0

我写了一个 lambda 授权器,它以这种格式返回响应 -

{
principalId: 123345,
policyDocument: {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "execute-api:Invoke",
      "Effect": "Allow",
      "Resource": "arn:aws:execute-api:us-east-1:123456789012:ivdtdhp7b5/verifyToken-stage/GET/"
    }
  ]
}
}

注意-我的授权人的名字是verifyToken

在我不同的微服务(即活动日志) serverless.yml 文件中,我这样称呼它 -


service: activity-logs

frameworkVersion: '2'

resources:
  Resources:
    GatewayResponseUnauthorized:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
          gatewayresponse.header.Access-Control-Allow-Methods: "'*'"
          gatewayresponse.header.Access-Control-Allow-Credentials: "'true'"
        ResponseType: UNAUTHORIZED
        RestApiId: 
          Ref: 'ApiGatewayRestApi'

provider:
  name: aws
  runtime: nodejs12.x
  lambdaHashingVersion: 20201221
  region: us-east-1
  stage:  ${opt:stage}
functions:
  getActivityLogs:
    handler: handler.getActivityLogs
    environment:
      NODE_ENV:  ${opt:env}
    timeout: 800
    events:
      - http:
          path: /{user_id}
          method: get
          authorizer: arn:aws:lambda:us-east-1:123456789012:function:auth-${opt:stage}-verifyToken
          cors: true
    vpc:
      securityGroupIds:
        - sg-xxxxxxxx
        - sg-xxxxxxxx
        - sg-xxxxxxxx
        - sg-xxxxxxxx
        - sg-xxxxxxxx
      subnetIds:
        - subnet-xxxxxxxxxxxxxxxxx
        - subnet-xxxxxxxxxxxxxxxxx

我已经单独检查了我的授权人,它正在工作并返回 200 和上述响应。同样,我的微服务在没有授权的情况下工作。但是当在 getActivityLogs 中启用授权时,它不会让我的活动日志执行单行

4

1 回答 1

0

我在异步函数中使用回调来返回响应,根据这个文档,https: //docs.aws.amazon.com/lambda/latest/dg/nodejs-handler.html 如果函数是异步的,我们可以简单地返回我们的响应.

于 2021-09-22T08:27:45.800 回答