# SPRINT 10.2 — EMAIL CRUD API (Lambda)

## METADATA
- Execution: Hodina 2
- Prerekvizity: Sprint 10.1 COMPLETE (Auth Lambda + DynamoDB)
- Deliverables: email_lambda.py, deploy script, tests
- Estimated time: 45-55 min
- Output folder: /mnt/outputs/SKYMAILBOX_SPRINTS/SPRINT_10.2_EMAIL_API/

## AWS ENVIRONMENT
```
AWS_ACCESS_KEY_ID=AKIA[REDACTED_SEE_AWS_CONSOLE]
AWS_SECRET_ACCESS_KEY=[REDACTED_SEE_SECRETS_MANAGER]
AWS_DEFAULT_REGION=us-east-1
```

## OBJECTIVES
Vytvořit Email CRUD API pro SkyMailbox:
1. DynamoDB tabulka `skymailbox-emails` pro emaily
2. Lambda funkce s endpointy: send, list-inbox, list-sent, read, delete, list-folders
3. SES integrace pro odesílání reálných emailů
4. JWT auth — všechny endpointy vyžadují platný token z Sprint 10.1

## STEP-BY-STEP INSTRUCTIONS

### Krok 1: Vytvořit DynamoDB tabulku pro emaily
```bash
aws dynamodb create-table \
  --table-name skymailbox-emails \
  --attribute-definitions \
    AttributeName=pk,AttributeType=S \
    AttributeName=sk,AttributeType=S \
    AttributeName=folder_date,AttributeType=S \
  --key-schema \
    AttributeName=pk,KeyType=HASH \
    AttributeName=sk,KeyType=RANGE \
  --billing-mode PAY_PER_REQUEST \
  --global-secondary-indexes '[
    {
      "IndexName": "folder-date-index",
      "KeySchema": [
        {"AttributeName":"pk","KeyType":"HASH"},
        {"AttributeName":"folder_date","KeyType":"RANGE"}
      ],
      "Projection": {"ProjectionType":"ALL"}
    }
  ]'
```

Data model:
- Inbox email: pk=`USER#<user_id>`, sk=`EMAIL#<timestamp>#<email_id>`, folder_date=`INBOX#<iso_date>`
- Sent email: pk=`USER#<user_id>`, sk=`EMAIL#<timestamp>#<email_id>`, folder_date=`SENT#<iso_date>`
- Custom folder: pk=`USER#<user_id>`, sk=`EMAIL#<timestamp>#<email_id>`, folder_date=`<FOLDER>#<iso_date>`

### Krok 2: Vytvořit email_lambda.py
**Soubor:** `email_lambda.py`

Lambda handler s těmito endpointy:

**POST /send**
- Auth: Bearer token required
- Input: `{ "to": "email@...", "subject": "...", "body": "...", "html_body": "..." }`
- Odeslat přes SES (source: `noreply@skymailbox.net` nebo `info@skynet.genisys.online`)
- Uložit do DynamoDB jako SENT email pro odesílatele
- Uložit do DynamoDB jako INBOX email pro příjemce (pokud je registrovaný)
- Return: `{ "message_id": "...", "status": "sent" }`

**GET /inbox?limit=50&cursor=...**
- Auth: Bearer token required
- Query DynamoDB: pk=USER#<user_id>, folder_date begins_with "INBOX#"
- Sort by date DESC
- Pagination via cursor (LastEvaluatedKey base64 encoded)
- Return: `{ "emails": [...], "cursor": "..." }`

**GET /sent?limit=50&cursor=...**
- Stejné jako inbox ale folder_date begins_with "SENT#"

**GET /email/:id**
- Auth: Bearer token required
- Fetch single email by sk
- Mark as read (update `is_read: true`)
- Return: full email object

**DELETE /email/:id**
- Auth: Bearer token required
- Soft delete: přesunout do TRASH folder (update folder_date prefix)
- Return: `{ "status": "deleted" }`

**GET /folders**
- Auth: Bearer token required
- Return: `{ "folders": ["INBOX", "SENT", "DRAFTS", "TRASH", "SPAM"] }`
- Include unread counts per folder

**POST /move**
- Auth: Bearer token required
- Input: `{ "email_id": "...", "target_folder": "TRASH" }`
- Update folder_date prefix
- Return: `{ "status": "moved" }`

JWT verification: Načíst JWT_SECRET z environment variable. Dekódovat token, ověřit expiry, extrahovat user_id.

CORS headers na všechny odpovědi (stejné jako Sprint 10.1).

### Krok 3: Vytvořit deployment script
**Soubor:** `deploy_email_lambda.sh`
```bash
#!/bin/bash
set -e
FUNCTION_NAME="skymailbox-email"
ROLE_ARN="arn:aws:iam::085591177963:role/skymailbox-lambda-role"
REGION="us-east-1"

# Get JWT_SECRET from auth lambda
JWT_SECRET=$(aws lambda get-function-configuration \
  --function-name skymailbox-auth \
  --region $REGION \
  --query 'Environment.Variables.JWT_SECRET' --output text)

zip -j email_lambda.zip email_lambda.py

if aws lambda get-function --function-name $FUNCTION_NAME --region $REGION 2>/dev/null; then
  aws lambda update-function-code \
    --function-name $FUNCTION_NAME \
    --zip-file fileb://email_lambda.zip \
    --region $REGION
else
  aws lambda create-function \
    --function-name $FUNCTION_NAME \
    --runtime python3.11 \
    --handler email_lambda.lambda_handler \
    --role $ROLE_ARN \
    --zip-file fileb://email_lambda.zip \
    --timeout 30 \
    --memory-size 256 \
    --environment "Variables={JWT_SECRET=$JWT_SECRET,EMAILS_TABLE=skymailbox-emails,USERS_TABLE=skymailbox-users}" \
    --region $REGION
fi

aws lambda create-function-url-config \
  --function-name $FUNCTION_NAME \
  --auth-type NONE \
  --cors '{"AllowOrigins":["*"],"AllowMethods":["GET","POST","DELETE","OPTIONS"],"AllowHeaders":["Content-Type","Authorization"]}' \
  --region $REGION 2>/dev/null || \
aws lambda update-function-url-config \
  --function-name $FUNCTION_NAME \
  --auth-type NONE \
  --cors '{"AllowOrigins":["*"],"AllowMethods":["GET","POST","DELETE","OPTIONS"],"AllowHeaders":["Content-Type","Authorization"]}' \
  --region $REGION

URL=$(aws lambda get-function-url-config --function-name $FUNCTION_NAME --region $REGION --query 'FunctionUrl' --output text)
echo "Email API URL: $URL"
echo $URL > EMAIL_API_URL.txt
```

### Krok 4: Vytvořit testy
**Soubor:** `test_email_api.py`

1. Nejprve login přes Auth API (načíst AUTH_API_URL.txt z Sprint 10.1 output) → získat token
2. POST /send — odeslat testovací email → ověřit 200
3. GET /inbox — ověřit, že email je v inboxu
4. GET /email/:id — ověřit detail emailu + is_read=true
5. POST /move — přesunout do TRASH
6. GET /folders — ověřit unread counts
7. DELETE /email/:id — soft delete

### Krok 5: Deploy a test
1. Spustit deploy script
2. Spustit testy
3. Zaznamenat výsledky do completion report

## COMPLETION CHECKLIST
- [ ] DynamoDB tabulka `skymailbox-emails` je ACTIVE
- [ ] Lambda `skymailbox-email` je deployed s Function URL
- [ ] Send endpoint funguje (SES nebo mock)
- [ ] Inbox list funguje s pagination
- [ ] Email read + mark-as-read funguje
- [ ] Delete (soft) funguje
- [ ] Folders s unread counts fungují
- [ ] Move email between folders funguje
- [ ] JWT auth na všech endpointech
- [ ] Testy prošly (min 5/7)

## DELIVERABLES LIST
1. `email_lambda.py`
2. `deploy_email_lambda.sh`
3. `test_email_api.py`
4. `email_lambda.zip`
5. `EMAIL_API_URL.txt`
6. `SPRINT_10.2_README.md`
7. `SPRINT_10.2_COMPLETE.md`

## COMPLETION REPORT TEMPLATE
```markdown
# ✅ SPRINT 10.2 — EMAIL API — COMPLETE

## Timestamp
[ISO datetime]

## Status
COMPLETE / FAILED

## Email API URL
[Function URL]

## Test Results
| Test | Result |
|------|--------|
| Send Email | PASS/FAIL |
| List Inbox | PASS/FAIL |
| Read Email | PASS/FAIL |
| Move Email | PASS/FAIL |
| Delete Email | PASS/FAIL |
| List Folders | PASS/FAIL |
| JWT Auth Required | PASS/FAIL |

## Issues
[Any issues]

## Next Sprint
SPRINT_10.3_FRONTEND_SETUP
```