serverless/serverless

Move `http` event authorizer settings to top level `provider` section

Open

#2,887 创建于 2016年12月7日

在 GitHub 查看
 (14 评论) (2 反应) (0 负责人)JavaScript (46,915 star) (5,734 fork)batch import
bug/designcat/aws-event-api-gatewayhelp wanted

描述

Currently, the settings for a custom authorizer function are set within the event settings for each function:

functions:
  newFunction:
    handler: function.handler
    events:
      -  http:
            path: url/path
            method: get
            authorizer:
              name: customAuth
              resultTtlInSeconds: 30
              identityValidationExpression: .*

  customAuth:
    handler: auth.handler
    memorySize: 128

This leaves room for those settings to be redefined multiple times in the configuration, and can introduce uncertainty, particularly when there are multiple hands touching the code.

It would be beneficial to have everything related to the custom authorizer in one spot, and just reference the authorizer by name in each function. Something like this:

functions:
  newFunction:
    handler: function.handler
    events:
      -  http:
            path: url/path
            method: get
            authorizer: customAuth

  customAuth:
    handler: auth.handler
    memorySize: 128
    authorizerSettings:
      resultTtlInSeconds: 30
      identityValidationExpression: .*

Implementation proposal

Introduce similar authorizer configuration as it's for httpApi events. Individual authorizers should be configured at provider.apiGateway.authorizer settings and which are referenced at http events.

This new setup should be introduced in non breaking way, but with configured deprecation of authorizer configurations at http event level

贡献者指南

技术栈
javascriptnodejsaws
领域
backendapidevops
议题类型
feature
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-2 days
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
Understanding of Serverless Framework configurationKnowledge of AWS Lambda authorizersFamiliarity with the codebase
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
40
研究方向
Examine the current implementation of http event authorizer configuration in the codebase, likely in packages related to AWS Lambda events. Look for how httpApi authorizers are configured at provider level as a reference. Follow deprecation guidelines in CONTRIBUTING.md. Key files to explore: lib/plugins/aws/package/compile/events/http/index.js and related tests. Also review existing deprecation examples in the codebase to understand the pattern.