Update quote API example

Author: sebsto

Examples/quoteapi/.gitignore

@@ -1,7 +1,8 @@
-/.aws-sam
-/.build
-/.swiftpm
-/.vscode
+.aws-sam
+.build
+.index-build
+.swiftpm
+.vscode
 Package.resolved
 samconfig.toml
 *.d

Examples/quoteapi/Dockerfile

@@ -1,3 +1,3 @@
 # image used to compile your Swift code
-FROM public.ecr.aws/docker/library/swift:5.9.1-amazonlinux2
+FROM public.ecr.aws/docker/library/swift:6.1-amazonlinux2
 RUN yum -y install git jq tar zip openssl-devel

Examples/quoteapi/Makefile

@@ -1,6 +1,7 @@
 ### Add functions here and link them to builder-bot format MUST BE "build-FunctionResourceName in template.yaml"
 
 build-QuoteService: builder-bot
+build-LambdaAuthorizer: builder-bot
 
 # Helper commands
 build:
@@ -10,16 +11,20 @@ deploy:
 	sam deploy 
 
 logs:
-	sam logs --stack-name QuoteService --name QuoteService 
+	sam logs --stack-name QuoteService
 
 tail:
-	sam logs --stack-name QuoteService --name QuoteService --tail
+	sam logs --stack-name QuoteService --tail
 
 local:
-	LOCAL_LAMBDA_SERVER_ENABLED=true swift run QuoteService
+	swift run QuoteService
+
+local-invoke:
+	curl -v -H 'Authorization: Bearer 123' -X POST --data @events/GetQuote.json http://127.0.0.1:7000/invoke
 
 invoke: 
-	curl -v -H 'Authorization: 123' https://k3lbszo7x6.execute-api.us-east-1.amazonaws.com/stocks/AAPL
+##	curl -v -H 'Authorization: Bearer 123' https://<REPLACE_WITH_YOUR_API_URI>/stocks/AAPL
+	curl -v -H 'Authorization: Bearer 123' https://lq2rria2n6.execute-api.us-east-1.amazonaws.com/stocks/AAPL
 
 ######################  No Change required below this line  ##########################
 
@@ -30,17 +35,15 @@ builder-bot:
 	$(eval $@ARTIFACTS_DIR = $(PWD)/.aws-sam/build/$($@PRODUCT))
 
 ## Building from swift-openapi-lambda in a local directory (not from Github)
-##  1. git clone https://github.com/swift-server/swift-openapi-lambda ..
-##  2. Change `Package.swift` dependency to ../swift-openapi-lambda 
-
-##  3. add /.. to BUILD_SRC
-##	$(eval $@BUILD_SRC = $(PWD)/..) 
-	$(eval $@BUILD_SRC = $(PWD)) 
+##  2. Change `Package.swift` dependency to path: "../.."
 
-##  4. add `cd quoteapi &&` to the docker BUILD_CMD  
-##	$(eval $@BUILD_CMD = "ls && cd quoteapi && swift build --static-swift-stdlib --product $($@PRODUCT) -c release --build-path /build-target")
+##  3. add /../.. to BUILD_SRC
+	$(eval $@BUILD_SRC = $(PWD)/../..) 
+## 	$(eval $@BUILD_SRC = $(PWD)) 
 
-	$(eval $@BUILD_CMD = "swift build --static-swift-stdlib --product $($@PRODUCT) -c release --build-path /build-target")
+##  4. add `cd Examples/quoteapi &&` to the docker BUILD_CMD  
+	$(eval $@BUILD_CMD = "ls && cd Examples/quoteapi && swift build --static-swift-stdlib --product $($@PRODUCT) -c release --build-path /build-target")
+## 	$(eval $@BUILD_CMD = "swift build --static-swift-stdlib --product $($@PRODUCT) -c release --build-path /build-target")
 
 	# build docker image to compile Swift for Linux
 	docker build -f Dockerfile . -t swift-builder

Examples/quoteapi/Package.swift

@@ -1,23 +1,23 @@
-// swift-tools-version: 5.9
+// swift-tools-version: 6.0
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
 
 let package = Package(
     name: "QuoteService",
     platforms: [
-        .macOS(.v13), .iOS(.v15), .tvOS(.v15), .watchOS(.v6),
+        .macOS(.v15)
     ],
     products: [
         .executable(name: "QuoteService", targets: ["QuoteService"])
     ],
     dependencies: [
         .package(url: "https://github.com/apple/swift-openapi-generator.git", from: "1.4.0"),
-        .package(url: "https://github.com/apple/swift-openapi-runtime.git", from: "1.5.0"),
-        .package(url: "https://github.com/swift-server/swift-aws-lambda-runtime.git", from: "1.0.0-alpha.3"),
-        .package(url: "https://github.com/swift-server/swift-aws-lambda-events.git", from: "0.4.0"),
-        .package(url: "https://github.com/swift-server/swift-openapi-lambda.git", from: "0.2.0"),
-        // .package(name: "swift-openapi-lambda", path: "../swift-openapi-lambda")
+        .package(url: "https://github.com/apple/swift-openapi-runtime.git", from: "1.8.2"),
+        .package(url: "https://github.com/swift-server/swift-aws-lambda-runtime.git", from: "2.0.0-beta.1"),
+        .package(url: "https://github.com/swift-server/swift-aws-lambda-events.git", from: "1.2.0"),
+        // .package(url: "https://github.com/swift-server/swift-openapi-lambda.git", from: "0.3.0"),
+        .package(name: "swift-openapi-lambda", path: "../.."),
     ],
     targets: [
         .executableTarget(
@@ -28,7 +28,7 @@ let package = Package(
                 .product(name: "AWSLambdaEvents", package: "swift-aws-lambda-events"),
                 .product(name: "OpenAPILambda", package: "swift-openapi-lambda"),
             ],
-            path: "Sources",
+            path: "Sources/QuoteAPI",
             resources: [
                 .copy("openapi.yaml"),
                 .copy("openapi-generator-config.yaml"),
@@ -39,6 +39,14 @@ let package = Package(
                     package: "swift-openapi-generator"
                 )
             ]
-        )
+        ),
+        .executableTarget(
+            name: "LambdaAuthorizer",
+            dependencies: [
+                .product(name: "AWSLambdaRuntime", package: "swift-aws-lambda-runtime"),
+                .product(name: "AWSLambdaEvents", package: "swift-aws-lambda-events"),
+            ],
+            path: "Sources/LambdaAuthorizer"
+        ),
     ]
 )

Examples/quoteapi/README.md

@@ -28,13 +28,7 @@ The **sam deploy** command creates the Lambda function and API Gateway in your A
 sam deploy --guided
 ```
 
-Accept the default response to every prompt, except the following warning:
-
-```bash
-QuoteService may not have authorization defined, Is this okay? [y/N]: y
-```
-
-The project creates a publicly accessible API endpoint. This is a warning to inform you the API does not have authorization. If you are interested in adding authorization to the API, please refer to the [SAM Documentation](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-httpapi.html).
+The project creates an API endpoint protected by a bearer token authorization. Use token value '123' while testing. Youc an change the token validation logic in the `LambdaAuthorizer` function. To learn more about Lambda authorizer function, refer to [the API Gateway documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html).
 
 ## Use the API
 
@@ -54,7 +48,7 @@ Use cURL or a tool such as [Postman](https://www.postman.com/) to interact with
 **Invoke the API Endpoint**
 
 ```bash
-curl https://[your-api-endpoint]/stocks/AMZN
+curl -H 'Authorization: Bearer 123' https://[your-api-endpoint]/stocks/AMZN
 ```
 
 ## Test the API Locally

Examples/quoteapi/Sources/LambdaAuthorizer/main.swift

@@ -0,0 +1,99 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Swift OpenAPI Lambda open source project
+//
+// Copyright (c) 2023 Amazon.com, Inc. or its affiliates
+//                    and the Swift OpenAPI Lambda project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of Swift OpenAPI Lambda project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the SwiftAWSLambdaRuntime open source project
+//
+// Copyright (c) 2024 Apple Inc. and the SwiftAWSLambdaRuntime project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of SwiftAWSLambdaRuntime project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import AWSLambdaEvents
+import AWSLambdaRuntime
+
+//
+// This is an example of a policy authorizer that always authorizes the request.
+// The policy authorizer returns an IAM policy document that defines what the Lambda function caller can do and optional context key-value pairs
+//
+// This code is shown for the example only and is not used in this demo.
+// This code doesn't perform any type of token validation. It should be used as a reference only.
+// let policyAuthorizerHandler:
+//     (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerPolicyResponse = {
+//         (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+
+//         context.logger.debug("+++ Policy Authorizer called +++")
+
+//         // typically, this function will check the validity of the incoming token received in the request
+
+//         // then it creates and returns a response
+//         return APIGatewayLambdaAuthorizerPolicyResponse(
+//             principalId: "John Appleseed",
+
+//             // this policy allows the caller to invoke any API Gateway endpoint
+//             policyDocument: .init(statement: [
+//                 .init(
+//                     action: "execute-api:Invoke",
+//                     effect: .allow,
+//                     resource: "*"
+//                 )
+
+//             ]),
+
+//             // this is additional context we want to return to the caller
+//             context: [
+//                 "abc1": "xyz1",
+//                 "abc2": "xyz2",
+//             ]
+//         )
+//     }
+
+//
+// This is an example of a simple authorizer that always authorizes the request.
+// A simple authorizer returns a yes/no decision and optional context key-value pairs
+//
+// This code doesn't perform any type of token validation. It should be used as a reference only.
+let simpleAuthorizerHandler:
+    (APIGatewayLambdaAuthorizerRequest, LambdaContext) async throws -> APIGatewayLambdaAuthorizerSimpleResponse = {
+        (request: APIGatewayLambdaAuthorizerRequest, context: LambdaContext) in
+
+        context.logger.debug("+++ Simple Authorizer called +++")
+
+        guard let authToken = request.headers["authorization"],
+            authToken == "Bearer 123"
+        else {
+            context.logger.warning("Missing or invalid Authorization header")
+            return .init(isAuthorized: false, context: [:])
+        }
+
+        return APIGatewayLambdaAuthorizerSimpleResponse(
+            // this is the authorization decision: yes or no
+            isAuthorized: true,
+
+            // this is additional context we want to return to the caller
+            context: ["abc1": "xyz1"]
+        )
+    }
+
+// create the runtime and start polling for new events.
+// in this demo we use the simple authorizer handler
+let runtime = LambdaRuntime(body: simpleAuthorizerHandler)
+try await runtime.run()

Examples/quoteapi/Sources/QuoteService.swift renamed to Examples/quoteapi/Sources/QuoteAPI/QuoteService.swift

@@ -16,6 +16,7 @@
 import Foundation
 import OpenAPIRuntime
 import OpenAPILambda
+// import ServiceLifecycle
 
 @main
 struct QuoteServiceImpl: APIProtocol, OpenAPILambdaHttpApi {
@@ -24,6 +25,32 @@ struct QuoteServiceImpl: APIProtocol, OpenAPILambdaHttpApi {
         try self.registerHandlers(on: transport)
     }
 
+    static func main() async throws {
+
+        // when you just need to run the Lambda function, call Self.run()
+        try await Self.run()
+
+        // when you need to have access to the runtime for advanced usage (dependency injection, Service LifeCycle, etc)
+        // create the LambdaRuntime and run it
+
+        // Here is an example with Service Lifecycle
+        // Add the following in Package.swift
+        //    .package(url: "https://github.com/swift-server/swift-service-lifecycle.git", from: "2.6.0"),
+        // and
+        //    .product(name: "ServiceLifecycle", package: "swift-service-lifecycle"),
+        // Add `import ServiceLifecycle` at the top of this file`
+
+        // let lambdaRuntime = try LambdaRuntime(body: Self.handler())
+        // try await lambdaRuntime.run()
+        // let serviceGroup = ServiceGroup(
+        //     services: [lambdaRuntime],
+        //     gracefulShutdownSignals: [.sigterm],
+        //     cancellationSignals: [.sigint],
+        //     logger: Logger(label: "ServiceGroup")
+        // )
+        // try await serviceGroup.run()
+    }
+
     func getQuote(_ input: Operations.getQuote.Input) async throws -> Operations.getQuote.Output {
 
         let symbol = input.path.symbol

Examples/quoteapi/Sources/openapi-generator-config.yaml renamed to Examples/quoteapi/Sources/QuoteAPI/openapi-generator-config.yaml

@@ -8,12 +8,12 @@ Globals:
     CodeUri: .
     Handler: swift.bootstrap
     Runtime: provided.al2
-    MemorySize: 512
+    MemorySize: 128
     Architectures:
       - arm64
 
 Resources:
-  # Lambda function
+  # QuoteService Lambda function
   QuoteService:
     Type: AWS::Serverless::Function
     Properties:
@@ -32,30 +32,50 @@ Resources:
             ApiId: !Ref MyProtectedApi
             Path: /{proxy+}
             Method: ANY
-            Auth:
-              Authorizer: MyLambdaAuthorizer
 
     Metadata:
       BuildMethod: makefile
 
+  # Lambda authorizer function
+  LambdaAuthorizer:
+    Type: AWS::Serverless::Function
+    Properties:
+      Timeout: 29  # max 29 seconds for Lambda authorizers
+      Environment:
+        Variables:
+          # by default, AWS Lambda runtime produces no log
+          # use `LOG_LEVEL: debug` for for lifecycle and event handling information
+          # use `LOG_LEVEL: trace` for detailed input event information
+          LOG_LEVEL: trace
+    Metadata:
+      BuildMethod: makefile
+
+  # The API Gateway
   MyProtectedApi:
     Type: AWS::Serverless::HttpApi
     Properties:
       Auth:
         DefaultAuthorizer: MyLambdaAuthorizer
         Authorizers:
           MyLambdaAuthorizer:
-            AuthorizerPayloadFormatVersion: 2.0
-            EnableFunctionDefaultPermissions: true
-            EnableSimpleResponses: true
-            FunctionArn: arn:aws:lambda:us-east-1:486652066693:function:LambdaAuthorizer-LambdaAuthorizer-TSH4AsHiqICi
+            FunctionArn: !GetAtt LambdaAuthorizer.Arn
             Identity:
               Headers:
-                - Authorization 
+                - Authorization
+            AuthorizerPayloadFormatVersion: "2.0"
+            EnableSimpleResponses: true
+
+  # Give the API Gateway permissions to invoke the Lambda authorizer
+  AuthorizerPermission:
+    Type: AWS::Lambda::Permission
+    Properties:
+      Action: lambda:InvokeFunction
+      FunctionName: !Ref LambdaAuthorizer
+      Principal: apigateway.amazonaws.com
+      SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MyProtectedApi}/*
 
 # print API endpoint
 Outputs:
   SwiftAPIEndpoint:
     Description: "API Gateway endpoint URL for your application"
     Value: !Sub "https://${MyProtectedApi}.execute-api.${AWS::Region}.amazonaws.com"
-    # Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com"