Module: Shrine::Plugins::Lambda::AttacherClassMethods

Defined in:

lib/shrine/plugins/shrine-lambda.rb

Instance Method Summary

• #lambda_authorize(headers, body) ⇒ Array, false

  Parses the payload of the Lambda request to the ‘callbackUrl` and loads the Shrine Attacher from the received context.

• #lambda_process(data) ⇒ Object

  Loads the attacher from the data, and triggers its instance AWS Lambda processing method.

Instance Method Details

#lambda_authorize(headers, body) ⇒ Array, false

Parses the payload of the Lambda request to the ‘callbackUrl` and loads the Shrine Attacher from the received context. Fetches the signing key from the attacher’s record metadata and uses it for calculating the signature of the received from Lambda request. Then it compares the calculated and received signatures, returning an error if the signatures mismatch.

If the signatures are equal, it returns the attacher and the hash of the parsed result from Lambda, else - it returns false.

Parameters:

• headers (Hash) —

  from the Lambda request

• body (String) —

  of the Lambda request

Options Hash (headers):

• 'User-Agent' (String) —

  The AWS Lambda function user agent

• 'Content-Type' (String) —

  ‘application/json’

• 'Host' (String)
• 'X-Amz-Date' (String) —

  The AWS Lambda function user agent

• 'Authorization' (String) —

  The AWS authorization string

Returns:

• (Array) —

  Shrine Attacher and the Lambda result (the request body parsed to a hash) if signature in received headers matches locally computed AWS signature

• (false) —

  if signature in received headers does’t match locally computed AWS signature

# File 'lib/shrine/plugins/shrine-lambda.rb', line 82

def lambda_authorize(headers, body)
  result = JSON.parse(body)
  attacher = load(result.delete('context'))
  incoming_auth_header = auth_header_hash(headers['Authorization'])

  signer = build_signer(
    incoming_auth_header['Credential'].split('/'),
    JSON.parse(attacher.record.__send__(:"#{attacher.data_attribute}") || '{}').dig('metadata', 'key') || 'key',
    headers['x-amz-security-token']
  )
  signature = signer.sign_request(http_method: 'PUT',
                                  url:         Shrine.opts[:callback_url],
                                  headers:     { 'X-Amz-Date' => headers['X-Amz-Date'] },
                                  body:        body)
  calculated_signature = auth_header_hash(signature.headers['authorization'])['Signature']
  return false if incoming_auth_header['Signature'] != calculated_signature

  [attacher, result]
end

#lambda_process(data) ⇒ Object

Loads the attacher from the data, and triggers its instance AWS Lambda processing method. Intended to be used in a background job.

# File 'lib/shrine/plugins/shrine-lambda.rb', line 58

def lambda_process(data)
  attacher = load(data)
  attacher.lambda_process(data)
  attacher
end