feat(virus-scanner): invoke lambda to scan file (#6734)

* feat: add fileKey to joi validation * feat: test lambda invoke v3 * feat: trigger virus scanner lambda * feat: log return payload * fix: show payload and logresult as string * fix: parsing of payload to json * feat: trigger lambda on local * refactor: rm version check in receiveStorageSubmission * docs: add comments with relevant references to tix * chore: update logger meta.action * fix: broken receiver tests due to answer field * docs: incl storage v2+ forms * feat: runtime typeguards for lambda output parsing * feat: add uuid check for quarantine file key * fix: use answer for quarantine file key * fix: isQuarantinedAttachmentResponse answer check * fix: playwright tests - set answer as filename * revert: "fix: broken receiver tests due to answer field" This reverts commit 4555583. * feat: parse json safely * test: triggerVirusScanning * refactor: use typeguards for type checking logic - docs: added stronger warnings in comments * feat: invalid quarantine file key error * fix: broken test due to file key error update * fix: import from shared * refactor: typeguards to know better than 'any'
opengovsg · Sep 23, 2023 · c6c6b61 · c6c6b61
1 parent 04f1070
commit c6c6b61
Show file tree

Hide file tree

Showing 16 changed files with 19,697 additions and 15,877 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -116,6 +116,7 @@ services:
       - PAYMENT_MIN_PAYMENT_AMOUNT_CENTS=50
       - SSM_ENV_SITE_NAME=development
       - PAYMENT_GUIDE_LINK
+      - PAYMENT_LANDING_GUIDE_LINK
       # Cron secrets
       - CRON_PAYMENT_API_SECRET=secretKey
       # env vars for go integration
@@ -124,6 +125,8 @@ services:
       - API_KEY_VERSION=v1
       # env vars for growthbook
       - GROWTHBOOK_CLIENT_KEY
+      # env vars for virus scanner
+      - VIRUS_SCANNER_LAMBDA_FUNCTION_NAME=function
 
   mockpass:
     build: https://github.com/opengovsg/mockpass.git#v4.0.4

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -55,6 +55,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-cloudwatch-logs": "^3.347.1",
+    "@aws-sdk/client-lambda": "^3.414.0",
     "@babel/runtime": "^7.20.13",
     "@faker-js/faker": "^8.0.1",
     "@joi/date": "^2.1.0",

diff --git a/src/app/config/config.ts b/src/app/config/config.ts
@@ -1,3 +1,4 @@
+import { Lambda } from '@aws-sdk/client-lambda'
 import aws from 'aws-sdk'
 import convict from 'convict'
 import { SessionOptions } from 'express-session'
@@ -89,10 +90,20 @@ const s3 = new aws.S3({
   s3ForcePathStyle: isDev ? true : undefined,
 })
 
+// using aws-sdk v3 (FRM-993)
+const virusScannerLambda = new Lambda({
+  region: basicVars.awsConfig.region,
+  // Endpoint is set for development mode to point to the separate docker container running the lambda function.
+  // host.docker.internal is a special DNS name which resolves to the internal IP address used by the host.
+  // Reference: https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host
+  ...(isDev ? { endpoint: 'http://host.docker.internal:9999' } : undefined),
+})
+
 const awsConfig: AwsConfig = {
   ...s3BucketUrlVars,
   ...basicVars.awsConfig,
   s3,
+  virusScannerLambda,
 }
 
 let dbUri: string | undefined

diff --git a/src/app/config/schema.ts b/src/app/config/schema.ts
@@ -279,6 +279,12 @@ export const optionalVarsSchema: Schema<IOptionalVarsSchema> = {
       default: '',
       env: 'CUSTOM_CLOUDWATCH_LOG_GROUP',
     },
+    virusScannerLambdaFunctionName: {
+      doc: 'Virus scanner lambda function name',
+      format: String,
+      default: '',
+      env: 'VIRUS_SCANNER_LAMBDA_FUNCTION_NAME',
+    },
   },
   core: {
     port: {