase-history/index/*
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-room-requests/index/*
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-room-requests-status/index/*
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-linkry/index/*
 
           - Sid: DynamoDBCacheAccess
             Effect: Allow
@@ -102,6 +107,16 @@ Resources:
             Resource:
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-rate-limiter
 
+          - Sid: DynamoDBAuditLogTableAccess
+            Effect: Allow
+            Action:
+              - dynamodb:DescribeTable
+              - dynamodb:PutItem
+              - dynamodb:Query
+            Resource:
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-audit-log
+              - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-audit-log/index/*
+
           - Sid: DynamoDBStreamAccess
             Effect: Allow
             Action:
@@ -112,6 +127,12 @@ Resources:
             Resource:
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-stripe-links/stream/*
               - Fn::Sub: arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/infra-core-api-events/stream/*
+          - Sid: CloudfrontKvStreamAccess
+            Effect: Allow
+            Action:
+              - cloudfront-keyvaluestore:*
+            Resource:
+              - !Ref LinkryKvArn
 
   # API Lambda IAM Role
   ApiLambdaIAMRole:
@@ -176,6 +197,7 @@ Resources:
                 Effect: Allow
                 Resource:
                   - Fn::Sub: arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:infra-core-api-entra*
+                  - Fn::Sub: arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:infra-core-api-ro-entra*
 
   # SQS Lambda IAM Role
   SqsLambdaIAMRole:

cloudformation/logs.yml

@@ -21,3 +21,26 @@ Resources:
       LogGroupName:
         Fn::Sub: /aws/lambda/${LambdaFunctionName}-edge
       RetentionInDays: 7
+  AppAuditLog:
+    Type: "AWS::DynamoDB::Table"
+    DeletionPolicy: "Retain"
+    UpdateReplacePolicy: "Retain"
+    Properties:
+      BillingMode: "PAY_PER_REQUEST"
+      TableName: infra-core-api-audit-log
+      DeletionProtectionEnabled: true
+      PointInTimeRecoverySpecification:
+        PointInTimeRecoveryEnabled: true
+      AttributeDefinitions:
+        - AttributeName: module
+          AttributeType: S
+        - AttributeName: createdAt
+          AttributeType: N
+      KeySchema:
+        - AttributeName: module
+          KeyType: HASH
+        - AttributeName: createdAt
+          KeyType: RANGE
+      TimeToLiveSpecification:
+        AttributeName: expiresAt
+        Enabled: true