├── .gitignore ├── authorizer ├── handler.js └── package.json ├── hello ├── handler.js ├── package-lock.json └── package.json ├── package-lock.json ├── package.json └── template.yml /.gitignore: -------------------------------------------------------------------------------- 1 | packaged.yaml 2 | .aws-sam/ 3 | -------------------------------------------------------------------------------- /authorizer/handler.js: -------------------------------------------------------------------------------- 1 | exports.authorizer = async function (event) { 2 | const token = event.authorizationToken.toLowerCase(); 3 | const methodArn = event.methodArn; 4 | 5 | switch (token) { 6 | case 'allow': 7 | return generateAuthResponse('user', 'Allow', methodArn); 8 | default: 9 | return generateAuthResponse('user', 'Deny', methodArn); 10 | } 11 | } 12 | 13 | function generateAuthResponse(principalId, effect, methodArn) { 14 | const policyDocument = generatePolicyDocument(effect, methodArn); 15 | 16 | return { 17 | principalId, 18 | policyDocument 19 | } 20 | } 21 | 22 | function generatePolicyDocument(effect, methodArn) { 23 | if (!effect || !methodArn) return null 24 | 25 | const policyDocument = { 26 | Version: '2012-10-17', 27 | Statement: [{ 28 | Action: 'execute-api:Invoke', 29 | Effect: effect, 30 | Resource: methodArn 31 | }] 32 | }; 33 | 34 | return policyDocument; 35 | } -------------------------------------------------------------------------------- /authorizer/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "authorizer", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "handler.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "ISC" 12 | } 13 | -------------------------------------------------------------------------------- /hello/handler.js: -------------------------------------------------------------------------------- 1 | exports.hello = async (event) => { 2 | return { 3 | statusCode: 200, 4 | body: JSON.stringify(event), 5 | headers: {} 6 | } 7 | } -------------------------------------------------------------------------------- /hello/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hello", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1 5 | } 6 | -------------------------------------------------------------------------------- /hello/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hello", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "handler.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "keywords": [], 10 | "author": "", 11 | "license": "ISC" 12 | } 13 | -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "sam-api-gateway-token-auth", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1 5 | } 6 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "sam-api-gateway-token-auth", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "config": { 7 | "stackName": "learning-serverless-sam-api-gateway-token-auth", 8 | "bucketName": "learning-serverless-publish-sam-app" 9 | }, 10 | "scripts": { 11 | "deploy": "sam build --region us-east-1 && sam package --template-file template.yml --s3-bucket $npm_package_config_bucketName --output-template-file packaged.yaml && sam deploy --region us-east-1 --template-file packaged.yaml --stack-name $npm_package_config_stackName --capabilities CAPABILITY_IAM && aws cloudformation describe-stacks --stack-name $npm_package_config_stackName --region us-east-1 --query 'Stacks[].Outputs'", 12 | "describe": "aws cloudformation describe-stacks --region us-east-1 --stack-name $npm_package_config_stackName --query 'Stacks[].Outputs'" 13 | }, 14 | "keywords": [], 15 | "author": "", 16 | "license": "ISC" 17 | } 18 | -------------------------------------------------------------------------------- /template.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Transform: 'AWS::Serverless-2016-10-31' 3 | 4 | Resources: 5 | 6 | MyApi: 7 | Type: AWS::Serverless::Api 8 | Properties: 9 | StageName: dev 10 | Auth: 11 | DefaultAuthorizer: MyLambdaTokenAuthorizer 12 | Authorizers: 13 | MyLambdaTokenAuthorizer: 14 | FunctionArn: !GetAtt MyAuthFunction.Arn 15 | 16 | HelloFunction: 17 | Type: 'AWS::Serverless::Function' 18 | Properties: 19 | Handler: handler.hello 20 | Runtime: nodejs10.x 21 | CodeUri: ./hello 22 | Events: 23 | HelloAPI: 24 | Type: Api 25 | Properties: 26 | RestApiId: !Ref MyApi 27 | Path: /hello 28 | Method: GET 29 | 30 | MyAuthFunction: 31 | Type: 'AWS::Serverless::Function' 32 | Properties: 33 | CodeUri: ./authorizer 34 | Handler: handler.authorizer 35 | Runtime: nodejs10.x 36 | 37 | Outputs: 38 | Region: 39 | Description: "Region" 40 | Value: !Ref AWS::Region 41 | 42 | ApiId: 43 | Description: "API ID" 44 | Value: !Ref MyApi 45 | 46 | ApiUrl: 47 | Description: "API endpoint URL for Prod environment" 48 | Value: !Sub 'https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/dev/' --------------------------------------------------------------------------------