Merge branch 'release/0.10.0'

Author: svdgraaf

.eslintrc.yml

@@ -0,0 +1,7 @@
+extends: airbnb-base
+rules:
+  no-use-before-define:
+    - off
+  max-len:
+    - error
+    - code: 120

.flake8

@@ -0,0 +1,3 @@
+[flake8]
+exclude = .git
+max-line-length = 119

basic_auth.py

@@ -1,60 +1,56 @@
 import base64
-import json
-import re
 import boto3
 
 
 def basicAuth(event, context):
+    # Return a policy which allows this user to access to this api
+    # this call is cached for all authenticated calls, so we need to give
+    # access to the whole api. This could be done by having a policyDocument
+    # for each available function, but I don't really care :)
+    arn = "%s/*" % "/".join(event["methodArn"].split("/")[0:2])
+
     # if a basic auth header is set, use that to find the correct user/token
-    if 'Authorization' in event['headers']:
-        authorizationHeader = event['headers']['Authorization']
-        b64_token = authorizationHeader.split(' ')[-1]
+    if "Authorization" in event["headers"]:
+        authorizationHeader = event["headers"]["Authorization"]
+        b64_token = authorizationHeader.split(" ")[-1]
 
         # decode the base64 encoded header value
-        username, token = base64.b64decode(b64_token).decode("utf-8").split(':')
-
+        username, token = base64.b64decode(b64_token).decode("utf-8").split(":")
         # search for the given api key
-        client = boto3.client('apigateway')
+        client = boto3.client("apigateway")
         response = client.get_api_keys(nameQuery=username, includeValues=True)
 
         # if no keys found, deny access
-        if len(response['items']) != 1:
+        if len(response["items"]) != 1:
             print("Couldn't find key")
-            raise Exception('Unauthorized!')
+            raise Exception("Unauthorized")
 
         # if the key value does not match, deny access
-        if response['items'][0]['value'] != token:
+        if response["items"][0]["value"] != token:
             print("Key value mismatch")
-            raise Exception('Unauthorized!!')
+            raise Exception("Unauthorized")
 
     # check if an x-api-token header is set, if so, take it as-is, api gateway
     # will check the validity
-    elif 'x-api-key' in event['headers']:
-        username = 'token'
-        token = event['headers']['x-api-key']
+    elif "x-api-key" in event["headers"]:
+        print("x-api-key received")
+        username = "token"
+        token = event["headers"]["x-api-key"]
 
     # no authentication headers found, deny
     else:
         print("No authentication header found")
-        raise Exception('Please provide authentication details')
-
-    # Return a policy which allows this user to access to this api
-    # this call is cached for all authenticated calls, so we need to give
-    # access to the whole api. This could be done by having a policyDocument
-    # for each available function, but I don't really care :)
-    arn = "%s/*" % '/'.join(event['methodArn'].split("/")[0:2])
+        raise Exception("Unauthorized")
 
     authResponse = {
-        'principalId': username,
-        'usageIdentifierKey': token,
-        'policyDocument': {
-            'Version': '2012-10-17',
-            'Statement': [{
-                'Action': 'execute-api:Invoke',
-                'Effect': 'Allow',
-                'Resource': arn
-            }]
-        }
+        "principalId": username,
+        "usageIdentifierKey": token,
+        "policyDocument": {
+            "Version": "2012-10-17",
+            "Statement": [
+                {"Action": "execute-api:Invoke", "Effect": "Allow", "Resource": arn}
+            ],
+        },
     }
     print("Authentication response: %s" % authResponse)
 

index.js

@@ -1,109 +1,101 @@
-'use strict'
 const fs = require('fs');
 const chalk = require('chalk');
 
-
-class SetupBasicAuthentication {
-  constructor (serverless, options) {
+module.exports = class SetupBasicAuthentication {
+  constructor(serverless, options) {
+    this.options = options;
+    this.serverless = serverless;
 
     // add the basic authentication function to the functions as soon as possible
-    injectBasicAuthFunction(serverless);
+    this.injectBasicAuthFunction(serverless);
 
     this.hooks = {
-      'before:package:initialize': function () {
-        // add our custom authenticator
-        addAuthFileToPackage(serverless);
-
-        addAuthorizerFunctionToPrivateFunctions(serverless);
-      },
-      'after:package:createDeploymentArtifacts': function () {
-        // remove the custom authenticator
-        removeFileFromPackage(serverless)
-      },
-      'before:deploy:deploy': function() {
-        // // add the basic authenticator function
-        // injectBasicAuthFunction(serverless);
-
-        // configure api gateway to check for the right place for the key
-        configureApiGatewayKeySource(serverless);
-      }
-    }
+      'before:package:initialize': this.addAuthorizer.bind(this),
+      'after:package:createDeploymentArtifacts': this.removeAuthorizer.bind(this),
+      'before:deploy:deploy': this.configureApiGatewayKeySource.bind(this),
+    };
   }
-}
 
-function removeFileFromPackage(serverless) {
-  serverless.cli.consoleLog('Basic Authentication: ' + chalk.yellow('Removing Symlink for Basic Authenticator'));
-  fs.unlinkSync(serverless.config.servicePath + "/basic_auth.py")
-}
+  addAuthorizer() {
+    // add our custom authenticator
+    this.addAuthFileToPackage();
 
-function addAuthFileToPackage(serverless) {
-  if(!serverless.package) {
-    serverless.package = {}
+    this.addAuthorizerFunctionToPrivateFunctions();
   }
-  if(!serverless.package.include) {
-    serverless.package.include = []
+
+  removeAuthorizer() {
+    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Removing Symlink for Basic Authenticator')}`);
+    fs.unlinkSync(`${this.serverless.config.servicePath}/basic_auth.py`);
   }
 
-  serverless.cli.consoleLog('Basic Authentication: ' + chalk.yellow('Adding Symlink for Basic Authenticator'));
-  // @TODO: Make target filename randomized with something, to prevent overriding
-  // any files
+  addAuthFileToPackage() {
+    if (!this.serverless.package) {
+      this.serverless.package = {};
+    }
+
+    if (!this.serverless.package.include) {
+      this.serverless.package.include = [];
+    }
 
-  // append our auth.py file to the package
-  serverless.package.include.push(__dirname + "/auth.py")
-  fs.symlinkSync(__dirname + "/basic_auth.py", serverless.config.servicePath + "/basic_auth.py")
-}
+    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding Symlink for Basic Authenticator')}`);
+    // @TODO: Make target filename randomized with something, to prevent overriding
+    // any files
 
-function injectBasicAuthFunction (serverless) {
-  serverless.cli.consoleLog('Basic Authentication: ' + chalk.yellow('Adding function for Basic Authenticator'));
-  var basicAuthenticator = {
-    handler: 'basic_auth.basicAuth',
-    runtime: 'python3.6'
+    // append our auth.py file to the package
+    this.serverless.package.include.push(`${__dirname}/auth.py`);
+    fs.symlinkSync(`${__dirname}/basic_auth.py`, `${this.serverless.config.servicePath}/basic_auth.py`);
   }
 
-  // add the basic authenticator function
-  serverless.service.functions.basicAuthenticator = basicAuthenticator;
-}
-
-function addAuthorizerFunctionToPrivateFunctions(serverless) {
-  // for each function which is marked as 'private', set the basic authenticator
-  // if it doesn't have a custom authenticator yet
-  for(let function_name in serverless.service.functions) {
+  injectBasicAuthFunction() {
+    this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow('Adding function for Basic Authenticator')}`);
+    const basicAuthenticator = {
+      handler: 'basic_auth.basicAuth',
+      runtime: 'python3.6',
+    };
 
-    // ignore our own function
-    if(function_name == 'basicAuthenticator') {
-      continue;
-    }
+    // add the basic authenticator function
+    this.serverless.service.functions.basicAuthenticator = basicAuthenticator;
+  }
 
-    var fnctn = serverless.service.functions[function_name];
-
-    // check if any of the http events is marked as private, and if that event
-    // also doesn't have a custom authorizer already, apply our authenticator
-    for(let fnctn_event in fnctn['events']) {
-      if(
-        serverless.service.functions[function_name].events[fnctn_event].http != null &&
-        serverless.service.functions[function_name].events[fnctn_event].http.private == true &&
-        serverless.service.functions[function_name].events[fnctn_event].http.authorizer == null
-      ) {
-        serverless.service.functions[function_name].events[fnctn_event].http.authorizer = {
-          name: 'basicAuthenticator',
-          identitySource: '', // this is only valid if we set cache ttl to 0
-          resultTtlInSeconds: 0,
-          type: 'REQUEST'
+  addAuthorizerFunctionToPrivateFunctions() {
+    // for each function which is marked as 'private', set the basic authenticator
+    // if it doesn't have a custom authenticator yet
+    Object.keys(this.serverless.service.functions).forEach((functionName) => {
+      // ignore our own function
+      if (functionName === 'basicAuthenticator') {
+        return;
+      }
 
+      // get all function configs
+      const fnctn = this.serverless.service.functions[functionName];
+
+      // check if any of the http events is marked as private, and if that event
+      // also doesn't have a custom authorizer already, apply our authenticator
+      Object.keys(fnctn.events).forEach((fnctnEvent) => {
+        if (
+          this.serverless.service.functions[functionName].events[fnctnEvent].http != null
+          && this.serverless.service.functions[functionName].events[fnctnEvent].http.private === true
+          && this.serverless.service.functions[functionName].events[fnctnEvent].http.authorizer == null
+        ) {
+          this.serverless.service.functions[functionName].events[fnctnEvent].http.authorizer = {
+            name: 'basicAuthenticator',
+            identitySource: '', // this is only valid if we set cache ttl to 0
+            resultTtlInSeconds: 0,
+            type: 'REQUEST',
+          };
+          this.serverless.cli.consoleLog(`Basic Authentication: ${chalk.yellow(`Enabled for ${functionName}`)}`);
         }
-        serverless.cli.consoleLog('Basic Authentication: ' + chalk.yellow('Enabled for ' + function_name));
-      }
-    }
+      });
+    });
   }
-}
 
-function configureApiGatewayKeySource(serverless) {
-  var template = serverless.service.provider.compiledCloudFormationTemplate;
-  if(template.Resources.ApiGatewayRestApi != null) {
-    serverless.cli.consoleLog('Basic Authentication: ' + chalk.yellow('Configuring Api Gateway for Basic Authenticator'));
-    template.Resources.ApiGatewayRestApi.Properties.ApiKeySourceType = 'AUTHORIZER'
+  configureApiGatewayKeySource() {
+    const template = this.serverless.service.provider.compiledCloudFormationTemplate;
+    if (template.Resources.ApiGatewayRestApi != null) {
+      this.serverless.cli.consoleLog(
+        `Basic Authentication: ${chalk.yellow('Configuring Api Gateway for Basic Authenticator')}`,
+      );
+      template.Resources.ApiGatewayRestApi.Properties.ApiKeySourceType = 'AUTHORIZER';
+    }
   }
-}
-
-// now we need to make our plugin object available to the framework to execute
-module.exports = SetupBasicAuthentication
+};