Merge pull request #420 from ubc-biztech/registrations-authorization

Require admin authorization on registrations getAll
ubc-biztech · Jan 20, 2025 · 8095063 · 8095063
2 parents fb5ba20 + 979eeb6
commit 8095063
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/services/registrations/handler.js b/services/registrations/handler.js
@@ -542,6 +542,14 @@ export const get = async (event, ctx, callback) => {
         );
       }
     } else if (queryString.eventID && queryString.year) {
+      const claims = event.requestContext.authorizer.claims;
+
+      if (!claims || !claims.email || !claims.email.endsWith("@ubcbiztech.com")) {
+        throw helpers.createResponse(403, {
+          message: "Unauthorized: Admin access required"
+        });
+      }
+
       // Query by eventID;year using GSI
       const eventIDYear = `${queryString.eventID};${queryString.year}`;
       const keyCondition = {

diff --git a/services/registrations/serverless.yml b/services/registrations/serverless.yml
@@ -88,6 +88,10 @@ functions:
                 email: false
                 afterTimestamp: false
           cors: true
+          authorizer:
+            name: ${self:service}-authorizer
+            type: COGNITO_USER_POOLS
+            arn: arn:aws:cognito-idp:us-west-2:432714361962:userpool/us-west-2_w0R176hhp
   registrationDelete:
     handler: handler.del
     events: