Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 | 1x 1x 1x 1x 1x 1x 1x 14x 14x 13x 13x 1x 12x 1x 11x 10x 1x 9x 1x 8x 7x 3x 3x | const { DynamoDBClient } = require('@aws-sdk/client-dynamodb')
const { DynamoDBDocumentClient, GetCommand } = require('@aws-sdk/lib-dynamodb')
const {
CognitoIdentityProviderClient,
AdminUpdateUserAttributesCommand
} = require('@aws-sdk/client-cognito-identity-provider')
const dynamoClient = new DynamoDBClient({})
const docClient = DynamoDBDocumentClient.from(dynamoClient)
const cognitoClient = new CognitoIdentityProviderClient({})
exports.handler = async (event) => {
try {
const body = JSON.parse(event.body || '{}')
const userId = event.requestContext?.authorizer?.claims?.sub
if (!userId) {
return {
statusCode: 401,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Not authenticated' })
}
}
if (!body.tenantId) {
return {
statusCode: 400,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Missing tenantId' })
}
}
// Verify user is member of the target tenant
const membership = await docClient.send(
new GetCommand({
TableName: process.env.MEMBERSHIPS_TABLE_NAME,
Key: {
userId: userId,
tenantId: body.tenantId
}
})
)
if (!membership.Item) {
return {
statusCode: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'You are not a member of this flow' })
}
}
if (membership.Item.status !== 'active') {
return {
statusCode: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: `Membership status is ${membership.Item.status}` })
}
}
// Update Cognito user custom attribute
await cognitoClient.send(
new AdminUpdateUserAttributesCommand({
UserPoolId: process.env.USER_POOL_ID,
Username: userId,
UserAttributes: [
{
Name: 'custom:tenantId',
Value: body.tenantId
}
]
})
)
return {
statusCode: 200,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({
message: 'Tenant context switched successfully',
tenantId: body.tenantId,
roleIds: membership.Item.roleIds
})
}
} catch (error) {
console.error('Error:', error)
return {
statusCode: 500,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Failed to switch tenant context' })
}
}
}
|