@wethecurious/wtc-auth-base-lib v0.1.3

#@wethecurious/wtc-auth-base-lib

Shared library for WTC exhibit dataServers using node backend that need permissions

How to use it

##Auth

Auth is based in cognito groups, to change the group name that the user should belong to be authorized you can set COGNITO_USER_GROUP_NAME env var on .env.*.json files

{
  ...,
  "COGNITO_USER_GROUP_NAME": "MyAuthorizedGroup"
}

A default value fallback for is recommended, editors is used in the example below

In the project to be embedded it will look like this:

//...
const groupName = process.env.COGNITO_USER_GROUP_NAME || 'editors';
const region = process.env.AWS_REGION; // set up by serverless itself
const cognitoUserPoolId = process.env.COGNITO_USER_POOL_ID; // needed for auth

const app = express();

// Enable CORS for all endpoints
app.use(cors());
app.use(bodyParser.json({strict: false}));

const config = {
  app,
  groupName,
  cognitoRegion: region,
  cognitoUserPoolId,
  auth: 'automatic',
  env: process.env,
};

cognitoServerAuth(config);
//...

On serverless.yml you will need to give some extra permissions to the lambda

provider:
  # permissions required for THIS LAMBDA (not the user of the API)
  iamRoleStatements:
    - Effect: Allow
      Action:
        - cognito-idp:ListUsers
        - cognito-idp:AdminListGroupsForUser
      Resource:
        # This incantation is required for the lambda to have permission to access the cognito user pool
        - "arn:aws:cognito-idp:${self:provider.region}:*"