Handle content type in lambda

Author: jusdino

backend/compact-connect/lambdas/python/common/cc_common/exceptions.py

@@ -20,6 +20,10 @@ class CCNotFoundException(CCInvalidRequestException):
     """Requested resource is not found, corresponds to a 404 response"""
 
 
+class CCUnsupportedMediaTypeException(CCInvalidRequestException):
+    """Unsupported media type, corresponds to a 415 response"""
+
+
 class CCRateLimitingException(CCInvalidRequestException):
     """Client is rate limited, corresponds to a 429 response"""
 

backend/compact-connect/lambdas/python/common/cc_common/utils.py

@@ -23,6 +23,7 @@
     CCNotFoundException,
     CCRateLimitingException,
     CCUnauthorizedException,
+    CCUnsupportedMediaTypeException,
 )
 
 
@@ -101,18 +102,25 @@ def caught_handler(event, context: LambdaContext):
         else:
             cors_origin = config.allowed_origins[0]
 
+        content_type = headers.get('Content-Type')
+
         # Propagate these keys to all log messages in this with block
         with logger.append_context_keys(
             method=event['httpMethod'],
             origin=origin,
             path=event['requestContext']['resourcePath'],
+            content_type=content_type,
             identity={'user': event['requestContext'].get('authorizer', {}).get('claims', {}).get('sub')},
             query_params=event['queryStringParameters'],
             username=event['requestContext'].get('authorizer', {}).get('claims', {}).get('cognito:username'),
         ):
             logger.info('Incoming request')
 
             try:
+                # We'll enforce json-only content for the whole API, right here.
+                if event.get('body') is not None and content_type != 'application/json':
+                    raise CCUnsupportedMediaTypeException(f'Unsupported media type: {content_type}')
+
                 return {
                     'headers': {'Access-Control-Allow-Origin': cors_origin, 'Vary': 'Origin'},
                     'statusCode': 200,
@@ -139,6 +147,13 @@ def caught_handler(event, context: LambdaContext):
                     'statusCode': 404,
                     'body': json.dumps({'message': f'{e.message}'}),
                 }
+            except CCUnsupportedMediaTypeException as e:
+                logger.info('Unsupported media type', exc_info=e)
+                return {
+                    'headers': {'Access-Control-Allow-Origin': cors_origin, 'Vary': 'Origin'},
+                    'statusCode': 415,
+                    'body': json.dumps({'message': 'Unsupported media type'}),
+                }
             except CCRateLimitingException as e:
                 logger.info('Rate limiting request', exc_info=e)
                 return {

backend/compact-connect/lambdas/python/common/tests/resources/api-event.json

@@ -7,6 +7,7 @@
         "Accept-Encoding": "gzip, deflate, br",
         "Authorization": "Bearer eyfoofoo",
         "Cache-Control": "no-cache",
+        "Content-Type": "application/json",
         "CloudFront-Forwarded-Proto": "https",
         "CloudFront-Is-Desktop-Viewer": "true",
         "CloudFront-Is-Mobile-Viewer": "false",

backend/compact-connect/lambdas/python/common/tests/unit/test_api_handler.py

@@ -144,3 +144,36 @@ def lambda_handler(event: dict, context: LambdaContext):  # noqa: ARG001 unused-
         resp = lambda_handler(event, self.mock_context)
         self.assertEqual(200, resp['statusCode'])
         self.assertEqual('https://example.org', resp['headers']['Access-Control-Allow-Origin'])
+
+    def test_unsupported_media_type(self):
+        from cc_common.utils import api_handler
+
+        @api_handler
+        def lambda_handler(event: dict, context: LambdaContext):  # noqa: ARG001 unused-argument
+            return {'message': 'OK'}
+
+        with open('tests/resources/api-event.json') as f:
+            event = json.load(f)
+
+        # We only accept json
+        event['headers']['Content-Type'] = 'text/plain'
+        event['body'] = 'not json'
+
+        resp = lambda_handler(event, self.mock_context)
+        self.assertEqual(415, resp['statusCode'])
+
+    def test_json_decode_error(self):
+        from cc_common.utils import api_handler
+
+        @api_handler
+        def lambda_handler(event: dict, context: LambdaContext):  # noqa: ARG001 unused-argument
+            return json.loads(event['body'])
+
+        with open('tests/resources/api-event.json') as f:
+            event = json.load(f)
+
+        event['headers']['Content-Type'] = 'application/json'
+        event['body'] = 'not json'
+
+        resp = lambda_handler(event, self.mock_context)
+        self.assertEqual(400, resp['statusCode'])

backend/compact-connect/lambdas/python/staff-users/tests/resources/api-event.json

@@ -7,6 +7,7 @@
         "Accept-Encoding": "gzip, deflate, br",
         "Authorization": "Bearer eyfoofoo",
         "Cache-Control": "no-cache",
+        "Content-Type": "application/json",
         "CloudFront-Forwarded-Proto": "https",
         "CloudFront-Is-Desktop-Viewer": "true",
         "CloudFront-Is-Mobile-Viewer": "false",

backend/compact-connect/stacks/api_stack/v1_api/provider_users.py

@@ -3,7 +3,7 @@
 import os
 
 from aws_cdk import Duration
-from aws_cdk.aws_apigateway import LambdaIntegration, MethodResponse, PassthroughBehavior, Resource
+from aws_cdk.aws_apigateway import LambdaIntegration, MethodResponse, Resource
 from aws_cdk.aws_cloudwatch import Alarm, ComparisonOperator, MathExpression, Metric, Stats, TreatMissingData
 from aws_cdk.aws_cloudwatch_actions import SnsAction
 from aws_cdk.aws_kms import IKey
@@ -350,7 +350,6 @@ def _add_provider_registration(
             integration=LambdaIntegration(
                 self.provider_registration_handler,
                 timeout=Duration.seconds(29),
-                passthrough_behavior=PassthroughBehavior.NEVER,
             ),
         )