AWS CDK: Api Key ignored when testing api gateway locally? - aws-api-gateway

I'm currently developping an API with aws-cdk and I'm testing it locally with aws-sam-cli and docker. I wanted to add the requirement of an API Key to call the API.
Here is the code inside my stack:
const api = new apigw.RestApi(this, "MyAPI", {
restApiName: "My API",
description: "BLABLABLA API",
});
const myLambdaIntegration = new apigw.LambdaIntegration(myLambda, {
proxy: false,
});
// Endpoints of the API
api.root.addResource("test").addMethod("GET", myLambdaIntegration, {
apiKeyRequired: true,
});
Then I build this stack and synth it (npm run build ; cdk synth --no-staging myStack > template.yaml
And try to test it locally
sam local start-api
When I request my api without any API KEY, the API returns me the result of my lambda. šŸ˜­
I expected it to return me an error like {"message":"Missing Authentication Token"}
Does anyone have an idea of what is going on?
I suspect it's because authorizations are ignored locally but didn't find anything about that...
Thanks in advance! šŸ˜
Edit: After deploying this stack, the API correctly asks me for a token.

Related

How to Properly Set Permissions for a Custom Strapi Plugin

Strapi Version: 4.1.5
Operating System: Debian GNU/Linux 9
Database: PostgreSQL 13
Node Version: v14.16.0
NPM Version: 6.14.11
Yarn Version: v1.22.5
Hi everyone, I canā€™t seem to find consistent information on how to use permissions with a custom plugin in Strapi. I want to make an endpoint available to my front-end (Next.JS) application, but only when the front-end application has authenticated as a user and using the JWT that is returned from authenticating with Strapi. I keep getting a 401 returned.
Hereā€™s what Iā€™m doing:
I used this page to set up authentication in Strapi. I have a user created in Strapi, and from the front-end, I can authenticate and it returns a JWT token. When I set up collection types to only be accessible with the ā€œauthenticatedā€ role, I can access those collection types in the api using this JWT token. So all of that works. The problem is that I canā€™t get this to work with my custom plugin, and Iā€™m not sure why. I still get a 401 error instead.
Hereā€™s how I set up the permissions:
Based on this page, I initially tried to leverage the isAuthenticated permission that the Users & Permissions plugin provides:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['plugins::users-permissions.isAuthenticated']
},
},
Unfortunately, this did not work. The server raised an error, saying that this could not be found. So back on the document linked above, I decided to take the approach of creating my own gloabl permission. I created src/policies/is-authenticated.js with the following contents:
module.exports = (policyContext, config, { strapi }) => {
if (policyContext.state.user) { // if a session is open
// go to next policy or reach the controller's action
return true;
}
return false; // If you return nothing, Strapi considers you didn't want to block the request and will let it pass
};
Then, I modified my pluginā€™s route as follows:
{
method: "GET",
path: "/progress",
handler: "memberProgress.getProgress",
config: {
policies: ['global::is-authenticated']
},
},
This is all based on that document I linked to. Unfortunately, this still does not work. It seems to find the permission (server doesnā€™t raise an error about it), but when I try to access my pluginā€™s endpoint with the JWT token, I just get a 401 error.
Here is how Iā€™m trying to access the endpoint on the front-end:
// VERIFIED, auth works and I get the expected jwt
const strapiAuth = await strapiApiAuth();
if ( strapiAuth && strapiAuth.hasOwnProperty("jwt") ) {
try {
const response = await axios.get(
`${process.env.STRAPI_BACKEND_URL}/member-progress/progress?year=2022&name=&pageSize=10&page=1`,
{
headers: {
Accept: "application/json",
Authorization: `Bearer ${strapiAuth.jwt}`
},
timeout: 500,
}
);
console.log(response);
} catch (error) {
// This is where I land with the 401 error
console.log(error);
}
}
Strapi check if you have a valid jwt by default with "authenticated" role, but you must mark the permission to your custom endpoint in "Settingsā†’User & Permission Pluginā†’Roles" of admin panel also.

Nuxtjs - Error 404 with post request in production while working in local

I'm actually trying to use nuxt-mail in a personnal project,
During my development phase, I receive all my testing mails. And from there I did the following adjustments to do the exact same request from my builded site :
//nuxt.config.js
env: {
baseUrl:
process.env.NODE_ENV === 'dev'
? 'http://localhost:3000'
: 'https://my-domain.netlify.app'
},
My code when using the 'send' function :
this.$axios.$post(process.env.baseUrl + "/mail/send", {
config: 'contact',
from: document.getElementById('input-2').value,
subject: document.getElementById('subject').value,
text: "This is a text message",
})
It continues to work well with localhost/3000/mail/send but I have a 404 error once I build my site and using https:/ /my-domain.netlify.app/mail/send :
POST https://my-domain.netlify.app/mail/send [HTTP/2 404 Not Found 186ms]
Uncaught (in promise) Error: Request failed with status code 404
I'm actually struggling to solve this problem, am I missing something ?
Alright, so if your target is static, you can only do yarn generate.
If you do have the default, aka target: server, you can only yarn build.
Then, as talked about it a bit here: Sending mail in Nuxt.js with nuxt-mail
You cannot use a Node.js package in a static environment, so neither yarn generate nor Netlify will help you here. You need to yarn build and host it on something like Heroku.
One last step that you can do, is to try it locally with the following:
target: server
yarn build
yarn start
make your POST call with Postman or alike
If it does not work here, it is a code issue and you can look into the hosting one.
If it does work locally, you can proceed to the hosting issue that you'll face.
Well you just misunderstood the env field in the nuxt.config.js file.
That env field is passed to the $config Object of the Nuxt App and not passed to process.env.
What you want is to set the BaseUrl for the Axios Module
// nuxt.config.js
axios: {
baseURL: process.env.NODE_ENV === 'dev'
? 'http://localhost:3000'
: 'https://my-domain.netlify.app'
},
// or provide a runtime config
// server and clientside
publicRuntimeConfig: {
axios: {
browserBaseURL: process.env.BROWSER_BASE_URL
}
},
// serverside only
privateRuntimeConfig: {
axios: {
baseURL: process.env.BASE_URL
}
},
Edit:
Also when calling axios just do it like that if you implement the above changes
this.$axios.$post("/mail/send", {
// ... the rest of your code

EPROTO error on google action verification

I am working on an action on google using Actions SDK, however when i enabled the Actions; verification as described at:
https://developers.google.com/actions/reference/rest/verify-requests
I am getting the below error, this only comes when i am behind corporate proxy, can anyone suggest a solution for this?
{
"error": "ID token verification failed: Error: Failed to retrieve verification certificates: Error: write EPROTO 139904972138304:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:825:\n\n at OAuth2Client. (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:580:31)\n at step (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:57:23)\n at Object.throw (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:38:53)\n at rejected (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:30:65)\n at propagateAslWrapper (/opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:502:23)\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:539:70\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at :null:null\n"
}
I am using v2.5.0 of actions-on-google
So i was able to sort this issue, the underlying issue is with axios library being used by google auth library (v1.3.2)
here is the issue : https://github.com/axios/axios/issues/662
The workaround for me was to replace axios with request promise in google auth library and then publish it in our private npm registry, this solved the issue for now.

Google Drive Rest API (V3) - 404 error while accessing private file owned by self

I am trying to download (export) a Google Drive file owned by me (private - not shared with anyone) using release 21.3.0 of the nodejs client for Google API. I have set up a project in Google API Console and received a API key for the Drive API. When I try to access my file from a node program, I get a 'File not found' error. If I make the file public (On - Public on the web), I can access it fine. I have also tried setting up a service account to user server-to-server OAuth2 by following instructions here. I am then using the code in the examples to create a JWT token and use that to request a access token. But even with using that token, I get 'File not found' error when the file is private. Here is the code that I have so far for this functionality -
let key = require(#location_of_json_key_file);
let jwtClient = new google.auth.JWT(
key.client_email,
null,
key.private_key,
['https://www.googleapis.com/auth/drive'],
null
);
jwtClient.authorize(function (err, tokens) {
if (err) {
console.log(err);
return;
}
console.log(tokens);
let fileId = #id_of_file_on_google_drive;
googleDriveApi.files.export(
{
access_token: tokens.access_token, //tried auth: jwtClient as well
fileId: fileId,
mimeType: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
//key: <API_access_key> //Tried with API Access Key
},
{encoding: null},
(err, buffer) => {
if (err) {
//keep getting the error here - Error: File not found: #id_of_file_on_google_drive
console.log(`Error occurred while exporting file from Google Drive - ${err}`);
} else {
//process the file...
}
}
);
});
If the file is owned by my account, should I not be able to access it using service account belonging to the same Google account even when the file is private? Otherwise, to make the Drive files accessible programmatically, you would have to make them public which is not always possible / advisable.
What am I missing here? Thanks for any pointers.

How to solve Android GCM 401 Error?

Have setup a project at Google Code APis console and have a server key at "Key for server apps (with IP locking)". I'am trying to send a push notification to GCM device using "API key" and one registration ID that I have stored at database.
For server side I'am using Zend_Mobile_Push_Gcm and have something like this:
$token = 'REGISTRATION ID';
$apiKey = 'API KEY';
//Send test push
$message = new Zend_Mobile_Push_Message_Gcm();
$message->setId(time());
$message->addToken($token);
$message->setData(array('foo' => 'bar', 'bar'=>'foo'));
$gcm = new Zend_Mobile_Push_Gcm();
$gcm->setApiKey($apiKey);
try {
$response = $gcm->send($message);
} catch (Zend_Mobile_Push_Exception $e) {
die($e->getMessage());
}
On the app side, I have used the GCM demo, that is currently registering it's registration ID on a server service.
I'am not able to send the push, always get a 401 error. Have gone through troubleshooting and tried my API KEY and Registration ID with the CLI test line at http://developer.android.com/guide/google/gcm/gcm.html#auth_error but with no success.
Any help would be appreciated.
I realise this was posted a while ago but be sure to use your server API key and not your android API key.
I had the same issue when trying to use my Android API key from PHP with Zend.