amazon-web-services - 为什么 root 在 API Gateway 中返回 403 错误

Question

我有一个非常简单的 lambda 函数，可以促进短 URL 重定向。像这样...

var env = process.env.NODE_ENV

exports.handler = async function (event) {
  var mappings = {
    "": "https://example.com",
    "/": "https://example.com",
    "/article1": "https://example.com/articles/article-title",
    "/podcasts": "https://example.com/podcasts"
  }
  return {
    body: null,
    headers: {
      "Location": mappings[event.path] || "https://example.com/four-oh-four"
    },
    isBase64Encoded: false,
    statusCode: 301
  }
}

除了主页(带或不带斜杠)之外的所有路由的 URL 重定向都很好。我收到了来自 API Gateway(或 Cloudfront)的“缺少身份验证 token ”错误，而不是主页。

冰壶似乎没有显示任何东西... (更新了 curl 代码，糟糕的是我离开了重定向)。

$ curl -v https://short.url/
*   Trying xxx.xx.xxx.xx...
* TCP_NODELAY set
* Connected to short.url (xxx.xx.xxx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /path/to/ca-certificates.crt
  CApath: /path/to/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / xxxxxxxxxxxx-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.ib.run
*  start date: Apr  5 00:00:00 2019 GMT
*  expire date: May  5 12:00:00 2020 GMT
*  subjectAltName: host "short.url" matched cert's "short.url"
*  issuer: xxx; O=xxx; OU=xxx; CN=xxx
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle xxxxxxxx)
> GET / HTTP/2
> Host: short.url
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 403 
< content-type: application/json
< content-length: 42
< date: Sat, 20 Jul 2019 03:51:44 GMT
< x-amzn-requestid: xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
< x-amzn-errortype: MissingAuthenticationTokenException
< x-amz-apigw-id: xxxxxxxxxxxxxx_
< x-cache: Error from cloudfront
< via: 1.1 xxxxxxxxxxxxxxxxxxxxxx.cloudfront.net (CloudFront)
< x-amz-cf-pop: xxxxx-xx
< x-amz-cf-id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx===
< 
* Connection #0 to host short.url left intact
{"message":"Missing Authentication Token"}

Answer 1

回复 “缺少身份验证 token ”是误导。
它表明您需要提供一个Token。
真正的错误是，您在 Api 网关中的路由设置不正确。
所以它基本上是一个 未找到路线 来自 api 网关。

您需要使用方法或 any 方法为“/”提供路由，并将其重定向到 Lambda 函数。您可能设置了一个子路由，但没有“/”的路由



目前，curl 正在访问 url "/"使用方法 GET 和 Api-Gateway 不知道如何路由这个调用，所以它回答: “缺少身份验证 token ”。

您可以使用每条不存在的路线重现此行为。尝试:例如/sdfsdfsdf。你会得到同样的错误。

设置路线，你应该没问题。

我希望我能帮到你!

多米尼克