This project includes a sample application that uses Amazon DynamoDB to perform CRUD operations with authentication/ authorization via Auth0
The struct being used for this project is an Artist with the following properties:
type Artist struct {
ArtistID string
Name string
Songs []string
Subcategory string
Domestic bool
}
The Artist struct is used to perform the following CRUD operations:
- createArtist:
- Endpoint: /artists
- Request: POST request
- Input: Client passes in the new object's properties via JSON body
- Output: A new object is created in the database
- getArtist:
- Endpoint: /artists/{artistName}
- Request: GET request
- Input: Client passes in the name object to be retreived via endpoint field
- Output: All the fields of the object are outputted to the console
- getAllArtists:
- Endpoint: /artists
- Request: GET request
- Input: None
- Output: All the objects are outputted to the console
- deleteArtist:
- Endpoint: /artists/{artistName}
- Request: GET request
- Input: Client passes in the name of the object to be deleted via endpoint field
- Output: Object is deleted from the database
- editArtist:
- Endpoint: /artists/{artistName}
- Request: PUT request
- Input: Client passes in the new object's properties via JSON body and the name of the object to be editted via JSON body
- Output: All the fields of the object are outputted to the console and the values of the object are editted in the database
Serverless framework helps you develop and deploy your AWS Lambda functions using AWS CloudFormation templates through Infrastructure as Code. The serverless.yaml file is responsible for setting up endpoint routes via Amazon API Gateway, saving persisted data via Amazon DynamoDB tables, and storing secrets via AWS Parameter Store.
Auth0 is a flexible, drop-in solution to add authentication and authorization into applications. The process starts with a resource owner clicking on a button that redirects them to an authorization server. After the resource owner logs in and allows the authorization server to access its information, the owner is redirected to a callback URL with an authorization code. This resource owner then exchanges the authorization code for an access token, which is validated with a resource server to ensure the token is valid. If this condition is met, the resource owner is able to access the resource.
Amazon Simple Email Service is a cloud-based email sending service designed to send notification emails. Anytime the Artists table is updated, an email will be sent to the client (in this case jaskiratvig@gmail.com). The recipient of these emails will be defined as an AWS Parameter Store secret in serverless.yml. For this service to work, please ensure that the email that sends/receives emails is verified in the AWS console.
DynamoDB is a key-value/document No-SQL database that provides single-digit millisecond performance at any scale. Two tables are defined in serverless.yml:
- Artists: Contains the primary key of "ArtistID" and stores an artist's name, a list of songs, the subcategory of their music, and whether the artist is domestic to the United States
- SessionData: Contains the primary key of "ClientID" and stores the session state and information about the logged-in user
AWS System Manager Parameter Store provides secure, hierarchical storage for configuration data/secrets management. The values for Domain, ClientID and ClientSecret can be found in the Auth0 Client settings. The values for RedirectURL and LoggedInURL are the endpoints retrieved after sls deploy is called. The following environment variables are defined under serverless.yml:
- Domain: The subdomain of Auth0 used to authenticate the user
- ClientID: Identifies our application
- ClientSecret: Secret key used in the token exchange step
- RedirectURL: The URL Auth0 redirects the user to after they have authenticated
- LoggedInURL: The URL that represents the loggedIn state of the application
- Recipient: The email address used to send all email alerts when the Artists database is updated
The following dependancies are required to run the project:
- Create an Auth0 account and update the Domain, ClientID, and ClientSecret parameters in serverless.yml: https://auth0.com/signup
- AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
- Serverless via
npm install -g serverless - Relevant github.com/aws/ packages via
go get {PACKAGE_NAME}
To run this project, first install all the dependancies and make sure that the AWS credentials (Access Key, Secret Access Key) have been setup via aws configure as createDynamoDBClient() uses these credentials to connect to the database. Also make sure serverless is installed and then run
make && sls deploy
make executes the MakeFile which converts the handlers into binaries.
sls deploy uses the serverless.yaml file to deploy the infrastructure to AWS CloudFormation and should return some endpoints.
Please be sure to set the correct parameters in the serverless.yml file and update the callback URL in the Auth0 Client settings before proceeding.
To send a request to an endpoint, run
curl -d '{"Field": "Value"}' -X CRUD_OPERATION https://URL/ENDPOINT
To run the Auth0 portion of this project, navigate to https://URL/home, click on "login" where the user will be redirected to the login endpoint. The user will be required to authenticate using either an Auth0 account or a federated identity provider (Google/Facebook). Then the user will be redirected to the loggedIn endpoint where their name will be displayed on the page.