我正在使用 AWS Lambda 授权 GraphQL 查询,我想使用授权令牌从 Cognito 获取客户端信息,并使用用户属性中的 sub 来检查用户是否在我的记录表中购买了手机,但每次我调用该方法时,它都会返回“未经授权:未授权访问类型查询上的 getPhone”。
架构:
type Phone
@model
@auth(rules: [{ allow: owner }, { allow: custom, operations: [read] }]) {
id: ID!
title: String!
description: AWSJSON!
rating: Float
}
AWS Lambda:
exports.handler = async (event) => {
console.log(`EVENT: ${JSON.stringify(event)}`);
const {
authorizationToken,
requestContext: { variables },
} = event;
try {
const cognitoClient = new CognitoIdentityProviderClient({});
const cognitoInput = {
AccessToken: authorizationToken,
};
const cognitoCommand = new GetUserCommand(cognitoInput);
const user = await cognitoClient.send(cognitoCommand);
const userId = user.UserAttributes.find((x) => x.Name == "sub").Value;
const dynamoClient = new DynamoDBClient({});
const dynamoInput = {
Key: {
id: {
S: userId,
},
},
TableName: "RecordTable",
};
const dynamoCommand = new GetItemCommand(dynamoInput);
const response = await dynamoClient.send(dynamoCommand);
const purchasedPhones = response.Item.purchasedPhones.L.map((x) => x.S);
return {
isAuthorized:
purchasedPhones.filter((x) => x == variables.id).length > 0,
resolverContext: {
userid: userId,
info: requestContext,
more_info: response,
},
ttlOverride: 300,
};
} catch (error) {
return error;
}
};
GraphQL方法:
const phone = await client.graphql<GraphQLQuery<GetPhoneQuery>>({
query: getPhone,
authMode: "lambda",
authToken: "xxxxxxx...xxx",
variables: {
id,
},
});
我不太确定我在这里错过了什么。
我认为你遗漏了一些要点。您似乎正在尝试使用 AWS AppSync 和 AWS Lambda 为手机型号实现授权逻辑。
检查 IAM 角色和权限
验证授权令牌
调试和 DynamoDB 交互
错误处理
GraphQL 查询执行
我希望这有帮助;)