AWSTemplateFormatVersion: "2010-09-09"
Description: "Deploys an API Gateway, Lambda function, and IAM roles for Breez integration."

Resources:
  # IAM Role for Lambda Function
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: 
                - lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        - PolicyName: LambdaAccessPolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource: "arn:aws:logs:*:*:*"
              - Effect: Allow
                Action:
                  - s3:GetObject
                Resource: 
                  - "arn:aws:s3:::lambda-nodeless-payment/*"
              - Effect: Allow
                Action:
                  - ssm:GetParameter
                Resource:
                  - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/breez-nodeless/api_key"
                  - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/breez-nodeless/seed_phrase"
                  - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/breez-nodeless/api_secret"

  # API Gateway
  ApiGateway:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Name: BreezAPIGateway
      Description: "API Gateway for Breez Lightning Network integration"

  # API Resources for each endpoint
  ApiListPaymentsResource:
    Type: AWS::ApiGateway::Resource
    Properties:
      RestApiId: !Ref ApiGateway
      ParentId: !GetAtt ApiGateway.RootResourceId
      PathPart: "list_payments"

  ApiReceiveResource:
    Type: AWS::ApiGateway::Resource
    Properties:
      RestApiId: !Ref ApiGateway
      ParentId: !GetAtt ApiGateway.RootResourceId
      PathPart: "receive_payment"

  ApiSendResource:
    Type: AWS::ApiGateway::Resource
    Properties:
      RestApiId: !Ref ApiGateway
      ParentId: !GetAtt ApiGateway.RootResourceId
      PathPart: "send_payment"

  # Lambda Function
  BreezLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: BreezLambda
      Runtime: python3.12
      Handler: lambda_function.lambda_handler
      Role: !GetAtt LambdaExecutionRole.Arn
      Code:
        S3Bucket: "lambda-nodeless-payment"
        S3Key: "lambda.zip"
      Timeout: 30
      Environment:
        Variables:
          PARAMETER_PREFIX: "/breez/"

  # Allow API Gateway to invoke Lambda
  LambdaInvokePermission:
    Type: AWS::Lambda::Permission
    DependsOn: BreezLambdaFunction
    Properties:
      Action: "lambda:InvokeFunction"
      FunctionName: !Ref BreezLambdaFunction
      Principal: "apigateway.amazonaws.com"
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGateway}/*/*/*"


  # API Methods
  GetPaymentsMethod:
    Type: AWS::ApiGateway::Method
    DependsOn: BreezLambdaFunction
    Properties:
      RestApiId: !Ref ApiGateway
      ResourceId: !Ref ApiListPaymentsResource
      HttpMethod: GET
      AuthorizationType: NONE
      Integration:
        Type: AWS_PROXY
        IntegrationHttpMethod: POST
        Uri: !Sub
          - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaArn}/invocations"
          - LambdaArn: !GetAtt BreezLambdaFunction.Arn

  PostReceiveMethod:
    Type: AWS::ApiGateway::Method
    DependsOn: BreezLambdaFunction
    Properties:
      RestApiId: !Ref ApiGateway
      ResourceId: !Ref ApiReceiveResource
      HttpMethod: POST
      AuthorizationType: NONE
      Integration:
        Type: AWS_PROXY
        IntegrationHttpMethod: POST
        Uri: !Sub
          - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaArn}/invocations"
          - LambdaArn: !GetAtt BreezLambdaFunction.Arn

  PostSendMethod:
    Type: AWS::ApiGateway::Method
    DependsOn: BreezLambdaFunction
    Properties:
      RestApiId: !Ref ApiGateway
      ResourceId: !Ref ApiSendResource
      HttpMethod: POST
      AuthorizationType: NONE
      Integration:
        Type: AWS_PROXY
        IntegrationHttpMethod: POST
        Uri: !Sub
          - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaArn}/invocations"
          - LambdaArn: !GetAtt BreezLambdaFunction.Arn

  # API Deployment
  ApiDeployment:
    Type: AWS::ApiGateway::Deployment
    DependsOn:
      - GetPaymentsMethod
      - PostReceiveMethod
      - PostSendMethod
      - LambdaInvokePermission
    Properties:
      RestApiId: !Ref ApiGateway
      StageName: "prod"

Outputs:
  ApiGatewayBaseURL:
    Description: "Base URL for API Gateway"
    Value: !Sub "https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod"
  PaymentsEndpoint:
    Description: "Payments endpoint URL"
    Value: !Sub "https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/list_payments"
  ReceiveEndpoint:
    Description: "Receive endpoint URL"
    Value: !Sub "https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/receive_payment"
  SendEndpoint:
    Description: "Send endpoint URL"
    Value: !Sub "https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod/send_payment"