serverless-api-gateway-auth-plugin/index.js at master · myevari/serverless-api-gateway-auth-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
'use strict';


/**
 * Adds the posibility to configure AWS_IAM for your API Gateway endpoints
 * and "Invoke with caller credentials"
 *
 * Usage:
 *
 *   myFuncGetItem:
 *     handler: myFunc.get
 *     name: ${self:provider.stage}-myFunc-get-item
 *     memorySize: 128
 *     events:
 *       - http:
 *           method: GET
 *           path: mypath
 *           cors: true
 *           useIAMAuth: true
 *           invokeWithCallerCredentials: true
 */
class ServerlessApiGatewayAuthPlugin {
  constructor(serverless, options) {
    this.serverless = serverless;
    this.options = options;

    this.hooks = {
      'deploy:compileEvents': this.compileEvents.bind(this)
    };
  }

  /**
   *
   * @param {string} path
   */
  _capitalizeAlphaNumericPath(path) {
    path = path.toLowerCase();
    const firstCharIndex = (path.match(/[a-z]/i) || { index: -1 }).index
    if (firstCharIndex !== -1) {
      path = path.substr(0, firstCharIndex) +
        path.charAt(firstCharIndex).toUpperCase() +
        path.substr(firstCharIndex + 1)
    }
    return path.replace(/-/g, 'Dash')
      .replace(/\{(.*)\}/g, '$1Var')
      .replace(/[^0-9A-Za-z]/g, '');
  }

  compileEvents() {
    const tmp = this.serverless.service.provider.compiledCloudFormationTemplate;
    const resources = tmp.Resources;

    this.serverless.service.getAllFunctions().forEach((functionName) => {
      const functionObject = this.serverless.service.functions[functionName];

      functionObject.events.forEach(event => {
        if (!event.http) { return; }
        if (event.http.useIAMAuth || event.http.invokeWithCallerCredentials) {
          let path;
          let method;

          if (typeof event.http === 'object') {
            path = event.http.path;
            method = event.http.method;
          } else if (typeof event.http === 'string') {
            path = event.http.split(' ')[1];
            method = event.http.split(' ')[0];
          }

          const resourcesArray = path.split('/');
          // resource name is the last element in the endpoint. It's not unique.
          const resourceName = path.split('/')[path.split('/').length - 1];
          const normalizedResourceName = resourcesArray.map(this._capitalizeAlphaNumericPath).join('');
          const normalizedMethod = method[0].toUpperCase() + method.substr(1).toLowerCase();
          // const resourceLogicalId = `ApiGatewayResource${normalizedResourceName}`;
          const methodName = `ApiGatewayMethod${normalizedResourceName}${normalizedMethod}`;

          if (event.http.useIAMAuth) {
            resources[methodName].Properties.AuthorizationType = 'AWS_IAM';
          }

          if (event.http.invokeWithCallerCredentials) {
            resources[methodName].Properties.Integration.Credentials = 'arn:aws:iam::*:user/*';
          }
        }
      });
    });
  }
}

module.exports = ServerlessApiGatewayAuthPlugin;