forked from svdgraaf/serverless-basic-authentication
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
121 lines (104 loc) · 4.38 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
const fs = require('fs');
const chalk = require('chalk');
const path = require('path');
module.exports = class SetupBasicAuthentication {
constructor(serverless, options) {
this.options = options;
this.serverless = serverless;
// add the basic authentication function to the functions as soon as possible
this.injectBasicAuthFunction(serverless);
this.hooks = {
'before:package:initialize': this.addAuthorizer.bind(this),
'after:package:createDeploymentArtifacts': this.removeAuthorizer.bind(this),
'before:deploy:deploy': this.configureApiGatewayKeySource.bind(this),
};
}
addAuthorizer() {
// add our custom authenticator
this.addAuthFileToPackage();
this.addAuthorizerFunctionToPrivateFunctions();
}
removeAuthorizer() {
this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Removing Symlink for Basic Authenticator')}`);
fs.unlinkSync(path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`));
}
addAuthFileToPackage() {
if (!this.serverless.package) {
this.serverless.package = {};
}
if (!this.serverless.package.include) {
this.serverless.package.include = [];
}
this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding Symlink for Basic Authenticator')}`);
// @TODO: Make target filename randomized with something, to prevent overriding
// any files
// append our basic_auth.py file to the package
this.serverless.package.include.push(path.normalize(`${__dirname}/basic_auth.py`));
try {
fs.symlinkSync(
path.normalize(`${__dirname}/basic_auth.py`),
path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`)
);
} catch (error) {
if (error.errno === -4048 && error.code === 'EPERM') {
fs.copyFileSync(
path.normalize(`${__dirname}/basic_auth.py`),
path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`)
);
} else {
throw error;
}
}
}
injectBasicAuthFunction() {
this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding function for Basic Authenticator')}`);
const basicAuthenticator = {
handler: 'basic_auth.basicAuth',
runtime: 'python3.6',
};
// add the basic authenticator function
this.serverless.service.functions.basicAuthenticator = basicAuthenticator;
}
addAuthorizerFunctionToPrivateFunctions() {
// for each function which is marked as 'private', set the basic authenticator
// if it doesn't have a custom authenticator yet
Object.keys(this.serverless.service.functions).forEach((functionName) => {
// ignore our own function
if (functionName === 'basicAuthenticator') {
return;
}
// get all function configs
const fnctn = this.serverless.service.functions[functionName];
// check if any of the http events is marked as private, and if that event
// also doesn't have a custom authorizer already, apply our authenticator
Object.keys(fnctn.events).forEach((fnctnEvent) => {
// if http doesn't exist, skip
if (!('http' in this.serverless.service.functions[functionName].events[fnctnEvent])) {
return;
}
if (
this.serverless.service.functions[functionName].events[fnctnEvent].http != null
&& this.serverless.service.functions[functionName].events[fnctnEvent].http.private === true
&& this.serverless.service.functions[functionName].events[fnctnEvent].http.authorizer == null
) {
this.serverless.service.functions[functionName].events[fnctnEvent].http.authorizer = {
name: 'basicAuthenticator',
identitySource: '', // this is only valid if we set cache ttl to 0
resultTtlInSeconds: 0,
type: 'REQUEST',
};
this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow(`Enabled for ${functionName}`)}`);
}
});
});
}
configureApiGatewayKeySource() {
const template = this.serverless.service.provider.compiledCloudFormationTemplate;
if (template.Resources.ApiGatewayRestApi != null) {
this.serverless.cli.consoleLog(
`Basic Authentication: ${chalk.yellow('Configuring Api Gateway for Basic Authenticator')}`,
);
template.Resources.ApiGatewayRestApi.Properties.ApiKeySourceType = 'AUTHORIZER';
}
}
};