mochipon/lambda_function.py

## lambda_function.py
"""
This function handles incoming webhooks from Meraki and lock the door with a smart lock.

The following environment variables must be set:
    kmsEncryptedSesameApiKey - SESAME API key (KMS encrypted)
    kmsEncryptedSesameSecret - SESAME device secret (KMS encrypted)
    kmsEncryptedMerakiSharedSecret - Meraki shared secret for webhooks (KMS encrypted)
    sesameUuid - SESAME device UUID (plain)
"""

from base64 import b64decode
import boto3
import json
import logging
import os
import sys

from pysesame3.auth import CognitoAuth
from pysesame3.chsesame2 import CHSesame2


kms = boto3.client("kms")
sesame_api_key = kms.decrypt(
    CiphertextBlob=b64decode(os.environ["kmsEncryptedSesameApiKey"]),
    EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
)["Plaintext"].decode("utf-8")
sesame_secret = kms.decrypt(
    CiphertextBlob=b64decode(os.environ["kmsEncryptedSesameSecret"]),
    EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
)["Plaintext"].decode("utf-8")
sesame_shared_secret = kms.decrypt(
    CiphertextBlob=b64decode(os.environ["kmsEncryptedMerakiSharedSecret"]),
    EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
)["Plaintext"].decode("utf-8")

logger = logging.getLogger()
logger.setLevel(logging.INFO)

lock = CHSesame2(
    authenticator=CognitoAuth(apikey=sesame_api_key),
    device_uuid=os.environ["sesameUuid"],
    secret_key=sesame_secret,
)


def lambda_handler(event, context):
    alert = json.loads(event["body"])

    if alert["sharedSecret"] == sesame_shared_secret:
        logger.info("Success to validate the shared secret")
    else:
        logger.error("Invalid shared secret")
        return {"statusCode": 403}

    # Bluetooth Clients have become visible
    if alert["alertTypeId"] == "bluetooth_in":
        logger.info("Received an alert: bluetooth_in")

    # Bluetooth Clients have gone out of range
    if alert["alertTypeId"] == "bluetooth_out":
        logger.info("Received an alert: bluetooth_out")
        lock.lock(history_tag="Cisco Meraki")

    return {"statusCode": 201}
	"""
	This function handles incoming webhooks from Meraki and lock the door with a smart lock.

	The following environment variables must be set:
	kmsEncryptedSesameApiKey - SESAME API key (KMS encrypted)
	kmsEncryptedSesameSecret - SESAME device secret (KMS encrypted)
	kmsEncryptedMerakiSharedSecret - Meraki shared secret for webhooks (KMS encrypted)
	sesameUuid - SESAME device UUID (plain)
	"""

	from base64 import b64decode
	import boto3
	import json
	import logging
	import os
	import sys

	from pysesame3.auth import CognitoAuth
	from pysesame3.chsesame2 import CHSesame2


	kms = boto3.client("kms")
	sesame_api_key = kms.decrypt(
	CiphertextBlob=b64decode(os.environ["kmsEncryptedSesameApiKey"]),
	EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
	)["Plaintext"].decode("utf-8")
	sesame_secret = kms.decrypt(
	CiphertextBlob=b64decode(os.environ["kmsEncryptedSesameSecret"]),
	EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
	)["Plaintext"].decode("utf-8")
	sesame_shared_secret = kms.decrypt(
	CiphertextBlob=b64decode(os.environ["kmsEncryptedMerakiSharedSecret"]),
	EncryptionContext={"LambdaFunctionName": os.environ["AWS_LAMBDA_FUNCTION_NAME"]},
	)["Plaintext"].decode("utf-8")

	logger = logging.getLogger()
	logger.setLevel(logging.INFO)

	lock = CHSesame2(
	authenticator=CognitoAuth(apikey=sesame_api_key),
	device_uuid=os.environ["sesameUuid"],
	secret_key=sesame_secret,
	)


	def lambda_handler(event, context):
	alert = json.loads(event["body"])

	if alert["sharedSecret"] == sesame_shared_secret:
	logger.info("Success to validate the shared secret")
	else:
	logger.error("Invalid shared secret")
	return {"statusCode": 403}

	# Bluetooth Clients have become visible
	if alert["alertTypeId"] == "bluetooth_in":
	logger.info("Received an alert: bluetooth_in")

	# Bluetooth Clients have gone out of range
	if alert["alertTypeId"] == "bluetooth_out":
	logger.info("Received an alert: bluetooth_out")
	lock.lock(history_tag="Cisco Meraki")

	return {"statusCode": 201}