DEV Community: Benson Macharia The latest articles on DEV Community by Benson Macharia (@bensonmacharia). https://dev.to/bensonmacharia https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1022626%2F888177d5-83d8-4587-9848-f1787c3d605f.jpeg DEV Community: Benson Macharia https://dev.to/bensonmacharia en Master Secure File Uploads to AWS S3 in Node.js with Express and Multer Benson Macharia Wed, 08 Jan 2025 20:31:28 +0000 https://dev.to/aws-builders/master-secure-file-uploads-to-aws-s3-in-nodejs-with-express-and-multer-4j3e https://dev.to/aws-builders/master-secure-file-uploads-to-aws-s3-in-nodejs-with-express-and-multer-4j3e <p>Uploading files securely is a key part of protecting user data in any web application. In this blog, we'll walk you through creating a secure file upload system using <a href="https://nodejs.org/en" rel="noopener noreferrer">Node.js</a>, <a href="https://expressjs.com/" rel="noopener noreferrer">Express</a>, <a href="https://www.npmjs.com/package/multer" rel="noopener noreferrer">Multer</a>, and <a href="https://aws.amazon.com/pm/serv-s3/" rel="noopener noreferrer">AWS S3</a>. We'll focus on best practices to ensure your uploads are safe and your application stays secure. This guide is perfect for beginners who want to learn how to handle file uploads while keeping security a top priority.</p> <p>Now, let's dive in</p> <h3> Prerequisites </h3> <ul> <li>Basic knowledge of Node.js/Javascript</li> <li>Basic knowledge of AWS and <a href="https://aws.amazon.com/cloudformation/" rel="noopener noreferrer">CloudFormation</a> </li> <li>AWS Account. Create one <a href="https://aws.amazon.com/free/" rel="noopener noreferrer">here</a> for free</li> <li>Patience </li> </ul> <h3> Step 1: Environment Set Up </h3> <h4> 1. Install Node.js and npm: </h4> <ul> <li>Download and install Node.js from <a href="https://nodejs.org/en" rel="noopener noreferrer">nodejs.org</a>.</li> <li>Verify the installation: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>node <span class="nt">-v</span> <span class="c">#v20.18.1</span> <span class="nv">$ </span>npm <span class="nt">-v</span> <span class="c">#10.8.2</span> </code></pre> </div> <h4> 2. Install AWS CLI: </h4> <ul> <li>Download and install the AWS CLI from <a href="https://aws.amazon.com/cli/" rel="noopener noreferrer">aws.amazon.com/cli</a>.</li> <li>Configure the AWS CLI with your credentials: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws configure <span class="c">#AWS Access Key ID [****************H53C]: </span> <span class="c">#AWS Secret Access Key [****************1CcY]: </span> <span class="c">#Default region name [us-east-1]: </span> <span class="c">#Default output format [json]:</span> </code></pre> </div> <h3> Step 2: Create the Node.js Application </h3> <h4> 1. Initialize a new Node.js project: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>node-file-upload-api <span class="nv">$ </span><span class="nb">cd </span>node-file-upload-api <span class="nv">$ </span>npm init <span class="nt">-y</span> </code></pre> </div> <h4> 2. Install necessary packages: </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm <span class="nb">install </span>express aws-sdk multer dotenv uuid </code></pre> </div> <h4> 3. Create the application file (<code>app.js</code>): </h4> <ul> <li>Create a <code>app.js</code> file</li> <li>Add the following javascript code</li> <li>Here we are creating a function to send a POST request to upload our file and generate a presignedURL for the uploaded file. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// app.js</span> <span class="c1">// Import the required packages</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">multer</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">multer</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">AWS</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">aws-sdk</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="na">v4</span><span class="p">:</span> <span class="nx">uuidv4</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">uuid</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Load environment variables from a .env file</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span><span class="p">).</span><span class="nf">config</span><span class="p">();</span> <span class="c1">// Create an Express application</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="c1">// Create an S3 instance with the specified region</span> <span class="kd">const</span> <span class="nx">s3</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AWS</span><span class="p">.</span><span class="nc">S3</span><span class="p">({</span> <span class="na">region</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">AWS_REGION</span> <span class="p">});</span> <span class="c1">// Configure Multer to save uploaded files to the 'uploads/' directory</span> <span class="kd">const</span> <span class="nx">upload</span> <span class="o">=</span> <span class="nf">multer</span><span class="p">({</span> <span class="na">dest</span><span class="p">:</span> <span class="dl">'</span><span class="s1">uploads/</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/upload</span><span class="dl">'</span><span class="p">,</span> <span class="nx">upload</span><span class="p">.</span><span class="nf">single</span><span class="p">(</span><span class="dl">'</span><span class="s1">file</span><span class="dl">'</span><span class="p">),</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Get the uploaded file from the request</span> <span class="kd">const</span> <span class="nx">file</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">file</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">fileKey</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nf">uuidv4</span><span class="p">()}</span><span class="s2">-</span><span class="p">${</span><span class="nx">file</span><span class="p">.</span><span class="nx">originalname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">s3Params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">S3_BUCKET</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">fileKey</span><span class="p">,</span> <span class="na">Body</span><span class="p">:</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">fs</span><span class="dl">'</span><span class="p">).</span><span class="nf">createReadStream</span><span class="p">(</span><span class="nx">file</span><span class="p">.</span><span class="nx">path</span><span class="p">),</span> <span class="c1">// Create a readable stream from the uploaded file</span> <span class="na">ContentType</span><span class="p">:</span> <span class="nx">file</span><span class="p">.</span><span class="nx">mimetype</span> <span class="p">};</span> <span class="nx">s3</span><span class="p">.</span><span class="nf">upload</span><span class="p">(</span><span class="nx">s3Params</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Generate presigned URL</span> <span class="kd">const</span> <span class="nx">presignedUrlParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">S3_BUCKET</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">fileKey</span><span class="p">,</span> <span class="na">Expires</span><span class="p">:</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="c1">// URL expiration time in seconds (e.g., 1 hour)</span> <span class="p">};</span> <span class="nx">s3</span><span class="p">.</span><span class="nf">getSignedUrl</span><span class="p">(</span><span class="dl">'</span><span class="s1">getObject</span><span class="dl">'</span><span class="p">,</span> <span class="nx">presignedUrlParams</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">presignedUrl</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">500</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">send</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">File uploaded successfully</span><span class="dl">'</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">Location</span><span class="p">,</span> <span class="na">presignedUrl</span><span class="p">:</span> <span class="nx">presignedUrl</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// Start the server on port 3000</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server running on port 3000</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h4> 4. Create a <code>.env</code> file for environment variables: </h4> <ul> <li>Create a <code>.env</code> file</li> <li>Add the following information </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AWS_REGION=us-east-1 S3_BUCKET=my-node-app-bucket-382c-c803-a96a-49f1 </code></pre> </div> <ul> <li>Make sure that your bucket name is unique. You can use the <a href="https://www.uuidgenerator.net/version4" rel="noopener noreferrer">Online UUID Generator</a> to generate a unique UUID to append to the name.</li> </ul> <h3> Step 3: Create the CloudFormation Template </h3> <h4> 1. Create a file named <code>s3-file-upload.yml</code> and add the following content </h4> <ul> <li>Create a <code>s3-file-upload.yml</code> file</li> <li>Add the following code </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2010-09-09"</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">S3Bucket</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AWS::S3::Bucket"</span> <span class="c1"># Defines an S3 bucket resource</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">BucketName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">my-node-app-bucket-382c-c803-a96a-49f1"</span> <span class="c1"># Sets the bucket name</span> <span class="na">PublicAccessBlockConfiguration</span><span class="pi">:</span> <span class="c1"># Configures public access settings for the bucket</span> <span class="na">BlockPublicAcls</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Blocks public ACLs</span> <span class="na">BlockPublicPolicy</span><span class="pi">:</span> <span class="kc">false</span> <span class="c1"># Allows custom bucket policies</span> <span class="na">IgnorePublicAcls</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Ignores public ACLs</span> <span class="na">RestrictPublicBuckets</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Restricts public bucket access</span> <span class="na">VersioningConfiguration</span><span class="pi">:</span> <span class="na">Status</span><span class="pi">:</span> <span class="s">Enabled</span> <span class="c1"># Enables versioning for the bucket</span> <span class="na">S3BucketPolicy</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AWS::S3::BucketPolicy"</span> <span class="c1"># Defines a bucket policy resource</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Bucket</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">S3Bucket</span> <span class="c1"># References the S3 bucket created above</span> <span class="na">PolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2012-10-17"</span> <span class="c1"># Specifies the version of the policy language</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="c1"># Allows the specified actions</span> <span class="na">Principal</span><span class="pi">:</span> <span class="s2">"</span><span class="s">*"</span> <span class="c1"># Applies to all principals (users)</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3:GetObject"</span> <span class="c1"># Allows the GetObject action</span> <span class="na">Resource</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">${S3Bucket.Arn}/*"</span> <span class="c1"># Applies to all objects in the bucket</span> <span class="na">Condition</span><span class="pi">:</span> <span class="na">Bool</span><span class="pi">:</span> <span class="na">aws:SecureTransport</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="c1"># Requires requests to use HTTPS</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="c1"># Allows the specified actions</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">AWS</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">arn:aws:iam::${AWS::AccountId}:role/MyAppRole"</span> <span class="c1"># Allows the IAM role to access the bucket</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3:PutObject"</span> <span class="c1"># Allows the PutObject action</span> <span class="na">Resource</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">${S3Bucket.Arn}/*"</span> <span class="c1"># Applies to all objects in the bucket</span> <span class="na">MyAppIAMRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="c1"># Defines an IAM Role resource</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RoleName</span><span class="pi">:</span> <span class="s">MyAppRole</span> <span class="c1"># Assigns a name to the IAM role</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2012-10-17"</span> <span class="c1"># Specifies the version of the policy language</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="c1"># Allows the following action</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s2">"</span><span class="s">ec2.amazonaws.com"</span> <span class="c1"># Specifies that the EC2 service can assume this role</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sts:AssumeRole"</span> <span class="c1"># Allows EC2 instances to assume the role</span> <span class="na">Policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">PolicyName</span><span class="pi">:</span> <span class="s">S3AccessPolicy</span> <span class="c1"># Names the inline policy for the role</span> <span class="na">PolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2012-10-17"</span> <span class="c1"># Specifies the version of the policy language</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="c1"># Allows the following actions</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3:PutObject"</span> <span class="c1"># Grants permission to upload objects to S3</span> <span class="na">Resource</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">${S3Bucket.Arn}/*"</span> <span class="c1"># Applies to all objects in the specified S3 bucket</span> </code></pre> </div> <ul> <li>In the above CloudFormation template, we are creating an S3 bucket with a name that includes the AWS account ID to make it unique. It blocks all public access and enables versioning. The template also adds a policy allowing anyone to download objects from the bucket, but only over HTTPS for secure data transmission.</li> </ul> <h3> Step 4: Deploy AWS Resources with CloudFormation </h3> <h4> 1. Deploy the stack: </h4> <ul> <li>We will now deploy our AWS CloudFormation stack using the template file we created above. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws cloudformation deploy <span class="nt">--template-file</span> s3-file-upload.yml <span class="nt">--stack-name</span> S3FileUploadStack <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM <span class="c">#Waiting for changeset to be created..</span> <span class="c">#Waiting for stack create/update to complete</span> <span class="c">#Successfully created/updated stack - S3FileUploadStack</span> </code></pre> </div> <ul> <li>Here's a breakdown of each part:</li> </ul> <p><code>aws cloudformation deploy</code>: This is the AWS CLI command to deploy a CloudFormation stack.<br> <code>--template-file s3-file-upload.yml</code>: Specifies the path to the CloudFormation template file (s3-file-upload.yml) that defines the resources and configurations.<br> <code>--stack-name S3FileUploadStack</code>: Sets the name of the CloudFormation stack to S3FileUploadStack.<br> <code>--capabilities CAPABILITY_NAMED_IAM</code>: Acknowledges that the stack requires IAM resources with custom names, allowing the deployment to create or modify IAM roles and policies.</p> <h4> 2. Confirm S3 bucket creation: </h4> <ul> <li>After deployment, login into your <a href="https://aws.amazon.com/console/" rel="noopener noreferrer">AWS console</a> and confirm that the S3 bucket has been provisioned from the CloudFormation stack.</li> </ul> <h3> Step 5: Run Your Node.js Application </h3> <ul> <li>Confirm you have set the environment variables in the .env file with the correct S3 bucket name.</li> <li>Start the application: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>node app.js <span class="c">#Server running on port 3000</span> </code></pre> </div> <h3> Step 6: Upload a File </h3> <h4> 1. Use Postman or cURL to send a POST request to <code>http://localhost:3000/upload</code> with a file. </h4> <p><em><strong>Using Postman</strong></em></p> <ul> <li>Create a new POST request.</li> <li>Set the URL to <a href="http://localhost:3000/upload" rel="noopener noreferrer">http://localhost:3000/upload</a>.</li> <li>In the "Body" tab, choose "form-data", add a key file, and select a file to upload <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7jujdxi4msujpwhdc4xg.png" alt="Image description" width="800" height="347"> </li> </ul> <p><em><strong>Using Curl</strong></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-F</span> <span class="s2">"file=@/tmp/files/test-upload.png"</span> http://localhost:3000/upload </code></pre> </div> <h4> 2. Receive the file URL in the response, indicating successful upload. The response will be in the following format. </h4> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"File uploaded successfully"</span><span class="p">,</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://my-node-app-bucket-382c-c803-a96a-49f1.s3.amazonaws.com/87587526-e70b-451d-a405-ceab366016a8-test-upload.png"</span><span class="p">,</span><span class="w"> </span><span class="nl">"presignedUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://my-node-app-bucket-382c-c803-a96a-49f1.s3.amazonaws.com/87587526-e70b-451d-a405-ceab366016a8-test-upload.png?AWSAccessKeyId=AKIATA6LX4GWXV6MH53C&amp;Expires=1736370100&amp;Signature=66dKUQRW%2F47La3MPPngITEhFE%2FA%3D"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Conclusion </h3> <p>In conclusion, mastering secure file uploads to AWS S3 in Node.js with Express and Multer involves more than just basic functionality—it requires a strong focus on security. By integrating Multer for efficient file handling, leveraging AWS S3's robust security features like bucket policies and presigned URLs, and enforcing HTTPS connections, we ensure that uploaded files are securely managed and accessed. This approach not only protects sensitive data but also helps prevent unauthorized access and potential vulnerabilities, making it a reliable and secure solution for modern web applications.</p> node beginners aws security Mastering Application Security: The Power of Rate Limiting Benson Macharia Fri, 15 Mar 2024 09:04:54 +0000 https://dev.to/bensonmacharia/mastering-application-security-the-power-of-rate-limiting-53mo https://dev.to/bensonmacharia/mastering-application-security-the-power-of-rate-limiting-53mo <p><strong>What is Rate Limiting?</strong><br> Rate limiting is a technique used in web and API development to control the rate of traffic sent or received by a server.</p> <p><strong>Why Rate Limiting?</strong><br> Rate limiting is a crucial aspect of modern application security, offering a powerful defense against various types of attacks such as brute force, DDoS, and API abuse. By restricting the number of requests a user or IP address can make within a certain timeframe, rate limiting helps prevent server overload, maintains application performance, and enhances overall security posture.</p> <p><strong>Implementation</strong><br> In this article, we'll delve into the concept of rate limiting in <a href="https://laravel.com" rel="noopener noreferrer">Laravel</a>; a popular PHP framework. We will explore how to set it up, customize it to suit your application's needs, and handle common scenarios. By the end, you'll have the knowledge and confidence to implement rate limiting in your Laravel applications, enhancing their security and stability.</p> <p><strong>Design</strong></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwuabrubdxnsaru44axyq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwuabrubdxnsaru44axyq.png" alt="Laravel Design"></a><br> In Laravel, requests are routed through the router service, which directs them to the appropriate middleware for processing, then to controllers for handling business logic, models for interacting with the database, and finally to views for rendering the response back to the client.</p> <p><strong>Let's Set Up</strong><br> You can download the complete <a href="https://github.com/bensonmacharia/laravel-rate-limiting" rel="noopener noreferrer">source code</a> here or you can follow this <a href="https://laravel.com/docs/10.x/installation" rel="noopener noreferrer">Laravel guide</a> to scaffold your application as follows.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> $ composer create-project laravel/laravel:^10.0 laravel-rate-limiting $ cd laravel-rate-limiting $ php artisan serve </code></pre> </div> <p>Remember to edit your <code>.env</code> file and then run</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> $ php artisan migrate </code></pre> </div> <p>We will additionally create:-</p> <ul> <li>Three controllers i.e. <code>LoginRegisterController.php</code>, <code>APIController.php</code> and <code>ProductController.php</code> under app/Http/Controllers</li> <li>Two Models i.e. <code>User.php</code> and <code>Product.php</code> under app/Models.</li> <li>Auth and Product views under resources/views</li> <li>Migrations under database/migrations</li> </ul> <p><strong>Rate Limiting Implementation</strong><br> To implement rate limiting, we will make use of the rate limiting capability provided with Laravel Middleware to throttle incoming HTTP requests before they reach our controllers.<br> To do that, we will modify the <code>App\Providers\RouteServiceProvider.php</code> to define the rate limiter configurations to suit our application needs.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> &lt;?php namespace App\Providers; class RouteServiceProvider extends ServiceProvider { public function boot(): void { // Modify rate limiting for APIs to 60 requests per minute RateLimiter::for('api', function (Request $request) { return Limit::perMinute(60)-&gt;by($request-&gt;user()?-&gt;id ?: $request-&gt;ip()); }); // Rate limit auth endpoints to 10 requests per minute by user IP RateLimiter::for('auth', function (Request $request) { return Limit::perMinute(10)-&gt;by($request-&gt;ip()); }); // Rate limit products endpoints to 30 requests per minute by user ID RateLimiter::for('product', function (Request $request) { return Limit::perMinute(30)-&gt;by($request-&gt;user()?-&gt;id); }); $this-&gt;routes(function () { Route::middleware('api') -&gt;prefix('api') -&gt;group(base_path('routes/api.php')); Route::middleware('web') -&gt;group(base_path('routes/web.php')); }); } } </code></pre> </div> <p>In the above example, we have defined two rate limiters, one called <code>auth</code> that limits access to the auth routes to 10 requests per minute by user IP and another one called <code>product</code> that limits access to products endpoints to 30 requests per minute by user ID. We have also modified the rate limiter for APIs to 60 requests per minute by user IP or ID.<br> We can now apply the rate limiters to the routes we want to throttle using the middleware as follows:</p> <p><em><strong>routes/api.php</strong></em></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> // Endpoint requires authentication and is throttled through the auth rate limiter Route::middleware(['auth:api','throttle:auth'])-&gt;get('/profile', function (Request $request) { return $request-&gt;user(); }); // Endpoints do not require authentication but they are throttled through the auth rate limiter Route::middleware(['throttle:auth'])-&gt;post('/user/register', [APIController::class, 'register']); Route::middleware(['throttle:auth'])-&gt;post('/user/login', [APIController::class, 'login']); // Endpoints require authentication and are throttled through the auth rate limiter Route::middleware(['auth:api','throttle:auth'])-&gt;get('/users', [APIController::class, 'users']); Route::middleware(['auth:api','throttle:auth'])-&gt;get('/user/{id}', [APIController::class, 'user']); // Endpoints require authentication and are throttled through the auth product limiter Route::middleware(['auth:api','throttle:product'])-&gt;post('/product', [APIController::class, 'newProduct']); Route::middleware(['auth:api','throttle:product'])-&gt;get('/products', [APIController::class, 'index']); Route::middleware(['auth:api','throttle:product'])-&gt;get('/product/{id}', [APIController::class, 'product']); </code></pre> </div> <p><em><strong>routes/web.php</strong></em></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> // Not throttled Route::get('/', function () { return view('welcome'); }); // Throttled through the auth rate limiter Route::group(['middleware' =&gt; 'throttle:auth'], function () { Route::get('/register', [LoginRegisterController::class, 'register'])-&gt;name('register'); Route::post('/store', [LoginRegisterController::class, 'store'])-&gt;name('store'); Route::get('/login', [LoginRegisterController::class, 'login'])-&gt;name('login'); Route::post('/authenticate', [LoginRegisterController::class, 'authenticate'])-&gt;name('authenticate'); Route::get('/dashboard', [LoginRegisterController::class, 'dashboard'])-&gt;name('dashboard'); Route::post('/logout', [LoginRegisterController::class, 'logout'])-&gt;name('logout'); }); // Throttled through the product rate limiter Route::middleware(['middleware' =&gt; 'throttle:product'])-&gt;group(function () { Route::get('/products', [ProductController::class, 'index'])-&gt;name('products'); Route::get('/product/{product}', [ProductController::class, 'show'])-&gt;name('product.show'); Route::post('/product', [ProductController::class, 'store'])-&gt;name('product.store'); }); </code></pre> </div> <p><strong>Testing Rate Limiting</strong><br> Moment on truth.!<br> Run </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> php artisan serve </code></pre> </div> <p><strong><em>1. API</em></strong><br> We have eight API endpoints as below</p> <ul> <li>User register ``` </li> </ul> <p>$ curl -X POST --header "Content-Type: application/json" --data '{"name":"Jane Doe", "email":"<a href="mailto:janedoe@example.com">janedoe@example.com</a>", "password":"pAssW0rd@s3cr3t", "password_confirmation":"pAssW0rd@s3cr3t"}' <a href="http://localhost:8000/api/user/register" rel="noopener noreferrer">http://localhost:8000/api/user/register</a></p> <p>HTTP/1.1 201 Created<br> X-RateLimit-Limit: 10<br> X-RateLimit-Remaining: 9<br> {"message":"User registered successfully","user":{"name":"John Doe","email":"<a href="mailto:johndoe@example.com">johndoe@example.com</a>","api_token":"hSAx1XBcpFDNUNFqCQvQ9OOgGfBF6t5rzxJicEsjsh0o4HGmaBCVhA7tOEpp","updated_at":"2024-03-14T23:30:45.000000Z","created_at":"2024-03-14T23:30:45.000000Z","id":9}} </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>On successful user registration we can see the response above. Note the `X-RateLimit-Limit` and `X-RateLimit-Remaining` values meaning we have nine more requests remaining allowed before we get blocked. We can simulate this using a tool such as [Burp suite](https://portswigger.net/burp/communitydownload) repeater or intruder as illustrated in the image below. ![Error Too May Requests API](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/c3nq36qvh7b11oragahb.png) After sending 10 requests, we will be blocked on the 11th one as per the configuration we set in the API auth limiter. Try the other endpoints as below. - User login </code></pre> </div> <p>$ curl -X POST --header "Content-Type: application/json" --data '{"email":"<a href="mailto:janedoe@example.com">janedoe@example.com</a>", "password":"pAssW0rd@s3cr3t"}' <a href="http://localhost:8000/api/user/login" rel="noopener noreferrer">http://localhost:8000/api/user/login</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- List all users </code></pre> </div> <p>$ curl -X GET --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" <a href="http://localhost:8000/api/users" rel="noopener noreferrer">http://localhost:8000/api/users</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Get user by ID </code></pre> </div> <p>$ curl -X GET --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" <a href="http://localhost:8000/api/user/1" rel="noopener noreferrer">http://localhost:8000/api/user/1</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Get user profile </code></pre> </div> <p>$ curl -X GET --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" <a href="http://localhost:8000/api/profile" rel="noopener noreferrer">http://localhost:8000/api/profile</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Add product </code></pre> </div> <p>$ curl -X POST --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" --data '{"name":"Nike Air Force 1 Shadow", "quantity":300, "price":4500.00}' <a href="http://localhost:8000/api/product" rel="noopener noreferrer">http://localhost:8000/api/product</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Get all products </code></pre> </div> <p>$ curl -X GET --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" <a href="http://localhost:8000/api/products" rel="noopener noreferrer">http://localhost:8000/api/products</a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- Get product by ID </code></pre> </div> <p>$ curl -X GET --header "Content-Type: application/json" --header "Authorization: Bearer z7ZOw6IqUbDHLdozERIwp4w9Ti8wfvaI51b8xTqp3Vc4w4JDCYAoqTbunQ12" <a href="http://localhost:8000/api/product/1" rel="noopener noreferrer">http://localhost:8000/api/product/1</a></p> <p>HTTP/1.1 200 OK<br> X-RateLimit-Limit: 30<br> X-RateLimit-Remaining: 29<br> {"id":1,"name":"Product One","quantity":23,"price":400.5,"created_at":"2024-03-14T15:59:26.000000Z","updated_at":"2024-03-14T15:59:26.000000Z"}</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>For the products endpoints we will be throttled at 30 requests per minute as per our API product limiter. **_2. Web_** On the web, all our authentication related pages will be rate limited at 10 requests per minute as per our auth limiter configuration while those pages concerning products will be throttled at 30 requests per minute. - Throttled authentication requests ![Throttled auth requests](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/92g91146zuno2kjjxv4r.png) - Throttled product requests ![Throttled product requests](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/u0mroaipt3wys88acn2j.png) - User credentials bruteforce attack prevented on login page ![User login page bruteforce blocked](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/lyh22gf8ekrdwdvj15gx.png) **Finally** As we have seen, rate limiting in Laravel is a powerful tool for controlling the flow of requests to your application, ensuring its stability and security. By following the guidelines outlined in this article, you can effectively implement rate limiting to protect your application from abuse and ensure a smooth user experience. **Let's connect** - Connect on [LinkedIn](https://www.linkedin.com/in/benson-macharia) - Check out my [GitHub](https://github.com/bensonmacharia) </code></pre> </div> appsec laravel api owasp Implementing Key and Token Authentication for a NodeJS API on AWS SAM Benson Macharia Sun, 05 Nov 2023 23:03:51 +0000 https://dev.to/aws-builders/implementing-key-and-token-authentication-for-a-nodejs-api-on-aws-sam-56ln https://dev.to/aws-builders/implementing-key-and-token-authentication-for-a-nodejs-api-on-aws-sam-56ln <p>In this article, we will look at how to create a securely authenticated serverless NodeJs API leveraging on AWS API Gateway key and custom JWT token. AWS SAM (Serverless Application Model) creates secure, high-performing APIs and provides developers with a simplified development environment that allows them to solely focus on writing code without worrying about server management, infrastructure scaling, or hardware failures.</p> <h2> Designs </h2> <p><strong>High-Level Architecture Diagram</strong></p> <ul> <li>The API calls from a mobile or web client are routed through an API Gateway to a Lambda function for processing. Data is persisted in a DynamoDb and logs stored on CloudWatch.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6npax4oy49p0ecnzcl2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl6npax4oy49p0ecnzcl2.png" alt="High-Level architecture diagram for a NodeJS API deployed on AWS SAM" width="719" height="343"></a></p> <p><strong>Sequence Diagram</strong></p> <ul> <li>The user first creates an account and then login using their credentials i.e. username and a password to get an access token. Making use of the access token, the user is then able to create a new event, update details and view all the events available.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94phbewcvfkd605up7cv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94phbewcvfkd605up7cv.png" alt="Sequence diagram for a NodeJS API deployed on AWS SAM" width="800" height="544"></a></p> <p><strong>Prerequisite</strong></p> <ul> <li>Basic skill in NodeJs</li> <li>AWS Account</li> <li>AWS CLI</li> </ul> <p>Follow this guide (<a href="https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-install.html" rel="noopener noreferrer">AWS CLI</a>) to install.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>aws <span class="nt">--version</span> aws-cli/2.7.32 Python/3.9.11 Darwin/23.0.0 exe/x86_64 prompt/off </code></pre> </div> <ul> <li>SAM CLI</li> </ul> <p>Follow this guide (<a href="https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/install-sam-cli.html" rel="noopener noreferrer">SAM CLI</a>) to install.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sam <span class="nt">--version</span> SAM CLI, version 1.73.0 </code></pre> </div> <p><strong>Source</strong><br> You can get the full source code here.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/bensonmacharia/sam-node-api.git </code></pre> </div> <h2> Let's Build </h2> <p><strong>1. Environment Setup</strong></p> <ul> <li>Create the project folder and initialise the sam project. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mkdir </span>sam-projects <span class="o">&amp;&amp;</span> <span class="nb">cd </span>sam-projects <span class="nv">$ </span>sam init <span class="nt">-r</span> nodejs18.x <span class="nt">-d</span> npm <span class="nt">-n</span> sam-node-api Which template <span class="nb">source </span>would you like to use? Choice: 1 Choose an AWS Quick Start application template Template: 6 Would you like to <span class="nb">enable </span>X-Ray tracing on the <span class="k">function</span><span class="o">(</span>s<span class="o">)</span> <span class="k">in </span>your application? <span class="o">[</span>y/N]: N Would you like to <span class="nb">enable </span>monitoring using CloudWatch Application Insights? <span class="o">[</span>y/N]: N </code></pre> </div> <ul> <li>We are specifying to use nodejs version 18, npm as the dependency manager for our Lambda runtime and sam-node-api as the name of our project. We have also chosen not to enable X-Ray tracing and CloudWatch Application Insights.</li> </ul> <p><strong>2. Let's do some clean up</strong></p> <ul> <li>Open the generated source code in your favourite IDE. In this case, vscode. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd </span>sam-node-api <span class="o">&amp;&amp;</span> code <span class="nb">.</span> </code></pre> </div> <ul> <li>Delete the files that we will not be using. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">rm</span> <span class="nt">-rf</span> sam-node-dev events <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> __tests__ </code></pre> </div> <p><strong>3. Time now to edit the template.yaml file</strong></p> <ul> <li><p>In AWS SAM, <code>template.yaml</code> serves as the foundational configuration file for defining our serverless application. Clear the content on the template.yaml file and add the following below content.</p></li> <li><p><code>AWSTemplateFormatVersion</code>: Specifies the AWS CloudFormation template version. For SAM templates, this is usually set to '2010-09-09'.<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s">2010-09-09</span> </code></pre> </div> <ul> <li> <code>Transform</code>: Specifies the macro (transform) that AWS CloudFormation uses to process the template. For SAM templates, this should be set to 'AWS::Serverless-2016-10-31'. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="s">AWS::Serverless-2016-10-31</span> </code></pre> </div> <ul> <li> <code>Description</code>: Provides a description of the CloudFormation stack and the serverless application. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;-</span> <span class="s">sam-node-api</span> </code></pre> </div> <ul> <li> <code>Resources</code>: This section defines the AWS resources that make up your serverless application, such as AWS Lambda functions, API Gateway APIs, DynamoDB tables, and more. In this case we have an API Gateway, Secrets Manager, Lambda functions and DynamoDB as below.</li> </ul> <p><strong><em>API Gateway</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">Resources</span><span class="pi">:</span> <span class="c1"># Create an API Gateway and add an API Key</span> <span class="na">ApiGatewayEndpoint</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::Serverless::Api'</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">StageName</span><span class="pi">:</span> <span class="s">Prod</span> <span class="na">Auth</span><span class="pi">:</span> <span class="c1"># Require API Key for all endpoints</span> <span class="na">ApiKeyRequired</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">UsagePlan</span><span class="pi">:</span> <span class="na">CreateUsagePlan</span><span class="pi">:</span> <span class="s">PER_API</span> <span class="na">UsagePlanName</span><span class="pi">:</span> <span class="s">GatewayAuthorization</span> </code></pre> </div> <p><strong><em>Secret Manager</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">JWTUserTokenSecret</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::SecretsManager::Secret</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">JWTUserTokenSecret</span> <span class="na">Description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">This</span><span class="nv"> </span><span class="s">secret</span><span class="nv"> </span><span class="s">has</span><span class="nv"> </span><span class="s">a</span><span class="nv"> </span><span class="s">dynamically</span><span class="nv"> </span><span class="s">generated</span><span class="nv"> </span><span class="s">secret</span><span class="nv"> </span><span class="s">password."</span> <span class="c1"># Generate a random string 30 charatcers long for the JWT secret</span> <span class="na">GenerateSecretString</span><span class="pi">:</span> <span class="na">GenerateStringKey</span><span class="pi">:</span> <span class="s1">'</span><span class="s">jwt_secret'</span> <span class="na">PasswordLength</span><span class="pi">:</span> <span class="m">30</span> <span class="na">ExcludeCharacters</span><span class="pi">:</span> <span class="s1">'</span><span class="s">"@/\:;+*'</span><span class="s1">'</span><span class="s">'</span> <span class="na">SecretStringTemplate</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{"secret_name":</span><span class="nv"> </span><span class="s">"sam-node-app-jwt-secret"}'</span> </code></pre> </div> <p><strong><em>Get All Events Lambda Function</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a Lambda function config associated with the source code: get-all-events.js for getting all the Events.</span> <span class="na">getAlleventsFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">src/handlers/get-all-events.getAllEventsHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs18.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">100</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Includes a HTTP get method to get all events from a DynamoDB table.</span> <span class="na">Policies</span><span class="pi">:</span> <span class="c1"># Give Create/Read/Update/Delete Permissions to the EventsTable</span> <span class="pi">-</span> <span class="na">DynamoDBCrudPolicy</span><span class="pi">:</span> <span class="na">TableName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="pi">-</span> <span class="na">AWSSecretsManagerGetSecretValuePolicy</span><span class="pi">:</span> <span class="na">SecretArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">JWTUserTokenSecret</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="c1"># Make table name accessible as environment variable from function code during execution</span> <span class="na">SAMPLE_TABLE</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayEndpoint</span> <span class="c1"># Expose the API through the path /v1/api/events</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/v1/api/events</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">GET</span> </code></pre> </div> <p><strong><em>Get Single Event By ID Lambda Function</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a Lambda function config associated with the source code: get-event.js for getting a single Event by its ID</span> <span class="na">getEventByIdFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">src/handlers/get-event.getEventByIdHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs18.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">100</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Includes a HTTP get method to get one event by id from a DynamoDB table.</span> <span class="na">Policies</span><span class="pi">:</span> <span class="c1"># Give Create/Read/Update/Delete Permissions to the EventsTable</span> <span class="pi">-</span> <span class="na">DynamoDBCrudPolicy</span><span class="pi">:</span> <span class="na">TableName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="pi">-</span> <span class="na">AWSSecretsManagerGetSecretValuePolicy</span><span class="pi">:</span> <span class="na">SecretArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">JWTUserTokenSecret</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="c1"># Make table name accessible as environment variable from function code during execution</span> <span class="na">SAMPLE_TABLE</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayEndpoint</span> <span class="c1"># Expose the API through the path /v1/api/event/&lt;id&gt;</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/v1/api/event/{id}</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">GET</span> </code></pre> </div> <p><strong><em>Create an Event Lambda Function</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a Lambda function config associated with the source code: put-item.js for posting an Event into the database</span> <span class="na">addEventFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">src/handlers/add-event.addEventHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs18.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">100</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Includes a HTTP post method to add one event to a DynamoDB table.</span> <span class="na">Policies</span><span class="pi">:</span> <span class="c1"># Give Create/Read/Update/Delete Permissions to the EventsTable</span> <span class="pi">-</span> <span class="na">DynamoDBCrudPolicy</span><span class="pi">:</span> <span class="na">TableName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="pi">-</span> <span class="na">AWSSecretsManagerGetSecretValuePolicy</span><span class="pi">:</span> <span class="na">SecretArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">JWTUserTokenSecret</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="c1"># Make table name accessible as environment variable from function code during execution</span> <span class="na">SAMPLE_TABLE</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">EventsTable</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayEndpoint</span> <span class="c1"># Expose the API through the path /v1/api/event</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/v1/api/event</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">POST</span> </code></pre> </div> <p><strong><em>User Registration Lambda Function</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a Lambda function config associated with the source code: user-register.js for adding a new user record into the database</span> <span class="na">registerUserFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">src/handlers/user-register.registerUserHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs18.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">100</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">A HTTP post method to register a user and add record to a DynamoDB table.</span> <span class="na">Policies</span><span class="pi">:</span> <span class="c1"># Give Create/Read/Update/Delete Permissions to the UsersTable</span> <span class="pi">-</span> <span class="na">DynamoDBCrudPolicy</span><span class="pi">:</span> <span class="na">TableName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">UsersTable</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="c1"># Make table name accessible as environment variable from function code during execution</span> <span class="na">USER_TABLE</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">UsersTable</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayEndpoint</span> <span class="c1"># Expose the API through the path /v1/auth/user/register</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/v1/auth/user/register</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">POST</span> <span class="na">Auth</span><span class="pi">:</span> <span class="na">ApiKeyRequired</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p><strong><em>User Login Lambda Function</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># This is a Lambda function config associated with the source code: user-login.js for fetching a user record from the database</span> <span class="na">loginUserFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">src/handlers/user-login.loginUserHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs18.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">100</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">A HTTP post method to login a user and fetch record from a DynamoDB table.</span> <span class="na">Policies</span><span class="pi">:</span> <span class="c1"># Give Create/Read/Update/Delete Permissions to the UsersTable</span> <span class="pi">-</span> <span class="na">DynamoDBCrudPolicy</span><span class="pi">:</span> <span class="na">TableName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">UsersTable</span> <span class="pi">-</span> <span class="na">AWSSecretsManagerGetSecretValuePolicy</span><span class="pi">:</span> <span class="na">SecretArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">JWTUserTokenSecret</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="c1"># Make table name accessible as environment variable from function code during execution</span> <span class="na">USER_TABLE</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">UsersTable</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayEndpoint</span> <span class="c1"># Expose the API through the path /v1/auth/user/login</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/v1/auth/user/login</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">POST</span> <span class="na">Auth</span><span class="pi">:</span> <span class="na">ApiKeyRequired</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p><strong><em>Events DynamoDB Table</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># DynamoDB table to store Event details</span> <span class="na">EventsTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::SimpleTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrimaryKey</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">id</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">ProvisionedThroughput</span><span class="pi">:</span> <span class="na">ReadCapacityUnits</span><span class="pi">:</span> <span class="m">2</span> <span class="na">WriteCapacityUnits</span><span class="pi">:</span> <span class="m">2</span> </code></pre> </div> <p><strong><em>Users DynamoDB Table</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="c1"># DynamoDB table to store User details</span> <span class="na">UsersTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::SimpleTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">PrimaryKey</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">username</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">ProvisionedThroughput</span><span class="pi">:</span> <span class="na">ReadCapacityUnits</span><span class="pi">:</span> <span class="m">2</span> <span class="na">WriteCapacityUnits</span><span class="pi">:</span> <span class="m">2</span> </code></pre> </div> <ul> <li> <code>Outputs</code>: Specifies the values to be exported from the stack once it's created. Outputs can include endpoint URLs, resource IDs, or any other information you want to make accessible after the deployment. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">Outputs</span><span class="pi">:</span> <span class="na">ApiGateway</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">The</span><span class="nv"> </span><span class="s">URL</span><span class="nv"> </span><span class="s">is:"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">https://${ApiGatewayEndpoint}.execute-api.${AWS::Region}.amazonaws.com/Prod/"</span> <span class="na">ApiKey</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">You</span><span class="nv"> </span><span class="s">can</span><span class="nv"> </span><span class="s">find</span><span class="nv"> </span><span class="s">your</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">Key</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">AWS</span><span class="nv"> </span><span class="s">console:</span><span class="nv"> </span><span class="s">(Put</span><span class="nv"> </span><span class="s">in</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">request</span><span class="nv"> </span><span class="s">HEADER</span><span class="nv"> </span><span class="s">as</span><span class="nv"> </span><span class="s">'x-api-key')"</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">https://console.aws.amazon.com/apigateway/home?region=${AWS::Region}#/api-keys/${ApiGatewayEndpointApiKey}"</span> </code></pre> </div> <p><strong>4. Edit the Environment Variables</strong></p> <ul> <li>Modify the <code>env.json</code> file to define our variables for the database names as below. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"getAllEventsFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"SAMPLE_TABLE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EventsTable"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"getEventByIdFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"SAMPLE_TABLE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EventsTable"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"addEventFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"SAMPLE_TABLE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EventsTable"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"registerUserFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"USER_TABLE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"UsersTable"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"loginUserFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"USER_TABLE"</span><span class="p">:</span><span class="w"> </span><span class="s2">"UsersTable"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>5. Install Dependencies</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install API Gateway SDK</span> <span class="nv">$ </span>npm <span class="nb">install</span> @aws-sdk/client-api-gateway <span class="c"># Install Secrets Manager SDK</span> <span class="nv">$ </span>npm <span class="nb">install</span> @aws-sdk/client-secrets-manager <span class="c"># Install jsonwebtoken package for generating JWT tokens</span> <span class="nv">$ </span>npm <span class="nb">install </span>jsonwebtoken <span class="c"># Install bcryptjs package for password encryption</span> <span class="nv">$ </span>npm <span class="nb">install </span>bcryptjs <span class="c"># Install uuid package for generating uuidv4 ids</span> <span class="nv">$ </span>npm <span class="nb">install </span>uuid </code></pre> </div> <p><strong>6. Let's Handle User Registration</strong></p> <ul> <li>Create a new file <code>user-register.mjs</code> under <code>sam-node-api/src/handlers</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">touch </span>src/handlers/user-register.mjs </code></pre> </div> <ul> <li>Add the user registration logic on <code>user-register.mjs</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Import bcrypt for encrypting user password</span> <span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">bcryptjs</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Import uuid for generating unique user ID</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">v4</span> <span class="k">as</span> <span class="nx">uuidv4</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">uuid</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Create a DocumentClient that represents the query to add an item</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">,</span> <span class="nx">PutCommand</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/lib-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DynamoDBClient</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">ddbDocClient</span> <span class="o">=</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="c1">// Get the DynamoDB table name from environment variables</span> <span class="kd">const</span> <span class="nx">tableName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_TABLE</span><span class="p">;</span> <span class="cm">/** * A HTTP post method to add one user to a DynamoDB table. */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">registerUserHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`postMethod only accepts POST method, you tried: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span><span class="p">}</span><span class="s2"> method.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="c1">// Get username and password from the body of the request</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="c1">// Use a random uuidv4 string as a User ID </span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="nf">uuidv4</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">username</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">username</span><span class="p">;</span> <span class="c1">// Generate a hashed password string</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hashSync</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="mi">8</span><span class="p">);</span> <span class="c1">// Creates a new user, or replaces an old user record with a new one</span> <span class="kd">var</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">TableName</span><span class="p">:</span> <span class="nx">tableName</span><span class="p">,</span> <span class="na">Item</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">id</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">username</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">password</span> <span class="p">}</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ddbDocClient</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">PutCommand</span><span class="p">(</span><span class="nx">params</span><span class="p">));</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Success - user registered or updated</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">stack</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">responseData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Registration successful. Proceed to login</span><span class="dl">"</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">username</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">201</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">responseData</span><span class="p">)</span> <span class="p">};</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`response from: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2"> statusCode: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">}</span><span class="s2"> body: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>7. Handle User Login</strong></p> <ul> <li>Create a new file <code>user-login.mjs</code> under <code>sam-node-api/src/handlers</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">touch </span>src/handlers/user-login.mjs </code></pre> </div> <ul> <li>Add the user login logic on <code>user-login.mjs</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Import bcrypt for encrypting user password and comparing the password hash</span> <span class="k">import</span> <span class="nx">bcrypt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">bcryptjs</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Create a DocumentClient that represents the query to add an item</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">,</span> <span class="nx">GetCommand</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/lib-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">GetSecretValueCommand</span><span class="p">,</span> <span class="nx">SecretsManagerClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@aws-sdk/client-secrets-manager</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Import jwt for generating the user token</span> <span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DynamoDBClient</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">ddbDocClient</span> <span class="o">=</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">clientsecret</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecretsManagerClient</span><span class="p">();</span> <span class="c1">// Get the DynamoDB table name from environment variables</span> <span class="kd">const</span> <span class="nx">tableName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">USER_TABLE</span><span class="p">;</span> <span class="cm">/** * A HTTP post method for user login. */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">loginUserHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`postMethod only accepts POST method, you tried: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span><span class="p">}</span><span class="s2"> method.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="c1">// Get username and password from the body of the request</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">username</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">username</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">password</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">password</span><span class="p">;</span> <span class="c1">// Fetch the JWT secret string from AWS Secrets Manager </span> <span class="kd">const</span> <span class="nx">secret_value</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">clientsecret</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetSecretValueCommand</span><span class="p">({</span> <span class="na">SecretId</span><span class="p">:</span> <span class="dl">"</span><span class="s2">JWTUserTokenSecret</span><span class="dl">"</span><span class="p">,</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">jwt_secret</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">secret_value</span><span class="p">.</span><span class="nx">SecretString</span><span class="p">);</span> <span class="kd">var</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">TableName</span><span class="p">:</span> <span class="nx">tableName</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="nx">username</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">var</span> <span class="nx">token</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">status_code</span> <span class="o">=</span> <span class="mi">200</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ddbDocClient</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetCommand</span><span class="p">(</span><span class="nx">params</span><span class="p">));</span> <span class="kd">var</span> <span class="nx">item</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">Item</span><span class="p">;</span> <span class="c1">// Comprate a hash of the received password from the request body with the password hash from the database, if they match login the user and generate a JWT token</span> <span class="k">if </span><span class="p">(</span><span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compareSync</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">item</span><span class="p">.</span><span class="nx">password</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// create JWT token</span> <span class="kd">const</span> <span class="nx">jwttoken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">item</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userName</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="p">},</span> <span class="nx">jwt_secret</span><span class="p">.</span><span class="nx">jwt_secret</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">"</span><span class="s2">1h</span><span class="dl">"</span> <span class="p">}</span> <span class="p">);</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Login successful.</span><span class="dl">"</span><span class="p">;</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwttoken</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">status_code</span> <span class="o">=</span> <span class="mi">403</span><span class="p">;</span> <span class="nx">message</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Wrong password. Try again</span><span class="dl">"</span><span class="p">;</span> <span class="nx">token</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">NOT OKAY</span><span class="dl">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">responseData</span> <span class="o">=</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="nx">message</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">username</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="nx">status_code</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">responseData</span><span class="p">)</span> <span class="p">};</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`response from: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2"> statusCode: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">}</span><span class="s2"> body: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>8. Add Events Logic</strong></p> <ul> <li>Rename the file <code>put-item.mjs</code> in <code>sam-node-api/src/handlers</code> to <code>add-event.mjs</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mv </span>src/handlers/put-item.mjs src/handlers/add-event.mjs </code></pre> </div> <ul> <li>Edit the <code>add-event.mjs</code> file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Create a DocumentClient that represents the query to add an item</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">,</span> <span class="nx">PutCommand</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/lib-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">GetSecretValueCommand</span><span class="p">,</span> <span class="nx">SecretsManagerClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@aws-sdk/client-secrets-manager</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Import jwt for validating the user token</span> <span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DynamoDBClient</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">ddbDocClient</span> <span class="o">=</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">clientsecret</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecretsManagerClient</span><span class="p">();</span> <span class="c1">// Get the DynamoDB table name from environment variables</span> <span class="kd">const</span> <span class="nx">tableName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAMPLE_TABLE</span><span class="p">;</span> <span class="cm">/** * A HTTP post method to add one Event item to a DynamoDB table. */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">addEventHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`postMethod only accepts POST method, you tried: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span><span class="p">}</span><span class="s2"> method.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="c1">// Get token from the authorization header</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token required.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Get Event id, title and description from the body of the request</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">title</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">title</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">description</span> <span class="o">=</span> <span class="nx">body</span><span class="p">.</span><span class="nx">description</span><span class="p">;</span> <span class="c1">// Fetch the JWT secret string from AWS Secrets Manager </span> <span class="kd">const</span> <span class="nx">secret_value</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">clientsecret</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetSecretValueCommand</span><span class="p">({</span> <span class="na">SecretId</span><span class="p">:</span> <span class="dl">"</span><span class="s2">JWTUserTokenSecret</span><span class="dl">"</span><span class="p">,</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">jwt_secret</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">secret_value</span><span class="p">.</span><span class="nx">SecretString</span><span class="p">);</span> <span class="c1">//Check if the token is valid</span> <span class="kd">const</span> <span class="nx">decodedToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">jwt_secret</span><span class="p">.</span><span class="nx">jwt_secret</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decodedToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token invalid or it has expired.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Decode the JWT token to get user data</span> <span class="kd">const</span> <span class="nx">userID</span> <span class="o">=</span> <span class="nx">decodedToken</span><span class="p">.</span><span class="nx">userId</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userName</span> <span class="o">=</span> <span class="nx">decodedToken</span><span class="p">.</span><span class="nx">userName</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">decode-username:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userName</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">decode-userid:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userID</span><span class="p">);</span> <span class="c1">// Creates a new Event item, or replaces an old item with a new item</span> <span class="kd">var</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">TableName</span> <span class="p">:</span> <span class="nx">tableName</span><span class="p">,</span> <span class="na">Item</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span> <span class="p">:</span> <span class="nx">id</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="nx">title</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nx">description</span><span class="p">,</span> <span class="na">added_by</span><span class="p">:</span> <span class="nx">userName</span><span class="p">,</span> <span class="na">added_by_id</span><span class="p">:</span> <span class="nx">userID</span><span class="p">}</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ddbDocClient</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">PutCommand</span><span class="p">(</span><span class="nx">params</span><span class="p">));</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Success - event added successfully</span><span class="dl">"</span><span class="p">,</span> <span class="nx">data</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">stack</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">body</span><span class="p">)</span> <span class="p">};</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`response from: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2"> statusCode: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">}</span><span class="s2"> body: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p><strong>9. View All Events Login</strong></p> <ul> <li>Rename the file <code>get-all-items.mjs</code> in <code>sam-node-api/src/handlers</code> to <code>get-all-events.mjs</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mv </span>src/handlers/get-all-items.mjs src/handlers/get-all-events.mjs </code></pre> </div> <ul> <li>Edit the <code>get-all-events.mjs</code> file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">,</span> <span class="nx">ScanCommand</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/lib-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">GetSecretValueCommand</span><span class="p">,</span> <span class="nx">SecretsManagerClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@aws-sdk/client-secrets-manager</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Import jwt for validating the user token</span> <span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DynamoDBClient</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">ddbDocClient</span> <span class="o">=</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">clientsecret</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecretsManagerClient</span><span class="p">();</span> <span class="c1">// Get the DynamoDB table name from environment variables</span> <span class="kd">const</span> <span class="nx">tableName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAMPLE_TABLE</span><span class="p">;</span> <span class="cm">/** * A HTTP get method to get all events from a DynamoDB table. */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getAllEventsHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`getAllItems only accept GET method, you tried: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="c1">// Get token from the authorization header</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token required.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Fetch the JWT secret string from AWS Secrets Manager </span> <span class="kd">const</span> <span class="nx">secret_value</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">clientsecret</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetSecretValueCommand</span><span class="p">({</span> <span class="na">SecretId</span><span class="p">:</span> <span class="dl">"</span><span class="s2">JWTUserTokenSecret</span><span class="dl">"</span><span class="p">,</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">jwt_secret</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">secret_value</span><span class="p">.</span><span class="nx">SecretString</span><span class="p">);</span> <span class="c1">//Check if the token is valid</span> <span class="kd">const</span> <span class="nx">decodedToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">jwt_secret</span><span class="p">.</span><span class="nx">jwt_secret</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decodedToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token invalid or it has expired.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Get all items from the table (only first 1MB data, you can use `LastEvaluatedKey` to get the rest of data)</span> <span class="kd">var</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">TableName</span> <span class="p">:</span> <span class="nx">tableName</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ddbDocClient</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">ScanCommand</span><span class="p">(</span><span class="nx">params</span><span class="p">));</span> <span class="kd">var</span> <span class="nx">items</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">Items</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">items</span><span class="p">)</span> <span class="p">};</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`response from: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2"> statusCode: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">}</span><span class="s2"> body: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>10. View Event By ID Login</strong></p> <ul> <li>Rename the file <code>get-by-id.mjs</code> in <code>sam-node-api/src/handlers</code> to <code>get-event.mjs</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">mv </span>src/handlers/get-by-id.mjs src/handlers/get-event.mjs </code></pre> </div> <ul> <li>Edit the <code>get-event.mjs</code> file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/client-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">,</span> <span class="nx">GetCommand</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@aws-sdk/lib-dynamodb</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">GetSecretValueCommand</span><span class="p">,</span> <span class="nx">SecretsManagerClient</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@aws-sdk/client-secrets-manager</span><span class="dl">"</span><span class="p">;</span> <span class="c1">// Import jwt for validating the user token</span> <span class="k">import</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DynamoDBClient</span><span class="p">({});</span> <span class="kd">const</span> <span class="nx">ddbDocClient</span> <span class="o">=</span> <span class="nx">DynamoDBDocumentClient</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">client</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">clientsecret</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SecretsManagerClient</span><span class="p">();</span> <span class="c1">// Get the DynamoDB table name from environment variables</span> <span class="kd">const</span> <span class="nx">tableName</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAMPLE_TABLE</span><span class="p">;</span> <span class="cm">/** * A HTTP get method to get one Event item by id from a DynamoDB table. */</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getEventByIdHandler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`getMethod only accept GET method, you tried: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">httpMethod</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">received:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="c1">// Get the token from the authorization header</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">event</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">Authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">"</span><span class="s2"> </span><span class="dl">"</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token required.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Fetch the JWT secret string from AWS Secrets Manager </span> <span class="kd">const</span> <span class="nx">secret_value</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">clientsecret</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetSecretValueCommand</span><span class="p">({</span> <span class="na">SecretId</span><span class="p">:</span> <span class="dl">"</span><span class="s2">JWTUserTokenSecret</span><span class="dl">"</span><span class="p">,</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">jwt_secret</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">secret_value</span><span class="p">.</span><span class="nx">SecretString</span><span class="p">);</span> <span class="c1">//Check if the token is valid</span> <span class="kd">const</span> <span class="nx">decodedToken</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">jwt_secret</span><span class="p">.</span><span class="nx">jwt_secret</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">decodedToken</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Authorization token invalid or it has expired.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Get id from pathParameters from APIGateway because of `/{id}` at template.yaml</span> <span class="kd">const</span> <span class="nx">id</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">pathParameters</span><span class="p">.</span><span class="nx">id</span><span class="p">;</span> <span class="c1">// Get the item from the table</span> <span class="kd">var</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">TableName</span> <span class="p">:</span> <span class="nx">tableName</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">id</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">var</span> <span class="nx">scode</span> <span class="o">=</span> <span class="mi">200</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">bdy</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ddbDocClient</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="k">new</span> <span class="nc">GetCommand</span><span class="p">(</span><span class="nx">params</span><span class="p">));</span> <span class="kd">var</span> <span class="nx">item</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">Item</span><span class="p">;</span> <span class="nx">bdy</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">item</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">bdy</span><span class="p">)</span> <span class="p">{</span> <span class="nx">scode</span> <span class="o">=</span> <span class="mi">404</span><span class="p">;</span> <span class="nx">bdy</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="dl">"</span><span class="s2">Event details not found.</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">Error</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="nx">scode</span> <span class="o">=</span> <span class="mi">400</span><span class="p">;</span> <span class="nx">bdy</span> <span class="o">=</span> <span class="nx">err</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="nx">scode</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">bdy</span> <span class="p">};</span> <span class="c1">// All log statements are written to CloudWatch</span> <span class="nx">console</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`response from: </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">path</span><span class="p">}</span><span class="s2"> statusCode: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">}</span><span class="s2"> body: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><strong>11. Build and Deploy the API</strong></p> <ul> <li>Build the SAM App </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sam build Build Succeeded Built Artifacts : .aws-sam/build Built Template : .aws-sam/build/template.yaml </code></pre> </div> <ul> <li>Deploy the SAM App </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sam deploy <span class="nt">--guided</span> Stack Name <span class="o">[</span>sam-app]: sam-node-app AWS Region <span class="o">[</span>us-east-1]: us-east-1 <span class="c">#Shows you resources changes to be deployed and require a 'Y' to initiate deploy</span> Confirm changes before deploy <span class="o">[</span>y/N]: y <span class="c">#SAM needs permission to be able to create roles to connect to the resources in your template</span> Allow SAM CLI IAM role creation <span class="o">[</span>Y/n]: Y <span class="c">#Preserves the state of previously provisioned resources when an operation fails</span> Disable rollback <span class="o">[</span>y/N]: N Save arguments to configuration file <span class="o">[</span>Y/n]: Y SAM configuration file <span class="o">[</span>samconfig.toml]: SAM configuration environment <span class="o">[</span>default]: Deploy this changeset? <span class="o">[</span>y/N]: y CloudFormation outputs from deployed stack <span class="nt">---------------</span> Outputs <span class="nt">---------------</span> Key ApiKey Description You can find your API Key <span class="k">in </span>the AWS console: <span class="o">(</span>Put <span class="k">in </span>the request HEADER as <span class="s1">'x-api-key'</span><span class="o">)</span> Value https://console.aws.amazon.com/apigateway/home?region<span class="o">=</span>us-east-1#/api-keys/w22y9chd81 Key ApiGateway Description The URL is: Value https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/ <span class="nt">-----------------</span> Successfully created/updated stack - sam-node-app <span class="k">in </span>us-east-1 </code></pre> </div> <p><strong>12. Test the API</strong></p> <ul> <li>Test user registration </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-X</span> POST <span class="nt">--header</span> <span class="s2">"Content-Type: application/json"</span> <span class="nt">--data</span> <span class="s1">'{"username":"bmacharia", "password":"pAssW0rd@s3cr3t"}'</span> https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/v1/auth/user/register HTTP/1.1 200 OK <span class="o">{</span><span class="s2">"message"</span>:<span class="s2">"Registration successful. Proceed to login"</span>,<span class="s2">"username"</span>:<span class="s2">"bmacharia"</span><span class="o">}</span>% </code></pre> </div> <ul> <li>Test user login </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-X</span> POST <span class="nt">--header</span> <span class="s2">"Content-Type: application/json"</span> <span class="nt">--data</span> <span class="s1">'{"username":"bmacharia", "password":"pAssW0rd@s3cr3t"}'</span> https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/v1/auth/user/login HTTP/1.1 200 OK <span class="o">{</span><span class="s2">"message"</span>:<span class="s2">"Login successful."</span>,<span class="s2">"user"</span>:<span class="o">{</span><span class="s2">"username"</span>:<span class="s2">"bmacharia"</span>,<span class="s2">"token"</span>:<span class="s2">"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NDMxMTU5Ny05YTlkLTQ2NDEtYjBjMS1mYTUzMGIzNTkwNzYiLCJ1c2VyTmFtZSI6ImJtYWNoYXJpYSIsImlhdCI6MTY5ODk2MjM2OSwiZXhwIjoxNjk4OTY1OTY5fQ.keoma2P6fdXnkrRklWX1vVoyaUXB_G06p6gvQLyOHHY"</span><span class="o">}}</span>% </code></pre> </div> <ul> <li>Test creating event </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-X</span> POST <span class="nt">--header</span> <span class="s2">"Content-Type: application/json"</span> <span class="nt">--header</span> <span class="s2">"x-api-key: Laqoh0N6kCao2yw4SeDxCa9pwRdjxwra267VGjMH"</span> <span class="nt">--header</span> <span class="s2">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NDMxMTU5Ny05YTlkLTQ2NDEtYjBjMS1mYTUzMGIzNTkwNzYiLCJ1c2VyTmFtZSI6ImJtYWNoYXJpYSIsImlhdCI6MTY5ODk2MjM2OSwiZXhwIjoxNjk4OTY1OTY5fQ.keoma2P6fdXnkrRklWX1vVoyaUXB_G06p6gvQLyOHHY"</span> <span class="nt">--data</span> <span class="s1">'{"id":"2", "title":"Cybersecurity Summit", "description":"Downtown Hotel, 31st December 2023"}'</span> https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/v1/api/event HTTP/1.1 200 OK <span class="o">{</span><span class="s2">"id"</span>:<span class="s2">"2"</span>,<span class="s2">"title"</span>:<span class="s2">"Cybersecurity Summit"</span>,<span class="s2">"description"</span>:<span class="s2">"Downtown Hotel, 31st December 2023"</span><span class="o">}</span>% </code></pre> </div> <ul> <li>Test getting all events </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">--header</span> <span class="s2">"Content-Type: application/json"</span> <span class="nt">--header</span> <span class="s2">"x-api-key: Laqoh0N6kCao2yw4SeDxCa9pwRdjxwra267VGjMH"</span> <span class="nt">--header</span> <span class="s2">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NDMxMTU5Ny05YTlkLTQ2NDEtYjBjMS1mYTUzMGIzNTkwNzYiLCJ1c2VyTmFtZSI6ImJtYWNoYXJpYSIsImlhdCI6MTY5ODk2MjM2OSwiZXhwIjoxNjk4OTY1OTY5fQ.keoma2P6fdXnkrRklWX1vVoyaUXB_G06p6gvQLyOHHY"</span> https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/v1/api/events HTTP/1.1 200 OK <span class="o">[{</span><span class="s2">"description"</span>:<span class="s2">"Downtown Hotel, 31st December 2023"</span>,<span class="s2">"id"</span>:<span class="s2">"2"</span>,<span class="s2">"title"</span>:<span class="s2">"Cybersecurity Summit"</span>,<span class="s2">"added_by"</span>:<span class="s2">"bmacharia"</span>,<span class="s2">"added_by_id"</span>:<span class="s2">"84311597-9a9d-4641-b0c1-fa530b359076"</span><span class="o">}</span>,<span class="o">{</span><span class="s2">"description"</span>:<span class="s2">"Whitesands Hotel, 1st January 2024"</span>,<span class="s2">"id"</span>:<span class="s2">"1"</span>,<span class="s2">"title"</span>:<span class="s2">"GRC Conference"</span>,<span class="s2">"added_by"</span>:<span class="s2">"bmacharia"</span>,<span class="s2">"added_by_id"</span>:<span class="s2">"84311597-9a9d-4641-b0c1-fa530b359076"</span><span class="o">}]</span>% </code></pre> </div> <ul> <li>Get Event By ID </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">--header</span> <span class="s2">"Content-Type: application/json"</span> <span class="nt">--header</span> <span class="s2">"x-api-key: Laqoh0N6kCao2yw4SeDxCa9pwRdjxwra267VGjMH"</span> <span class="nt">--header</span> <span class="s2">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI4NDMxMTU5Ny05YTlkLTQ2NDEtYjBjMS1mYTUzMGIzNTkwNzYiLCJ1c2VyTmFtZSI6ImJtYWNoYXJpYSIsImlhdCI6MTY5ODk2MjM2OSwiZXhwIjoxNjk4OTY1OTY5fQ.keoma2P6fdXnkrRklWX1vVoyaUXB_G06p6gvQLyOHHY"</span> https://d2io9v58l4.execute-api.us-east-1.amazonaws.com/Prod/v1/api/event/1 HTTP/1.1 200 OK <span class="o">{</span><span class="s2">"description"</span>:<span class="s2">"Whitesands Hotel, 1st January 2024"</span>,<span class="s2">"id"</span>:<span class="s2">"1"</span>,<span class="s2">"title"</span>:<span class="s2">"GRC Conference"</span>,<span class="s2">"added_by"</span>:<span class="s2">"bmacharia"</span>,<span class="s2">"added_by_id"</span>:<span class="s2">"84311597-9a9d-4641-b0c1-fa530b359076"</span><span class="o">}</span>% </code></pre> </div> <p><strong>13. Clean Up</strong></p> <ul> <li>Delete the SAM App </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>sam delete <span class="nt">--stack-name</span> sam-node-app Are you sure you want to delete the stack sam-node-app <span class="k">in </span>the region us-east-1 ? <span class="o">[</span>y/N]: y Are you sure you want to delete the folder sam-node-app <span class="k">in </span>S3 which contains the artifacts? <span class="o">[</span>y/N]: y Deleted successfully </code></pre> </div> node aws serverless awssam Role-based Access Control in Golang with jwt-go Benson Macharia Tue, 20 Jun 2023 18:46:50 +0000 https://dev.to/bensonmacharia/role-based-access-control-in-golang-with-jwt-go-ijn https://dev.to/bensonmacharia/role-based-access-control-in-golang-with-jwt-go-ijn <p>As a security engineer, what's the first thing you check when testing a web or mobile application? Access control misconfigurations must be at the top of your list if you like going for the low hanging fruits first. </p> <p>Surprisingly, access control is one of the components that application developers think will be simple, but ends up taking much of their time with no end user value, and even worse ends being poorly done, tremendous exposing the application to security risks. It is no coincidence that Authentication and Authorization related issues take the first two positions in the <a href="https://owasp.org/API-Security/editions/2023/en/0x11-t10//" rel="noopener noreferrer">OWASP Top 10 - 2023</a> list of common API security risks.</p> <p>For this reason, in this article I am going to illustrate the application of Role-based Access Control; a simple and yet secure access control approach for enterprise APIs.</p> <p><strong>Role-based Access Control (RBAC)</strong><br> <a href="https://auth0.com/docs/manage-users/access-control/rbac" rel="noopener noreferrer">Role-based Access Control</a> is a mechanism that restricts access to an information system based on user job functions or roles. Access to data is restricted through permissions and privileges that are attached to different user roles. </p> <p><strong>Let's Build</strong><br> By the end of this article we are going build a simple room booking API with <a href="https://go.dev/" rel="noopener noreferrer">Go</a> that will allow visitors to view available rooms as well as register, login and book rooms. There will also be an administrator who will have the permissions map user to permissions as well as add and update rooms information.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmhbz445uqftysbg9zq2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmhbz445uqftysbg9zq2.png" alt="Image description" width="437" height="292"></a></p> <p><strong>Prerequisites</strong></p> <ul> <li>Basic knowledge of Go</li> <li>Patience 😄</li> </ul> <p><strong>Source Code</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">git</span> <span class="n">clone</span> <span class="n">https</span><span class="o">:</span><span class="c">//github.com/bensonmacharia/jwt-go-rbac.git</span> </code></pre> </div> <p><em><strong>Step 1: Setting up the environment</strong></em></p> <ul> <li>Get your favourite IDE, mine is <a href="https://code.visualstudio.com/" rel="noopener noreferrer">vscode</a> </li> <li>Download and install <a href="https://go.dev/doc/install" rel="noopener noreferrer">Go</a> </li> <li>Confirm installed go version </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">version</span> <span class="k">go</span> <span class="n">version</span> <span class="n">go1</span><span class="m">.19.4</span> <span class="n">darwin</span><span class="o">/</span><span class="n">arm64</span> </code></pre> </div> <ul> <li> <a href="https://dev.mysql.com/doc/mysql-installation-excerpt/5.7/en/" rel="noopener noreferrer">Install MySQL</a> and test connection </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// confirm installation by checking version</span> <span class="err">$</span> <span class="n">mysql</span> <span class="o">--</span><span class="n">version</span> <span class="n">mysql</span> <span class="n">Ver</span> <span class="m">8.0.32</span> <span class="k">for</span> <span class="n">macos12</span><span class="m">.6</span> <span class="n">on</span> <span class="n">arm64</span> <span class="p">(</span><span class="n">Homebrew</span><span class="p">)</span> <span class="c">// test connection</span> <span class="err">$</span> <span class="n">mysql</span> <span class="o">-</span><span class="n">u</span> <span class="n">bmacharia</span> <span class="o">-</span><span class="n">p</span> <span class="n">Enter</span> <span class="n">password</span><span class="o">:</span> <span class="n">mysql</span><span class="o">&gt;</span> </code></pre> </div> <ul> <li>Create a database </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// create database</span> <span class="nx">$</span> <span class="nx">mysql</span><span class="o">&gt;</span> <span class="nx">CREATE</span> <span class="nx">DATABASE</span> <span class="nx">jwt_go_rbac</span><span class="p">;</span> <span class="nx">Query</span> <span class="nx">OK</span><span class="p">,</span> <span class="mi">1</span> <span class="nx">row</span> <span class="nf">affected </span><span class="p">(</span><span class="mf">0.07</span> <span class="nx">sec</span><span class="p">)</span> <span class="c1">// confirm database creation</span> <span class="nx">$</span> <span class="nx">mysql</span><span class="o">&gt;</span> <span class="nx">show</span> <span class="nx">databases</span><span class="p">;</span> <span class="o">+-------------------------+</span> <span class="o">|</span> <span class="nx">Database</span> <span class="o">|</span> <span class="o">+-------------------------+</span> <span class="o">|</span> <span class="o">|</span> <span class="nx">information_schema</span> <span class="o">|</span> <span class="o">|</span> <span class="nx">jwt_go_rbac</span> <span class="o">|</span> <span class="o">|</span> <span class="nx">mysql</span> <span class="o">|</span> <span class="o">|</span> <span class="nx">performance_schema</span> <span class="o">|</span> <span class="o">|</span> <span class="nx">sys</span> <span class="o">|</span> <span class="o">+-------------------------+</span> <span class="mi">5</span> <span class="nx">rows</span> <span class="k">in</span> <span class="nf">set </span><span class="p">(</span><span class="mf">0.01</span> <span class="nx">sec</span><span class="p">)</span> </code></pre> </div> <p><strong><em>Step 2: Setting up the project</em></strong></p> <ul> <li>Create project folder and initialise go project </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">mkdir</span> <span class="n">jwt</span><span class="o">-</span><span class="k">go</span><span class="o">-</span><span class="n">rbac</span> <span class="err">$</span> <span class="n">cd</span> <span class="n">jwt</span><span class="o">-</span><span class="k">go</span><span class="o">-</span><span class="n">rbac</span> <span class="err">$</span> <span class="k">go</span> <span class="n">mod</span> <span class="n">init</span> <span class="n">bmacharia</span><span class="o">/</span><span class="n">jwt</span><span class="o">-</span><span class="k">go</span><span class="o">-</span><span class="n">rbac</span> <span class="k">go</span><span class="o">:</span> <span class="n">creating</span> <span class="nb">new</span> <span class="k">go</span><span class="o">.</span><span class="n">mod</span><span class="o">:</span> <span class="n">module</span> <span class="n">bmacharia</span><span class="o">/</span><span class="n">jwt</span><span class="o">-</span><span class="k">go</span><span class="o">-</span><span class="n">rbac</span> </code></pre> </div> <ul> <li>Create the main.go and .env files </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// main go application file</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> <span class="c">// environment variables configuration file</span> <span class="err">$</span> <span class="n">touch</span> <span class="o">.</span><span class="n">env</span> </code></pre> </div> <ul> <li>Open the project in your IDE and edit the .env file as below</li> </ul> <div class="ltag_gist-liquid-tag"> </div> <p><strong><em>Step 3: Configure the database connection</em></strong></p> <ul> <li>Install required packages </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// package to load .env file</span> <span class="err">$</span> <span class="k">go</span> <span class="n">get</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">joho</span><span class="o">/</span><span class="n">godotenv</span> <span class="c">// package to allow connection to MySQL database</span> <span class="err">$</span> <span class="k">go</span> <span class="n">get</span> <span class="o">-</span><span class="n">u</span> <span class="n">gorm</span><span class="o">.</span><span class="n">io</span><span class="o">/</span><span class="n">driver</span><span class="o">/</span><span class="n">mysql</span> <span class="c">// a simple Go HTTP web framework</span> <span class="err">$</span> <span class="k">go</span> <span class="n">get</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">gin</span><span class="o">-</span><span class="n">gonic</span><span class="o">/</span><span class="n">gin</span> <span class="c">// ORM (Object Relational Mapping) library for Go</span> <span class="err">$</span> <span class="k">go</span> <span class="n">get</span> <span class="o">-</span><span class="n">u</span> <span class="n">gorm</span><span class="o">.</span><span class="n">io</span><span class="o">/</span><span class="n">gorm</span> <span class="c">// jwt-go package</span> <span class="err">$</span> <span class="k">go</span> <span class="n">get</span> <span class="o">-</span><span class="n">u</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">golang</span><span class="o">-</span><span class="n">jwt</span><span class="o">/</span><span class="n">jwt</span><span class="o">/</span><span class="n">v5</span> </code></pre> </div> <ul> <li>Create a database connection file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// create a database folder and a file inside it</span> <span class="err">$</span> <span class="n">mkdir</span> <span class="n">database</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">database</span><span class="o">/</span><span class="n">database</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>Edit the database.go file as below. We are using GORM to initiate a connection to MySQL database.</li> </ul> <div class="ltag_gist-liquid-tag"> </div> <ul> <li> <p>Edit the main.go file to test database connection. In this file we are loading the .env file, database connection and starting the gin web server on port 8000<br> </p> <div class="ltag_gist-liquid-tag"> </div> </li> <li><p>Test database connection by running the <code>go run</code> command<br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">run</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> <span class="m">2023</span><span class="o">/</span><span class="m">05</span><span class="o">/</span><span class="m">01</span> <span class="m">23</span><span class="o">:</span><span class="m">25</span><span class="o">:</span><span class="m">13</span> <span class="o">.</span><span class="n">env</span> <span class="n">file</span> <span class="n">loaded</span> <span class="n">successfully</span> <span class="m">2023</span><span class="o">/</span><span class="m">05</span><span class="o">/</span><span class="m">01</span> <span class="m">23</span><span class="o">:</span><span class="m">25</span><span class="o">:</span><span class="m">13</span> <span class="s">`Successfully connected to the database [GIN-debug] Listening and serving HTTP on :8000 </span></code></pre> </div> <p><strong><em>Step 4: Create database models</em></strong></p> <ul> <li>Create the user and role models. The user model defines the user object details as well as user properties in the database. On the other hand, the role model details properties about a role to be assigned to each user. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// create a user.go file inside the model directory</span> <span class="err">$</span> <span class="n">mkdir</span> <span class="n">model</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">model</span><span class="o">/</span><span class="n">user</span><span class="o">.</span><span class="k">go</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">model</span><span class="o">/</span><span class="n">role</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>model/user.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>model/role.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>Run database migrations </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">//edit main.go file to add automigration script</span> <span class="o">...</span> <span class="c">// run database migrations and add seed data</span> <span class="k">func</span> <span class="n">loadDatabase</span><span class="p">()</span> <span class="p">{</span> <span class="n">database</span><span class="o">.</span><span class="n">InitDb</span><span class="p">()</span> <span class="n">database</span><span class="o">.</span><span class="n">Db</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">Role</span><span class="p">{})</span> <span class="n">database</span><span class="o">.</span><span class="n">Db</span><span class="o">.</span><span class="n">AutoMigrate</span><span class="p">(</span><span class="o">&amp;</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{})</span> <span class="n">seedData</span><span class="p">()</span> <span class="p">}</span> <span class="c">// load seed data into the database</span> <span class="k">func</span> <span class="n">seedData</span><span class="p">()</span> <span class="p">{</span> <span class="k">var</span> <span class="n">roles</span> <span class="o">=</span> <span class="p">[]</span><span class="n">model</span><span class="o">.</span><span class="n">Role</span><span class="p">{{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"admin"</span><span class="p">,</span> <span class="n">Description</span><span class="o">:</span> <span class="s">"Administrator role"</span><span class="p">},</span> <span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"customer"</span><span class="p">,</span> <span class="n">Description</span><span class="o">:</span> <span class="s">"Authenticated customer role"</span><span class="p">},</span> <span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"anonymous"</span><span class="p">,</span> <span class="n">Description</span><span class="o">:</span> <span class="s">"Unauthenticated customer role"</span><span class="p">}}</span> <span class="k">var</span> <span class="n">user</span> <span class="o">=</span> <span class="p">[]</span><span class="n">model</span><span class="o">.</span><span class="n">User</span><span class="p">{{</span><span class="n">Username</span><span class="o">:</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"ADMIN_USERNAME"</span><span class="p">),</span> <span class="n">Email</span><span class="o">:</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"ADMIN_EMAIL"</span><span class="p">),</span> <span class="n">Password</span><span class="o">:</span> <span class="n">os</span><span class="o">.</span><span class="n">Getenv</span><span class="p">(</span><span class="s">"ADMIN_PASSWORD"</span><span class="p">),</span> <span class="n">RoleID</span><span class="o">:</span> <span class="m">1</span><span class="p">}}</span> <span class="n">database</span><span class="o">.</span><span class="n">Db</span><span class="o">.</span><span class="n">Save</span><span class="p">(</span><span class="o">&amp;</span><span class="n">roles</span><span class="p">)</span> <span class="n">database</span><span class="o">.</span><span class="n">Db</span><span class="o">.</span><span class="n">Save</span><span class="p">(</span><span class="o">&amp;</span><span class="n">user</span><span class="p">)</span> <span class="p">}</span> <span class="c">// run migration</span> <span class="err">$</span> <span class="k">go</span> <span class="n">run</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> <span class="o">..</span> </code></pre> </div> <ul> <li>Confirm that users and roles tables have been created </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">mysql</span><span class="o">&gt;</span> <span class="k">show</span> <span class="n">tables</span><span class="p">;</span> <span class="o">+</span><span class="c1">-----------------------+</span> <span class="o">|</span> <span class="n">Tables_in_jwt_go_rbac</span> <span class="o">|</span> <span class="o">+</span><span class="c1">-----------------------+</span> <span class="o">|</span> <span class="n">roles</span> <span class="o">|</span> <span class="o">|</span> <span class="n">users</span> <span class="o">|</span> <span class="o">+</span><span class="c1">-----------------------+</span> <span class="mi">2</span> <span class="k">rows</span> <span class="k">in</span> <span class="k">set</span> <span class="p">(</span><span class="mi">0</span><span class="p">.</span><span class="mi">01</span> <span class="n">sec</span><span class="p">)</span> <span class="n">mysql</span><span class="o">&gt;</span> <span class="k">desc</span> <span class="n">users</span><span class="p">;</span> <span class="n">mysql</span><span class="o">&gt;</span> <span class="k">desc</span> <span class="n">roles</span><span class="p">;</span> <span class="n">mysql</span><span class="o">&gt;</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">roles</span><span class="p">;</span> <span class="n">mysql</span><span class="o">&gt;</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">users</span><span class="p">;</span> </code></pre> </div> <ul> <li>Create models for user registration, login and update </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">touch</span> <span class="n">model</span><span class="o">/</span><span class="n">register</span><span class="o">.</span><span class="k">go</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">model</span><span class="o">/</span><span class="n">login</span><span class="o">.</span><span class="k">go</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">model</span><span class="o">/</span><span class="n">update</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>model/register.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>model/login.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>model/update.go <div class="ltag_gist-liquid-tag"> </div> </li> </ul> <p><strong><em>Step 5: Create controllers to interact with database content</em></strong></p> <ul> <li>Create the role and user controller files </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">touch</span> <span class="n">controller</span><span class="o">/</span><span class="n">role</span><span class="o">.</span><span class="k">go</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">controller</span><span class="o">/</span><span class="n">user</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>controller/role.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>controller/user.go <div class="ltag_gist-liquid-tag"> </div> </li> <li>Add registration and login routes </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// edit main.go</span> <span class="k">func</span> <span class="n">serveApplication</span><span class="p">()</span> <span class="p">{</span> <span class="n">router</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">authRoutes</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/auth/user"</span><span class="p">)</span> <span class="c">// registration route</span> <span class="n">authRoutes</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/register"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">Register</span><span class="p">)</span> <span class="c">// login route</span> <span class="n">authRoutes</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/login"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">Login</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">":8000"</span><span class="p">)</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Server running on port 8000"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Test user registration and login </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// run the application</span> <span class="err">$</span> <span class="k">go</span> <span class="n">run</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> <span class="c">// register user</span> <span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/auth/user/register \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"username"</span><span class="o">:</span> <span class="s">"test"</span><span class="p">,</span><span class="s">"email"</span><span class="o">:</span><span class="s">"test@bmacharia.com"</span><span class="p">,</span><span class="s">"password"</span><span class="o">:</span><span class="s">"super^Secret!007"</span><span class="p">}</span><span class="err">'</span> <span class="c">// test user login</span> <span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/auth/user/login \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"username"</span><span class="o">:</span> <span class="s">"test"</span><span class="p">,</span><span class="s">"password"</span><span class="o">:</span><span class="s">"super^Secret!007"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <p><em><strong>Step 6. Add JWT utility for token creation and validation</strong></em></p> <ul> <li>To create a secure Role-based authentication scheme, we need to generate a unique token when the user authenticates. This is then used to track their assigned role as they consume the availed resources. In this project we are going to use the <a href="https://github.com/golang-jwt/jwt" rel="noopener noreferrer">jwt-go</a> package to generate a <a href="https://jwt.io/introduction" rel="noopener noreferrer">JWT</a> token that will encapsulate the user details, assigned role and permissions.</li> <li>Create the JWT utility files </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// create a util directory</span> <span class="err">$</span> <span class="n">mkdir</span> <span class="n">util</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">jwt</span><span class="o">.</span><span class="k">go</span> <span class="err">$</span> <span class="n">touch</span> <span class="n">jwtAuth</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>jwt.go <div class="ltag_gist-liquid-tag"> </div> </li> <li> <p>jwtAuth.go<br></p> <div class="ltag_gist-liquid-tag"> </div> </li> <li><p>Add token to user login response<br><br> </p></li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// edit user controller and append </span> <span class="k">func</span> <span class="n">Login</span><span class="p">(</span><span class="n">context</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">jwt</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">util</span><span class="o">.</span><span class="n">GenerateJWT</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">context</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"error"</span><span class="o">:</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">()})</span> <span class="k">return</span> <span class="p">}</span> <span class="n">context</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span><span class="s">"token"</span><span class="o">:</span> <span class="n">jwt</span><span class="p">,</span> <span class="s">"username"</span><span class="o">:</span> <span class="n">input</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="s">"message"</span><span class="o">:</span> <span class="s">"Successfully logged in"</span><span class="p">})</span> <span class="p">}</span> </code></pre> </div> <ul> <li>Add admin functions routes </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// edit main.go</span> <span class="k">func</span> <span class="n">serveApplication</span><span class="p">()</span> <span class="p">{</span> <span class="n">adminRoutes</span> <span class="o">:=</span> <span class="n">router</span><span class="o">.</span><span class="n">Group</span><span class="p">(</span><span class="s">"/admin"</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">Use</span><span class="p">(</span><span class="n">util</span><span class="o">.</span><span class="n">JWTAuth</span><span class="p">())</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/users"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">GetUsers</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/user/:id"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">GetUser</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">PUT</span><span class="p">(</span><span class="s">"/user/:id"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">UpdateUser</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">POST</span><span class="p">(</span><span class="s">"/user/role"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">CreateRole</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/user/roles"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">GetRoles</span><span class="p">)</span> <span class="n">adminRoutes</span><span class="o">.</span><span class="n">PUT</span><span class="p">(</span><span class="s">"/user/role/:id"</span><span class="p">,</span> <span class="n">controller</span><span class="o">.</span><span class="n">UpdateRole</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><strong><em>Step 7: Run and Test Admin Funtions</em></strong></p> <ul> <li>Run API </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="k">go</span> <span class="n">run</span> <span class="n">main</span><span class="o">.</span><span class="k">go</span> </code></pre> </div> <ul> <li>Admin login </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// admin user login</span> <span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/auth/user/login \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"username"</span><span class="o">:</span> <span class="s">"test"</span><span class="p">,</span><span class="s">"password"</span><span class="o">:</span><span class="s">"super^Secret!007"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>Get All Users </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// use admin token from login response</span> <span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/users \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"username"</span><span class="o">:</span> <span class="s">"test"</span><span class="p">,</span><span class="s">"password"</span><span class="o">:</span><span class="s">"super^Secret!007"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>Get User by ID </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/user/1 \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> </code></pre> </div> <ul> <li>Update User </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">PUT</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/user/2 \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"username"</span><span class="o">:</span> <span class="s">"test"</span><span class="p">,</span><span class="s">"email"</span><span class="o">:</span><span class="s">"test@gmail.com"</span><span class="p">,</span><span class="s">"role_id"</span><span class="o">:</span><span class="s">"2"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>Create Role </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/user/role \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"name"</span><span class="o">:</span> <span class="s">"testing"</span><span class="p">,</span><span class="s">"description"</span><span class="o">:</span><span class="s">"Test user role"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>Get All Roles </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/user/roles \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> </code></pre> </div> <ul> <li>Update Role </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">PUT</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/user/role/4 \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"name"</span><span class="o">:</span><span class="s">"accountant"</span><span class="p">,</span><span class="s">"description"</span><span class="o">:</span><span class="s">"Accountant user role"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>Add Room </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/room/add \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODQ0NDc1ODQsImlhdCI6MTY4NDQ0NTc4NCwiaWQiOjEsInJvbGUiOjF9.CKQf2GggCP1cnGqfTp_2R77Q7GsQBX_dxf5PSLEbTx8"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"name"</span><span class="o">:</span> <span class="s">"Room 9"</span><span class="p">,</span><span class="s">"location"</span><span class="o">:</span><span class="s">"Second Floor"</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>List all Rooms </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/api/view/rooms \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> </code></pre> </div> <ul> <li>Get Room by ID </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/api/view/room/3 \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> </code></pre> </div> <p><strong><em>Step 8: Test the room booking service</em></strong></p> <ul> <li>Book a Room </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">POST</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/api/room/book \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODUyMjk0MDEsImlhdCI6MTY4NTIyNzYwMSwiaWQiOjI0LCJyb2xlIjoyfQ.h8R51DA5N_xeCa8xR1HLeOo4JTmIGjUp3oMPJLuBv3g"</span> <span class="err">\</span> <span class="o">-</span><span class="n">d</span> <span class="err">'</span><span class="p">{</span><span class="s">"room_id"</span><span class="o">:</span> <span class="m">3</span><span class="p">}</span><span class="err">'</span> </code></pre> </div> <ul> <li>List all Bookings </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/admin/room/bookings \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODcyOTkyMTAsImlhdCI6MTY4NzI5NzQxMCwiaWQiOjEsInJvbGUiOjF9.3oztz8EgE-l3byKWzCI760FE-BmRY7B-BohnYydDElc"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> </code></pre> </div> <ul> <li>List all User Bookings </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="err">$</span> <span class="n">curl</span> <span class="o">-</span><span class="n">X</span> <span class="n">GET</span> <span class="n">http</span><span class="o">:</span><span class="c">//localhost:8000/api/rooms/booked \</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Content-Type: application/json"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlYXQiOjE2ODUyMjk0MDEsImlhdCI6MTY4NTIyNzYwMSwiaWQiOjI0LCJyb2xlIjoyfQ.h8R51DA5N_xeCa8xR1HLeOo4JTmIGjUp3oMPJLuBv3g"</span> <span class="err">\</span> <span class="o">-</span><span class="n">H</span> <span class="s">"Accept: application/json"</span> </code></pre> </div> <p><strong>Winding up</strong><br> RBAC presents the simplest form of access control that can help prevent unauthorised access to data. This facilitates compliance to various regulatory and compliance requirements especially those related to data protection, privacy and system access. With RBAC, it's also easy to maintain an audit trail of all user activities which can significantly help speed up incident response process.</p> <p><strong>Let's connect</strong><br> <a href="https://www.linkedin.com/in/benson-macharia/" rel="noopener noreferrer">LinkedIn</a><br> <a href="https://twitter.com/bensonmachariah" rel="noopener noreferrer">Twitter</a><br> <a href="https://bmacharia.com/" rel="noopener noreferrer">Blog</a></p> devsecops go apisec rbac AWS CloudWatch Logging for Golang Microservices on EKS with Logrus and Fluent bit Benson Macharia Tue, 07 Feb 2023 19:57:55 +0000 https://dev.to/aws-builders/aws-cloudwatch-logging-for-golang-microservices-on-eks-with-logrus-and-fluent-bit-3nhd https://dev.to/aws-builders/aws-cloudwatch-logging-for-golang-microservices-on-eks-with-logrus-and-fluent-bit-3nhd <p>With the API-first approach of building software products becoming prominent and APIs now making up the most common communication channel for internet traffic, API security becomes paramount. <br> API logging and monitoring is a key component in securing APIs, amongst others that include discovery, vulnerability management and compliance. APIs should have an inbuilt mechanism to collect access and transaction activities which can aid in their monitoring to identify potentially malicious activity. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dh5kj5mk0tpdr0srwaf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dh5kj5mk0tpdr0srwaf.png" alt="API Logging on AWS EKS" width="800" height="356"></a><br> Golang being one of the most popular frameworks for developing APIs due to its performance and support for concurrency, I have created a guide to aid developers collect API logs through the Go LogRus library and forward such to AWS CloudWatch from a microservice deployed in AWS EKS.</p> <p><a href="https://lnkd.in/d3qTv74h" rel="noopener noreferrer">Check it here</a></p> devto announcement web3 crypto