Fix for Wrong struct for IoTCustomAuthorizerRequest aws#400

ynori7 · ynori7 · commit 604386144df0 · 2021-10-13T07:28:28.000+02:00
diff --git a/events/iot.go b/events/iot.go
@@ -2,11 +2,17 @@ package events
 
 // IoTCustomAuthorizerRequest contains data coming in to a custom IoT device gateway authorizer function.
 type IoTCustomAuthorizerRequest struct {
-	HTTPContext        *IoTHTTPContext `json:"httpContext,omitempty"`
-	MQTTContext        *IoTMQTTContext `json:"mqttContext,omitempty"`
-	TLSContext         *IoTTLSContext  `json:"tlsContext,omitempty"`
-	AuthorizationToken string          `json:"token"`
-	TokenSignature     string          `json:"tokenSignature"`
+	Token              string                          `json:"token"`
+	SignatureVerified  bool                            `json:"signatureVerified"` //whether the device gateway has validated the signature
+	Protocols          []string                        `json:"protocols"`         //can include "tls", "mqtt", or "http"
+	ProtocolData       IoTCustomAuthorizerProtocolData `json:"protocolData"`
+	ConnectionMetadata IoTCustomAuthorizerMetadata     `json:"connectionMetadata"`
+}
+
+type IoTCustomAuthorizerProtocolData struct {
+	HTTP *IoTHTTPContext `json:"http,omitempty"`
+	MQTT *IoTMQTTContext `json:"mqtt,omitempty"`
+	TLS  *IoTTLSContext  `json:"tls,omitempty"`
 }
 
 type IoTHTTPContext struct {
@@ -16,19 +22,23 @@ type IoTHTTPContext struct {
 
 type IoTMQTTContext struct {
 	ClientID string `json:"clientId"`
-	Password []byte `json:"password"`
+	Password string `json:"password"` //base64-encoded string
 	Username string `json:"username"`
 }
 
 type IoTTLSContext struct {
 	ServerName string `json:"serverName"`
 }
 
+type IoTCustomAuthorizerMetadata struct {
+	ID string `json:"id"` //UUID. The connection ID
+}
+
 // IoTCustomAuthorizerResponse represents the expected format of an IoT device gateway authorization response.
 type IoTCustomAuthorizerResponse struct {
-	IsAuthenticated          bool     `json:"isAuthenticated"`
-	PrincipalID              string   `json:"principalId"`
-	DisconnectAfterInSeconds int32    `json:"disconnectAfterInSeconds"`
-	RefreshAfterInSeconds    int32    `json:"refreshAfterInSeconds"`
-	PolicyDocuments          []string `json:"policyDocuments"`
+	IsAuthenticated          bool                               `json:"isAuthenticated"`
+	PrincipalID              string                             `json:"principalId"`
+	DisconnectAfterInSeconds int32                              `json:"disconnectAfterInSeconds"`
+	RefreshAfterInSeconds    int32                              `json:"refreshAfterInSeconds"`
+	PolicyDocuments          []APIGatewayCustomAuthorizerPolicy `json:"policyDocuments"`
 }
diff --git a/events/testdata/iot-custom-auth-request.json b/events/testdata/iot-custom-auth-request.json
@@ -1,18 +1,24 @@
 {
-  "httpContext": {
-    "headers": {
-      "Accept-Language" : "en"
+  "token": "someToken",
+  "signatureVerified": true,
+  "protocols": ["tls", "http", "mqtt"],
+  "protocolData": {
+    "http": {
+      "headers": {
+        "Accept-Language" : "en"
+      },
+      "queryString": "abc"
     },
-    "queryString": "abc"
-  },
-  "mqttContext": {
-    "clientId": "someclient",
-    "password": "aslkfjwoeiuwekrujwlrueowieurowieurowiuerwleuroiwueroiwueroiuweoriuweoriuwoeiruwoeiur",
-    "username": "thebestuser"
-  },
-  "tlsContext": {
-    "serverName": "server.stuff.com"
+    "mqtt": {
+      "clientId": "someclient",
+      "password": "aslkfjwoeiuwekrujwlrueowieurowieurowiuerwleuroiwueroiwueroiuweoriuweoriuwoeiruwoeiur",
+      "username": "thebestuser"
+    },
+    "tls": {
+      "serverName": "server.stuff.com"
+    }
   },
-  "token": "someToken",
-  "tokenSignature": "somelongtokensignature"
+  "connectionMetadata": {
+    "id": "123e4567-e89b-12d3-a456-426614174000"
+  }
 }
diff --git a/events/testdata/iot-custom-auth-response.json b/events/testdata/iot-custom-auth-response.json
@@ -1,9 +1,22 @@
 {
   "isAuthenticated":true,
-  "principalId": "xxxxxxxx",
-  "disconnectAfterInSeconds": 86400,
-  "refreshAfterInSeconds": 300,
-  "policyDocuments": [
-    "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Action\": [\"iot:Subscribe\"], \"Effect\": \"Allow\", \"Resource\": [\"*\"] } ] }"
+  "principalId":"xxxxxxxx",
+  "disconnectAfterInSeconds":86400,
+  "refreshAfterInSeconds":300,
+  "policyDocuments":[
+    {
+      "Version":"2012-10-17",
+      "Statement":[
+        {
+          "Action":[
+            "iot:Subscribe"
+          ],
+          "Effect":"Allow",
+          "Resource":[
+            "*"
+          ]
+        }
+      ]
+    }
   ]
 }
