search

aws-samples / cloudfront-authorization-at-edge

Protect downloads of your content hosted on CloudFront with Cognito authentication using cookies and Lambda@Edge
https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-using-cookies-protect-your-amazon-cloudfront-content-from-being-downloaded-by-unauthenticated-users/
MIT No Attribution
461 stars 157 forks source link

Node version bump #235

Closed kraleva closed 3 months ago

kraleva commented 1 year ago

Hey, first thanks for the project, you provided. It's really cool !

I just wanted to mention, that maybe it might be a good idea to bump the node version of the tsconfig file. Currently, node 20 is already released whereas the project uses the config for node14, which might be suboptimal.

ottokruse commented 1 year ago

Good idea and ... great opportunity for a contribution? Only one line to change: https://github.com/aws-samples/cloudfront-authorization-at-edge/blob/efc0aef2199ec690e6ea003b2206bdc1caf3ecf8/template.yaml#L293

Looking forward to the PR :)

ottokruse commented 1 year ago

Had a look myself and it turned out to be more involving because with Node18 the aws-sdk is no longer available in the Lambda runtime enviroment, so you need to include it yourself (or switch to the V3 SDK which is even more involving). Had an attempt but then ran into this issue https://github.com/npm/cli/issues/4783 when building the React App.

ottokruse commented 1 year ago

Updated to Node 16 for now

takeshi-mori-ca commented 6 months ago

Thank you for the very helpful sample. Node.js 16 has been deprecated, are there any plans to update it?

https://docs.aws.amazon.com/ja_jp/lambda/latest/dg/lambda-runtimes.html

ottokruse commented 6 months ago

Plans yes, but we didn't get to it yet. If you want to send a PR don't hold back :)

scar4me commented 5 months ago

FYI, for anyone looking to deploy these as Lambda's with Node20.x I made progress, but there is still a way to go.

My try to make this work found src/lambda-edge/shared/shared.tsrequired 2 changes:

13import SSM = require("@aws-sdk/client-ssm");

183const getPathParams = await ssm.getParametersByPathCommand(pathParams).promise();

Then by packaging the provided existing function typescript code with esbuilder with the following tsconfig.json settings:

"compilerOptions": {
        "allowSyntheticDefaultImports": true,
        "lib": ["ES2022"],
        "module": "ES2022",
        "moduleResolution": "node",
        "target": "ES2022"
},

We also now have this packaged for deployment within terraform automation pipelines using this terraform provider: https://registry.terraform.io/providers/jSherz/node-lambda-packager/latest And the module var set to:

args = [
    "--bundle",
    "--external:@aws-sdk*",
    "--external:axios",
    "--external:cookie",
    "--external:jsonwebtoken",
    "--external:jwks-rsa",
    "--external:./error-page/template.html",
    "--minify",
    "--platform=node",
    "--sourcemap",
    "--target=es2022",
    "--sourcemap=inline",
  ]

We are only using the following: check-headers, http-headers, parse-auth, refresh-auth, sign-out functions.

After some further testing the above is close, but still has some fundamental backend issues with the transfer to sdk3. Hopefully this is useful to people in the future who go down this rabbit hole. I'll dedicate some more time to this at a later date when I get a chance.

ottokruse commented 3 months ago

Upgraded to Node v20!

https://github.com/aws-samples/cloudfront-authorization-at-edge/releases/tag/v2.2.1