使用无服务器框架进行请求验证 [英] Request validation using serverless framework
问题描述
我正在为后端使用无服务器框架.如何实现请求验证? (不想在lambda函数中编写验证).
I am using serverless framework for the backend. How can I implement request validation? (do not want to write validation inside lambda functions).
推荐答案
要使用serverless实施请求验证,您需要做几件事:
在堆栈中包含模型/标头定义,然后告诉API网关使用它们进行请求验证.
To implement request validation using serverless you need to do a couple of things:
Include your model/header definitions in your stack, and then tell API gateway to use them for request validation.
您需要安装以下软件包:
You'll need to install the following packages:
然后您需要将它们包含在serverless.yml中:
And then you'll need to include them in your serverless.yml:
plugins:
- serverless-reqvalidator-plugin
- serverless-aws-documentation
注意:以下只是有关如何合并软件包的简要介绍.请访问软件包的文档页面以获取更全面的示例...
Note: below is only a quick run-down of how to incorporate the packages. Visit the packages' documentation pages for more comprehensive examples...
-
提供API网关,其中包含您的模型/标头的描述.
Provide API gateway with a description of your models / headers.
您可以为模型导入json模式,并使用serverless-aws-documentation插件声明http标头.
将模型添加到serverless.yml的方法如下:
You can import json schemas for your models, and declare http headers using the serverless-aws-documentation plugin.
Here's how you'd add a model to your serverless.yml:
custom:
documentation:
api:
info:
version: v0.0.0
title: Some API title
description: Some API description
models:
- name: SomeLambdaRequest
contentType: application/json
schema: ${file(models/SomeLambdaRequest.json)} # reference to your model's json schema file. You can also declare the model inline.
这是在lambda定义中引用模型的方式:
And here's how you'd reference the model in your lambda definition:
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
documentation:
summary: some summary
description: some description
requestBody:
description: some description
requestModels:
application/json: SomeLambdaRequest
您还可以像这样对lambda定义声明请求标头:
You can also declare request headers against your lambda definition like so:
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
documentation:
summary: some summary
description: some description
requestHeaders:
- name: x-some-header
description: some header value
required: true # true or false
- name: x-another-header
description: some header value
required: false # true or false
告诉API网关实际使用模型进行验证
Tell API gateway to actually use the models for validation
这部分利用了serverless-reqvalidator-plugin包,您需要将AWS::ApiGateway::RequestValidator资源添加到您的serverless.yml文件中.
您可以指定是否要验证请求正文,请求标头或同时验证两者.
This part makes use of the serverless-reqvalidator-plugin package, and you need to add AWS::ApiGateway::RequestValidator resources to your serverless.yml file.
You can specify whether you want to validate request body, request headers, or both.
resources:
Resources:
onlyBody:
Type: AWS::ApiGateway::RequestValidator
Properties:
Name: 'only-body'
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: true # true or false
ValidateRequestParameters: false # true or false
然后在各个函数上可以使用验证器,如下所示:
And then on individual functions you can make use of the validator like so:
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
reqValidatorName: onlyBody # reference and use the 'only-body' request validator
将所有的lambda定义放在一起看起来像这样:
Put all together your lambda definition would end up looking a little like this:
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
reqValidatorName: onlyBody # reference and use the 'only-body' request validator
documentation:
summary: some summary
description: some description
requestBody:
description: some description
requestModels:
application/json: SomeLambdaRequest
requestHeaders:
- name: x-some-header
description: some header value
required: true # true or false
- name: x-another-header
description: some header value
required: false # true or false
这篇关于使用无服务器框架进行请求验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
