diff --git a/events/apigw.go b/events/apigw.go index 3a112b2b..d0b52844 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -232,6 +232,50 @@ type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { NotBefore string `json:"notBefore"` } +type APIGatewayV2CustomAuthorizerV1RequestTypeRequestContext struct { + Path string `json:"path"` + AccountID string `json:"accountId"` + ResourceID string `json:"resourceId"` + Stage string `json:"stage"` + RequestID string `json:"requestId"` + Identity APIGatewayCustomAuthorizerRequestTypeRequestIdentity `json:"identity"` + ResourcePath string `json:"resourcePath"` + HTTPMethod string `json:"httpMethod"` + APIID string `json:"apiId"` +} + +type APIGatewayV2CustomAuthorizerV1Request struct { + Version string `json:"version"` + Type string `json:"type"` + MethodArn string `json:"methodArn"` //nolint: stylecheck + IdentitySource string `json:"identitySource"` + AuthorizationToken string `json:"authorizationToken"` + Resource string `json:"resource"` + Path string `json:"path"` + HTTPMethod string `json:"httpMethod"` + Headers map[string]string `json:"headers"` + QueryStringParameters map[string]string `json:"queryStringParameters"` + PathParameters map[string]string `json:"pathParameters"` + StageVariables map[string]string `json:"stageVariables"` + RequestContext APIGatewayV2CustomAuthorizerV1RequestTypeRequestContext `json:"requestContext"` +} + +type APIGatewayV2CustomAuthorizerV2Request struct { + Version string `json:"version"` + Type string `json:"type"` + RouteArn string `json:"routeArn"` //nolint: stylecheck + IdentitySource []string `json:"identitySource"` + RouteKey string `json:"routeKey"` + RawPath string `json:"rawPath"` + RawQueryString string `json:"rawQueryString"` + Cookies []string `json:"cookies"` + Headers map[string]string `json:"headers"` + QueryStringParameters map[string]string `json:"queryStringParameters"` + RequestContext APIGatewayV2HTTPRequestContext `json:"requestContext"` + PathParameters map[string]string `json:"pathParameters"` + StageVariables map[string]string `json:"stageVariables"` +} + // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response. // Deprecated. Code should be updated to use the Authorizer map from APIGatewayRequestIdentity. Ex: Authorizer["principalId"] type APIGatewayCustomAuthorizerContext struct { @@ -291,6 +335,12 @@ type APIGatewayV2CustomAuthorizerSimpleResponse struct { Context map[string]interface{} `json:"context,omitempty"` } +type APIGatewayV2CustomAuthorizerIAMPolicyResponse struct { + PrincipalID string `json:"principalId"` + PolicyDocument APIGatewayCustomAuthorizerPolicy `json:"policyDocument"` + Context map[string]interface{} `json:"context,omitempty"` +} + // APIGatewayCustomAuthorizerPolicy represents an IAM policy type APIGatewayCustomAuthorizerPolicy struct { Version string diff --git a/events/apigw_test.go b/events/apigw_test.go index 480253ae..8aa7d87e 100644 --- a/events/apigw_test.go +++ b/events/apigw_test.go @@ -434,3 +434,45 @@ func TestApiGatewayV2HTTPRequestNoAuthorizerMarshaling(t *testing.T) { assert.JSONEq(t, string(inputJSON), string(outputJSON)) } + +func TestApiGatewayV2CustomAuthorizerV1RequestMarshaling(t *testing.T) { + inputJSON, err := ioutil.ReadFile("./testdata/apigw-v2-custom-authorizer-v1-request.json") + if err != nil { + t.Errorf("could not open test file. details: %v", err) + } + + // de-serialize into Go object + var inputEvent APIGatewayV2CustomAuthorizerV1Request + if err := json.Unmarshal(inputJSON, &inputEvent); err != nil { + t.Errorf("could not unmarshal event. details: %v", err) + } + + // serialize to json + outputJSON, err := json.Marshal(inputEvent) + if err != nil { + t.Errorf("could not marshal event. details: %v", err) + } + + assert.JSONEq(t, string(inputJSON), string(outputJSON)) +} + +func TestApiGatewayV2CustomAuthorizerV2RequestMarshaling(t *testing.T) { + inputJSON, err := ioutil.ReadFile("./testdata/apigw-v2-custom-authorizer-v2-request.json") + if err != nil { + t.Errorf("could not open test file. details: %v", err) + } + + // de-serialize into Go object + var inputEvent APIGatewayV2CustomAuthorizerV2Request + if err := json.Unmarshal(inputJSON, &inputEvent); err != nil { + t.Errorf("could not unmarshal event. details: %v", err) + } + + // serialize to json + outputJSON, err := json.Marshal(inputEvent) + if err != nil { + t.Errorf("could not marshal event. details: %v", err) + } + + assert.JSONEq(t, string(inputJSON), string(outputJSON)) +} diff --git a/events/testdata/apigw-v2-custom-authorizer-v1-request.json b/events/testdata/apigw-v2-custom-authorizer-v1-request.json new file mode 100644 index 00000000..ddb9da1a --- /dev/null +++ b/events/testdata/apigw-v2-custom-authorizer-v1-request.json @@ -0,0 +1,51 @@ +{ + "version": "1.0", + "type": "REQUEST", + "methodArn": "arn:aws:execute-api:us-east-1:123456789012:abcdef123/test/GET/request", + "identitySource": "user1,123", + "authorizationToken": "user1,123", + "resource": "/request", + "path": "/request", + "httpMethod": "GET", + "headers": { + "X-AMZ-Date": "20170718T062915Z", + "Accept": "*/*", + "HeaderAuth1": "headerValue1", + "CloudFront-Viewer-Country": "US", + "CloudFront-Forwarded-Proto": "https", + "CloudFront-Is-Tablet-Viewer": "false", + "CloudFront-Is-Mobile-Viewer": "false", + "User-Agent": "..." + }, + "queryStringParameters": { + "QueryString1": "queryValue1" + }, + "pathParameters": {}, + "stageVariables": { + "StageVar1": "stageValue1" + }, + "requestContext": { + "path": "/request", + "accountId": "123456789012", + "resourceId": "05c7jb", + "stage": "test", + "requestId": "...", + "identity": { + "apiKey": "...", + "sourceIp": "...", + "clientCert": { + "clientCertPem": "CERT_CONTENT", + "subjectDN": "www.example.com", + "issuerDN": "Example issuer", + "serialNumber": "a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1", + "validity": { + "notBefore": "May 28 12:30:02 2019 GMT", + "notAfter": "Aug 5 09:36:04 2021 GMT" + } + } + }, + "resourcePath": "/request", + "httpMethod": "GET", + "apiId": "abcdef123" + } +} diff --git a/events/testdata/apigw-v2-custom-authorizer-v2-request.json b/events/testdata/apigw-v2-custom-authorizer-v2-request.json new file mode 100644 index 00000000..59166c8c --- /dev/null +++ b/events/testdata/apigw-v2-custom-authorizer-v2-request.json @@ -0,0 +1,51 @@ +{ + "version": "2.0", + "type": "REQUEST", + "routeArn": "arn:aws:execute-api:us-east-1:123456789012:abcdef123/test/GET/request", + "identitySource": ["user1", "123"], + "routeKey": "$default", + "rawPath": "/my/path", + "rawQueryString": "parameter1=value1¶meter1=value2¶meter2=value", + "cookies": ["cookie1", "cookie2"], + "headers": { + "Header1": "value1", + "Header2": "value2" + }, + "queryStringParameters": { + "parameter1": "value1,value2", + "parameter2": "value" + }, + "requestContext": { + "accountId": "123456789012", + "apiId": "api-id", + "authentication": { + "clientCert": { + "clientCertPem": "CERT_CONTENT", + "subjectDN": "www.example.com", + "issuerDN": "Example issuer", + "serialNumber": "a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1", + "validity": { + "notBefore": "May 28 12:30:02 2019 GMT", + "notAfter": "Aug 5 09:36:04 2021 GMT" + } + } + }, + "domainName": "id.execute-api.us-east-1.amazonaws.com", + "domainPrefix": "id", + "http": { + "method": "POST", + "path": "/my/path", + "protocol": "HTTP/1.1", + "sourceIp": "IP", + "userAgent": "agent" + }, + "requestId": "id", + "routeKey": "$default", + "stage": "$default", + "time": "12/Mar/2020:19:03:58 +0000", + "timeEpoch": 1583348638390 + }, + "pathParameters": { "parameter1": "value1" }, + "stageVariables": { "stageVariable1": "value1", "stageVariable2": "value2" } +} +