Fix the build error

Author: poad

lambda/openid-configuration/index.ts

@@ -12,17 +12,19 @@ APIGatewayProxyEventV2,
 APIGatewayProxyResultV2 | void
 > = async (event, _context, callback) => {
   const host = event.headers.Host!;
+  const stage = event.requestContext && event.requestContext.stage;
+  const issuer = `https://${host}/${stage}`;
   const body = JSON.stringify({
-    issuer: `https://${host}`,
-    authorization_endpoint: `https://${host}/authorize`,
-    token_endpoint: `https://${host}/token`,
+    issuer,
+    authorization_endpoint: `${issuer}//authorize`,
+    token_endpoint: `${issuer}//token`,
     token_endpoint_auth_methods_supported: [
       'client_secret_basic',
       'private_key_jwt',
     ],
     token_endpoint_auth_signing_alg_values_supported: ['RS256'],
-    userinfo_endpoint: `https://${host}/userinfo`,
-    jwks_uri: `https://${host}/.well-known/jwks.json`,
+    userinfo_endpoint: `${issuer}//userinfo`,
+    jwks_uri: `${issuer}//.well-known/jwks.json`,
     scopes_supported: ['openid', 'read:user', 'user:email'],
     response_types_supported: [
       'code',

lambda/token/index.ts

@@ -5,9 +5,11 @@ import {
 } from 'aws-lambda';
 import fetch from 'cross-fetch';
 import { left, right, isRight } from 'fp-ts/Either';
+import { Logger } from '@aws-lambda-powertools/logger';
 
-const eventToRequest = (source: string) => {
-  const bodyString = Buffer.from(source, 'base64').toString('ascii');
+const logger = new Logger();
+
+const eventToRequest = (bodyString: string) => {
   const body = new URLSearchParams(bodyString);
   const paramNames = [
     'grant_type',
@@ -19,16 +21,16 @@ const eventToRequest = (source: string) => {
 
   const invalidParams = paramNames.filter((name) => !body.has(name));
   if (invalidParams.length > 0) {
-    return right(() => `token request body ${invalidParams}`);
+    return right(() => `token request body [${invalidParams}] in [${paramNames}]. body: ${JSON.stringify(body)}`);
   }
 
   return left(() => ({
-    grant_type: body.get('grant_type')!,
+    // grant_type: body.get('grant_type')!,
     redirect_uri: body.get('redirect_uri')!,
     client_id: body.get('client_id')!,
     client_secret: body.get('client_secret')!,
     code: body.get('code')!,
-    state: body.get('state') ?? undefined,
+    ...(body.has('state') ? { state: body.get('state') } : {}),
   }));
 };
 
@@ -37,30 +39,32 @@ APIGatewayProxyEventV2,
 APIGatewayProxyResultV2 | void
 > = async (event, _context, callback) => {
   if (!event.body) {
+    logger.warn('body is undefined');
     callback(null, {
       statusCode: 400,
     });
     return;
   }
   const result = eventToRequest(event.body);
   if (isRight(result)) {
+    const message = result.right();
+    logger.warn(`cannot convert event to request. reson: ${message}, request: ${JSON.stringify(event)}`);
     callback(null, {
       statusCode: 400,
       body: result.right(),
     });
     return;
   }
-  const body = JSON.stringify(result.left());
   const response = await fetch('https://github.com/login/oauth/access_token', {
     method: 'POST',
     headers: {
-      'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
+      'Content-Type': 'application/json',
       Accept: 'application/json',
     },
-    body,
+    body: JSON.stringify(result.left()),
   });
   callback(null, {
-    statusCode: 200,
+    statusCode: response.status,
     body: JSON.stringify(await response.json()),
   });
 };

lambda/userinfo/index.ts

@@ -7,6 +7,9 @@ import fetch from 'cross-fetch';
 import {
   left, right, isRight, Either,
 } from 'fp-ts/Either';
+import { Logger } from '@aws-lambda-powertools/logger';
+
+const logger = new Logger();
 
 interface Email {
   email: string;
@@ -15,7 +18,15 @@ interface Email {
   visibility?: 'private' | 'public';
 }
 
-const getUserId = async (token: string): Promise<Either<number, string>> => {
+const getUser = async (token: string): Promise<Either<{
+  id: number;
+  name: string,
+  login: string,
+  html_url: string,
+  avatar_url: string,
+  blog: string,
+  updated_at: string
+}, string>> => {
   const response = await fetch('https://api.github.com/user', {
     method: 'GET',
     headers: {
@@ -28,11 +39,26 @@ const getUserId = async (token: string): Promise<Either<number, string>> => {
       `Cannot get user ID. status: ${response.statusText}. ${response.text()}`,
     );
   }
-  const { id } = (await response.json()) as {
+
+  const user = (await response.json()) as {
     id: number;
+    name: string,
+    login: string,
+    html_url: string,
+    avatar_url: string,
+    blog: string,
+    updated_at: string
   };
 
-  return left(id);
+  return left({
+    id: user.id,
+    name: user.name,
+    login: user.login,
+    html_url: user.html_url,
+    avatar_url: user.avatar_url,
+    blog: user.blog,
+    updated_at: user.updated_at,
+  });
 };
 
 const getValidEmail = async (token: string): Promise<Either<Email, string>> => {
@@ -55,10 +81,12 @@ const getValidEmail = async (token: string): Promise<Either<Email, string>> => {
     visibility?: 'private' | 'public';
   }[];
 
+  logger.info(JSON.stringify(emails));
+
   const email = emails.find(
     (it) => it.primary
       && it.verified
-      && it.email.trim().endsWith('noreply.github.com'),
+      && !it.email.trim().endsWith('noreply.github.com'),
   );
   return email ? left(email) : right('/user/emails returned no valid emails');
 };
@@ -70,6 +98,7 @@ APIGatewayProxyResultV2 | void
   const { headers } = event;
   const authHeader = headers.authorization || headers.Authorization;
   if (!authHeader) {
+    logger.warn('/userinfo request contained no accessToken');
     callback(null, {
       statusCode: 400,
       body: '/userinfo request contained no accessToken',
@@ -78,6 +107,7 @@ APIGatewayProxyResultV2 | void
   }
   const authHeaderPrefix = authHeader.slice(0, 'bearer '.length);
   if (authHeaderPrefix.toLowerCase() !== 'bearer ') {
+    logger.warn('authorization header does not contain bearer token');
     callback(null, {
       statusCode: 400,
       body: 'authorization header does not contain bearer token',
@@ -86,39 +116,52 @@ APIGatewayProxyResultV2 | void
   }
   const token = authHeader.slice('bearer '.length).trim();
   if (!token) {
+    logger.warn('authorization header does not contain bearer token');
     callback(null, {
       statusCode: 400,
       body: 'authorization header does not contain bearer token',
     });
   }
 
-  const [idResult, emailResult] = await Promise.all([
-    getUserId(token),
+  const [userResult, emailResult] = await Promise.all([
+    getUser(token),
     getValidEmail(token),
   ]);
-  if (isRight(idResult)) {
+  if (isRight(userResult)) {
+    logger.warn(userResult.right);
     callback(null, {
       statusCode: 400,
-      body: `/userinfo ${idResult.right}`,
+      body: `/userinfo ${userResult.right}`,
     });
     return;
   }
   if (isRight(emailResult)) {
+    logger.warn(emailResult.right);
     callback(null, {
       statusCode: 400,
       body: `/userinfo ${emailResult.right}`,
     });
     return;
   }
 
-  const id = idResult.left;
+  const user = userResult.left;
   const email = emailResult.left;
+  const body = JSON.stringify({
+    sub: user.id.toString(),
+    name: user.name,
+    preferred_username: user.login,
+    profile: user.html_url,
+    picture: user.avatar_url,
+    website: user.blog,
+    updated_at: new Date(Date.parse(user.updated_at)).getTime() / 1000,
+    email: email.email,
+    email_verified: email.verified,
+  });
+
+  logger.info(body);
+
   callback(null, {
     statusCode: 200,
-    body: JSON.stringify({
-      sub: id.toString(),
-      email: email.email,
-      email_verified: email.verified,
-    }),
+    body,
   });
 };

package.json

@@ -11,6 +11,7 @@
     "lint": "eslint --ext .ts lambda"
   },
   "devDependencies": {
+    "@middy/core": "*",
     "@swc/core": "*",
     "@swc/helpers": "*",
     "@types/aws-lambda": "*",

yarn.lock

@@ -101,6 +101,11 @@
     "@jridgewell/resolve-uri" "^3.0.3"
     "@jridgewell/sourcemap-codec" "^1.4.10"
 
+"@middy/core@*":
+  version "3.3.0"
+  resolved "https://registry.yarnpkg.com/@middy/core/-/core-3.3.0.tgz#0342a3e130e72da0843f75ebcd6cdb37042f14c4"
+  integrity sha512-27gn/e3lgBx5bI5yDkIdr/CWFAGmBK7M1mSQpnciak762YKyj/pABXpzj/l6SjFPxKXr9uMhUgr2qr/6s8/zow==
+
 "@nodelib/fs.scandir@2.1.5":
   version "2.1.5"
   resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"