Updates to throw Unauthorized

bcgov · Nov 14, 2024 · 572357f · 572357f
1 parent 261302f
commit 572357f
Showing 1 changed file with 45 additions and 43 deletions.
diff --git a/aws/lambdas/auth/authorizer/index.ts b/aws/lambdas/auth/authorizer/index.ts
@@ -18,57 +18,59 @@ export const handler = async (
   console.log(`Event: ${JSON.stringify(event, null, 2)}`);
   console.log(`Context: ${JSON.stringify(context, null, 2)}`);
 
-  if (!event.headers) {
-    throw new Error("Error: invalid token");
-  }
-
   const correlationId: string = event.requestContext.requestId || uuidv4();
   const logger = getLogger(correlationId);
 
-  // x-verify-origin should be set by the caller
-  if (!(X_ORIGIN_VERIFY_HEADER in event.headers)) {
-    logger.error(`${X_ORIGIN_VERIFY_HEADER} not found in headers.`);
-    throw new Error("Error: invalid token");
-  }
-
-  // Extract the token from the request
-  const verifyToken = event.headers[X_ORIGIN_VERIFY_HEADER];
-
-  logger.info(`verifyToken: ${verifyToken}`);
-
-  const secretStringJson = await getSecret(
-    process.env.VERIFY_SECRET_NAME || ""
-  );
-  logger.info(`verifyToken: ${secretStringJson}`);
-
-  let verifyTokenfromSecretManager = "";
-
-  if (secretStringJson) {
-    verifyTokenfromSecretManager = JSON.parse(secretStringJson).verifyKey;
-    logger.debug(
-      "Authorization token from secret manager",
-      verifyTokenfromSecretManager
+  try {
+    if (!event.headers) {
+      logger.error("headers is missing.");
+      throw new Error("Error: invalid token");
+    }
+
+    // x-verify-origin should be set by the caller
+    if (!(X_ORIGIN_VERIFY_HEADER in event.headers)) {
+      logger.error(`${X_ORIGIN_VERIFY_HEADER} not found in headers.`);
+      throw new Error("Error: invalid token");
+    }
+
+    // Extract the token from the request
+    const verifyToken = event.headers[X_ORIGIN_VERIFY_HEADER];
+    const secretStringJson = await getSecret(
+      process.env.VERIFY_SECRET_NAME || ""
     );
-  } else {
-    logger.error("Secret not found in secret manager");
-    throw new Error("Error: invalid token");
-  }
 
-  if (verifyToken !== verifyTokenfromSecretManager) {
-    logger.error("Authorization token not valid");
-    throw new Error("Error: invalid token");
-  }
+    let verifyTokenfromSecretManager = "";
+    if (secretStringJson) {
+      verifyTokenfromSecretManager = JSON.parse(secretStringJson).verifyKey;
+      logger.debug(
+        "Authorization token from secret manager",
+        verifyTokenfromSecretManager
+      );
+    } else {
+      logger.error("Secret not found in secret manager");
+      throw new Error("Error: invalid token");
+    }
+
+    if (verifyToken !== verifyTokenfromSecretManager) {
+      logger.error("Authorization token not valid");
+      throw new Error("Error: invalid token");
+    }
+
+    const policy = generatePolicy(
+      correlationId,
+      "user",
+      "Allow",
+      event.methodArn
+    );
 
-  const policy = generatePolicy(
-    correlationId,
-    "user",
-    "Allow",
-    event.methodArn
-  );
+    logger.info(JSON.stringify(policy));
 
-  logger.info(policy.toString());
+    return policy;
+  } catch (error) {
+    logger.error(error);
 
-  return policy;
+    throw new Error("Unauthorized");
+  }
 };
 
 const generatePolicy = (