serverless-offline 13.6.0 → 14.1.0

package/package.json

@@ -1,7 +1,6 @@
 {
-  "dedicatedTo": "Blue, a great migrating bird.",
   "name": "serverless-offline",
-  "version": "13.6.0",
+  "version": "14.1.0",
   "description": "Emulate AWS λ and API Gateway locally when developing your Serverless project",
   "license": "MIT",
   "exports": {
@@ -77,10 +76,10 @@
     ]
   },
   "dependencies": {
-    "@aws-sdk/client-lambda": "^3.509.0",
+    "@aws-sdk/client-lambda": "^3.632.0",
     "@hapi/boom": "^10.0.1",
     "@hapi/h2o2": "^10.0.4",
-    "@hapi/hapi": "^21.3.3",
+    "@hapi/hapi": "^21.3.10",
     "array-unflat-js": "^0.1.3",
     "boxen": "^7.1.1",
     "chalk": "^5.3.0",
@@ -89,33 +88,35 @@
     "fs-extra": "^11.2.0",
     "is-wsl": "^3.1.0",
     "java-invoke-local": "0.0.6",
-    "jose": "^5.2.1",
+    "jose": "^5.6.3",
     "js-string-escape": "^1.0.1",
-    "jsonpath-plus": "^8.0.0",
+    "jsonpath-plus": "^9.0.0",
     "jsonschema": "^1.4.1",
     "jszip": "^3.10.1",
-    "luxon": "^3.4.4",
+    "luxon": "^3.5.0",
     "node-schedule": "^2.1.1",
     "p-memoize": "^7.1.1",
+    "tree-kill": "^1.2.2",
+    "tsx": "^4.17.0",
     "velocityjs": "^2.0.6",
-    "ws": "^8.16.0"
+    "ws": "^8.18.0"
   },
   "devDependencies": {
     "@istanbuljs/esm-loader-hook": "^0.2.0",
-    "archiver": "^6.0.1",
-    "commit-and-tag-version": "^12.2.0",
-    "eslint": "^8.56.0",
+    "archiver": "^7.0.1",
+    "commit-and-tag-version": "^12.4.1",
+    "eslint": "^8.57.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-import": "^2.29.1",
-    "eslint-plugin-prettier": "^5.1.3",
-    "eslint-plugin-unicorn": "^51.0.1",
-    "mocha": "^10.3.0",
-    "nyc": "^15.1.0",
-    "prettier": "^3.2.5",
-    "serverless": "^3.38.0"
+    "eslint-plugin-prettier": "^5.2.1",
+    "eslint-plugin-unicorn": "^54.0.0",
+    "mocha": "^10.7.3",
+    "nyc": "^17.0.0",
+    "prettier": "^3.3.3",
+    "serverless": "^4.1.22"
   },
   "peerDependencies": {
-    "serverless": "^3.2.0"
+    "serverless": "^4.0.0"
   }
 }

package/src/config/supportedRuntimes.js

@@ -20,6 +20,7 @@ export const supportedRuntimesArchitecture = {
   "python3.9": [ARM64, X86_64],
   "python3.10": [ARM64, X86_64],
   "python3.11": [ARM64, X86_64],
+  "python3.12": [ARM64, X86_64],
   "ruby2.7": [ARM64, X86_64],
   "ruby3.2": [ARM64, X86_64],
   java8: [X86_64],
@@ -62,6 +63,7 @@ export const supportedPython = new Set([
   "python3.9",
   "python3.10",
   "python3.11",
+  "python3.12",
 ])
 
 // RUBY

package/src/events/alb/HttpServer.js

@@ -267,6 +267,8 @@ export default class HttpServer {
         override: false,
       })
 
+      response.headers = headers
+
       if (typeof result === "string") {
         response.source = stringify(result)
       } else if (result && result.body !== undefined) {

package/src/events/authMatchPolicyResource.js

@@ -1,7 +1,8 @@
 function parseResource(resource) {
-  const [, region, accountId, restApiId, path] = resource.match(
-    /arn:aws:execute-api:(.*?):(.*?):(.*?)\/(.*)/,
-  )
+  const [, region = "*", accountId = "*", restApiId = "*", path = "*"] =
+    resource.match(
+      /arn:aws:execute-api:([^\s:]+)(?::([^\s:]+))?(?::([^\s/:]+))?(?:\/(.*))?/,
+    )
 
   return {
     accountId,
@@ -26,10 +27,6 @@ export default function authMatchPolicyResource(policyResource, resource) {
     return true
   }
 
-  if (policyResource === "arn:aws:execute-api:*:*:*") {
-    return true
-  }
-
   if (policyResource.includes("*") || policyResource.includes("?")) {
     // Policy contains a wildcard resource
 
@@ -61,7 +58,7 @@ export default function authMatchPolicyResource(policyResource, resource) {
     // for the requested resource and the resource defined in the policy
     // Need to create a regex replacing ? with one character and * with any number of characters
     const regExp = new RegExp(
-      parsedPolicyResource.path.replaceAll("*", ".*").replaceAll("?", "."),
+      `${parsedPolicyResource.path.replaceAll("*", ".*").replaceAll("?", ".")}$`,
     )
 
     return regExp.test(parsedResource.path)

package/src/events/http/HttpServer.js

@@ -295,7 +295,7 @@ export default class HttpServer {
       return null
     }
 
-    const authFunctionName = this.#extractAuthFunctionName(endpoint)
+    let authFunctionName = this.#extractAuthFunctionName(endpoint)
 
     if (!authFunctionName) {
       return null
@@ -303,16 +303,32 @@ export default class HttpServer {
 
     log.notice(`Configuring Authorization: ${path} ${authFunctionName}`)
 
+    const standardFunctionExists =
+      this.#serverless.service.functions &&
+      this.#serverless.service.functions[authFunctionName]
+    const serverlessAuthorizerOptions =
+      this.#serverless.service.provider.httpApi &&
+      this.#serverless.service.provider.httpApi.authorizers &&
+      this.#serverless.service.provider.httpApi.authorizers[authFunctionName]
+
+    if (
+      !standardFunctionExists &&
+      endpoint.isHttpApi &&
+      serverlessAuthorizerOptions &&
+      serverlessAuthorizerOptions.functionName
+    ) {
+      log.notice(
+        `Redirecting authorizer function: ${authFunctionName} to ${serverlessAuthorizerOptions.functionName}`,
+      )
+      authFunctionName = serverlessAuthorizerOptions.functionName
+    }
+
     const authFunction = this.#serverless.service.getFunction(authFunctionName)
 
     if (!authFunction) {
       log.error(`Authorization function ${authFunctionName} does not exist`)
       return null
     }
-    const serverlessAuthorizerOptions =
-      this.#serverless.service.provider.httpApi &&
-      this.#serverless.service.provider.httpApi.authorizers &&
-      this.#serverless.service.provider.httpApi.authorizers[authFunctionName]
 
     const authorizerOptions = {
       enableSimpleResponses:
@@ -326,7 +342,8 @@ export default class HttpServer {
         ? serverlessAuthorizerOptions?.payloadVersion || "2.0"
         : "1.0",
       resultTtlInSeconds:
-        serverlessAuthorizerOptions?.resultTtlInSeconds || "300",
+        serverlessAuthorizerOptions?.resultTtlInSeconds ?? "300",
+      type: endpoint.isHttpApi ? serverlessAuthorizerOptions?.type : undefined,
     }
 
     if (
@@ -339,11 +356,10 @@ export default class HttpServer {
       return null
     }
 
-    if (typeof endpoint.authorizer === "string") {
-      authorizerOptions.name = authFunctionName
-    } else {
+    if (typeof endpoint.authorizer !== "string") {
       assign(authorizerOptions, endpoint.authorizer)
     }
+    authorizerOptions.name = authFunctionName
 
     if (
       !authorizerOptions.identitySource &&
@@ -443,7 +459,7 @@ export default class HttpServer {
       request.payload = request.payload && request.payload.toString(encoding)
       request.rawPayload = request.payload
 
-      // incomming request message
+      // incoming request message
       log.notice()
 
       log.notice()

package/src/events/http/createAuthScheme.js

@@ -143,6 +143,8 @@ export default function createAuthScheme(authorizerOptions, provider, lambda) {
           event = {
             ...event,
             identitySource: [finalAuthorization],
+            pathParameters: nullIfEmpty(pathParams),
+            queryStringParameters: parseQueryStringParameters(url),
             rawPath: request.path,
             rawQueryString: getRawQueryParams(url),
             requestContext: {

package/src/events/http/createJWTAuthScheme.js

@@ -5,7 +5,7 @@ import { log } from "../../utils/log.js"
 const { isArray } = Array
 const { now } = Date
 
-export default function createAuthScheme(jwtOptions) {
+export default function createJWTAuthScheme(jwtOptions) {
   const authorizerName = jwtOptions.name
 
   const identitySourceMatch = /^\$request.header.((?:\w+-?)+\w+)$/.exec(
@@ -43,7 +43,7 @@ export default function createAuthScheme(jwtOptions) {
           return Boom.unauthorized("JWT Token expired")
         }
 
-        const { aud, iss, scope, client_id: clientId } = claims
+        const { aud, iss, scope, scp, client_id: clientId } = claims
         if (iss !== jwtOptions.issuerUrl) {
           log.notice(`JWT Token not from correct issuer url`)
 
@@ -68,13 +68,13 @@ export default function createAuthScheme(jwtOptions) {
 
         let scopes = null
         if (jwtOptions.scopes && jwtOptions.scopes.length > 0) {
-          if (!scope) {
+          if (!scope && !scp) {
             log.notice(`JWT Token missing valid scope`)
 
             return Boom.forbidden("JWT Token missing valid scope")
           }
 
-          scopes = scope.split(" ")
+          scopes = scp || scope.split(" ")
           if (scopes.every((s) => !jwtOptions.scopes.includes(s))) {
             log.notice(`JWT Token missing valid scope`)
 
@@ -85,7 +85,6 @@ export default function createAuthScheme(jwtOptions) {
         log.notice(`JWT Token validated`)
 
         // Set the credentials for the rest of the pipeline
-        // return resolve(
         return h.authenticated({
           credentials: {
             claims,

package/src/events/http/lambda-events/LambdaProxyIntegrationEvent.js

@@ -134,8 +134,8 @@ export default class LambdaProxyIntegrationEvent {
     if (token) {
       try {
         claims = decodeJwt(token)
-        if (claims.scope) {
-          scopes = claims.scope.split(" ")
+        if (claims.scp || claims.scope) {
+          scopes = claims.scp || claims.scope.split(" ")
           // In AWS HTTP Api the scope property is removed from the decoded JWT
           // I'm leaving this property because I'm not sure how all of the authorizers
           // for AWS REST Api handle JWT.

package/src/events/http/lambda-events/LambdaProxyIntegrationEventV2.js

@@ -120,8 +120,8 @@ export default class LambdaProxyIntegrationEventV2 {
     if (token) {
       try {
         claims = decodeJwt(token)
-        if (claims.scope) {
-          scopes = claims.scope.split(" ")
+        if (claims.scp || claims.scope) {
+          scopes = claims.scp || claims.scope.split(" ")
           // In AWS HTTP Api the scope property is removed from the decoded JWT
           // I'm leaving this property because I'm not sure how all of the authorizers
           // for AWS REST Api handle JWT.

package/src/events/http/lambda-events/VelocityContext.js

@@ -10,7 +10,7 @@ const { assign, entries, fromEntries } = Object
 
 function escapeJavaScript(x) {
   if (typeof x === "string") {
-    return jsEscapeString(x).replaceAll("\\n", "\n") // See #26,
+    return jsEscapeString(x).replaceAll(String.raw`\n`, "\n") // See #26,
   }
 
   if (isPlainObject(x)) {

package/src/lambda/handler-runner/in-process-runner/aws-lambda-ric/Errors.js

@@ -0,0 +1,32 @@
+/* eslint-disable max-classes-per-file */
+/**
+ * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * This code was copied from:
+ * https://github.com/aws/aws-lambda-nodejs-runtime-interface-client/blob/main/src/Errors.js
+ *
+ * Defines custom error types throwable by the runtime.
+ */
+
+"use strict"
+
+const errorClasses = [
+  class ImportModuleError extends Error {},
+  class HandlerNotFound extends Error {},
+  class MalformedHandlerName extends Error {},
+  class UserCodeSyntaxError extends Error {},
+  class MalformedStreamingHandler extends Error {},
+  class InvalidStreamingOperation extends Error {},
+  class UnhandledPromiseRejection extends Error {
+    constructor(reason, promise) {
+      super(reason)
+      this.reason = reason
+      this.promise = promise
+    }
+  },
+]
+
+errorClasses.forEach((e) => {
+  module.exports[e.name] = e
+  e.prototype.name = `Runtime.${e.name}`
+})

package/src/lambda/handler-runner/in-process-runner/aws-lambda-ric/HttpResponseStream.js

@@ -0,0 +1,38 @@
+/* eslint-disable no-underscore-dangle */
+/* eslint-disable no-param-reassign */
+/**
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * This code was copied from:
+ * https://github.com/aws/aws-lambda-nodejs-runtime-interface-client/blob/main/src/HttpResponseStream.js
+ *
+ * HttpResponseStream is NOT used by the runtime.
+ * It is only exposed in the `awslambda` variable for customers to use.
+ */
+
+"use strict"
+
+const METADATA_PRELUDE_CONTENT_TYPE =
+  "application/vnd.awslambda.http-integration-response"
+const DELIMITER_LEN = 8
+
+// Implements the application/vnd.awslambda.http-integration-response content type.
+class HttpResponseStream {
+  static from(underlyingStream, prelude) {
+    underlyingStream.setContentType(METADATA_PRELUDE_CONTENT_TYPE)
+
+    // JSON.stringify is required. NULL byte is not allowed in metadataPrelude.
+    const metadataPrelude = JSON.stringify(prelude)
+
+    underlyingStream._onBeforeFirstWrite = (write) => {
+      write(metadataPrelude)
+
+      // Write 8 null bytes after the JSON prelude.
+      write(new Uint8Array(DELIMITER_LEN))
+    }
+
+    return underlyingStream
+  }
+}
+
+module.exports.HttpResponseStream = HttpResponseStream