STR-182 by saito-sv · Pull Request #17 · String-xyz/string-api

saito-sv · 2022-10-27T21:58:59Z

SETUP PROJECT:
Make sure you have docker installed since we are now using docker-compose to run postgres and redis locally.
Make sure to have these env vars on your .env file

DB_NAME=string_db
DB_USERNAME=string_db
DB_PASSWORD=string_password
DB_HOST=localhost
DB_PORT=5432
REDIS_PASSWORD=eYVX7EwVmmxKPCDmwMtyKVge8oLd2t81
REDIS_HOST=localhost
REDIS_PORT=6379

RUN DB:
At the root level of the project run:

docker-compose -f docker-compose.yml up

this will create postgres and redis db.

UPDATE MIGRATION:
cd into migration and run down to 3 or 0

goose postgres "host=localhost  dbname=string_db user=string_db password=string_password sslmode=disable" down-to 3

and and now up

goose postgres "host=localhost  dbname=string_db user=string_db password=string_password sslmode=disable" up

RUN PROJECT:
Run the project by doing

air

(please make sure to do it on diff terminal window since the docker compose needs to be running as well).

TEST APIKEY ENDPOINT:
once you have both the db and project running, you can now test.

Create APIKey:
by sending a POST request using your favorite rest tool to: /apikey

this will return something like the below example; a APIKEY you can now use for things like Asking for a Quote

{
	"apiKey": "str.6a85bf4dae084076ab6c93306f576b25"
}

With your newly created APIKey you can now test

List all APIKeys:
by sending a GET request using your favorite rest tool to: /apikey with the following params:

{
       "limit": 100
}

this will return something like the below example; a List of all available keys you can now approve an ApiKey

[
	{
		"id": "923bc187-c9b9-4d6e-ac34-3a76964e43e1",
		"status": "active",
		"authType": "apiKey",
		"data": "63add83ecdf4fe57b484b66c13901a3f6cf16c902601ff0da27dbbce44117d4c",
		"createdAt": "2022-11-08T05:37:23.141986Z",
		"updatedAt": "2022-11-08T05:39:16.213357Z"
	}
]

Approve an APIKey:
by sending a POST request using your favorite rest tool to: /apikey/923bc187-c9b9-4d6e-ac34-3a76964e43e1/approve
this will return something like the below example:

Success

TEST INFRA:
Navigate to internal dev infra by running:

cd ./infra/internal/dev

Init (optional):

make init

Test the plan and confirm that the output has no errors by running

make plan

The plan should return something like the below example:

Terraform will perform the following actions:

  # aws_alb.alb will be created
  + resource "aws_alb" "alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + desync_mitigation_mode     = "defensive"
      + dns_name                   = (known after apply)
      + drop_invalid_header_fields = true
      + enable_deletion_protection = false
      + enable_http2               = true
      + enable_waf_fail_open       = false
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = true
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "admin-alb"
      + preserve_host_header       = false
      + security_groups            = (known after apply)
      + subnets                    = [
          + "subnet-04a2a617b5e873689",
          + "subnet-06066376dc3d688e4",
          + "subnet-0a26a5a8e92a9b1b7",
        ]
      + tags                       = {
          + "Name" = "admin-alb"
        }
      + tags_all                   = {
          + "Name" = "admin-alb"
        }
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id        = (known after apply)
          + ipv6_address         = (known after apply)
          + outpost_id           = (known after apply)
          + private_ipv4_address = (known after apply)
          + subnet_id            = (known after apply)
        }
    }

  # aws_alb_listener.alb_https_listener will be created
  + resource "aws_alb_listener" "alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
      + tags_all          = (known after apply)

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # aws_alb_listener_rule.ecs_alb_listener_rule will be created
  + resource "aws_alb_listener_rule" "ecs_alb_listener_rule" {
      + arn          = (known after apply)
      + id           = (known after apply)
      + listener_arn = (known after apply)
      + priority     = 100
      + tags_all     = (known after apply)

      + action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }

      + condition {
          + host_header {
              + values = [
                  + "admin.dev.string-api.xyz",
                ]
            }
        }
    }

  # aws_alb_target_group.ecs_task_target_group will be created
  + resource "aws_alb_target_group" "ecs_task_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = false
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancing_algorithm_type      = (known after apply)
      + name                               = "admin-tg"
      + port                               = 3000
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "Name" = "admin-tg"
        }
      + tags_all                           = {
          + "Name" = "admin-tg"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-0e47230b4ef57f08b"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 3
          + interval            = 60
          + matcher             = "200"
          + path                = "/heartbeat"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 30
          + unhealthy_threshold = 3
        }

      + stickiness {
          + cookie_duration = (known after apply)
          + cookie_name     = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)
        }
    }

  # aws_ecr_repository.repo will be created
  + resource "aws_ecr_repository" "repo" {
      + arn                  = (known after apply)
      + id                   = (known after apply)
      + image_tag_mutability = "MUTABLE"
      + name                 = "admin"
      + registry_id          = (known after apply)
      + repository_url       = (known after apply)
      + tags                 = {
          + "Environment" = "dev"
          + "Name"        = "admin"
        }
      + tags_all             = {
          + "Environment" = "dev"
          + "Name"        = "admin"
        }

      + image_scanning_configuration {
          + scan_on_push = true
        }
    }

  # aws_ecs_cluster.cluster will be created
  + resource "aws_ecs_cluster" "cluster" {
      + arn                = (known after apply)
      + capacity_providers = (known after apply)
      + id                 = (known after apply)
      + name               = "admin"
      + tags_all           = (known after apply)

      + default_capacity_provider_strategy {
          + base              = (known after apply)
          + capacity_provider = (known after apply)
          + weight            = (known after apply)
        }

      + setting {
          + name  = (known after apply)
          + value = (known after apply)
        }
    }

  # aws_ecs_service.ecs_service will be created
  + resource "aws_ecs_service" "ecs_service" {
      + cluster                            = "admin"
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "admin"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "Environment" = "dev"
          + "Name"        = "admin"
        }
      + tags_all                           = {
          + "Environment" = "dev"
          + "Name"        = "admin"
        }
      + task_definition                    = "admin"
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "admin"
          + container_port   = 3000
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = true
          + security_groups  = (known after apply)
          + subnets          = [
              + "subnet-04a2a617b5e873689",
              + "subnet-06066376dc3d688e4",
              + "subnet-0a26a5a8e92a9b1b7",
            ]
        }
    }

  # aws_ecs_task_definition.task_definition will be created
  + resource "aws_ecs_task_definition" "task_definition" {
      + arn                      = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "256"
      + execution_role_arn       = (known after apply)
      + family                   = "admin"
      + id                       = (known after apply)
      + memory                   = "512"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = (known after apply)
      + task_role_arn            = (known after apply)
    }

  # aws_iam_role.task_ecs_role will be created
  + resource "aws_iam_role" "task_ecs_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = [
                              + "ecs.amazonaws.com",
                              + "ecs-tasks.amazonaws.com",
                            ]
                        }
                      + Sid       = "AllowECSAndTaskAssumeRole"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "admin-task-ecs-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy.task_ecs_policy will be created
  + resource "aws_iam_role_policy" "task_ecs_policy" {
      + id     = (known after apply)
      + name   = "dev-admin-task-ecs-policy"
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ecs:*",
                          + "ecr:*",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "AllowReadToResourcesInListToTask"
                    },
                  + {
                      + Action   = "ssm:GetParameters"
                      + Effect   = "Allow"
                      + Resource = [
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/string-rds-pg-db-username",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/string-rds-pg-db-password",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/string-rds-pg-db-name",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/redis-host-url",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/redis-auth-token",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/dev-string-write-db-host-url",
                          + "arn:aws:ssm:us-west-2:526520784676:parameter/datadog-key",
                        ]
                      + Sid      = "AllowAccessToSSM"
                    },
                  + {
                      + Action   = "kms:Decrypt"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:kms:us-west-2:526520784676:key/8706e1ef-2386-4bef-a1f5-c387d4978f19"
                      + Sid      = "AllowDecrypt"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role   = (known after apply)
    }

  # aws_route53_record.domain will be created
  + resource "aws_route53_record" "domain" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "admin.dev.string-api.xyz"
      + type            = "A"
      + zone_id         = "Z038948915LQ3L02XU9OL"

      + alias {
          + evaluate_target_health = false
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_security_group.ecs_alb_https_sg will be created
  + resource "aws_security_group" "ecs_alb_https_sg" {
      + arn                    = (known after apply)
      + description            = "Security group for ALB to cluster"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "admin-alb-https-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "admin-alb-https-sg"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Name"        = "admin-alb-https-sg"
        }
      + vpc_id                 = "vpc-0e47230b4ef57f08b"
    }

  # aws_security_group.ecs_task_sg will be created
  + resource "aws_security_group" "ecs_task_sg" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = ""
              + from_port        = 3000
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 3000
            },
        ]
      + name                   = "admin-task-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name"        = "admin-task-sg"
          + "environment" = "dev"
        }
      + tags_all               = {
          + "Name"        = "admin-task-sg"
          + "environment" = "dev"
        }
      + vpc_id                 = "vpc-0e47230b4ef57f08b"
    }

  # aws_security_group_rule.rds_to_ecs will be created
  + resource "aws_security_group_rule" "rds_to_ecs" {
      + from_port                = 5432
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-0e8605f83295b9857"
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 5432
      + type                     = "ingress"
    }

  # aws_security_group_rule.redis_to_ecs will be created
  + resource "aws_security_group_rule" "redis_to_ecs" {
      + from_port                = 6379
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = "sg-091c4f44f2ecb1961"
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 6379
      + type                     = "ingress"
    }

  # module.alb_acm.aws_acm_certificate.acm will be created
  + resource "aws_acm_certificate" "acm" {
      + arn                       = (known after apply)
      + domain_name               = "admin.dev.string-api.xyz"
      + domain_validation_options = [
          + {
              + domain_name           = "admin.dev.string-api.xyz"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "admin.dev.string-api.xyz",
        ]
      + tags                      = {
          + "Name" = "admin-dev.string-api.xyz-alb"
        }
      + tags_all                  = {
          + "Name" = "admin-dev.string-api.xyz-alb"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # module.alb_acm.aws_acm_certificate_validation.validation will be created
  + resource "aws_acm_certificate_validation" "validation" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)
    }

  # module.alb_acm.aws_route53_record.validation_record["admin.dev.string-api.xyz"] will be created
  + resource "aws_route53_record" "validation_record" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z038948915LQ3L02XU9OL"
    }

Plan: 18 to add, 0 to change, 0 to destroy.

pkg/service/auth_key.go

saito-sv changed the base branch from main to develop October 27, 2022 21:59

saito-sv added 2 commits November 5, 2022 10:59

WIP

b9fc7e0

auth_key

5ddc9bf

saito-sv force-pushed the task/marlon/STR-182 branch from ccfaba9 to 5ddc9bf Compare November 8, 2022 02:20

saito-sv added 2 commits November 7, 2022 20:38

handler

c672589

tested all endpoints

b628326

saito-sv marked this pull request as ready for review November 8, 2022 05:40

saito-sv requested review from alcalawil, auroter and ocasta181 November 8, 2022 05:41

saito-sv commented Nov 8, 2022

View reviewed changes

pkg/service/auth_key.go Outdated Show resolved Hide resolved

saito-sv added 2 commits November 8, 2022 09:36

infra

f4189e1

updated stub and removed logs

32fee0d

ocasta181 approved these changes Nov 8, 2022

View reviewed changes

auroter approved these changes Nov 8, 2022

View reviewed changes

saito-sv merged commit a43d80d into develop Nov 8, 2022

saito-sv deleted the task/marlon/STR-182 branch November 8, 2022 20:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

STR-182#17

STR-182#17
saito-sv merged 6 commits intodevelopfrom
task/marlon/STR-182

saito-sv commented Oct 27, 2022 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

saito-sv commented Oct 27, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

saito-sv commented Oct 27, 2022 •

edited

Loading