[英]How can I generate a Set-Cookie integration response header in AWS API Gateway?
I'm currently using Amazon's API Gateway to create a REST API that interacts directly with DynamoDB (using the "AWS Service" integration type - there is NO lambda in-between). 我目前正在使用亚马逊的API网关来创建一个直接与DynamoDB交互的REST API(使用“AWS服务”集成类型 - 中间没有lambda)。 Everything works, except that I'd like to return a Set-Cookie header on the first response, for use with subsequent calls to the API. 一切正常,除了我想在第一个响应上返回一个Set-Cookie标头,用于后续调用API。
For simplicity (security is not a concern here), I'd like to use context.requestId as the cookie's value. 为简单起见(这里不担心安全性),我想使用context.requestId作为cookie的值。 The problem is that a Set-Cookie header requires more than just the cookie's value; 问题是Set-Cookie标头需要的不仅仅是cookie的值; at minimum it also needs a name for the cookie, in the form CookieName=CookieValue
, and realistically I'd also like to set other parameters for it, such as an expiration date. 至少它还需要Cookie的名称,格式为CookieName=CookieValue
,并且实际上我还想为其设置其他参数,例如到期日期。
However, it seems there is no way to combine a context variable with some static text in a "header mapping value", as I'd need for the above format: https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html#mapping-response-parameters 但是,似乎没有办法将上下文变量与“标题映射值”中的某些静态文本组合在一起 ,因为我需要以上格式: https : //docs.aws.amazon.com/apigateway/latest /developerguide/request-response-data-mappings.html#mapping-response-parameters
So my question is: Is there anything I can put into the "header mapping value" box to get this behavior? 所以我的问题是: 有什么我可以放入“标题映射值”框来获得这种行为吗? Something along the lines of 'id='+context.requestId
, but valid? 有什么东西'id='+context.requestId
,但有效吗? I'd also be open to using alternative setup methods, such as the AWS CLI or importing an OpenAPI file. 我也愿意使用其他设置方法,例如AWS CLI或导入OpenAPI文件。
For reference, this is the API Gateway input box in question: 作为参考,这是有问题的API网关输入框:
AWS documentation about Response > Header Mappings > Mapping value on page https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-method-settings-execution-console.html 有关响应 > 标题映射 > 映射值的 AWS文档,请参见 https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-method-settings-execution-console.html
For Mapping value, use one of the following formats: 对于映射值,请使用以下格式之一:
integration.response.header. integration.response.header。 header-name where header-name is the name of a single-valued response header from the backend. header-name其中header-name是后端的单值响应头的名称。 For example, to return the backend response's
Date
header as an API method's response'sTimestamp
header, the Response header column will contain a Timestamp entry, and the associated Mapping value should be set to integration.response.header.Date . 例如,要将后端响应的Date
标头作为API方法的响应的Timestamp
标头返回, Response标头列将包含Timestamp条目,并且关联的Mapping值应设置为integration.response.header.Date 。 ... ...
So above boils down to what is supported by DynamoDB . 因此,上面归结为DynamoDB支持的内容 。 And by looking into one of the API examples like GetItem in docs https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_GetItem.html#API_GetItem_ResponseElements 通过在文档https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_GetItem.html#API_GetItem_ResponseElements中查看其中一个API示例,例如GetItem
HTTP/1.1 200 OK
x-amzn-RequestId: <RequestId>
x-amz-crc32: <Checksum>
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
Date: <Date>
{ response json excluded for brevity}
So I would probably try using x-amzn-RequestId
header value in mapping 所以我可能会尝试在映射中使用x-amzn-RequestId
头值
integration.response.header.x-amzn-RequestId
It might be possible that other responses will not contain this header but in that case it would be possible to enable request tracing which will end up spitting back X-Amzn-Trace-Id
header 其他响应可能不包含此标头,但在这种情况下,可以启用请求跟踪,这将最终向后吐出X-Amzn-Trace-Id
标头
AWS response param mapping docs mention available syntax for mappings: AWS响应参数映射文档提及映射的可用语法:
+--------------------------------------+------------------------+
| Mapped Data Source | Mapping expression |
+--------------------------------------+------------------------+
| Integration response header | integration.response.header.PARAM_NAME |
| Integration response header | integration.response.multivalueheader.PARAM_NAME |
| Integration response body | integration.response.body |
| Integration response body (JsonPath) | integration.response.body.JSONPath_EXPRESSION |
| Stage variable | stageVariables.VARIABLE_NAME |
| Context variable | context.VARIABLE_NAME that must be one of the supported context variables. |
| Static value | 'STATIC_VALUE'. The STATIC_VALUE is a string literal and must be enclosed within a pair of single quotes. |
+--------------------------------------+------------------------+
We also know that PARAM_NAME
needs to match regular expression ^[a-zA-Z0-9._$-]+$
from that same documentation page. 我们也知道PARAM_NAME
需要匹配来自同一文档页面的正则表达式^[a-zA-Z0-9._$-]+$
。
There are no examples showing concatenation though so even if 'id='+context.requestId
syntax is supported there is nothing that prevents it from being removed in the future. 虽然支持'id='+context.requestId
语法,但是没有示例显示连接,没有什么可以阻止它在将来被删除。
API Gateway uses Velocity Template Language (VTL) engine to process body mapping templates for the integration request and integration response. API网关使用Velocity Template Language(VTL)引擎来处理集成请求和集成响应的正文映射模板。 The mapping templates translate method request payloads to the corresponding integration request payloads and translate integration response bodies to the method response bodies. 映射模板将方法请求有效负载转换为相应的集成请求有效负载,并将集成响应主体转换为方法响应主体。
There is a guide on AWS - Use a Mapping Template to Override an API's Request and Response Parameters and Status Codes AWS上有一个指南 - 使用映射模板覆盖API的请求和响应参数和状态代码
Template could look similar to below. 模板看起来类似于下面。 I haven't tested it though: 我没有测试过它:
#set($cookieName = "id")
#set($cookieNameValSeparator = "=")
$input.json("$")
#set($context.responseOverride.header.Set-Cookie = "$cookieName$cookieNameValSeparator$context.requestId")
If you'd be interested in using AWS CloudFront that would make this quite simple. 如果您对使用AWS CloudFront感兴趣,那么这将非常简单。 In CloudFront you are able to add your own custom headers with name and value, as requests are being routed optimally for your site: 在CloudFront中,您可以添加自己的名称和值自定义标头,因为请求最适合您的网站:
Hope this helps! 希望这可以帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.