Created
July 5, 2021 11:11
-
-
Save mikaelvesavuori/7551fe4878d68b61ac0f9bd0832ebf62 to your computer and use it in GitHub Desktop.
Using Lambda authorizers in Serverless Framework
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { APIGatewayProxyResult } from 'aws-lambda'; | |
/** | |
* @description The controller. | |
*/ | |
export async function handler(event: any): Promise<APIGatewayProxyResult> { | |
const clientToken = event.authorizationToken || event.headers.Authorization; // Do something with an incoming auth token | |
const active = true; // Do something to check if user is active or similar | |
const policy = active ? 'Allow' : 'Deny'; | |
console.log(`Is user active? ${active}`); | |
const response = JSON.stringify({ | |
something: "It's something" | |
}); | |
return generatePolicy('user', policy, event.methodArn, response); | |
} | |
/** | |
* @description Creates the IAM policy for the response. | |
*/ | |
const generatePolicy = (principalId: any, effect: any, resource: any, data: any) => { | |
// @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html | |
const authResponse: any = { | |
principalId | |
}; | |
if (effect && resource) { | |
const policyDocument: any = { | |
Version: '2012-10-17', | |
Statement: [] | |
}; | |
const statement = { | |
Action: 'execute-api:Invoke', | |
Effect: effect, | |
Resource: resource | |
}; | |
policyDocument.Statement[0] = statement; | |
authResponse.policyDocument = policyDocument; | |
} | |
authResponse.context = { | |
stringKey: JSON.stringify(data) | |
//role: user.role --> "principalId" could be an object that also has role | |
}; | |
console.log('authResponse', authResponse); | |
return authResponse; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { APIGatewayProxyResult } from 'aws-lambda'; | |
/** | |
* @description This is the controller, or entrypoint for your function. | |
*/ | |
export async function handler(event: any, context: any): Promise<APIGatewayProxyResult> { | |
console.log('event', event); | |
console.log('context', context); | |
const data = event.requestContext.authorizer.stringKey; | |
return { | |
statusCode: 200, | |
body: data //JSON.stringify(data) | |
}; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service: lambda-authorizer-demo | |
provider: | |
name: aws | |
runtime: nodejs14.x | |
stage: ${opt:stage, 'dev'} | |
region: eu-north-1 | |
memorySize: 2048 | |
timeout: 10 | |
logRetentionInDays: 14 | |
versionFunctions: false | |
lambdaHashingVersion: 20201221 | |
deploymentBucket: | |
blockPublicAccess: true | |
maxPreviousDeploymentArtifacts: 5 | |
serverSideEncryption: AES256 | |
stackTags: | |
Usage: ${self:service} | |
tags: | |
Usage: ${self:service} | |
apiGateway: | |
minimumCompressionSize: 1024 | |
tracing: | |
apiGateway: true | |
lambda: true | |
iam: | |
role: | |
statements: | |
- Effect: Allow | |
Action: | |
- xray:PutTelemetryRecords | |
- xray:PutTraceSegments | |
Resource: "*" | |
plugins: | |
- serverless-webpack | |
- serverless-offline | |
- serverless-iam-roles-per-function | |
package: | |
individually: true | |
patterns: | |
- node_modules/aws-sdk/** | |
- node_modules/aws-lambda/** | |
functions: | |
Demo: | |
handler: src/controllers/DemoController.handler | |
description: Demo controller | |
events: | |
- http: | |
path: /demo | |
method: POST | |
authorizer: | |
name: Authorizer | |
resultTtlInSeconds: 30 | |
identitySource: method.request.header.Authorization | |
type: token | |
Authorizer: | |
handler: src/controllers/AuthController.handler | |
description: ${self:service} authorizer |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment