堆栈内存溢出
  简体   繁体   English

如何在 AWS Lambda 无服务器部署中对第三方 Webhook 请求进行身份验证

[英]How to authenticate third party webhook request in AWS Lambda serverless deployment

 原文  2020-03-06 21:08:54       node.js/ amazon-web-services/ aws-lambda/ amazon-iam/ serverless

问题描述

I'm writing a function that handles the callback of a Stripe.com checkout session.我正在编写一个函数来处理 Stripe.com 结账会话的回调。

Basically, I receive some data in the body of the request, verify it with the Stripe node library, then I'm trying to write to Dynamodb to handle some backend business logic after the purchase is completed.基本上,我在请求的正文中收到一些数据,使用Stripe节点库对其进行验证,然后在购买完成后尝试写入Dynamodb以处理一些后端业务逻辑。

The problem is I need to keep this api endpoint open for Stripe to call it but also give the function authorization to write to dynamodb.问题是我需要让这个 api 端点保持打开状态,以便 Stripe 调用它,但还要授权函数写入 dynamodb。 When setting the authorizer: aws_iam , it requires the request to include an authentication token and when testing the webhook with Stripe it returns a "Missing Authentication Token" error.设置授权方时: aws_iam ,它要求请求包含身份验证令牌,并且在使用 Stripe 测试 webhook 时,它返回“缺少身份验证令牌”错误。

When I remove the authorizer: aws_iam Stripe can call the webhook fine because the endpoint is open but then there's no permissions setup to allow writing to dynamodb.当我删除授权人时:aws_iam Stripe 可以很好地调用 webhook,因为端点是打开的,但是没有设置允许写入 dynamodb 的权限。 Seems like a catch22.看起来像一个catch22。

Here's my serverless:这是我的无服务器:

handleCourseCheckout:
   handler: checkout_completed.main
   events:
      - http:
         path: webhook/purchased
         method: post
         cors: true
         authorizer: aws_iam

and here is where the authorizer aws_iam is defined:这里是定义授权方 aws_iam 的地方:

provider:
  name: aws
  runtime: nodejs10.x
  stage: dev

  ......

  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
      # Restrict our IAM role permissions to
      # the specific table for the stage
      Resource:
        - "Fn::ImportValue": TableArn

1 个解决方案

解决方案1
 1 已采纳  2020-03-06 21:25:49

That's kinda strange.这有点奇怪。 In your case you need to configure:在您的情况下,您需要配置:

  • API GW wide open ( authorizer: aws_iam means restriction access to api gw endpoint only) API GW 完全开放( authorizer: aws_iam表示仅限制对 api gw 端点的访问)
  • API GW must have permissions to invoke lambda function API GW 必须具有调用 lambda 函数的权限
  • lambda function must have only access to DynamoDB lambda 函数必须只能访问 DynamoDB
  • remove CORS删除 CORS

Please - check lambda permissions (execution role) - check api gw (integration request role)请 - 检查 lambda 权限(执行角色) - 检查 api gw(集成请求角色)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Lambda AWS上的Webhook部署 - Webhook deployment on Lambda AWS 如何编写无服务器 AWS lambda function 将使用 wget 下载 linux 第三方应用程序,然后从该应用程序执行命令? - How to code a serverless AWS lambda function that will download a linux third party application using wget and then execute commands from that app? 无服务器部署到 AWS Lambda 缺少模块? - Serverless deployment to AWS Lambda missing modules? AWS Lambda 不在循环中调用第三方 API - AWS Lambda not calling third party api in loop AWS Lambda javascript 保持与第三方的连接 API - AWS Lambda javascript keep alive connection to third party API 无服务器框架 AWS 部署 - Serverless Framework AWS deployment 对于 AWS lambda 无服务器 nodejs 应用程序,您如何在开发环境中执行请求? - for an AWS lambda serverless nodejs app, how do you execute a request in the development environment? 如何将超级代理(或任何请求库)安装到无服务器框架 AWS Lambda function? - How to install superagent (or any request library) into Serverless Framework AWS Lambda function? 如何验证第三方域/来源并获取访问令牌 - How to authenticate third party domain/origin and get access token 如何在NodeJS中拦截第三方http请求? - How to intercept third party http request in NodeJS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM