fix: Support httpApi authorizer with different config and function na…

…mes (#1763) * fix: Support httpApi authorizer with different config and function names * Don't copy full config since what's supported is manually mapped, check if httpApi before redirecting auth function * Support resultTtlInSeconds being set to 0 in the provider config * Also need to copy type from authorizer config to support sample code * Fix test failure caused by new hasAuthorizer test field
dherault · May 24, 2024 · febd1e7 · febd1e7
1 parent 378ef71
commit febd1e7
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 12 deletions.
diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
@@ -295,24 +295,40 @@ export default class HttpServer {
       return null
     }
 
-    const authFunctionName = this.#extractAuthFunctionName(endpoint)
+    let authFunctionName = this.#extractAuthFunctionName(endpoint)
 
     if (!authFunctionName) {
       return null
     }
 
     log.notice(`Configuring Authorization: ${path} ${authFunctionName}`)
 
+    const standardFunctionExists =
+      this.#serverless.service.functions &&
+      this.#serverless.service.functions[authFunctionName]
+    const serverlessAuthorizerOptions =
+      this.#serverless.service.provider.httpApi &&
+      this.#serverless.service.provider.httpApi.authorizers &&
+      this.#serverless.service.provider.httpApi.authorizers[authFunctionName]
+
+    if (
+      !standardFunctionExists &&
+      endpoint.isHttpApi &&
+      serverlessAuthorizerOptions &&
+      serverlessAuthorizerOptions.functionName
+    ) {
+      log.notice(
+        `Redirecting authorizer function: ${authFunctionName} to ${serverlessAuthorizerOptions.functionName}`,
+      )
+      authFunctionName = serverlessAuthorizerOptions.functionName
+    }
+
     const authFunction = this.#serverless.service.getFunction(authFunctionName)
 
     if (!authFunction) {
       log.error(`Authorization function ${authFunctionName} does not exist`)
       return null
     }
-    const serverlessAuthorizerOptions =
-      this.#serverless.service.provider.httpApi &&
-      this.#serverless.service.provider.httpApi.authorizers &&
-      this.#serverless.service.provider.httpApi.authorizers[authFunctionName]
 
     const authorizerOptions = {
       enableSimpleResponses:
@@ -326,7 +342,8 @@ export default class HttpServer {
         ? serverlessAuthorizerOptions?.payloadVersion || "2.0"
         : "1.0",
       resultTtlInSeconds:
-        serverlessAuthorizerOptions?.resultTtlInSeconds || "300",
+        serverlessAuthorizerOptions?.resultTtlInSeconds ?? "300",
+      type: endpoint.isHttpApi ? serverlessAuthorizerOptions?.type : undefined,
     }
 
     if (
@@ -339,11 +356,10 @@ export default class HttpServer {
       return null
     }
 
-    if (typeof endpoint.authorizer === "string") {
-      authorizerOptions.name = authFunctionName
-    } else {
+    if (typeof endpoint.authorizer !== "string") {
       assign(authorizerOptions, endpoint.authorizer)
     }
+    authorizerOptions.name = authFunctionName
 
     if (
       !authorizerOptions.identitySource &&

diff --git a/tests/integration/request-authorizer/request-authorizer.test.js b/tests/integration/request-authorizer/request-authorizer.test.js
@@ -329,6 +329,25 @@ describe("request authorizer tests", () => {
     ].forEach(doTest)
   })
 
+  describe("authorizer with alternative mismatched authorizer name", () => {
+    ;[
+      {
+        description: "should respond with isAuthorized true",
+        expected: {
+          hasAuthorizer: true,
+          status: "Authorized",
+        },
+        options: {
+          headers: {
+            AuthorizationSimple: "Bearer fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5a",
+          },
+        },
+        path: "/user2simple-header-alternative",
+        status: 200,
+      },
+    ].forEach(doTest)
+  })
+
   describe("authorizer with payload format 2.0 with simple responses enabled and querystring identity source", () => {
     ;[
       {

diff --git a/tests/integration/request-authorizer/serverless.yml b/tests/integration/request-authorizer/serverless.yml
@@ -12,20 +12,27 @@ provider:
   httpApi:
     authorizers:
       requestAuthorizer1FormatHeader:
-        functionName: requestAuthorizer1Format
+        functionName: requestAuthorizer1FormatHeader
         identitySource: $request.header.Authorization
         payloadVersion: "1.0"
         type: request
 
       requestAuthorizer2FormatHeader:
-        functionName: requestAuthorizer2Format
+        functionName: requestAuthorizer2FormatHeader
         identitySource: $request.header.Authorization
         payloadVersion: "2.0"
         type: request
 
       requestAuthorizer2FormatSimpleHeader:
         enableSimpleResponses: true
-        functionName: requestAuthorizer2FormatSimple
+        functionName: requestAuthorizer2FormatSimpleHeader
+        identitySource: $request.header.AuthorizationSimple
+        payloadVersion: "2.0"
+        type: request
+
+      requestAuthorizer2FormatSimpleHeaderAlternative:
+        enableSimpleResponses: true
+        functionName: requestAuthorizer2FormatSimpleHeader
         identitySource: $request.header.AuthorizationSimple
         payloadVersion: "2.0"
         type: request
@@ -92,6 +99,15 @@ functions:
           path: /user2simple-header
     handler: src/handler.user
 
+  user2simpleAlternative:
+    events:
+      - httpApi:
+          authorizer:
+            name: requestAuthorizer2FormatSimpleHeaderAlternative
+          method: get
+          path: /user2simple-header-alternative
+    handler: src/handler.user
+
   user1WithQueryString:
     events:
       - httpApi: