Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 | 4x 4x 4x 4x 4x 4x 1x 4x 4x 4x 4x 4x 3x 1x | import {
APIGatewayAuthorizerResult,
APIGatewayTokenAuthorizerEvent,
APIGatewayTokenAuthorizerHandler,
PolicyDocument,
} from "aws-lambda";
import { authorizeExternalAccessToken } from "./external-auth";
function extractBearerToken(authorizationHeader?: string): string | null {
Iif (!authorizationHeader) {
return null;
}
const match = authorizationHeader.match(/^Bearer\s+(.+)$/i);
Iif (!match) {
return null;
}
return match[1].trim();
}
function generatePolicy(
effect: "Allow" | "Deny",
event: APIGatewayTokenAuthorizerEvent,
principalId: string,
context?: Record<string, string>,
): APIGatewayAuthorizerResult {
const policyDocument: PolicyDocument = {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: effect,
Resource: event.methodArn,
},
],
};
return {
principalId,
policyDocument,
...(context && { context }),
};
}
export const handler: APIGatewayTokenAuthorizerHandler = async (
event,
): Promise<APIGatewayAuthorizerResult> => {
const token = extractBearerToken(event.authorizationToken);
Iif (!token) {
return generatePolicy("Deny", event, "");
}
try {
const authorizationResult = await authorizeExternalAccessToken(token);
if (!authorizationResult) {
return generatePolicy("Deny", event, "");
}
return generatePolicy("Allow", event, authorizationResult.client.clientId, {
clientId: authorizationResult.client.clientId,
grants: authorizationResult.client.grants.join(","),
isOAuthClient: "true",
});
} catch {
return generatePolicy("Deny", event, "");
}
};
|