55 lines
1.6 KiB
Python
55 lines
1.6 KiB
Python
import hashlib
|
|
import os
|
|
|
|
|
|
#region = os.environ['region']
|
|
#account_id = os.environ['account_id']
|
|
#api_id = os.environ['api_id']
|
|
pw_hash = os.environ['pw_hash']
|
|
#resource_arn = f"arn:aws:execute-api:{region}:{account_id}:{api_id}:/*/*/" # based on observed routeArn in event
|
|
|
|
def lambda_handler(event, context):
|
|
# debug
|
|
# print(f"Event received: {event}")
|
|
# print(f"resource_arn: {resource_arn}")
|
|
|
|
# Extract the token from headers
|
|
token = event['headers'].get('authorization', '')
|
|
|
|
# Check token validity
|
|
is_authorized = token == pw_hash
|
|
|
|
# Log for debugging
|
|
print(f"Authorization status: {is_authorized}. Authorization token: {'*' * len(token)}")
|
|
|
|
# Simple response
|
|
return {
|
|
"isAuthorized" : is_authorized
|
|
}
|
|
|
|
# IAM policy response, which is overkilled with no added benefit
|
|
# to use IAM policy response, your api needs to have "enableSimpleResponses" : false
|
|
# if is_authorized:
|
|
# return {
|
|
# "principalId" : "demo",
|
|
# "policyDocument": {
|
|
# "Version": "2012-10-17",
|
|
# "Statement": [{
|
|
# "Action": "execute-api:Invoke",
|
|
# "Effect": "Allow",
|
|
# "Resource": event["routeArn"]
|
|
# }]
|
|
# }
|
|
# }
|
|
# else:
|
|
# return {
|
|
# "principalId" : "demo",
|
|
# "policyDocument": {
|
|
# "Version": "2012-10-17",
|
|
# "Statement": [{
|
|
# "Action": "*",
|
|
# "Effect": "Deny",
|
|
# "Resource": "*"
|
|
# }]
|
|
# }
|
|
# } |