Add functions to sign AWS requests

269f7280 · Jano Hendriks · 6adf2f09 · 269f7280 · 269f7280 · 269f7280
Commit 269f7280 authored 2 years ago by Jano Hendriks
--- a/go.mod
+++ b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/go-pg/pg/v10 v10.10.6
 	github.com/go-redis/redis/v8 v8.11.4
 	github.com/go-redis/redis_rate/v9 v9.1.2
+	github.com/go-resty/resty/v2 v2.7.0
 	github.com/google/uuid v1.3.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/opensearch-project/opensearch-go v1.1.0

--- a/go.sum
+++ b/go.sum
@@ -38,6 +38,8 @@ github.com/go-redis/redis/v8 v8.11.4 h1:kHoYkfZP6+pe04aFTnhDH6GDROa5yJdHJVNxV3F4
 github.com/go-redis/redis/v8 v8.11.4/go.mod h1:2Z2wHZXdQpCDXEGzqMockDpNyYvi2l4Pxt6RJr792+w=
 github.com/go-redis/redis_rate/v9 v9.1.2 h1:H0l5VzoAtOE6ydd38j8MCq3ABlGLnvvbA1xDSVVCHgQ=
 github.com/go-redis/redis_rate/v9 v9.1.2/go.mod h1:oam2de2apSgRG8aJzwJddXbNu91Iyz1m8IKJE2vpvlQ=
+github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
+github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -169,6 +171,7 @@ golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
 golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=

--- a/handler_utils/request.go
+++ b/handler_utils/request.go
 package handler_utils

 import (
+	"bytes"
 	"context"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
+	"github.com/go-resty/resty/v2"
+	"io"
+	"net/http"
+	"os"
+	"time"

 	"github.com/aws/aws-lambda-go/lambdacontext"
 )
@@ -30,3 +38,30 @@ func AddRequestIDToHeaders(requestID *string, headers map[string]string, request
 		headers[requestIDHeaderKey] = *requestID
 	}
 }
+
+func SignAWSRestyClient(client *resty.Client, accessKeyID, secretAccessKey string, bodyBytes []byte) error {
+	var bodySeeker io.ReadSeeker = bytes.NewReader(bodyBytes)
+
+	// Add a hook to sign the request before sending
+	client.SetPreRequestHook(func(_ *resty.Client, r *http.Request) error {
+		err := SignAWSHttpRequest(r, accessKeyID, secretAccessKey, bodySeeker)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+
+	return nil
+}
+
+// SignAWSRequest wraps and executes http.NewRequest and adds a sig version 4 signature for AWS API Gateway
+func SignAWSHttpRequest(request *http.Request, accessKeyID, secretAccessKey string, bodySeeker io.ReadSeeker) error {
+	// Use AWS SDK to sign the request for API gateway,  i.e. execute-api, and the current region
+	_, err := v4.NewSigner(credentials.NewStaticCredentials(accessKeyID, secretAccessKey, "")).
+		Sign(request, bodySeeker, "execute-api", os.Getenv("AWS_REGION"), time.Now())
+	if err != nil {
+		return err
+	}
+
+	return nil
+}