A middleware that can be used inside a lambda to add an authorization layer for product API calls.

• Prerequisites
• Install
• Usage
• Authentication
• Request enrichment
• A note about headers

• The project is compatible with the following library: lambda-api
• The environment variable PRODUCT_API_HOST must be set (eg. api.rebrandly.com)

npm install -S lambda-api-auth

import API from 'lambda-api';
import { lambdaApiAuth } from 'lambda-api-auth';

const api = API({
    logger: {
        access: true,
        stack: true
    }
});

api.use(lambdaApiAuth);

// [...]

Authentication requires at least a valid apikey or a non-expired oauth token in the request headers.
It is also possible to validate a workspace and/or a domain associated with the account. To validate a workspace, pass the value of the public_workspace_id in the headers with the key workspace or in the query params with the key workspaceId. To validate a domain, pass the value of the domain_public_id in the query params with the key domainId. Workspace and domain validation is enabled by default, you can esplicitly enable/disable it using the environment variables VALIDATE_WORKSPACE and VALIDATE_DOMAIN (allowed values are true or false).

After a successful authorization, the middleware will enrich the request object with account data retrieved from the product API. You can access it easily under request.account:

api.get('/my/path', async (req, res) => {
    console.log(req.account.id);
    console.log(req.account.createdAt);
};

If workspace and/or domain validation is enabled, request object will be also enriched with workspace and/or domain data retrieved from product API:

api.get('/my/path', async (req, res) => {
    console.log(req.workspace.id);
    console.log(req.domain.id);
};

Mind that if your lambda is under an API Gateway, you have to explicitly enable the following headers in your lambda-api options and on the API Gateway itself:

index.ts

import API from 'lambda-api';

const api = API({
    logger: {
        access: true,
        stack: true
    }
});

api.options('/*', (req, res) => {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, OPTIONS');
    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With, apikey, workspace');
    res.status(200).send({});
});

serverless.yml

# [...]

functions:
    your_lambda:
      # [...]
      events:
        - http:
              path: /my/path
              method: GET
              cors:
                origin: '*'
                headers:
                  - Authorization
                  - Content-Length
                  - Content-Type
                  - X-Requested-With
                  - apikey
                  - workspace
                allowCredentials: true
        # [...]