serverless-offline 9.1.2 → 9.1.5

package/package.json

@@ -1,7 +1,7 @@
 {
   "dedicatedTo": "Blue, a great migrating bird.",
   "name": "serverless-offline",
-  "version": "9.1.2",
+  "version": "9.1.5",
   "description": "Emulate AWS λ and API Gateway locally when developing your Serverless project",
   "license": "MIT",
   "main": "./src/index.js",
@@ -194,7 +194,8 @@
     "@hapi/boom": "^10.0.0",
     "@hapi/h2o2": "^9.1.0",
     "@hapi/hapi": "^20.2.2",
-    "aws-sdk": "^2.1185.0",
+    "@serverless/utils": "^6.7.0",
+    "aws-sdk": "^2.1187.0",
     "boxen": "^7.0.0",
     "chalk": "^5.0.1",
     "execa": "^6.1.0",
@@ -204,7 +205,7 @@
     "jsonpath-plus": "^7.0.0",
     "jsonschema": "^1.4.1",
     "jsonwebtoken": "^8.5.1",
-    "jszip": "^3.10.0",
+    "jszip": "^3.10.1",
     "luxon": "^3.0.1",
     "node-fetch": "^3.2.10",
     "node-schedule": "^2.1.0",
@@ -216,7 +217,7 @@
   },
   "devDependencies": {
     "archiver": "^5.3.1",
-    "eslint": "^8.20.0",
+    "eslint": "^8.21.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-import": "^2.25.4",
@@ -230,7 +231,6 @@
     "standard-version": "^9.5.0"
   },
   "peerDependencies": {
-    "@serverless/utils": "^6.7.0",
     "serverless": "^3.2.0"
   }
 }

package/src/ServerlessOffline.js

@@ -168,7 +168,7 @@ export default class ServerlessOffline {
 
     this.#http = new Http(this.#serverless, this.#options, this.#lambda)
 
-    await this.#http.registerPlugins()
+    await this.#http.createServer()
 
     this.#http.create(events)
 
@@ -236,12 +236,8 @@ export default class ServerlessOffline {
       .replace(/\s/g, '')
       .split(',')
 
-    if (this.#options.corsDisallowCredentials) {
-      this.#options.corsAllowCredentials = false
-    }
-
     this.#options.corsConfig = {
-      credentials: this.#options.corsAllowCredentials,
+      credentials: !this.#options.corsDisallowCredentials,
       exposedHeaders: this.#options.corsExposedHeaders,
       headers: this.#options.corsAllowHeaders,
       origin: this.#options.corsAllowOrigin,

package/src/config/defaultOptions.js

@@ -2,9 +2,9 @@ import { createApiKey } from '../utils/index.js'
 
 export default {
   apiKey: createApiKey(),
-  corsAllowCredentials: true, // TODO no CLI option
   corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
   corsAllowOrigin: '*',
+  corsDisallowCredentials: true,
   corsExposedHeaders: 'WWW-Authenticate,Server-Authorization',
   disableCookieValidation: false,
   disableScheduledEvents: false,

package/src/events/http/Http.js

@@ -17,6 +17,10 @@ export default class Http {
     return this.#httpServer.stop(timeout)
   }
 
+  async createServer() {
+    await this.#httpServer.createServer()
+  }
+
   #createEvent(functionKey, rawHttpEventDefinition, handler) {
     const httpEvent = new HttpEventDefinition(rawHttpEventDefinition)
 
@@ -39,10 +43,6 @@ export default class Http {
     this.#httpServer.create404Route()
   }
 
-  registerPlugins() {
-    return this.#httpServer.registerPlugins()
-  }
-
   // TEMP FIXME quick fix to expose gateway server for testing, look for better solution
   getServer() {
     return this.#httpServer.getServer()

package/src/events/http/HttpServer.js

@@ -1,5 +1,5 @@
 import { Buffer } from 'node:buffer'
-import { readFileSync } from 'node:fs'
+import { readFile } from 'node:fs/promises'
 import { createRequire } from 'node:module'
 import { join, resolve } from 'node:path'
 import { exit } from 'node:process'
@@ -47,7 +47,9 @@ export default class HttpServer {
     this.#lambda = lambda
     this.#options = options
     this.#serverless = serverless
+  }
 
+  async createServer() {
     const {
       enforceSecureCookies,
       host,
@@ -80,14 +82,20 @@ export default class HttpServer {
     // HTTPS support
     if (typeof httpsProtocol === 'string' && httpsProtocol.length > 0) {
       serverOptions.tls = {
-        cert: readFileSync(resolve(httpsProtocol, 'cert.pem'), 'ascii'),
-        key: readFileSync(resolve(httpsProtocol, 'key.pem'), 'ascii'),
+        cert: readFile(resolve(httpsProtocol, 'cert.pem'), 'ascii'),
+        key: readFile(resolve(httpsProtocol, 'key.pem'), 'ascii'),
       }
     }
 
     // Hapijs server creation
     this.#server = new Server(serverOptions)
 
+    try {
+      await this.#server.register([h2o2])
+    } catch (err) {
+      log.error(err)
+    }
+
     // Enable CORS preflight response
     this.#server.ext('onPreResponse', (request, h) => {
       if (request.headers.origin) {
@@ -205,14 +213,6 @@ export default class HttpServer {
     })
   }
 
-  async registerPlugins() {
-    try {
-      await this.#server.register([h2o2])
-    } catch (err) {
-      log.error(err)
-    }
-  }
-
   #logPluginIssue() {
     log.notice(
       'If you think this is an issue with the plugin please submit it, thanks!\nhttps://github.com/dherault/serverless-offline/issues',
@@ -260,7 +260,7 @@ export default class HttpServer {
     log.debug(`Creating Authorization scheme for ${authKey}`)
 
     // Create the Auth Scheme for the endpoint
-    const scheme = createJWTAuthScheme(jwtSettings, this)
+    const scheme = createJWTAuthScheme(jwtSettings)
 
     // Set the auth scheme and strategy on the server
     this.#server.auth.scheme(authSchemeName, scheme)
@@ -338,6 +338,7 @@ export default class HttpServer {
      *    /tests/integration/custom-authentication
      */
     const customizations = this.#serverless.service.custom
+
     if (
       customizations &&
       customizations.offline?.customAuthenticationProvider
@@ -350,11 +351,13 @@ export default class HttpServer {
       )
 
       const strategy = provider(endpoint, functionKey, method, path)
+
       this.#server.auth.scheme(
         strategy.scheme,
         strategy.getAuthenticateFunction,
       )
       this.#server.auth.strategy(strategy.name, strategy.scheme)
+
       return strategy.name
     }
 
@@ -363,164 +366,44 @@ export default class HttpServer {
       ? null
       : this.#configureJWTAuthorization(endpoint, functionKey, method, path) ||
         this.#configureAuthorization(endpoint, functionKey, method, path)
+
     return authStrategyName
   }
 
-  createRoutes(functionKey, httpEvent, handler) {
-    const [handlerPath] = splitHandlerPathAndName(handler)
-
-    let method
-    let path
-    let hapiPath
-
-    if (httpEvent.isHttpApi) {
-      if (httpEvent.routeKey === '$default') {
-        method = 'ANY'
-        path = httpEvent.routeKey
-        hapiPath = '/{default*}'
-      } else {
-        ;[method, path] = httpEvent.routeKey.split(' ')
-        hapiPath = generateHapiPath(
-          path,
-          {
-            ...this.#options,
-            noPrependStageInUrl: true, // Serverless always uses the $default stage
-          },
-          this.#serverless,
-        )
-      }
-    } else {
-      method = httpEvent.method.toUpperCase()
-      ;({ path } = httpEvent)
-      hapiPath = generateHapiPath(path, this.#options, this.#serverless)
-    }
-
-    const endpoint = new Endpoint(
-      join(this.#serverless.config.servicePath, handlerPath),
-      httpEvent,
-    ).generate()
-
-    const stage = endpoint.isHttpApi
-      ? '$default'
-      : this.#options.stage || this.#serverless.service.provider.stage
-    const protectedRoutes = []
-
-    if (httpEvent.private) {
-      protectedRoutes.push(`${method}#${hapiPath}`)
-    }
-
-    const { host, httpPort, httpsProtocol } = this.#options
-    const server = `${httpsProtocol ? 'https' : 'http'}://${host}:${httpPort}`
-
-    this.#terminalInfo.push({
-      invokePath: `/2015-03-31/functions/${functionKey}/invocations`,
-      method,
-      path: hapiPath,
-      server,
-      stage:
-        endpoint.isHttpApi || this.#options.noPrependStageInUrl ? null : stage,
-    })
-
-    const authStrategyName = this.#setAuthorizationStrategy(
+  #createHapiHandler(params) {
+    const {
+      additionalRequestContext,
       endpoint,
       functionKey,
+      hapiMethod,
+      hapiPath,
       method,
-      path,
-    )
-
-    let cors = null
-    if (endpoint.cors) {
-      cors = {
-        credentials:
-          endpoint.cors.credentials || this.#options.corsConfig.credentials,
-        exposedHeaders: this.#options.corsConfig.exposedHeaders,
-        headers: endpoint.cors.headers || this.#options.corsConfig.headers,
-        origin: endpoint.cors.origins || this.#options.corsConfig.origin,
-      }
-    } else if (
-      this.#serverless.service.provider.httpApi &&
-      this.#serverless.service.provider.httpApi.cors
-    ) {
-      const httpApiCors = getHttpApiCorsConfig(
-        this.#serverless.service.provider.httpApi.cors,
-        this,
-      )
-      cors = {
-        credentials: httpApiCors.allowCredentials,
-        exposedHeaders: httpApiCors.exposedResponseHeaders || [],
-        headers: httpApiCors.allowedHeaders || [],
-        maxAge: httpApiCors.maxAge,
-        origin: httpApiCors.allowedOrigins || [],
-      }
-    }
-
-    const hapiMethod = method === 'ANY' ? '*' : method
-
-    const state = this.#options.disableCookieValidation
-      ? {
-          failAction: 'ignore',
-          parse: false,
-        }
-      : {
-          failAction: 'error',
-          parse: true,
-        }
-
-    const hapiOptions = {
-      auth: authStrategyName,
-      cors,
-      state,
-      timeout: { socket: false },
-    }
-
-    // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'
-    // for more details, check https://github.com/dherault/serverless-offline/issues/204
-    if (hapiMethod === 'HEAD') {
-      log.notice(
-        'HEAD method event detected. Skipping HAPI server route mapping',
-      )
-
-      return
-    }
-
-    if (hapiMethod !== 'HEAD' && hapiMethod !== 'GET') {
-      // maxBytes: Increase request size from 1MB default limit to 10MB.
-      // Cf AWS API GW payload limits.
-      hapiOptions.payload = {
-        maxBytes: 1024 * 1024 * 10,
-        parse: false,
-      }
-    }
-
-    const additionalRequestContext = {}
-    if (httpEvent.operationId) {
-      additionalRequestContext.operationName = httpEvent.operationId
-    }
-
-    hapiOptions.tags = ['api']
+      protectedRoute,
+      stage,
+    } = params
 
-    const hapiHandler = async (request, h) => {
+    return async (request, h) => {
       const requestPath =
         endpoint.isHttpApi || this.#options.noPrependStageInUrl
           ? request.path
           : request.path.substr(`/${stage}`.length)
 
-      // Payload processing
+      // payload processing
       const encoding = detectEncoding(request)
 
       request.payload = request.payload && request.payload.toString(encoding)
       request.rawPayload = request.payload
 
-      // Incomming request message
+      // incomming request message
       log.notice()
 
       log.notice()
       log.notice(`${method} ${request.path} (λ: ${functionKey})`)
 
-      // Check for APIKey
+      // check for APIKey
       if (
-        (protectedRoutes.includes(`${hapiMethod}#${hapiPath}`) ||
-          protectedRoutes.includes(`ANY#${hapiPath}`)) &&
+        (protectedRoute === `${hapiMethod}#${hapiPath}` ||
+          protectedRoute === `ANY#${hapiPath}`) &&
         !this.#options.noAuth
       ) {
         const errorResponse = () =>
@@ -704,8 +587,7 @@ export default class HttpServer {
 
         const errorMessage = (err.message || err).toString()
 
-        const re = /\[(\d{3})]/
-        const found = errorMessage.match(re)
+        const found = errorMessage.match(/\[(\d{3})]/)
 
         if (found && found.length > 1) {
           ;[, errorStatusCode] = found
@@ -856,7 +738,9 @@ export default class HttpServer {
                 ).getContext()
 
                 result = renderVelocityTemplateObject(
-                  { root: responseTemplate },
+                  {
+                    root: responseTemplate,
+                  },
                   reponseContext,
                 ).root
               } catch (error) {
@@ -965,7 +849,9 @@ export default class HttpServer {
             headerValue.forEach((value) => {
               // it looks like Hapi doesn't support multiple headers with the same name,
               // appending values is the closest we can come to the AWS behavior.
-              response.header(headerKey, value, { append: true })
+              response.header(headerKey, value, {
+                append: true,
+              })
             })
           }
         })
@@ -1003,7 +889,6 @@ export default class HttpServer {
         }
       }
 
-      // Log response
       let whatToLog = result
 
       try {
@@ -1018,9 +903,152 @@ export default class HttpServer {
         }
       }
 
-      // Bon voyage!
       return response
     }
+  }
+
+  createRoutes(functionKey, httpEvent, handler) {
+    const [handlerPath] = splitHandlerPathAndName(handler)
+
+    let method
+    let path
+    let hapiPath
+
+    if (httpEvent.isHttpApi) {
+      if (httpEvent.routeKey === '$default') {
+        method = 'ANY'
+        path = httpEvent.routeKey
+        hapiPath = '/{default*}'
+      } else {
+        ;[method, path] = httpEvent.routeKey.split(' ')
+        hapiPath = generateHapiPath(
+          path,
+          {
+            ...this.#options,
+            noPrependStageInUrl: true, // Serverless always uses the $default stage
+          },
+          this.#serverless,
+        )
+      }
+    } else {
+      method = httpEvent.method.toUpperCase()
+      ;({ path } = httpEvent)
+      hapiPath = generateHapiPath(path, this.#options, this.#serverless)
+    }
+
+    const endpoint = new Endpoint(
+      join(this.#serverless.config.servicePath, handlerPath),
+      httpEvent,
+    ).generate()
+
+    const stage = endpoint.isHttpApi
+      ? '$default'
+      : this.#options.stage || this.#serverless.service.provider.stage
+
+    const protectedRoute = httpEvent.private
+      ? `${method}#${hapiPath}`
+      : undefined
+
+    const { host, httpPort, httpsProtocol } = this.#options
+    const server = `${httpsProtocol ? 'https' : 'http'}://${host}:${httpPort}`
+
+    this.#terminalInfo.push({
+      invokePath: `/2015-03-31/functions/${functionKey}/invocations`,
+      method,
+      path: hapiPath,
+      server,
+      stage:
+        endpoint.isHttpApi || this.#options.noPrependStageInUrl ? null : stage,
+    })
+
+    const authStrategyName = this.#setAuthorizationStrategy(
+      endpoint,
+      functionKey,
+      method,
+      path,
+    )
+
+    let cors = null
+    if (endpoint.cors) {
+      cors = {
+        credentials:
+          endpoint.cors.credentials || this.#options.corsConfig.credentials,
+        exposedHeaders: this.#options.corsConfig.exposedHeaders,
+        headers: endpoint.cors.headers || this.#options.corsConfig.headers,
+        origin: endpoint.cors.origins || this.#options.corsConfig.origin,
+      }
+    } else if (
+      this.#serverless.service.provider.httpApi &&
+      this.#serverless.service.provider.httpApi.cors
+    ) {
+      const httpApiCors = getHttpApiCorsConfig(
+        this.#serverless.service.provider.httpApi.cors,
+        this,
+      )
+      cors = {
+        credentials: httpApiCors.allowCredentials,
+        exposedHeaders: httpApiCors.exposedResponseHeaders || [],
+        headers: httpApiCors.allowedHeaders || [],
+        maxAge: httpApiCors.maxAge,
+        origin: httpApiCors.allowedOrigins || [],
+      }
+    }
+
+    const hapiMethod = method === 'ANY' ? '*' : method
+
+    const state = this.#options.disableCookieValidation
+      ? {
+          failAction: 'ignore',
+          parse: false,
+        }
+      : {
+          failAction: 'error',
+          parse: true,
+        }
+
+    const hapiOptions = {
+      auth: authStrategyName,
+      cors,
+      state,
+      timeout: { socket: false },
+    }
+
+    // skip HEAD routes as hapi will fail with 'Method name not allowed: HEAD ...'
+    // for more details, check https://github.com/dherault/serverless-offline/issues/204
+    if (hapiMethod === 'HEAD') {
+      log.notice(
+        'HEAD method event detected. Skipping HAPI server route mapping',
+      )
+
+      return
+    }
+
+    if (hapiMethod !== 'HEAD' && hapiMethod !== 'GET') {
+      // maxBytes: Increase request size from 1MB default limit to 10MB.
+      // Cf AWS API GW payload limits.
+      hapiOptions.payload = {
+        maxBytes: 1024 * 1024 * 10,
+        parse: false,
+      }
+    }
+
+    const additionalRequestContext = {}
+    if (httpEvent.operationId) {
+      additionalRequestContext.operationName = httpEvent.operationId
+    }
+
+    hapiOptions.tags = ['api']
+
+    const hapiHandler = this.#createHapiHandler({
+      additionalRequestContext,
+      endpoint,
+      functionKey,
+      hapiMethod,
+      hapiPath,
+      method,
+      protectedRoute,
+      stage,
+    })
 
     this.#server.route({
       handler: hapiHandler,

package/src/lambda/handler-runner/child-process-runner/ChildProcessRunner.js

@@ -41,19 +41,6 @@ export default class ChildProcessRunner {
       },
     )
 
-    let message
-
-    try {
-      message = new Promise((res, rej) => {
-        childProcess.on('message', (data) => {
-          if (data.error) rej(data.error)
-          else res(data)
-        })
-      })
-    } finally {
-      childProcess.kill()
-    }
-
     childProcess.send({
       context,
       event,
@@ -63,12 +50,21 @@ export default class ChildProcessRunner {
     let result
 
     try {
-      result = await message
+      result = await new Promise((res, rej) => {
+        childProcess.on('message', (data) => {
+          if (data.error) {
+            rej(data.error)
+            return
+          }
+          res(data)
+        })
+      })
     } catch (err) {
       // TODO
       log.error(err)
-
       throw err
+    } finally {
+      childProcess.kill()
     }
 
     return result

package/src/lambda/handler-runner/in-process-runner/InProcessRunner.js

@@ -50,7 +50,6 @@ export default class InProcessRunner {
     let handler
 
     try {
-      // const { [this.#handlerName]: handler } = await import(this.#handlerPath)
       // eslint-disable-next-line import/no-dynamic-require
       ;({ [this.#handlerName]: handler } = require(this.#handlerPath))
     } catch (err) {
@@ -87,15 +86,21 @@ export default class InProcessRunner {
     // create new immutable object
     const lambdaContext = {
       ...context,
-      done: (err, data) => callback(err, data),
-      fail: (err) => callback(err),
+      done(err, data) {
+        callback(err, data)
+      },
+      fail(err) {
+        callback(err)
+      },
       getRemainingTimeInMillis() {
         const timeLeft = executionTimeout - performance.now()
 
         // just return 0 for now if we are beyond alotted time (timeout)
         return timeLeft > 0 ? floor(timeLeft) : 0
       },
-      succeed: (res) => callback(null, res),
+      succeed(res) {
+        callback(null, res)
+      },
     }
 
     let result