Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Custom data access using Lambda functions

0

We aim to utilize Amplify's offline and sync capabilities in our native apps while maintaining our existing authentication process. I understand that we can employ Lambda functions for custom data access to authenticate our tokens, but I'm uncertain about how we can limit data access to respective owners. Is there a method to include owner information in the Lambda function?

I referred to this link for token verification, which functions smoothly, allowing us to establish the userId during token validation. However, we're unsure about how to incorporate owner information from Lambda into the data. https://docs.amplify.aws/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/

  const response = {
    isAuthorized: isAuthorized,
    resolverContext: {
      // eslint-disable-next-line spellcheck/spell-checker
      userid: userId,
      author: userId,
      info: 'contextual information A',
      more_info: 'contextual information B'
    },
    deniedFields: [
      `arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
      `Mutation.createEvent`
    ],
    ttlOverride: 300
  };

This is our schema

import {
  type ClientSchema,
  a,
  defineData,
  defineFunction
} from '@aws-amplify/backend';


const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
       author: a.string()
    })
    // STEP 1
    // Indicate which models / fields should use a custom authorization rule
//     .authorization([a.allow.public()])
    .authorization([a.allow.custom()])
});

export type Schema = ClientSchema<typeof schema>;

export const data = defineData({
  schema,
  authorizationModes: {
    defaultAuthorizationMode: 'lambda',
    // STEP 2
    // Pass in the function to be used for a custom authorization rule
    lambdaAuthorizationMode: {
      function: defineFunction({
        entry: './custom-authorizer.ts'
      }),
      // (Optional) STEP 3
      // Configure the token's time to live
      timeToLiveInSeconds: 300
    }
  }
});

At the moment, with any valid token we are able to query all the records created by all users, but we want to limit that to only the owner records. Exactly how the authorisation rule works for the owner We would appreciate any suggestions on how to accomplish this.

Tópicos
Sem servidorWeb e dispositivos móveis front-endIntegração de aplicativosComputação
Tags
AWS AppSyncAWS LambdaAWS Amplify
Idioma
English
Raj
feita há 3 meses138 visualizações
Sem respostas

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante