Hi i have an Api construct with a `defaultAuthorizer HttpUse Serverless Stack #help

Hi i have an Api construct with a `defaultAuthoriz...

Dan Beaven

02/08/2022, 1:33 PM

Hi i have an Api construct with a

defaultAuthorizer: HttpUserPoolAuthorizer

however I need some routes to be public and adding

authorizationType: sst.ApiAuthorizationType.NONE

to the public routes config doesn't remove the authorisation from api gateway. I also tried removing

defaultAuthorizer

and instead adding

authorizer:HttpUserPoolAuthorizer

on the individual route config however this resulted in no authorizer being attached and all routes being public any ideas what I am doing wrong?

Ross Coundon

02/08/2022, 1:36 PM

That sounds weird, both ways should work - we have a mixture of public and private routes in our setup. Can you share some code?

Dan Beaven

02/08/2022, 1:37 PM

Copy code

import * as apigAuthorizers from '@aws-cdk/aws-apigatewayv2-authorizers-alpha'
import { aws_route53, aws_certificatemanager } from 'aws-cdk-lib'
import * as sst from '@serverless-stack/resources'

import type { AuthenticationStack } from './Authentication'
import type { DynamodbTables } from './Tables'
import type { SiteStack } from './Site'

export class ApiStack extends sst.Stack {
  authApi: sst.Api
  publicApi: sst.Api
  constructor(
    scope: <http://sst.App|sst.App>,
    id: string,
    config: {
      site: SiteStack
      tables: DynamodbTables
      auth: AuthenticationStack
      domainName: string
      zone: aws_route53.IHostedZone
    },
    props?: sst.StackProps
  ) {
    super(scope, id, props)


    const authorizer = new apigAuthorizers.HttpUserPoolAuthorizer('http-cognito-authorizer', config.auth.userPool, {
      userPoolClients: [config.auth.userPoolClient]
    })

    this.authApi = new sst.Api(this, 'api', {

      defaultFunctionProps: {
        timeout: 20,
        environment: {
          DYNAMODB_EVENTS_TABLE: config.tables.events.tableName,
          DYNAMODB_SNAPSHOTS_TABLE: config.tables.snapshots.tableName,
          COGNITO_USER_POOL_CLIENT_DOMAIN: config.auth.domainName,
          COGNITO_USER_POOL_CLIENT_ID: config.auth.userPoolClient.userPoolClientId,
          REDIRECT_URI: `https://${config.domainName}/redirect-after-signin/`,
          REGION: scope.region
        },
        permissions: [config.tables.events, config.tables.snapshots]
      },
      // defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
      // defaultAuthorizer: authorizer,
      defaultPayloadFormatVersion: sst.ApiPayloadFormatVersion.V2,
      accessLog: true,
      routes: {
        'POST /stream/events': {
          handler: 'src/read/index.read',
          authorizer,
          authorizationType: sst.ApiAuthorizationType.JWT
        },
        'POST /stream/commands': {
          handler: 'src/write/index.write',
          authorizer,
          authorizationType: sst.ApiAuthorizationType.JWT
        },
        'GET /login': {
          handler: 'src/authentication.login',
          authorizationType: sst.ApiAuthorizationType.NONE
        },
        'GET /redirect-after-signin/{id}': {
          handler: 'src/authentication.redirectAfterSignin',
          authorizationType: sst.ApiAuthorizationType.NONE
        }
      }
    })
  }
}

Frank

02/08/2022, 5:56 PM

@Dan Beaven try changing

handler

function

for each of ur routes, ie.

Copy code

'POST /stream/events': {
          function: 'src/read/index.read',
          authorizer,
          authorizationType: sst.ApiAuthorizationType.JWT
         }.

3 Views

Open in Slack

Previous Next