feat(dbAuth): Refactor dbAuthHandler to support WebAPI Request events

packages/api/src/__tests__/normalizeRequest.test.ts

@@ -3,7 +3,7 @@ import type { APIGatewayProxyEvent } from 'aws-lambda'
 
 import { normalizeRequest } from '../transforms'
 
-export const createMockedEvent = (
+export const createMockedLambdaEvent = (
   httpMethod = 'POST',
   body: any = undefined,
   isBase64Encoded = false
@@ -53,41 +53,108 @@ export const createMockedEvent = (
   }
 }
 
-test('Normalizes an aws event with base64', () => {
-  const corsEventB64 = createMockedEvent(
-    'POST',
-    Buffer.from(JSON.stringify({ bazinga: 'hello_world' }), 'utf8').toString(
-      'base64'
-    ),
-    true
-  )
-
-  expect(normalizeRequest(corsEventB64)).toEqual({
-    headers: new Headers(corsEventB64.headers),
-    method: 'POST',
-    query: null,
-    body: {
-      bazinga: 'hello_world',
-    },
+describe('Lambda Request', () => {
+  it('Normalizes an aws event with base64', async () => {
+    const corsEventB64 = createMockedLambdaEvent(
+      'POST',
+      Buffer.from(JSON.stringify({ bazinga: 'hello_world' }), 'utf8').toString(
+        'base64'
+      ),
+      true
+    )
+
+    expect(await normalizeRequest(corsEventB64)).toEqual({
+      headers: new Headers(corsEventB64.headers as Record<string, string>),
+      method: 'POST',
+      query: null,
+      jsonBody: {
+        bazinga: 'hello_world',
+      },
+    })
+  })
+
+  it('Handles CORS requests with and without b64 encoded', async () => {
+    const corsEventB64 = createMockedLambdaEvent('OPTIONS', undefined, true)
+
+    expect(await normalizeRequest(corsEventB64)).toEqual({
+      headers: new Headers(corsEventB64.headers as Record<string, string>), // headers returned as symbol
+      method: 'OPTIONS',
+      query: null,
+      jsonBody: {},
+    })
+
+    const corsEventWithoutB64 = createMockedLambdaEvent(
+      'OPTIONS',
+      undefined,
+      false
+    )
+
+    expect(await normalizeRequest(corsEventWithoutB64)).toEqual({
+      headers: new Headers(corsEventB64.headers as Record<string, string>), // headers returned as symbol
+      method: 'OPTIONS',
+      query: null,
+      jsonBody: {},
+    })
   })
 })
 
-test('Handles CORS requests with and without b64 encoded', () => {
-  const corsEventB64 = createMockedEvent('OPTIONS', undefined, true)
+describe('Fetch API Request', () => {
+  it('Normalizes a fetch event', async () => {
+    const fetchEvent = new Request(
+      'http://localhost:9210/graphql?whatsup=doc&its=bugs',
+      {
+        method: 'POST',
+        headers: {
+          'content-type': 'application/json',
+        },
+        body: JSON.stringify({ bazinga: 'kittens_purr_purr' }),
+      }
+    )
 
-  expect(normalizeRequest(corsEventB64)).toEqual({
-    headers: new Headers(corsEventB64.headers), // headers returned as symbol
-    method: 'OPTIONS',
-    query: null,
-    body: undefined,
+    const partial = await normalizeRequest(fetchEvent)
+
+    expect(partial).toMatchObject({
+      // headers: fetchEvent.headers,
+      method: 'POST',
+      query: {
+        whatsup: 'doc',
+        its: 'bugs',
+      },
+      jsonBody: {
+        bazinga: 'kittens_purr_purr',
+      },
+    })
+
+    expect(partial.headers.get('content-type')).toEqual('application/json')
   })
 
-  const corsEventWithoutB64 = createMockedEvent('OPTIONS', undefined, false)
+  it('Handles an empty body', async () => {
+    const headers = {
+      'content-type': 'application/json',
+      'x-custom-header': 'bazinga',
+    }
+
+    const fetchEvent = new Request(
+      'http://localhost:9210/graphql?whatsup=doc&its=bugs',
+      {
+        method: 'PUT',
+        headers,
+        body: '',
+      }
+    )
+
+    const partial = await normalizeRequest(fetchEvent)
+
+    expect(partial).toMatchObject({
+      method: 'PUT',
+      query: {
+        whatsup: 'doc',
+        its: 'bugs',
+      },
+      jsonBody: {}, // @NOTE empty body is {} not undefined
+    })
 
-  expect(normalizeRequest(corsEventWithoutB64)).toEqual({
-    headers: new Headers(corsEventB64.headers), // headers returned as symbol
-    method: 'OPTIONS',
-    query: null,
-    body: undefined,
+    expect(partial.headers.get('content-type')).toEqual(headers['content-type'])
+    expect(partial.headers.get('x-custom-header')).toEqual('bazinga')
   })
 })

packages/api/src/auth/index.ts

@@ -2,18 +2,22 @@ export * from './parseJWT'
 
 import type { APIGatewayProxyEvent, Context as LambdaContext } from 'aws-lambda'
 
+import { getEventHeader } from '../event'
+
 import type { Decoded } from './parseJWT'
 export type { Decoded }
 
 // This is shared by `@redwoodjs/web`
 const AUTH_PROVIDER_HEADER = 'auth-provider'
 
-export const getAuthProviderHeader = (event: APIGatewayProxyEvent) => {
+export const getAuthProviderHeader = (
+  event: APIGatewayProxyEvent | Request
+) => {
   const authProviderKey = Object.keys(event?.headers ?? {}).find(
     (key) => key.toLowerCase() === AUTH_PROVIDER_HEADER
   )
   if (authProviderKey) {
-    return event?.headers[authProviderKey]
+    return getEventHeader(event, authProviderKey)
   }
   return undefined
 }
@@ -27,11 +31,9 @@ export interface AuthorizationHeader {
  * Split the `Authorization` header into a schema and token part.
  */
 export const parseAuthorizationHeader = (
-  event: APIGatewayProxyEvent
+  event: APIGatewayProxyEvent | Request
 ): AuthorizationHeader => {
-  const parts = (
-    event.headers?.authorization || event.headers?.Authorization
-  )?.split(' ')
+  const parts = getEventHeader(event, 'authorization')?.split(' ')
   if (parts?.length !== 2) {
     throw new Error('The `Authorization` header is not valid.')
   }
@@ -42,16 +44,24 @@ export const parseAuthorizationHeader = (
   return { schema, token }
 }
 
+/** @MARK Note that we do not send LambdaContext when making fetch requests
+ *
+ * This part is incomplete, as we need to decide how we will make the breaking change to
+ * 1. getCurrentUser
+ * 2. authDecoders
+
+ */
+
 export type AuthContextPayload = [
   Decoded,
   { type: string } & AuthorizationHeader,
-  { event: APIGatewayProxyEvent; context: LambdaContext }
+  { event: APIGatewayProxyEvent | Request; context: LambdaContext }
 ]
 
 export type Decoder = (
   token: string,
   type: string,
-  req: { event: APIGatewayProxyEvent; context: LambdaContext }
+  req: { event: APIGatewayProxyEvent | Request; context: LambdaContext }
 ) => Promise<Decoded>
 
 /**
@@ -64,7 +74,7 @@ export const getAuthenticationContext = async ({
   context,
 }: {
   authDecoder?: Decoder | Decoder[]
-  event: APIGatewayProxyEvent
+  event: APIGatewayProxyEvent | Request
   context: LambdaContext
 }): Promise<undefined | AuthContextPayload> => {
   const type = getAuthProviderHeader(event)
@@ -89,7 +99,12 @@ export const getAuthenticationContext = async ({
 
   let i = 0
   while (!decoded && i < authDecoders.length) {
-    decoded = await authDecoders[i](token, type, { event, context })
+    decoded = await authDecoders[i](token, type, {
+      // @TODO: We will need to make a breaking change to support `Request` objects.
+      // We can remove this typecast
+      event: event,
+      context,
+    })
     i++
   }
 

packages/api/src/cors.ts

@@ -1,6 +1,6 @@
 import { Headers } from '@whatwg-node/fetch'
 
-import type { Request } from './transforms'
+import type { PartialRequest } from './transforms'
 
 export type CorsConfig = {
   origin?: boolean | string | string[]
@@ -59,10 +59,10 @@ export function createCorsContext(cors: CorsConfig | undefined) {
   }
 
   return {
-    shouldHandleCors(request: Request) {
+    shouldHandleCors(request: PartialRequest) {
       return request.method === 'OPTIONS'
     },
-    getRequestHeaders(request: Request): CorsHeaders {
+    getRequestHeaders(request: PartialRequest): CorsHeaders {
       const eventHeaders = new Headers(request.headers as HeadersInit)
       const requestCorsHeaders = new Headers(corsHeaders)
 

packages/api/src/event.ts

@@ -0,0 +1,15 @@
+import type { APIGatewayProxyEvent } from 'aws-lambda'
+
+import { isFetchApiRequest } from './transforms'
+
+// Extracts the header from an event, handling lower and upper case header names.
+export const getEventHeader = (
+  event: APIGatewayProxyEvent | Request,
+  headerName: string
+) => {
+  if (isFetchApiRequest(event)) {
+    return event.headers.get(headerName)
+  }
+
+  return event.headers[headerName] || event.headers[headerName.toLowerCase()]
+}

packages/api/src/index.ts

@@ -7,6 +7,7 @@ export * from './types'
 
 export * from './transforms'
 export * from './cors'
+export * from './event'
 
 // @NOTE: use require, to avoid messing around with tsconfig and nested output dirs
 const packageJson = require('../package.json')

packages/api/src/transforms.ts

@@ -1,10 +1,11 @@
-import { Headers } from '@whatwg-node/fetch'
+import { Headers, Request as PonyfillRequest } from '@whatwg-node/fetch'
 import type { APIGatewayProxyEvent } from 'aws-lambda'
 
-// This is the same interface used by GraphQL Yoga
-// But not importing here to avoid adding a dependency
-export interface Request {
-  body?: any
+// This is part of the request, dreived either from a LambdaEvent or FetchAPI Request
+// We do this to keep the API consistent between the two
+// When we support only the FetchAPI request, we should remove this
+export interface PartialRequest<TBody = Record<string, any>> {
+  jsonBody: TBody
   headers: Headers
   method: string
   query: any
@@ -13,9 +14,9 @@ export interface Request {
 /**
  * Extracts and parses body payload from event with base64 encoding check
  */
-export const parseEventBody = (event: APIGatewayProxyEvent) => {
+export const parseLambdaEventBody = (event: APIGatewayProxyEvent) => {
   if (!event.body) {
-    return
+    return {}
   }
 
   if (event.isBase64Encoded) {
@@ -25,14 +26,78 @@ export const parseEventBody = (event: APIGatewayProxyEvent) => {
   }
 }
 
-export function normalizeRequest(event: APIGatewayProxyEvent): Request {
-  const body = parseEventBody(event)
+/**
+ * Extracts and parses body payload from Fetch Request
+ * with check for empty body
+ *
+ * NOTE: whatwg/server expects that you will decode the base64 body yourself
+ * see readme here: https://github.com/ardatan/whatwg-node/tree/master/packages/server#aws-lambda
+ */
+export const parseFetchEventBody = async (event: Request) => {
+  if (!event.body) {
+    return {}
+  }
+
+  const body = await event.text()
+
+  return body ? JSON.parse(body) : {}
+}
+
+export const isFetchApiRequest = (
+  event: Request | APIGatewayProxyEvent
+): event is Request => {
+  if (
+    event.constructor.name === 'Request' ||
+    event.constructor.name === PonyfillRequest.name
+  ) {
+    return true
+  }
+
+  // Also do an extra check on type of headers
+  if (Symbol.iterator in Object(event.headers)) {
+    return true
+  }
+
+  return false
+}
+
+function getQueryStringParams(reqUrl: string) {
+  const url = new URL(reqUrl)
+  const params = new URLSearchParams(url.search)
+
+  const paramObject: Record<string, string> = {}
+  for (const entry of params.entries()) {
+    paramObject[entry[0]] = entry[1] // each 'entry' is a [key, value] tuple
+  }
+  return paramObject
+}
+
+/**
+ *
+ * This function returns a an object that lets you access _some_ of the request properties in a consistent way
+ * You can give it either a LambdaEvent or a Fetch API Request
+ *
+ * NOTE: It does NOT return a full Request object!
+ */
+export async function normalizeRequest(
+  event: APIGatewayProxyEvent | Request
+): Promise<PartialRequest> {
+  if (isFetchApiRequest(event)) {
+    return {
+      headers: event.headers,
+      method: event.method,
+      query: getQueryStringParams(event.url),
+      jsonBody: await parseFetchEventBody(event),
+    }
+  }
+
+  const jsonBody = parseLambdaEventBody(event)
 
   return {
     headers: new Headers(event.headers as Record<string, string>),
     method: event.httpMethod,
     query: event.queryStringParameters,
-    body,
+    jsonBody,
   }
 }