@bitblit/ratchet-epsilon-common 6.0.146-alpha → 6.0.148-alpha

package/src/built-in/http/apollo/epsilon-lambda-apollo-options.ts

@@ -0,0 +1,11 @@
+import { BaseContext, ContextFunction } from '@apollo/server';
+import { EpsilonLambdaApolloContextFunctionArgument } from './epsilon-lambda-apollo-context-function-argument.js';
+import { ProxyResult } from 'aws-lambda';
+import { EpsilonCorsApproach } from '../../../config/http/epsilon-cors-approach.js';
+
+export interface EpsilonLambdaApolloOptions<TContext extends BaseContext> {
+  context?: ContextFunction<[EpsilonLambdaApolloContextFunctionArgument], TContext>;
+  timeoutMS?: number; // Max time to wait for apollo
+  corsMethod?: EpsilonCorsApproach;
+  debugOutputCallback?: (resp: ProxyResult) => Promise<void>;
+}

package/src/built-in/http/apollo-filter.ts

@@ -0,0 +1,151 @@
+import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { PromiseRatchet } from '@bitblit/ratchet-common/lang/promise-ratchet';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { TimeoutToken } from '@bitblit/ratchet-common/lang/timeout-token';
+import { RestfulApiHttpError } from '@bitblit/ratchet-common/network/restful-api-http-error';
+import { Base64Ratchet } from '@bitblit/ratchet-common/lang/base64-ratchet';
+import { APIGatewayEvent, Context, ProxyResult } from 'aws-lambda';
+import { RequestTimeoutError } from '../../http/error/request-timeout-error.js';
+import { FilterFunction } from '../../config/http/filter-function.js';
+import { FilterChainContext } from '../../config/http/filter-chain-context.js';
+import { ApolloServer, BaseContext, ContextFunction, HeaderMap, HTTPGraphQLRequest, HTTPGraphQLResponse } from '@apollo/server';
+import { ContextUtil } from '../../util/context-util.js';
+import { EpsilonLambdaApolloOptions } from './apollo/epsilon-lambda-apollo-options.js';
+import { EpsilonLambdaApolloContextFunctionArgument } from './apollo/epsilon-lambda-apollo-context-function-argument.js';
+import { ApolloUtil } from './apollo/apollo-util.js';
+import { BuiltInFilters } from './built-in-filters.js';
+
+export class ApolloFilter {
+  public static async handlePathWithApollo<T>(
+    fCtx: FilterChainContext,
+    apolloPathRegex: RegExp,
+    apolloServer: ApolloServer<T>,
+    options?: EpsilonLambdaApolloOptions<T>,
+  ): Promise<boolean> {
+    let rval: boolean = false;
+
+    if (fCtx.event?.path && apolloPathRegex && apolloPathRegex.test(fCtx.event.path)) {
+      fCtx.result = await ApolloFilter.processApolloRequest(fCtx.event, fCtx.context, apolloServer, options);
+
+      if (options?.corsMethod) {
+        await BuiltInFilters.addCorsHeadersDynamically(fCtx, options.corsMethod);
+      }
+    } else {
+      // Not handled by apollo
+      rval = true;
+    }
+
+    return rval;
+  }
+
+  public static async processApolloRequest<T>(
+    event: APIGatewayEvent,
+    context: Context,
+    apolloServer: ApolloServer<T>,
+    options?: EpsilonLambdaApolloOptions<T>,
+  ): Promise<ProxyResult> {
+    Logger.silly('Processing event with apollo: %j', event);
+    let rval: ProxyResult = null;
+    RequireRatchet.notNullOrUndefined(apolloServer, 'apolloServer');
+    apolloServer.assertStarted('Cannot process with apollo - instance not started');
+
+    const headerMap: HeaderMap = new HeaderMap();
+    for (const headersKey in event.headers) {
+      headerMap.set(headersKey, event.headers[headersKey]);
+    }
+
+    const eventMethod: string = StringRatchet.trimToEmpty(event.httpMethod).toUpperCase();
+    let body: any = null;
+    if (StringRatchet.trimToNull(event.body)) {
+      const bodyString: string = event.isBase64Encoded ? Base64Ratchet.base64StringToString(event.body) : event.body;
+      body = JSON.parse(bodyString);
+    }
+
+    const aRequest: HTTPGraphQLRequest = {
+      method: eventMethod,
+      headers: headerMap,
+      search:
+        eventMethod === 'GET' && event?.queryStringParameters
+          ? Object.keys(event.queryStringParameters)
+              .map((k) => encodeURIComponent(k) + '=' + encodeURIComponent(event.queryStringParameters[k]))
+              .join('&')
+          : null,
+      body: body,
+    };
+
+    // We do this because fully timing out on Lambda is never a good thing
+    const timeoutMS: number = options?.timeoutMS ?? context.getRemainingTimeInMillis() - 500;
+
+    //const defaultContextFn: ContextFunction<[EpsilonLambdaApolloContextFunctionArgument], any> = async () => ({});
+
+    const contextFn: ContextFunction<[EpsilonLambdaApolloContextFunctionArgument], T> = options?.context ?? ApolloUtil.emptyContext;
+
+    const apolloPromise = apolloServer.executeHTTPGraphQLRequest({
+      httpGraphQLRequest: aRequest,
+      context: () => contextFn({ lambdaContext: context, lambdaEvent: event }),
+    });
+
+    let result: HTTPGraphQLResponse | TimeoutToken = null;
+    if (timeoutMS) {
+      result = await PromiseRatchet.timeout(apolloPromise, 'Apollo timed out after ' + timeoutMS + ' ms.', timeoutMS);
+    } else {
+      Logger.warn('No timeout set even after defaulting for Apollo');
+      result = await apolloPromise;
+    }
+
+    if (TimeoutToken.isTimeoutToken(result)) {
+      (result as TimeoutToken).writeToLog();
+      throw new RequestTimeoutError('Timed out');
+    }
+
+    // If we reach here we didn't time out
+    const httpGraphQLResponse: HTTPGraphQLResponse = result as HTTPGraphQLResponse; // TODO: Use typeguard here instead
+
+    const outHeaders: Record<string, string> = {};
+
+    for (const [headersKey, headersValue] of httpGraphQLResponse.headers.entries()) {
+      outHeaders[headersKey] = headersValue;
+    }
+
+    if (httpGraphQLResponse.body.kind === 'chunked') {
+      // This is legal according to https://www.apollographql.com/docs/apollo-server/integrations/building-integrations/
+      throw new RestfulApiHttpError('Apollo returned chunked result').withHttpStatusCode(500).withRequestId(ContextUtil.currentRequestId());
+    }
+
+    const bodyAsString: string = StringRatchet.trimToEmpty(httpGraphQLResponse?.body?.string);
+
+    rval = {
+      body: Base64Ratchet.generateBase64VersionOfString(bodyAsString),
+      headers: outHeaders,
+      multiValueHeaders: {}, // TODO: Need setting?
+      isBase64Encoded: true,
+      statusCode: httpGraphQLResponse.status || 200,
+    };
+
+    // Finally, a double check to set the content type correctly if the browser page was shown
+    // Since otherwise Apollo defaults it to application/json for some reason
+    if (eventMethod === 'GET' && rval.headers['content-type'] !== 'text/html' && bodyAsString.indexOf('<!DOCTYPE html>') >= 0) {
+      Logger.info('Forcing content type to html for the sandbox page');
+      rval.headers = rval.headers || {};
+      rval.headers['content-type'] = 'text/html';
+    }
+
+    if (options.debugOutputCallback) {
+      await options.debugOutputCallback(rval);
+    }
+
+    return rval;
+  }
+
+  public static addApolloFilterToList(
+    filters: FilterFunction[],
+    apolloPathRegex: RegExp,
+    apolloServer: ApolloServer,
+    options?: EpsilonLambdaApolloOptions<BaseContext>,
+  ): void {
+    if (filters) {
+      filters.push((fCtx) => ApolloFilter.handlePathWithApollo(fCtx, apolloPathRegex, apolloServer, options));
+    }
+  }
+}

package/src/built-in/http/built-in-auth-filters.ts

@@ -0,0 +1,73 @@
+import { UnauthorizedError } from '../../http/error/unauthorized-error.js';
+import { MisconfiguredError } from '../../http/error/misconfigured-error.js';
+import { FilterChainContext } from '../../config/http/filter-chain-context.js';
+import { ForbiddenError } from '../../http/error/forbidden-error.js';
+import { AuthorizerFunction } from '../../config/http/authorizer-function.js';
+import { WebTokenManipulator } from '../../http/auth/web-token-manipulator.js';
+import { EventUtil } from '../../http/event-util.js';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { CommonJwtToken } from '@bitblit/ratchet-common/jwt/common-jwt-token';
+import { JwtTokenBase } from '@bitblit/ratchet-common/jwt/jwt-token-base';
+
+export class BuiltInAuthFilters {
+
+  public static async parseAuthorizationHeader(
+    fCtx: FilterChainContext,
+    webTokenManipulators: WebTokenManipulator<JwtTokenBase> | WebTokenManipulator<JwtTokenBase>[],
+  ): Promise<boolean> {
+    if (!fCtx?.event || !webTokenManipulators || (Array.isArray(webTokenManipulators) && !webTokenManipulators.length)) {
+      throw new MisconfiguredError('Cannot continue - missing event or encryption');
+    } else {
+      // We dont throw errors if no token - just just decodes, it DOESNT enforce having tokens
+      const tokenString: string = EventUtil.extractBearerTokenFromEvent(fCtx?.event);
+      if (!Array.isArray(webTokenManipulators)) {
+        webTokenManipulators = [webTokenManipulators];
+      }
+      for (let i = 0; i < webTokenManipulators.length && !fCtx?.event?.authorization?.auth; i++) {
+        const manipulator: WebTokenManipulator<JwtTokenBase> = webTokenManipulators[i];
+        try {
+          // We include the prefix (like 'bearer') in case the token wants to code more than one type
+          const token: JwtTokenBase = await manipulator.extractTokenFromAuthorizationHeader(tokenString);
+          fCtx.event.authorization = {
+            raw: tokenString,
+            auth: token,
+            error: null,
+          };
+        } catch (err) {
+          fCtx.event.authorization = {
+            raw: tokenString,
+            auth: null,
+            error: err['message'],
+          };
+        }
+      }
+    }
+    return true;
+  }
+
+  public static async applyOpenApiAuthorization(fCtx: FilterChainContext): Promise<boolean> {
+    // Check if this endpoint requires authorization
+    // Use !== true below because commonly it just wont be spec'd
+    if (StringRatchet.trimToNull(fCtx?.routeAndParse?.mapping?.authorizerName)) {
+      const authorizer: AuthorizerFunction = fCtx?.authenticators?.get(fCtx.routeAndParse.mapping.authorizerName);
+      if (authorizer) {
+        if (fCtx?.event?.authorization?.auth) {
+          const allowed: boolean = await authorizer(fCtx.event.authorization, fCtx.event, fCtx.routeAndParse.mapping);
+          if (!allowed) {
+            throw new ForbiddenError('You lack privileges to see this endpoint');
+          }
+        } else {
+          throw new UnauthorizedError('You need to supply credentials for this endpoint');
+        }
+      } else {
+        throw new MisconfiguredError().withFormattedErrorMessage(
+          'Authorizer %s requested but not found',
+          fCtx.routeAndParse.mapping.authorizerName,
+        );
+      }
+    } else {
+      // Do nothing (unauthenticated endpoint)
+    }
+    return true;
+  }
+}

package/src/built-in/http/built-in-authorizers.ts

@@ -0,0 +1,22 @@
+import { Logger } from "@bitblit/ratchet-common/logger/logger";
+import { APIGatewayEvent } from "aws-lambda";
+import { EpsilonAuthorizationContext } from "../../config/http/epsilon-authorization-context.js";
+
+export class BuiltInAuthorizers {
+  public static async simpleNoAuthenticationLogAccess(
+    authorizationContext: EpsilonAuthorizationContext<any>,
+    evt: APIGatewayEvent,
+  ): Promise<boolean> {
+    // Just logs the request but does nothing else
+    Logger.debug('Auth requested for %s : %j', evt.path, authorizationContext?.auth);
+    return true;
+  }
+
+  public static async simpleLoggedInAuth(authorizationContext: EpsilonAuthorizationContext<any>, evt: APIGatewayEvent): Promise<boolean> {
+    // Just verifies that there is a valid token in the request
+    const rval: boolean = !!authorizationContext?.auth;
+    Logger.silly('SimpleLoggedInAuth returning %s for %s', rval, evt.path);
+    return rval;
+  }
+
+}

package/src/built-in/http/built-in-filters.spec.ts

@@ -0,0 +1,26 @@
+import { BuiltInFilters } from './built-in-filters.js';
+import { describe, expect, test } from 'vitest';
+import { ExtendedAPIGatewayEvent } from '../../config/http/extended-api-gateway-event.js';
+import { FilterChainContext } from '../../config/http/filter-chain-context.js';
+
+describe('#uriDecodeQueryParams', function () {
+  test('should not URL decode query string parameters', async () => {
+    const queryParams: Record<string, string> = {
+      test: 'fish+chips',
+      test2: 'chicken%2bbeef',
+      test3: 'ketchup%20mustard',
+      test4: '',
+      test5: 'cat=dog',
+    };
+
+    BuiltInFilters.uriDecodeQueryParams({
+      event: { queryStringParameters: queryParams } as ExtendedAPIGatewayEvent,
+    } as FilterChainContext);
+
+    expect(queryParams['test']).toBe('fish chips');
+    expect(queryParams['test2']).toBe('chicken+beef');
+    expect(queryParams['test3']).toBe('ketchup mustard');
+    expect(queryParams['test4']).toBe('');
+    expect(queryParams['test5']).toBe('cat=dog');
+  });
+});

package/src/built-in/http/built-in-filters.ts

@@ -0,0 +1,300 @@
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { RestfulApiHttpError } from '@bitblit/ratchet-common/network/restful-api-http-error';
+import { MapRatchet } from '@bitblit/ratchet-common/lang/map-ratchet';
+import { EventUtil } from '../../http/event-util.js';
+import { BadRequestError } from '../../http/error/bad-request-error.js';
+import { FilterFunction } from '../../config/http/filter-function.js';
+import { ResponseUtil } from '../../http/response-util.js';
+import { FilterChainContext } from '../../config/http/filter-chain-context.js';
+import { MisconfiguredError } from '../../http/error/misconfigured-error.js';
+import { APIGatewayProxyResult } from 'aws-lambda';
+import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
+import { EpsilonCorsApproach } from '../../config/http/epsilon-cors-approach.js';
+
+export class BuiltInFilters {
+  public static readonly MAXIMUM_LAMBDA_BODY_SIZE_BYTES: number = 1024 * 1024 * 5 - 1024 * 100; // 5Mb - 100k buffer
+
+  public static async combineFilters(fCtx: FilterChainContext, filters: FilterFunction[]): Promise<boolean> {
+    let cont: boolean = true;
+    if (filters && filters.length > 0) {
+      for (let i = 0; i < filters.length && cont; i++) {
+        cont = await filters[i](fCtx);
+      }
+    }
+    return cont;
+  }
+
+  public static async applyGzipIfPossible(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx.event?.headers && fCtx.result) {
+      const encodingHeader: string =
+        fCtx.event && fCtx.event.headers ? MapRatchet.extractValueFromMapIgnoreCase(fCtx.event.headers, 'accept-encoding') : null;
+      fCtx.result = await ResponseUtil.applyGzipIfPossible(encodingHeader, fCtx.result);
+    }
+    return true;
+  }
+
+  public static async addConstantHeaders(fCtx: FilterChainContext, headers: Record<string, string>): Promise<boolean> {
+    if (headers && fCtx.result) {
+      fCtx.result.headers = Object.assign({}, headers, fCtx.result.headers);
+    } else {
+      Logger.warn('Could not add headers - either result or headers were missing');
+    }
+    return true;
+  }
+
+  public static async addAWSRequestIdHeader(fCtx: FilterChainContext, headerName: string = 'X-REQUEST-ID'): Promise<boolean> {
+    if (fCtx.result && StringRatchet.trimToNull(headerName) && headerName.startsWith('X-')) {
+      fCtx.result.headers = fCtx.result.headers || {};
+      fCtx.result.headers[headerName] = fCtx.context?.awsRequestId || 'Request-Id-Missing';
+    } else {
+      Logger.warn('Could not add request id header - either result or context were missing or name was invalid');
+    }
+    return true;
+  }
+
+  public static async addAllowEverythingCORSHeaders(fCtx: FilterChainContext): Promise<boolean> {
+    return BuiltInFilters.addConstantHeaders(fCtx, {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': '*',
+      'Access-Control-Allow-Headers': '*',
+    });
+  }
+
+  public static async addAllowReflectionCORSHeaders(fCtx: FilterChainContext): Promise<boolean> {
+    return BuiltInFilters.addConstantHeaders(fCtx, {
+      'Access-Control-Allow-Origin': MapRatchet.caseInsensitiveAccess<string>(fCtx.event.headers, 'Origin') || '*',
+      'Access-Control-Allow-Methods': MapRatchet.caseInsensitiveAccess<string>(fCtx.event.headers, 'Access-Control-Request-Method') || '*',
+      'Access-Control-Allow-Headers': MapRatchet.caseInsensitiveAccess<string>(fCtx.event.headers, 'Access-Control-Request-Headers') || '*',
+    });
+  }
+
+  public static async uriDecodeQueryParams(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx?.event?.queryStringParameters) {
+      Object.keys(fCtx.event.queryStringParameters).forEach((k) => {
+        const val: string = fCtx.event.queryStringParameters[k];
+        if (val) {
+          fCtx.event.queryStringParameters[k] = BuiltInFilters.decodeUriComponentAndReplacePlus(val);
+        }
+      });
+    }
+    if (fCtx?.event?.multiValueQueryStringParameters) {
+      Object.keys(fCtx.event.multiValueQueryStringParameters).forEach((k) => {
+        const val: string[] = fCtx.event.multiValueQueryStringParameters[k];
+        if (val && val.length) {
+          const cleaned: string[] = val.map((v) => BuiltInFilters.decodeUriComponentAndReplacePlus(v));
+          fCtx.event.multiValueQueryStringParameters[k] = cleaned;
+        }
+      });
+    }
+    return true;
+  }
+
+  /**
+   * Performs decodeURIComponent on a value after replacing all "+" values with spaces.
+   */
+  private static decodeUriComponentAndReplacePlus(val: string): string {
+    return ResponseUtil.decodeUriComponentAndReplacePlus(val);
+  }
+
+  public static async fixStillEncodedQueryParams(fCtx: FilterChainContext): Promise<boolean> {
+    EventUtil.fixStillEncodedQueryParams(fCtx.event);
+    return true;
+  }
+
+  /**
+   * Basically used to restrict a server to only running on an internal network (weakly, this isn't
+   * ironclad at ALL) examines the hostname header to see if what was requested matches a particular
+   * host
+   * @param hostnameRegExList
+   */
+  public static createRestrictServerToHostNamesFilter(hostnameRegExList: RegExp[]): FilterFunction {
+    RequireRatchet.notNullUndefinedOrEmptyArray(hostnameRegExList, 'hostnameRegExList');
+    return async (fCtx: FilterChainContext) => {
+      const hostName: string = StringRatchet.trimToNull(MapRatchet.extractValueFromMapIgnoreCase(fCtx?.event?.headers, 'host'));
+      if (!StringRatchet.trimToNull(hostName)) {
+        throw new BadRequestError('No host name found in headers : ' + JSON.stringify(fCtx?.event?.headers));
+      }
+      const hostMatches: boolean = EventUtil.hostMatchesRegexInList(hostName, hostnameRegExList);
+      if (!hostMatches) {
+        throw new BadRequestError('Host does not match list : ' + hostName + ' :: ' + hostnameRegExList);
+      }
+      return true;
+    };
+  }
+
+  public static async disallowStringNullAsPathParameter(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx?.event?.pathParameters) {
+      Object.keys(fCtx.event.pathParameters).forEach((k) => {
+        if ('null' === StringRatchet.trimToEmpty(fCtx.event.pathParameters[k]).toLowerCase()) {
+          throw new BadRequestError().withFormattedErrorMessage('Path parameter %s was string -null-', k);
+        }
+      });
+    }
+    return true;
+  }
+
+  public static async disallowStringNullAsQueryStringParameter(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx?.event?.queryStringParameters) {
+      Object.keys(fCtx.event.queryStringParameters).forEach((k) => {
+        if ('null' === StringRatchet.trimToEmpty(fCtx.event.queryStringParameters[k]).toLowerCase()) {
+          throw new BadRequestError().withFormattedErrorMessage('Query parameter %s was string -null-', k);
+        }
+      });
+    }
+    return true;
+  }
+
+  public static async ensureEventMaps(fCtx: FilterChainContext): Promise<boolean> {
+    fCtx.event.queryStringParameters = fCtx.event.queryStringParameters || {};
+    fCtx.event.headers = fCtx.event.headers || {};
+    fCtx.event.pathParameters = fCtx.event.pathParameters || {};
+    return true;
+  }
+
+  public static async parseJsonBodyToObject(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx.event?.body) {
+      try {
+        fCtx.event.parsedBody = EventUtil.jsonBodyToObject(fCtx.event);
+      } catch (err) {
+        throw new RestfulApiHttpError('Supplied body was not parsable as valid JSON').withHttpStatusCode(400).withWrappedError(err);
+      }
+    }
+    return true;
+  }
+
+  public static async checkMaximumLambdaBodySize(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx.result?.body && fCtx.result.body.length > BuiltInFilters.MAXIMUM_LAMBDA_BODY_SIZE_BYTES) {
+      const delta: number = fCtx.result.body.length - BuiltInFilters.MAXIMUM_LAMBDA_BODY_SIZE_BYTES;
+      throw new RestfulApiHttpError(
+        'Response size is ' + fCtx.result.body.length + ' bytes, which is ' + delta + ' bytes too large for this handler',
+      ).withHttpStatusCode(500);
+    }
+    return true;
+  }
+
+  public static async validateInboundBody(fCtx: FilterChainContext): Promise<boolean> {
+    if (fCtx?.event?.parsedBody && fCtx.routeAndParse) {
+      if (fCtx.routeAndParse.mapping.validation) {
+        if (!fCtx.modelValidator) {
+          throw new MisconfiguredError('Requested body validation but supplied no validator');
+        }
+        const errors: string[] = fCtx.modelValidator.validate(
+          fCtx.routeAndParse.mapping.validation.modelName,
+          fCtx.event.parsedBody,
+          fCtx.routeAndParse.mapping.validation.emptyAllowed,
+          fCtx.routeAndParse.mapping.validation.extraPropertiesAllowed,
+        );
+        if (errors.length > 0) {
+          Logger.info('Found errors while validating %s object %j', fCtx.routeAndParse.mapping.validation.modelName, errors);
+          const newError: BadRequestError = new BadRequestError(...errors);
+          throw newError;
+        }
+      }
+    } else {
+      Logger.debug('No validation since no route specified or no parsed body');
+    }
+    return true;
+  }
+
+  public static async validateInboundQueryParams(_fCtx: FilterChainContext): Promise<boolean> {
+    // TODO: Implement ME!
+    return true;
+  }
+
+  public static async validateInboundPathParams(_fCtx: FilterChainContext): Promise<boolean> {
+    // TODO: Implement ME!
+    return true;
+  }
+
+  public static async validateOutboundResponse(fCtx: FilterChainContext): Promise<boolean> {
+    // Use !== true below because commonly it just wont be spec'd
+    if (fCtx?.rawResult) {
+      if (fCtx.routeAndParse.mapping.outboundValidation) {
+        Logger.debug('Applying outbound check to %j', fCtx.rawResult);
+        const errors: string[] = fCtx.modelValidator.validate(
+          fCtx.routeAndParse.mapping.outboundValidation.modelName,
+          fCtx.rawResult,
+          fCtx.routeAndParse.mapping.outboundValidation.emptyAllowed,
+          fCtx.routeAndParse.mapping.outboundValidation.extraPropertiesAllowed,
+        );
+        if (errors.length > 0) {
+          Logger.error(
+            'Found outbound errors while validating %s object %j',
+            fCtx.routeAndParse.mapping.outboundValidation.modelName,
+            errors,
+          );
+          errors.unshift('Server sent object invalid according to spec');
+          throw new RestfulApiHttpError().withErrors(errors).withHttpStatusCode(500).withDetails(fCtx.rawResult);
+        }
+      } else {
+        Logger.debug('Applied no outbound validation because none set');
+      }
+    } else {
+      Logger.debug('No validation since no outbound body or disabled');
+    }
+    return true;
+  }
+
+  public static async autoRespondToOptionsRequestWithCors(
+    fCtx: FilterChainContext,
+    corsMethod: EpsilonCorsApproach = EpsilonCorsApproach.Reflective,
+  ): Promise<boolean> {
+    if (StringRatchet.trimToEmpty(fCtx?.event?.httpMethod).toLowerCase() === 'options') {
+      fCtx.result = {
+        statusCode: 200,
+        body: '{"cors":true, "m":3}',
+      };
+      await BuiltInFilters.addCorsHeadersDynamically(fCtx, corsMethod);
+      return false;
+    } else {
+      return true;
+    }
+  }
+
+  public static async autoRespond(fCtx: FilterChainContext, inBody: any): Promise<boolean> {
+    const body: any = inBody || {
+      message: 'Not Implemented',
+    };
+    fCtx.result = {
+      statusCode: 200,
+      body: JSON.stringify(body),
+    };
+    return false;
+  }
+
+  public static async secureOutboundServerErrorForProduction(
+    fCtx: FilterChainContext,
+    errorMessage: string,
+    errCode: number,
+  ): Promise<boolean> {
+    if (fCtx?.result?.statusCode) {
+      if (errCode === null || fCtx.result.statusCode === errCode) {
+        Logger.warn('Securing outbound error info (was : %j)', fCtx.result.body);
+        fCtx.rawResult = new RestfulApiHttpError(errorMessage).withHttpStatusCode(fCtx.result.statusCode);
+        const oldResult: APIGatewayProxyResult = fCtx.result;
+        fCtx.result = ResponseUtil.errorResponse(fCtx.rawResult);
+        // Need this to preserve any CORS headers, etc
+        fCtx.result.headers = Object.assign({}, oldResult.headers || {}, fCtx.result.headers || {});
+      }
+    }
+    return true;
+  }
+
+  public static async addCorsHeadersDynamically(fCtx: FilterChainContext, corsMethod: EpsilonCorsApproach): Promise<void> {
+    if (corsMethod) {
+      switch (corsMethod) {
+        case EpsilonCorsApproach.All:
+          await BuiltInFilters.addAllowEverythingCORSHeaders(fCtx);
+          break;
+        case EpsilonCorsApproach.Reflective:
+          await BuiltInFilters.addAllowReflectionCORSHeaders(fCtx);
+          break;
+        default: // Also NONE
+        // Do nothing
+      }
+    } else {
+      Logger.warn('Called add CORS headers dynamically but no type supplied, using NONE');
+    }
+  }
+}

package/src/built-in/http/built-in-handlers.ts

@@ -0,0 +1,85 @@
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { RestfulApiHttpError } from '@bitblit/ratchet-common/network/restful-api-http-error';
+import { NumberRatchet } from '@bitblit/ratchet-common/lang/number-ratchet';
+import { APIGatewayEvent, Context } from 'aws-lambda';
+import { ExtendedAPIGatewayEvent } from '../../config/http/extended-api-gateway-event.js';
+import { BadRequestError } from '../../http/error/bad-request-error.js';
+import { EpsilonRouter } from '../../http/route/epsilon-router.js';
+import { UnauthorizedError } from '../../http/error/unauthorized-error.js';
+import { NotFoundError } from '../../http/error/not-found-error.js';
+import { ForbiddenError } from '../../http/error/forbidden-error.js';
+import { NotImplemented } from '../../http/error/not-implemented.js';
+import { MisconfiguredError } from '../../http/error/misconfigured-error.js';
+
+export class BuiltInHandlers {
+  public static async expectedHandledByFilter(evt: ExtendedAPIGatewayEvent, _flag?: string): Promise<any> {
+    throw new MisconfiguredError().withFormattedErrorMessage(
+      'Should not happen - it was expected that route %s would be handled by a filter',
+      evt.path,
+    );
+  }
+
+  public static async handleNotImplemented(evt: ExtendedAPIGatewayEvent, _flag?: string): Promise<any> {
+    Logger.info('A request was made to %s with body %j - not yet implemented', evt.path, evt.body);
+
+    const rval: any = {
+      time: new Date().toLocaleString(),
+      path: evt.path,
+      message: 'NOT IMPLEMENTED YET',
+    };
+
+    return rval;
+  }
+
+  public static async sample(evt: ExtendedAPIGatewayEvent, flag?: string, context?: Context): Promise<any> {
+    const rval: any = {
+      time: new Date().toLocaleString(),
+      evt: evt,
+      pad: StringRatchet.createRandomHexString(2000),
+      flag: flag,
+    };
+
+    if (context) {
+      rval['context'] = context;
+    }
+
+    const errNumber: number = NumberRatchet.safeNumber(evt.queryStringParameters['error']);
+    if (errNumber) {
+      switch (errNumber) {
+        case -1:
+          throw new Error('Test random failure');
+        case 400:
+          throw new BadRequestError('Bad request error');
+        case 401:
+          throw new UnauthorizedError('Unauthorized error');
+        case 403:
+          throw new ForbiddenError('Forbidden error');
+        case 404:
+          throw new NotFoundError('Not Found error');
+        case 501:
+          throw new NotImplemented('Not Implemented');
+        default:
+          throw new RestfulApiHttpError<any>()
+            .withFormattedErrorMessage('Default error - %s', errNumber)
+            .withHttpStatusCode(500)
+            .withDetails({ src: errNumber })
+            .withEndUserErrors(['msg1', 'msg2']);
+      }
+    }
+
+    let test: string = StringRatchet.trimToNull(evt.queryStringParameters['test']);
+    if (test) {
+      test = test.toLowerCase();
+      if (test === 'null') {
+        return null;
+      }
+    }
+
+    return rval;
+  }
+
+  public static async defaultErrorProcessor(event: APIGatewayEvent, err: Error, cfg: EpsilonRouter): Promise<void> {
+    Logger.warn('Unhandled error (in promise catch) : %s \nStack was: %s\nEvt was: %j\nConfig was: %j', err.message, err.stack, event, cfg);
+  }
+}