使用 Cognito 的未经身份验证和经过身份验证的 API

Question

我按照 https://serverless-stack.com 上的教程创建了一个 "events" API。管理员创建一个活动，然后可以将 属性 设置为 "published" 以允许访客查看这些活动。

这很好用，我有后端设置。现在我需要创建一个前端日历来获取所有 published: true 事件。我创建了一个名为 getPublished 的服务，它将获取已发布的事件。

我想允许 guest/unauthenticated 访问此服务，同时要求对所有其他路由进行身份验证（除了 listPublished - 但我可以在弄清楚 getPublished 时弄清楚）。

service: events-app-api

# Use the serverless-webpack plugin to transpile ES6
plugins:
  - serverless-webpack
  - serverless-offline

# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
  webpack:
    webpackConfig: ./webpack.config.js
    includeModules: true

provider:
  name: aws
  runtime: nodejs8.10
  stage: prod
  region: us-east-1

  # 'iamRoleStatements' defines the permission policy for the Lambda function.
  # In this case Lambda functions are granted with permissions to access DynamoDB.
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:us-east-1:*:*"

functions:
  # Defines an HTTP API endpoint that calls the main function in create.js
  # - path: url path is /events
  # - method: POST request
  # - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
  #     domain api call
  # - authorizer: authenticate using the AWS IAM role
  create:
    handler: create.main
    events:
      - http:
          path: events
          method: post
          cors: true
          authorizer: aws_iam

  get:
    # Defines an HTTP API endpoint that calls the main function in get.js
    # - path: url path is /events/{id}
    # - method: GET request
    handler: get.main
    events:
      - http:
          path: events/{id}
          method: get
          cors: true
          authorizer: aws_iam

  getPublic:
    # Defines an HTTP API endpoint that calls the main function in get.js
    # - path: url path is /events/{id}
    # - method: GET request
    handler: getPublic.main
    events:
      - http:
          path: public/events/{id}
          method: get
          cors: true

  list:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /events
    # - method: GET request
    handler: list.main
    events:
      - http:
          path: events
          method: get
          cors: true
          authorizer: aws_iam

  listPublic:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /events
    # - method: GET request
    handler: listPublic.main
    events:
      - http:
          path: public/events
          method: get
          cors: true

  update:
    # Defines an HTTP API endpoint that calls the main function in update.js
    # - path: url path is /events/{id}
    # - method: PUT request
    handler: update.main
    events:
      - http:
          path: events/{id}
          method: put
          cors: true
          authorizer: aws_iam

  delete:
    # Defines an HTTP API endpoint that calls the main function in delete.js
    # - path: url path is /events/{id}
    # - method: DELETE request
    handler: delete.main
    events:
      - http:
          path: events/{id}
          method: delete
          cors: true
          authorizer: aws_iam

# Create our resources with separate CloudFormation templates
resources:
  # API Gateway Errors
  - ${file(resources/api-gateway-errors.yml)}

Answer 1

当您在无服务器框架中定义服务时，您在 serverless.yml 文件中指定其行为，例如 (from their Get Note chapter):

  get:
    handler: get.main
    events:
      - http:
          path: notes/{id}
          method: get
          cors: true
          authorizer: aws_iam

行 authorizer: aws_iam 是配置您的 lambda 函数以使用授权者（在这种情况下，是 IAM 角色）。

如果删除此行，您将在没有授权人的情况下部署函数。任何人都可以调用没有授权人的功能。

此配置特定于每个功能，因此您可以从一个规范中删除 authorizer，并将其保留在另一个规范中。

在你的情况下（我只是猜测没有代码），你需要做的就是从 getPublished.

的规范中删除 authorizer 行