@bitblit/ratchet-epsilon-common/lib/http/auth/api-gateway-adapter-authentication-handler.js

Tiny adapter to simplify building API gateway Lambda APIS

import { Logger } from '@bitblit/ratchet-common/logger/logger';
import { LocalWebTokenManipulator } from './local-web-token-manipulator.js';
import { EpsilonConstants } from '../../epsilon-constants.js';
export class ApiGatewayAdapterAuthenticationHandler {
    webTokenManipulator;
    constructor(issuer, encryptionKeys) {
        this.webTokenManipulator = new LocalWebTokenManipulator([encryptionKeys], issuer);
    }
    lambdaHandler(event, context, callback) {
        Logger.info('Got event : %j', event);
        const srcString = ApiGatewayAdapterAuthenticationHandler.extractTokenStringFromAuthorizerEvent(event);
        if (srcString) {
            const methodArn = event.methodArn;
            this.webTokenManipulator
                .parseAndValidateJWTStringAsync(srcString)
                .then((parsed) => {
                if (parsed) {
                    callback(null, this.createPolicy(methodArn, srcString, parsed));
                }
                else {
                    Logger.info('Invalid bearer token');
                    callback(new Error('Unauthorized'));
                }
            })
                .catch((err) => {
                Logger.error('Exception parsing token : %s', err);
                callback(new Error('Unauthorized'));
            });
        }
        else {
            Logger.info('Token not supplied');
            callback(new Error('Unauthorized'));
        }
    }
    createPolicy(methodArn, srcString, userOb) {
        const tmp = methodArn.split(':');
        const apiGatewayArnTmp = tmp[5].split('/');
        const awsAccountId = tmp[4];
        const region = tmp[3];
        const stage = apiGatewayArnTmp[1];
        const restApiId = apiGatewayArnTmp[0];
        const response = {
            principalId: 'user',
            policyDocument: {
                Version: '2012-10-17',
                Statement: [
                    {
                        Action: 'execute-api:Invoke',
                        Effect: 'Allow',
                        Resource: ['arn:aws:execute-api:' + region + ':' + awsAccountId + ':' + restApiId + '/' + stage + '/*/*'],
                    },
                ],
            },
            context: {
                userJSON: JSON.stringify(userOb),
                srcData: srcString,
            },
        };
        return response;
    }
    static extractTokenStringFromAuthorizerEvent(event) {
        Logger.silly('Extracting token from event : %j', event);
        let rval = null;
        if (event && event.authorizationToken) {
            const token = event.authorizationToken;
            if (token && token.startsWith(EpsilonConstants.AUTH_HEADER_PREFIX)) {
                rval = token.substring(EpsilonConstants.AUTH_HEADER_PREFIX.length);
            }
        }
        return rval;
    }
}
//# sourceMappingURL=api-gateway-adapter-authentication-handler.js.map