UNPKG

api-gateway-auth-policy

Version:

A policy generator for an api gateway authorizer

github.com/diogofcunha/api-gateway-auth-policy

diogofcunha/api-gateway-auth-policy

103 lines (102 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
export interface AwsConfig { /** * The API id * example xxxxxxxxxx * defaults to "*" */ apiId?: string; /** * The API AWS region * example eu-west-1 * defaults to "*" */ region?: string; /** * The stage for your api * example production * defaults to "*" */ stage?: string; } export declare type Condition = { [conditionOperator: string]: { [conditionKey: string]: string | string[]; }; }; export declare enum HttpVerb { GET = "GET", POST = "POST", PUT = "PUT", PATCH = "PATCH", HEAD = "HEAD", DELETE = "DELETE", OPTIONS = "OPTIONS", ALL = "*" } export declare enum Effect { Allow = "Allow", Deny = "Deny" } export interface Statement { Action: 'execute-api:Invoke'; Effect: Effect; Resource: string[]; Condition?: Condition; } export interface PolicyDocument { Version: string; Statement: Statement[]; } export declare type Context = { [prop: string]: string | boolean | number; }; export interface AuthResponse { principalId: string; policyDocument: PolicyDocument; context?: Context; } /** * A Policy generator for API Gateway authorizers. * * new ApiGatewayAuthPolicy('12345') * .allowMethod(HttpVerb.GET, '/media') * .allowMethod(HttpVerb.PATCH, '/media', { * IpAddress: { * 'aws:SourceIp': ['203.0.113.0/24', '2001:DB8:1234:5678::/64'], * }, * }) * .render('*'); */ export default class ApiGatewayAuthPolicy { private readonly _accountId; private readonly _apiVersion; private readonly _config; private readonly _methods; private _context; constructor(accountId: string, config?: AwsConfig); private getResourceArn; private addMethod; private getStatement; private getStatementsForEffect; /** * Adds an API Gateway method to the list of allowed * methods for the policy, can be used in chain */ allowMethod(verb: HttpVerb, resource: string, condition?: Condition | null): this; /** * Adds an API Gateway method to the list of denied * methods for the policy, can be used in chain */ denyMethod(verb: HttpVerb, resource: string, condition?: Condition | null): this; /** * Adds an context key value pair that will later be added into the auth response */ addValueToContext(key: string, value: string | number | boolean): this; /** * Renders a auth response based on the provided principal id and the lists of allowed and denied methods * This will generate a policy with two main statements for the effect: * One statement for Allow and one statement for Deny. * Methods that includes conditions will have their own statement in the policy. */ render(principalId: string): AuthResponse; }