fideliocc · May 2, 2024 20:52
diff --git a/getDashboardUrl.js b/getDashboardUrl.js
 'use strict'

 // IMPORTANT: Replace environment variables with your current values
 const aws = require('aws-sdk')
 aws.config.region = process.env.REGION

 const sts = new aws.STS({apiVersion: '2011-06-15'})

 module.exports.handler = (event, context, callback) => {
    console.log('User email', event.queryStringParameters.email)

    const UserEmail = event.queryStringParameters.email
    const accountId = process.env.AWS_ACCOUNT_ID
    const dashboardId = process.env.QUICKSIGHT_MOBILE_DASHBOARD_ID
    const identityType = 'IAM'
    const region = process.env.REGION
    const iamRole = process.env.QUICKSIGHT_ROLE_ARN

    // Returns QuickSight Dashboard URL
    function getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight) {
        const urlParams = {
            AwsAccountId: accountId, /* required */
            DashboardId: dashboardId, /* required */
            IdentityType: identityType, /* required */
        }

        return quicksight.getDashboardEmbedUrl(urlParams, (err, urlData) => {
            if (err) {
                console.log(err, err.stack);
                callback(err, null);
            } else {
                console.log('Embed URL: ', urlData);

                // HTTP response
                const response = {
                    statusCode: 200,
                    headers: {
                      "Content-Type": "application/json",
                      "X-Requested-With": '*',
                      "Access-Control-Allow-Headers": 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Requested-With',
                      "Access-Control-Allow-Origin": '*',
                      "Access-Control-Allow-Methods": 'GET, OPTIONS',
                      "Access-Control-Allow-Credentials": true // Required for cookies, authorization headers with HTTPS 
                    },
                    body: JSON.stringify({ payload: urlData }),
                    isBase64Encoded: false
                  };

                callback(null, response)
            }
        })
    }

    // First of all, assume the QuickSightEmbedRole previously created, into Serverless Lambda Execution Role
    const stsParams = {
        RoleArn: iamRole, /* required */
        RoleSessionName: UserEmail, /* required */
    }

    return sts.assumeRole(stsParams, (err, stsData) => {
        if (err) {
            // Oops, an error occured when assuming the new role...
            console.log(err, err.stack);
            callback(err, null);
        } else {
            console.log(stsData)
            // Now you're authorized to perform Quicksight actions
            const credentials = stsData.Credentials;

            // Create new Quicksight object with recently obtained credentials
            const quicksight = new aws.QuickSight({
                apiVersion: '2018-04-01',
                region: region,
                credentials: {
                    accessKeyId: credentials.AccessKeyId,
                    secretAccessKey: credentials.SecretAccessKey,
                    sessionToken: credentials.SessionToken,
                    expiration: credentials.Expiration
                }
            })
            
            // Now you're ready to register a new user...
            const registerParams = {
                AwsAccountId: accountId, /* required */
                Email: UserEmail, /* required */
                IdentityType: identityType, /* required */
                Namespace: 'default', /* required */
                UserRole: 'READER', /* required */
                IamArn: iamRole,
                SessionName: UserEmail,
            }

            return quicksight.registerUser(registerParams, (err, registerData) => {
                if (err) {
                    if (err.code === 'ResourceExistsException') {
                        // If an user already exists in Quicksight, returns Dashboard URL
                        console.log('User exists!')
                        return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)                
                    }
                    // An error occurred when registering a new user...
                    console.log('Ooops, an error occurred', err)
                    callback(err, null)
                } else {
                    // User succesfully registered to Quicksight as a READER, then returns Dashboard URL
                    // This only happens when an web application user signs-in for the first time
                    console.log(registerData)
                    return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)
                }
            })

        }
    })
 }
	'use strict'

	// IMPORTANT: Replace environment variables with your current values
	const aws = require('aws-sdk')
	aws.config.region = process.env.REGION

	const sts = new aws.STS({apiVersion: '2011-06-15'})

	module.exports.handler = (event, context, callback) => {
	console.log('User email', event.queryStringParameters.email)

	const UserEmail = event.queryStringParameters.email
	const accountId = process.env.AWS_ACCOUNT_ID
	const dashboardId = process.env.QUICKSIGHT_MOBILE_DASHBOARD_ID
	const identityType = 'IAM'
	const region = process.env.REGION
	const iamRole = process.env.QUICKSIGHT_ROLE_ARN

	// Returns QuickSight Dashboard URL
	function getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight) {
	const urlParams = {
	AwsAccountId: accountId, /* required */
	DashboardId: dashboardId, /* required */
	IdentityType: identityType, /* required */
	}

	return quicksight.getDashboardEmbedUrl(urlParams, (err, urlData) => {
	if (err) {
	console.log(err, err.stack);
	callback(err, null);
	} else {
	console.log('Embed URL: ', urlData);

	// HTTP response
	const response = {
	statusCode: 200,
	headers: {
	"Content-Type": "application/json",
	"X-Requested-With": '*',
	"Access-Control-Allow-Headers": 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Requested-With',
	"Access-Control-Allow-Origin": '*',
	"Access-Control-Allow-Methods": 'GET, OPTIONS',
	"Access-Control-Allow-Credentials": true // Required for cookies, authorization headers with HTTPS
	},
	body: JSON.stringify({ payload: urlData }),
	isBase64Encoded: false
	};

	callback(null, response)
	}
	})
	}

	// First of all, assume the QuickSightEmbedRole previously created, into Serverless Lambda Execution Role
	const stsParams = {
	RoleArn: iamRole, /* required */
	RoleSessionName: UserEmail, /* required */
	}

	return sts.assumeRole(stsParams, (err, stsData) => {
	if (err) {
	// Oops, an error occured when assuming the new role...
	console.log(err, err.stack);
	callback(err, null);
	} else {
	console.log(stsData)
	// Now you're authorized to perform Quicksight actions
	const credentials = stsData.Credentials;

	// Create new Quicksight object with recently obtained credentials
	const quicksight = new aws.QuickSight({
	apiVersion: '2018-04-01',
	region: region,
	credentials: {
	accessKeyId: credentials.AccessKeyId,
	secretAccessKey: credentials.SecretAccessKey,
	sessionToken: credentials.SessionToken,
	expiration: credentials.Expiration
	}
	})

	// Now you're ready to register a new user...
	const registerParams = {
	AwsAccountId: accountId, /* required */
	Email: UserEmail, /* required */
	IdentityType: identityType, /* required */
	Namespace: 'default', /* required */
	UserRole: 'READER', /* required */
	IamArn: iamRole,
	SessionName: UserEmail,
	}

	return quicksight.registerUser(registerParams, (err, registerData) => {
	if (err) {
	if (err.code === 'ResourceExistsException') {
	// If an user already exists in Quicksight, returns Dashboard URL
	console.log('User exists!')
	return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)
	}
	// An error occurred when registering a new user...
	console.log('Ooops, an error occurred', err)
	callback(err, null)
	} else {
	// User succesfully registered to Quicksight as a READER, then returns Dashboard URL
	// This only happens when an web application user signs-in for the first time
	console.log(registerData)
	return getDashboardEmbedUrl(accountId, dashboardId, identityType, quicksight)
	}
	})

	}
	})
	}