-
Notifications
You must be signed in to change notification settings - Fork 359
/
Copy pathauthorizer.rs
53 lines (48 loc) · 1.61 KB
/
authorizer.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
use std::env;
use aws_lambda_events::{
apigw::{ApiGatewayCustomAuthorizerPolicy, ApiGatewayCustomAuthorizerResponse},
event::iam::IamPolicyStatement,
};
use lambda_runtime::{service_fn, tracing, Error, LambdaEvent};
use serde::Deserialize;
use serde_json::json;
#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
struct APIGatewayCustomAuthorizerRequest {
authorization_token: String,
method_arn: String,
}
#[tokio::main]
async fn main() -> Result<(), Error> {
tracing::init_default_subscriber();
let func = service_fn(func);
lambda_runtime::run(func).await?;
Ok(())
}
async fn func(
event: LambdaEvent<APIGatewayCustomAuthorizerRequest>,
) -> Result<ApiGatewayCustomAuthorizerResponse, Error> {
let expected_token = env::var("SECRET_TOKEN").expect("could not read the secret token");
if event.payload.authorization_token == expected_token {
return Ok(allow(&event.payload.method_arn));
}
panic!("token is not valid");
}
fn allow(method_arn: &str) -> ApiGatewayCustomAuthorizerResponse {
let stmt = IamPolicyStatement {
action: vec!["execute-api:Invoke".to_string()],
resource: vec![method_arn.to_owned()],
effect: aws_lambda_events::iam::IamPolicyEffect::Allow,
condition: None,
};
let policy = ApiGatewayCustomAuthorizerPolicy {
version: Some("2012-10-17".to_string()),
statement: vec![stmt],
};
ApiGatewayCustomAuthorizerResponse {
principal_id: Some("user".to_owned()),
policy_document: policy,
context: json!({ "hello": "world" }),
usage_identifier_key: None,
}
}