Integration of check_stytch_authorizer.ts

check_stytch_authorizer.ts

import {authenticateJwtLocal} from "../loadStytch";

export const handler = async (event:any) => {
    const token = event.authorizationToken;
    const isAuthenticated = await authenticateJwtLocal(token);
    return canContinue(isAuthenticated?'Allow':'Deny');
};

function canContinue(effect: string) {
    return {
        principalId: 'user',
        policyDocument: {
            Version: '2012-10-17',
            Statement: [{
                Action: 'execute-api:Invoke',
                Effect: effect,
                Resource: '*',
            }],
        },
    }
}

export const authenticateJwtLocal = (token: string) => {
    try {
        const obj = parseJwt(token);
        return isUserLogged(obj);
    } catch (e){
        return false;
    }
}

const parseJwt = (token:string) => JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
                                              
const isUserLogged = (payload: ParsedJwtSession) => {
    const expAt = new Date(payload["https://stytch.com/session"].expires_at).getTime();
    const now = new Date().getTime();
    if (now + (60 * 1000) > expAt) { return false;}
    return true;
}

To see the integration of check_stytch_authorizer.ts click here