AWS Lambda - 网关因 CORS 策略问题而被阻止
问题描述 投票:0回答:1
我正在尝试设置登录并注册 lambda 函数。它们都通过 OPTION CORS 方法设置为 POST。两者具有相同的配置。登录工作没有问题,但注册给我这个错误。 CRUD 操作也给了我同样的错误。只需登录即可工作。我希望有人能帮忙
API网关结构
方法响应
集成响应
Access to XMLHttpRequest at 'https://88106yumrk.execute-api.eu-north-1.amazonaws.com/prod/auth/register' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Register.js:31 Registration error: AxiosError {message: 'Network Error', name: 'AxiosError', code: 'ERR_NETWORK', config: {…}, request: XMLHttpRequest, …}
overrideMethod @ console.js:273
handleRegister @ Register.js:31
await in handleRegister (async)
callCallback @ react-dom.development.js:4164
invokeGuardedCallbackDev @ react-dom.development.js:4213
invokeGuardedCallback @ react-dom.development.js:4277
invokeGuardedCallbackAndCatchFirstError @ react-dom.development.js:4291
executeDispatch @ react-dom.development.js:9041
processDispatchQueueItemsInOrder @ react-dom.development.js:9073
processDispatchQueue @ react-dom.development.js:9086
dispatchEventsForPlugins @ react-dom.development.js:9097
(anonymous) @ react-dom.development.js:9288
batchedUpdates$1 @ react-dom.development.js:26179
batchedUpdates @ react-dom.development.js:3991
dispatchEventForPluginEventSystem @ react-dom.development.js:9287
dispatchEventWithEnableCapturePhaseSelectiveHydrationWithoutDiscreteEventReplay @ react-dom.development.js:6465
dispatchEvent @ react-dom.development.js:6457
dispatchDiscreteEvent @ react-dom.development.js:6430
Show 16 more frames
Show less
Register.js:17
POST https://88106yumrk.execute-api.eu-north-1.amazonaws.com/prod/auth/register net::ERR_FAILED 400 (Bad Request)
我不小心将我的注册覆盖到了我的loginLambda 函数中。并且注册没有问题。我试图检查出了什么问题,但我无法理解问题所在。
这是我的 lambda 函数
登录用户
const { DynamoDBClient, QueryCommand } = require("@aws-sdk/client-dynamodb");
const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");
const client = new DynamoDBClient({ region: process.env.AWS_REGION });
exports.handler = async (event) => {
console.log("Received event:", JSON.stringify(event, null, 2));
let body;
try {
body = JSON.parse(event.body);
} catch (error) {
return {
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ error: "Invalid JSON format in request body" }),
};
}
const { username, password } = body;
const params = {
TableName: "users",
IndexName: "username-index",
KeyConditionExpression: "username = :username",
ExpressionAttributeValues: {
":username": { S: username },
},
};
try {
const command = new QueryCommand(params);
const result = await client.send(command);
if (result.Items.length === 0) {
console.log("No user found with username:", username);
return {
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ message: "Invalid credentials" }),
};
}
const user = result.Items[0];
console.log("User found:", user);
const isPasswordValid = await bcrypt.compare(password, user.password.S);
console.log("Password is valid:", isPasswordValid);
if (!isPasswordValid) {
console.log("Invalid password for username:", username);
return {
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ message: "Invalid credentials" }),
};
}
const token = jwt.sign({ userId: user.userId.S }, process.env.JWT_SECRET, {
expiresIn: "1h",
});
console.log("Generated token:", token);
return {
statusCode: 200,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ token }),
};
} catch (error) {
console.error("Login error:", error);
return {
statusCode: 500,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ error: "Could not log in user" }),
};
}
};
注册用户
const { DynamoDBClient, PutItemCommand } = require("@aws-sdk/client-dynamodb");
const bcrypt = require("bcryptjs");
const { v4: uuidv4 } = require("uuid");
const client = new DynamoDBClient({ region: process.env.AWS_REGION });
exports.handler = async (event) => {
console.log("Received event:", JSON.stringify(event, null, 2));
let body;
try {
body = JSON.parse(event.body);
} catch (error) {
return {
statusCode: 400,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ error: "Invalid JSON format in request body" }),
};
}
const { username, password } = body;
const hashedPassword = await bcrypt.hash(password, 10);
const userId = uuidv4();
const params = {
TableName: "users",
Item: {
userId: { S: userId },
username: { S: username },
password: { S: hashedPassword },
},
};
try {
const command = new PutItemCommand(params);
await client.send(command);
console.log("User successfully created:", { userId, username });
return {
statusCode: 201,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ message: "User registered successfully" }),
};
} catch (error) {
console.error("Registration error:", error);
return {
statusCode: 500,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "OPTIONS,POST,GET,PUT,DELETE",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
},
body: JSON.stringify({ error: "Could not register user" }),
};
}
};
1个回答
0
投票
投票
我们之前也经历过同样的情况,我们所做的是在函数顶部安装一个条件,以处理返回立即
200OPTIONS
function respond(statusCode, body) {
return {
statusCode,
body: JSON.stringify(body),
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers":
"Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token",
"Access-Control-Allow-Methods": "OPTIONS,POST",
},
};
}
function isCors(event) {
return (event?.httpMethod || "").toLowerCase() === "options";
}
exports.handler = async (event) => {
try {
if (isCors(event)) {
return respond(200, {});
}
return respond(200, { message: "User registered successfully" });
} catch (err) {
return respond(500, {});
}
}
最新问题
- Android Room:如何从关系表中提取数据?
- 如何在Delphi中使用记录实现Builder模式而不创建副本?
- 使用 cv2 和 Streamlit lib 时发生 Streamlit 部署错误
- GDB 可以调试通过没有可用源代码的程序启动的劣质进程吗?
- Configuration.set可以在Mapper中使用吗?
- 每次我尝试运行我的应用程序时,都会收到“运行‘main.dart’时出错:入口点不在 Flutter pub root 内”
- 在UILabel中显示分数
- 通过命令行或 powershell 5.1 调用时,Powershell 7.2 操作不起作用
- 多处理嵌套 DictProxy 对象不允许使用 .items()
- 如何让hadoop put创建不存在的目录
- Hono Zod 类型“json”的参数不可分配给类型“never”的参数
- 如何在 Compose 中查看应用的位图旋转
- nginx 重定向到索引页面
- 如何在Python中计算math.sqrt(-1)?
- Angular 19 独立组件错误:尽管导入了 HttpClientModule,“没有 _HttpClient 的提供程序”
- 不同加数问题贪心算法
- 我无法在 Ajax 中执行 Perl 脚本
- AVX2 / gcc:通过使用不同的寄存器来提高CPU级并行性
- 我无法在ajax中执行perl脚本
- 实体框架。直接编辑集合导航属性时的奇怪行为
© www.soinside.com 2019 - 2024. All rights reserved.