-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathoauth-authorizer.js
More file actions
57 lines (51 loc) · 1.8 KB
/
oauth-authorizer.js
File metadata and controls
57 lines (51 loc) · 1.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import { PolicyUtil, RequestUtil } from './util';
import { AppDao, OauthDao, ScopeDao } from './dao';
import { ApiAccessRequest } from './domain';
import { OauthError } from './error'
const appDao = new AppDao();
const oauthDao = new OauthDao();
const scopeDao = new ScopeDao();
let scopes = null;
export async function main(event, context, callback) {
const {
headers,
methodArn,
body
} = event;
try {
console.log('event: ', event);
console.log('context: ', context);
const accessToken = RequestUtil.parseBearerAuthHeader(headers);
if (!accessToken) {
throw new OauthError(OauthError.types.INVALID_REQUEST, 'No Authentication Header');
}
console.log('Access Token: ', accessToken);
const resource = RequestUtil.stripResource(event.resource);
console.log('Resource: ', resource);
let payload = null;
if (body) {
payload = JSON.parse(body);
}
if (!scopes) {
scopes = await scopeDao.getAllMappedByResources('scope');
}
const apiAccessRequest = new ApiAccessRequest(appDao, oauthDao, scopes);
console.log('Verifying access...');
const accessContext = await apiAccessRequest.verifyAccess({
accessToken,
resource,
payload
});
await apiAccessRequest.updateLastAccessAt();
console.log('Access allowed', accessContext);
callback(null, PolicyUtil.allow(accessContext.eosAccount, methodArn, accessContext));
} catch (e) {
console.error(e);
if (e instanceof OauthError) {
callback(null, PolicyUtil.deny('', methodArn, {
wwwAuthenticate: `Bearer, error="${e.error}"`
}));
}
callback('Unauthorized');
}
}