Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: skip adding authorizer to event if no authorizer is configured #1786

Merged
merged 3 commits into from
May 19, 2024
Merged

fix: skip adding authorizer to event if no authorizer is configured #1786

merged 3 commits into from
May 19, 2024

Conversation

cnuss
Copy link
Contributor

@cnuss cnuss commented May 17, 2024

Description

AWS API Gateway does not include the event.requestContext.authorizer field if there is no authorizer configured for the function.

This PR deletes the event.requestContext.authorizer field if the function does not have an authorizer.

Motivation and Context

  • I'm doing serialization of API Gateway in Golang
    • It was failing because the authorizer payload didn't match what it expected
  • Upon further investigation, I found that serverless-offline was always setting event.requestContext.authorizer if a Bearer token comes through in the HTTP Authorization headers.
  • My solution is to simply remove event.requestContext.authorizer if the lambda function does not have an authorizer set.

How Has This Been Tested?

I've written tests and included them in this PR. Please let me know if you want me to kick the tires in any other ways!

@cnuss
Copy link
Contributor Author

cnuss commented May 17, 2024

Hi @DorianMazur i have another one for you to 👀 !

DorianMazur
DorianMazur reviewed May 17, 2024
View reviewed changes
src/events/http/HttpServer.js

if (!endpoint.authorizer) {
log.debug("no authorizer configured, deleting authorizer payload")
delete event.requestContext.authorizer
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will collide with customizations.offline?.customAuthenticationProvider, that's why tests are failing.

@cnuss @DorianMazur
Update src/events/http/HttpServer.js
37f16af 
Co-authored-by: Dorian <46839236+DorianMazur@users.noreply.github.com>
@cnuss
Copy link
Contributor Author

cnuss commented May 17, 2024

thank you! i ran a limited set of the tests locally until it worked so i must have missed customAuthenticationProvider

@DorianMazur DorianMazur changed the title dont add authorizor to event if no authorizer is configured fix: dont add authorizor to event if no authorizer is configured May 19, 2024
@DorianMazur DorianMazur changed the title fix: dont add authorizor to event if no authorizer is configured fix: skip adding authorizer to event if no authorizer is configured May 19, 2024
@DorianMazur DorianMazur merged commit 68f8f53 into dherault:master May 19, 2024
9 checks passed
cnuss added a commit to scaffoldly/serverless-offline that referenced this pull request May 19, 2024
@cnuss
Merge branch 'master' into feat/provided
128ba54 
* master:
  refactor: use provided log utils (dherault#1784)
  fix: skip adding authorizer to event if no authorizer is configured (dherault#1786)
  Update README.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DorianMazur DorianMazur DorianMazur left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cnuss @DorianMazur