Created
February 12, 2023 23:02
-
-
Save subudear/96a40da4e959ca9900f31707560629c8 to your computer and use it in GitHub Desktop.
lambdaauthorizer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| exports.handler = (event, context, callback) => { | |
| console.log('Received event:', JSON.stringify(event, null, 2)); | |
| var headers = event.headers; | |
| console.log('headers: ', JSON.stringify(headers)); | |
| // Parse the input for the parameter values | |
| var tmp = event.routeArn.split(':'); | |
| console.log('tmp: ', JSON.stringify(tmp)); | |
| var apiGatewayArnTmp = tmp[5].split('/'); | |
| console.log('apiGatewayArnTmp: ', JSON.stringify(apiGatewayArnTmp)); | |
| var awsAccountId = tmp[4]; | |
| console.log('awsAccountId: ', JSON.stringify(awsAccountId)); | |
| var region = tmp[3]; | |
| console.log('region: ', JSON.stringify(region)); | |
| var restApiId = apiGatewayArnTmp[0]; | |
| console.log('restApiId: ', JSON.stringify(restApiId)); | |
| var stage = apiGatewayArnTmp[1]; | |
| console.log('stage: ', JSON.stringify(stage)); | |
| var method = apiGatewayArnTmp[2]; | |
| console.log('method: ', JSON.stringify(method)); | |
| var resource = '/'; // root resource | |
| console.log('resource: ', JSON.stringify(resource)); | |
| if (apiGatewayArnTmp[3]) { | |
| resource += apiGatewayArnTmp[3]; | |
| } | |
| console.log('resource 2 : ', JSON.stringify(resource)); | |
| // Perform authorization to return the Allow policy for correct parameters and | |
| // the 'Unauthorized' error, otherwise. | |
| //var authResponse = {}; | |
| //var condition = {}; | |
| //condition.IpAddress = {}; | |
| const readJSONFileFromS3 = require('s3-service'); | |
| const params = { | |
| Bucket: 'azureupload', | |
| Key: 'applications.json', | |
| }; | |
| const apikey = headers['x-header-apikey'] | |
| const appid = headers['x-header-appid']; | |
| console.log("apikey :" + apikey) | |
| if (apikey || appid ) { | |
| const applications = readJSONFileFromS3.handler(params) | |
| //console.log("applications123 :" + applications.then(result=>{console.log(JSON.parse(result.Body)['x-header-apikey'])})) | |
| applications.then(result=>{ | |
| if (headers['x-header-apikey'] === JSON.parse(result.Body)['x-header-apikey'] && headers['x-header-appid'] === JSON.parse(result.Body)['x-header-appid']) { | |
| callback(null, generateAllow('me', event.routeArn)); | |
| } | |
| else { | |
| callback("Unauthorized"); | |
| } | |
| }) | |
| } | |
| } | |
| // Help function to generate an IAM policy | |
| var generatePolicy = function(principalId, effect, resource) { | |
| // Required output: | |
| var authResponse = {}; | |
| authResponse.principalId = principalId; | |
| if (effect && resource) { | |
| var policyDocument = {}; | |
| policyDocument.Version = '2012-10-17'; // default version | |
| policyDocument.Statement = []; | |
| var statementOne = {}; | |
| statementOne.Action = 'execute-api:Invoke'; // default action | |
| statementOne.Effect = effect; | |
| statementOne.Resource = resource; | |
| policyDocument.Statement[0] = statementOne; | |
| authResponse.policyDocument = policyDocument; | |
| } | |
| // Optional output with custom properties of the String, Number or Boolean type. | |
| authResponse.context = { | |
| "stringKey": "stringval", | |
| "numberKey": 123, | |
| "booleanKey": true | |
| }; | |
| return authResponse; | |
| } | |
| var generateAllow = function(principalId, resource) { | |
| console.log(generatePolicy(principalId, 'Allow', resource)) | |
| return generatePolicy(principalId, 'Allow', resource); | |
| } | |
| var generateDeny = function(principalId, resource) { | |
| return generatePolicy(principalId, 'Deny', resource); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment