Skip to content

/ examples

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Websocket authorzation handler - return something that isn't `500`? #557

Open
KATT opened this issue Sep 27, 2020 · 1 comment
Open

Websocket authorzation handler - return something that isn't `500`? #557

KATT opened this issue Sep 27, 2020 · 1 comment

Comments

@KATT
Copy link

@KATT KATT commented Sep 27, 2020

Question / help needed

I'm trying to get authorization working before connecting to websockets, which works, but I'm struggling to return an error message that isn't 500.

I've managed to make an auth handler, like so:

    connectHandler: {
      handler: 'handler.connectHandler',
      events: [
        {
          "websocket": {
            route: "$connect",
            authorizer: {
              name: "authHandler",
              identitySource: [
                // No identity source, leave it up to the handler
              ],
            },
          },
        },
      ],
      environment: {
        // ..
      },
    },

Any my authHandler:

export const authHandler = async (event, _context) => {
  console.log('🔑 Auth request received', event.requestContext)

  const token = event.headers.Authorization ?? event.queryStringParameters.Authorization;
  console.log('Token:', token)

  if (token !== 'secret') {
    return {
      statusCode: 401,
    }
  }

  return {
    "principalId": "user",
    "policyDocument": {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "execute-api:Invoke",
          "Effect": "Allow",
          "Resource": event.methodArn
        }
      ]
    }
  };
}

Questions:

  • what should I return in case of an error? Any request to my websocket-server that doesn't have the secret header/querystring returns 500 right now, and I'd prefer it to return a 4xx status code.

  • what is the correct type for the authorization handler? I'm using APIGatewayProxyHandler on the other fn handlers which gives me nice inline errors.

    How my other handlers look like, which gives me pleasant TypeScript-errors when I do something wrong ```ts

    export const connectHandler: APIGatewayProxyHandler = async (event, _context) => {
    const connectionId = event.requestContext.connectionId!

    console.log(' Adding connection ', connectionId)

    await client.query('INSERT INTO "public"."Connection"("id") VALUES($1) RETURNING *', [connectionId])
    return {
    statusCode: 200,
    body: '',
    };
    }

    </details>
@KATT
Copy link
Author

@KATT KATT commented Sep 27, 2020

I managed do get 4xx working by letting the user "slip through" the auth handler, which doesn't feel great, but it works --

If the connect-handler returns 401 it actually propagates to the connecting client

type AuthContext = {
  authorized: '0'; // this would be a `boolean`, but seems like AWS stringifies boolean values of the ctx
} | {
  authorized: '1';
  token: string;
}

export const connectHandler: APIGatewayProxyWithLambdaAuthorizerHandler<AuthContext> = async (event, _context) => {
  const connectionId = event.requestContext.connectionId!
  if (event.requestContext.authorizer.authorized !== '1') {
    return {
      statusCode: 401,
      body: ''
    }
  }

  console.log('➕ Adding connection ', connectionId)

  await client.query('INSERT INTO "public"."Connection"("id") VALUES($1) RETURNING *', [connectionId])
  return {
    statusCode: 200,
    body: '',
  };
}

export const authHandler: APIGatewayRequestAuthorizerWithContextHandler<AuthContext> = async (event, _context) => {
  console.log('🔑 Auth request received', event.requestContext)

  const token = event.headers.Authorization ?? event.queryStringParameters.Authorization;
  console.log('Token:', token)

  const result = {
    "principalId": "user",
    "policyDocument": {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "execute-api:Invoke",
          "Effect": "Allow",
          "Resource": '*'
        }
      ]
    }
  }
  if (token !== 'secret') {
    return {
      ...result,
      context: {
        authorized: '0',
      }
    };
  }

  return {
    ...result,
    context: {
      authorized: '1',
      token,
    }
  };
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@KATT
You can’t perform that action at this time.