This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlambda.js
55 lines (52 loc) · 1.52 KB
/
lambda.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
var https = require('https');
var AWS = require('aws-sdk');
var cf = require('aws-cloudfront-sign');
var s3 = new AWS.S3();
var moment = require('moment');
var keyPairId = "abc";
var cloudFrontDomain = "xyz.cloudfront.net/";
function getS3(bucket, key){
var params = {
Bucket: bucket,
Key: key
};
return s3.getObject(params).promise();
}
function getJSON(url) {
var p = new Promise((resolve, reject) => {
https.get(url, (response) => {
var body = '';
response.on('data', (d) => {
body += d;
});
response.on('end', () => {
resolve(JSON.parse(body));
});
response.on('error', (err) => {
reject(err);
});
});
});
return p;
}
exports.handler = (event, context, callback) => {
var tokenInfoUrl = 'https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=' +
event.Logins['accounts.google.com'];
getJSON(tokenInfoUrl).then((data) => {
if(!data.email.endsWith('@ocelotconsulting.com')){
throw new Error('Access denied');
}
})
.then(() => {
return getS3('ocelot-consulting-wp', `keys/pk-${keyPairId}.pem.txt`);
})
.then((pk) => {
var options = {keypairId: `${keyPairId}`, privateKeyString: pk.Body.toString(),
expireTime: moment().add(1, 'day')}
callback(null, cf.getSignedCookies(`http*://${cloudFrontDomain}/*`, options));
})
.catch((err) => {
console.log('error', err);
callback(err);
});
};