为什么 API 网关的方法请求不阻止此测试输入?
Why does API Gateway's Method Request not block this test input?
我有一个带有 OPTIONS 和 POST 方法的 API 网关,其中 POST 方法具有以下方法请求模型(内容类型为“application/json "):
{
"$schema" : "http://json-schema.org/draft-04/schema#",
"title" : "Basic User Request Schema",
"type" : "object",
"properties" : {
"email" : { "type" : "string" },
"id" : { "type" : "string" },
"age" : { "type" : "string" },
"count" : { "type" : "string" },
"recaptcha" : { "type" : "string" }
},
"required": [ "email", "id", "age", "count", "recaptcha" ]
}
然后我 运行 POST 方法的“测试”具有以下请求正文(所有其他字段为空):
{
"id": "Confused"
}
但是,尽管缺少多个必填字段,但测试允许此输入一直到后端 lambda。 为什么这个输入没有被方法请求拒绝?
这是日志输出:
Execution log for request HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : Starting execution for request: HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : HTTP Method: POST, Resource Path: HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : Method request path: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request query string: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request headers: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request body before transformations: {
"id": "Confused"
}
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request URI: https://lambda.HIDING_THIS_INFO/2015-03-31/functions/arn:aws:lambda:HIDING_THIS_INFO:function:HIDING_THIS_INFO/invocations
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request headers: {X-Amz-Date=20210324T174028Z, x-amzn-apigateway-api-id=HIDING_THIS_INFO, Accept=application/json, User-Agent=AmazonAPIGateway_HIDING_THIS_INFO, Host=lambda.HIDING_THIS_INFO.amazonaws.com, X-Amz-Content-Sha256=HIDING_THIS_INFO, X-Amzn-Trace-Id=Root=HIDING_THIS_INFO, x-amzn-lambda-integration-tag=HIDING_THIS_INFO, Authorization=*************************************************************************************************************************************************************************************************************************************************************************************************************************************************c2e0e4, X-Amz-Source-Arn=arn:aws:execute-api:HIDING_THIS_INFO/test-invoke-stage/POST/HIDING_THIS_INFO, X-Amz-Invocation-Type=Event, X-Amz-Security-Token=HIDING_THIS_INFO [TRUNCATED]
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request body after transformations: {
"id": "Confused"
}
Wed Mar 24 17:40:28 UTC 2021 : Sending request to https://lambda.HIDING_THIS_INFO.amazonaws.com/2015-03-31/functions/arn:aws:lambda:HIDING_THIS_INFO:function:HIDING_THIS_INFO/invocations
Wed Mar 24 17:40:28 UTC 2021 : Received response. Status: 202, Integration latency: 28 ms
Wed Mar 24 17:40:28 UTC 2021 : Endpoint response headers: {Date=Wed, 24 Mar 2021 17:40:28 GMT, Content-Length=0, Connection=keep-alive, x-amzn-RequestId=HIDING_THIS_INFO, x-amzn-Remapped-Content-Length=0, X-Amzn-Trace-Id=root=HIDING_THIS_INFO;sampled=0}
Wed Mar 24 17:40:28 UTC 2021 : Endpoint response body before transformations:
Wed Mar 24 17:40:28 UTC 2021 : Method response body after transformations:
Wed Mar 24 17:40:28 UTC 2021 : Method response headers: {X-Amzn-Trace-Id=Root=HIDING_THIS_INFO;Sampled=0, Access-Control-Allow-Origin=*, Content-Type=application/json}
Wed Mar 24 17:40:28 UTC 2021 : Successfully completed execution
Wed Mar 24 17:40:28 UTC 2021 : Method completed with status:
无论我发送什么(即有效请求正文),我实际上都会收到此 202 响应代码。
仅供参考,后端 lambda 被异步调用,并且我启用了 CORS。 我已经部署了API。
更新
我修改了请求模型,使所有属性成为整数并消除了必需的方面,即
{
"$schema" : "http://json-schema.org/draft-04/schema#",
"title" : "Basic User Request Schema",
"type" : "object",
"properties" : {
"email" : { "type" : "integer" },
"id" : { "type" : "integer" },
"age" : { "type" : "integer" },
"count" : { "type" : "integer" },
"recaptcha" : { "type" : "integer" }
}
}
然后我重新部署了 API。即使那样,输入相同的测试输入也没有失败(与上面相同的日志输出)!
{
"id": "Confused"
}
我想我必须得出结论 API 网关的控制台测试存在错误?!? 它似乎完全忽略了方法请求...
最后一点:我还尝试了以下测试输入,删除了 id:
周围的双引号
{
id: "Confused"
}
至少这做了一些不同的事情:
{"message": "Could not parse request body into json: Could not parse payload into json: Unexpected character (\'i\' (code 105)): was expecting double-quote to start field name\n at [Source: (byte[])\"{\n id: \"Confused\"\n}\"; line: 2, column: 6]"}
但是,这又一直到 lambda;方法请求似乎什么也没做。
作为参考,here are the specs for the Request Model language(即 JSON 架构)。
为特定请求定义模型是一回事; API网关验证请求与您定义的模型一致是另一回事。
我认为您正在寻找的是您的方法的 Request Validator 设置:
我有一个带有 OPTIONS 和 POST 方法的 API 网关,其中 POST 方法具有以下方法请求模型(内容类型为“application/json "):
{
"$schema" : "http://json-schema.org/draft-04/schema#",
"title" : "Basic User Request Schema",
"type" : "object",
"properties" : {
"email" : { "type" : "string" },
"id" : { "type" : "string" },
"age" : { "type" : "string" },
"count" : { "type" : "string" },
"recaptcha" : { "type" : "string" }
},
"required": [ "email", "id", "age", "count", "recaptcha" ]
}
然后我 运行 POST 方法的“测试”具有以下请求正文(所有其他字段为空):
{
"id": "Confused"
}
但是,尽管缺少多个必填字段,但测试允许此输入一直到后端 lambda。 为什么这个输入没有被方法请求拒绝?
这是日志输出:
Execution log for request HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : Starting execution for request: HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : HTTP Method: POST, Resource Path: HIDING_THIS_INFO
Wed Mar 24 17:40:28 UTC 2021 : Method request path: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request query string: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request headers: {}
Wed Mar 24 17:40:28 UTC 2021 : Method request body before transformations: {
"id": "Confused"
}
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request URI: https://lambda.HIDING_THIS_INFO/2015-03-31/functions/arn:aws:lambda:HIDING_THIS_INFO:function:HIDING_THIS_INFO/invocations
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request headers: {X-Amz-Date=20210324T174028Z, x-amzn-apigateway-api-id=HIDING_THIS_INFO, Accept=application/json, User-Agent=AmazonAPIGateway_HIDING_THIS_INFO, Host=lambda.HIDING_THIS_INFO.amazonaws.com, X-Amz-Content-Sha256=HIDING_THIS_INFO, X-Amzn-Trace-Id=Root=HIDING_THIS_INFO, x-amzn-lambda-integration-tag=HIDING_THIS_INFO, Authorization=*************************************************************************************************************************************************************************************************************************************************************************************************************************************************c2e0e4, X-Amz-Source-Arn=arn:aws:execute-api:HIDING_THIS_INFO/test-invoke-stage/POST/HIDING_THIS_INFO, X-Amz-Invocation-Type=Event, X-Amz-Security-Token=HIDING_THIS_INFO [TRUNCATED]
Wed Mar 24 17:40:28 UTC 2021 : Endpoint request body after transformations: {
"id": "Confused"
}
Wed Mar 24 17:40:28 UTC 2021 : Sending request to https://lambda.HIDING_THIS_INFO.amazonaws.com/2015-03-31/functions/arn:aws:lambda:HIDING_THIS_INFO:function:HIDING_THIS_INFO/invocations
Wed Mar 24 17:40:28 UTC 2021 : Received response. Status: 202, Integration latency: 28 ms
Wed Mar 24 17:40:28 UTC 2021 : Endpoint response headers: {Date=Wed, 24 Mar 2021 17:40:28 GMT, Content-Length=0, Connection=keep-alive, x-amzn-RequestId=HIDING_THIS_INFO, x-amzn-Remapped-Content-Length=0, X-Amzn-Trace-Id=root=HIDING_THIS_INFO;sampled=0}
Wed Mar 24 17:40:28 UTC 2021 : Endpoint response body before transformations:
Wed Mar 24 17:40:28 UTC 2021 : Method response body after transformations:
Wed Mar 24 17:40:28 UTC 2021 : Method response headers: {X-Amzn-Trace-Id=Root=HIDING_THIS_INFO;Sampled=0, Access-Control-Allow-Origin=*, Content-Type=application/json}
Wed Mar 24 17:40:28 UTC 2021 : Successfully completed execution
Wed Mar 24 17:40:28 UTC 2021 : Method completed with status:
无论我发送什么(即有效请求正文),我实际上都会收到此 202 响应代码。
仅供参考,后端 lambda 被异步调用,并且我启用了 CORS。 我已经部署了API。
更新
我修改了请求模型,使所有属性成为整数并消除了必需的方面,即
{
"$schema" : "http://json-schema.org/draft-04/schema#",
"title" : "Basic User Request Schema",
"type" : "object",
"properties" : {
"email" : { "type" : "integer" },
"id" : { "type" : "integer" },
"age" : { "type" : "integer" },
"count" : { "type" : "integer" },
"recaptcha" : { "type" : "integer" }
}
}
然后我重新部署了 API。即使那样,输入相同的测试输入也没有失败(与上面相同的日志输出)!
{
"id": "Confused"
}
我想我必须得出结论 API 网关的控制台测试存在错误?!? 它似乎完全忽略了方法请求...
最后一点:我还尝试了以下测试输入,删除了 id:
{
id: "Confused"
}
至少这做了一些不同的事情:
{"message": "Could not parse request body into json: Could not parse payload into json: Unexpected character (\'i\' (code 105)): was expecting double-quote to start field name\n at [Source: (byte[])\"{\n id: \"Confused\"\n}\"; line: 2, column: 6]"}
但是,这又一直到 lambda;方法请求似乎什么也没做。
作为参考,here are the specs for the Request Model language(即 JSON 架构)。
为特定请求定义模型是一回事; API网关验证请求与您定义的模型一致是另一回事。
我认为您正在寻找的是您的方法的 Request Validator 设置: