serverless-offline icon indicating copy to clipboard operation
serverless-offline copied to clipboard

Published 20 hours ago verified publisher icon dherault

Feature/issue 1475

Open vidueirof opened this issue 2 years ago • 3 comments

Description

Support simple lambda authorizer response by checking if function result has isAuthorized flag and prevent running policy document validations.

Motivation and Context

To add support for simple response in authorizer function result.

Fixes: #1475 and #1341

How Has This Been Tested?

Simple lambda authorizer.

authorizer.js

export const handler = async (event) => {
    let response = {
        "isAuthorized": false,
    };
    
    if (event.authorizationToken === 'secretToken') { 
        response = {
            "isAuthorized": true,
        };
    }

    return response;
}

serverless.yml

.
.
.
provider:
  .
  .
  .
  httpApi:
    authorizers:
      authorizer:
        type: request
        functionName: authorizer
        enableSimpleResponses: true

functions:
  authorizer:
    handler: authorizer.handler
  hello:
    handler: hello.handler
    events:
      - httpApi:
          method: GET
          path: /
          authorizer:
            name: authorizer

Using correct and wrong token

vidueirof avatar Jul 05 '22 18:07 vidueirof

thank you @vidueirof ! could you add your tests to the tests of this project? let me know if you have any questions or need any pointers.

dnalborczyk avatar Jul 05 '22 20:07 dnalborczyk

@dnalborczyk I added some tests, let me know what you think. Thanks

vidueirof avatar Jul 26 '22 23:07 vidueirof

thanks for adding the tests @vidueirof just added one question, otherwise looks good.

could you also merge (or rebase) with master? should be just an import fix as far as I can tell: import { setup, teardown } from '../../_testHelpers/index.js'.

dnalborczyk avatar Jul 31 '22 02:07 dnalborczyk

Hi @dnalborczyk @vidueirof .

I've implemented this on https://github.com/dherault/serverless-offline/pull/1600, where we accept payloadFormat 1.0, 2.0 and 2.0 + simpleResponses.

There are also some checks done where enableSimpleResponses HAS to be used along with payloadFormat 2.0, as well as a set of tests with httpApi with payloadFormat 1.0, 2.0 and simple responses.

Please feel free to take a look at it and see if that PR fixes the needs of this PR.

rion18 avatar Nov 05 '22 16:11 rion18

@vidueirof could you have a look at v11.3.0 if that covers your PR? thank you again for putting in the work! much appreciated!

closing in the meantime for good housekeeping.

dnalborczyk avatar Nov 08 '22 03:11 dnalborczyk

@vidueirof could you have a look at v11.3.0 if that covers your PR? thank you again for putting in the work! much appreciated!

closing in the meantime for good housekeeping.

Yes, it's looks fine. I'm sorry I couldn't fix this PR on time.

vidueirof avatar Nov 08 '22 21:11 vidueirof

No worries man, I was also looking for support for PayloadFormat 2.0. Glad I could help out.

rion18 avatar Nov 08 '22 21:11 rion18