Skip to content
/ mail-authorizer Public

API that uses a custom AWS Lambda as authorizer for other Lambdas. It uses a TOTP code sent to users' email to generate a JWT that allow them to get a signed URL for a given file.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DiegoVictor/mail-authorizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

204 Commits
scripts
scripts
 
 
src
src
 
 
tests/unit
tests/unit
 
 
.editorconfig
.editorconfig
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
.prettierignore
.prettierignore
 
 
LICENSE
LICENSE
 
 
Mail Authorizer.postman_collection.json
Mail Authorizer.postman_collection.json
 
 
MailAuthorizer.drawio
MailAuthorizer.drawio
 
 
MailAuthorizer.drawio.png
MailAuthorizer.drawio.png
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 
babel.config.js
babel.config.js
 
 
docker-compose.yml
docker-compose.yml
 
 
jest.config.ts
jest.config.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
prettier.config.js
prettier.config.js
 
 
serverless.ts
serverless.ts
 
 
swagger.json
swagger.json
 
 
tsconfig.json
tsconfig.json
 
 
tsconfig.paths.json
tsconfig.paths.json
 
 

Repository files navigation

Mail Authorizer

AppVeyor dynamodb serverless typescript babel jest coverage MIT License PRs Welcome

It allows users to authenticate using email address and an OTP code sent through email message and once authenticated you can download files content and upload new files. It also has a trigger for new uploaded files that adds the file to AWS DynamoDB and make it is listed in the endpoints. CloudFront was used to caching files.

Infrastructure Diagram

Table of Contents

Requirements

Install

npm install

Or:

yarn

.env

Rename the .env.example in the root directory to .env then update it with your settings.

key description
TOTP_KEY An alphanumeric random string. Seed used to generate OTP codes. Base32 string, ie. only containing characters matching (A-Z, 2-7, =).
JWT_SECRET An alphanumeric random string. Used to create signed tokens.
NOREPLY_EMAIL_ADDRESS Email address used to send the OTP code email message.
REGION AWS Region.

Usage

First you will need to generate public and private keys for CloudFront Distribution:

openssl genpkey -algorithm RSA -out private_key.pem
openssl rsa -pubout -in private_key.pem -out public_key.pem

Once the files exist they will be included into the package by serverless.ts configuration file during deployment too.

Now we need to spin up localstack container and create the needed resources using localstack.sh script:

docker-compose up -d
docker-compose exec -it localstack sh -c "/var/lib/localstack/scripts/localstack.sh"

Or you can access the container and run sh /var/lib/localstack/scripts/localstack.sh.

Now start the server:

yarn dev:server

Or:

npm run dev:server

Routes

route HTTP Method params description authentication
/files GET cursorId query parameter. List files. -
/files/:id/signed-url GET id of a file. Generate a signed URL to download file content. Required
/files POST Body with title and filename. Generate presigned URL to upload file. Required
/auth POST Body with email. Send OTP code to the provided email address. -
/auth POST Body with email and otp. Authenticate user and generate JWT token. -

Requests

  • POST /files

Request body:

{
    "title": "Lorem Ipsum",
    "filename": "sample.mp4"
}
  • POST /auth

Request body:

{
    "email": "johndoe@example.com"
}
{
    "email": "johndoe@example.com",
    "otp": "111065"
}

Deploy

Actually you are ready to deploy:

sls deploy

Running the tests

Jest was the choice to test the app, to run:

$ yarn test

Or:

$ npm run test

Run the command in the root folder

Coverage report

You can see the coverage report inside tests/coverage. They are automatically created after the tests run.

About

API that uses a custom AWS Lambda as authorizer for other Lambdas. It uses a TOTP code sent to users' email to generate a JWT that allow them to get a signed URL for a given file.

Topics

nodejs javascript aws jwt node typescript js serverless dynamodb s3 ts ses authorization totp serverless-framework cloudfront authorizer mail-authorizer

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages