如何解决在 NodeJS 中使用 Lambda@Edge 对 CloudFront 进行基本 HTTP 身份验证
我正在使用用户名和密码保护静态网站。我在 NodeJS 中使用 Lambda@Edge 为 CloudFront 创建了一个基本的 HTTP 身份验证。
我对 NodeJS 完全陌生。最初,我对用户和密码进行了硬编码,这工作正常。
'use strict';
exports.handler = (event,context,callback) => {
// Get request and request headers
const request = event.Records[0].cf.request;
const headers = request.headers;
// Configure authentication
const authUser = 'user';
const authPass = 'pass';
// Construct the Basic Auth string
const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');
// Require Basic authentication
if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
const body = 'Unauthorized';
const response = {
status: '401',statusDescription: 'Unauthorized',body: body,headers: {
'www-authenticate': [{key: 'WWW-Authenticate',value:'Basic'}]
},};
callback(null,response);
}
// Continue request processing if authentication passed
callback(null,request);
};
我将我的秘密存储在 SSM 中,我想通过该函数检索它们。我在 Lambda 中单独测试了这段代码,它返回了预期的凭据。
'use strict';
exports.handler = async (event,callback) => {
const ssm = new (require('aws-sdk/clients/ssm'))();
let userData = await ssm.getParameters({Names: ['website-user']}).promise();
let userPass = await ssm.getParameters({Names: ['website-pass']}).promise();
let user = userData.Parameters[0].Value;
let pass = userPass.Parameters[0].Value;
return {user,pass};
};
但是当我把这两个拼接起来的时候,我得到503 ERROR The request Could not be denied。 有谁知道我可能做错了什么?感谢您的帮助!
完整代码:
'use strict';
exports.handler = async (event,callback) => {
const ssm = new (require('aws-sdk/clients/ssm'))();
let userData = await ssm.getParameters({Names: ['website-user']}).promise();
let userPass = await ssm.getParameters({Names: ['website-pass']}).promise();
let user = userData.Parameters[0].Value;
let pass = userPass.Parameters[0].Value;
// Get request and request headers
const request = event.Records[0].cf.request;
const headers = request.headers;
// Construct the Basic Auth string
let authString = 'Basic ' + new Buffer(user + ':' + pass).toString('base64');
// Require Basic authentication
if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
const body = 'Unauthorized';
const response = {
status: '401',request);
};
解决方法
在阅读了 promise 之后,我解决了这个错误。这是对我有用的解决方案:
'use strict';
var AWS = require('aws-sdk');
AWS.config.update({ region: 'us-east-1' });
var ssm = new AWS.SSM();
function getParameter(param) {
return new Promise(function (success,reject) {
ssm.getParameter(param,function (err,data) {
if (err) {
reject(err);
} else {
success(data);
}
});
});
};
exports.handler = (event,context,callback) => {
let request = event.Records[0].cf.request;
let headers = request.headers;
let user = {Name: 'user-path',WithDecryption: false};
let pass = {Name: 'password-path',WithDecryption: false};
let authUser;
let authPass;
var promises = [];
promises.push(getParameter(user),getParameter(pass));
Promise.all(promises)
.then(function (result) {
authUser = result[0].Parameter.Value;
authPass = result[1].Parameter.Value;
console.log(authUser);
console.log(authPass);
let authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');
if (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString) {
const body = 'Unauthorized';
const response = {
status: '401',statusDescription: 'Unauthorized',body: body,headers: {
'www-authenticate': [{key: 'WWW-Authenticate',value:'Basic'}]
},};
callback(null,response);
}
// Continue request processing if authentication passed
callback(null,request);
})
.catch(function (err) {
console.log(err);
});
};
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。