Add Lambda Authorizer to the example

Author: sebsto

Examples/quoteapi/Makefile

@@ -1,6 +1,7 @@
 ### Add functions here and link them to builder-bot format MUST BE "build-FunctionResourceName in template.yaml"
 
 build-QuoteService: builder-bot
+build-LambdaAuthorizer: builder-bot
 
 # Helper commands
 build:
@@ -16,10 +17,14 @@ tail:
 	sam logs --stack-name QuoteService --name QuoteService --tail
 
 local:
-	LOCAL_LAMBDA_SERVER_ENABLED=true swift run QuoteService
+	swift run QuoteService
+
+local-invoke:
+	curl -v -H 'Authorization: 123' -X POST --data @events/GetQuote.json http://127.0.0.1:7000/invoke
 
 invoke: 
-	curl -v -H 'Authorization: 123' https://k3lbszo7x6.execute-api.us-east-1.amazonaws.com/stocks/AAPL
+##	curl -v -H 'Authorization: 123' https://<REPLACE_WITH_YOUR_API_URI>/stocks/AAPL
+	curl -v -H 'Authorization: 123' https://xb6a6h6x33.execute-api.us-east-1.amazonaws.com/stocks/AAPL
 
 ######################  No Change required below this line  ##########################
 

Examples/quoteapi/Package.swift

@@ -16,7 +16,6 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-openapi-runtime.git", from: "1.8.2"),
         .package(url: "https://github.com/swift-server/swift-aws-lambda-runtime.git", from: "2.0.0-beta.1"),
         .package(url: "https://github.com/swift-server/swift-aws-lambda-events.git", from: "1.2.0"),
-        // .package(url: "https://github.com/apple/swift-docc-plugin", from: "1.4.0"),
         // .package(url: "https://github.com/swift-server/swift-openapi-lambda.git", from: "0.3.0"),
         .package(name: "swift-openapi-lambda", path: "../.."),
     ],
@@ -29,7 +28,7 @@ let package = Package(
                 .product(name: "AWSLambdaEvents", package: "swift-aws-lambda-events"),
                 .product(name: "OpenAPILambda", package: "swift-openapi-lambda"),
             ],
-            path: "Sources",
+            path: "Sources/QuoteAPI",
             resources: [
                 .copy("openapi.yaml"),
                 .copy("openapi-generator-config.yaml"),
@@ -40,6 +39,14 @@ let package = Package(
                     package: "swift-openapi-generator"
                 )
             ]
-        )
+        ),
+        .executableTarget(
+            name: "LambdaAuthorizer",
+            dependencies: [
+                .product(name: "AWSLambdaRuntime", package: "swift-aws-lambda-runtime"),
+                .product(name: "AWSLambdaEvents", package: "swift-aws-lambda-events"),
+            ],
+            path: "Sources/LambdaAuthorizer",
+        ),
     ]
 )

Examples/quoteapi/Sources/LambdaAuthorizer/main.swift

@@ -0,0 +1,79 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftAWSLambdaRuntime open source project
+//
+// Copyright (c) 2024 Apple Inc. and the SwiftAWSLambdaRuntime project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of SwiftAWSLambdaRuntime project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import AWSLambdaEvents
+import AWSLambdaRuntime
+
+//
+// This is an example of a policy authorizer that always authorizes the request.
+// The policy authorizer returns an IAM policy document that defines what the Lambda function caller can do and optional context key-value pairs
+//
+// This code is shown for the example only and is not used in this demo.
+// This code doesn't perform any type of token validation. It should be used as a reference only.
+let policyAuthorizerHandler:
+    (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerPolicyResponse = {
+        (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+
+        context.logger.debug("+++ Policy Authorizer called +++")
+
+        // typically, this function will check the validity of the incoming token received in the request
+
+        // then it creates and returns a response
+        return APIGatewayLambdaAuthorizerPolicyResponse(
+            principalId: "John Appleseed",
+
+            // this policy allows the caller to invoke any API Gateway endpoint
+            policyDocument: .init(statement: [
+                .init(
+                    action: "execute-api:Invoke",
+                    effect: .allow,
+                    resource: "*"
+                )
+
+            ]),
+
+            // this is additional context we want to return to the caller
+            context: [
+                "abc1": "xyz1",
+                "abc2": "xyz2",
+            ]
+        )
+    }
+
+//
+// This is an example of a simple authorizer that always authorizes the request.
+// A simple authorizer returns a yes/no decision and optional context key-value pairs
+//
+// This code doesn't perform any type of token validation. It should be used as a reference only.
+// let simpleAuthorizerHandler:
+//     (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerSimpleResponse = {
+//         (_: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+
+//         context.logger.debug("+++ Simple Authorizer called +++")
+
+//         // typically, this function will check the validity of the incoming token received in the request
+
+//         return APIGatewayLambdaAuthorizerSimpleResponse(
+//             // this is the authorization decision: yes or no
+//             isAuthorized: true,
+
+//             // this is additional context we want to return to the caller
+//             context: ["abc1": "xyz1"]
+//         )
+//     }
+
+// create the runtime and start polling for new events.
+// in this demo we use the simple authorizer handler
+let runtime = LambdaRuntime(body: policyAuthorizerHandler)
+try await runtime.run()

Examples/quoteapi/Sources/QuoteService.swift renamed to Examples/quoteapi/Sources/QuoteAPI/QuoteService.swift

@@ -27,11 +27,10 @@ struct QuoteServiceImpl: APIProtocol, OpenAPILambdaHttpApi {
     }
 
     static func main() async throws {
-        let logger = Logger(label: "OpenAPILambda")
         let lambda = try OpenAPILambdaHandler<QuoteServiceImpl>()
 
         // Instantiate LambdaRuntime with a handler implementing the business logic of the Lambda function
-        let lambdaRuntime = LambdaRuntime(logger: logger, body: lambda.handler)
+        let lambdaRuntime = LambdaRuntime(body: lambda.handler)
         try await lambdaRuntime.run()
     }
 

Examples/quoteapi/Sources/openapi-generator-config.yaml renamed to Examples/quoteapi/Sources/QuoteAPI/openapi-generator-config.yaml

@@ -8,12 +8,12 @@ Globals:
     CodeUri: .
     Handler: swift.bootstrap
     Runtime: provided.al2
-    MemorySize: 512
+    MemorySize: 256
     Architectures:
       - arm64
 
 Resources:
-  # Lambda function
+  # QuoteService Lambda function
   QuoteService:
     Type: AWS::Serverless::Function
     Properties:
@@ -32,30 +32,50 @@ Resources:
             ApiId: !Ref MyProtectedApi
             Path: /{proxy+}
             Method: ANY
-            Auth:
-              Authorizer: MyLambdaAuthorizer
 
     Metadata:
       BuildMethod: makefile
 
+  # Lambda authorizer function
+  LambdaAuthorizer:
+    Type: AWS::Serverless::Function
+    Properties:
+      Timeout: 29  # max 29 seconds for Lambda authorizers
+      Environment:
+        Variables:
+          # by default, AWS Lambda runtime produces no log
+          # use `LOG_LEVEL: debug` for for lifecycle and event handling information
+          # use `LOG_LEVEL: trace` for detailed input event information
+          LOG_LEVEL: debug
+    Metadata:
+      BuildMethod: makefile
+
+  # The API Gateway
   MyProtectedApi:
     Type: AWS::Serverless::HttpApi
     Properties:
       Auth:
         DefaultAuthorizer: MyLambdaAuthorizer
         Authorizers:
           MyLambdaAuthorizer:
-            AuthorizerPayloadFormatVersion: 2.0
-            EnableFunctionDefaultPermissions: true
-            EnableSimpleResponses: true
-            FunctionArn: arn:aws:lambda:us-east-1:486652066693:function:LambdaAuthorizer-LambdaAuthorizer-TSH4AsHiqICi
+            FunctionArn: !GetAtt LambdaAuthorizer.Arn
             Identity:
               Headers:
-                - Authorization 
+                - Authorization
+            AuthorizerPayloadFormatVersion: "2.0"
+            EnableSimpleResponses: true
+
+  # Give the API Gateway permissions to invoke the Lambda authorizer
+  AuthorizerPermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      Action: lambda:InvokeFunction
+      FunctionName: !Ref LambdaAuthorizer
+      Principal: apigateway.amazonaws.com
+      SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyProtectedApi}/*
 
 # print API endpoint
 Outputs:
   SwiftAPIEndpoint:
     Description: "API Gateway endpoint URL for your application"
     Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com"
-    # Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com"

Examples/quoteapi/Sources/openapi.yaml renamed to Examples/quoteapi/Sources/QuoteAPI/openapi.yaml

@@ -11,7 +11,6 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-openapi-runtime.git", from: "1.8.2"),
         .package(url: "https://github.com/swift-server/swift-aws-lambda-runtime.git", from: "2.0.0-beta.1"),
         .package(url: "https://github.com/swift-server/swift-aws-lambda-events.git", from: "1.2.0"),
-        .package(url: "https://github.com/apple/swift-docc-plugin", from: "1.4.0"),
     ],
     targets: [
         .target(