- The task is a continuation of Homework 6 and should be done in the same repo.
Find the entire program architecture: here.
- Create a new service called
authorization-serviceat the same level as Product and Import services with its own AWS CDK Stack. The backend project structure should look like this:
backend-repository
product-service
import-service
authorization-service
- Create a lambda function called
basicAuthorizerunder the Authorization Service. - This lambda should have at least one environment variable with the following credentials:
{yours_github_account_login}=TEST_PASSWORD
{yours_github_account_login}- your GitHub account name. Login for test user should be your GitHub account nameTEST_PASSWORD- password string. Password for test user must be "TEST_PASSWORD"- example:
johndoe=TEST_PASSWORD
- This
basicAuthorizerlambda should take Basic Authorization token, decode it and check that credentials provided by token exist in the lambda environment variable. - This lambda should return 403 HTTP status if access is denied for this user (invalid
authorization_token) and 401 HTTP status if Authorization header is not provided.
NOTE: Do not send your credentials to the GitHub. Use .env file and dotenv package to add environment variables to the lambda. Add .env file to .gitignore file.
.env file example:
vasiapupkin=TEST_PASSWORD
- Add Lambda authorization to the
/importpath of the Import Service API Gateway. - Use your
basicAuthorizerlambda as the Lambda authorizer
- Request from the client application to the
/importpath of the Import Service should have Basic Authorization header:
Authorization: Basic {authorization_token}
{authorization_token}is a base64-encoded{yours_github_account_login}:TEST_PASSWORD- example:
Authorization: Basic sGLzdRxvZmw0ZXs0UGFzcw==
- Client should get
authorization_tokenvalue from browser localStorage
const authorization_token = localStorage.getItem('authorization_token')
- Commit all your work to separate branch (e.g.
task-7from the latestmaster) in your own repository. - Create a pull request to the
masterbranch. - Submit link to the pull request to Crosscheck page in RS App.
Provide your reviewers with the link to the repo, client application and URLs to execute the /import path of the Import Service`
authorization-serviceis added to the repo, has correctbasicAuthorizerlambda and correct AWS CDK Stack- Import Service AWS CDK Stack has authorizer configuration for the
importProductsFilelambda. Request to theimportProductsFilelambda should work only with correctauthorization_tokenbeing decoded and checked bybasicAuthorizerlambda. Response should be in 403 HTTP status if access is denied for this user (invalidauthorization_token) and in 401 HTTP status if Authorization header is not provided. - Client application is updated to send "Authorization: Basic
authorization_token" header on import. Client should getauthorization_tokenvalue from browser localStorage
NOTE: Recommended for personal growth and further interviews, but this part would not be evaluated on cross-check.
- +30 - Client application should display alerts for the responses in 401 and 403 HTTP statuses. This behavior should be added to the
nodejs-aws-fe-main/src/index.tsxfile. - Just Practice, No Evaluation - Add Login page and protect
getProductsListlambda by the Cognito Authorizer- Create Cognito User Pool using a demo from the lecture. Leave
emailin a list of standard required attributes. CheckboxAllow users to sign themselves upshould be checked. Also, setemailas an attribute that you want to verify. - Add
App Clientto the User Pool - In the
App Client Settingssection select allIdentity Providers. Fill theCallback URL(s)field with your Client Application URL (i.e.http://localhost:3000/). Allow onlyAuthorization code grantOAuth Flow. Allow allOAuth Scopes - Create Domain name
- After all of these manipulations, you can open your
Login Pageby clicking on theLaunch Hosted UIlink in theApp Client Settings - Provide this link to your reviewers. The reviewer can just confirm that everything works for him too.
- Add Cognito authorizer to the
getProductsListlambda. UseAuthorizationas aToken Source - How to make sure that everything works as expected:
- Open Login Page and
Sign Upa new user. Use a real email address to create this user - Verify user using code from the email
- After verification and after every login you will be redirected to the Client application. URL should contain
id_tokenwhich can be used to access thegetProductsListlambda - Call
getProductsListlambda usingid_tokenas a value for theAuthorizationheader
- Open Login Page and
- Remove authorization from the
getProductsListafter your task will be checked
- Create Cognito User Pool using a demo from the lecture. Leave
