Working prototype for API gateway Cognito and Lambda auth

prameshbajra · Jul 4, 2024 · 20d3bbf · 20d3bbf
1 parent 9c2e7a6
commit 20d3bbf
Show file tree

Hide file tree

Showing 12 changed files with 94 additions and 35 deletions.
diff --git a/auth/.eslintignore → lambdas/.eslintignore b/auth/.eslintignore → lambdas/.eslintignore
diff --git a/auth/.eslintrc.js → lambdas/.eslintrc.js b/auth/.eslintrc.js → lambdas/.eslintrc.js
diff --git a/auth/.npmignore → lambdas/.npmignore b/auth/.npmignore → lambdas/.npmignore
diff --git a/auth/.prettierrc.js → lambdas/.prettierrc.js b/auth/.prettierrc.js → lambdas/.prettierrc.js
diff --git a/auth/jest.config.ts → lambdas/jest.config.ts b/auth/jest.config.ts → lambdas/jest.config.ts
diff --git a/auth/package-lock.json → lambdas/package-lock.json b/auth/package-lock.json → lambdas/package-lock.json
diff --git a/auth/package.json → lambdas/package.json b/auth/package.json → lambdas/package.json
diff --git a/auth/signin.ts → lambdas/signin.ts b/auth/signin.ts → lambdas/signin.ts
diff --git a/auth/tests/unit/test-handler.test.ts → lambdas/tests/unit/test-handler.test.ts b/auth/tests/unit/test-handler.test.ts → lambdas/tests/unit/test-handler.test.ts
diff --git a/auth/tsconfig.json → lambdas/tsconfig.json b/auth/tsconfig.json → lambdas/tsconfig.json
diff --git a/lambdas/uploadToS3.ts b/lambdas/uploadToS3.ts
@@ -0,0 +1,10 @@
+import { APIGatewayProxyHandler } from 'aws-lambda';
+
+export const lambdaHandler: APIGatewayProxyHandler = async (event, _context) => {
+    const body = JSON.parse(event.body || '{}');
+    console.log(body);
+    return {
+        statusCode: 200,
+        body: JSON.stringify(body),
+    };
+};
diff --git a/template.yaml b/template.yaml
@@ -10,10 +10,63 @@ Globals:
     TracingEnabled: true
 
 Resources:
+  UserPool:
+      Type: AWS::Cognito::UserPool
+      Properties:
+        UserPoolName: BackopUserPool
+        AutoVerifiedAttributes:
+          - email
+        Policies:
+          PasswordPolicy:
+            MinimumLength: 8
+            RequireLowercase: true
+            RequireNumbers: true
+            RequireSymbols: true
+            RequireUppercase: true
+
+  UserPoolClient:
+    Type: AWS::Cognito::UserPoolClient
+    Properties:
+      ClientName: BackopUserPoolClient
+      UserPoolId: !Ref UserPool
+      GenerateSecret: false
+      ExplicitAuthFlows:
+        - ADMIN_NO_SRP_AUTH
+        - USER_PASSWORD_AUTH
+      IdTokenValidity: 24
+      AccessTokenValidity: 24
+      SupportedIdentityProviders:
+        - COGNITO
+
+  # API Gateway
+  BackopApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      StageName: Prod 
+      CorsConfiguration: 
+        AllowOrigins:
+          - "http://*"
+          - "https://*"
+        AllowHeaders:
+          - authorization
+        AllowMethods:
+          - GET
+        MaxAge: 3600
+      Auth:
+        DefaultAuthorizer: JWTTokenAuthorizer
+        Authorizers:
+          JWTTokenAuthorizer:
+            JwtConfiguration:
+              issuer: !Sub https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPool}
+              audience: 
+                - !Ref UserPoolClient
+            IdentitySource: "$request.header.Authorization"
+
+  # Functions
   SignInFunction:
     Type: AWS::Serverless::Function
     Properties:
-      CodeUri: auth/
+      CodeUri: lambdas/
       Handler: signin.lambdaHandler
       Runtime: nodejs20.x
       Architectures:
@@ -37,31 +90,31 @@ Resources:
         EntryPoints:
           - signin.ts
 
-  UserPool:
-    Type: AWS::Cognito::UserPool
-    Properties:
-      UserPoolName: BackopUserPool
-      AutoVerifiedAttributes:
-        - email
-      Policies:
-        PasswordPolicy:
-          MinimumLength: 8
-          RequireLowercase: true
-          RequireNumbers: true
-          RequireSymbols: true
-          RequireUppercase: true
-
-  UserPoolClient:
-    Type: AWS::Cognito::UserPoolClient
+  UploadFunction:
+    Type: AWS::Serverless::Function
     Properties:
-      ClientName: BackopUserPoolClient
-      UserPoolId: !Ref UserPool
-      GenerateSecret: false
-      ExplicitAuthFlows:
-        - ADMIN_NO_SRP_AUTH
-        - USER_PASSWORD_AUTH
-
+      CodeUri: lambdas/
+      Handler: uploadToS3.lambdaHandler
+      Runtime: nodejs20.x
+      Architectures:
+        - arm64
+      Events:
+        UploadEvent:
+          Type: HttpApi
+          Properties:
+            ApiId: !Ref BackopApi 
+            Path: /upload
+            Method: post 
+    Metadata:
+      BuildMethod: esbuild
+      BuildProperties:
+        Minify: true
+        Target: es2020
+        Sourcemap: true
+        EntryPoints:
+          - uploadToS3.ts
 
+  # Resource group or application insights
   ApplicationResourceGroup:
     Type: AWS::ResourceGroups::Group
     Properties:
@@ -85,18 +138,14 @@ Resources:
     DependsOn: ApplicationResourceGroup
 
 Outputs:
-  SignInApi:
-    Description: API Gateway endpoint URL for Prod stage for SignIn function
-    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/sign-in/"
-  SignInFunction:
-    Description: SignIn Lambda Function ARN
-    Value: !GetAtt SignInFunction.Arn
-  SignInFunctionIamRole:
-    Description: Implicit IAM Role created for SignIn function
-    Value: !GetAtt SignInFunctionRole.Arn
   UserPoolId:
-    Description: Cognito User Pool ID
+    Description: The ID of the Cognito User Pool
     Value: !Ref UserPool
+
   UserPoolClientId:
-    Description: Cognito User Pool Client ID
+    Description: The ID of the Cognito User Pool Client
     Value: !Ref UserPoolClient
+
+  ApiEndpoint:
+    Description: The endpoint of the API Gateway
+    Value: !Sub 'https://${BackopApi}.execute-api.${AWS::Region}.amazonaws.com/Prod'