AWS 授权方 returns 500,消息:空,响应中出现 AuthorizerConfigurationException 错误
AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response
我今天大部分时间都在努力让授权者工作,我检查了多个示例,它们似乎都在做我的代码所做的事情。
我使用无服务器框架,这里是授权码:
exports.handler = function (event: APIGatewayTokenAuthorizerEvent): APIGatewayAuthorizerResult {
const authorizer = new Authorizer();
try {
if (!event.authorizationToken) throw new Error("No token");
const token = event.authorizationToken.split(" ")[1];
const decodedData = authorizer.verifyToken(token) as unknown as User;
const policy = generatePolicy(token, event.methodArn);
return {
...policy,
context: {
user: JSON.stringify(decodedData),
},
};
} catch (err) {
console.log(err);
throw "Unauthorized";
}
};
const generatePolicy = (principalId: string, methodArn: string) => {
return {
principalId,
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: "Allow",
Resource: methodArn,
},
],
},
};
};
这是无服务器配置
const serverlessConfiguration: AWS = {
service: "user-crud",
frameworkVersion: "2",
custom: {
webpack: {
webpackConfig: "./webpack.config.js",
includeModules: true,
},
},
plugins: ["serverless-webpack"],
provider: {
name: "aws",
runtime: "nodejs14.x",
region: "eu-west-1",
apiGateway: {
minimumCompressionSize: 1024,
shouldStartNameWithService: true,
},
environment: {
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
},
lambdaHashingVersion: "20201221",
},
functions: {
jwtAuthorizer: {
handler: "src/api/authorizer.handler",
name: "jwtAuthorizer",
},
get: {
name: "get",
handler: "src/api/get.handler",
role: "arn:aws:iam::109394173706:role/dynamodb_cloudwatch_full",
events: [
{
http: {
path: "get",
method: "get",
cors: true,
authorizer: "jwtAuthorizer",
},
},
],
},
}...
当令牌正确并且我 return 对象时,我总是得到 500 响应,所以我想 return 对象有问题吗?
如果令牌不正确并且我抛出“未经授权”,那么我会返回正确的 401 响应。
显然,处理程序需要是异步的,否则,它需要一个回调...时间花得值:|
嗯,还有其他一些原因,
{
message : null
}
来自 Api 网关的错误。我很难认出我的。
- API 网关可能缺少调用授权方 lambda 的权限。确保为您的授权人添加
Lambda Invoke Role
- 您不应该修改请求上下文 (不讨论响应上下文)。每当我尝试时,我都会在 Api 网关日志中得到
Execution failed due to configuration error: Invalid JSON in response: Unrecognized field "headers", not marked as ignorable。您必须通过添加 cors 并明确提及那些 headers 来解决它
- return 策略应符合 Lambda 响应 1.0 版本。如果你想使用基于
boolean的return,你必须启用lambda response 2.0
- 如果您更新了授权方 lambda 函数名称或其他内容,最好
delete RestApiGateway 并重新创建。 CloudFront 中的更改有时可能无法正确更新。
- 您提供的响应上下文将只允许字符串、数字或布尔类型。例如,
function allowPolicy(methodArn) {
console.log("Allow Policy")
return {
"principalId": "apigateway.amazonaws.com",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": methodArn
}
]
},
"context": {
"stringValue": "blablabla",
"numberValue": 10,
"booleanValue": true,
}
};
}
我今天大部分时间都在努力让授权者工作,我检查了多个示例,它们似乎都在做我的代码所做的事情。
我使用无服务器框架,这里是授权码:
exports.handler = function (event: APIGatewayTokenAuthorizerEvent): APIGatewayAuthorizerResult {
const authorizer = new Authorizer();
try {
if (!event.authorizationToken) throw new Error("No token");
const token = event.authorizationToken.split(" ")[1];
const decodedData = authorizer.verifyToken(token) as unknown as User;
const policy = generatePolicy(token, event.methodArn);
return {
...policy,
context: {
user: JSON.stringify(decodedData),
},
};
} catch (err) {
console.log(err);
throw "Unauthorized";
}
};
const generatePolicy = (principalId: string, methodArn: string) => {
return {
principalId,
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: "execute-api:Invoke",
Effect: "Allow",
Resource: methodArn,
},
],
},
};
};
这是无服务器配置
const serverlessConfiguration: AWS = {
service: "user-crud",
frameworkVersion: "2",
custom: {
webpack: {
webpackConfig: "./webpack.config.js",
includeModules: true,
},
},
plugins: ["serverless-webpack"],
provider: {
name: "aws",
runtime: "nodejs14.x",
region: "eu-west-1",
apiGateway: {
minimumCompressionSize: 1024,
shouldStartNameWithService: true,
},
environment: {
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
},
lambdaHashingVersion: "20201221",
},
functions: {
jwtAuthorizer: {
handler: "src/api/authorizer.handler",
name: "jwtAuthorizer",
},
get: {
name: "get",
handler: "src/api/get.handler",
role: "arn:aws:iam::109394173706:role/dynamodb_cloudwatch_full",
events: [
{
http: {
path: "get",
method: "get",
cors: true,
authorizer: "jwtAuthorizer",
},
},
],
},
}...
当令牌正确并且我 return 对象时,我总是得到 500 响应,所以我想 return 对象有问题吗?
如果令牌不正确并且我抛出“未经授权”,那么我会返回正确的 401 响应。
显然,处理程序需要是异步的,否则,它需要一个回调...时间花得值:|
嗯,还有其他一些原因,
{
message : null
}
来自 Api 网关的错误。我很难认出我的。
- API 网关可能缺少调用授权方 lambda 的权限。确保为您的授权人添加
Lambda Invoke Role - 您不应该修改请求上下文 (不讨论响应上下文)。每当我尝试时,我都会在 Api 网关日志中得到
Execution failed due to configuration error: Invalid JSON in response: Unrecognized field "headers", not marked as ignorable。您必须通过添加 cors 并明确提及那些 headers 来解决它
- return 策略应符合 Lambda 响应 1.0 版本。如果你想使用基于
boolean的return,你必须启用lambda response 2.0 - 如果您更新了授权方 lambda 函数名称或其他内容,最好
deleteRestApiGateway并重新创建。 CloudFront 中的更改有时可能无法正确更新。 - 您提供的响应上下文将只允许字符串、数字或布尔类型。例如,
function allowPolicy(methodArn) {
console.log("Allow Policy")
return {
"principalId": "apigateway.amazonaws.com",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": methodArn
}
]
},
"context": {
"stringValue": "blablabla",
"numberValue": 10,
"booleanValue": true,
}
};
}