This project has been generated using the aws-nodejs-typescript template from the Serverless framework.
For detailed instructions, please refer to the documentation.
- ✅ Serverless Typescript
- ✅ NodeJS CRUD API with Lambda functions through API Gateway
- ✅ DynamoDB data storage
- ✅ Authentication with JWTs and hashed passwords, not Cognito
- ✅ Unit and offline testing
| Methods | Endpoint | Input | Output |
|---|---|---|---|
| POST | /users |
{} |
{id: string} |
| GET | /users |
{} |
{id: string} |
| GET | /users |
{} |
{id: string} |
| DELETE | /users/{id} |
{} |
{id: string} |
| PUT | /users/{id} |
{} |
{id: string} |
| POST | /auth/login |
{} |
{id: string} |
| POST | /auth/change-password |
{} |
{id: string} |
| POST | /auth/unsubscribe |
{} |
{id: string} |
- Register with username, password, password hash gets stored in DB
- Login with Username / Password
- If hash of password matches stored passwordHash for user, generate a JWT token from user's id and their auth scope
- Save token in Cookie 🍪
- Sign every request with this token in the HTTP Authorization header
- Setup authorizer function that verifies this token (on requesting a secured api route). authorizer response can be cached for a certain amount to increase api throughput.
- Authorizer generates a policyDocument that allows or denies access to the service
In order to test the users function locally, run the following command:
npx sls invoke local -f users --path src/functions/users/mock.jsonif you're using NPMyarn sls invoke local -f users --path src/functions/users/mock.jsonif you're using Yarn
Check the sls invoke local command documentation for more information.
Copy and replace your url - found in Serverless deploy command output - and name parameter in the following curl command in your terminal or in Postman to test the newly deployed application.
curl --location --request POST 'https://myApiEndpoint/dev/users/signup' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "Harry"
}'- json-schema-to-ts - uses JSON-Schema definitions used by API Gateway for HTTP request validation to statically generate TypeScript types in your lambda's handler code base
- middy - middleware engine for Node.Js lambda. This template uses http-json-body-parser to convert API Gateway
event.bodyproperty, originally passed as a stringified JSON, to its corresponding parsed object - @serverless/typescript - provides up-to-date TypeScript definitions for your
serverless.tsservice file
TBD
TBD
- add custom authorizer to lambda, instead of using api-gateway lib
- add password reset flow with accompanying SES resources