awspilot / cli-lambda-deploy Goto Github PK

Hi there,

According to this blog-post top-level awaits should be fully supported. However, when I try this with the fetch API, I still have to use the await keyword within my handler function otherwise response.text() will be empty.

In short:
message: await response.text(),

vs

message: response.text(),

Am I misunderstanding something?

import { APIGatewayProxyEvent, APIGatewayProxyHandler, APIGatewayProxyResult} from 'aws-lambda'

const url = 'https://aws.amazon.com/'
// fetch API method is available from Nodejs 18
const response = await fetch(url)

export const handler: APIGatewayProxyHandler = async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
    try {
        return {
            statusCode: response.status,
            body: JSON.stringify({
                message: await response.text(),    // <- HERE
                // input: event,
            }),
        }
    } catch (error) {
        console.log(error)
        return {
            statusCode: 500,
            body: JSON.stringify({message: error.body})
        }
    }
}

I am trying to type the event object coming from my AWS Amplify/NextJS front-end. It is sent via Amplify/GraphQL and being received in a NodeJS AWS Lambda. The typescript interface contained in import { AppSyncResolverEvent } from "aws-lambda"; - but this doesn't quite match the event object that's being received. Can someone please advise what I'm doing wrong?

Details:

I'm successfully firing an event from my front-end (NextJS) with aws-amplify and @aws-amplify/api-graphql packages:

import { graphqlOperation, GraphQLResult } from "@aws-amplify/api-graphql"; // "version": "2.3.11",
import { API } from "aws-amplify"; // "aws-amplify": "^4.3.28",

...
    // Retrieve schemas from Lambda
    const response = (await API.graphql<{ myAppSyncFunctionResponse: any }>(
      graphqlOperation(myAppSyncFunction),
      { input: "foo" }
    )) as GraphQLResult<{ myAppSyncFunctionResponse: string }>;

The event is being successfully received in my Serverless Lambda and resembles the following:

{
  typeName: "Mutation",
  fieldName: "myAppSyncFunction",
  arguments: { input: { ... } },
  identity: {...},
  source: ...,
  request: ...,
  prev:...
}

However, when I try to use aws-lambda in my nodejs Lambda environment:

import { AppSyncResolverEvent } from "aws-lambda";

export async function eventBridgeResolver(
  event: AppSyncResolverEvent
) {...}

AppSyncResolverEvent contains different properties:

// node_modules/@types/aws-lambda/trigger/appsync-resolver.d.ts
{
 arguments: TArguments;
    identity?: AppSyncIdentity;
    source: TSource;
    request: {
        headers: AppSyncResolverEventHeaders;
    };
    info: {
        selectionSetList: string[];
        selectionSetGraphQL: string;
        parentTypeName: string;
        fieldName: string;
        variables: { [key: string]: any };
    };
    prev: { result: { [key: string]: any } } | null;
    stash: { [key: string]: any };
}

This tools is published on npmjs as aws-lambda - which in its naming collides with @types/aws-lambda from AWS, while in the meantime is a match with the package repo name whitch is cli-lambda-deploy.

Considering that this tool is indeed a cli deploy tool - and it hs nothing to do with lambda development - you might wanna consider renaming your package on npmjs?

Also, is this project dead? No updates for over a year now. If so, you might as well mention this in your README.md?

I am writting a very simple TypeScript HTTP API behind API Gateway

import { APIGatewayProxyHandler } from "aws-lambda"

export const myFunction: APIGatewayProxyHandler = async (event) => {
  console.log('event', event)
  console.log(event.rawQueryString) // Property 'rawQueryString' does not exist on type 'APIGatewayProxyEvent'
}

It says that rawQueryString doesn't exist

But when I log event I see that it exists in CloudWatch

{
  version: '2.0',
  routeKey: 'GET /',
  rawPath: '/',
  rawQueryString: 'xdddd=1223&xyyyyy=5667',
  headers: {
    accept: '*/*',
    'accept-encoding': 'gzip, deflate, br',
    'content-length': '0',
    host: 'api.example.com',
    'x-forwarded-for': 'XXX.XXX.XXX.XXX',
    'x-forwarded-port': '443',
    'x-forwarded-proto': 'https'
  },
  queryStringParameters: { xdddd: '1223', xyyyyy: '5667' },
  requestContext: {
    accountId: '123451234512',
    apiId: '35453sdfs354',
    domainName: 'api.example.com',
    domainPrefix: 'api',
    http: {
      method: 'GET',
      path: '/',
      protocol: 'HTTP/1.1',
      sourceIp: 'XXX.XXX.XXX.XXX',
      userAgent: 'PostmanRuntime/7.28.4'
    },
    requestId: 'XXXXXXXXXXXXX',
    routeKey: 'GET /',
    stage: '$default',
    time: '28/Apr/2022:17:07:28 +0000',
    timeEpoch: 16541656384673
  },
  isBase64Encoded: false
}

I am using localstack - this means setting the aws endpoint-url config. Is that achievable with this package?

Would you be interested in a pull request if not?

Hi ,

We are observing an security issue with version of aws-lambda version 1.0.6 due the aws-sdk dependency referred.

Comments
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. if an attacker submits a malicious ini file to an application that parses it with loadsharedconfigfiles , they will pollute the prototype on the application. this can be exploited further depending on the context.

References:
aws/aws-sdk-js-v3@a209082
aws/aws-sdk-js@7d72aff
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1059426
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059425
https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424
https://snyk.io/vuln/SNYK-JS-AWSSDKSHAREDINIFILELOADER-1049304

Hi there!

Is it possible to upgrade aws-lambda library to start using aws-sdk V3?

Best,
Peter

The name aws-lambda in package.json seems to be a rather unfortunate name:

• There's https://www.npmjs.com/package/@types/aws-lambda which exists since a long time, and contains completely unrelated content.
• The name aws-lambda doesn't immediately link in my head to awspilot/cli-lambda-deploy, and that name describes way better what the package actually contains: A CLI tool for deploying (AWS) lambda functions

Could you please consider changing the name entry in package.json?

On a fresh clone:

~/code/cli-lambda-deploy $ npm i
npm notice created a lockfile as package-lock.json. You should commit this file.
added 46 packages from 507 contributors and audited 46 packages in 2.365s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
~/code/cli-lambda-deploy $ npm test

> [email protected] test /Users/gmauer/code/cli-lambda-deploy
> mocha --timeout 100000 -S -R spec --exit



  new-function JSON config
Lambda config not found (./test/res/new-function-json-v14.lambda )

/Users/gmauer/code/cli-lambda-deploy/node_modules/mocha/lib/runner.js:726
  err.uncaught = true;
               ^

TypeError: Cannot create property 'uncaught' on string 'process exit code 255'
    at Runner.uncaught (/Users/gmauer/code/cli-lambda-deploy/node_modules/mocha/lib/runner.js:726:16)
    at process.uncaught (/Users/gmauer/code/cli-lambda-deploy/node_modules/mocha/lib/runner.js:839:10)
    at process.emit (events.js:314:20)
    at process._fatalException (internal/process/execution.js:163:25)
npm ERR! Test failed.  See above for more details.
~/code/cli-lambda-deploy $ 

Hi. Can we please upgrade aws-sdk to v2.1365.0? The reason is there's a vulnerability issue with xml2js which aws-sdk depends on:

https://security.snyk.io/vuln/SNYK-JS-XML2JS-5414874