feat: httpApi with request authorizer

src/events/http/HttpServer.js

@@ -261,6 +261,16 @@ export default class HttpServer {
       return null
     }
 
+    if (
+      (endpoint.authorizer.name &&
+        this.#serverless.service.provider?.httpApi?.authorizers?.[
+          endpoint.authorizer.name
+        ]?.type === 'request') ||
+      endpoint.authorizer.type === 'request'
+    ) {
+      return null
+    }
+
     const jwtSettings = this.#extractJWTAuthSettings(endpoint)
     if (!jwtSettings) {
       return null

tests/integration/request-authorizer/request-authorizer.test.js

@@ -0,0 +1,63 @@
+// tests based on:
+// https://dev.to/piczmar_0/serverless-authorizers---custom-rest-authorizer-16
+
+import assert from 'node:assert'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { BASE_URL } from '../../config.js'
+import { setup, teardown } from '../../_testHelpers/index.js'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+
+describe('request authorizer tests', function desc() {
+  beforeEach(() =>
+    setup({
+      servicePath: resolve(__dirname),
+    }),
+  )
+
+  afterEach(() => teardown())
+
+  //
+  ;[
+    {
+      description: '...',
+      expected: {
+        status: 'authorized',
+      },
+      options: {
+        headers: {
+          Authorization: 'Bearer fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5a',
+        },
+      },
+      path: '/user',
+      status: 200,
+    },
+
+    {
+      description: '...',
+      expected: {
+        error: 'Forbidden',
+        message: 'User is not authorized to access this resource',
+        statusCode: 403,
+      },
+      options: {
+        headers: {
+          Authorization: 'Bearer fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5b',
+        },
+      },
+      path: '/user',
+      status: 403,
+    },
+  ].forEach(({ description, expected, options, path, status }) => {
+    it(description, async () => {
+      const url = new URL(path, BASE_URL)
+
+      const response = await fetch(url, options)
+      assert.equal(response.status, status)
+
+      const json = await response.json()
+      assert.deepEqual(json, expected)
+    })
+  })
+})

tests/integration/request-authorizer/serverless.yml

@@ -0,0 +1,33 @@
+service: request-authorizer
+
+configValidationMode: error
+deprecationNotificationMode: error
+
+plugins:
+  - ../../../src/index.js
+
+provider:
+  memorySize: 128
+  name: aws
+  region: us-east-1 # default
+  runtime: nodejs16.x
+  stage: dev
+  versionFunctions: false
+  httpApi:
+    authorizers:
+      requestAuthorizer:
+        type: request
+        functionName: requestAuthorizer
+
+functions:
+  user:
+    events:
+      - httpApi:
+          authorizer:
+            name: requestAuthorizer
+          method: get
+          path: /user
+    handler: src/handler.user
+
+  requestAuthorizer:
+    handler: src/authorizer.authorizerFunction

tests/integration/request-authorizer/src/authorizer.js

@@ -0,0 +1,38 @@
+function generatePolicy(principalId, effect, resource, context) {
+  const authResponse = {
+    context,
+    principalId,
+  }
+
+  if (effect && resource) {
+    const policyDocument = {
+      Statement: [
+        {
+          Action: 'execute-api:Invoke',
+          Effect: effect,
+          Resource: resource,
+        },
+      ],
+      Version: '2012-10-17',
+    }
+
+    authResponse.policyDocument = policyDocument
+  }
+  return authResponse
+}
+
+export async function authorizerFunction(event, context, callback) {
+  const [, /* type */ credential] = event.authorizationToken.split(' ')
+
+  if (credential === 'fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5a') {
+    callback(null, generatePolicy('user123', 'Allow', event.methodArn))
+    return
+  }
+
+  if (credential === 'fc3e55ea-e6ec-4bf2-94d2-06ae6efe6e5b') {
+    callback(null, generatePolicy('user123', 'Deny', event.methodArn))
+    return
+  }
+
+  callback('Unauthorized')
+}

tests/integration/request-authorizer/src/handler.js

@@ -0,0 +1,8 @@
+const { stringify } = JSON
+
+export async function user() {
+  return {
+    body: stringify({ status: 'authorized' }),
+    statusCode: 200,
+  }
+}

tests/integration/request-authorizer/src/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}