Dan Beaven
02/08/2022, 1:33 PMdefaultAuthorizer: HttpUserPoolAuthorizer
however I need some routes to be public and adding authorizationType: sst.ApiAuthorizationType.NONE
to the public routes config doesn't remove the authorisation from api gateway. I also tried removing defaultAuthorizer
and instead adding authorizer:HttpUserPoolAuthorizer
on the individual route config however this resulted in no authorizer being attached and all routes being public any ideas what I am doing wrong?Ross Coundon
02/08/2022, 1:36 PMDan Beaven
02/08/2022, 1:37 PMimport * as apigAuthorizers from '@aws-cdk/aws-apigatewayv2-authorizers-alpha'
import { aws_route53, aws_certificatemanager } from 'aws-cdk-lib'
import * as sst from '@serverless-stack/resources'
import type { AuthenticationStack } from './Authentication'
import type { DynamodbTables } from './Tables'
import type { SiteStack } from './Site'
export class ApiStack extends sst.Stack {
authApi: sst.Api
publicApi: sst.Api
constructor(
scope: <http://sst.App|sst.App>,
id: string,
config: {
site: SiteStack
tables: DynamodbTables
auth: AuthenticationStack
domainName: string
zone: aws_route53.IHostedZone
},
props?: sst.StackProps
) {
super(scope, id, props)
const authorizer = new apigAuthorizers.HttpUserPoolAuthorizer('http-cognito-authorizer', config.auth.userPool, {
userPoolClients: [config.auth.userPoolClient]
})
this.authApi = new sst.Api(this, 'api', {
defaultFunctionProps: {
timeout: 20,
environment: {
DYNAMODB_EVENTS_TABLE: config.tables.events.tableName,
DYNAMODB_SNAPSHOTS_TABLE: config.tables.snapshots.tableName,
COGNITO_USER_POOL_CLIENT_DOMAIN: config.auth.domainName,
COGNITO_USER_POOL_CLIENT_ID: config.auth.userPoolClient.userPoolClientId,
REDIRECT_URI: `https://${config.domainName}/redirect-after-signin/`,
REGION: scope.region
},
permissions: [config.tables.events, config.tables.snapshots]
},
// defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
// defaultAuthorizer: authorizer,
defaultPayloadFormatVersion: sst.ApiPayloadFormatVersion.V2,
accessLog: true,
routes: {
'POST /stream/events': {
handler: 'src/read/index.read',
authorizer,
authorizationType: sst.ApiAuthorizationType.JWT
},
'POST /stream/commands': {
handler: 'src/write/index.write',
authorizer,
authorizationType: sst.ApiAuthorizationType.JWT
},
'GET /login': {
handler: 'src/authentication.login',
authorizationType: sst.ApiAuthorizationType.NONE
},
'GET /redirect-after-signin/{id}': {
handler: 'src/authentication.redirectAfterSignin',
authorizationType: sst.ApiAuthorizationType.NONE
}
}
})
}
}
Frank
handler
to function
for each of ur routes, ie.
'POST /stream/events': {
function: 'src/read/index.read',
authorizer,
authorizationType: sst.ApiAuthorizationType.JWT
}.