Add DynamoDB APL to Segment app

apps/segment/README.md

@@ -62,3 +62,50 @@ To start the migration run command:
 ```bash
 pnpm migrate
 ```
+
+### Setting up DynamoDB
+
+Segment app uses DynamoDB as it's internal database.
+
+In order to work properly you need to either set-up local DynamoDB instance or connect to a real DynamoDB on AWS account.
+
+#### Local DynamoDB
+
+To use a local DynamoDB instance you can use Docker Compose:
+
+```bash
+docker compose up
+```
+
+After that a local DynamoDB instance will be spun-up at `http://localhost:8000`.
+
+To set up tables needed for the app run following command for each table used in app:
+
+```shell
+./scripts/setup-dynamodb.sh
+```
+
+After setting up database, you must configure following variables:
+
+```bash
+DYNAMODB_MAIN_TABLE_NAME=segment-main-table
+AWS_REGION=localhost
+AWS_ENDPOINT_URL=http://localhost:8000
+AWS_ACCESS_KEY_ID=fake_id
+AWS_SECRET_ACCESS_KEY=fake_key
+```
+
+Local instance doesn't require providing any authentication details.
+
+To see data stored by the app you can use [NoSQL Workbench](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/workbench.html) app provided by AWS. After installing the app go to Operation builder > Add connection > DynamoDB local and use the default values.
+
+#### Production DynamoDB
+
+To configure DynamoDB for production usage, provide credentials in a default AWS SDK format (see [AWS Docs](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-environment.html))
+
+```bash
+DYNAMODB_MAIN_TABLE_NAME=segment-main-table
+AWS_REGION=us-east-1 # Region when DynamoDB was deployed
+AWS_ACCESS_KEY_ID=AK...
+AWS_SECRET_ACCESS_KEY=...
+```

apps/segment/docker-compose.yml

@@ -0,0 +1,12 @@
+services:
+  dynamodb:
+    command: "-jar DynamoDBLocal.jar -sharedDb -dbPath ./data"
+    image: "amazon/dynamodb-local:latest"
+    ports:
+      - "8000:8000"
+    volumes:
+      - "./docker/dynamodb:/home/dynamodblocal/data"
+    working_dir: /home/dynamodblocal
+volumes:
+  dynamodb:
+    driver: local

apps/segment/package.json

@@ -16,6 +16,10 @@
     "test": "vitest"
   },
   "dependencies": {
+    "@aws-sdk/client-dynamodb": "3.651.1",
+    "@aws-sdk/lib-dynamodb": "3.651.1",
+    "@aws-sdk/util-dynamodb": "3.651.1",
+    "dynamodb-toolbox": "1.8.2",
     "@hookform/resolvers": "^3.3.1",
     "@opentelemetry/api": "../../node_modules/@opentelemetry/api",
     "@opentelemetry/api-logs": "../../node_modules/@opentelemetry/api-logs",

apps/segment/scripts/setup-dynamodb.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+if ! aws dynamodb describe-table --table-name segment-main-table --endpoint-url http://localhost:8000 --region localhost >/dev/null 2>&1; then
+	aws dynamodb create-table --table-name segment-main-table \
+		--attribute-definitions AttributeName=PK,AttributeType=S AttributeName=SK,AttributeType=S \
+		--key-schema AttributeName=PK,KeyType=HASH AttributeName=SK,KeyType=RANGE \
+		--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 \
+		--endpoint-url http://localhost:8000 \
+		--region localhost
+else
+	echo "Table segment-main-table already exists - creation is skipped"
+fi

apps/segment/src/env.ts

@@ -14,7 +14,7 @@ export const env = createEnv({
   },
   server: {
     ALLOWED_DOMAIN_PATTERN: z.string().optional(),
-    APL: z.enum(["saleor-cloud", "file"]).optional().default("file"),
+    APL: z.enum(["saleor-cloud", "file", "dynamodb"]).optional().default("file"),
     APP_API_BASE_URL: z.string().optional(),
     APP_IFRAME_BASE_URL: z.string().optional(),
     APP_LOG_LEVEL: z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info"),
@@ -27,6 +27,10 @@ export const env = createEnv({
     PORT: z.coerce.number().optional().default(3000),
     SECRET_KEY: z.string(),
     VERCEL_URL: z.string().optional(),
+    DYNAMODB_MAIN_TABLE_NAME: z.string().optional(),
+    AWS_REGION: z.string().optional(),
+    AWS_ACCESS_KEY_ID: z.string().optional(),
+    AWS_SECRET_ACCESS_KEY: z.string().optional(),
   },
   shared: {
     NODE_ENV: z.enum(["development", "production", "test"]).optional().default("development"),
@@ -51,6 +55,10 @@ export const env = createEnv({
     REST_APL_TOKEN: process.env.REST_APL_TOKEN,
     SECRET_KEY: process.env.SECRET_KEY,
     VERCEL_URL: process.env.VERCEL_URL,
+    DYNAMODB_MAIN_TABLE_NAME: process.env.DYNAMODB_MAIN_TABLE_NAME,
+    AWS_REGION: process.env.AWS_REGION,
+    AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
+    AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
   },
   isServer: typeof window === "undefined" || process.env.NODE_ENV === "test",
 });

apps/segment/src/lib/dynamodb-apl.ts

@@ -0,0 +1,107 @@
+import { APL, AplConfiguredResult, AplReadyResult, AuthData } from "@saleor/app-sdk/APL";
+
+import { BaseError } from "@/errors";
+import { SegmentAPLRepository } from "@/modules/db/segment-apl-repository";
+import { SegmentAPLEntityType } from "@/modules/db/segment-main-table";
+
+export class DynamoAPL implements APL {
+  private segmentAPLRepository: SegmentAPLRepository;
+
+  static SetAuthDataError = BaseError.subclass("SetAuthDataError");
+  static DeleteAuthDataError = BaseError.subclass("DeleteAuthDataError");
+  static MissingEnvVariablesError = BaseError.subclass("MissingEnvVariablesError");
+
+  constructor({ segmentAPLEntity }: { segmentAPLEntity: SegmentAPLEntityType }) {
+    this.segmentAPLRepository = new SegmentAPLRepository({ segmentAPLEntity });
+  }
+
+  async get(saleorApiUrl: string): Promise<AuthData | undefined> {
+    const getEntryResult = await this.segmentAPLRepository.getEntry({
+      saleorApiUrl,
+    });
+
+    if (getEntryResult.isErr()) {
+      // TODO: should we throw here?
+      return undefined;
+    }
+
+    return getEntryResult.value;
+  }
+
+  async set(authData: AuthData): Promise<void> {
+    const setEntryResult = await this.segmentAPLRepository.setEntry({
+      authData,
+    });
+
+    if (setEntryResult.isErr()) {
+      throw new DynamoAPL.SetAuthDataError("Failed to set APL entry", {
+        cause: setEntryResult.error,
+      });
+    }
+
+    return undefined;
+  }
+
+  async delete(saleorApiUrl: string): Promise<void> {
+    const deleteEntryResult = await this.segmentAPLRepository.deleteEntry({
+      saleorApiUrl,
+    });
+
+    if (deleteEntryResult.isErr()) {
+      throw new DynamoAPL.DeleteAuthDataError("Failed to delete APL entry", {
+        cause: deleteEntryResult.error,
+      });
+    }
+
+    return undefined;
+  }
+
+  async getAll(): Promise<AuthData[]> {
+    const getAllEntriesResult = await this.segmentAPLRepository.getAllEntries();
+
+    if (getAllEntriesResult.isErr()) {
+      // TODO: should we throw here?
+      return [];
+    }
+
+    return getAllEntriesResult.value;
+  }
+
+  async isReady(): Promise<AplReadyResult> {
+    const ready = this.envVariablesRequriedByDynamoDBExist();
+
+    return ready
+      ? {
+          ready: true,
+        }
+      : {
+          ready: false,
+          error: new DynamoAPL.MissingEnvVariablesError("Missing DynamoDB env variables"),
+        };
+  }
+
+  async isConfigured(): Promise<AplConfiguredResult> {
+    const configured = this.envVariablesRequriedByDynamoDBExist();
+
+    return configured
+      ? {
+          configured: true,
+        }
+      : {
+          configured: false,
+          error: new DynamoAPL.MissingEnvVariablesError("Missing DynamoDB env variables"),
+        };
+  }
+
+  private envVariablesRequriedByDynamoDBExist() {
+    const variables = [
+      "DYNAMODB_MAIN_TABLE_NAME",
+      "AWS_REGION",
+      "AWS_ACCESS_KEY_ID",
+      "AWS_SECRET_ACCESS_KEY",
+    ];
+
+    // eslint-disable-next-line node/no-process-env
+    return variables.every((variable) => !!process.env[variable]);
+  }
+}

apps/segment/src/lib/dynamodb-client.ts

@@ -0,0 +1,12 @@
+import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
+import { DynamoDBDocumentClient } from "@aws-sdk/lib-dynamodb";
+
+export const createDynamoDBClient = () => {
+  const client = new DynamoDBClient();
+
+  return client;
+};
+
+export const createDynamoDBDocumentClient = (client: DynamoDBClient) => {
+  return DynamoDBDocumentClient.from(client);
+};

apps/segment/src/logger.ts

@@ -1,10 +1,13 @@
 import { attachLoggerConsoleTransport, rootLogger } from "@saleor/apps-logger";
+import { createRequire } from "module";
 
 import packageJson from "../package.json";
 import { env } from "./env";
 
 rootLogger.settings.maskValuesOfKeys = ["metadata", "username", "password", "apiKey"];
 
+const require = createRequire(import.meta.url);
+
 if (env.NODE_ENV !== "production") {
   attachLoggerConsoleTransport(rootLogger);
 }

apps/segment/src/modules/db/segment-apl-mapper.ts

@@ -0,0 +1,28 @@
+import { AuthData } from "@saleor/app-sdk/APL";
+import { FormattedItem, type PutItemInput } from "dynamodb-toolbox";
+
+import { SegmentAPLEntityType, SegmentMainTable } from "@/modules/db/segment-main-table";
+
+export class SegmentAPLMapper {
+  dynamoDBEntityToAuthData(entity: FormattedItem<SegmentAPLEntityType>): AuthData {
+    return {
+      domain: entity.domain,
+      token: entity.token,
+      saleorApiUrl: entity.saleorApiUrl,
+      appId: entity.appId,
+      jwks: entity.jwks,
+    };
+  }
+
+  authDataToDynamoPutEntity(authData: AuthData): PutItemInput<SegmentAPLEntityType> {
+    return {
+      PK: SegmentMainTable.getAPLPrimaryKey({ saleorApiUrl: authData.saleorApiUrl }),
+      SK: SegmentMainTable.getAPLSortKey(),
+      domain: authData.domain,
+      token: authData.token,
+      saleorApiUrl: authData.saleorApiUrl,
+      appId: authData.appId,
+      jwks: authData.jwks,
+    };
+  }
+}