@valentine-efagene/qshelter-common 2.0.129 → 2.0.132
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -39,13 +39,22 @@ export class ConfigService {
|
|
|
39
39
|
return cached;
|
|
40
40
|
const pathPrefix = `/qshelter/${stage}/`;
|
|
41
41
|
try {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
42
|
+
// Paginate through all SSM parameters
|
|
43
|
+
const params = [];
|
|
44
|
+
let nextToken;
|
|
45
|
+
do {
|
|
46
|
+
const command = new GetParametersByPathCommand({
|
|
47
|
+
Path: pathPrefix,
|
|
48
|
+
Recursive: true,
|
|
49
|
+
WithDecryption: false,
|
|
50
|
+
NextToken: nextToken,
|
|
51
|
+
});
|
|
52
|
+
const response = await this.ssmClient.send(command);
|
|
53
|
+
if (response.Parameters) {
|
|
54
|
+
params.push(...response.Parameters);
|
|
55
|
+
}
|
|
56
|
+
nextToken = response.NextToken;
|
|
57
|
+
} while (nextToken);
|
|
49
58
|
const config = {
|
|
50
59
|
vpcId: this.getParamValue(params, `${pathPrefix}vpc-id`),
|
|
51
60
|
dbSecurityGroupId: this.getParamValue(params, `${pathPrefix}db-security-group-id`),
|
|
@@ -23,8 +23,9 @@ export interface AuthContext {
|
|
|
23
23
|
* Extracts auth context from API Gateway authorizer or JWT token.
|
|
24
24
|
*
|
|
25
25
|
* Priority:
|
|
26
|
-
* 1.
|
|
27
|
-
* 2.
|
|
26
|
+
* 1. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
|
|
27
|
+
* 2. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
|
|
28
|
+
* 3. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
|
|
28
29
|
*
|
|
29
30
|
* In production, the Lambda Authorizer validates the JWT and injects context.
|
|
30
31
|
* In LocalStack (no authorizer), we decode the JWT directly since it contains
|
|
@@ -19,8 +19,9 @@ function decodeJwtPayload(token) {
|
|
|
19
19
|
* Extracts auth context from API Gateway authorizer or JWT token.
|
|
20
20
|
*
|
|
21
21
|
* Priority:
|
|
22
|
-
* 1.
|
|
23
|
-
* 2.
|
|
22
|
+
* 1. HTTP API v2 simple response: requestContext.authorizer.lambda (enableSimpleResponses=true)
|
|
23
|
+
* 2. REST API / HTTP API: requestContext.authorizer (enableSimpleResponses=false)
|
|
24
|
+
* 3. Fallback: Decode JWT from Authorization header (LocalStack/dev/tests)
|
|
24
25
|
*
|
|
25
26
|
* In production, the Lambda Authorizer validates the JWT and injects context.
|
|
26
27
|
* In LocalStack (no authorizer), we decode the JWT directly since it contains
|
|
@@ -31,8 +32,18 @@ function decodeJwtPayload(token) {
|
|
|
31
32
|
*/
|
|
32
33
|
export function extractAuthContext(req) {
|
|
33
34
|
const lambdaReq = req;
|
|
34
|
-
// Production: API Gateway Lambda integration populates requestContext
|
|
35
35
|
const authorizer = lambdaReq.requestContext?.authorizer;
|
|
36
|
+
// HTTP API v2 with enableSimpleResponses=true: context is under authorizer.lambda
|
|
37
|
+
const lambdaContext = authorizer?.lambda;
|
|
38
|
+
if (lambdaContext?.userId && lambdaContext?.tenantId) {
|
|
39
|
+
return {
|
|
40
|
+
userId: lambdaContext.userId,
|
|
41
|
+
tenantId: lambdaContext.tenantId,
|
|
42
|
+
email: lambdaContext.email,
|
|
43
|
+
roles: lambdaContext.roles ? JSON.parse(lambdaContext.roles) : [],
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
// REST API / HTTP API with enableSimpleResponses=false: context is directly on authorizer
|
|
36
47
|
if (authorizer?.userId && authorizer?.tenantId) {
|
|
37
48
|
return {
|
|
38
49
|
userId: authorizer.userId,
|
package/package.json
CHANGED