Giters

hapijs / hapi

The Simple, Secure Framework Developers Trust

Home Page:https://hapi.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support lambda direct requests over HTTPS

ermi-ltd opened this issue · comments

commented

Runtime

nodejs

Runtime version

16+

Module version

future

Used with

No response

Any other relevant information

No response

What problem are you trying to solve?

The lambda direct endpoint can't currently be access via HTTPS as the TLS certificate specified with the httpsProtocol option are not passed to the Hapi server instance.

This prevents Lambda's being reached by the Swift AWS SDK from within the Xcode Build + Run process.

Lambda configuration in Swift to pass the endpoint:

let configuration = try await LambdaClient.LambdaClientConfiguration(
            credentialsProvider: credentialsProvider,
            endpoint: "https://localhost:3002",
            region: "eu-west-2"
        )

With a HTTPS endpoint, the following error is returned when a Lambda is invoked:

crtError(AwsCommonRuntimeKit.CRTError(code: 1029, message: "TLS (SSL) negotiation failed", name: "AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE"))

This error can be resolved by modifying the src/lambda/HttpServer.js file to pass the TLS information:

 constructor(options, lambda) {
    this.#lambda = lambda
    this.#options = options

    const { host, lambdaPort } = options

    const serverOptions = {
      host,
      port: lambdaPort,
      ...(options.httpsProtocol != null && {
        tls: this.#loadCerts(options.httpsProtocol),
      }),
    }

    this.#server = new Server(serverOptions)
  }
  
  #loadCerts(httpsProtocol) {
    return {
      cert: fs.readFileSync(resolve(httpsProtocol, "cert.pem"), "utf8"),
      key: fs.readFileSync(resolve(httpsProtocol, "key.pem"), "utf8"),
    }
  }

I'm not sure what the best way to do this would be, so I'm opening this as an issue rather than a pull request. I've created a fork with a temporary fix (dherault/serverless-offline@master...ermi-ltd:serverless-offline:master). Happy to submit a PR if that would be preferred.

Do you have a new or modified API suggestion to solve the problem?

I'd propose to add support for the httpsProtocol when accessing Lambda's directly using the lambdaPort, or add a new option called something like: lambdaPortProtocol.

commented

ha, this was intended for serverless-offline. Doh, wrong repo. blush