带有无服务器本地环境的AWS Cognito [英] AWS Cognito with Serverless Local Environment

问题描述

这是我们在 Github 上发现的问题，并且存在相同的问题问题:

This is an issue we found on Github and are having the same issue:

我们正在使用无服务器和无服务器离线在本地运行lambda.我们有一个本地DynamoDB实现.对于Cognito，serverless-offline模拟已认证的用户和cognitoIdentityId.被模拟的用户有权调用lambda，但不能传递cognitoIdentityId以匹配我们在DynamoDB中为用户保存的内容.

We're using serverless and serverless-offline to run lambda locally. We have a local DynamoDB implementation. For Cognito however, serverless-offline mocks the authenticated user and cognitoIdentityId. The mocked user has permission to invoke the lambda but not to pass in the cognitoIdentityId to match what we save in DynamoDB for a user.

1. 这可能是无服务器脱机问题，并且可能还有其他问题，更好的解决方案.
2. 或者可能有一种在本地运行Cognito的方法.
3. 或者我们可以从本地用户访问Cognito.但是我们不知道该怎么做.

tldr;我不确定开发Labmdas的最佳做法是什么将Cognito与授权人一起使用时在本地:aws_iam

tldr; I'm not sure what the best practice is around developing labmdas locally when using Cognito with authorizer: aws_iam

推荐答案

尽管这可能会或可能无法解决您的问题，但这是在本地运行时如何模拟Cognito的方法.

Though this may or may not help with your problem here's how to mock Cognito while running locally.

每个AWS服务都接受配置.在此配置中，您可以传递 endpoint 参数.您可以将本地服务器传递到此配置，并为每个aws服务模拟所需的响应.

Every AWS service accepts a configuration. In this configuration you can pass an endpoint parameter. You can pass a local server to this config and mock your desired response for every aws service.

export const getIdentityProvider = () => new CognitoIdentityServiceProvider({
  region: process.env.AWS_REGION,
  accessKeyId: process.env.AWS_ACCESS_KEY_ID,
  secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
  endpoint: process.env.IS_TEST ? 'http://localhost:5001' : null
})

AWS服务以您发送的日期为正文，函数名称作为 x = amz-target 标头的一部分来执行POST调用.例如， AdminGetUser Cognito调用具有标头:'x-amz-target':'AWSCognitoIdentityProviderService.AdminGetUser'

AWS services perform a POST call with the date you are sending as the body and the function name as part of the x=amz-target header. For example the AdminGetUser Cognito call has the header: 'x-amz-target': 'AWSCognitoIdentityProviderService.AdminGetUser'

您可以创建一个基本服务器来处理此问题:

You can create a basic server to handle this like this:

import http from 'http'
const getBody = async request => {
  return new Promise((resolve, reject) => {
    let body = ''
    request.on('data', (data) => {
      body += data
    })
    request.on('end', () => {
      resolve(JSON.parse(body))
    })
  })
}

const server = http.createServer(async (req, res) => {
  const body = await getBody(req)
  const route = req.headers['x-amz-target']

  let response
  const status = 200

  switch (route) {
    case 'AWSCognitoIdentityProviderService.AdminGetUser':
      response = { foo: 'bar' }
      break
  }

  res.writeHead(response ? status : 404, { 'Content-Type': 'text/plain' })
  res.write(response || 'No route found')
  res.end()
})
server.listen(process.env.PORT || 5001, 'localhost', () => {
  console.log(`Proxy server listening on port http://${server.address().address}:${server.address().port}`)
})

为了知道返回什么，我建议进行一些单元测试并使用 nock 捕获响应..然后，您可以提取响应正文并在模拟服务器中使用它.

In order to know what to return I recommend doing some unit tests and capturing the response with nock. You can then extract the response body and use that in your mock server.

这篇关于带有无服务器本地环境的AWS Cognito的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！