Completed code examples

Author: lmammino

.gitignore

@@ -64,3 +64,6 @@ typings/
 
 # cloudformation/SAM
 packaged.yaml
+
+# env variables
+.env

lessons/06-purchase-ticket-api/README.md

@@ -2,7 +2,7 @@
 
 | Previous lesson  | Next lesson      |
 | :--------------- | ---------------: |
-| [◀︎ 05 — Integrating API with DynamoDB](../05-api-with-dynamodb)| [07 — ... ▶︎](../) |
+| [◀︎ 05 — Integrating API with DynamoDB](../05-api-with-dynamodb)| [07 — SNS and SQS ▶︎](../07-sns-and-sqs) |
 
 
 ## Lesson 06 — Purchase ticket API
@@ -107,7 +107,7 @@ The API we want to implement needs to process the input, verify that it's a vali
 
   - If the request body is not a valid JSON it should a `400 Bad Request` with body `{"error": "Invalid content, expected valid JSON"}`
 
-  - If one or more fields are missing or are not valid the APi should respond with a `400 Bad Request` with a JSON body containing a list of all the errors as per the following example:
+  - If one or more fields are missing or are not valid the API should respond with a `400 Bad Request` with a JSON body containing a list of all the errors as per the following example:
 
   ```json
   {
@@ -295,4 +295,4 @@ If you see a green success message saying that the payment was processed correct
 
 | Previous lesson  | Next lesson      |
 | :--------------- | ---------------: |
-| [◀︎ 05 — Integrating API with DynamoDB](../05-api-with-dynamodb)| [07 — ... ▶︎](../) |
+| [◀︎ 05 — Integrating API with DynamoDB](../05-api-with-dynamodb)|  [07 — SNS and SQS ▶︎](../07-sns-and-sqs) |

lessons/07-sns-and-sqs/README.md

@@ -0,0 +1 @@
+TODO

lessons/08-worker-lambda/README.md

@@ -0,0 +1 @@
+TODO

lessons/extra/README.md

@@ -18,6 +18,8 @@ I hope you had fun along the way and that's just the beginning of your Serverles
   - Manage tickets availability and make a customer can't purchase tickets for sold-out events (this might require changes also in the frontend)
   - If you want to get very fancy you can also create a system that locks a ticket for a given amount of time while the user is filling the form for the purchase.
   - Integrate a real payment system like [Stripe](https://stripe.com/ie) or [Braintree](https://www.braintreepayments.com) in the purchase API and process the payments against them (of course in test mode 😇)
+  - The worker scheduling is currently based on a schedule rule that allows us to process only one message per minute. This is not very scalable. Can you think of any solution that will allows us to make it more scalable?
+  - Also there are many other architectures and AWS services that can allow you to have a queue of messages to process. You might want to have a look at [DynamoDB streams](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html) and [Kinesis](https://aws.amazon.com/kinesis/).
 
 
 ## Resources for learning

resources/lambda/sns-sqs/deploy.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+export DEPLOYMENT_BUCKET=ticketless-lambda-deployment-abcdefg
+export STACK_NAME=ticketless
+sam package --template-file template.yaml --s3-bucket $DEPLOYMENT_BUCKET --output-template-file packaged.yaml
+sam deploy --region eu-west-1 --template-file packaged.yaml --stack-name $STACK_NAME --capabilities CAPABILITY_IAM

resources/lambda/sns-sqs/src/index.js

@@ -0,0 +1,274 @@
+const AWS = require('aws-sdk')
+const validator = require('validator')
+const uuidv4 = require('uuid/v4')
+
+const docClient = new AWS.DynamoDB.DocumentClient()
+const sns = new AWS.SNS()
+
+exports.listGigs = (event, context, callback) => {
+  const queryParams = {
+    TableName: 'gig'
+  }
+
+  docClient.scan(queryParams, (err, data) => {
+    if (err) {
+      console.error(err)
+
+      return callback(null, {
+        statusCode: 500,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({error: 'Internal Server Error'})
+      })
+    }
+
+    const response = {
+      statusCode: 200,
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*'
+      },
+      body: JSON.stringify({gigs: data.Items})
+    }
+
+    return callback(null, response)
+  })
+}
+
+exports.gig = (event, context, callback) => {
+  const gigSlug = event.pathParameters.slug
+
+  const queryParams = {
+    Key: {
+      slug: gigSlug
+    },
+    TableName: 'gig'
+  }
+
+  docClient.get(queryParams, (err, data) => {
+    if (err) {
+      console.error(err)
+      return callback(null, {
+        statusCode: 500,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({error: 'Internal Server Error'})
+      })
+    }
+
+    // item not found, return 404
+    if (!data.Item) {
+      return callback(null, {
+        statusCode: 404,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({error: 'Gig not found'})
+      })
+    }
+
+    const response = {
+      statusCode: 200,
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*'
+      },
+      body: JSON.stringify(data.Item)
+    }
+
+    return callback(null, response)
+  })
+}
+
+exports.purchaseTicket = (event, context, callback) => {
+  // receives a JSON in the event.body containing:
+  //   - gig: needs to be an existing gig
+  //   - name: non empty string
+  //   - email: valid email
+  //   - cardNumber: valid credit card number
+  //   - cardExpiryMonth: required (int between 1 and 12)
+  //   - cardExpiryYear: required (int between 2018 and 2024) (month and year in the future)
+  //   - cardCVC: required (valid cvc)
+  //   - disclaimerAccepted: required (true)
+  //
+  //   Must return a validation error (400 Bad request) with the following object:
+  //   {error: "Invalid request", errors: [{field: "fieldName", message: "error message"}]}
+  //
+  //   or, in case of success a 202 (Accepted) with body { success: true }
+
+  let data
+
+  // parses the input
+  try {
+    data = JSON.parse(event.body)
+  } catch (err) {
+    return callback(null, {
+      statusCode: 400,
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*'
+      },
+      body: JSON.stringify({error: 'Invalid content, expected valid JSON'})
+    })
+  }
+
+  // validates every field
+  const errors = []
+
+  // gig: needs to be an existing gig
+  if (!data.gig) {
+    errors.push({field: 'gig', message: 'field is mandatory'})
+    // validating if the gig exists in DynamoDB is left as an exercise
+  }
+
+  // name: non empty string
+  if (!data.name) {
+    errors.push({field: 'name', message: 'field is mandatory'})
+  }
+
+  // email: valid email
+  if (!data.email) {
+    errors.push({field: 'email', message: 'field is mandatory'})
+  } else if (!validator.isEmail(data.email)) {
+    errors.push({field: 'email', message: 'field is not a valid email'})
+  }
+
+  // cardNumber: valid credit card number
+  if (!data.cardNumber) {
+    errors.push({field: 'cardNumber', message: 'field is mandatory'})
+  } else if (!validator.isCreditCard(data.cardNumber)) {
+    errors.push({field: 'cardNumber', message: 'field is not a valid credit card number'})
+  }
+
+  // cardExpiryMonth: required (int between 1 and 12)
+  if (!data.cardExpiryMonth) {
+    errors.push({field: 'cardExpiryMonth', message: 'field is mandatory'})
+  } else if (!validator.isInt(String(data.cardExpiryMonth), {min: 1, max: 12})) {
+    errors.push({field: 'cardExpiryMonth', message: 'field must be an integer in range [1,12]'})
+  }
+
+  // cardExpiryYear: required (month and year in the future)
+  if (!data.cardExpiryYear) {
+    errors.push({field: 'cardExpiryYear', message: 'field is mandatory'})
+  } else if (!validator.isInt(String(data.cardExpiryYear), {min: 2018, max: 2024})) {
+    errors.push({field: 'cardExpiryYear', message: 'field must be an integer in range [2018,2024]'})
+  }
+
+  // validating that expiry is in the future is left as exercise
+  // (consider using a library like moment.js)
+
+  // cardCVC: required (valid cvc)
+  if (!data.cardCVC) {
+    errors.push({field: 'cardCVC', message: 'field is mandatory'})
+  } else if (!String(data.cardCVC).match(/^[0-9]{3,4}$/)) {
+    errors.push({field: 'cardCVC', message: 'field must be a valid CVC'})
+  }
+
+  // disclaimerAccepted: required (true)
+  if (data.disclaimerAccepted !== true) {
+    errors.push({field: 'disclaimerAccepted', message: 'field must be true'})
+  }
+
+  // if there are errors, return a 400 with the list of errors
+
+  if (errors.length) {
+    return callback(null, {
+      statusCode: 400,
+      headers: {
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*'
+      },
+      body: JSON.stringify({error: 'Invalid Request', errors})
+    })
+  }
+
+  // fetch gig from DynamoDB
+  const queryParams = {
+    Key: {
+      slug: data.gig
+    },
+    TableName: 'gig'
+  }
+
+  docClient.get(queryParams, (err, dynamoData) => {
+    if (err) {
+      console.error(err)
+      return callback(null, {
+        statusCode: 500,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({error: 'Internal Server Error'})
+      })
+    }
+
+    // item not found, return 404
+    if (!dynamoData.Item) {
+      return callback(null, {
+        statusCode: 400,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({error: 'Invalid gig'})
+      })
+    }
+
+    const gig = dynamoData.Item
+    // creates a ticket object
+    const ticket = {
+      id: uuidv4(),
+      createdAt: Date.now(),
+      name: data.name,
+      email: data.email,
+      gig: data.gig
+    }
+
+    // fires an sns message with gig and ticket
+    sns.publish({
+      TopicArn: process.env.SNS_TOPIC_ARN,
+      Message: JSON.stringify({ticket, gig})
+    }, (err, data) => {
+      if (err) {
+        console.error(err)
+        return callback(null, {
+          statusCode: 500,
+          headers: {
+            'Content-Type': 'application/json',
+            'Access-Control-Allow-Origin': '*'
+          },
+          body: JSON.stringify({error: 'Internal Server Error'})
+        })
+      }
+
+      // if everything went well return a 202 (accepted)
+      return callback(null, {
+        statusCode: 202,
+        headers: {
+          'Content-Type': 'application/json',
+          'Access-Control-Allow-Origin': '*'
+        },
+        body: JSON.stringify({success: true})
+      })
+    })
+  })
+}
+
+exports.cors = (event, context, callback) => {
+  callback(null, {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': '*',
+      'Access-Control-Allow-Headers': 'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'
+    },
+    body: ''
+  })
+}

resources/lambda/sns-sqs/src/package-lock.json

@@ -0,0 +1,16 @@
+{
+  "name": "src",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "uuid": "^3.1.0",
+    "validator": "^9.1.1"
+  }
+}