swift-server/swift-openapi-lambda
1
0
Fork 0
mirror of https://github.com/swift-server/swift-openapi-lambda.git synced 2026-05-03 07:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
swift-openapi-lambda/Examples/quoteapi-apigtw/Sources/QuoteAPI/AuthenticateUserMiddleware.swift
T
Sébastien Stormacq 97b2e6d017 Add support for Lambda functions exposed behind an Application Load Balancer (ALB) (#29) 
This PR adds support for exposing Swift OpenAPI Lambda functions behind
an Application Load Balancer (ALB), providing an alternative to API
Gateway for HTTP routing to Lambda functions.

## Changes

### New ALB Support
- **OpenAPILambdaALB Protocol**: New protocol for ALB integration
alongside existing API Gateway support
- **ALB Event Handling**: Added `ALBTargetGroupRequest` and
`ALBTargetGroupResponse` support
- **HTTP Request Conversion**: Extension methods to convert ALB events
to/from HTTP requests/responses

### Core Library Updates
- **ALB-related source files**: New `/Sources/ALB/` directory with
ALB-specific implementations
- **Event Type Support**: Support for `ALBTargetGroupRequest` events
from Elastic Load Balancing
- **Response Mapping**: Proper mapping from OpenAPI responses to ALB
target group responses

### Complete ALB Example
- **QuoteAPI ALB Example**: Full working example in
`Examples/quoteapi-alb/`
- **Infrastructure as Code**: Complete SAM template with VPC, subnets,
security groups, and ALB
- **Build System**: Makefile and Docker build support for ALB deployment
- **Documentation**: Comprehensive README with ALB-specific deployment
instructions

### Key Files Added
```
Sources/ALB/
├── OpenAPILambdaALB.swift
└── ALBTargetGroup+HTTPRequest.swift

Examples/quoteapi-alb/
├── Package.swift
├── template.yaml
├── Makefile
├── README.md
├── Sources/QuoteAPI/QuoteService.swift
├── Sources/QuoteAPI/openapi.yaml
├── Sources/QuoteAPI/openapi-generator-config.yaml
└── events/GetQuote.json
```

## Usage

### Simple ALB Integration
```swift
@main
struct QuoteServiceALBImpl: APIProtocol, OpenAPILambdaALB {
    func register(transport: OpenAPILambdaTransport) throws {
        try self.registerHandlers(on: transport)
    }
    
    static func main() async throws {
        let service = QuoteServiceALBImpl()
        try await service.run()
    }
    
    // Your OpenAPI implementation...
}
```

### Key Differences from API Gateway
- Uses `OpenAPILambdaALB` instead of `OpenAPILambdaHttpApi`
- Handles `ALBTargetGroupRequest` events instead of
`APIGatewayV2Request`
- Returns `ALBTargetGroupResponse` instead of `APIGatewayV2Response`
- Requires VPC infrastructure (included in SAM template)
- No built-in authorization (implement via custom middleware if needed)

## Benefits

- **Cost Optimization**: ALB can be more cost-effective for high-traffic
applications
- **VPC Integration**: Native VPC support for private network access
- **Load Balancing**: Advanced load balancing features and health checks
- **WebSocket Support**: Future WebSocket support through ALB
- **Flexibility**: Choice between API Gateway and ALB based on use case

## Testing

-  ALB example builds successfully with `sam build`
-  Local testing with `sam local invoke`
-  Complete infrastructure deployment via SAM
-  HTTP requests properly routed through ALB to Lambda
-  OpenAPI specification compatibility maintained

## Deployment

Deploy the ALB example:
```bash
cd Examples/quoteapi-alb
sam build && sam deploy --guided
```

Test the deployed endpoint:
```bash
curl http://[alb-dns-name]/stocks/AAPL
```

## Backward Compatibility

This is a purely additive change:
- Existing API Gateway implementations continue to work unchanged
- No breaking changes to existing APIs
- New ALB support is opt-in via protocol conformance
2025-10-26 09:10:09 +01:00

83 lines
3.4 KiB
Swift
Raw Permalink Blame History

//===----------------------------------------------------------------------===//
//
// This source file is part of the Swift OpenAPI Lambda open source project
//
// Copyright Swift OpenAPI Lambda project authors
// Copyright (c) 2023 Amazon.com, Inc. or its affiliates.
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Swift OpenAPI Lambda project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftOpenAPIGenerator open source project
//
// Copyright (c) 2023 Apple Inc. and the SwiftOpenAPIGenerator project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of SwiftOpenAPIGenerator project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
import OpenAPIRuntime
import HTTPTypes
/// A server middleware that authenticates the incoming user based on the value of
/// the `Authorization` header field and injects the identifier `User` information
/// into a task local value, allowing the request handler to use it.
package struct AuthenticationServerMiddleware: Sendable {
/// Information about an authenticated user.
package struct User: Hashable {
/// The name of the authenticated user.
package var name: String
/// Creates a new user.
/// - Parameter name: The name of the authenticated user.
package init(name: String) { self.name = name }
/// The task local value of the currently authenticated user.
@TaskLocal package static var current: User?
}
/// The closure that authenticates the user based on the value of the `Authorization`
/// header field.
private let authenticate: @Sendable (String) -> User?
/// Creates a new middleware.
/// - Parameter authenticate: The closure that authenticates the user based on the value
/// of the `Authorization` header field.
package init(authenticate: @Sendable @escaping (String) -> User?) { self.authenticate = authenticate }
}
extension AuthenticationServerMiddleware: ServerMiddleware {
package func intercept(
_ request: HTTPRequest,
body: HTTPBody?,
metadata: ServerRequestMetadata,
operationID: String,
next: @Sendable (HTTPRequest, HTTPBody?, ServerRequestMetadata) async throws -> (HTTPResponse, HTTPBody?)
) async throws -> (HTTPResponse, HTTPBody?) {
// Extracts the `Authorization` value, if present.
// Even if when we use a Lambda authorizer, the original authorization header is forwarded
// If no `Authorization` header field value was provided, no User is injected into
// the task local.
guard let authorizationHeaderFieldValue = request.headerFields[.authorization] else {
return try await next(request, body, metadata)
}
// Delegate the authentication logic to the closure.
let user = authenticate(authorizationHeaderFieldValue)
// Inject the authenticated user into the task local and call the next middleware.
return try await User.$current.withValue(user) { try await next(request, body, metadata) }
}
}
Reference in New Issue View Git Blame Copy Permalink