add auth wrapper testing

Author: manwaring

src/auth/auth.ts

@@ -1 +1 @@
-export * from './auth';
+export * from './wrapper';

src/auth/index.ts

@@ -0,0 +1,53 @@
+import { valid, invalid, error } from './responses';
+
+describe('Lambda Authorizer responses', () => {
+  it('Handles valid response with jwt sub', () => {
+    const jwt = {
+      sub: '1234567890',
+      name: 'John Doe',
+      admin: true
+    };
+    expect(valid(jwt)).toEqual({
+      principalId: '1234567890',
+      policyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Action: 'execute-api:Invoke',
+            Effect: 'Allow',
+            Resource: 'arn:aws:execute-api:**'
+          }
+        ]
+      }
+    });
+  });
+
+  it('Handles valid response with jwt claims', () => {
+    const jwt = {
+      claims: 'abcdefghij',
+      name: 'John Doe',
+      admin: true
+    };
+    expect(valid(jwt)).toEqual({
+      principalId: 'abcdefghij',
+      policyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Action: 'execute-api:Invoke',
+            Effect: 'Allow',
+            Resource: 'arn:aws:execute-api:**'
+          }
+        ]
+      }
+    });
+  });
+
+  it('Handles invalid response', () => {
+    expect(() => invalid()).toThrow('Unauthorized');
+  });
+
+  it('Handles error response', () => {
+    expect(() => error('error')).toThrow('error');
+  });
+});

src/auth/responses.test.ts

@@ -0,0 +1,36 @@
+import { Metrics } from '../common';
+
+const metrics = new Metrics('Lambda Authorizer');
+
+export function valid(jwt: any) {
+  const policy = generatePolicy(jwt);
+  metrics.valid(policy);
+  return policy;
+}
+
+export function invalid(message?: any): void {
+  metrics.invalid(message);
+  throw new Error('Unauthorized');
+}
+
+export function error(error?: any) {
+  metrics.error(error);
+  throw new Error(error);
+}
+
+function generatePolicy(jwt: any): any {
+  const principalId = jwt.sub ? jwt.sub : jwt.claims ? jwt.claims : '';
+  return {
+    principalId,
+    policyDocument: {
+      Version: '2012-10-17',
+      Statement: [
+        {
+          Action: 'execute-api:Invoke',
+          Effect: 'Allow',
+          Resource: 'arn:aws:execute-api:**'
+        }
+      ]
+    }
+  };
+}

src/auth/responses.ts

@@ -0,0 +1,21 @@
+import { authWrapper, AuthorizerSignature } from './wrapper';
+
+describe('Stream wrapper', () => {
+  const requestEvent = {
+    type: 'type',
+    methodArn: 'methodArn',
+    authorizationToken: 'token'
+  };
+
+  it('Has expected properties and response funtions', () => {
+    function mockHandler({ event, token, valid, invalid, error }: AuthorizerSignature) {
+      expect(event).toEqual(requestEvent);
+      expect(token).toEqual('token');
+      expect(valid).toBeInstanceOf(Function);
+      expect(invalid).toBeInstanceOf(Function);
+      expect(error).toBeInstanceOf(Function);
+    }
+    // @ts-ignore
+    authWrapper(mockHandler)(requestEvent);
+  });
+});

src/auth/wrapper.test.ts

@@ -0,0 +1,23 @@
+import { CustomAuthorizerEvent } from 'aws-lambda';
+import { Metrics } from '../common';
+import { valid, invalid, error } from './responses';
+
+const metrics = new Metrics('Lambda Authorizer');
+
+export function authWrapper<T extends Function>(fn: T): T {
+  return <any>function(event: CustomAuthorizerEvent) {
+    metrics.common(event);
+    const token = event.authorizationToken;
+
+    const signature: AuthorizerSignature = { event, token, valid, invalid, error };
+    return fn(signature);
+  };
+}
+
+export interface AuthorizerSignature {
+  event: CustomAuthorizerEvent; // original event
+  token: string; // authorizer token from original event
+  valid(jwt: any): void; // creates AWS policy to authenticate request, and adds auth context if available
+  invalid(message?: string[]): void; // returns 401 unauthorized
+  error(error?: any): void; // records error information and returns 401 unauthorized
+}