GParency Authorize Decorator
About
This is NPM package containing the @Authorize decorator that is used for authorizing access to GParency lambda functions. The authorizer injects the authorized user payload in the event if user is authorized.
requestContext.authorizer injected into API Gateway event:
{
"loanTrackerId": 123456789,
"email": "user@email.com",
"isGpPaid": "true | false",
"isMapUser": "true | false",
"isPaidMapUser": "true | false",
"isLenderPaid": "true | false",
"isLender": "true | false",
"isAdmin": "true | false",
"rateAdmin": "true | false",
"userId": "google-oauth2|103010667649373229274"
}How to use
- Install the package
$ npm install @gparency/authorizer- Add decorator to handler methods
class Handler {
/**
* Get Profile
* @param event APIGatewayProxyEvent
* @param _context Context
*/
@Authorize(AuthorizationLevel.IS_GP_PAID)
public async getProfile(event: APIGatewayProxyEvent, _context: Context): Promise<APIGatewayProxyStructuredResultV2> {
const service = await this.getService({ event });
try {
return GatewayResponse.ok(await service.getProfile());
} catch (exception) {
Logger.error(exception);
return GatewayErrorResponse.fromError(exception);
}
}
}Levels of authorization
There are six levels of authorization:
-
@Authorize(): This is only checking if the user is authenticated and has a valid JWT. -
@Authorize(AuthorizationLevel.IS_GP_PAID): This checks if the user is GP Paid member. -
@Authorize(AuthorizationLevel.IS_MAP_USER): This checks if the user is registered for the Map. -
@Authorize(AuthorizationLevel.IS_PAID_MAP_USER): This checks if the user is paid for the Map. -
@Authorize(AuthorizationLevel.IS_LENDER_PAID): This checks if the user is Lender Paid member. -
@Authorize(AuthorizationLevel.IS_LENDER): This checks if the user is a Lender member.
Additional claims:
- userId - Id of the logged in user.
Required Environment Variables
AUTH0_AUDIENCE="..."
AUTH0_ISSUER="..."
AUTH0_SIGNING_CERT="..."