nzoschke
commented
6 years ago # s3 bucket is not accessable
$ curl http://private.gofaas.net.s3-website-us-east-1.amazonaws.com/
<head><title>403 Forbidden</title></head>...
# distribution redirects to OAuth
$ curl -i https://private.gofaas.net/
HTTP/2 302
location: https://accounts.google.com/o/oauth2/v2/auth?response_type=code...
# valid access_token cookie returns content
$ curl --cookie "access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6Im5vYWhAZ29mYWFzLm5ldCJ9.x8w23sGhkTX97BZe3jsXnj0VL9ZrM_cbtoIHyqSVK8Q" https://private.gofaas.net/
<title>My first gofaas/Vue app</title>...# gateway enforces CORS
$ curl -i -X OPTIONS https://api.gofaas.net/
HTTP/2 200
content-type: application/json
content-length: 3
date: Sun, 18 Mar 2018 21:50:42 GMT
x-amzn-requestid: 676936da-2af6-11e8-83ab-1138cf2b9b7d
access-control-allow-origin: https://private.gofaas.net
access-control-allow-headers: Accept, Authorization, Content-Type
access-control-allow-methods: GET,OPTIONS# API validates token
$ curl -X POST https://api.gofaas.net/work
HTTP/2 401
{"error": "token contains an invalid number of segments"}
$ curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6Im5vYWhAZ29mYWFzLm5ldCJ9.x8w23sGhkTX97BZe3jsXnj0VL9ZrM_cbtoIHyqSVK8Q" -X POST https://api.gofaas.net/work
HTTP/2 200
{"ExecutedVersion":null,"FunctionError":null,"LogResult":null,"Payload":"","StatusCode":202}
This demonstrates strategies for security.
This also introduces a work API (which fixes #6) that uses JWT auth.
The OAuth stuff requires creating a Google OAuth 2.0 web application client and enabling the Google Plus API.
Todo: