serverless-offline 12.0.4 → 13.1.0

package/README.md

@@ -524,9 +524,16 @@ only enabled with the `--ignoreJWTSignature` flag. Make sure to only set this fl
 
 ### Serverless plugin authorizers
 
-If your authentication needs are custom and not satisfied by the existing capabilities of the Serverless offline project, you can inject your own authentication strategy. To inject a custom strategy for Lambda invocation, you define a custom variable under `serverless-offline` called `authenticationProvider` in the serverless.yml file. The value of the custom variable will be used to `require(your authenticationProvider value)` where the location is expected to return a function with the following signature.
+If your authentication needs are custom and not satisfied by the existing capabilities of the Serverless offline project, you can inject your own authentication strategy. To inject a custom strategy for Lambda invocation, you define a custom variable under `offline` called `customAuthenticationProvider` in the serverless.yml file. The value of the custom variable will be used to `require(your customAuthenticationProvider value)` where the location is expected to return a function with the following signature.
+
+```yaml
+offline:
+  customAuthenticationProvider: ./path/to/custom-authentication-provider
+```
 
 ```js
+// ./path/to/customer-authentication-provider.js
+
 module.exports = function (endpoint, functionKey, method, path) {
   return {
     getAuthenticateFunction() {
@@ -543,7 +550,7 @@ module.exports = function (endpoint, functionKey, method, path) {
 }
 ```
 
-A working example of injecting a custom authorization provider can be found in the projects integration tests under the folder `custom-authentication`.
+A working example of injecting a custom authorization provider can be found in the projects integration tests under the folder [`custom-authentication`](./tests/integration/custom-authentication).
 
 ## Custom headers
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "dedicatedTo": "Blue, a great migrating bird.",
   "name": "serverless-offline",
-  "version": "12.0.4",
+  "version": "13.1.0",
   "description": "Emulate AWS λ and API Gateway locally when developing your Serverless project",
   "license": "MIT",
   "exports": {
@@ -18,6 +18,7 @@
     "prepare-release": "standard-version && prettier --write CHANGELOG.md",
     "prepublishOnly": "npm run lint",
     "prettier": "prettier --check .",
+    "prettier:fix": "prettier --write .",
     "prettier-check": "prettier -c --ignore-path .gitignore \"**/*.{css,html,js,json,md,yaml,yml}\"",
     "prettier-check:updated": "pipe-git-updated --ext=css --ext=html --ext=js --ext=json --ext=md --ext=yaml --ext=yml -- prettier -c",
     "prettify": "prettier --write --ignore-path .gitignore \"**/*.{css,html,js,json,md,yaml,yml}\"",
@@ -51,7 +52,7 @@
   ],
   "author": "David Hérault <dherault@gmail.com> (https://github.com/dherault)",
   "engines": {
-    "node": ">=14.18.0"
+    "node": ">=18.12.0"
   },
   "standard-version": {
     "skip": {
@@ -78,49 +79,47 @@
     ]
   },
   "dependencies": {
-    "@aws-sdk/client-lambda": "^3.241.0",
-    "@hapi/boom": "^10.0.0",
-    "@hapi/h2o2": "^10.0.0",
-    "@hapi/hapi": "^21.1.0",
-    "@serverless/utils": "^6.8.2",
+    "@aws-sdk/client-lambda": "^3.418.0",
+    "@hapi/boom": "^10.0.1",
+    "@hapi/h2o2": "^10.0.4",
+    "@hapi/hapi": "^21.3.2",
+    "@serverless/utils": "^6.15.0",
     "array-unflat-js": "^0.1.3",
-    "boxen": "^7.0.1",
-    "chalk": "^5.2.0",
+    "boxen": "^7.1.1",
+    "chalk": "^5.3.0",
     "desm": "^1.3.0",
-    "execa": "^6.1.0",
-    "fs-extra": "^11.1.0",
-    "is-wsl": "^2.2.0",
+    "execa": "^8.0.1",
+    "fs-extra": "^11.1.1",
+    "is-wsl": "^3.0.0",
     "java-invoke-local": "0.0.6",
-    "jose": "^4.11.2",
+    "jose": "^4.14.6",
     "js-string-escape": "^1.0.1",
     "jsonpath-plus": "^7.2.0",
     "jsonschema": "^1.4.1",
     "jszip": "^3.10.1",
     "luxon": "^3.2.0",
-    "node-fetch": "^3.3.0",
-    "node-schedule": "^2.1.0",
-    "object.hasown": "^1.1.2",
+    "node-schedule": "^2.1.1",
     "p-memoize": "^7.1.1",
-    "p-retry": "^5.1.2",
+    "p-retry": "^6.0.0",
     "velocityjs": "^2.0.6",
-    "ws": "^8.11.0"
+    "ws": "^8.14.2"
   },
   "devDependencies": {
     "@istanbuljs/esm-loader-hook": "^0.2.0",
-    "archiver": "^5.3.1",
-    "eslint": "^8.31.0",
+    "archiver": "^6.0.1",
+    "eslint": "^8.50.0",
     "eslint-config-airbnb-base": "^15.0.0",
-    "eslint-config-prettier": "^8.6.0",
-    "eslint-plugin-import": "^2.25.4",
-    "eslint-plugin-prettier": "^4.2.1",
-    "eslint-plugin-unicorn": "^45.0.2",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-import": "^2.28.1",
+    "eslint-plugin-prettier": "^5.0.0",
+    "eslint-plugin-unicorn": "^48.0.1",
     "git-list-updated": "^1.2.1",
     "husky": "^8.0.3",
-    "lint-staged": "^13.1.0",
+    "lint-staged": "^14.0.1",
     "mocha": "^10.2.0",
     "nyc": "^15.1.0",
-    "prettier": "^2.8.1",
-    "serverless": "^3.26.0",
+    "prettier": "^3.0.3",
+    "serverless": "^3.35.2",
     "standard-version": "^9.5.0"
   },
   "peerDependencies": {

package/src/ServerlessOffline.js

@@ -107,8 +107,10 @@ export default class ServerlessOffline {
     const eventModules = []
 
     if (this.#lambda) {
-      eventModules.push(this.#lambda.cleanup())
-      eventModules.push(this.#lambda.stop(SERVER_SHUTDOWN_TIMEOUT))
+      eventModules.push(
+        this.#lambda.cleanup(),
+        this.#lambda.stop(SERVER_SHUTDOWN_TIMEOUT),
+      )
     }
 
     if (this.#alb) {
@@ -259,13 +261,13 @@ export default class ServerlessOffline {
 
     // Parse CORS options
     this.#options.corsAllowHeaders = this.#options.corsAllowHeaders
-      .replace(/\s/g, '')
+      .replaceAll(' ', '')
       .split(',')
     this.#options.corsAllowOrigin = this.#options.corsAllowOrigin
-      .replace(/\s/g, '')
+      .replaceAll(' ', '')
       .split(',')
     this.#options.corsExposedHeaders = this.#options.corsExposedHeaders
-      .replace(/\s/g, '')
+      .replaceAll(' ', '')
       .split(',')
 
     this.#options.corsConfig = {

package/src/config/supportedRuntimes.js

@@ -4,18 +4,16 @@
 // .NET CORE
 // export const supportedDotnetcore = new Set([
 // 'dotnet6',
-// 'dotnetcore3.1',
 // ])
 
 // GO
 export const supportedGo = new Set(['go1.x'])
 
 // JAVA
-export const supportedJava = new Set(['java8', 'java8.al2', 'java11'])
+export const supportedJava = new Set(['java8', 'java8.al2', 'java11', 'java17'])
 
 // NODE.JS
 export const supportedNodejs = new Set([
-  'nodejs12.x',
   'nodejs14.x',
   'nodejs16.x',
   'nodejs18.x',
@@ -26,14 +24,15 @@ export const supportedProvided = new Set(['provided', 'provided.al2'])
 
 // PYTHON
 export const supportedPython = new Set([
-  'python3.6',
   'python3.7',
   'python3.8',
   'python3.9',
+  'python3.10',
+  'python3.11',
 ])
 
 // RUBY
-export const supportedRuby = new Set(['ruby2.7'])
+export const supportedRuby = new Set(['ruby2.7', 'ruby3.2'])
 
 // deprecated runtimes
 // https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html

package/src/events/alb/Alb.js

@@ -1,4 +1,3 @@
-import { log } from '@serverless/utils/log.js'
 import AlbEventDefinition from './AlbEventDefinition.js'
 import HttpServer from './HttpServer.js'
 
@@ -15,11 +14,6 @@ export default class Alb {
     this.#lambda = lambda
     this.#options = options
     this.#serverless = serverless
-
-    log.warning(`
-Application Load Balancer (ALB) support in serverless-offline is experimental.
-Please file an issue for any bugs, missing features or other feedback: https://github.com/dherault/serverless-offline/issues
-    `)
   }
 
   start() {

package/src/events/alb/HttpServer.js

@@ -105,13 +105,9 @@ export default class HttpServer {
           if (request.method === 'options') {
             response.statusCode = 200
 
-            if (request.headers['access-control-expose-headers']) {
-              response.headers['access-control-expose-headers'] =
-                request.headers['access-control-expose-headers']
-            } else {
-              response.headers['access-control-expose-headers'] =
-                'content-type, content-length, etag'
-            }
+            response.headers['access-control-expose-headers'] =
+              request.headers['access-control-expose-headers'] ||
+              'content-type, content-length, etag'
             response.headers['access-control-max-age'] = 60 * 10
 
             if (request.headers['access-control-request-headers']) {

package/src/events/authMatchPolicyResource.js

@@ -61,7 +61,7 @@ export default function authMatchPolicyResource(policyResource, resource) {
     // for the requested resource and the resource defined in the policy
     // Need to create a regex replacing ? with one character and * with any number of characters
     const regExp = new RegExp(
-      parsedPolicyResource.path.replace(/\*/g, '.*').replace(/\?/g, '.'),
+      parsedPolicyResource.path.replaceAll('*', '.*').replaceAll('?', '.'),
     )
 
     return regExp.test(parsedResource.path)

package/src/events/http/Endpoint.js

@@ -17,7 +17,7 @@ const defaultResponseTemplate = readFileSync(
 
 function getResponseContentType(fep) {
   if (fep.response && fep.response.headers['Content-Type']) {
-    return fep.response.headers['Content-Type'].replace(/'/gm, '')
+    return fep.response.headers['Content-Type'].replaceAll(/'/gm, '')
   }
 
   return 'application/json'

package/src/events/http/HttpServer.js

@@ -164,13 +164,9 @@ export default class HttpServer {
           if (request.method === 'options') {
             response.statusCode = 200
 
-            if (request.headers['access-control-expose-headers']) {
-              response.headers['access-control-expose-headers'] =
-                request.headers['access-control-expose-headers']
-            } else {
-              response.headers['access-control-expose-headers'] =
-                'content-type, content-length, etag'
-            }
+            response.headers['access-control-expose-headers'] =
+              request.headers['access-control-expose-headers'] ||
+              'content-type, content-length, etag'
             response.headers['access-control-max-age'] = 60 * 10
 
             if (request.headers['access-control-request-headers']) {
@@ -323,9 +319,7 @@ export default class HttpServer {
         (endpoint.isHttpApi &&
           serverlessAuthorizerOptions?.enableSimpleResponses) ||
         false,
-      identitySource:
-        serverlessAuthorizerOptions?.identitySource ||
-        'method.request.header.Authorization',
+      identitySource: serverlessAuthorizerOptions?.identitySource,
       identityValidationExpression:
         serverlessAuthorizerOptions?.identityValidationExpression || '(.*)',
       payloadVersion: endpoint.isHttpApi
@@ -351,6 +345,16 @@ export default class HttpServer {
       assign(authorizerOptions, endpoint.authorizer)
     }
 
+    if (
+      !authorizerOptions.identitySource &&
+      !(
+        authorizerOptions.type === 'request' &&
+        authorizerOptions.resultTtlInSeconds === 0
+      )
+    ) {
+      authorizerOptions.identitySource = 'method.request.header.Authorization'
+    }
+
     // Create a unique scheme per endpoint
     // This allows the methodArn on the event property to be set appropriately
     const authKey = `${functionKey}-${authFunctionName}-${method}-${path}`

package/src/events/http/createAuthScheme.js

@@ -13,6 +13,7 @@ import {
 
 const IDENTITY_SOURCE_TYPE_HEADER = 'header'
 const IDENTITY_SOURCE_TYPE_QUERYSTRING = 'querystring'
+const IDENTITY_SOURCE_TYPE_NONE = 'none'
 
 export default function createAuthScheme(authorizerOptions, provider, lambda) {
   const authFunName = authorizerOptions.name
@@ -65,38 +66,50 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
         const methodArn = `arn:aws:execute-api:${provider.region}:${accountId}:${apiId}/${provider.stage}/${httpMethod}${resourcePath}`
 
         let authorization
-        if (identitySourceType === IDENTITY_SOURCE_TYPE_HEADER) {
-          const headers = request.raw.req.headers ?? {}
-          authorization = headers[identitySourceField]
-        } else if (identitySourceType === IDENTITY_SOURCE_TYPE_QUERYSTRING) {
-          const queryStringParameters = parseQueryStringParameters(url) ?? {}
-          authorization = queryStringParameters[identitySourceField]
-        } else {
-          throw new Error(
-            `No Authorization source has been specified. This should never happen. (λ: ${authFunName})`,
-          )
+        switch (identitySourceType) {
+          case IDENTITY_SOURCE_TYPE_HEADER: {
+            const headers = request.raw.req.headers ?? {}
+            authorization = headers[identitySourceField]
+            break
+          }
+          case IDENTITY_SOURCE_TYPE_QUERYSTRING: {
+            const queryStringParameters = parseQueryStringParameters(url) ?? {}
+            authorization = queryStringParameters[identitySourceField]
+            break
+          }
+          case IDENTITY_SOURCE_TYPE_NONE: {
+            break
+          }
+          default: {
+            throw new Error(
+              `No Authorization source has been specified. This should never happen. (λ: ${authFunName})`,
+            )
+          }
         }
 
-        if (authorization === undefined) {
-          log.error(
-            `Identity Source is null for ${identitySourceType} ${identitySourceField} (λ: ${authFunName})`,
+        let finalAuthorization
+        if (identitySourceType !== IDENTITY_SOURCE_TYPE_NONE) {
+          if (authorization === undefined) {
+            log.error(
+              `Identity Source is null for ${identitySourceType} ${identitySourceField} (λ: ${authFunName})`,
+            )
+            return Boom.unauthorized(
+              'User is not authorized to access this resource',
+            )
+          }
+
+          const identityValidationExpression = new RegExp(
+            authorizerOptions.identityValidationExpression,
           )
-          return Boom.unauthorized(
-            'User is not authorized to access this resource',
+          const matchedAuthorization =
+            identityValidationExpression.test(authorization)
+          finalAuthorization = matchedAuthorization ? authorization : ''
+
+          log.debug(
+            `Retrieved ${identitySourceField} ${identitySourceType} "${finalAuthorization}"`,
           )
         }
 
-        const identityValidationExpression = new RegExp(
-          authorizerOptions.identityValidationExpression,
-        )
-        const matchedAuthorization =
-          identityValidationExpression.test(authorization)
-        const finalAuthorization = matchedAuthorization ? authorization : ''
-
-        log.debug(
-          `Retrieved ${identitySourceField} ${identitySourceType} "${finalAuthorization}"`,
-        )
-
         if (authorizerOptions.payloadVersion === '1.0') {
           event = {
             ...event,
@@ -148,17 +161,10 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
 
         //   methodArn is the ARN of the function we are running we are authorizing access to (or not)
         //   Account ID and API ID are not simulated
-        if (authorizerOptions.type === 'request') {
-          event = {
-            ...event,
-            type: 'REQUEST',
-          }
-        } else {
+        event = {
+          ...event,
           // This is safe since type: 'TOKEN' cannot have payload format 2.0
-          event = {
-            ...event,
-            type: 'TOKEN',
-          }
+          type: authorizerOptions.type === 'request' ? 'REQUEST' : 'TOKEN',
         }
 
         const lambdaFunction = lambda.get(authFunName)
@@ -270,7 +276,8 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
     authorizerOptions.type !== 'request' ||
     authorizerOptions.identitySource
   ) {
-    const headerRegExp = /^(method.|\$)request.header.((?:\w+-?)+\w+)$/
+    // Only validate the first of N possible headers.
+    const headerRegExp = /^(method.|\$)request.header.((?:\w+-?)+\w+).*$/
     const queryStringRegExp =
       /^(method.|\$)request.querystring.((?:\w+-?)+\w+)$/
 
@@ -296,5 +303,10 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
     )
   }
 
+  if (authorizerOptions.resultTtlInSeconds === 0) {
+    identitySourceType = IDENTITY_SOURCE_TYPE_NONE
+    return finalizeAuthScheme()
+  }
+
   return finalizeAuthScheme()
 }

package/src/events/http/javaHelpers.js

@@ -20,10 +20,6 @@ function javaMatches(value) {
   return this.match(new RegExp(value, 'm'))
 }
 
-function javaReplaceAll(oldValue, newValue) {
-  return this.replace(new RegExp(oldValue, 'gm'), newValue)
-}
-
 function javaReplaceFirst(oldValue, newValue) {
   return this.replace(new RegExp(oldValue, 'm'), newValue)
 }
@@ -74,7 +70,6 @@ const {
     equalsIgnoreCase,
     matches,
     regionMatches,
-    replaceAll,
     replaceFirst,
   },
 } = String
@@ -85,7 +80,6 @@ export default function runInPollutedScope(runScope) {
   prototype.equalsIgnoreCase = javaEqualsIgnoreCase
   prototype.matches = javaMatches
   prototype.regionMatches = javaRegionMatches
-  prototype.replaceAll = javaReplaceAll
   prototype.replaceFirst = javaReplaceFirst
 
   const result = runScope()
@@ -95,7 +89,6 @@ export default function runInPollutedScope(runScope) {
   prototype.equalsIgnoreCase = equalsIgnoreCase
   prototype.matches = matches
   prototype.regionMatches = regionMatches
-  prototype.replaceAll = replaceAll
   prototype.replaceFirst = replaceFirst
 
   return result

package/src/events/http/lambda-events/VelocityContext.js

@@ -14,7 +14,7 @@ const { assign, entries, fromEntries } = Object
 
 function escapeJavaScript(x) {
   if (typeof x === 'string') {
-    return jsEscapeString(x).replace(/\\n/g, '\n') // See #26,
+    return jsEscapeString(x).replaceAll('\\n', '\n') // See #26,
   }
 
   if (isPlainObject(x)) {
@@ -136,7 +136,7 @@ export default class VelocityContext {
           Buffer.from(x.toString(), 'binary').toString('base64'),
         escapeJavaScript,
         parseJson: parse,
-        urlDecode: (x) => decodeURIComponent(x.replace(/\+/g, ' ')),
+        urlDecode: (x) => decodeURIComponent(x.replaceAll('+', ' ')),
         urlEncode: encodeURI,
       },
     }

package/src/events/schedule/ScheduleEvent.js

@@ -16,7 +16,7 @@ export default class ScheduleEvent {
   source = 'aws.events'
 
   // format of aws displaying the time, e.g.: 2020-02-09T14:13:57Z
-  time = new Date().toISOString().replace(/\.(.*)(?=Z)/g, '')
+  time = new Date().toISOString().replaceAll(/\.(.*)(?=Z)/g, '')
 
   version = '0'
 

package/src/index.js

@@ -1,12 +1 @@
-// TODO remove with node.js v16.9+ support
-import 'object.hasown/auto'
-
-// install global fetch
-// TODO remove `node-fetch` module and use global built-in with node.js v18+ support
-if (globalThis.fetch === undefined) {
-  const { default: fetch, Headers } = await import('node-fetch')
-  globalThis.fetch = fetch
-  globalThis.Headers = Headers
-}
-
 export { default } from './ServerlessOffline.js'

package/src/lambda/LambdaFunction.js

@@ -250,7 +250,7 @@ export default class LambdaFunction {
       entries(zip.files).map(async ([filename, jsZipObj]) => {
         const fileData = await jsZipObj.async('nodebuffer')
         if (filename.endsWith('/')) {
-          return Promise.resolve()
+          return undefined
         }
         await ensureDir(join(this.#codeDir, dirname(filename)))
         return writeFile(join(this.#codeDir, filename), fileData, {

package/src/lambda/handler-runner/docker-runner/DockerContainer.js

@@ -313,7 +313,7 @@ export default class DockerContainer {
         entries(zip.files).map(async ([filename, jsZipObj]) => {
           const fileData = await jsZipObj.async('nodebuffer')
           if (filename.endsWith(sep)) {
-            return Promise.resolve()
+            return undefined
           }
           await ensureDir(join(layerDir, dirname(filename)))
           return writeFile(join(layerDir, filename), fileData, {

package/src/lambda/routes/invocations/InvocationsController.js

@@ -12,7 +12,7 @@ export default class InvocationsController {
     const functionNames = this.#lambda.listFunctionNames()
     if (functionNames.length === 0 || !functionNames.includes(functionName)) {
       log.error(
-        `Attempt to invoke function '${functionName}' failed. Function does not exists.`,
+        `Attempt to invoke function '${functionName}' failed. Function does not exist.`,
       )
       // Conforms to the actual response from AWS Lambda when invoking a non-existent
       // function. Details on the error are provided in the Payload.Message key

package/src/utils/generateHapiPath.js

@@ -15,7 +15,7 @@ export default function generateHapiPath(path, options, serverless) {
     hapiPath = hapiPath.slice(0, -1)
   }
 
-  hapiPath = hapiPath.replace(/\+}/g, '*}')
+  hapiPath = hapiPath.replaceAll('+}', '*}')
 
   return hapiPath
 }