fix path urldecoding via api gw v2 (#827)

* tf change alone * add example payload from gw v2, but format=1.0 * fix v1 adapter
Worklytics · Oct 28, 2024 · 5b63713 · 5b63713
1 parent 80173ce
commit 5b63713
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 8 deletions.
diff --git a/infra/modules/aws-psoxy-rest/main.tf b/infra/modules/aws-psoxy-rest/main.tf
@@ -29,14 +29,20 @@ locals {
 
   # helper to clarify conditionals throughout
   use_api_gateway = var.api_gateway_v2 != null
+
+  # handler MUST expect payload format.
+  # payload 2.0 format is used by function URL invocation AND APIGatewayV2 by default.
+  # but in latter case, seems to urldecode the path; such that /foo%25/bar becomes /foo//bar, which is not what we want
+  # so oddly, for APIGatewayV2 we need to use 1.0 format instead of its default , even though that default is our usual case otherwise
+  event_handler_implementation = local.use_api_gateway ? "APIGatewayV1Handler" : "Handler"
 }
 
 module "psoxy_lambda" {
   source = "../aws-psoxy-lambda"
 
   environment_name                     = var.environment_name
   instance_id                          = var.instance_id
-  handler_class                        = "co.worklytics.psoxy.Handler"
+  handler_class                        = "co.worklytics.psoxy.${local.event_handler_implementation}"
   path_to_function_zip                 = var.path_to_function_zip
   function_zip_hash                    = var.function_zip_hash
   function_env_kms_key_arn             = var.function_env_kms_key_arn
@@ -86,7 +92,7 @@ resource "aws_apigatewayv2_integration" "map" {
   connection_type        = "INTERNET"
   integration_method     = "POST"
   integration_uri        = module.psoxy_lambda.function_arn
-  payload_format_version = "2.0"
+  payload_format_version = "1.0" # must match to handler value, set in lambda
   timeout_milliseconds   = 30000 # ideally would be 55 or 60, but docs say limit is 30s
 }
 

diff --git a/...s/src/main/java/co/worklytics/psoxy/aws/request/APIGatewayV1ProxyEventRequestAdapter.java b/...s/src/main/java/co/worklytics/psoxy/aws/request/APIGatewayV1ProxyEventRequestAdapter.java
@@ -25,12 +25,11 @@ public class APIGatewayV1ProxyEventRequestAdapter implements co.worklytics.psoxy
 
     @Override
     public String getPath() {
-        String resourcePath;
-        if (event.getRequestContext() != null) {
-            resourcePath = event.getRequestContext().getResourcePath();
-        } else {
-            resourcePath = ObjectUtils.firstNonNull(event.getResource(), event.getPath());
-        }
+        String resourcePath = event.getPath();
+
+        String route = event.getResource().replace("{proxy+}", "");
+
+        resourcePath = StringUtils.removeStart(resourcePath, "/" + event.getRequestContext().getStage()  + route);
 
         return StringUtils.prependIfMissing(resourcePath, "/");
     }

diff --git a/...c/test/java/co/worklytics/psoxy/aws/request/APIGatewayV1ProxyEventRequestAdapterTest.java b/...c/test/java/co/worklytics/psoxy/aws/request/APIGatewayV1ProxyEventRequestAdapterTest.java
@@ -51,4 +51,17 @@ public void parse_interesting() {
 
         assertFalse(requestAdapter.isHttps().isPresent());
     }
+
+    @SneakyThrows
+    @Test
+    public void parse_payload1_from_api_gateway_v2() {
+
+        APIGatewayProxyRequestEvent apiGatewayEvent = objectMapper.readerFor(APIGatewayProxyRequestEvent.class)
+            .readValue(TestUtils.getData("lambda-proxy-events/api-gateway-v2-payload-v1.json"));
+
+        APIGatewayV1ProxyEventRequestAdapter requestAdapter =
+            APIGatewayV1ProxyEventRequestAdapter.of(apiGatewayEvent);
+
+        assertEquals("/v2/report/meetings/NUXghb123TCj0bP6nPVe%252Fsg253D253D/participants", requestAdapter.getPath());
+    }
 }
diff --git a/java/impl/aws/src/test/resources/lambda-proxy-events/api-gateway-v2-payload-v1.json b/java/impl/aws/src/test/resources/lambda-proxy-events/api-gateway-v2-payload-v1.json
@@ -0,0 +1,71 @@
+{
+  "version": "1.0",
+  "resource": "/psoxy-zoom/{proxy+}",
+  "path": "/live/psoxy-zoom/v2/report/meetings/NUXghb123TCj0bP6nPVe%252Fsg253D253D/participants",
+  "httpMethod": "GET",
+  "headers": {
+    "Content-Length": "0",
+    "Host": "plo6j40ys5.execute-api.us-west-1.amazonaws.com",
+    "User-Agent": "psoxy-test (gzip)",
+    "X-Amz-Date": "20241024T051222Z",
+    "X-Amz-Security-Token": "  REDACTED",
+    "X-Amzn-Trace-Id": "Root=1-6719d736-2767c9a4696498c012b1effc",
+    "X-Forwarded-For": "67.170.106.47",
+    "X-Forwarded-Port": "443",
+    "X-Forwarded-Proto": "https",
+    "X-Psoxy-Skip-Sanitizer": "false",
+    "accept-encoding": "gzip,deflate",
+    "authorization": "AWS4-HMAC-SHA256 Credential=ASIAU5LH55NXUPVVUYPI/20241024/us-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=REDACTED"
+  },
+  "multiValueHeaders": {
+    "Content-Length": ["0"],
+    "Host": ["plo6j40ys5.execute-api.us-west-1.amazonaws.com"],
+    "User-Agent": ["psoxy-test (gzip)"],
+    "X-Amz-Date": ["20241024T051222Z"],
+    "X-Amz-Security-Token": ["REDACTED"],
+    "X-Amzn-Trace-Id": ["Root=1-6719d736-2767c9a4696498c012b1effc"],
+    "X-Forwarded-For": ["67.170.106.47"],
+    "X-Forwarded-Port": ["443"],
+    "X-Forwarded-Proto": ["https"],
+    "X-Psoxy-Skip-Sanitizer": ["false"],
+    "accept-encoding": ["gzip,deflate"],
+    "authorization": [
+      "AWS4-HMAC-SHA256 Credential=ASIAU5LH55NXUPVVUYPI/20241024/us-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token, Signature=REDACTED"]
+  },
+  "queryStringParameters": {
+    "page_size": "30"
+  },
+  "multiValueQueryStringParameters": {
+    "page_size": ["30"]
+  },
+  "pathParameters": {
+    "proxy": "v2/report/meetings/NUXghb123TCj0bP6nPVe/sg253D253D/participants"
+  },
+  "requestContext": {
+    "accountId": "337909771119",
+    "resourceId": "GET /psoxy-zoom/{proxy+}",
+    "stage": "live",
+    "requestId": "AI6Qjjd1SK4EJ_Q=",
+    "identity": {
+      "accountId": "337909771119",
+      "caller": "REDACTED:lambda_test",
+      "principalOrgId": "aws:PrincipalOrgID",
+      "sourceIp": "67.170.106.47",
+      "userArn": "arn:aws:sts::337909771119:assumed-role/irobotCaller/lambda_test",
+      "userAgent": "psoxy-test (gzip)",
+      "user": "REDACTED:lambda_test",
+      "accessKey": "REDACTED"
+    },
+    "resourcePath": "/irobot-zoom/{proxy+}",
+    "httpMethod": "GET",
+    "apiId": "plo6j40ys5",
+    "path": "/live/psoxy-zoom/v2/report/meetings/NUXghb123TCj0bP6nPVe/sg253D253D/participants",
+    "extendedRequestId": "AI6Qjjd1SK4EJ_Q=",
+    "requestTime": "24/Oct/2024:05:12:22 +0000",
+    "protocol": "HTTP/1.1",
+    "requestTimeEpoch": 1729746742367,
+    "domainPrefix": "plo6j40ys5",
+    "domainName": "plo6j40ys5.execute-api.us-west-1.amazonaws.com"
+  },
+  "isBase64Encoded": false
+}