serverless-offline icon indicating copy to clipboard operation
serverless-offline copied to clipboard

Published 20 hours ago verified publisher icon dherault

Support lambda direct requests over HTTPS

Open ermi-ltd opened this issue 1 year ago • 0 comments

Feature Request

The lambda direct endpoint can't currently be accessed via HTTPS as the TLS certificate specified with the httpsProtocol option is not passed to the Hapi server instance.

This prevents Lambda's being reached by the Swift AWS SDK from within the Xcode Build + Run process.

Lambda configuration in Swift to pass the endpoint:

let configuration = try await LambdaClient.LambdaClientConfiguration(
            credentialsProvider: credentialsProvider,
            endpoint: "https://localhost:3002",
            region: "eu-west-2"
        )

With a HTTPS endpoint, the following error is returned by the AWS Swift SDK when a Lambda is invoked:

crtError(AwsCommonRuntimeKit.CRTError(code: 1029, message: "TLS (SSL) negotiation failed", name: "AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE"))

This error can be resolved by modifying the src/lambda/HttpServer.js file to pass the TLS information (see below)

I'm not sure what the best way to do this would be, so I'm opening this as an issue rather than a pull request. I've created a fork with a temporary fix (https://github.com/dherault/serverless-offline/compare/master...ermi-ltd:serverless-offline:master). Happy to submit a PR if that would be preferred.

Sample Code

The following patch to src/lambda/HttpServer.js resolved the issues by adding the feature:

 constructor(options, lambda) {
    this.#lambda = lambda
    this.#options = options

    const { host, lambdaPort } = options

    const serverOptions = {
      host,
      port: lambdaPort,
      ...(options.httpsProtocol != null && {
        tls: this.#loadCerts(options.httpsProtocol),
      }),
    }

    this.#server = new Server(serverOptions)
  }
  
  #loadCerts(httpsProtocol) {
    return {
      cert: fs.readFileSync(resolve(httpsProtocol, "cert.pem"), "utf8"),
      key: fs.readFileSync(resolve(httpsProtocol, "key.pem"), "utf8"),
    }
  }

Expected behavior/code

It should be possible to hit the direct lambda endpoint (aka, lambdaPort) over HTTPS.

Additional context/Screenshots

I'd propose to add support for the httpsProtocol when accessing Lambda's directly using the lambdaPort, or add a new option called something like: lambdaPortProtocol.

ermi-ltd avatar Mar 04 '24 15:03 ermi-ltd