我按照https://serverless-stack.com的教程创建了“事件” API。管理员创建一个事件,然后可以将属性设置为“已发布”,以允许访客查看这些事件。
这很好用,我有后端设置。现在,我需要创建一个前端日历,以获取所有published: true事件。我创建了一个名为getPublished的服务,该服务将获取已发布的事件。
我希望允许来宾/未经身份验证的用户访问此服务,同时要求对所有其他路由进行身份验证(除了listPublished-但我可以在弄清楚getPublished时知道这一点)。
service: events-app-api
# Use the serverless-webpack plugin to transpile ES6
plugins:
- serverless-webpack
- serverless-offline
# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
provider:
name: aws
runtime: nodejs8.10
stage: prod
region: us-east-1
# 'iamRoleStatements' defines the permission policy for the Lambda function.
# In this case Lambda functions are granted with permissions to access DynamoDB.
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-1:*:*"
functions:
# Defines an HTTP API endpoint that calls the main function in create.js
# - path: url path is /events
# - method: POST request
# - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
# domain api call
# - authorizer: authenticate using the AWS IAM role
create:
handler: create.main
events:
- http:
path: events
method: post
cors: true
authorizer: aws_iam
get:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /events/{id}
# - method: GET request
handler: get.main
events:
- http:
path: events/{id}
method: get
cors: true
authorizer: aws_iam
getPublic:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /events/{id}
# - method: GET request
handler: getPublic.main
events:
- http:
path: public/events/{id}
method: get
cors: true
list:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /events
# - method: GET request
handler: list.main
events:
- http:
path: events
method: get
cors: true
authorizer: aws_iam
listPublic:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /events
# - method: GET request
handler: listPublic.main
events:
- http:
path: public/events
method: get
cors: true
update:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /events/{id}
# - method: PUT request
handler: update.main
events:
- http:
path: events/{id}
method: put
cors: true
authorizer: aws_iam
delete:
# Defines an HTTP API endpoint that calls the main function in delete.js
# - path: url path is /events/{id}
# - method: DELETE request
handler: delete.main
events:
- http:
path: events/{id}
method: delete
cors: true
authorizer: aws_iam
# Create our resources with separate CloudFormation templates
resources:
# API Gateway Errors
- ${file(resources/api-gateway-errors.yml)}
答案 0 :(得分:1)
在无服务器框架中定义服务时,请在serverless.yml文件中指定其行为,例如(from their Get Note chapter):
get:
handler: get.main
events:
- http:
path: notes/{id}
method: get
cors: true
authorizer: aws_iam
第authorizer: aws_iam行是用于配置lambda函数以使用授权者(在这种情况下,是IAM角色)的东西。
如果删除此行,则将在没有授权者的情况下部署函数。没有授权者的功能可以被任何人调用。
此配置特定于每个功能,因此您可以从一个规范中删除authorizer,而留给另一个规范。
然后,就您而言(没有代码,我只是在猜测),您需要做的就是从authorizer的规范中删除getPublished行。