Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a authorizer function for the API Gateway (Websocket) endpoint #1

Open
boyney123 opened this issue Aug 24, 2021 · 4 comments · May be fixed by #10
Open

Add a authorizer function for the API Gateway (Websocket) endpoint #1

boyney123 opened this issue Aug 24, 2021 · 4 comments · May be fixed by #10

Comments

@boyney123
Copy link
Owner

By default the websocket is open for anyone to connect too.

Think it would be better practice if there was a basic lambda that maybe could verify a token of some sort? Like the example seen here https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html

exports.handler = async(event) => {
    let response = {
        "isAuthorized": false,
        "context": {
            "stringKey": "value",
            "numberKey": 1,
            "booleanKey": true,
            "arrayKey": ["value1", "value2"],
            "mapKey": {"value1": "value2"}
        }
    };
    
    if (event.headers.authorization === "secretToken") {
        response = {
            "isAuthorized": true,
            "context": {
                "stringKey": "value",
                "numberKey": 1,
                "booleanKey": true,
                "arrayKey": ["value1", "value2"],
                "mapKey": {"value1": "value2"}
            }
        };
    }

    return response;

};

Maybe the websocket could send a authorization header, then we could allow the connection if it matches....
@lukehedger
Copy link

lukehedger commented Sep 22, 2021
edited
Loading

Hey @boyney123 I'd love to take a shot at adding this! I'm thinking a simple implementation would include an SSM parameter containing a token - so the authorizer function would look for a parameter with a certain key and then compare the value with the auth header. WDYT?

@boyney123
Copy link
Owner Author

Hey @lukehedger

Hey @boyney123 I'd love to take a shot at adding this! I'm thinking a simple implementation would include an SSM parameter containing a token - so the authorizer function would look for a parameter with a certain key and then compare the value with the auth header. WDYT?

Yeah, the first time I looked at this kinda stuff, but makes sense to me I think!

Maybe somehow pass the token value into the construct?

Any thoughts on how people could set the token value?

new EventBridgeWebSocket(this, 'sockets', {
      bus: 'your-event-bus-name',

      // This example shows how to listen for all events
      eventPattern: {
        account: ['your_account_id'],
      },
      stage: 'dev',
	  token: 'something-interesting'
    });

Not sure if thats the best way or not?

@lukehedger
Copy link

Just had a look at this @boyney123 and it seems that authorizers work slightly differently for WebSocket APIs. There is also currently no L2 support in CDK, although there do seem to be a couple of workarounds - see aws/aws-cdk#13869.

@RaphaelManke RaphaelManke linked a pull request Oct 28, 2022 that will close this issue
Open
@RaphaelManke
Copy link
Contributor

Meanwhile cdk has authorizer support so i created a PR to add this functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add apiKey authentication RaphaelManke/cdk-eventbridge-socket
3 participants
@lukehedger @boyney123 @RaphaelManke