fix authentication

Author: sebsto

Examples/quoteapi/Makefile

@@ -11,10 +11,10 @@ deploy:
 	sam deploy 
 
 logs:
-	sam logs --stack-name QuoteService --name QuoteService 
+	sam logs --stack-name QuoteService
 
 tail:
-	sam logs --stack-name QuoteService --name QuoteService --tail
+	sam logs --stack-name QuoteService --tail
 
 local:
 	swift run QuoteService
@@ -24,7 +24,7 @@ local-invoke:
 
 invoke: 
 ##	curl -v -H 'Authorization: 123' https://<REPLACE_WITH_YOUR_API_URI>/stocks/AAPL
-	curl -v -H 'Authorization: 123' https://xb6a6h6x33.execute-api.us-east-1.amazonaws.com/stocks/AAPL
+	curl -v -H 'Authorization: 123' https://lq2rria2n6.execute-api.us-east-1.amazonaws.com/stocks/AAPL
 
 ######################  No Change required below this line  ##########################
 

Examples/quoteapi/Sources/LambdaAuthorizer/main.swift

@@ -36,59 +36,64 @@ import AWSLambdaRuntime
 //
 // This code is shown for the example only and is not used in this demo.
 // This code doesn't perform any type of token validation. It should be used as a reference only.
-let policyAuthorizerHandler:
-    (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerPolicyResponse = {
-        (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+// let policyAuthorizerHandler:
+//     (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerPolicyResponse = {
+//         (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
 
-        context.logger.debug("+++ Policy Authorizer called +++")
+//         context.logger.debug("+++ Policy Authorizer called +++")
 
-        // typically, this function will check the validity of the incoming token received in the request
+//         // typically, this function will check the validity of the incoming token received in the request
 
-        // then it creates and returns a response
-        return APIGatewayLambdaAuthorizerPolicyResponse(
-            principalId: "John Appleseed",
+//         // then it creates and returns a response
+//         return APIGatewayLambdaAuthorizerPolicyResponse(
+//             principalId: "John Appleseed",
 
-            // this policy allows the caller to invoke any API Gateway endpoint
-            policyDocument: .init(statement: [
-                .init(
-                    action: "execute-api:Invoke",
-                    effect: .allow,
-                    resource: "*"
-                )
+//             // this policy allows the caller to invoke any API Gateway endpoint
+//             policyDocument: .init(statement: [
+//                 .init(
+//                     action: "execute-api:Invoke",
+//                     effect: .allow,
+//                     resource: "*"
+//                 )
 
-            ]),
+//             ]),
 
-            // this is additional context we want to return to the caller
-            context: [
-                "abc1": "xyz1",
-                "abc2": "xyz2",
-            ]
-        )
-    }
+//             // this is additional context we want to return to the caller
+//             context: [
+//                 "abc1": "xyz1",
+//                 "abc2": "xyz2",
+//             ]
+//         )
+//     }
 
 //
 // This is an example of a simple authorizer that always authorizes the request.
 // A simple authorizer returns a yes/no decision and optional context key-value pairs
 //
 // This code doesn't perform any type of token validation. It should be used as a reference only.
-// let simpleAuthorizerHandler:
-//     (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerSimpleResponse = {
-//         (_: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+let simpleAuthorizerHandler:
+    (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerSimpleResponse = {
+        (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
 
-//         context.logger.debug("+++ Simple Authorizer called +++")
+        context.logger.debug("+++ Simple Authorizer called +++")
 
-//         // typically, this function will check the validity of the incoming token received in the request
+        guard let authToken = request.headers["authorization"],
+            authToken == "123"
+        else {
+            context.logger.warning("Missing or invalid Authorization header")
+            return .init(isAuthorized: false, context: [:])
+        }
 
-//         return APIGatewayLambdaAuthorizerSimpleResponse(
-//             // this is the authorization decision: yes or no
-//             isAuthorized: true,
+        return APIGatewayLambdaAuthorizerSimpleResponse(
+            // this is the authorization decision: yes or no
+            isAuthorized: true,
 
-//             // this is additional context we want to return to the caller
-//             context: ["abc1": "xyz1"]
-//         )
-//     }
+            // this is additional context we want to return to the caller
+            context: ["abc1": "xyz1"]
+        )
+    }
 
 // create the runtime and start polling for new events.
 // in this demo we use the simple authorizer handler
-let runtime = LambdaRuntime(body: policyAuthorizerHandler)
+let runtime = LambdaRuntime(body: simpleAuthorizerHandler)
 try await runtime.run()

Examples/quoteapi/template.yml

@@ -8,7 +8,7 @@ Globals:
     CodeUri: .
     Handler: swift.bootstrap
     Runtime: provided.al2
-    MemorySize: 256
+    MemorySize: 128
     Architectures:
       - arm64
 
@@ -46,7 +46,7 @@ Resources:
           # by default, AWS Lambda runtime produces no log
           # use `LOG_LEVEL: debug` for for lifecycle and event handling information
           # use `LOG_LEVEL: trace` for detailed input event information
-          LOG_LEVEL: debug
+          LOG_LEVEL: trace
     Metadata:
       BuildMethod: makefile