Feature/issue 1475

[vidueirof]

Description

Support simple lambda authorizer response by checking if function result has isAuthorized flag and prevent running policy document validations.

Motivation and Context

To add support for simple response in authorizer function result.

Fixes: #1475 and #1341

How Has This Been Tested?

Simple lambda authorizer.

authorizer.js

export const handler = async (event) => {
    let response = {
        "isAuthorized": false,
    };
    
    if (event.authorizationToken === 'secretToken') { 
        response = {
            "isAuthorized": true,
        };
    }

    return response;
}

serverless.yml

.
.
.
provider:
  .
  .
  .
  httpApi:
    authorizers:
      authorizer:
        type: request
        functionName: authorizer
        enableSimpleResponses: true

functions:
  authorizer:
    handler: authorizer.handler
  hello:
    handler: hello.handler
    events:
      - httpApi:
          method: GET
          path: /
          authorizer:
            name: authorizer

Using correct and wrong token

[dnalborczyk]

thank you @vidueirof ! could you add your tests to the tests of this project? let me know if you have any questions or need any pointers.

[vidueirof]

@dnalborczyk I added some tests, let me know what you think. Thanks

[dnalborczyk]

I don't see enableSimpleResponses anywhere in the current code being used nor in your PR. the tests pass with or without this property being set. is that intentional? I must admit I currently don't know much about the topic.

[vidueirof]

Yes, that's right. I'm checking if the response is in simple response format.

[dnalborczyk]

what I mean is that I don't see any usage of enableSimpleResponses, e.g. in a condition anywhere in your code.

also your tests pass as well if I comment out enableSimpleResponses: true

    authorizer:
        type: request
        functionName: authorizer
        # enableSimpleResponses: true

[vidueirof]

Yes, I understand your point. I'm not using it because I'm checking if the response is in simple response format without caring enableSimpleResponses flag. That's why if you set to false but your response is in simple format test will pass. I don't think we need to force to use enableSimpleResponses to true, just using a valid format is enough. But if you think is better to check enableSimpleResponses try to do it (no idea how :p but I'll work it out).

[dnalborczyk]

thanks for adding the tests @vidueirof just added one question, otherwise looks good.

could you also merge (or rebase) with master? should be just an import fix as far as I can tell: import { setup, teardown } from '../../_testHelpers/index.js'.

[rion18]

Hi @dnalborczyk @vidueirof .

I've implemented this on #1600, where we accept payloadFormat 1.0, 2.0 and 2.0 + simpleResponses.

There are also some checks done where enableSimpleResponses HAS to be used along with payloadFormat 2.0, as well as a set of tests with httpApi with payloadFormat 1.0, 2.0 and simple responses.

Please feel free to take a look at it and see if that PR fixes the needs of this PR.

[dnalborczyk]

@vidueirof could you have a look at v11.3.0 if that covers your PR? thank you again for putting in the work! much appreciated!

closing in the meantime for good housekeeping.

[vidueirof]

@vidueirof could you have a look at v11.3.0 if that covers your PR? thank you again for putting in the work! much appreciated!

closing in the meantime for good housekeeping.

Yes, it's looks fine. I'm sorry I couldn't fix this PR on time.

[rion18]

No worries man, I was also looking for support for PayloadFormat 2.0. Glad I could help out.