gemmadlou · June 22, 2016 12:31
diff --git a/aws-lambda.js b/aws-lambda.js
 var AWS = require('aws-sdk');
 var request = require('request');
 var GOOGLE_CLIENT_ID = 'XXXXXX.apps.googleusercontent.com ';
 var GOOGLE_URL = 'https: //www.googleapis.com/oauth2/v3/tokeninfo?id_token=';
 var idPoolID = 'us-east-1:XXXXXXX';
 var roleArn = 'arn:aws:iam::XXXXXX:role/Cognito_AdminStaffAuth_Role';
 var cognitoidentity = new AWS.CognitoIdentity({
 	region: 'us-east-1'
 });
 module.exports = function(credentials, context) {
 	request.get(GOOGLE_URL + credentials.google, function(err, resp, body) {
 		if (body) {
 			body = JSON.parse(body);
 		}
 		// Anything with an email at cannabiz.media is allowed to access admin functionality
 		if (body && body.email && body.email.match(/@aci\.info$/) && body.aud ===
 			GOOGLE_CLIENT_ID) {
 			cognitoidentity.getOpenIdTokenForDeveloperIdentity({
 				IdentityPoolId: idPoolID,
 				Logins: {
 					'login.cannabiz.media': body.kid,
 				},
 			}, function(err, data) {
 				if (err) {
 					context.fail(err);
 				} else {
 					data.RoleArn = roleArn;
 					context.done(err, data);
 				}
 			});
 		} else {
 			context.fail('Invalid Account');
 		}
 	});
 };
diff --git a/aws-login.js b/aws-login.js
 // Shamelessly taken from
 // http://searchaws.techtarget.com/tip/AWS-authentication-needed-to-protect-a-serverless-app
 /**

 * AWS Cognito Login

 */
 var clientID = 'XXX.apps.googleusercontent.com '; // Google client ID
 var lambda;
 document.getElementById('login').setAttribute('data - clientid ', clientID);

 function loginToGoogle(response) {
 		if (!response.error) {
 			console.log('ID Token', response.id_token);
 			// Basic Access
 			AWS.config.region = 'us - east - 1 '; // Region
 			AWS.config.credentials = new AWS.CognitoIdentityCredentials({
 				AccountId: 'XXXXX ',
 				IdentityPoolId: 'us - east - 1: XXXX ',
 				Logins: {
 					'accounts.google.com ': response.id_token
 				},
 			});
 			lambda = new AWS.Lambda();
 			lambda.invoke({
 				FunctionName: 'authenticate ',
 				Payload: JSON.stringify({
 					google: response.id_token
 				}),
 			}, function(err, loginResp) {
 				if (loginResp && loginResp.Payload) {
 					var credentials = JSON.parse(loginResp.Payload);
 					console.log('Config Credentials ', credentials);
 					AWS.config.credentials = new AWS.WebIdentityCredentials({
 						RoleArn: credentials.RoleArn,
 						WebIdentityToken: credentials.Token,
 					});
 					lambda = new AWS.Lambda();
 				}
 				// Load the app.js
 				var po = document.createElement('script ');
 				po.type = 'text / javascript ';
 				po.async = true;
 				po.src = 'app.js ';
 				var s = document.getElementsByTagName('script ')[0];
 				s.parentNode.insertBefore(po, s);
 			});
 		} else {
 			console.log('There was a problem logging you in .', response);
 		}
 	}
 	(function() {
 		var po = document.createElement('script ');
 		po.type = 'text / javascript ';
 		po.async = true;
 		po.src = 'https: //apis.google.com/js/client:plusone.js';
 		var s = document.getElementsByTagName('script')[0];
 		s.parentNode.insertBefore(po, s);
 	})();
	var AWS = require('aws-sdk');
	var request = require('request');
	var GOOGLE_CLIENT_ID = 'XXXXXX.apps.googleusercontent.com ';
	var GOOGLE_URL = 'https: //www.googleapis.com/oauth2/v3/tokeninfo?id_token=';
	var idPoolID = 'us-east-1:XXXXXXX';
	var roleArn = 'arn:aws:iam::XXXXXX:role/Cognito_AdminStaffAuth_Role';
	var cognitoidentity = new AWS.CognitoIdentity({
	region: 'us-east-1'
	});
	module.exports = function(credentials, context) {
	request.get(GOOGLE_URL + credentials.google, function(err, resp, body) {
	if (body) {
	body = JSON.parse(body);
	}
	// Anything with an email at cannabiz.media is allowed to access admin functionality
	if (body && body.email && body.email.match(/@aci\.info$/) && body.aud ===
	GOOGLE_CLIENT_ID) {
	cognitoidentity.getOpenIdTokenForDeveloperIdentity({
	IdentityPoolId: idPoolID,
	Logins: {
	'login.cannabiz.media': body.kid,
	},
	}, function(err, data) {
	if (err) {
	context.fail(err);
	} else {
	data.RoleArn = roleArn;
	context.done(err, data);
	}
	});
	} else {
	context.fail('Invalid Account');
	}
	});
	};
	// Shamelessly taken from
	// http://searchaws.techtarget.com/tip/AWS-authentication-needed-to-protect-a-serverless-app
	/**

	* AWS Cognito Login

	*/
	var clientID = 'XXX.apps.googleusercontent.com '; // Google client ID
	var lambda;
	document.getElementById('login').setAttribute('data - clientid ', clientID);

	function loginToGoogle(response) {
	if (!response.error) {
	console.log('ID Token', response.id_token);
	// Basic Access
	AWS.config.region = 'us - east - 1 '; // Region
	AWS.config.credentials = new AWS.CognitoIdentityCredentials({
	AccountId: 'XXXXX ',
	IdentityPoolId: 'us - east - 1: XXXX ',
	Logins: {
	'accounts.google.com ': response.id_token
	},
	});
	lambda = new AWS.Lambda();
	lambda.invoke({
	FunctionName: 'authenticate ',
	Payload: JSON.stringify({
	google: response.id_token
	}),
	}, function(err, loginResp) {
	if (loginResp && loginResp.Payload) {
	var credentials = JSON.parse(loginResp.Payload);
	console.log('Config Credentials ', credentials);
	AWS.config.credentials = new AWS.WebIdentityCredentials({
	RoleArn: credentials.RoleArn,
	WebIdentityToken: credentials.Token,
	});
	lambda = new AWS.Lambda();
	}
	// Load the app.js
	var po = document.createElement('script ');
	po.type = 'text / javascript ';
	po.async = true;
	po.src = 'app.js ';
	var s = document.getElementsByTagName('script ')[0];
	s.parentNode.insertBefore(po, s);
	});
	} else {
	console.log('There was a problem logging you in .', response);
	}
	}
	(function() {
	var po = document.createElement('script ');
	po.type = 'text / javascript ';
	po.async = true;
	po.src = 'https: //apis.google.com/js/client:plusone.js';
	var s = document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(po, s);
	})();