techministrator · September 11, 2021 08:53
diff --git a/lambda_edge_basic_auth_with_ssm.js b/lambda_edge_basic_auth_with_ssm.js
 'use strict'

 var AWS = require('aws-sdk')
 var ssm = new AWS.SSM({region: 'us-east-1'})

 const getParameter = async (params) => {
  try {
    const resp = await ssm.getParameter(params).promise()
    console.log(resp.Parameter.Value)
    return resp.Parameter.Value
  } catch (err) {
    console.error(err)
    return err
  }
 }

 exports.handler = async (event, context) => {
  try {
    const request = event.Records[0].cf.request
    console.log("EVENT: \n" + JSON.stringify(event, null, 2))
    const headers = request.headers

    const authUser = await getParameter({Name: '/dev/frontend-service/username'})
    const authPass = await getParameter({Name: '/dev/frontend-service/password', WithDecryption: true})
    
    const authString = 'Basic ' + Buffer.from(authUser + ':' + authPass).toString('base64')
    if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
      const body = 'Unauthorized'
      const response = {
          status: '401',
          statusDescription: 'Unauthorized',
          body: body,
          headers: {
              'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
          },
      }
      console.log('Authentication failed from ' + request.clientIp)
      return response
    } else {
      console.log('Authentication success from ' + request.clientIp)
      return request
    }
  } catch (err) {
    console.error(err)
  }
 }
	'use strict'

	var AWS = require('aws-sdk')
	var ssm = new AWS.SSM({region: 'us-east-1'})

	const getParameter = async (params) => {
	try {
	const resp = await ssm.getParameter(params).promise()
	console.log(resp.Parameter.Value)
	return resp.Parameter.Value
	} catch (err) {
	console.error(err)
	return err
	}
	}

	exports.handler = async (event, context) => {
	try {
	const request = event.Records[0].cf.request
	console.log("EVENT: \n" + JSON.stringify(event, null, 2))
	const headers = request.headers

	const authUser = await getParameter({Name: '/dev/frontend-service/username'})
	const authPass = await getParameter({Name: '/dev/frontend-service/password', WithDecryption: true})

	const authString = 'Basic ' + Buffer.from(authUser + ':' + authPass).toString('base64')
	if (typeof headers.authorization == 'undefined' \|\| headers.authorization[0].value != authString) {
	const body = 'Unauthorized'
	const response = {
	status: '401',
	statusDescription: 'Unauthorized',
	body: body,
	headers: {
	'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}]
	},
	}
	console.log('Authentication failed from ' + request.clientIp)
	return response
	} else {
	console.log('Authentication success from ' + request.clientIp)
	return request
	}
	} catch (err) {
	console.error(err)
	}
	}