Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to specify authorization type on a per-route basis. #74

Merged
merged 1 commit into from Nov 21, 2018
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -34,6 +34,17 @@ You can check the routes on the API Gateway console:

![](/img/quick-start/demo-api-gateway.png)

##Authorization
By default, each route specified will not require any authorization in order to call it.
You can choose to enable authorization on a per-route basis:
```ruby
Jets.application.routes.draw do
get "posts", to: "posts#index", authorization_type: "AWS_IAM"
end
```
This will require a caller to authenticate using IAM before being able to access the endpoint.
The complete list of authorization types is available in the [AWS API Gateway docs](https://docs.aws.amazon.com/apigateway/api-reference/resource/method/#authorizationType).

## jets routes

You can also check the routes with the `jets routes` cli command. Here's an example:
@@ -10,7 +10,7 @@ def definition
properties: {
resource_id: "!Ref #{resource_id}",
rest_api_id: "!Ref RestApi",
authorization_type: "NONE",
authorization_type: authorization_type,
http_method: "OPTIONS",
method_responses: [{
status_code: '200',
@@ -21,7 +21,7 @@ def definition
rest_api_id: "!Ref RestApi",
http_method: @route.method,
request_parameters: {},
authorization_type: "NONE",
authorization_type: authorization_type,
integration: {
integration_http_method: "POST",
type: "AWS_PROXY",
@@ -64,6 +64,11 @@ def cors
memoize :cors

private

def authorization_type
@route.authorization_type || "NONE"
end

def resource_id
@route.path == '' ?
"RootResourceId" :
@@ -120,6 +120,10 @@ def extract_parameters_capture(actual_path)
{ key => value }
end

def authorization_type
@options[:authorization_type]
end

private
def ensure_jets_format(path)
path.split('/').map do |s|
@@ -13,6 +13,19 @@
expect(properties["ResourceId"]).to eq "!Ref PostsApiResource"
expect(properties["HttpMethod"]).to eq "OPTIONS"
end

it 'defaults to no authorization' do
expect(resource.properties["AuthorizationType"]).to eq 'NONE'
end
end

context "authorization" do
let(:route) do
Jets::Route.new(path: "posts", method: :get, to: "posts#index", authorization_type: 'AWS_IAM')
end
it "can specify an authorization type" do
expect(resource.properties["AuthorizationType"]).to eq 'AWS_IAM'
end
end
end

@@ -6,13 +6,26 @@
Jets::Route.new(path: "posts", method: :get, to: "posts#index")
end
it "resource" do
expect(resource.logical_id).to eq "PostsGetApiMethod"
expect(resource.logical_id).to eq "PostsIndexApiMethod"
properties = resource.properties
# pp properties # uncomment to debug
expect(properties["RestApiId"]).to eq "!Ref RestApi"
expect(properties["ResourceId"]).to eq "!Ref PostsApiResource"
expect(properties["HttpMethod"]).to eq "GET"
end

it 'defaults to no authorization' do
expect(resource.properties["AuthorizationType"]).to eq 'NONE'
end
end

context "authorization" do
let(:route) do
Jets::Route.new(path: "posts", method: :get, to: "posts#index", authorization_type: 'AWS_IAM')
end
it "can specify an authorization type" do
expect(resource.properties["AuthorizationType"]).to eq 'AWS_IAM'
end
end
end

@@ -129,4 +129,18 @@
expect(jets_format).to eq "others/*proxy"
end
end

context "route with authorization controls" do
let(:route) do
Jets::Route.new(path: "posts", method: :get, to: "posts#index", authorization_type: 'AWS_IAM')
end

it 'authorization can be specified' do
expect(route.authorization_type).to eq 'AWS_IAM'
end

it 'authorization can be nil' do
expect(Jets::Route.new(path: "posts", method: :get, to: "posts#index").authorization_type).to be_nil
end
end
end
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.