Unable to use APIGatewayV2Request with Lambda authorizer #39
Comments
|
@GeorgePreece funny timing, I just realized it doesn't support Can you share here the raw JSON inside I can make a second PR now that I have a dev setup in place |
|
Here is the doc for Lambda Authorizers payload I guess we would need to add support for whatever is inside the but I'm not sure it always pass a certificate. The |
amazing! thank you @sebsto :)
absolutely! here's an example: |
|
Thank you @GeorgePreece |
yep, that's right |
|
@GeorgePreece can you test the code change on this branch ? If it works, I'll send the PR to the main project. There is a new struct to support the authorizer's response: |
hey @sebsto, I'm unable to initialise the struct I believe because it's conforming to Decodable rather than Encodable {
"version": "2.0",
"type": "REQUEST",
"routeArn": "arn:aws:execute-api:eu-north-1:000000000000:0000000000/dev/GET/applications",
"identitySource": [
"abc.xyz.123"
],
"routeKey": "GET /applications",
"rawPath": "/dev/applications",
"rawQueryString": "",
"headers": {
"accept": "*/*",
"authorization": "abc.xyz.123",
"content-length": "0",
"host": "0000000000.execute-api.eu-north-1.amazonaws.com",
"user-agent": "curl/8.1.2",
"x-amzn-trace-id": "Root=1-00000000-000000000000000000000000",
"x-forwarded-for": "0.0.0.0",
"x-forwarded-port": "443",
"x-forwarded-proto": "https"
},
"requestContext": {
"accountId": "000000000000",
"apiId": "0000000000",
"domainName": "0000000000.execute-api.eu-north-1.amazonaws.com",
"domainPrefix": "0000000000",
"http": {
"method": "GET",
"path": "/dev/applications",
"protocol": "HTTP/1.1",
"sourceIp": "0.0.0.0",
"userAgent": "curl/8.1.2"
},
"requestId": "QHACgr8sig0MELg=",
"routeKey": "GET /applications",
"stage": "dev",
"time": "15/Dec/2023:20:35:03 +0000",
"timeEpoch": 1702672503230
}
} |
|
of course, silly me. In addition to APIGatewayV2Request to support
Same branch : https://github.com/sebsto/swift-aws-lambda-events/tree/sebsto/lambda_authorizers |
thanks! deserialisation is now working for both the request objects :) only ask here is, would you be able to expose |
|
Apologies for the delayed response. I built my own Lambda Authorizer lambda function in Swift to actually test these changes myself instead of asking you to test them. Here are the new structs
Here is a sample simple authorizer : @main
struct MySimpleLambda: SimpleLambdaHandler {
func handle(_: APIGatewayLambdaAuthorizerRequest,
context _: LambdaContext) async throws
-> APIGatewayLambdaAuthorizerSimpleResponse
{
return APIGatewayLambdaAuthorizerSimpleResponse(
isAuthorized: true,
context: ["abc1": "xyz1"]
)
}
}Here is an IAM policy authorizers : @main
struct MyPolicyLambda: SimpleLambdaHandler {
func handle(_: APIGatewayLambdaAuthorizerRequest,
context _: LambdaContext) async throws
-> APIGatewayLambdaAuthorizerPolicyResponse
{
let resp = APIGatewayLambdaAuthorizerPolicyResponse(
principalId: "John Appleseed",
policyDocument: .init(statement: [
.init(action: "execute-api:Invoke",
effect: .allow,
resource: "*"),
]),
context: [
"abc1": "xyz1",
"abc2": "xyz2",
]
)
return resp
}
}Here is how I attach a Lambda authorizer to another Lambda function (I use SAM) AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: SAM Template for QuoteService
Globals:
Function:
Timeout: 60
CodeUri: .
Handler: swift.bootstrap
Runtime: provided.al2
MemorySize: 512
Architectures:
- arm64
Resources:
# Lambda function
QuoteService:
Type: AWS::Serverless::Function
Properties:
Events:
# pass through all HTTP verbs and paths
Api:
Type: HttpApi
Properties:
ApiId: !Ref MyProtectedApi
Path: /{proxy+}
Method: ANY
Auth:
Authorizer: MyLambdaAuthorizer
Metadata:
BuildMethod: makefile
MyProtectedApi:
Type: AWS::Serverless::HttpApi
Properties:
Auth:
DefaultAuthorizer: MyLambdaAuthorizer
Authorizers:
MyLambdaAuthorizer:
AuthorizerPayloadFormatVersion: 2.0
EnableFunctionDefaultPermissions: true
EnableSimpleResponses: true
FunctionArn: arn:aws:lambda:us-east-1:012345678912:function:LambdaAuthorizer
Identity:
Headers:
- Authorization
# print API endpoint
Outputs:
SwiftAPIEndpoint:
Description: "API Gateway endpoint URL for your application"
Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com" |
no problem, works like a charm! thank you 🥳 |
|
Thank you @GeorgePreece for the review. |
Expected behavior
Ability to process context from a Lambda authorizer in APIGatewayV2Request
Actual behavior
Fails trying to deserialize
jwtfrom the Authorizer struct which isn't present for Lambda authorizers, from CloudWatch logs:Also, would be nice to have structs for Lambda authorizer payloads
Steps to reproduce
If possible, minimal yet complete reproducer code (or URL to code)
Looks like
swift-aws-lambda-events/Sources/AWSLambdaEvents/APIGateway+V2.swift
Line 35 in 3ac078f
SwiftAWSLambdaRuntime version/commit hash
3ac078f4d8fe6d9ae8dd05b680a284a423e1578dSwift & OS version (output of
swift --version && uname -a)swift-driver version: 1.87.1 Apple Swift version 5.9 (swiftlang-5.9.0.128.108 clang-1500.0.40.1)
Target: arm64-apple-macosx14.0
Darwin 192.168.1.121 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:24 PDT 2023; root:xnu-10002.41.9~6/RELEASE_ARM64_T6000 arm64
The text was updated successfully, but these errors were encountered: