无服务器响应中的自定义错误消息

时间:2021-03-04 13:00:37

标签: node.js amazon-web-services aws-serverless

我正在使用 node js serverless v2 框架。我已经知道回调只接受 Allow、Deny 和 Unauthorized 作为参数。我正在使用自定义授权器进行资源保护。我需要在无法实现的回调中发送自定义错误消息。以下是我尝试过但失败的方法列表

一段代码

if (!response.data) {
    return callback(null, generateAuthResponse(decoded.id, 'Deny', methodArn));
}
if (response.data && response.data.status === 'active') {
    return callback(null, generateAuthResponse(decoded.id, 'Allow', methodArn));
}
if (response.data && response.data.status == 'inactive') {
    return callback(null, generateAuthResponse(decoded.id, 'Deny', methodArn));
}

我想发送自定义错误消息,而不是 return callback(null, generateAuthResponse(decoded.id, 'Deny', methodArn)); 拒绝。

#1

return callback(null, "Session expired");

#2

return callback(null, {
            statusCode: 403,
            headers: {
                'Content-Type': 'application/json',
                'Access-Control-Allow-Headers': 'Content-Type',
                'Access-Control-Allow-Origin': '*',
                'Access-Control-Allow-Methods': 'OPTIONS,POST,GET',
                'Access-Control-Allow-Credentials': true,
            },
            body: JSON.stringify({
                error: error
            })
        });

#3

return {
                statusCode: 403,
                headers: {
                    'Content-Type': 'application/json',
                    'Access-Control-Allow-Headers': 'Content-Type',
                    'Access-Control-Allow-Origin': '*',
                    'Access-Control-Allow-Methods': 'OPTIONS,POST,GET',
                    'Access-Control-Allow-Credentials': true,
                },
                body: JSON.stringify({
                    error: error
                })
            }

#4

throw Error('Session expired')

所有人要么用 x-amzn-errortype: AuthorizerConfigurationException 抛出 cors 错误,要么拒绝(调用错误)。有没有办法发送自定义错误响应?

2 个答案:

答案 0 :(得分:2)

很可能是语法错误。

试试这个:

    let response_object = {
        statusCode: 200,
        headers: {
            "Access-Control-Allow-Headers" : "Content-Type",
            "Access-Control-Allow-Origin": "*",
            "Access-Control-Allow-Methods": "OPTIONS,POST,GET"
        },
        body: JSON.stringify("Some Custom Error")
    };
    return response_object;

答案 1 :(得分:1)

使用 ACCESS_DENIEDResponseTemplates 响应创建和设置资源。

无服务器.yml

...
resources:
  Resources:
    DenyFailureGatewayResponse:
      Type: 'AWS::ApiGateway::GatewayResponse'
      Properties:
        ResponseParameters:
          # Config your header response
          gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
          gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
        ResponseTemplates:
            # Custom response object
            application/json: |
              {
                "success":false,
                "message":"$context.authorizer.errorMessage"
              }
        # Setup only for ACCESS_DENIED type
        ResponseType: ACCESS_DENIED
        RestApiId:
          Ref: 'ApiGatewayRestApi'
        StatusCode: '403'
...

如果您需要自定义消息,请在您的 generateAuthResponse 函数中更新您的 authResponse 对象。

const generateAuthResponse = (principalId, effect, resource, errorMessage = null) => { // I guest function will look like that
  // ... do something

  // before return, let custom your error message
  if(effect.toLowerCase() === 'deny' && errorMessage !== null){
    authResponse.context = {
      // Key to map with $context.authorizer.errorMessage
      "errorMessage": errorMessage ,
    };
  }

  return authResponse;
}
相关问题
最新问题