Feature/auth (#2314)

Author: GarrettBeatty

.autover/changes/09045e59-ab51-459e-b450-43fcb082d084.json

@@ -0,0 +1,11 @@
+{
+  "Projects": [
+    {
+      "Name": "Amazon.Lambda.Annotations",
+      "Type": "Minor",
+      "ChangelogMessages": [
+        "Developers can now define Lambda Authorizers and protect API endpoints entirely through C# attributes, eliminating the need for manual CloudFormation configuration."
+      ]
+    }
+  ]
+}

Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Amazon.Lambda.Annotations.SourceGenerator.csproj

@@ -98,6 +98,14 @@
       <Generator>TextTemplatingFilePreprocessor</Generator>
       <LastGenOutput>ExecutableAssembly.cs</LastGenOutput>
     </None>
+    <None Update="Templates\AuthorizerSetupParameters.tt">
+      <Generator>TextTemplatingFilePreprocessor</Generator>
+      <LastGenOutput>AuthorizerSetupParameters.cs</LastGenOutput>
+    </None>
+    <None Update="Templates\AuthorizerInvoke.tt">
+      <Generator>TextTemplatingFilePreprocessor</Generator>
+      <LastGenOutput>AuthorizerInvoke.cs</LastGenOutput>
+    </None>
   </ItemGroup>
 
   <ItemGroup>
@@ -131,6 +139,16 @@
       <AutoGen>True</AutoGen>
       <DependentUpon>ExecutableAssembly.tt</DependentUpon>
     </Compile>
+    <Compile Update="Templates\AuthorizerSetupParameters.cs">
+      <DesignTime>True</DesignTime>
+      <AutoGen>True</AutoGen>
+      <DependentUpon>AuthorizerSetupParameters.tt</DependentUpon>
+    </Compile>
+    <Compile Update="Templates\AuthorizerInvoke.cs">
+      <DesignTime>True</DesignTime>
+      <AutoGen>True</AutoGen>
+      <DependentUpon>AuthorizerInvoke.tt</DependentUpon>
+    </Compile>
   </ItemGroup>
 
   <ItemGroup>

Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/AnalyzerReleases.Unshipped.md

@@ -1,2 +1,18 @@
 ; Unshipped analyzer release
 ; https://github.com/dotnet/roslyn-analyzers/blob/master/src/Microsoft.CodeAnalysis.Analyzers/ReleaseTrackingAnalyzers.Help.md
+
+### New Rules
+
+Rule ID | Category | Severity | Notes
+--------|----------|----------|-------
+AWSLambda0120 | AWSLambdaCSharpGenerator | Error | Authorizer Name Required
+AWSLambda0121 | AWSLambdaCSharpGenerator | Error | HTTP API Authorizer Not Found
+AWSLambda0122 | AWSLambdaCSharpGenerator | Error | REST API Authorizer Not Found
+AWSLambda0123 | AWSLambdaCSharpGenerator | Error | Authorizer Type Mismatch
+AWSLambda0124 | AWSLambdaCSharpGenerator | Error | Authorizer Type Mismatch
+AWSLambda0125 | AWSLambdaCSharpGenerator | Error | Duplicate Authorizer Name
+AWSLambda0127 | AWSLambdaCSharpGenerator | Error | Invalid Result TTL
+AWSLambda0128 | AWSLambdaCSharpGenerator | Error | Authorizer Payload Version Mismatch
+AWSLambda0129 | AWSLambdaCSharpGenerator | Error | Missing LambdaFunction Attribute
+AWSLambda0130 | AWSLambdaCSharpGenerator | Error | Invalid return type IAuthorizerResult
+AWSLambda0131 | AWSLambdaCSharpGenerator | Error | FromBody not supported on Authorizer functions

Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Diagnostics/DiagnosticDescriptors.cs

@@ -153,5 +153,94 @@ public static class DiagnosticDescriptors
             category: "AWSLambdaCSharpGenerator",
             DiagnosticSeverity.Error,
             isEnabledByDefault: true);
+
+        // Authorizer diagnostics (ALA0019-ALA0027 per design document)
+        public static readonly DiagnosticDescriptor AuthorizerMissingName = new DiagnosticDescriptor(
+            id: "AWSLambda0120",
+            title: "Authorizer Name Required",
+            messageFormat: "The Name property is required on [{0}] attribute",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor HttpApiAuthorizerNotFound = new DiagnosticDescriptor(
+            id: "AWSLambda0121",
+            title: "HTTP API Authorizer Not Found",
+            messageFormat: "Authorizer '{0}' referenced in [HttpApi] attribute does not exist. Ensure a Lambda function with [HttpApiAuthorizer] exists with method name '{0}' or ResourceName = \"{0}\".",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor RestApiAuthorizerNotFound = new DiagnosticDescriptor(
+            id: "AWSLambda0122",
+            title: "REST API Authorizer Not Found",
+            messageFormat: "Authorizer '{0}' referenced in [RestApi] attribute does not exist. Ensure a Lambda function with [RestApiAuthorizer] exists with method name '{0}' or ResourceName = \"{0}\".",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor HttpApiAuthorizerTypeMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0123",
+            title: "Authorizer Type Mismatch",
+            messageFormat: "Cannot use REST API authorizer '{0}' with [HttpApi] attribute. Use an [HttpApiAuthorizer] instead.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor RestApiAuthorizerTypeMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0124",
+            title: "Authorizer Type Mismatch",
+            messageFormat: "Cannot use HTTP API authorizer '{0}' with [RestApi] attribute. Use a [RestApiAuthorizer] instead.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor DuplicateAuthorizerName = new DiagnosticDescriptor(
+            id: "AWSLambda0125",
+            title: "Duplicate Authorizer Name",
+            messageFormat: "Duplicate authorizer name '{0}'. Authorizer names must be unique within the same API type.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor InvalidAuthorizerResultTtl = new DiagnosticDescriptor(
+            id: "AWSLambda0127",
+            title: "Invalid Result TTL",
+            messageFormat: "Invalid ResultTtlInSeconds '{0}'. Must be between 0 and 3600.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor AuthorizerPayloadVersionMismatch = new DiagnosticDescriptor(
+            id: "AWSLambda0128",
+            title: "Authorizer Payload Version Mismatch",
+            messageFormat: "The authorizer '{0}' uses AuthorizerPayloadFormatVersion {1} but the endpoint uses HttpApiVersion {2}. This may cause unexpected behavior.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor MissingLambdaFunctionAttribute = new DiagnosticDescriptor(
+            id: "AWSLambda0129",
+            title: "Missing LambdaFunction Attribute",
+            messageFormat: "Method has [{0}] attribute but is missing the required [LambdaFunction] attribute. Add [LambdaFunction] to this method.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor AuthorizerResultOnNonAuthorizerFunction = new DiagnosticDescriptor(
+            id: "AWSLambda0130",
+            title: $"Invalid return type IAuthorizerResult",
+            messageFormat: "IAuthorizerResult is not a valid return type for LambdaFunctions without HttpApiAuthorizer or RestApiAuthorizer attributes",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
+
+        public static readonly DiagnosticDescriptor FromBodyNotSupportedOnAuthorizer = new DiagnosticDescriptor(
+            id: "AWSLambda0131",
+            title: "FromBody not supported on Authorizer functions",
+            messageFormat: "[FromBody] is not supported on authorizer functions. Authorizer functions only support [FromHeader], [FromQuery], and [FromRoute] parameter attributes.",
+            category: "AWSLambdaCSharpGenerator",
+            DiagnosticSeverity.Error,
+            isEnabledByDefault: true);
     }
 }

Libraries/src/Amazon.Lambda.Annotations.SourceGenerator/Extensions/ParameterListExtension.cs

@@ -12,7 +12,7 @@ public static bool HasConvertibleParameter(this IList<ParameterModel> parameters
             return parameters.Any(p =>
             {
                 // All request types are forwarded to lambda method if specified, there is no parameter conversion required.
-                if (TypeFullNames.Requests.Contains(p.Type.FullName))
+                if (TypeFullNames.ApiGatewayRequests.Contains(p.Type.FullName))
                 {
                     return false;
                 }