为什么curl 说“缺少身份验证令牌”?据我所知,我确实启用了选项方法以返回默认值 200。我的选项设置中肯定有
"AuthorizationType": "NONE"我通过
set PORT=4000 && react-scripts startsam local start-api --template lambdas_sam.json当我通过curl 测试选项方法时,我得到:
curl -i -X OPTIONS http://127.0.0.1:3000/scanRecords -H "Origin: http://localhost:4000" -H "Access-Control-Request-Method: POST"
HTTP/1.1 403 FORBIDDEN
Server: Werkzeug/3.0.1 Python/3.11.8
Date: Wed, 11 Sep 2024 02:47:58 GMT
Content-Type: application/json
Content-Length: 43
Connection: close
{"message":"Missing Authentication Token"}
lambdas_sam.json 片段:
"scanRecords": {
"Type": "AWS::Serverless::Function",
"Properties": {
"Handler": "dist/dynamo/CRUD.scanRecords",
"CodeUri": "./backend",
"Policies": [
"AmazonDynamoDBFullAccess",
"CloudWatchLogsFullAccess"
],
"Events": {
"0": {
"Type": "Api",
"Properties": {
"Path": "/scanRecords",
"Method": "post"
}
}
}
}
},
"scanRecordsResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"ParentId": {
"Fn::GetAtt": [
"apiGatewayRestApi",
"RootResourceId"
]
},
"PathPart": "scanRecords",
"RestApiId": {
"Ref": "apiGatewayRestApi"
}
}
},
"scanRecordsGatewayMethod": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"AuthorizationType": "COGNITO_USER_POOLS",
"AuthorizerId": {
"Ref": "CognitoAuthorizer"
},
"HttpMethod": "post",
"Integration": {
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {
"Fn::Sub": [
"arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${lambdaArn}/invocations",
{
"lambdaArn": {
"Fn::GetAtt": [
"scanRecords",
"Arn"
]
}
}
]
}
},
"ResourceId": {
"Ref": "scanRecordsResource"
},
"RestApiId": {
"Ref": "apiGatewayRestApi"
}
}
},
"scanRecordsOptionsMethod": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"ResourceId": {
"Ref": "scanRecordsResource"
},
"RestApiId": {
"Ref": "apiGatewayRestApi"
},
"Integration": {
"Type": "MOCK",
"IntegrationResponses": [
{
"StatusCode": 200,
"ResponseParameters": {
"method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"method.response.header.Access-Control-Allow-Methods": "'POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"ResponseTemplates": {
"application/json": ""
}
}
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestTemplates": {
"application/json": "{}"
}
},
"MethodResponses": [
{
"StatusCode": 200,
"ResponseParameters": {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true
}
}
]
}
},
"ApiGatewayInvokeLambdaPermissionscanRecords": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:InvokeFunction",
"FunctionName": {
"Fn::GetAtt": [
"scanRecords",
"Arn"
]
},
"Principal": "apigateway.amazonaws.com",
"SourceArn": {
"Fn::Sub": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGatewayRestApi}/*/*/*"
}
}
}
据我所知,aws-sam-cli 中尚不支持 Cognito 授权方进行本地测试,本地模式下唯一支持的授权方是 lambda 授权方。
在代码中我们可以看到:
LOG.debug("Authorizer '%s' is currently unsupported (must be a Lambda Authorizer), skipping", auth_name)