Add lambda to create certificate provider

Makefile

@@ -17,7 +17,7 @@ down: ## Stop application
 	docker compose down
 
 test: ## Unit tests
-	go test ./lambda/get/... ./lambda/create/... ./lambda/update/... ./internal/shared/... -race -covermode=atomic -coverprofile=coverage.out
+	go test ./... -race -covermode=atomic -coverprofile=coverage.out
 
 test-api: URL ?= http://localhost:9000
 test-api:

docs/openapi/openapi.yaml

@@ -119,7 +119,33 @@ paths:
         httpMethod: "POST"
         type: "aws_proxy"
         contentHandling: "CONVERT_TO_TEXT"
-
+  /lpas/{uid}/certifcate-provider:
+    parameters:
+      - name: uid
+        in: path
+        required: true
+        description: The UID of the case
+        schema:
+          type: string
+          pattern: "M-([A-Z0-9]{4})-([A-Z0-9]{4})-([A-Z0-9]{4})"
+          example: M-789Q-P4DF-4UX3
+    put:
+      operationId: putCertificateProvider
+      summary: Store a certificate provider
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/CertificateProviderRequest"
+      responses:
+        "201":
+          description: Certificate provider created
+        "400":
+          description: Invalid request
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/BadRequestError"
   /health-check:
     get:
       operationId: healthCheck
@@ -202,6 +228,22 @@ components:
           properties:
             code:
               enum: ["NOT_FOUND"]
+    CertificateProviderRequest:
+      type: object
+      required:
+        - contactLanguagePreference
+        - signedAt
+      properties:
+        address:
+          $ref: "#/components/schemas/Address"
+        contactLanguagePreference:
+          enum:
+            - cy
+            - en
+        signedAt:
+          type: string
+          format: date-time
+      additionalProperties: false
     Lpa:
       allOf:
         - $ref: "#/components/schemas/InitialLpa"

internal/ddb/client.go

@@ -0,0 +1,69 @@
+package ddb
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/dynamodb"
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/aws/aws-xray-sdk-go/xray"
+	"github.com/ministryofjustice/opg-data-lpa-store/internal/shared"
+)
+
+type Client struct {
+	ddb       *dynamodb.DynamoDB
+	tableName string
+}
+
+func (c *Client) Put(ctx context.Context, data any) error {
+	item, err := dynamodbattribute.MarshalMap(data)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.ddb.PutItemWithContext(ctx, &dynamodb.PutItemInput{
+		TableName: aws.String(c.tableName),
+		Item:      item,
+	})
+
+	return err
+}
+
+func (c *Client) Get(ctx context.Context, uid string) (shared.Lpa, error) {
+	lpa := shared.Lpa{}
+
+	marshalledUid, err := dynamodbattribute.Marshal(uid)
+	if err != nil {
+		return lpa, err
+	}
+
+	getItemOutput, err := c.ddb.GetItemWithContext(ctx, &dynamodb.GetItemInput{
+		TableName: aws.String(c.tableName),
+		Key: map[string]*dynamodb.AttributeValue{
+			"uid": marshalledUid,
+		},
+	})
+
+	if err != nil {
+		return lpa, err
+	}
+
+	err = dynamodbattribute.UnmarshalMap(getItemOutput.Item, &lpa)
+
+	return lpa, err
+}
+
+func New(endpoint, tableName string) *Client {
+	sess := session.Must(session.NewSession())
+	sess.Config.Endpoint = &endpoint
+
+	c := &Client{
+		ddb:       dynamodb.New(sess),
+		tableName: tableName,
+	}
+
+	xray.AWS(c.ddb.Client)
+
+	return c
+}

internal/shared/ddb.go

@@ -1,71 +1 @@
 package shared
-
-import (
-	"context"
-	"os"
-
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/dynamodb"
-	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
-	"github.com/aws/aws-xray-sdk-go/xray"
-)
-
-type DynamoDBClient struct {
-	ddb       *dynamodb.DynamoDB
-	tableName string
-}
-
-func (c DynamoDBClient) Put(ctx context.Context, data Lpa) error {
-	item, err := dynamodbattribute.MarshalMap(data)
-	if err != nil {
-		return err
-	}
-
-	_, err = c.ddb.PutItemWithContext(ctx, &dynamodb.PutItemInput{
-		TableName: aws.String(c.tableName),
-		Item:      item,
-	})
-
-	return err
-}
-
-func (c DynamoDBClient) Get(ctx context.Context, uid string) (Lpa, error) {
-	lpa := Lpa{}
-
-	marshalledUid, err := dynamodbattribute.Marshal(uid)
-	if err != nil {
-		return lpa, err
-	}
-
-	getItemOutput, err := c.ddb.GetItemWithContext(ctx, &dynamodb.GetItemInput{
-		TableName: aws.String(c.tableName),
-		Key: map[string]*dynamodb.AttributeValue{
-			"uid": marshalledUid,
-		},
-	})
-
-	if err != nil {
-		return lpa, err
-	}
-
-	err = dynamodbattribute.UnmarshalMap(getItemOutput.Item, &lpa)
-
-	return lpa, err
-}
-
-func NewDynamoDB(tableName string) DynamoDBClient {
-	sess := session.Must(session.NewSession())
-
-	endpoint := os.Getenv("AWS_DYNAMODB_ENDPOINT")
-	sess.Config.Endpoint = &endpoint
-
-	c := DynamoDBClient{
-		ddb:       dynamodb.New(sess),
-		tableName: tableName,
-	}
-
-	xray.AWS(c.ddb.Client)
-
-	return c
-}

internal/shared/jwt.go

@@ -88,25 +88,6 @@ func NewJWTVerifier() JWTVerifier {
 	}
 }
 
-// tokenStr is the JWT token, minus any "Bearer: " prefix
-func (v JWTVerifier) VerifyToken(tokenStr string) error {
-	lsc := lpaStoreClaims{}
-
-	parsedToken, err := jwt.ParseWithClaims(tokenStr, &lsc, func(token *jwt.Token) (interface{}, error) {
-		return v.secretKey, nil
-	})
-
-	if err != nil {
-		return err
-	}
-
-	if !parsedToken.Valid {
-		return fmt.Errorf("Invalid JWT")
-	}
-
-	return nil
-}
-
 var bearerRegexp = regexp.MustCompile("^Bearer[ ]+")
 
 // verify JWT from event header
@@ -119,9 +100,28 @@ func (v JWTVerifier) VerifyHeader(event events.APIGatewayProxyRequest) bool {
 	}
 
 	tokenStr := bearerRegexp.ReplaceAllString(jwtHeaders[0], "")
-	if v.VerifyToken(tokenStr) != nil {
+	if v.verifyToken(tokenStr) != nil {
 		return false
 	}
 
 	return true
 }
+
+// tokenStr is the JWT token, minus any "Bearer: " prefix
+func (v JWTVerifier) verifyToken(tokenStr string) error {
+	lsc := lpaStoreClaims{}
+
+	parsedToken, err := jwt.ParseWithClaims(tokenStr, &lsc, func(token *jwt.Token) (interface{}, error) {
+		return v.secretKey, nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if !parsedToken.Valid {
+		return fmt.Errorf("Invalid JWT")
+	}
+
+	return nil
+}

internal/shared/jwt_test.go

@@ -26,7 +26,7 @@ func createToken(claims jwt.MapClaims) string {
 }
 
 func TestVerifyEmptyJwt(t *testing.T) {
-	err := verifier.VerifyToken("")
+	err := verifier.verifyToken("")
 	assert.NotNil(t, err)
 }
 
@@ -38,7 +38,7 @@ func TestVerifyExpInPast(t *testing.T) {
 		"sub": "M-3467-89QW-ERTY",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -54,7 +54,7 @@ func TestVerifyIatInFuture(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -70,7 +70,7 @@ func TestVerifyIssuer(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -86,7 +86,7 @@ func TestVerifyBadEmailForSiriusIssuer(t *testing.T) {
 		"sub": "",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -102,7 +102,7 @@ func TestVerifyBadUIDForMRLPAIssuer(t *testing.T) {
 		"sub": "",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 
 	assert.NotNil(t, err)
 	if err != nil {
@@ -118,7 +118,7 @@ func TestVerifyGoodJwt(t *testing.T) {
 		"sub": "[email protected]",
 	})
 
-	err := verifier.VerifyToken(token)
+	err := verifier.verifyToken(token)
 	assert.Nil(t, err)
 }
 
@@ -134,7 +134,7 @@ func TestNewJWTVerifier(t *testing.T) {
 	newVerifier := NewJWTVerifier()
 	os.Unsetenv("JWT_SECRET_KEY")
 
-	err := newVerifier.VerifyToken(token)
+	err := newVerifier.verifyToken(token)
 	assert.Nil(t, err)
 }
 

internal/shared/lang.go

@@ -0,0 +1,12 @@
+package shared
+
+type Lang string
+
+var (
+	LangCy = Lang("cy")
+	LangEn = Lang("en")
+)
+
+func (l Lang) IsValid() bool {
+	return l == LangCy || l == LangEn
+}