forked from dherault/serverless-offline
/
authJWTSettingsExtractor.js
70 lines (55 loc) · 1.62 KB
/
authJWTSettingsExtractor.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import serverlessLog from '../../serverlessLog.js'
export default function authJWTSettingsExtractor(
endpoint,
provider,
ignoreJWTSignature,
) {
const buildFailureResult = (warningMessage) => {
serverlessLog(warningMessage)
return { unsupportedAuth: true }
}
const buildSuccessResult = (authorizerName) => ({ authorizerName })
const { authorizer } = endpoint
if (!authorizer) {
return buildSuccessResult(null)
}
if (!provider.httpApi || !provider.httpApi.authorizers) {
return buildSuccessResult(null)
}
// TODO: add code that will actually validate a JWT.
if (!ignoreJWTSignature) {
return buildSuccessResult(null)
}
if (!authorizer.name) {
return buildFailureResult(
'WARNING: Serverless Offline supports only JWT authorizers referenced by name',
)
}
const httpApiAuthorizer = provider.httpApi.authorizers[authorizer.name]
if (!httpApiAuthorizer) {
return buildFailureResult(
`WARNING: JWT authorizer ${authorizer.name} not found`,
)
}
if (!httpApiAuthorizer.identitySource) {
return buildFailureResult(
`WARNING: JWT authorizer ${authorizer.name} missing identity source`,
)
}
if (!httpApiAuthorizer.issuerUrl) {
return buildFailureResult(
`WARNING: JWT authorizer ${authorizer.name} missing issuer url`,
)
}
if (!httpApiAuthorizer.audience || httpApiAuthorizer.audience.length === 0) {
return buildFailureResult(
`WARNING: JWT authorizer ${authorizer.name} missing audience`,
)
}
const result = {
authorizerName: authorizer.name,
...authorizer,
...httpApiAuthorizer,
}
return result
}