Amazon web services 使用无服务器框架进行请求验证
我在后台使用无服务器框架。如何实现请求验证?(不希望在lambda函数中写入验证) 要使用Amazon web services 使用无服务器框架进行请求验证,amazon-web-services,validation,aws-lambda,aws-api-gateway,serverless-framework,Amazon Web Services,Validation,Aws Lambda,Aws Api Gateway,Serverless Framework,我在后台使用无服务器框架。如何实现请求验证?(不希望在lambda函数中写入验证) 要使用serverless实现请求验证,您需要做几件事: 在堆栈中包含模型/头定义,然后告诉API网关使用它们进行请求验证 您需要安装以下软件包: 然后,您需要将它们包含在serverless.yml中: 注意:下面只是如何合并这些包的简要说明。访问软件包的文档页面以获取更全面的示例 为API网关提供模型/头的描述 您可以为模型导入json模式,并使用serverless aws documentati
serverless
实现请求验证,您需要做几件事:
在堆栈中包含模型/头定义,然后告诉API网关使用它们进行请求验证
您需要安装以下软件包:
serverless.yml
中:
注意:下面只是如何合并这些包的简要说明。访问软件包的文档页面以获取更全面的示例
serverless aws documentation
插件声明http头。
下面是如何将模型添加到serverless.yml
:
以下是如何在lambda定义中引用模型:
您还可以根据lambda定义声明请求头,如下所示:
serverless reqvalidator插件
包,您需要将AWS::ApiGateway::RequestValidator
资源添加到serverless.yml
文件中。
您可以指定是否要验证请求正文、请求标头或两者。
然后在单个函数上,您可以使用如下验证程序:
无服务器框架现在支持这一点,因此不需要使用外部插件 要启用请求验证,需要将以下内容添加到
serverless.yml
:
HttpHandler:
handler: src/lambda/http/create.handler
events:
- http:
method: post
path: items
request:
schema:
application/json: ${file(models/create-todo-model.json)}
正如Ivan所指出的,无服务器框架支持外部插件,因此不需要外部插件。但是,我认为配置此功能的方式已经改变
functions:
create:
handler: posts.create
events:
- http:
path: posts/create
method: post
request:
schema:
application/json: ${file(create_request.json)}
此示例取自:
以防你像我一样,不想按照“中的建议添加插件”https://stackoverflow.com/questions/49133294/request-validation-using-serverless-framework“ 如果您根据需要设置参数并希望对其进行验证,则必须向serverless.yml添加请求验证程序 要验证的方法的名称类似于
ApiGateway:
。在创建的模板文件中打包无服务器函数时,可以查找名称
此解决方案的礼节是使用无服务器请求验证
plugins:
- serverless-python-requirements
- serverless-wsgi
- serverless-reqvalidator-plugin
- serverless-aws-documentation
provider:
name: aws
runtime: python3.8
region: us-east-1
functions:
hello:
handler: handler.hello
events:
- http:
path: /
method: get
likes:
handler: handler.likes
events:
- http:
path: /likes
method: get
integration: lambda
reqValidatorName: xMyRequestValidator
request:
passThrough: NEVER
parameters:
querystrings:
userid: true
activityid: true
template:
application/json: '{ "userid":"$input.params(''userid'')","activityid":"$input.params(''activityid'')"}'
response:
headers:
Content-Type: "'application/json'"
custom:
wsgi:
app: handler.app
pythonBin: python # Some systems with Python3 may require this
packRequirements: false
pythonRequirements:
dockerizePip: non-linux
resources:
Resources:
xMyRequestValidator:
Type: "AWS::ApiGateway::RequestValidator"
Properties:
Name: 'my-req-validator'
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: true
ValidateRequestParameters: true
对此有何评论?如何要求内容类型为application/json?在这个例子中,如果您不提供请求主体或其他内容类型,Lambda仍然会被调用。如果与
应用程序/json
不同的内容类型仍然调用Lambda。有没有办法将AWS API网关配置为只允许应用程序/json
,内容类型?这表明您还不能使用默认的Lambda代理集成来正确实施内容类型验证。为了避免内容类型问题,您需要使用(在无服务器非默认情况下)并使用“从不”作为传递行为(在未指定任何内容的情况下为默认)。然后,这将阻止未由提供的安装程序定义的内容类型。我仍然喜欢接受的答案,因为您可以定义OpenApi文档以及请求验证。我们如何验证查询字符串参数?注意:架构验证程序仅应用于您指定的内容类型。其他内容类型未被阻止。
我在尝试上述操作时出错:发生错误:ApigatewayResourceDashData-遇到不受支持的属性RequestValidatorId。请确保资源名称正确。另请参阅对此答案的评论,其中对其进行了详细说明是的,成功了!非常感谢你@ShwetaJ如果你觉得答案对你有帮助,请投票表决
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
documentation:
summary: some summary
description: some description
requestHeaders:
- name: x-some-header
description: some header value
required: true # true or false
- name: x-another-header
description: some header value
required: false # true or false
resources:
Resources:
onlyBody:
Type: AWS::ApiGateway::RequestValidator
Properties:
Name: 'only-body'
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: true # true or false
ValidateRequestParameters: false # true or false
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
reqValidatorName: onlyBody # reference and use the 'only-body' request validator
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
reqValidatorName: onlyBody # reference and use the 'only-body' request validator
documentation:
summary: some summary
description: some description
requestBody:
description: some description
requestModels:
application/json: SomeLambdaRequest
requestHeaders:
- name: x-some-header
description: some header value
required: true # true or false
- name: x-another-header
description: some header value
required: false # true or false
HttpHandler:
handler: src/lambda/http/create.handler
events:
- http:
method: post
path: items
request:
schema:
application/json: ${file(models/create-todo-model.json)}
functions:
create:
handler: posts.create
events:
- http:
path: posts/create
method: post
request:
schema:
application/json: ${file(create_request.json)}
Resources:
ParameterRequestValidator:
Type: AWS::ApiGateway::RequestValidator
Properties:
Name: ParameterRequestValidator
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: false
ValidateRequestParameters: true
ApiGatewayMethodNameOfYourApiLookItUpInYourTemplate:
Properties:
RequestValidatorId:
Ref: ParameterRequestValidator
plugins:
- serverless-python-requirements
- serverless-wsgi
- serverless-reqvalidator-plugin
- serverless-aws-documentation
provider:
name: aws
runtime: python3.8
region: us-east-1
functions:
hello:
handler: handler.hello
events:
- http:
path: /
method: get
likes:
handler: handler.likes
events:
- http:
path: /likes
method: get
integration: lambda
reqValidatorName: xMyRequestValidator
request:
passThrough: NEVER
parameters:
querystrings:
userid: true
activityid: true
template:
application/json: '{ "userid":"$input.params(''userid'')","activityid":"$input.params(''activityid'')"}'
response:
headers:
Content-Type: "'application/json'"
custom:
wsgi:
app: handler.app
pythonBin: python # Some systems with Python3 may require this
packRequirements: false
pythonRequirements:
dockerizePip: non-linux
resources:
Resources:
xMyRequestValidator:
Type: "AWS::ApiGateway::RequestValidator"
Properties:
Name: 'my-req-validator'
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: true
ValidateRequestParameters: true