gemmadlou/aws-lambda.js

## aws-lambda.js
var AWS = require('aws-sdk');
var request = require('request');
var GOOGLE_CLIENT_ID = 'XXXXXX.apps.googleusercontent.com ';
var GOOGLE_URL = 'https: //www.googleapis.com/oauth2/v3/tokeninfo?id_token=';
var idPoolID = 'us-east-1:XXXXXXX';
var roleArn = 'arn:aws:iam::XXXXXX:role/Cognito_AdminStaffAuth_Role';
var cognitoidentity = new AWS.CognitoIdentity({
	region: 'us-east-1'
});
module.exports = function(credentials, context) {
	request.get(GOOGLE_URL + credentials.google, function(err, resp, body) {
		if (body) {
			body = JSON.parse(body);
		}
		// Anything with an email at cannabiz.media is allowed to access admin functionality
		if (body && body.email && body.email.match(/@aci\.info$/) && body.aud ===
			GOOGLE_CLIENT_ID) {
			cognitoidentity.getOpenIdTokenForDeveloperIdentity({
				IdentityPoolId: idPoolID,
				Logins: {
					'login.cannabiz.media': body.kid,
				},
			}, function(err, data) {
				if (err) {
					context.fail(err);
				} else {
					data.RoleArn = roleArn;
					context.done(err, data);
				}
			});
		} else {
			context.fail('Invalid Account');
		}
	});
};

## aws-login.js
// Shamelessly taken from
// http://searchaws.techtarget.com/tip/AWS-authentication-needed-to-protect-a-serverless-app
/**

* AWS Cognito Login

*/
var clientID = 'XXX.apps.googleusercontent.com '; // Google client ID
var lambda;
document.getElementById('login').setAttribute('data - clientid ', clientID);

function loginToGoogle(response) {
		if (!response.error) {
			console.log('ID Token', response.id_token);
			// Basic Access
			AWS.config.region = 'us - east - 1 '; // Region
			AWS.config.credentials = new AWS.CognitoIdentityCredentials({
				AccountId: 'XXXXX ',
				IdentityPoolId: 'us - east - 1: XXXX ',
				Logins: {
					'accounts.google.com ': response.id_token
				},
			});
			lambda = new AWS.Lambda();
			lambda.invoke({
				FunctionName: 'authenticate ',
				Payload: JSON.stringify({
					google: response.id_token
				}),
			}, function(err, loginResp) {
				if (loginResp && loginResp.Payload) {
					var credentials = JSON.parse(loginResp.Payload);
					console.log('Config Credentials ', credentials);
					AWS.config.credentials = new AWS.WebIdentityCredentials({
						RoleArn: credentials.RoleArn,
						WebIdentityToken: credentials.Token,
					});
					lambda = new AWS.Lambda();
				}
				// Load the app.js
				var po = document.createElement('script ');
				po.type = 'text / javascript ';
				po.async = true;
				po.src = 'app.js ';
				var s = document.getElementsByTagName('script ')[0];
				s.parentNode.insertBefore(po, s);
			});
		} else {
			console.log('There was a problem logging you in .', response);
		}
	}
	(function() {
		var po = document.createElement('script ');
		po.type = 'text / javascript ';
		po.async = true;
		po.src = 'https: //apis.google.com/js/client:plusone.js';
		var s = document.getElementsByTagName('script')[0];
		s.parentNode.insertBefore(po, s);
	})();
	var AWS = require('aws-sdk');
	var request = require('request');
	var GOOGLE_CLIENT_ID = 'XXXXXX.apps.googleusercontent.com ';
	var GOOGLE_URL = 'https: //www.googleapis.com/oauth2/v3/tokeninfo?id_token=';
	var idPoolID = 'us-east-1:XXXXXXX';
	var roleArn = 'arn:aws:iam::XXXXXX:role/Cognito_AdminStaffAuth_Role';
	var cognitoidentity = new AWS.CognitoIdentity({
	region: 'us-east-1'
	});
	module.exports = function(credentials, context) {
	request.get(GOOGLE_URL + credentials.google, function(err, resp, body) {
	if (body) {
	body = JSON.parse(body);
	}
	// Anything with an email at cannabiz.media is allowed to access admin functionality
	if (body && body.email && body.email.match(/@aci\.info$/) && body.aud ===
	GOOGLE_CLIENT_ID) {
	cognitoidentity.getOpenIdTokenForDeveloperIdentity({
	IdentityPoolId: idPoolID,
	Logins: {
	'login.cannabiz.media': body.kid,
	},
	}, function(err, data) {
	if (err) {
	context.fail(err);
	} else {
	data.RoleArn = roleArn;
	context.done(err, data);
	}
	});
	} else {
	context.fail('Invalid Account');
	}
	});
	};
	// Shamelessly taken from
	// http://searchaws.techtarget.com/tip/AWS-authentication-needed-to-protect-a-serverless-app
	/**

	* AWS Cognito Login

	*/
	var clientID = 'XXX.apps.googleusercontent.com '; // Google client ID
	var lambda;
	document.getElementById('login').setAttribute('data - clientid ', clientID);

	function loginToGoogle(response) {
	if (!response.error) {
	console.log('ID Token', response.id_token);
	// Basic Access
	AWS.config.region = 'us - east - 1 '; // Region
	AWS.config.credentials = new AWS.CognitoIdentityCredentials({
	AccountId: 'XXXXX ',
	IdentityPoolId: 'us - east - 1: XXXX ',
	Logins: {
	'accounts.google.com ': response.id_token
	},
	});
	lambda = new AWS.Lambda();
	lambda.invoke({
	FunctionName: 'authenticate ',
	Payload: JSON.stringify({
	google: response.id_token
	}),
	}, function(err, loginResp) {
	if (loginResp && loginResp.Payload) {
	var credentials = JSON.parse(loginResp.Payload);
	console.log('Config Credentials ', credentials);
	AWS.config.credentials = new AWS.WebIdentityCredentials({
	RoleArn: credentials.RoleArn,
	WebIdentityToken: credentials.Token,
	});
	lambda = new AWS.Lambda();
	}
	// Load the app.js
	var po = document.createElement('script ');
	po.type = 'text / javascript ';
	po.async = true;
	po.src = 'app.js ';
	var s = document.getElementsByTagName('script ')[0];
	s.parentNode.insertBefore(po, s);
	});
	} else {
	console.log('There was a problem logging you in .', response);
	}
	}
	(function() {
	var po = document.createElement('script ');
	po.type = 'text / javascript ';
	po.async = true;
	po.src = 'https: //apis.google.com/js/client:plusone.js';
	var s = document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(po, s);
	})();