Skip to content

Instantly share code, notes, and snippets.

@emilhein
Created May 27, 2022 06:54
Show Gist options
  • Save emilhein/8ba30bfeae644fede7e79d9ef8de799a to your computer and use it in GitHub Desktop.
Save emilhein/8ba30bfeae644fede7e79d9ef8de799a to your computer and use it in GitHub Desktop.
const { CognitoJwtVerifier } = require("aws-jwt-verify");
module.exports.handler = async (event, context, callback) => {
try {
const verifier = CognitoJwtVerifier.create({
userPoolId: "YOUR_POOL_ID",
tokenUse: "id",
clientId: "YOU_CLIENT_ID",
});
const match = event.authorizationToken.match(/^Bearer (.*)$/);
let token = match[1]
const payload = await verifier.verify(token);
return payload
? callback(null, generatePolicy("user", "Allow", event.methodArn))
: callback(null, generatePolicy("user", "Deny", event.methodArn));
} catch (error) {
callback(error);
}
};
const generatePolicy = function (principalId, effect, resource) {
const authResponse = {};
authResponse.principalId = principalId;
if (effect && resource) {
const policyDocument = {};
policyDocument.Version = "2012-10-17";
policyDocument.Statement = [];
const statementOne = {};
statementOne.Action = "execute-api:Invoke";
statementOne.Effect = effect;
statementOne.Resource = resource; //TODO: maybe limit access
policyDocument.Statement[0] = statementOne;
authResponse.policyDocument = policyDocument;
}
return authResponse;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment