jets 2.1.7 → 2.2.0

data/lib/jets/controller/middleware/cors.rb

@@ -52,7 +52,7 @@ module Jets::Controller::Middleware
       # IE: Access-Control-Allow-Methods
       default = {
         "access-control-allow-methods" => "DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT",
-        "access-control-allow-headers" => "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent",
+        "access-control-allow-headers" => "Content-Type,X-Amz-Date,Authorization,Auth,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent",
       }
       Jets.config.cors_preflight || default
     end

data/lib/jets/klass.rb

@@ -45,15 +45,15 @@ class Jets::Klass
       end
     end
 
+    APP_TYPES = %w[controller job rule authorizer]
     def from_task(task)
       class_name = task.class_name
       filename = class_name.underscore
 
-      # Examples of filename: posts_controller, hard_job, security_rule,
+      # Examples of filename: posts_controller, hard_job, security_rule, main_authorizer
       #   hello_function, hello
-      valid_types = %w[controller job rule]
       type = filename.split('_').last
-      type = "function" unless valid_types.include?(type)
+      type = "function" unless APP_TYPES.include?(type)
 
       path = "app/#{type.pluralize}/#{filename}.rb"
       from_path(path)

data/lib/jets/naming.rb

@@ -7,12 +7,12 @@ class Jets::Naming
     extend Memoist
 
     def app_template_path(app_class)
-      underscored = app_class.to_s.underscore.gsub('/','-')
+      underscored = underscore(app_class)
       "#{template_path_prefix}-app-#{underscored}.yml"
     end
 
     def shared_template_path(shared_class)
-      underscored = shared_class.to_s.underscore.gsub('/','-')
+      underscored = underscore(shared_class)
       "#{template_path_prefix}-shared-#{underscored}.yml"
     end
 
@@ -49,5 +49,15 @@ class Jets::Naming
     def gateway_api_name
       "#{Jets.config.project_namespace}"
     end
+
+    def authorizer_template_path(path)
+      underscored = underscore(path)
+      underscored.sub!(/^app-/, '')
+      "#{template_path_prefix}-#{underscored}.yml"
+    end
+
+    def underscore(s)
+      s.to_s.underscore.sub(/\.rb$/,'').gsub('/','-')
+    end
   end
 end

data/lib/jets/resource/api_gateway/authorizer.rb

@@ -0,0 +1,82 @@
+module Jets::Resource::ApiGateway
+  class Authorizer < Jets::Resource::Base
+    def initialize(props={})
+      @props = props # associated_properties from dsl.rb
+    end
+
+    def definition
+      {
+        authorizer_logical_id => {
+          type: "AWS::ApiGateway::Authorizer",
+          properties: props,
+        }
+      }
+    end
+
+    def props
+      default = {
+        # authorizer_credentials: '',
+        # authorizer_result_ttl_in_seconds: '',
+        # auth_type: '',
+        # identity_source: '', # required
+        # identity_validation_expression: '',
+        # name: '',
+        # provider_arns: [],
+        rest_api_id: '!Ref RestApi', # Required: Yes
+        type: '', # Required: Yes
+      }
+
+      unless @props[:type].to_s.upcase == 'COGNITO_USER_POOLS'
+        @props[:authorizer_uri] = { # Required: Conditional
+          "Fn::Join" => ['', [
+            'arn:aws:apigateway:',
+            "!Ref 'AWS::Region'",
+            ':lambda:path/2015-03-31/functions/',
+            {"Fn::GetAtt" => ["{namespace}LambdaFunction", "Arn"]},
+            '/invocations'
+          ]]
+        }
+      end
+      @props[:authorizer_result_ttl_in_seconds] = @props.delete(:ttl) if @props[:ttl]
+
+      normalize_type!(@props)
+      normalize_identity_source!(@props)
+      default.merge(@props)
+    end
+
+    def authorizer_logical_id
+      "{namespace}_authorizer" # IE: protect_authorizer
+    end
+
+    def outputs
+      # IE: ProtectAuthorizer: !Ref ProtectAuthorizer
+      {
+        logical_id => "!Ref #{logical_id}",
+      }
+    end
+
+  private
+    # Also sets a default if it's not provided
+    def normalize_type!(props)
+      type = props[:type] || :request
+      @props[:type] = type.to_s.upcase
+    end
+
+    # Also sets a default if it's not provided
+    def normalize_identity_source!(props)
+      identity_source = props[:identity_source] || Jets.config.api.authorizers.default_token_source
+      # request authorizer type can have multiple identity sources.
+      # token authorizer type has only one identity source.
+      # We handle both cases.
+      identity_sources = identity_source.split(',') # to handle multipe
+      identity_sources.map! do |source|
+        if source.include?(".") # if '.' is detected assume full identify source provided
+          source
+        else
+          "method.request.header.#{source}" # convention
+        end
+      end
+      @props[:identity_source] = identity_sources.join(',')
+    end
+  end
+end

data/lib/jets/resource/api_gateway/method.rb

@@ -1,9 +1,10 @@
 # Converts a Jets::Route to a CloudFormation Jets::Resource::ApiGateway::Method resource
 module Jets::Resource::ApiGateway
   class Method < Jets::Resource::Base
+    include Authorization
+
     # also delegate permission for a method
-    delegate :permission,
-             to: :resource
+    delegate :permission, to: :resource
 
     # route - Jets::Route
     def initialize(route)
@@ -14,24 +15,30 @@ module Jets::Resource::ApiGateway
       {
         method_logical_id => {
           type: "AWS::ApiGateway::Method",
-          properties: {
-            resource_id: "!Ref #{resource_id}",
-            rest_api_id: "!Ref #{RestApi.logical_id}",
-            http_method: @route.method,
-            request_parameters: {},
-            authorization_type: authorization_type,
-            api_key_required: api_key_required?,
-            integration: {
-              integration_http_method: "POST",
-              type: "AWS_PROXY",
-              uri: "!Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${{namespace}LambdaFunction.Arn}/invocations"
-            },
-            method_responses: []
-          }
+          properties: props
         }
       }
     end
 
+    def props
+      props = {
+        resource_id: "!Ref #{resource_id}",
+        rest_api_id: "!Ref #{RestApi.logical_id}",
+        http_method: @route.method,
+        request_parameters: {},
+        authorization_type: authorization_type,
+        api_key_required: api_key_required?,
+        integration: {
+          integration_http_method: "POST",
+          type: "AWS_PROXY",
+          uri: "!Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${{namespace}LambdaFunction.Arn}/invocations"
+        },
+        method_responses: []
+      }
+      props[:authorizer_id] = authorizer_id if authorizer_id
+      props
+    end
+
     def method_logical_id
       # https://stackoverflow.com/questions/6104240/how-do-i-strip-non-alphanumeric-characters-from-a-string-and-keep-spaces
       # Add path to the logical id to allow 2 different paths to be connected to the same controller action.
@@ -65,28 +72,6 @@ module Jets::Resource::ApiGateway
 
   private
 
-    def authorization_type
-      type = @route.authorization_type ||
-             controller_auth_type ||
-             Jets.config.api.authorization_type
-      type.to_s.upcase
-    end
-
-    def controller_auth_type
-      # Already handles inheritance via class_attribute
-      controller_klass.authorization_type
-    end
-
-    def api_key_required?
-      api_key_required == true
-    end
-
-    def api_key_required
-      @route.api_key_required ||
-        controller_klass.api_key_required ||
-        Jets.config.api.api_key_required
-    end
-
     def controller_klass
       @controller_klass ||= "#{controller_name}_controller".camelize.constantize
     end

data/lib/jets/resource/api_gateway/method/authorization.rb

@@ -0,0 +1,32 @@
+class Jets::Resource::ApiGateway::Method
+  module Authorization
+  private
+    def authorizer_id
+      if @route.authorizer
+        logical_id = @route.authorizer_id
+      elsif controller_klass.authorizer
+        logical_id = controller_klass.authorizer_logical_id(@route.action_name)
+      end
+
+      "!Ref #{logical_id}" if logical_id
+    end
+
+    def authorization_type
+      type = @route.authorization_type ||
+             controller_klass.authorization_type || # Already handles inheritance via class_attribute, applies controller-wide
+             controller_klass.infer_authorization_type_for(@route.action_name) || # Applies specifically to route
+             Jets.config.api.authorization_type
+      type.to_s.upcase
+    end
+
+    def api_key_required?
+      api_key_required == true
+    end
+
+    def api_key_required
+      @route.api_key_required ||
+        controller_klass.api_key_required ||
+        Jets.config.api.api_key_required
+    end
+  end
+end

data/lib/jets/resource/child_stack/app_class.rb

@@ -5,6 +5,8 @@
 #
 module Jets::Resource::ChildStack
   class AppClass < Base
+    include CommonParameters
+
     def initialize(s3_bucket, options={})
       super
       @path = options[:path]
@@ -52,10 +54,10 @@ module Jets::Resource::ChildStack
     end
 
     def parameters
-      common = self.class.common_parameters
-      common.merge!(controller_params) if controller?
-      common.merge!(depends.params) if depends
-      common
+      params = self.class.common_parameters
+      params.merge!(controller_params) if controller?
+      params.merge!(depends.params) if depends
+      params
     end
 
     def self.common_parameters
@@ -76,10 +78,13 @@ module Jets::Resource::ChildStack
 
       template_path = @path
       template = Jets::Cfn::BuiltTemplate.get(template_path)
-      template['Parameters'].keys.each do |p|
+      template['Parameters'].each do |p,data|
         case p
         when /Resource$/ # AWS::ApiGateway::Resource in api-resources templates. IE: demo-dev-api-resources-2.yml
           params[p] = "!GetAtt #{api_resource_page(p)}.Outputs.#{p}"
+        when /Authorizer$/ # AWS::ApiGateway::Authorizer in authorizers templates. IE: demo-dev-authorizers.yml
+          # Description contains metadata to get the Authorizer logical id
+          params[p] = "!GetAtt #{authorizer_output(data["Description"])}"
         when 'RootResourceId'
           params[p] = "!GetAtt ApiGateway.Outputs.RootResourceId"
         end
@@ -91,6 +96,12 @@ module Jets::Resource::ChildStack
       ApiResource::Page.logical_id(parameter)
     end
 
+    def authorizer_output(desc)
+      authorizer_stack, authorizer_logical_id = desc.split('.')
+      # IE: MainAuthorizer.Outputs.ProtectAuthorizer
+      "#{authorizer_stack}.Outputs.#{authorizer_logical_id}"
+    end
+
     def controller?
       @path.include?('_controller.yml')
     end

data/lib/jets/resource/child_stack/authorizer.rb

@@ -0,0 +1,46 @@
+module Jets::Resource::ChildStack
+  class Authorizer < Base
+    include CommonParameters
+
+    def initialize(s3_bucket, options={})
+      super
+      @path = options[:path]
+    end
+
+    def definition
+      logical_id = authorizer_logical_id
+      {
+        logical_id => {
+          type: "AWS::CloudFormation::Stack",
+          properties: {
+            template_url: template_url,
+            parameters: parameters,
+          }
+        }
+      }
+    end
+
+    def parameters
+      params = common_parameters
+      params[:RestApi] = "!GetAtt ApiGateway.Outputs.RestApi"
+      params
+    end
+
+    def outputs
+      {
+        logical_id => "!Ref #{logical_id}",
+      }
+    end
+
+    # map the path to a camelized logical_id. IE: ProtectAuthorizer
+    def authorizer_logical_id
+      regexp = Regexp.new(".*#{Jets.config.project_namespace}-authorizers-")
+      authorizer_name = @path.sub(regexp, '').sub('.yml', '')
+      authorizer_name.underscore.camelize
+    end
+
+    def template_filename
+      @path
+    end
+  end
+end

data/lib/jets/resource/child_stack/common_parameters.rb

@@ -0,0 +1,14 @@
+module Jets::Resource::ChildStack
+  module CommonParameters
+    def common_parameters
+      parameters = {
+        IamRole: "!GetAtt IamRole.Arn",
+        S3Bucket: "!Ref S3Bucket",
+      }
+      parameters[:GemLayer] = "!Ref GemLayer" unless Jets.poly_only?
+      parameters
+    end
+
+    extend self
+  end
+end

data/lib/jets/resource/child_stack/shared.rb

@@ -5,6 +5,8 @@
 #
 module Jets::Resource::ChildStack
   class Shared < AppClass
+    include CommonParameters
+
     def initialize(s3_bucket, options={})
       super
       @path = options[:path]
@@ -39,15 +41,6 @@ module Jets::Resource::ChildStack
       props
     end
 
-    def common_parameters
-      parameters = {
-        IamRole: "!GetAtt IamRole.Arn",
-        S3Bucket: "!Ref S3Bucket",
-      }
-      parameters[:GemLayer] = "!Ref GemLayer" unless Jets.poly_only?
-      parameters
-    end
-
     # Returns output keys associated with the stack.  They are the resource logical ids.
     def dependency_outputs(dependency)
       dependency.to_s.camelize.constantize.output_keys

data/lib/jets/router/route.rb

@@ -6,6 +6,7 @@
 class Jets::Router
   class Route
     include Util
+    include Authorization
 
     CAPTURE_REGEX = "([^/]*)" # as string
 
@@ -184,14 +185,6 @@ class Jets::Router
       end.to_h
     end
 
-    def authorization_type
-      @options[:authorization_type]
-    end
-
-    def api_key_required
-      @options[:api_key_required]
-    end
-
   private
     def ensure_jets_format(path)
       path.split('/').map do |s|

data/lib/jets/router/route/authorization.rb

@@ -0,0 +1,48 @@
+class Jets::Router::Route
+  module Authorization
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # Use by both Route and Controller
+      def authorizer_logical_id(authorizer, prefix_class: true)
+        klass, meth = authorizer.split("#")
+        words = [meth, "authorizer"]
+        words.unshift(klass) if prefix_class
+        words.join('_').camelize # logical_id
+      end
+    end
+
+    # IE: main#protect => MainProtectAuthorizer
+    def authorizer_id(prefix_class: true)
+      return unless authorizer
+      self.class.authorizer_logical_id(authorizer, prefix_class: prefix_class)
+    end
+
+    # Metadata about the authorizer class that can be used later. Stored in the Authorizer template parameters.
+    # In app_class.rb `def controller_params` it is used to build the input parameters for controller templates.
+    def authorizer_metadata
+      klass = authorizer.split("#").first
+      authorizer_class = "#{klass}_authorizer".camelize
+      logical_id = authorizer_id(prefix_class: false)
+      "#{authorizer_class}.#{logical_id}"
+    end
+
+    def authorizer
+      @options[:authorizer]
+    end
+
+    def authorization_type
+      @options[:authorization_type] || inferred_authorization_type
+    end
+
+    def api_key_required
+      @options[:api_key_required]
+    end
+
+  private
+    def inferred_authorization_type
+      return unless authorizer
+      Jets::Authorizer::Base.authorization_type(authorizer)
+    end
+  end
+end