search

dherault / serverless-offline

Emulate AWS λ and API Gateway locally when developing your Serverless project
MIT License
5.16k stars 794 forks source link

Support lambda direct requests over HTTPS #1767

Open ermi-ltd opened 4 months ago

ermi-ltd commented 4 months ago

Feature Request

The lambda direct endpoint can't currently be accessed via HTTPS as the TLS certificate specified with the httpsProtocol option is not passed to the Hapi server instance.

This prevents Lambda's being reached by the Swift AWS SDK from within the Xcode Build + Run process.

Lambda configuration in Swift to pass the endpoint:

let configuration = try await LambdaClient.LambdaClientConfiguration(
            credentialsProvider: credentialsProvider,
            endpoint: "https://localhost:3002",
            region: "eu-west-2"
        )

With a HTTPS endpoint, the following error is returned by the AWS Swift SDK when a Lambda is invoked:

crtError(AwsCommonRuntimeKit.CRTError(code: 1029, message: "TLS (SSL) negotiation failed", name: "AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE"))

This error can be resolved by modifying the src/lambda/HttpServer.js file to pass the TLS information (see below)

I'm not sure what the best way to do this would be, so I'm opening this as an issue rather than a pull request. I've created a fork with a temporary fix (https://github.com/dherault/serverless-offline/compare/master...ermi-ltd:serverless-offline:master). Happy to submit a PR if that would be preferred.

Sample Code

The following patch to src/lambda/HttpServer.js resolved the issues by adding the feature:

 constructor(options, lambda) {
    this.#lambda = lambda
    this.#options = options

    const { host, lambdaPort } = options

    const serverOptions = {
      host,
      port: lambdaPort,
      ...(options.httpsProtocol != null && {
        tls: this.#loadCerts(options.httpsProtocol),
      }),
    }

    this.#server = new Server(serverOptions)
  }

  #loadCerts(httpsProtocol) {
    return {
      cert: fs.readFileSync(resolve(httpsProtocol, "cert.pem"), "utf8"),
      key: fs.readFileSync(resolve(httpsProtocol, "key.pem"), "utf8"),
    }
  }

Expected behavior/code

It should be possible to hit the direct lambda endpoint (aka, lambdaPort) over HTTPS.

Additional context/Screenshots

I'd propose to add support for the httpsProtocol when accessing Lambda's directly using the lambdaPort, or add a new option called something like: lambdaPortProtocol.