serverless-offline 8.8.1 → 9.0.0

package/src/config/commandOptions.js

@@ -0,0 +1,155 @@
+export default {
+  apiKey: {
+    type: 'string',
+    usage:
+      'Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.',
+  },
+  corsAllowHeaders: {
+    type: 'string',
+    usage:
+      'Used to build the Access-Control-Allow-Headers header for CORS support.',
+  },
+  corsAllowOrigin: {
+    type: 'string',
+    usage:
+      'Used to build the Access-Control-Allow-Origin header for CORS support.',
+  },
+  corsDisallowCredentials: {
+    type: 'boolean',
+    usage:
+      'Used to override the Access-Control-Allow-Credentials default (which is true) to false.',
+  },
+  corsExposedHeaders: {
+    type: 'string',
+    usage:
+      'Used to build the Access-Control-Exposed-Headers response header for CORS support',
+  },
+  disableCookieValidation: {
+    type: 'boolean',
+    usage: 'Used to disable cookie-validation on hapi.js-server',
+  },
+  disableScheduledEvents: {
+    type: 'boolean',
+    usage:
+      'Disables all scheduled events. Overrides configurations in serverless.yml. Default: false',
+  },
+  dockerHost: {
+    type: 'string',
+    usage: 'The host name of Docker. Default: localhost',
+  },
+  dockerHostServicePath: {
+    type: 'string',
+    usage:
+      'Defines service path which is used by SLS running inside Docker container',
+  },
+  dockerNetwork: {
+    type: 'string',
+    usage: 'The network that the Docker container will connect to',
+  },
+  dockerReadOnly: {
+    type: 'boolean',
+    usage: 'Marks if the docker code layer should be read only. Default: true',
+  },
+  enforceSecureCookies: {
+    type: 'boolean',
+    usage: 'Enforce secure cookies',
+  },
+  functionCleanupIdleTimeSeconds: {
+    type: 'string',
+    usage: 'Number of seconds until an idle function is eligible for cleanup',
+  },
+  hideStackTraces: {
+    type: 'boolean',
+    usage: 'Hide the stack trace on lambda failure. Default: false',
+  },
+  host: {
+    shortcut: 'o',
+    type: 'string',
+    usage: 'The host name to listen on. Default: localhost',
+  },
+  httpPort: {
+    type: 'string',
+    usage: 'HTTP port to listen on. Default: 3000',
+  },
+  httpsProtocol: {
+    shortcut: 'H',
+    type: 'string',
+    usage:
+      'To enable HTTPS, specify directory (relative to your cwd, typically your project dir) for both cert.pem and key.pem files.',
+  },
+  ignoreJWTSignature: {
+    type: 'boolean',
+    usage:
+      "When using HttpApi with a JWT authorizer, don't check the signature of the JWT token. This should only be used for local development.",
+  },
+  lambdaPort: {
+    type: 'string',
+    usage: 'Lambda http port to listen on. Default: 3002',
+  },
+  layersDir: {
+    type: 'string',
+    usage:
+      'The directory layers should be stored in. Default: {codeDir}/.serverless-offline/layers',
+  },
+  noAuth: {
+    type: 'boolean',
+    usage: 'Turns off all authorizers',
+  },
+  noPrependStageInUrl: {
+    type: 'boolean',
+    usage: "Don't prepend http routes with the stage.",
+  },
+  noStripTrailingSlashInUrl: {
+    type: 'boolean',
+    usage: "Don't strip trailing slash from http routes.",
+  },
+  noTimeout: {
+    shortcut: 't',
+    type: 'boolean',
+    usage: 'Disables the timeout feature.',
+  },
+  prefix: {
+    shortcut: 'p',
+    type: 'string',
+    usage:
+      'Adds a prefix to every path, to send your requests to http://localhost:3000/prefix/[your_path] instead.',
+  },
+  printOutput: {
+    type: 'boolean',
+    usage: 'Outputs your lambda response to the terminal.',
+  },
+  reloadHandler: {
+    type: 'boolean',
+    usage: 'Reloads handler with each request.',
+  },
+  resourceRoutes: {
+    type: 'boolean',
+    usage: 'Turns on loading of your HTTP proxy settings from serverless.yml.',
+  },
+  useChildProcesses: {
+    type: 'boolean',
+    usage: 'Use separate node process to run handlers',
+  },
+  useDocker: {
+    type: 'boolean',
+    usage: 'Uses docker for node/python/ruby/provided',
+  },
+  useInProcess: {
+    type: 'boolean',
+    usage: "Run handlers in the same process as 'serverless-offline'",
+  },
+  webSocketHardTimeout: {
+    type: 'string',
+    usage:
+      'Set WebSocket hard timeout in seconds to reproduce AWS limits (https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html#apigateway-execution-service-websocket-limits-table). Default: 7200 (2 hours)',
+  },
+  webSocketIdleTimeout: {
+    type: 'string',
+    usage:
+      'Set WebSocket idle timeout in seconds to reproduce AWS limits (https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html#apigateway-execution-service-websocket-limits-table). Default: 600 (10 minutes)',
+  },
+  websocketPort: {
+    type: 'string',
+    usage: 'Websocket port to listen on. Default: 3001',
+  },
+}

package/src/config/constants.js

@@ -0,0 +1,22 @@
+// dummy placeholder url for the WHATWG URL constructor
+// https://github.com/nodejs/node/issues/12682
+export const BASE_URL_PLACEHOLDER = 'http://example'
+
+export const CUSTOM_OPTION = 'serverless-offline'
+
+export const DEFAULT_LAMBDA_RUNTIME = 'nodejs12.x'
+
+// https://docs.aws.amazon.com/lambda/latest/dg/limits.html
+export const DEFAULT_LAMBDA_MEMORY_SIZE = 1024
+// default function timeout in seconds
+export const DEFAULT_LAMBDA_TIMEOUT = 900 // 15 min
+
+// timeout for all connections to be closed
+export const SERVER_SHUTDOWN_TIMEOUT = 5000
+
+export const DEFAULT_WEBSOCKETS_API_ROUTE_SELECTION_EXPRESSION =
+  '$request.body.action'
+
+export const DEFAULT_WEBSOCKETS_ROUTE = '$default'
+
+export const DEFAULT_DOCKER_CONTAINER_PORT = 9001

package/{dist → src}/config/defaultOptions.js

@@ -1,17 +1,8 @@
-"use strict";
+import { createApiKey } from '../utils/index.js'
 
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.default = void 0;
-
-var _index = require("../utils/index.js");
-
-var _default = {
-  allowCache: false,
-  apiKey: (0, _index.createApiKey)(),
-  corsAllowCredentials: true,
-  // TODO no CLI option
+export default {
+  apiKey: createApiKey(),
+  corsAllowCredentials: true, // TODO no CLI option
   corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
   corsAllowOrigin: '*',
   corsExposedHeaders: 'WWW-Authenticate,Server-Authorization',
@@ -35,12 +26,12 @@ var _default = {
   noTimeout: false,
   prefix: '',
   printOutput: false,
+  reloadHandler: false,
   resourceRoutes: false,
   useChildProcesses: false,
   useDocker: false,
-  useWorkerThreads: false,
+  useInProcess: false,
   webSocketHardTimeout: 7200,
   webSocketIdleTimeout: 600,
-  websocketPort: 3001
-};
-exports.default = _default;
+  websocketPort: 3001,
+}

package/src/config/index.js

@@ -0,0 +1,4 @@
+export { default as commandOptions } from './commandOptions.js'
+export * from './constants.js'
+export { default as defaultOptions } from './defaultOptions.js'
+export * from './supportedRuntimes.js'

package/src/config/supportedRuntimes.js

@@ -0,0 +1,47 @@
+// native runtime support for AWS
+// https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
+
+// .NET CORE
+export const supportedDotnetcore = new Set([
+  // 'dotnet6',
+  // 'dotnetcore3.1',
+])
+
+// GO
+export const supportedGo = new Set(['go1.x'])
+
+// JAVA
+export const supportedJava = new Set(['java8', 'java8.al2', 'java11'])
+
+// NODE.JS
+export const supportedNodejs = new Set([
+  'nodejs12.x',
+  'nodejs14.x',
+  'nodejs16.x',
+])
+
+// PROVIDED
+export const supportedProvided = new Set(['provided', 'provided.al2'])
+
+// PYTHON
+export const supportedPython = new Set([
+  'python3.6',
+  'python3.7',
+  'python3.8',
+  'python3.9',
+])
+
+// RUBY
+export const supportedRuby = new Set(['ruby2.7'])
+
+// deprecated runtimes
+// https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html
+export const supportedRuntimes = new Set([
+  ...supportedDotnetcore,
+  ...supportedGo,
+  ...supportedJava,
+  ...supportedNodejs,
+  ...supportedProvided,
+  ...supportedPython,
+  ...supportedRuby,
+])

package/src/events/authCanExecuteResource.js

@@ -0,0 +1,35 @@
+import authMatchPolicyResource from './authMatchPolicyResource.js'
+
+const { isArray } = Array
+
+function checkStatementsAgainstResource(Statement, resource, effect) {
+  return Statement.some((statement) => {
+    const resourceArray = isArray(statement.Resource)
+      ? statement.Resource
+      : [statement.Resource]
+
+    return (
+      statement.Effect.toLowerCase() === effect.toLowerCase() &&
+      resourceArray.some((policyResource) =>
+        authMatchPolicyResource(policyResource, resource),
+      )
+    )
+  })
+}
+
+export default function authCanExecuteResource(policy, resource) {
+  const { Statement } = policy
+
+  // check for explicit deny
+  const denyStatementFound = checkStatementsAgainstResource(
+    Statement,
+    resource,
+    'Deny',
+  )
+
+  if (denyStatementFound) {
+    return false
+  }
+
+  return checkStatementsAgainstResource(Statement, resource, 'Allow')
+}

package/src/events/authFunctionNameExtractor.js

@@ -0,0 +1,75 @@
+import { log } from '@serverless/utils/log.js'
+
+function buildFailureResult(warningMessage) {
+  log.warning(warningMessage)
+
+  return {
+    unsupportedAuth: true,
+  }
+}
+
+function buildSuccessResult(authorizerName) {
+  return {
+    authorizerName,
+  }
+}
+
+function handleStringAuthorizer(authorizerString) {
+  if (authorizerString.toUpperCase() === 'AWS_IAM') {
+    return buildFailureResult(
+      'Serverless Offline does not support the AWS_IAM authorization type',
+    )
+  }
+
+  return buildSuccessResult(authorizerString)
+}
+
+function handleObjectAuthorizer(authorizerObject) {
+  const { arn, authorizerId, name, type } = authorizerObject
+
+  if (type && type.toUpperCase() === 'AWS_IAM') {
+    return buildFailureResult(
+      'Serverless Offline does not support the AWS_IAM authorization type',
+    )
+  }
+
+  if (arn) {
+    return buildFailureResult(
+      `Serverless Offline does not support non local authorizers (arn): ${arn}`,
+    )
+  }
+
+  if (authorizerId) {
+    return buildFailureResult(
+      `Serverless Offline does not support non local authorizers (authorizerId): ${authorizerId}`,
+    )
+  }
+
+  if (!name) {
+    return buildFailureResult(
+      'Serverless Offline supports local authorizers but authorizer name is missing',
+    )
+  }
+
+  return buildSuccessResult(name)
+}
+
+export default function authFunctionNameExtractor(endpoint) {
+  const { authorizer } = endpoint
+
+  if (!authorizer) {
+    return buildSuccessResult(null)
+  }
+
+  if (typeof authorizer === 'string') {
+    return handleStringAuthorizer(authorizer)
+  }
+
+  if (typeof authorizer === 'object') {
+    return handleObjectAuthorizer(authorizer)
+  }
+
+  return buildFailureResult(
+    'Serverless Offline supports only local authorizers defined as string or object',
+  )
+}

package/src/events/authMatchPolicyResource.js

@@ -0,0 +1,71 @@
+function parseResource(resource) {
+  const [, region, accountId, restApiId, path] = resource.match(
+    /arn:aws:execute-api:(.*?):(.*?):(.*?)\/(.*)/,
+  )
+
+  return {
+    accountId,
+    path,
+    region,
+    restApiId,
+  }
+}
+
+export default function authMatchPolicyResource(policyResource, resource) {
+  // resource and policyResource are ARNs
+  if (policyResource === resource) {
+    return true
+  }
+
+  if (policyResource === '*') {
+    return true
+  }
+
+  if (policyResource === 'arn:aws:execute-api:**') {
+    // better fix for #523
+    return true
+  }
+
+  if (policyResource === 'arn:aws:execute-api:*:*:*') {
+    return true
+  }
+
+  if (policyResource.includes('*') || policyResource.includes('?')) {
+    // Policy contains a wildcard resource
+
+    const parsedPolicyResource = parseResource(policyResource)
+    const parsedResource = parseResource(resource)
+
+    if (
+      parsedPolicyResource.region !== '*' &&
+      parsedPolicyResource.region !== parsedResource.region
+    ) {
+      return false
+    }
+
+    if (
+      parsedPolicyResource.accountId !== '*' &&
+      parsedPolicyResource.accountId !== parsedResource.accountId
+    ) {
+      return false
+    }
+
+    if (
+      parsedPolicyResource.restApiId !== '*' &&
+      parsedPolicyResource.restApiId !== parsedResource.restApiId
+    ) {
+      return false
+    }
+
+    // The path contains stage, method and the path
+    // for the requested resource and the resource defined in the policy
+    // Need to create a regex replacing ? with one character and * with any number of characters
+    const regExp = new RegExp(
+      parsedPolicyResource.path.replace(/\*/g, '.*').replace(/\?/g, '.'),
+    )
+
+    return regExp.test(parsedResource.path)
+  }
+
+  return false
+}

package/src/events/authValidateContext.js

@@ -0,0 +1,51 @@
+import Boom from '@hapi/boom'
+import { log } from '@serverless/utils/log.js'
+
+const { entries, fromEntries, values } = Object
+
+function internalServerError(message) {
+  const errorType = 'AuthorizerConfigurationException'
+
+  const error = Boom.internal()
+
+  error.output.headers['x-amzn-ErrorType'] = errorType
+  error.output.payload.error = errorType
+  error.output.payload.message = message
+
+  return error
+}
+
+function isValidContext(context) {
+  return values(context).every(
+    (value) =>
+      typeof value === 'boolean' ||
+      typeof value === 'number' ||
+      typeof value === 'string',
+  )
+}
+
+function transform(context) {
+  return fromEntries(
+    entries(context).map(([key, value]) => [key, String(value)]),
+  )
+}
+
+export default function authValidateContext(context, authFunName) {
+  if (typeof context !== 'object') {
+    return internalServerError('Authorizer response context must be an object')
+  }
+
+  if (!isValidContext(context)) {
+    const error =
+      'Authorizer response context values must be of type string, number, or boolean'
+
+    log.notice(
+      `Detected invalid value types returned in authorizer context: (λ: ${authFunName}). ${error}. ` +
+        'More info: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html',
+    )
+
+    return internalServerError(error)
+  }
+
+  return transform(context)
+}

package/src/events/http/Endpoint.js

@@ -0,0 +1,135 @@
+import { existsSync, readFileSync } from 'node:fs'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { log } from '@serverless/utils/log.js'
+import OfflineEndpoint from './OfflineEndpoint.js'
+
+const { entries } = Object
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+// velocity template defaults
+const defaultRequestTemplate = readFileSync(
+  resolve(__dirname, './templates/offline-default.req.vm'),
+  'utf8',
+)
+const defaultResponseTemplate = readFileSync(
+  resolve(__dirname, './templates/offline-default.res.vm'),
+  'utf8',
+)
+
+function getResponseContentType(fep) {
+  if (fep.response && fep.response.headers['Content-Type']) {
+    return fep.response.headers['Content-Type'].replace(/'/gm, '')
+  }
+
+  return 'application/json'
+}
+
+export default class Endpoint {
+  #handlerPath = null
+
+  #http = null
+
+  constructor(handlerPath, http) {
+    this.#handlerPath = handlerPath
+    this.#http = http
+  }
+
+  // determine whether we have function level overrides for velocity templates
+  // if not we will use defaults
+  #setVmTemplates(fullEndpoint) {
+    // determine requestTemplate
+    // first check if requestTemplate is set through serverless
+    const fep = fullEndpoint
+
+    try {
+      // determine request template override
+      const reqFilename = `${this.#handlerPath}.req.vm`
+
+      // check if serverless framework populates the object itself
+      if (
+        typeof this.#http.request === 'object' &&
+        typeof this.#http.request.template === 'object'
+      ) {
+        const templatesConfig = this.#http.request.template
+
+        entries(templatesConfig).forEach(([key, value]) => {
+          fep.requestTemplates[key] = value
+        })
+      }
+      // load request template if exists if not use default from serverless offline
+      else if (existsSync(reqFilename)) {
+        fep.requestTemplates['application/json'] = readFileSync(
+          reqFilename,
+          'utf8',
+        )
+      } else {
+        fep.requestTemplates['application/json'] = defaultRequestTemplate
+      }
+
+      // determine response template
+      const resFilename = `${this.#handlerPath}.res.vm`
+
+      fep.responseContentType = getResponseContentType(fep)
+      log.debug('Response Content-Type ', fep.responseContentType)
+
+      // load response template from http response template, or load file if exists other use default
+      if (fep.response && fep.response.template) {
+        fep.responses.default.responseTemplates[fep.responseContentType] =
+          fep.response.template
+      } else if (existsSync(resFilename)) {
+        fep.responses.default.responseTemplates[fep.responseContentType] =
+          readFileSync(resFilename, 'utf8')
+      } else {
+        fep.responses.default.responseTemplates[fep.responseContentType] =
+          defaultResponseTemplate
+      }
+    } catch (err) {
+      log.debug(`Error: ${err}`)
+    }
+
+    return fep
+  }
+
+  // loosely based on:
+  // https://github.com/serverless/serverless/blob/v1.59.2/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js#L380
+  #getIntegration(http) {
+    const { integration, async: isAsync } = http
+    if (integration) {
+      const normalizedIntegration = integration.toUpperCase().replace('-', '_')
+      if (normalizedIntegration === 'LAMBDA') {
+        return 'AWS'
+      }
+      if (normalizedIntegration === 'LAMBDA_PROXY') {
+        return 'AWS_PROXY'
+      }
+      return normalizedIntegration
+    }
+
+    if (isAsync) {
+      return 'AWS'
+    }
+
+    return 'AWS_PROXY'
+  }
+
+  // return fully generated Endpoint
+  generate() {
+    const offlineEndpoint = new OfflineEndpoint()
+
+    const fullEndpoint = {
+      ...offlineEndpoint,
+      ...this.#http,
+    }
+
+    fullEndpoint.integration = this.#getIntegration(this.#http)
+
+    if (fullEndpoint.integration === 'AWS') {
+      // determine request and response templates or use defaults
+      return this.#setVmTemplates(fullEndpoint)
+    }
+
+    return fullEndpoint
+  }
+}

package/src/events/http/Http.js

@@ -0,0 +1,50 @@
+import HttpEventDefinition from './HttpEventDefinition.js'
+import HttpServer from './HttpServer.js'
+
+export default class Http {
+  #httpServer = null
+
+  constructor(serverless, options, lambda) {
+    this.#httpServer = new HttpServer(serverless, options, lambda)
+  }
+
+  start() {
+    return this.#httpServer.start()
+  }
+
+  // stops the server
+  stop(timeout) {
+    return this.#httpServer.stop(timeout)
+  }
+
+  #createEvent(functionKey, rawHttpEventDefinition, handler) {
+    const httpEvent = new HttpEventDefinition(rawHttpEventDefinition)
+
+    this.#httpServer.createRoutes(functionKey, httpEvent, handler)
+  }
+
+  create(events) {
+    events.forEach(({ functionKey, handler, http }) => {
+      this.#createEvent(functionKey, http, handler)
+    })
+
+    this.#httpServer.writeRoutesTerminal()
+  }
+
+  createResourceRoutes() {
+    this.#httpServer.createResourceRoutes()
+  }
+
+  create404Route() {
+    this.#httpServer.create404Route()
+  }
+
+  registerPlugins() {
+    return this.#httpServer.registerPlugins()
+  }
+
+  // TEMP FIXME quick fix to expose gateway server for testing, look for better solution
+  getServer() {
+    return this.#httpServer.getServer()
+  }
+}