@bitblit/ratchet-epsilon-common 6.0.146-alpha → 6.0.147-alpha

package/src/config/local-server/local-server-http-method-handling.ts

@@ -0,0 +1,7 @@
+// NOTE: This is a psuedo-enum to fix some issues with Typescript enums.  See: https://exploringjs.com/tackling-ts/ch_enum-alternatives.html for details
+export const LocalServerHttpMethodHandling = {
+  Uppercase: 'Uppercase',
+  Lowercase: 'Lowercase',
+  PassThru: 'PassThru',
+};
+export type LocalServerHttpMethodHandling = (typeof LocalServerHttpMethodHandling)[keyof typeof LocalServerHttpMethodHandling];

package/src/config/local-server/local-server-options.ts

@@ -0,0 +1,12 @@
+import { LocalServerHttpMethodHandling } from './local-server-http-method-handling.js';
+import { LocalServerEventLoggingStyle } from "./local-server-event-logging-style.ts";
+import { LoggerLevelName } from "@bitblit/ratchet-common/logger/logger-level-name";
+
+export interface LocalServerOptions {
+  port?: number;
+  https?: boolean;
+  methodHandling?: LocalServerHttpMethodHandling;
+  eventLoggingStyle?: LocalServerEventLoggingStyle;
+  eventLoggingLevel?: LoggerLevelName;
+  graphQLIntrospectionEventLogLevel?: LoggerLevelName;
+}

package/src/config/logging-trace-id-generator.ts

@@ -0,0 +1,3 @@
+import { Context } from 'aws-lambda';
+
+export type LoggingTraceIdGenerator = (event?: any, context?: Context) => string;

package/src/config/no-handlers-found-error.ts

@@ -0,0 +1,6 @@
+export class NoHandlersFoundError extends Error {
+  constructor(msg?: string) {
+    super(msg ?? 'No handlers found');
+    Object.setPrototypeOf(this, NoHandlersFoundError.prototype);
+  }
+}

package/src/config/open-api/open-api-document-components.ts

@@ -0,0 +1,4 @@
+export interface OpenApiDocumentComponents {
+  securitySchemes: any[];
+  schemas: any[];
+}

package/src/config/open-api/open-api-document.ts

@@ -0,0 +1,7 @@
+import { OpenApiDocumentComponents } from './open-api-document-components.js';
+//import { OpenApiDocumentPath } from './open-api-document-path.js';
+
+export interface OpenApiDocument {
+  components: OpenApiDocumentComponents;
+  paths: Record<string, any>[]; //OpenApiDocumentPath[];
+}

package/src/config/s3-config.ts

@@ -0,0 +1,8 @@
+import { GenericAwsEventHandlerFunction } from './generic-aws-event-handler-function.js';
+import { S3Event } from 'aws-lambda';
+
+export interface S3Config {
+  // S3 events mapped by bucket name
+  createHandlers: Map<string, GenericAwsEventHandlerFunction<S3Event>>;
+  removeHandlers: Map<string, GenericAwsEventHandlerFunction<S3Event>>;
+}

package/src/config/sns-config.ts

@@ -0,0 +1,7 @@
+import { GenericAwsEventHandlerFunction } from './generic-aws-event-handler-function.js';
+import { SNSEvent } from 'aws-lambda';
+
+export interface SnsConfig {
+  // Map of TopicARN to handler
+  handlers: Map<string, GenericAwsEventHandlerFunction<SNSEvent>>;
+}

package/src/config/sqs-config.ts

@@ -0,0 +1,7 @@
+import { GenericAwsEventHandlerFunction } from './generic-aws-event-handler-function.js';
+import { SQSEvent } from 'aws-lambda';
+
+export interface SqsConfig {
+  // Map of TopicARN to handler
+  handlers: Map<string, GenericAwsEventHandlerFunction<SQSEvent>>;
+}

package/src/epsilon-build-properties.ts

@@ -0,0 +1,21 @@
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+
+export class EpsilonBuildProperties {
+  // Prevent instantiation
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  private constructor() {}
+
+  public readonly buildVersion: string = 'LOCAL-SNAPSHOT';
+
+  public readonly buildHash: string = 'LOCAL-HASH';
+
+  public readonly buildBranch: string = 'LOCAL-BRANCH';
+
+  public readonly buildTag: string = 'LOCAL-TAG';
+
+  public get buildBranchOrTag(): string {
+    return StringRatchet.trimToNull(this.buildBranch) ? 'BRANCH:' + this.buildBranch : 'TAG:' + this.buildTag;
+  }
+
+  public readonly buildTime: string = 'LOCAL-TIME';
+}

package/src/epsilon-constants.ts

@@ -0,0 +1,62 @@
+import { EpsilonGlobalHandler } from './epsilon-global-handler.js';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { EsmRatchet } from '@bitblit/ratchet-common/lang/esm-ratchet';
+
+export class EpsilonConstants {
+  public static readonly EPSILON_FINDER_DYNAMIC_IMPORT_PATH_ENV_NAME = 'EPSILON_FINDER_DYNAMIC_IMPORT_PATH';
+  public static readonly EPSILON_FINDER_FUNCTION_NAME_ENV_NAME = 'EPSILON_FINDER_FUNCTION_NAME';
+  public static readonly DEFAULT_EPSILON_FINDER_DYNAMIC_IMPORT_PATH = 'epsilon-global-handler-provider.js';
+  public static readonly DEFAULT_EPSILON_FINDER_FUNCTION_NAME = 'findEpsilonGlobalHandler';
+
+  public static readonly AUTH_HEADER_PREFIX: string = 'Bearer ';
+  public static readonly AUTH_HEADER_NAME: string = 'Authorization';
+
+  public static readonly BACKGROUND_SQS_TYPE_FIELD = 'BACKGROUND_TYPE';
+  public static readonly BACKGROUND_SNS_START_MARKER = 'BACKGROUND_START_MARKER';
+  public static readonly BACKGROUND_SNS_IMMEDIATE_RUN_FLAG = 'BACKGROUND_IMMEDIATE_RUN_FLAG';
+
+  public static readonly INTER_API_SNS_EVENT = 'EPSILON_INTER_API_EVENT';
+
+  private static load<T>(filePath: string, className: string): T {
+    Logger.info('Searching for %s : %s : %s', filePath, className, EsmRatchet.fetchDirName(import.meta.url));
+    let rval: T = null;
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const val = require(filePath);
+    if (val) {
+      Logger.debug('Found %s - pulling object : %j : %s', filePath, Object.keys(val), className);
+      rval = val[className];
+    }
+    return rval;
+  }
+
+  public static async findDynamicImportEpsilonGlobalHandlerProvider(): Promise<EpsilonGlobalHandler> {
+    const importPath: string =
+      process.env[EpsilonConstants.EPSILON_FINDER_DYNAMIC_IMPORT_PATH_ENV_NAME] ||
+      EpsilonConstants.DEFAULT_EPSILON_FINDER_DYNAMIC_IMPORT_PATH;
+    const fnName: string =
+      process.env[EpsilonConstants.EPSILON_FINDER_FUNCTION_NAME_ENV_NAME] || EpsilonConstants.DEFAULT_EPSILON_FINDER_FUNCTION_NAME;
+    Logger.debug('Using epsilon finder dynamic import path : %s / %s', importPath, fnName);
+
+    let provider: any = null;
+    try {
+      provider = this.load(importPath, fnName);
+    } catch (err) {
+      Logger.error('Error loading provider : %s / %s : %s', importPath, fnName, err, err);
+    }
+
+    let rval: Promise<EpsilonGlobalHandler> = null;
+    if (provider) {
+      Logger.debug('Type2 is : %s', typeof provider);
+      //const fn = provider.fetchEpsilonGlobalHandler();
+      Logger.info('Got3 : %s : %s', provider, typeof provider);
+      rval = provider();
+      Logger.info('Rval3 is %s', rval);
+    }
+    return rval;
+  }
+  //producer: () => Promise<EpsilonGlobalHandler>
+
+  // Prevent instantiation
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  private constructor() {}
+}

package/src/epsilon-global-handler.ts

@@ -0,0 +1,238 @@
+import { Context, ProxyResult } from 'aws-lambda';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { ErrorRatchet } from '@bitblit/ratchet-common/lang/error-ratchet';
+import { PromiseRatchet } from '@bitblit/ratchet-common/lang/promise-ratchet';
+import { LoggerLevelName } from '@bitblit/ratchet-common/logger/logger-level-name';
+import { LoggerOptions } from '@bitblit/ratchet-common/logger/logger-options';
+import { LogMessageFormatType } from '@bitblit/ratchet-common/logger/log-message-format-type';
+import { LogMessageProcessor } from '@bitblit/ratchet-common/logger/log-message-processor';
+import { LoggerOutputFunction } from '@bitblit/ratchet-common/logger/logger-output-function';
+import { TimeoutToken } from '@bitblit/ratchet-common/lang/timeout-token';
+import { RestfulApiHttpError } from '@bitblit/ratchet-common/network/restful-api-http-error';
+import { EventUtil } from './http/event-util.js';
+import { BackgroundEntry } from './background/background-entry.js';
+import { EpsilonInstance } from './epsilon-instance.js';
+import { ResponseUtil } from './http/response-util.js';
+import { RequestTimeoutError } from './http/error/request-timeout-error.js';
+import { InternalBackgroundEntry } from './background/internal-background-entry.js';
+import { ContextUtil } from './util/context-util.js';
+import { EpsilonLambdaEventHandler } from './config/epsilon-lambda-event-handler.js';
+import { WebV2Handler } from './http/web-v2-handler.js';
+import { InterApiEpsilonLambdaEventHandler } from './lambda-event-handler/inter-api-epsilon-lambda-event-handler.js';
+import { GenericSnsEpsilonLambdaEventHandler } from './lambda-event-handler/generic-sns-epsilon-lambda-event-handler.js';
+import { CronEpsilonLambdaEventHandler } from './lambda-event-handler/cron-epsilon-lambda-event-handler.js';
+import { S3EpsilonLambdaEventHandler } from './lambda-event-handler/s3-epsilon-lambda-event-handler.js';
+import { DynamoEpsilonLambdaEventHandler } from './lambda-event-handler/dynamo-epsilon-lambda-event-handler.js';
+import { EpsilonLoggingExtensionProcessor } from './epsilon-logging-extension-processor.js';
+import { GenericSqsEpsilonLambdaEventHandler } from './lambda-event-handler/generic-sqs-epsilon-lambda-event-handler.js';
+import { NoHandlersFoundError } from './config/no-handlers-found-error.js';
+
+/**
+ * This class functions as the adapter from a default Lambda function to the handlers exposed via Epsilon
+ */
+export class EpsilonGlobalHandler {
+  private static LOGGER_CONFIGURED: boolean = false;
+  private static GLOBAL_INSTANCE_PROVIDER: () => Promise<EpsilonGlobalHandler>;
+
+  public static set globalInstanceProvider(input: () => Promise<EpsilonGlobalHandler>) {
+    EpsilonGlobalHandler.GLOBAL_INSTANCE_PROVIDER = input;
+  }
+
+  public static get globalInstanceProvider(): () => Promise<EpsilonGlobalHandler> {
+    return EpsilonGlobalHandler.GLOBAL_INSTANCE_PROVIDER;
+  }
+  private handlers: EpsilonLambdaEventHandler<any>[] = null;
+
+  constructor(private _epsilon: EpsilonInstance) {
+    // We only want to do this if it wasn't explicitly configured earlier
+    if (!EpsilonGlobalHandler.LOGGER_CONFIGURED) {
+      EpsilonGlobalHandler.configureDefaultLogger();
+      Logger.info('EpsilonLoggingConfiguration:Default logger configured');
+    } else {
+      Logger.info('EpsilonLoggingConfiguration:Skipping default logger config - already configured');
+    }
+
+    this.handlers = [
+      this._epsilon.webHandler,
+      new WebV2Handler(this._epsilon.webHandler),
+      this._epsilon.backgroundHandler,
+      new InterApiEpsilonLambdaEventHandler(this._epsilon),
+      new GenericSnsEpsilonLambdaEventHandler(this._epsilon),
+      new GenericSqsEpsilonLambdaEventHandler(this._epsilon),
+      new CronEpsilonLambdaEventHandler(this._epsilon),
+      new S3EpsilonLambdaEventHandler(this._epsilon),
+      new DynamoEpsilonLambdaEventHandler(this._epsilon),
+    ];
+  }
+
+  public static configureDefaultLogger(overrides?: LoggerOptions): void {
+    const output: LoggerOptions = overrides ? Object.assign({}, overrides) : {};
+    output.initialLevel = output.initialLevel ?? LoggerLevelName.info;
+    output.formatType = output.formatType ?? LogMessageFormatType.StructuredJson;
+    //output.trace;
+    output.globalVars = output.globalVars ?? {}; // No extra defaults for now
+    output.outputFunction = output.outputFunction ?? LoggerOutputFunction.StdOut;
+    output.ringBufferSize = output.ringBufferSize ?? 0;
+    const src: LogMessageProcessor[] = output.preProcessors || [];
+    output.preProcessors = src.concat([new EpsilonLoggingExtensionProcessor()]);
+    //output.preProcessors.push();
+
+    const _pre: LoggerOptions = Logger.getOptions();
+    Logger.changeDefaultOptions(output, true);
+    const _post: LoggerOptions = Logger.getOptions();
+    EpsilonGlobalHandler.LOGGER_CONFIGURED = true;
+    Logger.info('EpsilonLoggingConfiguration: Updated');
+    Logger.dumpOptionsIntoLog();
+  }
+
+  public get epsilon(): EpsilonInstance {
+    return this._epsilon;
+  }
+
+  public async processSingleBackgroundByParts<T>(
+    type: string,
+    data?: T,
+    overrideTraceId?: string,
+    overrideTraceDepth?: number,
+  ): Promise<boolean> {
+    return this.processSingleBackgroundEntry(this._epsilon.backgroundManager.createEntry(type, data), overrideTraceId, overrideTraceDepth);
+  }
+
+  public async processSingleBackgroundEntry(
+    e: BackgroundEntry<any>,
+    overrideTraceId?: string,
+    overrideTraceDepth?: number,
+  ): Promise<boolean> {
+    let rval: boolean = false;
+    if (e?.type) {
+      const internal: InternalBackgroundEntry<any> = await this._epsilon.backgroundManager.wrapEntryForInternal(
+        e,
+        overrideTraceId,
+        overrideTraceDepth,
+      );
+      rval = await this._epsilon.backgroundHandler.processSingleBackgroundEntry(internal);
+      Logger.info('Direct processed request %j to %s', e, rval);
+    } else {
+      Logger.error('Cannot process null/unnamed background entry');
+    }
+    return rval;
+  }
+
+  public async lambdaHandler(event: any, context: Context): Promise<any> {
+    let rval: any = null;
+    try {
+      if (this.epsilon.config.disableLastResortTimeout || !context || !context.getRemainingTimeInMillis()) {
+        rval = await this.innerLambdaHandler(event, context);
+      } else {
+        // Outer wrap timeout makes sure that we timeout even if the slow part is a filter instead of the controller
+        const tmp: any = await PromiseRatchet.timeout<ProxyResult>(
+          this.innerLambdaHandler(event, context),
+          'EpsilonLastResortTimeout',
+          context.getRemainingTimeInMillis() - 1000,
+        ); // Reserve 1 second for cleanup
+        if (TimeoutToken.isTimeoutToken(tmp)) {
+          (tmp as TimeoutToken).writeToLog();
+          // Using the HTTP version since it can use it, and the background ones dont care about the response format
+          rval = ResponseUtil.errorResponse(RestfulApiHttpError.wrapError(new RequestTimeoutError('Timed out')));
+        } else {
+          rval = tmp;
+        }
+      }
+    } finally {
+      ContextUtil.clearContext();
+    }
+    return rval;
+  }
+
+  public async innerLambdaHandler(event: any, context: Context): Promise<any> {
+    ContextUtil.initContext(this._epsilon, event, context, 'TBD');
+    let rval: ProxyResult = null;
+    let errorHandler: (evt: any, context: Context, err: any) => Promise<ProxyResult> = EpsilonGlobalHandler.defaultProcessUncaughtError;
+    let noMatchingHandler: boolean = false;
+
+    try {
+      if (!this._epsilon) {
+        Logger.error('Config not found, abandoning');
+        return false;
+      }
+
+      // Setup logging
+      const logLevel: LoggerLevelName = EventUtil.calcLogLevelViaEventOrEnvParam(
+        Logger.getLevel(),
+        event,
+        this._epsilon.config.loggerConfig,
+      );
+      Logger.setLevel(logLevel);
+
+      if (
+        this._epsilon.config.loggerConfig &&
+        this._epsilon.config.loggerConfig.queryParamTracePrefixName &&
+        event.queryStringParameters &&
+        event.queryStringParameters[this._epsilon.config.loggerConfig.queryParamTracePrefixName]
+      ) {
+        Logger.info('Setting trace prefix to %s', event.queryStringParameters[this._epsilon.config.loggerConfig.queryParamTracePrefixName]);
+        Logger.updateTracePrefix(event.queryStringParameters[this._epsilon.config.loggerConfig.queryParamTracePrefixName]);
+      }
+
+      let found: boolean = false;
+      for (let i = 0; i < this.handlers.length && !found; i++) {
+        const handler: EpsilonLambdaEventHandler<any> = this.handlers[i];
+        if (handler.handlesEvent(event)) {
+          found = true;
+          errorHandler = handler.processUncaughtError || errorHandler; // Override it, if the handler supports that
+          const label: string = handler.extractLabel(event, context);
+          ContextUtil.setProcessLabel(label);
+          Logger.logByLevel(
+            this._epsilon?.config?.loggerConfig?.epsilonStartEndMessageLogLevel || LoggerLevelName.info,
+            'EvtStart: %s',
+            label,
+          );
+          try {
+            rval = await handler.processEvent(event, context);
+          } catch (err) {
+            if (err instanceof NoHandlersFoundError) {
+              // We found a generic handler to handle this event, but it didn't have any handlers for
+              // this specific message.
+              // Reset "found" flag to false, but still break the loop.
+              found = false;
+              break;
+            } else {
+              throw err;
+            }
+          }
+          Logger.logByLevel(
+            this._epsilon?.config?.loggerConfig?.epsilonStartEndMessageLogLevel || LoggerLevelName.info,
+            'EvtEnd: %s',
+            label,
+          );
+          Logger.silly('EvtEnd:Value: %s Value: %j', label, rval);
+        }
+      }
+
+      if (!found) {
+        noMatchingHandler = true;
+      }
+    } catch (err) {
+      // Note: If your errorHandler throws an error its just gonna get thrown up, which is what we want
+      // since some of them actually NEED to rethrow errors to get auto-retries (eg, Dynamo)
+      rval = await errorHandler(event, context, err);
+    }
+
+    if (this.epsilon.config.throwErrorIfNoSuitableEventHandlers && noMatchingHandler) {
+      Logger.error('No matching handler found for event: %j', event);
+      throw new Error('No matching handler found for event');
+    }
+
+    return rval;
+  }
+
+  public static async defaultProcessUncaughtError(event: any, context: Context, err: any): Promise<ProxyResult> {
+    Logger.error('Error slipped out to outer edge (Default).  Logging and returning log : %s', err, err);
+    const rval: ProxyResult = {
+      statusCode: 500,
+      body: JSON.stringify({ error: ErrorRatchet.safeStringifyErr(err) }),
+      isBase64Encoded: false,
+    };
+    return rval;
+  }
+}

package/src/epsilon-instance.ts

@@ -0,0 +1,20 @@
+import { EpsilonConfig } from './config/epsilon-config.js';
+import { WebHandler } from './http/web-handler.js';
+import { BackgroundHandler } from './background/background-handler.js';
+import { OpenApiDocument } from './config/open-api/open-api-document.js';
+import { ModelValidator } from '@bitblit/ratchet-misc/model-validator/model-validator';
+import { BackgroundManagerLike } from './background/manager/background-manager-like.js';
+
+/**
+ * This interface just wraps up everything that gets created by the config parsing process so that
+ * I can hand it in a neat package to EpsilonGlobalHandler, rather than passing in a bunch of
+ * params on the constructor
+ */
+export interface EpsilonInstance {
+  config: EpsilonConfig;
+  parsedOpenApiDoc: OpenApiDocument;
+  modelValidator: ModelValidator;
+  webHandler: WebHandler;
+  backgroundHandler: BackgroundHandler;
+  backgroundManager: BackgroundManagerLike;
+}

package/src/epsilon-logging-extension-processor.ts

@@ -0,0 +1,19 @@
+import { LogMessageProcessor } from '@bitblit/ratchet-common/logger/log-message-processor';
+import { LogMessage } from '@bitblit/ratchet-common/logger/log-message';
+import { ContextUtil } from './util/context-util.js';
+
+export class EpsilonLoggingExtensionProcessor implements LogMessageProcessor {
+  public process(msg: LogMessage): LogMessage {
+    msg.params = Object.assign({}, msg.params || {}, ContextUtil.fetchLogVariables());
+    msg.params['tester'] = Date.now();
+    msg.params['awsRequestId'] = ContextUtil.currentRequestId();
+    //msg.params['epoch'] = msg.timestamp;
+    msg.params['traceId'] = ContextUtil.currentTraceId();
+    msg.params['traceDepth'] = ContextUtil.currentTraceDepth();
+    msg.params['procLabel'] = ContextUtil.currentProcessLabel();
+    return msg;
+  }
+  public label(): string {
+    return 'EpsilonLoggingExtensionProcessor';
+  }
+}

package/src/http/auth/api-gateway-adapter-authentication-handler.ts

@@ -0,0 +1,95 @@
+import { AuthResponse, AuthResponseContext, Callback, Context, CustomAuthorizerEvent, PolicyDocument } from 'aws-lambda';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { LocalWebTokenManipulator } from './local-web-token-manipulator.js';
+import { EpsilonConstants } from '../../epsilon-constants.js';
+import { JwtTokenBase } from '@bitblit/ratchet-common/jwt/jwt-token-base';
+
+/**
+ * This class is to simplify if the user wants to use a AWS Gateway authorizer in conjunction with Epsilon
+ */
+export class ApiGatewayAdapterAuthenticationHandler {
+  private webTokenManipulator: LocalWebTokenManipulator<JwtTokenBase>;
+
+  constructor(issuer: string, encryptionKeys: string) {
+    this.webTokenManipulator = new LocalWebTokenManipulator<JwtTokenBase>([encryptionKeys], issuer);
+  }
+
+  /**
+   * This is the default authorizer - parses the incoming JWT token and sticks it
+   * into context (or blocks if none/invalid found)
+   * @param event
+   * @param {Context} context
+   * @param {Callback} callback
+   */
+  public lambdaHandler(event: CustomAuthorizerEvent, context: Context, callback: Callback): void {
+    Logger.info('Got event : %j', event);
+
+    const srcString = ApiGatewayAdapterAuthenticationHandler.extractTokenStringFromAuthorizerEvent(event);
+
+    if (srcString) {
+      const methodArn = event.methodArn;
+
+      this.webTokenManipulator
+        .parseAndValidateJWTStringAsync(srcString)
+        .then((parsed) => {
+          if (parsed) {
+            callback(null, this.createPolicy(methodArn, srcString, parsed));
+          } else {
+            Logger.info('Invalid bearer token');
+            callback(new Error('Unauthorized')); // Required by Lambda
+          }
+        })
+        .catch((err) => {
+          Logger.error('Exception parsing token : %s', err);
+          callback(new Error('Unauthorized')); // Required by Lambda
+        });
+    } else {
+      Logger.info('Token not supplied');
+      callback(new Error('Unauthorized')); // Required by Lambda
+    }
+  }
+
+  private createPolicy(methodArn: string, srcString: string, userOb: any): AuthResponse {
+    // If we reached here, create a policy document
+    // parse the ARN from the incoming event
+    const tmp = methodArn.split(':'); // event.methodArn;
+    const apiGatewayArnTmp = tmp[5].split('/');
+    const awsAccountId = tmp[4];
+    const region = tmp[3];
+    const stage = apiGatewayArnTmp[1];
+    const restApiId = apiGatewayArnTmp[0];
+
+    const response: AuthResponse = {
+      principalId: 'user',
+      policyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Action: 'execute-api:Invoke',
+            Effect: 'Allow',
+            Resource: ['arn:aws:execute-api:' + region + ':' + awsAccountId + ':' + restApiId + '/' + stage + '/*/*'],
+          },
+        ],
+      } as PolicyDocument,
+      // Context matches what would come in ExtendedAuthResponseContext if using epsilon auth
+      context: {
+        userJSON: JSON.stringify(userOb),
+        srcData: srcString, // Put this in in-case we are doing a token update
+      } as AuthResponseContext,
+    } as AuthResponse;
+
+    return response;
+  }
+
+  public static extractTokenStringFromAuthorizerEvent(event: CustomAuthorizerEvent): string {
+    Logger.silly('Extracting token from event : %j', event);
+    let rval: string = null;
+    if (event && event.authorizationToken) {
+      const token: string = event.authorizationToken;
+      if (token && token.startsWith(EpsilonConstants.AUTH_HEADER_PREFIX)) {
+        rval = token.substring(EpsilonConstants.AUTH_HEADER_PREFIX.length); // Strip "Bearer "
+      }
+    }
+    return rval;
+  }
+}

package/src/http/auth/auth0-web-token-manipulator.ts

@@ -0,0 +1,69 @@
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { JwtTokenBase } from '@bitblit/ratchet-common/jwt/jwt-token-base';
+import jwt from 'jsonwebtoken';
+import jwks from 'jwks-rsa';
+import { WebTokenManipulator } from './web-token-manipulator.js';
+
+export class Auth0WebTokenManipulator implements WebTokenManipulator<JwtTokenBase> {
+  private jwksClient: any;
+
+  constructor(
+    private clientId: string,
+    private jwksUri: string,
+    private issuer: string,
+  ) {}
+
+  public async extractTokenFromAuthorizationHeader(authHeader: string): Promise<JwtTokenBase> {
+    let tokenString: string = StringRatchet.trimToEmpty(authHeader);
+    if (tokenString.toLowerCase().startsWith('bearer ')) {
+      tokenString = tokenString.substring(7);
+    }
+    const validated: JwtTokenBase = tokenString ? await this.parseAndValidateAuth0Token(tokenString, false) : null;
+    return validated;
+  }
+
+  public async parseAndValidateAuth0Token(auth0Token: string, allowExpired: boolean = false): Promise<JwtTokenBase> {
+    Logger.debug('Validating Auth0 token : %s', StringRatchet.obscure(auth0Token, 4));
+
+    const fullToken: any = jwt.decode(auth0Token, { complete: true });
+    const kid: string = fullToken?.header?.kid;
+    const nowEpochSeconds: number = Math.floor(new Date().getTime() / 1000);
+
+    const pubKey: string = await this.fetchSigningKey(kid as string);
+    const validated: any = jwt.verify(auth0Token, pubKey, {
+      audience: this.clientId,
+      issuer: this.issuer,
+      ignoreExpiration: allowExpired,
+      clockTimestamp: nowEpochSeconds,
+    });
+
+    return validated;
+  }
+
+  private async fetchSigningKey(kid: string): Promise<string> {
+    const jClient: any = await this.fetchJwksClient();
+
+    return new Promise<string>((res, rej) => {
+      jClient.getSigningKey(kid, (err, key) => {
+        if (err) {
+          rej(err);
+        } else {
+          res(key.publicKey || key.rsaPublicKey);
+        }
+      });
+    });
+  }
+
+  private async fetchJwksClient(): Promise<any> {
+    if (!this.jwksClient) {
+      this.jwksClient = jwks({
+        cache: true,
+        cacheMaxEntries: 5,
+        cacheMaxAge: 1000 * 60 * 60 * 10,
+        jwksUri: this.jwksUri,
+      });
+    }
+    return this.jwksClient;
+  }
+}

package/src/http/auth/basic-auth-token.ts

@@ -0,0 +1,7 @@
+/**
+ * Simple decoding of a Basic Authorization header
+ */
+export interface BasicAuthToken {
+  username: string;
+  password: string;
+}

package/src/http/auth/google-web-token-manipulator.spec.ts

@@ -0,0 +1,15 @@
+import { GoogleWebTokenManipulator } from './google-web-token-manipulator.js';
+import { JwtTokenBase } from '@bitblit/ratchet-common/jwt/jwt-token-base';
+import { describe, expect, test } from 'vitest';
+
+describe('#googleWebTokenManipulator', function () {
+  test.skip('should extract a token', async () => {
+    const token: string = 'TOKEN_HERE';
+    const clientId: string = 'CLIENT_HERE';
+
+    const svc: GoogleWebTokenManipulator = new GoogleWebTokenManipulator(clientId);
+    const res: JwtTokenBase = await svc.parseAndValidateGoogleToken<any>(token, false);
+
+    expect(res).toBeTruthy();
+  });
+});