def request_auth(self, event):
auth_type = None
method_arn = None
token = None
api_key = None
api_gateway_arn_tmp = ''
principal_id = 'user'
if 'type' in event:
auth_type = event['type']
if 'methodArn' in event:
method_arn = event['methodArn']
tmp = event['methodArn'].split(':')
api_gateway_arn_tmp = tmp[5].split('/')
if self.API_KEY in event['headers']:
api_key = event['headers'][self.API_KEY]
if self.TOKEN_KEY in event['headers']:
token = event['headers'][self.TOKEN_KEY]
token = token.replace('bearer ', '')
auth_request = AuthRequest(auth_type=auth_type,
token=api_key,
method_arn=method_arn)
is_token_valid = self.validate_token(token)
is_api_key_valid = self.validate_api_key(api_key)
access_allowed = is_token_valid and is_api_key_valid
if access_allowed:
verb = api_gateway_arn_tmp[2] if len(
api_gateway_arn_tmp) > 2 else '*'
resource = api_gateway_arn_tmp[3] if len(
api_gateway_arn_tmp) > 3 else '*'
auth_response = AuthResponse(
routes=[AuthRoute("/" + resource, [verb])],
principal_id=principal_id)
else:
auth_response = AuthResponse(routes=[], principal_id=principal_id)
auth_response_dict = auth_response.to_dict(auth_request)
# deny resources
if not access_allowed:
self.deny_resources(auth_response_dict)
# new! -- add additional key-value pairs associated with the authenticated principal
# these are made available by APIGW like so: $context.authorizer.<key>
# additional context is cached
auth_response_dict['context'] = {
'key': api_key # $context.authorizer.key -> value
}
return auth_response_dict
def token_auth(self, event):
auth_type = 'TOKEN'
api_key = None
method_arn = ''
principal_id = 'user'
api_gateway_arn_tmp = ''
if 'type' in event:
auth_type = event['type']
if 'methodArn' in event:
method_arn = event['methodArn']
tmp = event['methodArn'].split(':')
api_gateway_arn_tmp = tmp[5].split('/')
if 'authorizationToken' in event:
api_key = event['authorizationToken']
get_logger().info("Event: {}".format(event))
auth_request = AuthRequest(auth_type=auth_type,
token=api_key,
method_arn=method_arn)
is_api_key_valid = self.validate_api_key(api_key)
access_allowed = is_api_key_valid
if access_allowed:
verb = api_gateway_arn_tmp[2] if len(
api_gateway_arn_tmp) > 2 else '*'
resource = api_gateway_arn_tmp[3] if len(
api_gateway_arn_tmp) > 3 else '*'
auth_response = AuthResponse(
routes=[AuthRoute("/" + resource, [verb])],
principal_id=principal_id)
else:
auth_response = AuthResponse(routes=[], principal_id=principal_id)
auth_response_dict = auth_response.to_dict(auth_request)
# deny resources
if not access_allowed:
self.deny_resources(auth_response_dict)
# new! -- add additional key-value pairs associated with the authenticated principal
# these are made available by APIGW like so: $context.authorizer.<key>
# additional context is cached
auth_response_dict['context'] = {
'key': api_key # $context.authorizer.key -> value
}
return auth_response_dict