<!--
1. Please check out and follow our Contributing Guidelines: https://github….com/serverless/serverless/blob/master/CONTRIBUTING.md
2. Do not remove any section of the template. If something is not applicable leave it empty but leave it in the PR
3. Please follow the template, otherwise we'll have to ask you to update it and it will take longer until your PR is merged
-->
## What did you implement:
Closes #5857
Closes #5874
<!--
Briefly describe the feature if no issue exists for this PR
-->
## How did you implement it:
<!--
If this is a nontrivial change please briefly describe your implementation so its easy for us to understand and review your code.
-->
Using the Authorizer CF template, and mapping it to the Route template, and setting the required permissions.
## How can we verify it:
Using the following service:
```yml
service: websocket-authorizers
provider:
name: aws
stage: dev
runtime: nodejs8.10
functions:
connect:
handler: handler.connect
events:
- websocket:
route: $connect
authorizer:
name: auth
identitySource:
- 'route.request.header.Auth'
- 'route.request.querystring.Auth'
default:
handler: handler.default
events:
- websocket:
route: $default
auth:
handler: handler.auth
```
```js
// handler.js
'use strict';
const AWS = require('aws-sdk')
// the following section injects the new ApiGatewayManagementApi service
// into the Lambda AWS SDK, otherwise you'll have to deploy the entire new version of the SDK
/* START ApiGatewayManagementApi injection */
const { Service, apiLoader } = AWS
apiLoader.services['apigatewaymanagementapi'] = {}
const model = {
metadata: {
apiVersion: '2018-11-29',
endpointPrefix: 'execute-api',
signingName: 'execute-api',
serviceFullName: 'AmazonApiGatewayManagementApi',
serviceId: 'ApiGatewayManagementApi',
protocol: 'rest-json',
jsonVersion: '1.1',
uid: 'apigatewaymanagementapi-2018-11-29',
signatureVersion: 'v4'
},
operations: {
PostToConnection: {
http: {
requestUri: '/@connections/{connectionId}',
responseCode: 200
},
input: {
type: 'structure',
members: {
Data: {
type: 'blob'
},
ConnectionId: {
location: 'uri',
locationName: 'connectionId'
}
},
required: ['ConnectionId', 'Data'],
payload: 'Data'
}
}
},
paginators: {},
shapes: {}
}
AWS.ApiGatewayManagementApi = Service.defineService('apigatewaymanagementapi', ['2018-11-29'])
Object.defineProperty(apiLoader.services['apigatewaymanagementapi'], '2018-11-29', {
// eslint-disable-next-line
get: function get() {
return model
},
enumerable: true,
configurable: true
})
/* END ApiGatewayManagementApi injection */
module.exports.connect = (event, context, cb) => {
cb(null, {
statusCode: 200,
body: 'Connected.'
});
};
module.exports.default = async (event, context, cb) => {
const client = new AWS.ApiGatewayManagementApi({
apiVersion: '2018-11-29',
endpoint: `https://${event.requestContext.domainName}/${event.requestContext.stage}`
});
await client
.postToConnection({
ConnectionId: event.requestContext.connectionId,
Data: `default route received: ${event.body}`
})
.promise();
cb(null, {
statusCode: 200,
body: 'Sent.'
});
};
module.exports.auth = async (event, context) => {
return {
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": event.methodArn
}
]
}
};
};
```
deploy, then connect to the ws url:
```
wscat -c wss://<ID>.execute-api.us-east-1.amazonaws.com/dev?Auth=foo -H Auth:bar
# connection should SUCCEED because you provided both identity sources: querystring & header
wscat -c wss://<ID>.execute-api.us-east-1.amazonaws.com/dev -H Auth:bar
# connection should FAIL because you ONLY provided the header
# and your serverless.yml clearly states that you need the querystring identity source
# If you remove the `identitySource` from `serverless.yml`, it should SUCCEED
# because using ONLY the header is the default behavior
```
<!--
Add any applicable config, commands, screenshots or other resources
to make it easy for us to verify this works. The easier you make it for us
to review a PR, the faster we can review and merge it.
Examples:
* serverless.yml - Fully functioning to easily deploy changes
* Screenshots - Showing the difference between your output and the master
* Cloud Configuration - List cloud resources and show that the correct configuration is in place (e.g. AWS CLI commands)
* Other - Anything else that comes to mind to help us evaluate
-->
## Todos:
- [x] Write tests
- [x] Write documentation
- [x] Fix linting errors
- [x] Make sure code coverage hasn't dropped
- [x] Provide verification config / commands / resources
- [x] Enable "Allow edits from maintainers" for this PR
- [x] Update the messages below
***Is this ready for review?:*** YES
***Is it a breaking change?:*** NO