AWS api 网关在浏览器中工作但在 fiddler 中返回 502
AWS api gateway working in browser but returning 502 in fiddler
我有一个 lambda 函数,它基本上可以根据存储在 aws secret manager 中的密码进行身份验证。秘密管理器路径将是用户名,它将具有密码值。密码将需要在 header 和查询中的用户名中传递。当我在浏览器中访问 url https://{myawsurl}.execute-api.{region}.amazonaws.com/demo/{username} 时,出现错误 password is missing in the header(这是预期的)。当我使用提琴手点击 url 时,我一直得到 502。
我的 api 网关只是对以下 lambda 函数的 GET:
const aws = require("aws-sdk");
const sm = new aws.SecretsManager({ region: 'us-east-1' })
const getSecrets = async (SecretId) => {
return await new Promise((resolve, reject) => {
sm.getSecretValue({ SecretId }, (err, result) => {
if (err) {
reject(err);
}
else {
resolve(JSON.parse(result.SecretString));
}
});
});
}
const main = async (event) => {
console.log("Event: ", event);
try {
const username = event.queryStringParameters ? event.queryStringParameters.username : (event.pathParameters ? event.pathParameters.username : null);
if (username === null || username === undefined || username.trim().length === 0) {
if (username === null || username === undefined || username.trim().length === 0) {
return {
statusCode: 400,
headers: {
"Content-Type": "application/json"
},
body: "username is missing in the url. Please add `/?username={username}` or `/{username}` in the url"
};
}
}
const password = event.headers ? event.headers.password : null;
if (password === null || password === undefined || password.trim().length === 0) {
return {
statusCode: 400,
headers: {
"Content-Type": "application/json"
},
body: "password is missing in the header"
};
}
const secrets = await getSecrets(username);
if (password !== secrets.password) {
return {
statusCode: 403,
headers: {
"Content-Type": "application/json"
},
body: "Incorrect username/password"
};
}
return {
statusCode: 200,
headers: {
"Content-Type": "application/json"
},
body: "User is Authenticated"
};
} catch (e) {
return {
statusCode: 404,
headers: {
"Content-Type": "application/json"
},
body: e.message
};
}
}
exports.handler = main;
我的提琴手请求如下:
GET https://{myawsurl}.execute-api.{region}.amazonaws.com/demo/{username} HTTP/1.1
password: MyTestPassword
我看到其他帖子提到有一个 statusCode 并且 body 是一个字符串。我有那些但仍然出错...
我 added/removed 来自响应的 headers: { "Content-Type": "application/json"}, 并没有什么区别..
编辑: 注意到的另一件事是每当我通过浏览器访问 api 网关 url 时,它都会登录到我的 api的日志组。但是当使用 fiddler 访问它时,它不会记录。不知道为什么...
编辑: 根据@ArunK 的建议,我使用了 Postman,我发现它 returns 来自 api 网关的预期响应。我假设 Fiddler 中的某些设置可能导致这种情况发生..
看起来问题与 Fiddler 支持的 TLS 版本有关。您需要包含 tls 1.0 and 1.2,因为 AWS API 网关支持这些 TLS 版本。
来自docs:
A security policy is a predefined combination of minimum TLS version
and cipher suite offered by Amazon API Gateway. You can choose either
a TLS version 1.2 or TLS version 1.0 security policy.
转到 Tools -> Options -> Https 并验证 Protocols - <client>;ssl3;tls1.0;tls1.1;tls1.2
下是否存在以下内容
我有一个 lambda 函数,它基本上可以根据存储在 aws secret manager 中的密码进行身份验证。秘密管理器路径将是用户名,它将具有密码值。密码将需要在 header 和查询中的用户名中传递。当我在浏览器中访问 url https://{myawsurl}.execute-api.{region}.amazonaws.com/demo/{username} 时,出现错误 password is missing in the header(这是预期的)。当我使用提琴手点击 url 时,我一直得到 502。
我的 api 网关只是对以下 lambda 函数的 GET:
const aws = require("aws-sdk");
const sm = new aws.SecretsManager({ region: 'us-east-1' })
const getSecrets = async (SecretId) => {
return await new Promise((resolve, reject) => {
sm.getSecretValue({ SecretId }, (err, result) => {
if (err) {
reject(err);
}
else {
resolve(JSON.parse(result.SecretString));
}
});
});
}
const main = async (event) => {
console.log("Event: ", event);
try {
const username = event.queryStringParameters ? event.queryStringParameters.username : (event.pathParameters ? event.pathParameters.username : null);
if (username === null || username === undefined || username.trim().length === 0) {
if (username === null || username === undefined || username.trim().length === 0) {
return {
statusCode: 400,
headers: {
"Content-Type": "application/json"
},
body: "username is missing in the url. Please add `/?username={username}` or `/{username}` in the url"
};
}
}
const password = event.headers ? event.headers.password : null;
if (password === null || password === undefined || password.trim().length === 0) {
return {
statusCode: 400,
headers: {
"Content-Type": "application/json"
},
body: "password is missing in the header"
};
}
const secrets = await getSecrets(username);
if (password !== secrets.password) {
return {
statusCode: 403,
headers: {
"Content-Type": "application/json"
},
body: "Incorrect username/password"
};
}
return {
statusCode: 200,
headers: {
"Content-Type": "application/json"
},
body: "User is Authenticated"
};
} catch (e) {
return {
statusCode: 404,
headers: {
"Content-Type": "application/json"
},
body: e.message
};
}
}
exports.handler = main;
我的提琴手请求如下:
GET https://{myawsurl}.execute-api.{region}.amazonaws.com/demo/{username} HTTP/1.1
password: MyTestPassword
我看到其他帖子提到有一个 statusCode 并且 body 是一个字符串。我有那些但仍然出错...
我 added/removed 来自响应的 headers: { "Content-Type": "application/json"}, 并没有什么区别..
编辑: 注意到的另一件事是每当我通过浏览器访问 api 网关 url 时,它都会登录到我的 api的日志组。但是当使用 fiddler 访问它时,它不会记录。不知道为什么...
编辑: 根据@ArunK 的建议,我使用了 Postman,我发现它 returns 来自 api 网关的预期响应。我假设 Fiddler 中的某些设置可能导致这种情况发生..
看起来问题与 Fiddler 支持的 TLS 版本有关。您需要包含 tls 1.0 and 1.2,因为 AWS API 网关支持这些 TLS 版本。
来自docs:
A security policy is a predefined combination of minimum TLS version and cipher suite offered by Amazon API Gateway. You can choose either a TLS version 1.2 or TLS version 1.0 security policy.
转到 Tools -> Options -> Https 并验证 Protocols - <client>;ssl3;tls1.0;tls1.1;tls1.2