@bitblit/ratchet-epsilon-common 6.0.146-alpha → 6.0.148-alpha

package/src/http/event-util.ts

@@ -0,0 +1,272 @@
+import { APIGatewayEvent, APIGatewayEventRequestContext, AuthResponseContext } from 'aws-lambda';
+import { UnauthorizedError } from './error/unauthorized-error.js';
+import { BadRequestError } from './error/bad-request-error.js';
+import { EpsilonLoggerConfig } from '../config/epsilon-logger-config.js';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+
+import jwt from 'jsonwebtoken';
+import { ExtendedAuthResponseContext } from './route/extended-auth-response-context.js';
+import { BasicAuthToken } from './auth/basic-auth-token.js';
+import { EpsilonConstants } from '../epsilon-constants.js';
+import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
+import { LoggerLevelName } from '@bitblit/ratchet-common/logger/logger-level-name';
+import { Base64Ratchet } from '@bitblit/ratchet-common/lang/base64-ratchet';
+import { MapRatchet } from '@bitblit/ratchet-common/lang/map-ratchet';
+import { EnumRatchet } from '@bitblit/ratchet-common/lang/enum-ratchet';
+
+/**
+ * Endpoints about the api itself
+ */
+export class EventUtil {
+  public static readonly LOCAL_REGEX: RegExp[] = [new RegExp('^127\\.0\\.0\\.1(:\\d+)?$'), new RegExp('^localhost(:\\d+)?$')];
+  public static readonly NON_ROUTABLE_REGEX: RegExp[] = EventUtil.LOCAL_REGEX.concat([
+    new RegExp('^192\\.168\\.\\d+\\.\\d+(:\\d+)?$'),
+    new RegExp('^10\\.\\d+\\.\\d+\\.\\d+(:\\d+)?$'),
+    new RegExp('^172\\.16\\.\\d+\\.\\d+(:\\d+)?$'),
+  ]);
+
+  // Prevent instantiation
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  private constructor() {}
+
+  public static extractStage(event: APIGatewayEvent): string {
+    // This differs from extractApiGatewayStage in that the "real" stage can be
+    // mapped differently than the gateway stage.  This extracts the "real" stage
+    // as just being the first part of the path.  If they are the same, no harm no
+    // foul
+    if (!event.path.startsWith('/')) {
+      throw new BadRequestError('Path should start with / but does not : ' + event.path);
+    }
+    const idx = event.path.indexOf('/', 1);
+    if (idx == -1) {
+      throw new BadRequestError('No second / found in the path : ' + event.path);
+    }
+    return event.path.substring(1, idx);
+  }
+
+  public static extractHostHeader(event: APIGatewayEvent): string {
+    return MapRatchet.extractValueFromMapIgnoreCase(event.headers, 'Host');
+  }
+
+  public static extractProtocol(event: APIGatewayEvent): string {
+    // Since API gateway / ALB ALWAYS sets this
+    return MapRatchet.extractValueFromMapIgnoreCase(event.headers, 'X-Forwarded-Proto');
+  }
+
+  public static extractApiGatewayStage(event: APIGatewayEvent): string {
+    const rc: APIGatewayEventRequestContext = EventUtil.extractRequestContext(event);
+    return rc ? rc.stage : null;
+  }
+
+  public static extractRequestContext(event: APIGatewayEvent): APIGatewayEventRequestContext {
+    return event.requestContext;
+  }
+
+  public static extractAuthorizer(event: APIGatewayEvent): AuthResponseContext {
+    const rc: APIGatewayEventRequestContext = EventUtil.extractRequestContext(event);
+    return rc ? rc.authorizer : null;
+  }
+
+  public static ipAddressChain(event: APIGatewayEvent): string[] {
+    const headerVal: string = event && event.headers ? MapRatchet.extractValueFromMapIgnoreCase(event.headers, 'X-Forwarded-For') : null;
+    let headerList: string[] = headerVal ? String(headerVal).split(',') : [];
+    headerList = headerList.map((s) => s.trim());
+    return headerList;
+  }
+
+  public static ipAddress(event: APIGatewayEvent): string {
+    const list: string[] = EventUtil.ipAddressChain(event);
+    return list && list.length > 0 ? list[0] : null;
+  }
+
+  public static extractFullPath(event: APIGatewayEvent, overrideProtocol: string = null): string {
+    const protocol: string = overrideProtocol || EventUtil.extractProtocol(event) || 'https';
+    return protocol + '://' + event.requestContext['domainName'] + event.requestContext.path;
+  }
+
+  public static extractFullPrefix(event: APIGatewayEvent, overrideProtocol: string = null): string {
+    const protocol: string = overrideProtocol || EventUtil.extractProtocol(event) || 'https';
+    const prefix: string = event.requestContext.path.substring(0, event.requestContext.path.indexOf('/', 1));
+    return protocol + '://' + event.requestContext['domainName'] + prefix;
+  }
+
+  public static jsonBodyToObject(evt: APIGatewayEvent): any {
+    let rval: any = null;
+    if (evt.body) {
+      const contentType = MapRatchet.extractValueFromMapIgnoreCase(evt.headers, 'Content-Type') || 'application/octet-stream';
+      rval = evt.body;
+
+      if (evt.isBase64Encoded) {
+        rval = Base64Ratchet.base64StringToString(rval); //Buffer.from(rval, 'base64');
+      }
+      if (contentType.startsWith('application/json')) {
+        // to handle cases where the charset is specified
+        rval = JSON.parse(rval.toString('ascii'));
+      }
+    }
+    return rval;
+  }
+
+  public static calcLogLevelViaEventOrEnvParam(
+    curLevel: LoggerLevelName,
+    event: APIGatewayEvent,
+    rConfig: EpsilonLoggerConfig,
+  ): LoggerLevelName {
+    let rval: LoggerLevelName = curLevel;
+    if (rConfig?.envParamLogLevelName && process.env[rConfig.envParamLogLevelName]) {
+      rval = EnumRatchet.keyToEnum<LoggerLevelName>(LoggerLevelName, process.env[rConfig.envParamLogLevelName]);
+      Logger.silly('Found env log level : %s', rval);
+    }
+    if (
+      rConfig &&
+      rConfig.queryParamLogLevelName &&
+      event &&
+      event.queryStringParameters &&
+      event.queryStringParameters[rConfig.queryParamLogLevelName]
+    ) {
+      rval = EnumRatchet.keyToEnum<LoggerLevelName>(LoggerLevelName, event.queryStringParameters[rConfig.queryParamLogLevelName]);
+      Logger.silly('Found query log level : %s', rval);
+    }
+    return rval;
+  }
+
+  /**
+   * This is a weird function - sometimes your customers will not decode their query params and it
+   * results in query params that look like 'amp;SOMETHING' instead of 'SOMETHING'.  This function
+   * looks for params that look like that, and strips the amp; from them.  If you have any
+   * params you are expecting that have 'amp;' in front of them, DON'T use this function.
+   *
+   * Also, you are a moron for having a param that looks like that
+   *
+   * Yes, it would be better to fix this on the client side, but that is not always an option
+   * in production
+   * @param event
+   */
+  public static fixStillEncodedQueryParams(event: APIGatewayEvent): void {
+    if (event?.queryStringParameters) {
+      const newParams: any = {};
+      Object.keys(event.queryStringParameters).forEach((k) => {
+        const val: string = event.queryStringParameters[k];
+        if (k.toLowerCase().startsWith('amp;')) {
+          newParams[k.substring(4)] = val;
+        } else {
+          newParams[k] = val;
+        }
+      });
+      event.queryStringParameters = newParams;
+    }
+    if (event?.multiValueQueryStringParameters) {
+      const newParams: any = {};
+      Object.keys(event.multiValueQueryStringParameters).forEach((k) => {
+        const val: string[] = event.multiValueQueryStringParameters[k];
+        if (k.toLowerCase().startsWith('amp;')) {
+          newParams[k.substring(4)] = val;
+        } else {
+          newParams[k] = val;
+        }
+      });
+      event.multiValueQueryStringParameters = newParams;
+    }
+  }
+
+  /**
+   * Allows you to force in a token for an arbitrary event without having to pass the whole thing
+   * through Epsilon.  Useful for when you need to test a handler that needs authorization,
+   * and don't need to instantiate all of epsilon, just the handler
+   * @param event Event to decorate
+   * @param jwtToken String containing a valid JWT token
+   */
+  public static applyTokenToEventForTesting(event: APIGatewayEvent, jwtToken: string): void {
+    const jwtFullData: any = jwt.decode(jwtToken, { complete: true });
+    if (!jwtFullData['payload']) {
+      throw new Error('No payload found in passed token');
+    }
+    // CAW 2020-05-03 : Have to strip the payload layer to match behavior of WebTokenManipulator in live
+    const jwtData: any = jwtFullData['payload'];
+
+    // Make the header consistent with the authorizer
+    event.headers = event.headers || {};
+    event.headers[EpsilonConstants.AUTH_HEADER_NAME.toLowerCase()] = 'Bearer ' + jwtToken;
+
+    event.requestContext = event.requestContext || ({} as APIGatewayEventRequestContext);
+    const newAuth: ExtendedAuthResponseContext = Object.assign({}, event.requestContext.authorizer) as ExtendedAuthResponseContext;
+    newAuth.userData = jwtData;
+    newAuth.userDataJSON = jwtData ? JSON.stringify(jwtData) : null;
+    newAuth.srcData = jwtToken;
+    event.requestContext.authorizer = newAuth;
+  }
+
+  public static extractBasicAuthenticationToken(event: APIGatewayEvent, throwErrorOnMissingBad: boolean = false): BasicAuthToken {
+    let rval: BasicAuthToken = null;
+    if (!!event && !!event.headers) {
+      const headerVal: string = EventUtil.extractAuthorizationHeaderCaseInsensitive(event);
+      if (!!headerVal && headerVal.startsWith('Basic ')) {
+        const parsed: string = Base64Ratchet.base64StringToString(headerVal.substring(6));
+        const sp: string[] = parsed.split(':');
+        Logger.silly('Parsed to %j', sp);
+        if (!!sp && sp.length === 2) {
+          rval = {
+            username: sp[0],
+            password: sp[1],
+          };
+        }
+      }
+    }
+
+    if (!rval && throwErrorOnMissingBad) {
+      throw new UnauthorizedError('Could not find valid basic authentication header');
+    }
+    return rval;
+  }
+
+  public static eventIsAGraphQLIntrospection(event: APIGatewayEvent): boolean {
+    let rval: boolean = false;
+    if (event) {
+      if (!!event.httpMethod && 'post' === event.httpMethod.toLowerCase()) {
+        if (!!event.path && event.path.endsWith('/graphql')) {
+          try {
+            const body: any = EventUtil.jsonBodyToObject(event);
+            rval = !!body && !!body['operationName'] && body['operationName'] === 'IntrospectionQuery';
+          } catch (err) {
+            Logger.error('Failed to parse body - treating as non-graphql : %s : %s', event?.body, err, err);
+            rval = false;
+          }
+        }
+      }
+    }
+    return rval;
+  }
+
+  public static extractAuthorizationHeaderCaseInsensitive(evt: APIGatewayEvent): string {
+    return MapRatchet.caseInsensitiveAccess<string>(evt?.headers || {}, EpsilonConstants.AUTH_HEADER_NAME);
+  }
+
+  public static extractBearerTokenFromEvent(evt: APIGatewayEvent): string {
+    let rval: string = null;
+    const authHeader: string = StringRatchet.trimToEmpty(EventUtil.extractAuthorizationHeaderCaseInsensitive(evt));
+    if (authHeader.toLowerCase().startsWith('bearer ')) {
+      rval = authHeader.substring(7);
+    }
+    return rval;
+  }
+
+  public static hostMatchesRegexInList(host: string, list: RegExp[], caseSensitive?: boolean): boolean {
+    let rval: boolean = false;
+    if (StringRatchet.trimToNull(host) && list?.length) {
+      // If not, cannot match by definition
+      const test: string = StringRatchet.trimToEmpty(caseSensitive ? host : host.toLowerCase());
+      rval = !!list.find((l) => test.match(l));
+    } else {
+      Logger.warn('Not matching regex - either host or list is misconfigured : %s : %j', host, list);
+    }
+    return rval;
+  }
+
+  public static hostIsLocal(host: string): boolean {
+    return EventUtil.hostMatchesRegexInList(host, EventUtil.LOCAL_REGEX);
+  }
+
+  public static hostIsLocalOrNotRoutableIP4(host: string): boolean {
+    return EventUtil.hostMatchesRegexInList(host, EventUtil.NON_ROUTABLE_REGEX);
+  }
+}

package/src/http/response-util.spec.ts

@@ -0,0 +1,117 @@
+import { APIGatewayEvent, APIGatewayEventRequestContext, ProxyResult } from 'aws-lambda';
+import { ResponseUtil } from './response-util.js';
+import path from 'path';
+import fs from 'fs';
+import { FilterChainContext } from '../config/http/filter-chain-context.js';
+import { ExtendedAPIGatewayEvent } from '../config/http/extended-api-gateway-event.js';
+import { BuiltInFilters } from '../built-in/http/built-in-filters.js';
+import { EpsilonConstants } from '../epsilon-constants.js';
+import { EsmRatchet } from '@bitblit/ratchet-common/lang/esm-ratchet';
+import { describe, expect, test } from 'vitest';
+
+describe('#responseUtil', function () {
+  test('should correctly combine a redirect url and query params', function () {
+    const evt: APIGatewayEvent = {
+      httpMethod: 'get',
+      multiValueHeaders: {},
+      multiValueQueryStringParameters: {},
+      path: '/v0/meta/server',
+      body: null,
+      headers: null,
+      isBase64Encoded: false,
+      pathParameters: null,
+      stageVariables: null,
+      resource: null,
+      queryStringParameters: {
+        a: 'b',
+        c: 'd',
+      },
+      requestContext: {
+        stage: 'v0',
+      } as APIGatewayEventRequestContext,
+    } as APIGatewayEvent;
+
+    const out1: ProxyResult = ResponseUtil.redirect('myTarget?e=f', 301, evt.queryStringParameters);
+    expect(out1).toBeTruthy();
+    expect(out1.headers).toBeTruthy();
+    expect(out1.headers.Location).toEqual('myTarget?e=f&a=b&c=d');
+
+    const out2: ProxyResult = ResponseUtil.redirect('myTarget', 301, evt.queryStringParameters);
+    expect(out2).toBeTruthy();
+    expect(out2.headers).toBeTruthy();
+    expect(out2.headers.Location).toEqual('myTarget?a=b&c=d');
+  });
+
+  test('should leave already encoded stuff alone', async () => {
+    const singlePixel: string = fs
+      .readFileSync(path.join(EsmRatchet.fetchDirName(import.meta.url), '../../../../test-data/epsilon/test.png'))
+      .toString('base64');
+
+    const temp: ProxyResult = {
+      body: singlePixel,
+      statusCode: 200,
+      isBase64Encoded: true,
+      headers: {
+        'content-type': 'application/zip',
+        'content-disposition': 'attachment; filename="adomni_bs_' + new Date().getTime() + '.zip"',
+      },
+    } as ProxyResult;
+
+    const cast: ProxyResult = ResponseUtil.coerceToProxyResult(temp);
+    expect(cast.body).toEqual(temp.body);
+
+    const gzip: ProxyResult = await ResponseUtil.applyGzipIfPossible('gzip', cast);
+    expect(cast.body).toEqual(gzip.body);
+  });
+
+  test('should add cors to proxy result MATCH 1', async () => {
+    const evt: ExtendedAPIGatewayEvent = JSON.parse(
+      fs
+        .readFileSync(
+          path.join(EsmRatchet.fetchDirName(import.meta.url), '../../../../test-data/epsilon/sample-json/sample-request-1.json'),
+        )
+        .toString(),
+    );
+    const proxy: ProxyResult = {} as ProxyResult;
+    const fCtx: FilterChainContext = {
+      event: evt,
+      rawResult: null,
+      context: null,
+      result: proxy,
+      routeAndParse: null,
+      modelValidator: null,
+      authenticators: null,
+    };
+
+    await BuiltInFilters.addAllowReflectionCORSHeaders(fCtx);
+
+    expect(proxy.headers).toBeTruthy();
+    expect(proxy.headers['Access-Control-Allow-Origin']).toEqual('http://localhost:4200');
+    expect(proxy.headers['Access-Control-Allow-Methods']).toEqual('GET');
+    expect(proxy.headers['Access-Control-Allow-Headers']).toEqual(EpsilonConstants.AUTH_HEADER_NAME.toLowerCase());
+  });
+
+  test('should add cors to proxy result MATCH 2', async () => {
+    const evt: ExtendedAPIGatewayEvent = JSON.parse(
+      fs
+        .readFileSync(
+          path.join(EsmRatchet.fetchDirName(import.meta.url), '../../../../test-data/epsilon/sample-json/sample-request-2.json'),
+        )
+        .toString(),
+    );
+    const proxy: ProxyResult = {} as ProxyResult;
+    const fCtx: FilterChainContext = {
+      event: evt,
+      rawResult: null,
+      context: null,
+      result: proxy,
+      routeAndParse: null,
+      modelValidator: null,
+      authenticators: null,
+    };
+
+    await BuiltInFilters.addAllowReflectionCORSHeaders(fCtx);
+
+    expect(proxy.headers).toBeTruthy();
+  });
+});

package/src/http/response-util.ts

@@ -0,0 +1,164 @@
+import { ProxyResult } from 'aws-lambda';
+import { Logger } from '@bitblit/ratchet-common/logger/logger';
+import { RestfulApiHttpError } from '@bitblit/ratchet-common/network/restful-api-http-error';
+import { MapRatchet } from '@bitblit/ratchet-common/lang/map-ratchet';
+import zlib from 'zlib';
+
+export class ResponseUtil {
+  // Prevent instantiation
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  private constructor() {}
+
+  // Because of some variance in how browsers encode spaces
+  public static decodeUriComponentAndReplacePlus(val: string): string {
+    return decodeURIComponent(val.replace(/\+/g, ' '));
+  }
+
+  public static errorResponse<T>(err: RestfulApiHttpError<T>): ProxyResult {
+    const body: any = {
+      errors: err.errors,
+      httpStatusCode: err.httpStatusCode,
+      requestId: err.requestId,
+    };
+    if (err.detailErrorCode) {
+      body['detailErrorCode'] = err.detailErrorCode;
+    }
+    if (err.endUserErrors && err.endUserErrors.length > 0) {
+      body['endUserErrors'] = err.endUserErrors;
+    }
+    if (err.details) {
+      body['details'] = err.details;
+    }
+    if (err.wrappedError) {
+      body['wrappedError'] = err.wrappedError.name + ' : ' + err.wrappedError.message;
+    }
+
+    // No wrapped error since its already copied
+
+    const errorResponse: ProxyResult = {
+      statusCode: err.httpStatusCode,
+      isBase64Encoded: false,
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    };
+
+    return errorResponse;
+  }
+
+  public static redirect(target: string, code: number = 301, queryParams: any = null): ProxyResult {
+    if (code !== 301 && code !== 302 && code !== 307) {
+      throw new Error('Code must be 301 or 302 or 307 for a redirect');
+    }
+
+    let redirectTarget: string = target;
+    if (queryParams) {
+      const keys: string[] = Object.keys(queryParams);
+      if (keys.length > 0) {
+        Logger.silly('Applying params to input target : %j', queryParams);
+        redirectTarget += redirectTarget.indexOf('?') === -1 ? '?' : '&';
+        for (let i = 0; i < keys.length; i++) {
+          const k: string = keys[i];
+          // TODO: make sure not double encoding
+          redirectTarget += k + '=' + encodeURIComponent(queryParams[k]);
+          if (i < keys.length - 1) {
+            redirectTarget += '&';
+          }
+        }
+      }
+    }
+
+    return {
+      statusCode: code,
+      body: '{"redirect-target":"' + redirectTarget + '}',
+      headers: {
+        'Content-Type': 'application/json',
+        Location: redirectTarget,
+      },
+    } as ProxyResult;
+  }
+
+  public static coerceToProxyResult(input: any): ProxyResult {
+    let rval: ProxyResult = null;
+
+    if (input != null) {
+      if (typeof input === 'object') {
+        if (input.statusCode && input.body !== undefined) {
+          rval = Object.assign({}, input) as ProxyResult;
+          if (typeof input.body === 'string') {
+            // Do Nothing
+          } else if (Buffer.isBuffer(input.body)) {
+            rval.body = input.body.toString('base64');
+            rval.headers = input.headers || {};
+            rval.headers['Content-Type'] = input.body.contentType; // TODO: Does this work?
+            rval.isBase64Encoded = true;
+          }
+        } else {
+          // Its a generic object
+          const headers: any = input.headers || {};
+          headers['Content-Type'] = 'application/json';
+          rval = ResponseUtil.coerceToProxyResult({
+            statusCode: 200,
+            body: JSON.stringify(input),
+            headers: headers,
+            isBase64Encoded: false,
+          });
+        }
+      } else if (typeof input === 'string' || Buffer.isBuffer(input)) {
+        rval = ResponseUtil.coerceToProxyResult({ statusCode: 200, body: input });
+      } else {
+        // boolean , number, etc - other top level types
+        // See : https://stackoverflow.com/questions/18419428/what-is-the-minimum-valid-json
+        const headers: any = input.headers || {};
+        headers['Content-Type'] = 'application/json';
+        rval = ResponseUtil.coerceToProxyResult({
+          statusCode: 200,
+          body: JSON.stringify(input),
+          headers: headers,
+          isBase64Encoded: false,
+        });
+      }
+    }
+
+    return rval;
+  }
+
+  public static async applyGzipIfPossible(encodingHeader: string, proxyResult: ProxyResult): Promise<ProxyResult> {
+    const rval: ProxyResult = proxyResult;
+    if (encodingHeader && encodingHeader.toLowerCase().indexOf('gzip') > -1) {
+      const bigEnough: boolean = proxyResult.body.length > 1400; // MTU packet is 1400 bytes
+      let contentType: string = MapRatchet.extractValueFromMapIgnoreCase(proxyResult.headers, 'content-type') || '';
+      contentType = contentType.toLowerCase();
+      const exemptContent: boolean =
+        contentType === 'application/pdf' || contentType === 'application/zip' || contentType.startsWith('image/');
+      if (bigEnough && !exemptContent) {
+        const asBuffer: Buffer = proxyResult.isBase64Encoded ? Buffer.from(proxyResult.body, 'base64') : Buffer.from(proxyResult.body);
+        const zipped: Buffer = await this.gzip(asBuffer);
+        Logger.debug('Comp from %s to %d bytes', asBuffer.length, zipped.length);
+        const zipped64: string = zipped.toString('base64');
+
+        rval.body = zipped64;
+        rval.isBase64Encoded = true;
+        rval.headers = rval.headers || {};
+        rval.headers['Content-Encoding'] = 'gzip';
+      } else {
+        Logger.silly('Not gzipping, too small or exempt content');
+      }
+    } else {
+      Logger.silly('Not gzipping, not an accepted encoding');
+    }
+
+    return rval;
+  }
+
+  public static gzip(input: Buffer): Promise<Buffer> {
+    const promise = new Promise<Buffer>(function (resolve, reject) {
+      zlib.gzip(input, function (error, result) {
+        if (!error) resolve(result);
+        else reject(error);
+      });
+    });
+    return promise;
+  }
+}

package/src/http/route/epsilon-router.ts

@@ -0,0 +1,9 @@
+import { RouteMapping } from './route-mapping.js';
+import { ModelValidator } from '@bitblit/ratchet-misc/model-validator/model-validator';
+import { HttpConfig } from '../../config/http/http-config.js';
+
+export interface EpsilonRouter {
+  routes: RouteMapping[];
+  openApiModelValidator: ModelValidator; // Must be set to use model validation in your route mappings
+  config: HttpConfig;
+}

package/src/http/route/extended-auth-response-context.ts

@@ -0,0 +1,7 @@
+import { AuthResponseContext } from 'aws-lambda';
+
+export interface ExtendedAuthResponseContext extends AuthResponseContext {
+  userData: any; // The parsed data in the JWT token (ALB/API gateway auth won't populate this since it only allows strings
+  userDataJSON: string; // The data in the JWT token as a JSON string (for the API authorizer)
+  srcData: string; // The original JWT token
+}

package/src/http/route/route-and-parse.ts

@@ -0,0 +1,8 @@
+import { RouteMapping } from './route-mapping.js';
+import Route from 'route-parser';
+
+export interface RouteAndParse {
+  mapping: RouteMapping;
+  route: Route;
+  parsed: any;
+}

package/src/http/route/route-mapping.ts

@@ -0,0 +1,21 @@
+import { RouteValidatorConfig } from './route-validator-config.js';
+import { HandlerFunction } from '../../config/http/handler-function.js';
+import { HttpProcessingConfig } from '../../config/http/http-processing-config.js';
+
+export interface RouteMapping {
+  method: string;
+  path: string;
+  function: HandlerFunction<any>;
+
+  // This will always be set, either pointing at a specific one or the default one
+  metaProcessingConfig: HttpProcessingConfig;
+  // If this is set, and fails, then it will 400
+  validation: RouteValidatorConfig;
+  // If this is set, enabled, and fails, then it will 500
+  outboundValidation: RouteValidatorConfig;
+
+  // If this is set, then :
+  // If there is no token / bad token in the request, this will 401
+  // If there is a required role that isn't found it will 403
+  authorizerName: string;
+}

package/src/http/route/route-validator-config.ts

@@ -0,0 +1,5 @@
+export interface RouteValidatorConfig {
+  modelName: string; // Must be a valid entry in the model validator
+  emptyAllowed: boolean; // If true, an empty body passes validation, otherwise fails
+  extraPropertiesAllowed: boolean; // If true, extra properties in the body don't cause failure
+}

package/src/http/route/router-util.spec.ts

@@ -0,0 +1,33 @@
+import { RouterUtil } from './router-util.js';
+import { RouteAndParse } from '../web-handler.js';
+import { APIGatewayEvent } from 'aws-lambda';
+import { EpsilonGlobalHandler } from '../../epsilon-global-handler.js';
+import { SampleServerComponents } from '../../sample/sample-server-components.js';
+import { describe, expect, test } from 'vitest';
+
+describe('#routerUtilApplyOpenApiDoc', function () {
+  test('should create a router config from a yaml file', async () => {
+    const inst: EpsilonGlobalHandler = await SampleServerComponents.createSampleEpsilonGlobalHandler('routerUtilApplyOpenApiDoc-jest');
+
+    expect(inst.epsilon.modelValidator).toBeTruthy();
+    expect(inst.epsilon.modelValidator.fetchModel('AccessTokenRequest')).toBeTruthy();
+
+    // TODO: move this to its own test
+    const evt: APIGatewayEvent = {
+      httpMethod: 'get',
+      path: '/v0/meta/server',
+      requestContext: {
+        stage: 'v0',
+      },
+    } as APIGatewayEvent;
+
+    const find: RouteAndParse = await inst.epsilon.webHandler.findBestMatchingRoute(evt);
+    expect(find).toBeTruthy();
+  });
+
+  test('should reformat a path to match the other library', function () {
+    const inString: string = '/meta/item/{itemId}';
+    const outString: string = RouterUtil.openApiPathToRouteParserPath(inString);
+    expect(outString).toEqual('/meta/item/:itemId');
+  });
+});