serverless-basic-authentication/index.js at 306199c5f118441140e158ff5d369187b4eefe22 · svdgraaf/serverless-basic-authentication · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
const fs = require('fs');
const chalk = require('chalk');
const path = require('path');

module.exports = class SetupBasicAuthentication {
  constructor(serverless, options) {
    this.options = options;
    this.serverless = serverless;

    // add the basic authentication function to the functions as soon as possible
    this.injectBasicAuthFunction(serverless);

    this.hooks = {
      'before:package:initialize': this.addAuthorizer.bind(this),
      'after:package:createDeploymentArtifacts': this.removeAuthorizer.bind(this),
      'before:deploy:deploy': this.configureApiGatewayKeySource.bind(this),
    };
  }

  addAuthorizer() {
    // add our custom authenticator
    this.addAuthFileToPackage();

    this.addAuthorizerFunctionToPrivateFunctions();
  }

  removeAuthorizer() {
    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Removing Symlink for Basic Authenticator')}`);
    fs.unlinkSync(path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`));
  }

  addAuthFileToPackage() {
    if (!this.serverless.package) {
      this.serverless.package = {};
    }

    if (!this.serverless.package.include) {
      this.serverless.package.include = [];
    }

    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding Symlink for Basic Authenticator')}`);
    // @TODO: Make target filename randomized with something, to prevent overriding
    // any files

    // append our basic_auth.py file to the package
    this.serverless.package.include.push(path.normalize(`${__dirname}/basic_auth.py`));
    try {
      fs.symlinkSync(
        path.normalize(`${__dirname}/basic_auth.py`),
        path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`)
      );
    } catch (error) {
      if (error.errno === -4048 && error.code === 'EPERM') {
        fs.copyFileSync(
          path.normalize(`${__dirname}/basic_auth.py`),
          path.normalize(`${this.serverless.config.servicePath}/basic_auth.py`)
        );
      } else {
        throw error;
      }
    }
  }

  injectBasicAuthFunction() {
    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding function for Basic Authenticator')}`);
    const basicAuthenticator = {
      handler: 'basic_auth.basicAuth',
      runtime: 'python3.6',
    };

    // add the basic authenticator function
    this.serverless.service.functions.basicAuthenticator = basicAuthenticator;
  }

  addAuthorizerFunctionToPrivateFunctions() {
    // For each function which is marked as 'private', set the basic authenticator
    // if it doesn't have a custom authenticator yet.

    // If any of the functions' events is marked with the flag "basicAuth", then
    // only the events with basicAuth=true are configured with basic auth.

    const functions = this.serverless.service.functions || [];

    const hasAnyBasicAuthConfig = Object.keys(functions).reduce(
      (result, func) => result || Object.keys(func.events || []).reduce(
        (hasBasicAuthConfig, event) => hasBasicAuthConfig || (event.http && 'basicAuth' in event.http),
      false),
    false);

    Object.keys(functions).forEach((functionName) => {
      // ignore our own function
      if (functionName === 'basicAuthenticator') {
        return;
      }

      // get all function configs
      const fnctn = functions[functionName];

      // check if any of the http events is marked as private, and if that event
      // also doesn't have a custom authorizer already, apply our authenticator
      Object.keys(fnctn.events).forEach((fnctnEvent) => {
        // if http doesn't exist, skip
        if (!fnctn.events[fnctnEvent].http) {
          return;
        }

        if (
          !fnctn.events[fnctnEvent].http.authorizer &&
          (
            fnctn.events[fnctnEvent].http.private === true ||
            !hasAnyBasicAuthConfig ||
            fnctn.events[fnctnEvent].http.basicAuth === true
          )
        ) {
          fnctn.events[fnctnEvent].http.authorizer = {
            name: 'basicAuthenticator',
            identitySource: '', // this is only valid if we set cache ttl to 0
            resultTtlInSeconds: 0,
            type: 'REQUEST',
          };
          this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow(`Enabled for ${functionName}`)}`);
        }
      });
    });
  }

  configureApiGatewayKeySource() {
    const template = this.serverless.service.provider.compiledCloudFormationTemplate;
    if (template.Resources.ApiGatewayRestApi != null) {
      this.serverless.cli.consoleLog(
        `Basic Authentication: ${chalk.yellow('Configuring Api Gateway for Basic Authenticator')}`,
      );
      template.Resources.ApiGatewayRestApi.Properties.ApiKeySourceType = 'AUTHORIZER';
    }
  }
};