我有一个最简单的 HTTP API 网关 lambda 授权器,理论上,它应该允许任何人访问受保护的资源。然而,它似乎并没有授权任何人。事实上,我什至无法获取任何 Cloudwatch 日志!
这是 CDK 代码(Typescript):
import * as cdk from 'aws-cdk-lib';
import * as apigwv2 from 'aws-cdk-lib/aws-apigatewayv2'
import * as lambda from 'aws-cdk-lib/aws-lambda'
import * as authorizers from 'aws-cdk-lib/aws-apigatewayv2-authorizers'
import * as integrations from 'aws-cdk-lib/aws-apigatewayv2-integrations'
export class ApigwCustomAuthLambdaStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const httpApi = new apigwv2.HttpApi(this, "HttpProxyApi", {
createDefaultStage: true,
})
const authFunction = new lambda.Function(this, 'BooksAuthorizer', {
runtime: lambda.Runtime.NODEJS_18_X,
code: lambda.Code.fromAsset("handlers/auth"),
handler: "auth.handler",
})
const booksAuthorizer = new authorizers.HttpLambdaAuthorizer('LambdaAuth', authFunction, {
responseTypes:[authorizers.HttpLambdaResponseType.SIMPLE]
})
const booksFunction = new lambda.Function(this, 'BooksFunction', {
runtime: lambda.Runtime.NODEJS_18_X,
code: lambda.Code.fromAsset("handlers/books"),
handler: "books.handler"
})
const booksIntegration = new integrations.HttpLambdaIntegration("LambdaIntegration", booksFunction)
httpApi.addRoutes({
integration: booksIntegration,
methods: [apigwv2.HttpMethod.GET],
path: "/books",
authorizer: booksAuthorizer
})
}
}
这是自定义授权者的 lambda 代码:
console.log('Loading function');
export handler = (event) => {
const response = {
"isAuthorized": true
}
return response;
};
有比我更了解这个主题的人请告诉我我做错了什么吗?我在这里拔头发。
我发现问题是由于未使用 .mjs 扩展名引起的,因为导出只能从 ES 模块完成,而不能从常规 .js 文件完成。
此外,我需要将授权标头添加到请求中。我使用curl -H 来做到这一点。