feat: validate cloudfront request type (#4)

birme · web-flow · commit 4b24c47ca233 · 2025-03-17T15:18:02.000+01:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -32,6 +32,7 @@
     "@commitlint/config-conventional": "^17.4.2",
     "@osaas/client-core": "^0.15.1",
     "@osaas/client-web": "^0.5.1",
+    "@types/aws-lambda": "^8.10.147",
     "@types/cose-js": "^0.8.3",
     "@types/jest": "^29.5.14",
     "@typescript-eslint/eslint-plugin": "^5.51.0",
diff --git a/src/validators/http.test.ts b/src/validators/http.test.ts
@@ -188,4 +188,34 @@ describe('HTTP Request CAT Validator', () => {
     const result = await httpValidatorOptional.validateHttpRequest(request);
     expect(result.status).toBe(200);
   });
+
+  test('can handle request of CloudFront request type', async () => {
+    const httpValidator = new HttpValidator({
+      keys: [
+        {
+          kid: 'Symmetric256',
+          key: Buffer.from(
+            '403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1ec99192d79569388',
+            'hex'
+          )
+        }
+      ],
+      issuer: 'eyevinn'
+    });
+    const result = await httpValidator.validateCloudFrontRequest({
+      clientIp: 'dummy',
+      method: 'GET',
+      uri: '/index.html',
+      querystring: '',
+      headers: {
+        'cta-common-access-token': [
+          {
+            value:
+              '2D3RhEOhAQWhBFBha2FtYWlfa2V5X2hzMjU2U6MEGnUCOrsGGmfXRKwFGmfXRKxYIOM6yRx830uqAamWFv1amFYRa5vaV2z5lIQTqFEvFh8z'
+          }
+        ]
+      }
+    });
+    expect(result.status).toBe(200);
+  });
 });
diff --git a/src/validators/http.ts b/src/validators/http.ts
@@ -6,6 +6,7 @@ import {
   KeyNotFoundError,
   TokenExpiredError
 } from '../errors';
+import { CloudFrontRequest } from 'aws-lambda';
 
 interface HttpValidatorKey {
   kid: string;
@@ -65,6 +66,26 @@ export class HttpValidator {
     this.opts.tokenMandatory = opts.tokenMandatory ?? true;
   }
 
+  public async validateCloudFrontRequest(
+    cfRequest: CloudFrontRequest
+  ): Promise<HttpResponse> {
+    const requestLike: Pick<IncomingMessage, 'headers'> = {
+      headers: {}
+    };
+
+    if (cfRequest.headers) {
+      Object.entries(cfRequest.headers).forEach(([name, header]) => {
+        if (header && header.length > 0) {
+          requestLike.headers[name.toLowerCase()] = header
+            .map((h) => h.value)
+            .join(',');
+        }
+      });
+    }
+
+    return await this.validateHttpRequest(requestLike as IncomingMessage);
+  }
+
   public async validateHttpRequest(
     request: IncomingMessage
   ): Promise<HttpResponse> {
