我今天大部分时间都在尝试让授权者工作,我检查了多个示例,它们似乎都在做我的代码所做的同样的事情。
我使用无服务器框架,这是授权代码:
exports.handler = function (event: APIGatewayTokenAuthorizerEvent): APIGatewayAuthorizerResult {
const authorizer = new Authorizer();
try {
if (!event.authorizationToken) throw new Error("No token");
const token = event.authorizationToken.split(" ")[1];
const decodedData = authorizer.verifyToken(token) as unknown as User;
const policy = generatePolicy(token, event.methodArn);
return {
...policy,
context: {
user: JSON.stringify(decodedData),
},
};
} catch (err) {
console.log(err);
throw "Unauthorized";
}
};
const generatePolicy = (principalId: string, methodArn: string) => {
return {
principalId,
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: "Allow",
Resource: methodArn,
},
],
},
};
};
这是无服务器配置
const serverlessConfiguration: AWS = {
service: "user-crud",
frameworkVersion: "2",
custom: {
webpack: {
webpackConfig: "./webpack.config.js",
includeModules: true,
},
},
plugins: ["serverless-webpack"],
provider: {
name: "aws",
runtime: "nodejs14.x",
region: "eu-west-1",
apiGateway: {
minimumCompressionSize: 1024,
shouldStartNameWithService: true,
},
environment: {
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
},
lambdaHashingVersion: "20201221",
},
functions: {
jwtAuthorizer: {
handler: "src/api/authorizer.handler",
name: "jwtAuthorizer",
},
get: {
name: "get",
handler: "src/api/get.handler",
role: "arn:aws:iam::109394173706:role/dynamodb_cloudwatch_full",
events: [
{
http: {
path: "get",
method: "get",
cors: true,
authorizer: "jwtAuthorizer",
},
},
],
},
}...
当令牌正确并且我返回对象时,我总是得到 500 响应,所以我猜返回对象有问题?
如果令牌不正确并且我抛出“未经授权”,那么我会得到正确的 401 响应。