From 06b966531aed061898fef726de451d705df7aabd Mon Sep 17 00:00:00 2001
From: Matthieu Napoli <matthieu@mnapoli.fr>
Date: Tue, 30 Jul 2024 14:42:57 +0200
Subject: [PATCH 1/2] Improve patching of AWS credentials

Fixes #155
Fixes https://github.com/brefphp/bref/pull/1846
---
 src/BrefServiceProvider.php | 50 ++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 4 deletions(-)

diff --git a/src/BrefServiceProvider.php b/src/BrefServiceProvider.php
index 433acad..97e38e0 100644
--- a/src/BrefServiceProvider.php
+++ b/src/BrefServiceProvider.php
@@ -47,10 +47,7 @@ public function register()
         Config::set('view.compiled', StorageDirectories::Path . '/framework/views');
         Config::set('cache.stores.file.path', StorageDirectories::Path . '/framework/cache');
 
-        Config::set('cache.stores.dynamodb.token', env('AWS_SESSION_TOKEN'));
-        Config::set('filesystems.disks.s3.token', env('AWS_SESSION_TOKEN'));
-        Config::set('queue.connections.sqs.token', env('AWS_SESSION_TOKEN'));
-        Config::set('services.ses.token', env('AWS_SESSION_TOKEN'));
+        $this->fixAwsCredentialsConfig();
 
         $this->app->when(QueueHandler::class)
             ->needs('$connection')
@@ -149,4 +146,49 @@ protected function fixDefaultConfiguration()
             Config::set('logging.default', 'stderr');
         }
     }
+
+    private function fixAwsCredentialsConfig(): void
+    {
+        $accessKeyId = $_SERVER['AWS_ACCESS_KEY_ID'] ?? null;
+        $sessionToken = $_SERVER['AWS_SESSION_TOKEN'] ?? null;
+        // If we are not in a Lambda environment, we don't need to do anything
+        if (!$accessKeyId || ! $sessionToken) {
+            return;
+        }
+
+        // Patch SQS config
+        foreach (Config::get('queue.connections') as $name => $connection) {
+            if ($connection['driver'] !== 'sqs') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($connection['key'] && $connection['key'] !== $accessKeyId) continue;
+
+            Config::set("queue.connections.$name.token", $sessionToken);
+        }
+
+        // Patch S3 config
+        foreach (Config::get('filesystems.disks') as $name => $disk) {
+            if ($disk['driver'] !== 's3') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($disk['key'] && $disk['key'] !== $accessKeyId) continue;
+
+            Config::set("filesystems.disks.$name.token", $sessionToken);
+        }
+
+        // Patch DynamoDB config
+        foreach (Config::get('cache.stores') as $name => $store) {
+            if ($store['driver'] !== 'dynamodb') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($store['key'] && $store['key'] !== $accessKeyId) continue;
+
+            Config::set("cache.stores.$name.token", $sessionToken);
+        }
+
+        // Patch SES config
+        if (Config::get('services.ses.key') === $accessKeyId) {
+            Config::set('services.ses.token', $sessionToken);
+        }
+    }
 }

From 9424ffe6933e59aafb13c0faff12b331d387f5f2 Mon Sep 17 00:00:00 2001
From: Matthieu Napoli <matthieu@mnapoli.fr>
Date: Tue, 30 Jul 2024 14:46:25 +0200
Subject: [PATCH 2/2] Fix CS

---
 src/BrefServiceProvider.php | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/BrefServiceProvider.php b/src/BrefServiceProvider.php
index 97e38e0..931eec6 100644
--- a/src/BrefServiceProvider.php
+++ b/src/BrefServiceProvider.php
@@ -158,30 +158,39 @@ private function fixAwsCredentialsConfig(): void
 
         // Patch SQS config
         foreach (Config::get('queue.connections') as $name => $connection) {
-            if ($connection['driver'] !== 'sqs') continue;
-
+            if ($connection['driver'] !== 'sqs') {
+                continue;
+            }
             // If a different key is in the config than in the environment variables
-            if ($connection['key'] && $connection['key'] !== $accessKeyId) continue;
+            if ($connection['key'] && $connection['key'] !== $accessKeyId) {
+                continue;
+            }
 
             Config::set("queue.connections.$name.token", $sessionToken);
         }
 
         // Patch S3 config
         foreach (Config::get('filesystems.disks') as $name => $disk) {
-            if ($disk['driver'] !== 's3') continue;
-
+            if ($disk['driver'] !== 's3') {
+                continue;
+            }
             // If a different key is in the config than in the environment variables
-            if ($disk['key'] && $disk['key'] !== $accessKeyId) continue;
+            if ($disk['key'] && $disk['key'] !== $accessKeyId) {
+                continue;
+            }
 
             Config::set("filesystems.disks.$name.token", $sessionToken);
         }
 
         // Patch DynamoDB config
         foreach (Config::get('cache.stores') as $name => $store) {
-            if ($store['driver'] !== 'dynamodb') continue;
-
+            if ($store['driver'] !== 'dynamodb') {
+                continue;
+            }
             // If a different key is in the config than in the environment variables
-            if ($store['key'] && $store['key'] !== $accessKeyId) continue;
+            if ($store['key'] && $store['key'] !== $accessKeyId) {
+                continue;
+            }
 
             Config::set("cache.stores.$name.token", $sessionToken);
         }