serverless-offline 10.1.0 → 10.2.1

package/package.json

@@ -1,7 +1,7 @@
 {
   "dedicatedTo": "Blue, a great migrating bird.",
   "name": "serverless-offline",
-  "version": "10.1.0",
+  "version": "10.2.1",
   "description": "Emulate AWS λ and API Gateway locally when developing your Serverless project",
   "license": "MIT",
   "exports": {
@@ -86,16 +86,16 @@
     "@hapi/h2o2": "^9.1.0",
     "@hapi/hapi": "^20.2.2",
     "@serverless/utils": "^6.7.0",
-    "aws-sdk": "^2.1215.0",
+    "aws-sdk": "^2.1222.0",
     "boxen": "^7.0.0",
     "chalk": "^5.0.1",
     "execa": "^6.1.0",
     "fs-extra": "^10.1.0",
     "java-invoke-local": "0.0.6",
+    "jose": "^4.9.3",
     "js-string-escape": "^1.0.1",
     "jsonpath-plus": "^7.2.0",
     "jsonschema": "^1.4.1",
-    "jsonwebtoken": "^8.5.1",
     "jszip": "^3.10.1",
     "luxon": "^3.0.3",
     "node-fetch": "^3.2.10",
@@ -104,7 +104,7 @@
     "p-memoize": "^7.1.0",
     "p-retry": "^5.1.1",
     "velocityjs": "^2.0.6",
-    "ws": "^8.8.1"
+    "ws": "^8.9.0"
   },
   "devDependencies": {
     "@istanbuljs/esm-loader-hook": "^0.2.0",

package/src/ServerlessOffline.js

@@ -65,9 +65,9 @@ export default class ServerlessOffline {
     const { httpEvents, lambdas, scheduleEvents, webSocketEvents } =
       this.#getEvents()
 
-    // if (lambdas.length > 0) {
-    await this.#createLambda(lambdas)
-    // }
+    if (lambdas.length > 0) {
+      await this.#createLambda(lambdas)
+    }
 
     const eventModules = []
 
@@ -206,9 +206,11 @@ export default class ServerlessOffline {
       this.#lambda,
     )
 
+    await this.#webSocket.createServer()
+
     this.#webSocket.create(events)
 
-    return this.#webSocket.start()
+    await this.#webSocket.start()
   }
 
   #mergeOptions() {
@@ -335,7 +337,7 @@ export default class ServerlessOffline {
             }
           }
 
-          if (http && http.private) {
+          if (http?.private) {
             hasPrivateHttpEvent = true
           }
 

package/src/events/http/HttpServer.js

@@ -440,7 +440,7 @@ export default class HttpServer {
             !this.#apiKeysValues.has(apiKey)
           ) {
             log.debug(
-              `Method ${method} of function ${functionKey} token ${apiKey} not valid`,
+              `Method '${method}' of function '${functionKey}' token '${apiKey}' not valid.`,
             )
 
             return errorResponse()
@@ -452,15 +452,18 @@ export default class HttpServer {
         ) {
           const { usageIdentifierKey } = request.auth.credentials
 
-          if (usageIdentifierKey !== this.#options.apiKey) {
+          if (
+            usageIdentifierKey !== this.#options.apiKey &&
+            !this.#apiKeysValues.has(usageIdentifierKey)
+          ) {
             log.debug(
-              `Method ${method} of function ${functionKey} token ${usageIdentifierKey} not valid`,
+              `Method '${method}' of function '${functionKey}' token '${usageIdentifierKey}' not valid.`,
             )
 
             return errorResponse()
           }
         } else {
-          log.debug(`Missing x-api-key on private function ${functionKey}`)
+          log.debug(`Missing 'x-api-key' on private function '${functionKey}'.`)
 
           return errorResponse()
         }

package/src/events/http/createJWTAuthScheme.js

@@ -1,6 +1,6 @@
 import Boom from '@hapi/boom'
 import { log } from '@serverless/utils/log.js'
-import { decode } from 'jsonwebtoken'
+import { decodeJwt } from 'jose'
 
 const { isArray } = Array
 
@@ -35,18 +35,14 @@ export default function createAuthScheme(jwtOptions) {
       }
 
       try {
-        const decoded = decode(jwtToken, { complete: true })
-        if (!decoded) {
-          return Boom.unauthorized('JWT not decoded')
-        }
+        const claims = decodeJwt(jwtToken)
 
-        const expirationDate = new Date(decoded.payload.exp * 1000)
+        const expirationDate = new Date(claims.exp * 1000)
         if (expirationDate.valueOf() < Date.now()) {
           return Boom.unauthorized('JWT Token expired')
         }
 
-        const { aud, iss, scope } = decoded.payload
-        const clientId = decoded.payload.client_id
+        const { aud, iss, scope, client_id: clientId } = claims
         if (iss !== jwtOptions.issuerUrl) {
           log.notice(`JWT Token not from correct issuer url`)
 
@@ -91,7 +87,7 @@ export default function createAuthScheme(jwtOptions) {
         // return resolve(
         return h.authenticated({
           credentials: {
-            claims: decoded.payload,
+            claims,
             scopes,
           },
         })

package/src/events/http/lambda-events/LambdaProxyIntegrationEvent.js

@@ -1,7 +1,7 @@
 import { Buffer } from 'node:buffer'
 import { env } from 'node:process'
 import { log } from '@serverless/utils/log.js'
-import { decode } from 'jsonwebtoken'
+import { decodeJwt } from 'jose'
 import {
   createUniqueId,
   formatToClfTime,
@@ -122,8 +122,8 @@ export default class LambdaProxyIntegrationEvent {
 
     if (token) {
       try {
-        claims = decode(token) || undefined
-        if (claims && claims.scope) {
+        claims = decodeJwt(token)
+        if (claims.scope) {
           scopes = claims.scope.split(' ')
           // In AWS HTTP Api the scope property is removed from the decoded JWT
           // I'm leaving this property because I'm not sure how all of the authorizers

package/src/events/http/lambda-events/LambdaProxyIntegrationEventV2.js

@@ -1,7 +1,7 @@
 import { Buffer } from 'node:buffer'
 import { env } from 'node:process'
 import { log } from '@serverless/utils/log.js'
-import { decode } from 'jsonwebtoken'
+import { decodeJwt } from 'jose'
 import {
   formatToClfTime,
   lowerCaseKeys,
@@ -105,8 +105,8 @@ export default class LambdaProxyIntegrationEventV2 {
 
     if (token) {
       try {
-        claims = decode(token) || undefined
-        if (claims && claims.scope) {
+        claims = decodeJwt(token)
+        if (claims.scope) {
           scopes = claims.scope.split(' ')
           // In AWS HTTP Api the scope property is removed from the decoded JWT
           // I'm leaving this property because I'm not sure how all of the authorizers

package/src/events/http/lambda-events/VelocityContext.js

@@ -1,7 +1,7 @@
 import { Buffer } from 'node:buffer'
 import { env } from 'node:process'
 import jsEscapeString from 'js-string-escape'
-import { decode } from 'jsonwebtoken'
+import { decodeJwt } from 'jose'
 import {
   createUniqueId,
   isPlainObject,
@@ -83,10 +83,7 @@ export default class VelocityContext {
 
     if (token) {
       try {
-        const claims = decode(token) || undefined
-        if (claims) {
-          assign(authorizer, { claims })
-        }
+        assign(authorizer, { claims: decodeJwt(token) })
       } catch {
         // Nothing
       }

package/src/events/websocket/HttpServer.js

@@ -1,3 +1,5 @@
+import { readFile } from 'node:fs/promises'
+import { resolve } from 'node:path'
 import { exit } from 'node:process'
 import { Server } from '@hapi/hapi'
 import { log } from '@serverless/utils/log.js'
@@ -13,8 +15,22 @@ export default class HttpServer {
   constructor(options, webSocketClients) {
     this.#options = options
     this.#webSocketClients = webSocketClients
+  }
+
+  async #loadCerts(httpsProtocol) {
+    const [cert, key] = await Promise.all([
+      readFile(resolve(httpsProtocol, 'cert.pem'), 'utf-8'),
+      readFile(resolve(httpsProtocol, 'key.pem'), 'utf-8'),
+    ])
+
+    return {
+      cert,
+      key,
+    }
+  }
 
-    const { host, websocketPort } = options
+  async createServer() {
+    const { host, httpsProtocol, websocketPort } = this.#options
 
     const serverOptions = {
       host,
@@ -24,6 +40,10 @@ export default class HttpServer {
         // e.g. : /my-path is the same as /my-path/
         stripTrailingSlash: true,
       },
+      // https support
+      ...(httpsProtocol != null && {
+        tls: await this.#loadCerts(httpsProtocol),
+      }),
     }
 
     this.#server = new Server(serverOptions)

package/src/events/websocket/WebSocket.js

@@ -6,19 +6,39 @@ import WebSocketServer from './WebSocketServer.js'
 export default class WebSocket {
   #httpServer = null
 
+  #lambda = null
+
+  #options = null
+
+  #serverless = null
+
   #webSocketServer = null
 
   constructor(serverless, options, lambda) {
-    const webSocketClients = new WebSocketClients(serverless, options, lambda)
+    this.#lambda = lambda
+    this.#options = options
+    this.#serverless = serverless
+  }
 
-    this.#httpServer = new HttpServer(options, webSocketClients)
+  async createServer() {
+    const webSocketClients = new WebSocketClients(
+      this.#serverless,
+      this.#options,
+      this.#lambda,
+    )
+
+    this.#httpServer = new HttpServer(this.#options, webSocketClients)
+
+    await this.#httpServer.createServer()
 
     // share server
     this.#webSocketServer = new WebSocketServer(
-      options,
+      this.#options,
       webSocketClients,
       this.#httpServer.server,
     )
+
+    await this.#webSocketServer.createServer()
   }
 
   start() {

package/src/events/websocket/WebSocketServer.js

@@ -7,14 +7,19 @@ export default class WebSocketServer {
 
   #options = null
 
+  #sharedServer = null
+
   #webSocketClients = null
 
   constructor(options, webSocketClients, sharedServer) {
     this.#options = options
+    this.#sharedServer = sharedServer
     this.#webSocketClients = webSocketClients
+  }
 
+  async createServer() {
     const server = new WsWebSocketServer({
-      server: sharedServer,
+      server: this.#sharedServer,
       verifyClient: async ({ req }, cb) => {
         const connectionId = createUniqueId()
         const key = req.headers['sec-websocket-key']