quidproquo-actionprocessor-awslambda 0.0.74 → 0.0.76

package/lib/awsNamingUtils.d.ts

@@ -5,3 +5,4 @@ export declare const getQpqRuntimeResourceName: (resourceName: string, applicati
 export declare const getQpqRuntimeResourceNameFromConfig: (resourceName: string, qpqConfig: QPQConfig, resourceType?: string) => string;
 export declare const getCFExportNameUserPoolIdFromConfig: (userDirectoryName: string, qpqConfig: QPQConfig, serviceOverride?: string, applicationOverride?: string) => string;
 export declare const getCFExportNameUserPoolClientIdFromConfig: (userDirectoryName: string, qpqConfig: QPQConfig, serviceOverride?: string, applicationOverride?: string) => string;
+export declare const getCFExportNameApiKeyIdFromConfig: (apiKeyName: string, qpqConfig: QPQConfig, serviceOverride?: string, applicationOverride?: string) => string;

package/lib/awsNamingUtils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCFExportNameUserPoolClientIdFromConfig = exports.getCFExportNameUserPoolIdFromConfig = exports.getQpqRuntimeResourceNameFromConfig = exports.getQpqRuntimeResourceName = exports.getConfigRuntimeResourceNameFromConfig = exports.getConfigRuntimeResourceName = void 0;
+exports.getCFExportNameApiKeyIdFromConfig = exports.getCFExportNameUserPoolClientIdFromConfig = exports.getCFExportNameUserPoolIdFromConfig = exports.getQpqRuntimeResourceNameFromConfig = exports.getQpqRuntimeResourceName = exports.getConfigRuntimeResourceNameFromConfig = exports.getConfigRuntimeResourceName = void 0;
 const quidproquo_core_1 = require("quidproquo-core");
 const getConfigRuntimeResourceName = (resourceName, application, service, environment, feature) => {
     const baseName = `${resourceName}-${application}-${service}-${environment}`;
@@ -47,3 +47,11 @@ const getCFExportNameUserPoolClientIdFromConfig = (userDirectoryName, qpqConfig,
     return (0, exports.getQpqRuntimeResourceName)(userDirectoryName, application, service, environment, feature, 'user-pool-client-id-export');
 };
 exports.getCFExportNameUserPoolClientIdFromConfig = getCFExportNameUserPoolClientIdFromConfig;
+const getCFExportNameApiKeyIdFromConfig = (apiKeyName, qpqConfig, serviceOverride, applicationOverride) => {
+    const application = applicationOverride || quidproquo_core_1.qpqCoreUtils.getApplicationName(qpqConfig);
+    const service = serviceOverride || quidproquo_core_1.qpqCoreUtils.getApplicationModuleName(qpqConfig);
+    const environment = quidproquo_core_1.qpqCoreUtils.getApplicationModuleEnvironment(qpqConfig);
+    const feature = quidproquo_core_1.qpqCoreUtils.getApplicationModuleFeature(qpqConfig);
+    return (0, exports.getQpqRuntimeResourceName)(apiKeyName, application, service, environment, feature, 'api-key-id-export');
+};
+exports.getCFExportNameApiKeyIdFromConfig = getCFExportNameApiKeyIdFromConfig;

package/lib/getActionProcessor/core/event/getAPIGatewayEventActionProcessor.js

@@ -59,7 +59,7 @@ const getProcessAutoRespond = (qpqConfig) => {
                 headers: quidproquo_webserver_1.qpqWebServerUtils.getCorsHeaders(qpqConfig, payload.matchResult.config || {}, payload.transformedEventParams.headers),
             });
         }
-        const authValid = yield (0, isAuthValid_1.isAuthValid)(qpqConfig, quidproquo_webserver_1.qpqWebServerUtils.getHeaderValue('Authorization', payload.transformedEventParams.headers), (_a = payload.matchResult.config) === null || _a === void 0 ? void 0 : _a.routeAuthSettings);
+        const authValid = yield (0, isAuthValid_1.isAuthValid)(qpqConfig, quidproquo_webserver_1.qpqWebServerUtils.getHeaderValue('Authorization', payload.transformedEventParams.headers), quidproquo_webserver_1.qpqWebServerUtils.getHeaderValue('x-api-key', payload.transformedEventParams.headers), (_a = payload.matchResult.config) === null || _a === void 0 ? void 0 : _a.routeAuthSettings);
         if (!authValid) {
             return (0, quidproquo_core_1.actionResult)({
                 status: 401,

package/lib/getActionProcessor/core/event/utils/isAuthValid.d.ts

@@ -1,3 +1,3 @@
 import { QPQConfig } from 'quidproquo-core';
 import { RouteAuthSettings } from 'quidproquo-webserver';
-export declare const isAuthValid: (qpqConfig: QPQConfig, authHeader?: string | null, authSettings?: RouteAuthSettings) => Promise<boolean>;
+export declare const isAuthValid: (qpqConfig: QPQConfig, authHeader?: string | null, apiKeyHeader?: string | null, authSettings?: RouteAuthSettings) => Promise<boolean>;

package/lib/getActionProcessor/core/event/utils/isAuthValid.js

@@ -13,10 +13,11 @@ exports.isAuthValid = void 0;
 const quidproquo_core_1 = require("quidproquo-core");
 const verifyJwt_1 = require("../../../../logic/cognito/verifyJwt");
 const getExportedValue_1 = require("../../../../logic/cloudformation/getExportedValue");
+const getApiKeys_1 = require("../../../../logic/apiGateway/getApiKeys");
 const awsNamingUtils_1 = require("../../../../awsNamingUtils");
-const isAuthValid = (qpqConfig, authHeader, authSettings) => __awaiter(void 0, void 0, void 0, function* () {
+const isAuthValidForCognito = (qpqConfig, authSettings, authHeader) => __awaiter(void 0, void 0, void 0, function* () {
     // If there are no auth settings ~ Its valid.
-    if (!authSettings || !authSettings.userDirectoryName) {
+    if (!authSettings.userDirectoryName) {
         return true;
     }
     // We need a header to be able to auth
@@ -38,4 +39,31 @@ const isAuthValid = (qpqConfig, authHeader, authSettings) => __awaiter(void 0, v
     // Verify the token
     return yield (0, verifyJwt_1.verifyJwt)(accessToken, userPoolId, userPoolClientId, 'access');
 });
+const isAuthValidForApiKeys = (qpqConfig, authSettings, apiKeyHeader) => __awaiter(void 0, void 0, void 0, function* () {
+    const apiKeys = authSettings.apiKeys || [];
+    if (apiKeys.length === 0) {
+        return true;
+    }
+    const region = quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
+    const application = quidproquo_core_1.qpqCoreUtils.getApplicationName(qpqConfig);
+    const service = quidproquo_core_1.qpqCoreUtils.getApplicationModuleName(qpqConfig);
+    const environment = quidproquo_core_1.qpqCoreUtils.getApplicationModuleEnvironment(qpqConfig);
+    const feature = quidproquo_core_1.qpqCoreUtils.getApplicationModuleFeature(qpqConfig);
+    const realApiKeys = yield (0, getApiKeys_1.getApiKeys)(region, ...apiKeys.map((apiKey) => {
+        const apiKeyApplication = apiKey.applicationName || application;
+        const apiKeyService = apiKey.serviceName || service;
+        return (0, awsNamingUtils_1.getConfigRuntimeResourceName)(apiKey.name, apiKeyApplication, apiKeyService, environment, feature);
+    }));
+    const index = realApiKeys.findIndex((apiKey) => apiKey.value === apiKeyHeader);
+    return index >= 0;
+});
+const isAuthValid = (qpqConfig, authHeader, apiKeyHeader, authSettings) => __awaiter(void 0, void 0, void 0, function* () {
+    // If there are no auth settings ~ Its valid.
+    if (!authSettings) {
+        return true;
+    }
+    const cognitoValid = yield isAuthValidForCognito(qpqConfig, authSettings, authHeader);
+    const authKeysValid = yield isAuthValidForApiKeys(qpqConfig, authSettings, apiKeyHeader);
+    return cognitoValid && authKeysValid;
+});
 exports.isAuthValid = isAuthValid;

package/lib/logic/apiGateway/getApiKeys.d.ts

@@ -0,0 +1,2 @@
+import { ApiKey } from 'quidproquo-webserver';
+export declare const getApiKeys: (region: string, ...keyNames: string[]) => Promise<ApiKey[]>;

package/lib/logic/apiGateway/getApiKeys.js

@@ -0,0 +1,24 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiKeys = void 0;
+const client_api_gateway_1 = require("@aws-sdk/client-api-gateway");
+const getApiKeys = (region, ...keyNames) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a;
+    const apiGatewayClient = new client_api_gateway_1.APIGatewayClient({ region });
+    const input = {
+        includeValues: true,
+        limit: 500,
+    };
+    const res = yield apiGatewayClient.send(new client_api_gateway_1.GetApiKeysCommand(input));
+    return (((_a = res.items) === null || _a === void 0 ? void 0 : _a.filter((i) => keyNames.indexOf(i.name) >= 0).map((i) => ({ name: i.name, value: i.value, description: i.description }))) || []);
+});
+exports.getApiKeys = getApiKeys;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "quidproquo-actionprocessor-awslambda",
-  "version": "0.0.74",
+  "version": "0.0.76",
   "description": "",
   "main": "./lib/index.js",
   "types": "./lib/index.d.js",
@@ -25,14 +25,15 @@
   },
   "homepage": "https://github.com/joe-coady/quidproquo#readme",
   "dependencies": {
-    "@aws-sdk/client-cloudformation": "^3.266.0",
-    "@aws-sdk/client-cognito-identity-provider": "^3.266.0",
-    "@aws-sdk/client-s3": "^3.266.0",
-    "@aws-sdk/client-secrets-manager": "^3.266.0",
-    "@aws-sdk/client-sqs": "^3.266.0",
-    "@aws-sdk/client-ssm": "^3.266.0",
+    "@aws-sdk/client-api-gateway": "^3.278.0",
+    "@aws-sdk/client-cloudformation": "^3.278.0",
+    "@aws-sdk/client-cognito-identity-provider": "^3.278.0",
+    "@aws-sdk/client-s3": "^3.278.0",
+    "@aws-sdk/client-secrets-manager": "^3.278.0",
+    "@aws-sdk/client-sqs": "^3.278.0",
+    "@aws-sdk/client-ssm": "^3.278.0",
     "aws-jwt-verify": "^3.4.0",
-    "aws-sdk": "^2.1264.0",
+    "aws-sdk": "^2.1322.0",
     "node-match-path": "^0.6.3",
     "quidproquo-core": "*",
     "quidproquo-webserver": "*"