无法配置对 AWS API 网关的 Firebase 授权

Unable to configure Firebase authorization to AWS API Gateway

我正在使用 AWS LambdaAPI Gateway 开发 REST API。我正在尝试为此配置 Firebase 授权。仅供参考,我没有接触过 AWS Web 控制台,只是尝试用 aws-sam.

做所有事情

下面是我的代码。下面我什么都没改,代码原样粘贴。

template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  aws-restapi

  Sample SAM Template for aws-restapi
  
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 5
    VpcConfig:
        SecurityGroupIds:
          - sg-041f2459dcd921e8e
        SubnetIds:
          - subnet-038025dd
          - subnet-c44254cb

Parameters:
  FirebaseProjectId: 
    Type: String

Resources:

  AuthGatewayHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        Authorizers:
          FirebaseAuthorizer:
            IdentitySource: $request.header.Authorization
            JwtConfiguration:
              audience:
                - !Ref aws-7e5db
              issuer: !Sub https://securetoken.google.com/${aws-7e5db}
        DefaultAuthorizer: FirebaseAuthorizer
      StageName: "Prod"
  
  AuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: aws-restapi/
      Handler: source/testfile.lambdaHandler
      Runtime: nodejs14.x
      Events:
        Gateway:
          Type: HttpApi
          Properties:
            ApiId: !Ref AuthGatewayHttpApi
            Path: /hello
            Method: GET

testfile.js

exports.lambdaHandler = async (event) => {
    try {
      // If an authenticated request is made to JWT
      // Which we expect is what will happen
      // So we simply return the claims
      const jwt = event.requestContext.authorizer.jwt.claims;
  
      // Let us get the email from the claims
      // Note the email will not be available if Sign in via phone
      const email = jwt.claims.email;
  
      return {
        statusCode: 200,
        body: JSON.stringify({ jwt: jwt, email: email }),
      };
    } catch (err) {
      console.error(err);
      return {
        statusCode: 400,
        body: JSON.stringify({ error: "Please check logs" }),
      };
    }
  };

这可以构建,但不能部署。它只是抛出以下错误。

Error: Failed to create changeset for the stack: aws-restapi, An error occurred (ValidationError) when calling the CreateChangeSet operation: Parameters: [FirebaseProjectId] must have values

这里有什么问题?另外,我的 firebase 身份验证配置正确吗?

您正在定义参数但未为其赋值。

Parameters:
  FirebaseProjectId: 
    Type: String

要么删除,要么赋值

我发现了这个问题。我必须传递参数。传递参数应该在部署时完成。执行以下操作。

sam deploy --guided

然后按照流程,它会问你参数值。无论之前是否部署过,都必须执行此操作。

然后,我的代码也错了。应该是这样。

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  aws-restapi

  Sample SAM Template for aws-restapi
  
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 5
    VpcConfig:
        SecurityGroupIds:
          - sg-041f2459dcd921e8e
        SubnetIds:
          - subnet-0381asa2d
          - subnet-c4dasascb


Parameters:
  FirebaseProjectId:
    Type: String

Resources:
  AuthGatewayHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        Authorizers:
          FirebaseAuthorizer:
            IdentitySource: $request.header.Authorization
            JwtConfiguration:
              audience:
                - !Ref FirebaseProjectId
              issuer: !Sub https://securetoken.google.com/${FirebaseProjectId}
        DefaultAuthorizer: FirebaseAuthorizer
  
  AuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: peresia-restapi/
      Handler: source/testfile.lambdaHandler
      Runtime: nodejs14.x
      Events:
        Gateway:
          Type: HttpApi
          Properties:
            ApiId: !Ref AuthGatewayHttpApi
            Path: /hello
            Method: get

您也可以通过提供默认值来避免此问题:

Parameters:
  FirebaseProjectId: 
    Type: String
    Default: "1111-2222-3333-44444"