Attempt to get basic auth working

symroe · symroe · commit 65e03760fd95 · 2026-01-30T11:43:53.000Z
diff --git a/postcode_lookup/lambda_basic_auth.py b/postcode_lookup/lambda_basic_auth.py
@@ -25,7 +25,7 @@ def lambda_handler(event, context):
         return _allow("basic-auth")
 
     print("Not authed, raising")
-    raise Exception("Unauthorized")
+    return {"principalId": "anonymous", "policyDocument": {"Version": "2012-10-17", "Statement": [{"Action": "execute-api:Invoke", "Effect": "Deny", "Resource": "*"}]}}
 
 
 def _ip_in_allowlist(client_ip: str) -> bool:
diff --git a/template.yaml b/template.yaml
@@ -135,6 +135,16 @@ Resources:
       RestApiId: !Ref ECPostcodeLookupFunctionApiGateway
       StatusCode: '401'
 
+
+  AccessDeniedGatewayResponse:
+    Condition: UseBasicAuth
+    Type: AWS::ApiGateway::GatewayResponse
+    Properties:
+      ResponseParameters:
+        gatewayresponse.header.www-authenticate: "'Basic realm=\"Restricted\"'"
+      ResponseType: ACCESS_DENIED
+      RestApiId: !Ref ECPostcodeLookupFunctionApiGateway
+      StatusCode: '401'
   BasicAuthFunction:
     Type: AWS::Serverless::Function
     Metadata:
