Using Lambda authorizers in Serverless Framework

AuthController.ts

import { APIGatewayProxyResult } from 'aws-lambda';

/**
 * @description The controller.
 */
export async function handler(event: any): Promise<APIGatewayProxyResult> {
  const clientToken = event.authorizationToken || event.headers.Authorization; // Do something with an incoming auth token

  const active = true; // Do something to check if user is active or similar

  const policy = active ? 'Allow' : 'Deny';
  console.log(`Is user active? ${active}`);

  const response = JSON.stringify({
    something: "It's something"
  });

  return generatePolicy('user', policy, event.methodArn, response);
}

/**
 * @description Creates the IAM policy for the response.
 */
const generatePolicy = (principalId: any, effect: any, resource: any, data: any) => {
  // @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
  const authResponse: any = {
    principalId
  };

  if (effect && resource) {
    const policyDocument: any = {
      Version: '2012-10-17',
      Statement: []
    };

    const statement = {
      Action: 'execute-api:Invoke',
      Effect: effect,
      Resource: resource
    };

    policyDocument.Statement[0] = statement;
    authResponse.policyDocument = policyDocument;
  }

  authResponse.context = {
    stringKey: JSON.stringify(data)
    //role: user.role --> "principalId" could be an object that also has role
  };

  console.log('authResponse', authResponse);

  return authResponse;
};

DemoController.ts

import { APIGatewayProxyResult } from 'aws-lambda';

/**
 * @description This is the controller, or entrypoint for your function.
 */
export async function handler(event: any, context: any): Promise<APIGatewayProxyResult> {
  console.log('event', event);
  console.log('context', context);

  const data = event.requestContext.authorizer.stringKey;

  return {
    statusCode: 200,
    body: data //JSON.stringify(data)
  };
}

serverless.yml

service: lambda-authorizer-demo

provider:
  name: aws
  runtime: nodejs14.x
  stage: ${opt:stage, 'dev'}
  region: eu-north-1
  memorySize: 2048
  timeout: 10
  logRetentionInDays: 14
  versionFunctions: false
  lambdaHashingVersion: 20201221
  deploymentBucket:
    blockPublicAccess: true
    maxPreviousDeploymentArtifacts: 5
    serverSideEncryption: AES256
  stackTags:
    Usage: ${self:service}
  tags:
    Usage: ${self:service}
  apiGateway:
    minimumCompressionSize: 1024
  tracing:
    apiGateway: true
    lambda: true
  iam:
    role:
      statements:
      - Effect: Allow
        Action:
          - xray:PutTelemetryRecords
          - xray:PutTraceSegments
        Resource: "*"

plugins:
  - serverless-webpack
  - serverless-offline
  - serverless-iam-roles-per-function

package:
  individually: true
  patterns:
    - node_modules/aws-sdk/**
    - node_modules/aws-lambda/**

functions:
  Demo:
    handler: src/controllers/DemoController.handler
    description: Demo controller
    events:
      - http:
          path: /demo
          method: POST
          authorizer:
            name: Authorizer
            resultTtlInSeconds: 30
            identitySource: method.request.header.Authorization
            type: token
  Authorizer:
    handler: src/controllers/AuthController.handler
    description: ${self:service} authorizer