Question

在下面的swagger文件中，我为aws api-gateway定义了一个api。 api已使用IAM进行保护，因此只有授权用户才能访问它。 api还使用http-proxy定义，以便它可以位于express应用程序前面，而不必在swagger文件中单独定义每个资源。这样我可以开发我的快递应用程序，如果不在aws上运行，然后只需将其移植到aws（tutorial on how to）！但是，我现在需要允许所有GET方法的访问权限不安全，并且只对所有其他方法具有sigv4安全性定义。当前设置为api-gateway + express？

是否可行

---
swagger: 2.0
info:
  title: ServerlessExpress
basePath: /internal
schemes:
- https
paths:
  /:
    x-amazon-apigateway-any-method:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    options:
      consumes:
      - application/json
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
          headers:
            Access-Control-Allow-Origin:
              type: string
            Access-Control-Allow-Methods:
              type: string
            Access-Control-Allow-Headers:
              type: string
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
            responseParameters:
              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
              method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
              method.response.header.Access-Control-Allow-Origin: "'*'"
        passthroughBehavior: when_no_match
        requestTemplates:
          application/json: "{\"statusCode\": 200}"
        type: mock
  /{proxy+}:
    x-amazon-apigateway-any-method:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    options:
      consumes:
      - application/json
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
          headers:
            Access-Control-Allow-Origin:
              type: string
            Access-Control-Allow-Methods:
              type: string
            Access-Control-Allow-Headers:
              type: string
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
            responseParameters:
              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
              method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
              method.response.header.Access-Control-Allow-Origin: "'*'"
        passthroughBehavior: when_no_match
        requestTemplates:
          application/json: "{\"statusCode\": 200}"
        type: mock
securityDefinitions:
  sigv4:
    type: "apiKey"
    name: "Authorization"
    in: "header"
    x-amazon-apigateway-authtype: "awsSigv4"
definitions:
  Empty:
    type: object
    title: Empty Schema

Answer 1

所以我决定在这里回答我自己的问题！它的方式比我想象的要简单......但是swagger的定义有点重复，以后在api中开发新资源时节省了时间。

---
swagger: 2.0
info:
  title: YOUR_API_GATEWAY_NAME
basePath: /YOUR_API_GATEWAY_STAGE
schemes:
- https
paths:
  /:
    get:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    post:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    patch:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    put:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    delete:
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        uri: <my uri>
        passthroughBehavior: when_no_match
        httpMethod: POST
        type: aws_proxy
    options:
      consumes:
      - application/json
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
          headers:
            Access-Control-Allow-Origin:
              type: string
            Access-Control-Allow-Methods:
              type: string
            Access-Control-Allow-Headers:
              type: string
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
            responseParameters:
              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'"
              method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'"
              method.response.header.Access-Control-Allow-Origin: "'*'"
        passthroughBehavior: when_no_match
        requestTemplates:
          application/json: "{\"statusCode\": 200}"
        type: mock
  /{proxy+}:
    get:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    post:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    put:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    patch:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    delete:
      produces:
      - application/json
      parameters:
      - name: proxy
        in: path
        required: true
        type: string
      responses: {}
      security:
        - sigv4: []
      x-amazon-apigateway-integration:
        uri: <my uri>
        httpMethod: POST
        type: aws_proxy
    options:
      consumes:
      - application/json
      produces:
      - application/json
      responses:
        200:
          description: 200 response
          schema:
            $ref: "#/definitions/Empty"
          headers:
            Access-Control-Allow-Origin:
              type: string
            Access-Control-Allow-Methods:
              type: string
            Access-Control-Allow-Headers:
              type: string
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
            responseParameters:
              method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'"
              method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'"
              method.response.header.Access-Control-Allow-Origin: "'*'"
        passthroughBehavior: when_no_match
        requestTemplates:
          application/json: "{\"statusCode\": 200}"
        type: mock
securityDefinitions:
  sigv4:
    type: "apiKey"
    name: "Authorization"
    in: "header"
    x-amazon-apigateway-authtype: "awsSigv4"
definitions:
  Empty:
    type: object
    title: Empty Schema

api-gateway - http代理 - 为特定资源添加sigv4安全性

1 个答案: