serverless-authorizer-plugin v0.1.14

Authorizer Plugin for API Gateway

This project is an authorizer for API Gateway designed to facilitate and centralize authorization code in a separate repository. This allows developers to focus solely on implementing the necessary logic for their applications while leaving permission management to this plugin.

Table of Contents

• About the Project
• Installation
• Configuration
• Usage

About the Project

The purpose of this authorizer is to manage user permissions for specific operations according to their access rights. In a local environment, user authentication is bypassed by default to simplify the development process and reduce dependencies between projects.

To ensure efficiency, the system checks for permissions in the local cache. If not present, it fetches the permissions from the database and loads the necessary data. Subsequent executions will validate the permissions from the cache, improving efficiency.

This plugin injects a Lambda function into the Serverless Framework, simplifying its usage. Developers only need to specify in the endpoints whether they require authorization.

Installation

1. Installing Dependencies:

Make sure you have Node.js and npm installed. Then, install the dependencies:

npm install serverless-authorizer-plugin serverless-dynamodb --save-dev

Configuration

1. Configuration in serverless.yml:

Add the plugins. Ensure that serverless-authorizer-plugin is the first in the list of plugins and serverless-dynamodb is added before serverless-offline.

plugins:
  - serverless-authorizer-plugin
  - ...
  - serverless-dynamodb
  - serverless-offline
  - ...

Add plugins configurations.

custom:
  authorizerPlugin:
    runLocally: true
    environment: 
      ...
    dynamodb:
      port: 8000
  
  serverless-dynamodb:
    stages:
      - local
    start:
      docker: true
      port: 8000
      inMemory: true
      migrate: true
      seed: true
      convertEmptyValues: true

2 Suggested Configuration for package.json:

To facilitate usage, add the following scripts to your package.json:

{
    "scripts": {
      "start:dynamodb": "sls dynamodb start",
      "start:dev": "concurrently -k -n DYNAMODB,SERVERLESS \"npm run start:dynamodb\" \"sls offline --host 0.0.0.0 --reloadHandler\"",
    }
}

Usage

Note: We recommend using Docker to run DynamoDB, as it includes all necessary dependencies, such as Java, ready for use.

custom:
  authorizerPlugin:
    runLocally: true  # When true, the plugin sets up the permission table locally using DynamoDB local. This is useful for local development. When false, the plugin uses the cloud infrastructure for user authentication and authorization validation. Note: Valid credentials must be set when using cloud infrastructure.
    environment: ... # Specifies the environment variables required by the authorizer, such as database connections, API keys, etc.
    reloadPermissions: false  # When true, the system always checks the database for user permissions, bypassing the cache. This is particularly useful when developing new endpoints or updating permission logic.
    dynamodb:
      port: Specifies the port on which the local DynamoDB instance is running, used for local development.