【Day 21】會員功能擴充 - 設定寄信重設密碼功能 (下) - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天

2025 iThome 鐵人賽

DAY 21

Build on AWS

無法成為片師也想拍 Vlog？！個人影音小工具的誕生！系列第 21 篇

【Day 21】會員功能擴充 - 設定寄信重設密碼功能 (下)

17th鐵人賽 aws dynamodb aws lambda aws api gateway aws s3

二坪山小弱砲

團隊在峴港裸泳咕嚕咕嚕咕嚕曹軍團

2025-10-01 23:42:42

47 瀏覽

分享至

前言

使用者註冊完後忘記密碼，需要進行重設的功能開發。

設計

Verify-vlog-email Lambda Function / `verify-email`

import os
import json
import boto3
from datetime import datetime

dynamodb = boto3.resource("dynamodb")
table = dynamodb.Table("vlog-nipapa-tw-user")

def lambda_handler(event, context):
    # --- CORS ---
    method = event.get("httpMethod") or event.get("requestContext", {}).get("http", {}).get("method")
    if method == "OPTIONS":
        return _cors(200, "")

    try:
        # 支援 queryString 或 body 取值
        params = event.get("queryStringParameters") or {}
        body = event.get("body")
        if body and isinstance(body, str):
            try:
                body = json.loads(body)
            except:
                body = {}
        if not params and body:
            params = body

        username = params.get("user")
        token = params.get("token")

        if not username or not token:
            return _cors(400, {"error": "Missing user or token"})

        # 查詢 DynamoDB
        resp = table.get_item(Key={"username": username})
        item = resp.get("Item")
        if not item:
            return _cors(400, {"error": "User not found"})

        if item.get("verified"):
            return _cors(200, {"message": "User already verified"})

        if item.get("verify_token") != token:
            return _cors(400, {"error": "Invalid token"})

        # 驗證是否過期
        expire_str = item.get("verify_expire")
        if expire_str:
            expire_time = datetime.fromisoformat(expire_str)
            if datetime.utcnow() > expire_time:
                return _cors(400, {"error": "Token expired"})

        # 更新 verified 狀態
        table.update_item(
            Key={"username": username},
            UpdateExpression="SET verified = :v REMOVE verify_token, verify_expire",
            ExpressionAttributeValues={":v": True}
        )

        return _cors(200, {"message": "✅ Email verified successfully"})

    except Exception as e:
        print("❌ ERROR:", str(e))
        return _cors(500, {"error": str(e)})


def _cors(code, body):
    return {
        "statusCode": code,
        "headers": {
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "OPTIONS,GET,POST",
            "Access-Control-Allow-Headers": "Content-Type,Authorization"
        },
        "body": json.dumps(body)
    }

調整 Role

因為要在 DynamoDB 裡面提取資料，寫入註冊狀態，所以需要配置給他 dynamodb

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "logs:CreateLogGroup",
            "Resource": "arn:aws:logs:ap-northeast-1:<AWS_ID>:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "arn:aws:logs:ap-northeast-1:<AWS_ID>:log-group:/aws/lambda/register-vlog-member:*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:Query",
                "dynamodb:Scan"
            ],
            "Resource": [
                "arn:aws:dynamodb:ap-northeast-1:<AWS_ID>:table/vlog-nipapa-tw-user"
            ]
        }
    ]
}