36 lines
1.1 KiB
Python
36 lines
1.1 KiB
Python
import boto3
|
|
from aws_lambda_powertools import Logger, Tracer
|
|
from aws_lambda_powertools.utilities.data_classes import event_source
|
|
from aws_lambda_powertools.utilities.data_classes.api_gateway_authorizer_event import (
|
|
APIGatewayAuthorizerEventV2,
|
|
APIGatewayAuthorizerResponseV2,
|
|
)
|
|
from aws_lambda_powertools.utilities.typing import LambdaContext
|
|
|
|
from cognito import get_user
|
|
|
|
tracer = Tracer()
|
|
logger = Logger(__name__)
|
|
idp_client = boto3.client('cognito-idp')
|
|
|
|
|
|
@tracer.capture_lambda_handler
|
|
@logger.inject_lambda_context
|
|
@event_source(data_class=APIGatewayAuthorizerEventV2)
|
|
def lambda_handler(event: APIGatewayAuthorizerEventV2, context: LambdaContext):
|
|
auth_header = event.get_header_value('authorization', default_value='')
|
|
|
|
try:
|
|
_, bearer_token = auth_header.split(' ')
|
|
user = get_user(bearer_token, idp_client=idp_client)
|
|
except ValueError:
|
|
return APIGatewayAuthorizerResponseV2(authorize=False).asdict()
|
|
|
|
if not user:
|
|
return APIGatewayAuthorizerResponseV2(authorize=False).asdict()
|
|
|
|
return APIGatewayAuthorizerResponseV2(
|
|
authorize=True,
|
|
context=dict(user=user),
|
|
).asdict()
|