Serverless Cognito Permission Middleware
Amazon Cognito user pools enables you to create and manage groups, add users to groups, and remove users from groups. You can use these groups to create collections of users and manage their permissions. This middleware checks for the user’s groups permission and authorizes user requests.
This middleware can be used in combination with
httpErrorHandler to automatically return the right
response to the user.
Install
To install this middleware you can use NPM:
npm install --save @marcosantonocito/middy-cognito-permissionOptions
-
allowedRoles(array) (optional): Array of strings defining containing the roles authorized to accomplish the request
Examples
Request authorized:
const middy = require('@middy/core')
const cognitoPermission = require('@marcosantonocito/middy-cognito-permission')
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(cognitoPermission({
allowedRoles: ['Admin']
}))
// invokes the handler, note that property foo is missing
const event = {
body: JSON.stringify({something: 'somethingelse'}),
requestContext: {
authorizer: {
claims: {
'cognito:groups': ['Admin']
}
}
}
}
handler(event, {}, (err, res) => {
expect(res).toEqual({})
})Request not authorized:
const middy = require('@middy/core')
const cognitoPermission = require('@marcosantonocito/middy-cognito-permission')
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler.use(cognitoPermission({
allowedRoles: ['Admin']
}))
// invokes the handler, note that property foo is missing
const event = {
body: JSON.stringify({something: 'somethingelse'}),
requestContext: {
authorizer: {
claims: {
'cognito:groups': ['User']
}
}
}
}
handler(event, {}, (err, res) => {
expect(err.message).toEqual('You don\'t have the permission to access this resource')
})Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2020 Marco Santonocito.