Feat: handle Auth logic in the handler instead of globally (#41)

* fix: handle auth per handler

* fix: conditions order in token validation

* fix: code cleaness and methods improvements

* fix: new api response and add missed token condition

serverless.yml

@@ -36,12 +36,7 @@ provider:
     CONTENTFUL_DELIVERY_API_TOKEN: ${env:CONTENTFUL_DELIVERY_API_TOKEN}
   httpApi:
     cors: true
-    authorizers:
-      simpleAuthorizerFunc:
-        type: request
-        identitySource:
-          - $request.header.Authorization
-        functionName: customAuthorizer
+
   iam:
     role:
       statements:
@@ -55,10 +50,6 @@ provider:
 
 # The `functions` block defines what code to deploy
 functions:
-  # auth functions & APIs
-  customAuthorizer:
-    handler: src/handlers/auth/authorizer.handler
-
   getValidToken:
     handler: src/handlers/auth/getValidToken.handler
     events:
@@ -94,41 +85,32 @@ functions:
       - httpApi:
           path: /genres/movies
           method: get
-          authorizer:
-            name: simpleAuthorizerFunc
 
   movies:
     handler: src/handlers/movies/getMovies.handler
     events:
       - httpApi:
           path: /movies
           method: get
-          authorizer:
-            name: simpleAuthorizerFunc
 
   movieById:
     handler: src/handlers/movies/movieById.handler
     events:
       - httpApi:
           path: /movies/{id}
           method: get
-          authorizer:
-            name: simpleAuthorizerFunc
 
   movieTitles:
     handler: src/handlers/movies/getMovieTitles.handler
     events:
       - httpApi:
           path: /movies/titles
           method: get
-          authorizer:
-            name: simpleAuthorizerFunc
 
   genreById:
     handler: src/handlers/genres/genreById.handler
     events:
       - httpApi:
           path: /movies/genres/{id}
           method: get
-          authorizer:
-            name: simpleAuthorizerFunc
+

src/handlers/genres/genreById.ts

@@ -6,8 +6,9 @@ import {
 	notFoundResponse,
 	serverErrorResponse,
 } from '@utils/api/apiResponses';
+import { withAuthorization } from '@utils/api/withAuthorization';
 
-export const handler: APIGatewayProxyHandler = async (event) => {
+export const handler: APIGatewayProxyHandler = withAuthorization(async (event) => {
 	const genreId = event?.pathParameters?.id;
 
 	if (!genreId) {
@@ -33,4 +34,4 @@ export const handler: APIGatewayProxyHandler = async (event) => {
 	} catch (err) {
 		return serverErrorResponse;
 	}
-};
+});

src/handlers/genres/moviesByGenre.ts

@@ -2,8 +2,9 @@ import { APIGatewayProxyHandler } from 'aws-lambda';
 import getAllGenre from '@models/Genre/getAll';
 import { mountSuccessResponse, serverErrorResponse } from '@utils/api/apiResponses';
 import { DEFAULT_CONTENTFUL_LIMIT } from '@utils/contentful';
+import { withAuthorization } from '@utils/api/withAuthorization';
 
-export const handler: APIGatewayProxyHandler = async (event) => {
+export const handler: APIGatewayProxyHandler = withAuthorization(async (event) => {
 	const { page: queryStringPage = '', limit: queryStringLimit = '' } =
 		event?.queryStringParameters || {};
 
@@ -25,4 +26,4 @@ export const handler: APIGatewayProxyHandler = async (event) => {
 	} catch (err) {
 		return serverErrorResponse;
 	}
-};
+});

src/handlers/movies/getMovieTitles.ts

@@ -2,8 +2,9 @@ import { APIGatewayProxyHandler } from 'aws-lambda';
 import getAllMovies from '@models/Movie/getAll';
 import { mountSuccessResponse, serverErrorResponse } from '@utils/api/apiResponses';
 import { DEFAULT_CONTENTFUL_LIMIT } from '@utils/contentful';
+import { withAuthorization } from '@utils/api/withAuthorization';
 
-export const handler: APIGatewayProxyHandler = async (event) => {
+export const handler: APIGatewayProxyHandler = withAuthorization(async (event) => {
 	const { page: queryStringPage = '', limit: queryStringLimit = '' } =
 		event?.queryStringParameters || {};
 
@@ -25,4 +26,4 @@ export const handler: APIGatewayProxyHandler = async (event) => {
 	} catch (err) {
 		return serverErrorResponse;
 	}
-};
+});

src/handlers/movies/getMovies.ts

@@ -10,6 +10,7 @@ import {
 	notFoundResponse,
 	serverErrorResponse,
 } from '@utils/api/apiResponses';
+import { withAuthorization } from '@utils/api/withAuthorization';
 
 type SearchFilters = {
 	page?: number;
@@ -19,7 +20,7 @@ type SearchFilters = {
 	include?: ContentfulIncludeOptions;
 };
 
-export const handler: APIGatewayProxyHandler = async (event) => {
+export const handler: APIGatewayProxyHandler = withAuthorization(async (event) => {
 	try {
 		const searchFilters: {
 			page?: number;
@@ -72,7 +73,7 @@ export const handler: APIGatewayProxyHandler = async (event) => {
 		console.error('Error fetching movies:', error);
 		return serverErrorResponse;
 	}
-};
+});
 
 export async function fetchMoviesByGenre(searchFilters: SearchFilters) {
 	if (!searchFilters.genre) {

src/handlers/movies/movieById.ts

@@ -7,8 +7,9 @@ import {
 import getMovieById from '@models/Movie/getById';
 import { CONTENTFUL_INCLUDE } from '@customTypes/contentful';
 import { isCustomContentfulError } from '@utils/api/utils';
+import { withAuthorization } from '@utils/api/withAuthorization';
 
-export const handler: APIGatewayProxyHandler = async (event) => {
+export const handler: APIGatewayProxyHandler = withAuthorization(async (event) => {
 	const movieId = event?.pathParameters?.id;
 
 	if (!movieId) {
@@ -38,4 +39,4 @@ export const handler: APIGatewayProxyHandler = async (event) => {
 
 		return serverErrorResponse;
 	}
-};
+});

src/utils/api/apiAuth.ts

@@ -1,4 +1,5 @@
 // Genereated from https://jwt.io/
+
 export const authorizedJWTs = [
 	'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJvcGVuSnd0MCIsIm5hbWUiOiJPcGVuSldUWzBdIn0.49JQF4ICJeqxpiIZ9x748VVOHj6FElyRm1tNpFGqaUY',
 	'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJvcGVuSnd0MSIsIm5hbWUiOiJPcGVuSldUWzFdIn0.n8x8GHYe8RQYKkAoMVMlw9-FMZ57bs0HrwxBeJn3hQM',
@@ -8,10 +9,12 @@ export const authorizedJWTs = [
 ];
 
 export function isTokenValid(token: string) {
-	if (!token) {
+	if (!token || !token.startsWith('Bearer ')) {
 		return false;
 	}
-	return authorizedJWTs.includes(token);
+	const tokenValue = token.substring(7);
+
+	return authorizedJWTs.includes(tokenValue);
 }
 
 export function getRandomValidToken(): string {

src/utils/api/apiResponses.ts

@@ -20,3 +20,18 @@ export const mountSuccessResponse = (bodyObject: object): APIGatewayProxyResult
 		body: JSON.stringify(bodyObject),
 	};
 };
+
+export const unauthorizedResponse: APIGatewayProxyResult = {
+	statusCode: 401,
+	body: JSON.stringify({ message: 'No auth token provided.' }),
+};
+
+export const forbiddenResponse: APIGatewayProxyResult = {
+	statusCode: 403,
+	body: JSON.stringify({ message: 'You do not have permission to access this resource' }),
+};
+
+export const noContentResponse: APIGatewayProxyResult = {
+	statusCode: 204,
+	body: JSON.stringify({ message: 'No content' }),
+};

src/utils/api/withAuthorization.ts

@@ -0,0 +1,40 @@
+import {
+	APIGatewayProxyEvent,
+	APIGatewayProxyHandler,
+	APIGatewayProxyResult,
+	Callback,
+	Context,
+} from 'aws-lambda';
+import { isTokenValid } from '@utils/api/apiAuth';
+import {
+	forbiddenResponse,
+	noContentResponse,
+	unauthorizedResponse,
+} from '@utils/api/apiResponses';
+
+export function withAuthorization(handler: APIGatewayProxyHandler): APIGatewayProxyHandler {
+	return async (
+		event: APIGatewayProxyEvent,
+		context: Context,
+		callback: Callback<APIGatewayProxyResult>
+	): Promise<APIGatewayProxyResult> => {
+		const authorization = event.headers?.['authorization'] || '';
+
+		if (!authorization) {
+			return unauthorizedResponse;
+		}
+
+		if (!isTokenValid(authorization)) {
+			return forbiddenResponse;
+		}
+
+		const result = await handler(event, context, callback);
+
+		// Provide a default response if the handler returns void
+		if (result === undefined) {
+			return noContentResponse;
+		}
+
+		return result;
+	};
+}