maoosi · maoosi · May 31, 2023 · May 17, 2023 · May 24, 2023 · May 31, 2023
diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
@@ -93,6 +93,7 @@ export async function createServer({ defaultQuery, lambdaHandler, port, schema,
                             try { prismaAppSyncHeader = JSON.parse(request?.headers?.['x-prisma-appsync']) }
                             catch { prismaAppSyncHeader = {} }
 
+                            const authorizationHeader = request?.headers?.authorization
                             const authorization = prismaAppSyncHeader?.authorization || Authorizations.AWS_IAM || null
                             const signature = prismaAppSyncHeader?.signature || {}
 
@@ -102,6 +103,7 @@ export async function createServer({ defaultQuery, lambdaHandler, port, schema,
                                     username: 'johndoe',
                                     sub: 'xxxxxx',
                                     resolverContext: {},
+                                    jwt: authorizationHeader,
                                 },
                                 ...signature,
                             })

diff --git a/packages/server/src/utils/useLambdaIdentity.ts b/packages/server/src/utils/useLambdaIdentity.ts
@@ -26,11 +26,12 @@ export default function useLambdaIdentity(identity: Authorization, opts?: mockOp
         return mock
     }
     else if (identity === Authorizations.AMAZON_COGNITO_USER_POOLS) {
+        const decodedJWTToken = opts?.jwt ? JSON.parse(Buffer.from(opts?.jwt?.split('.')[1], 'base64').toString()) : {}
         const mock: AMAZON_COGNITO_USER_POOLS = {
-            sub: opts?.sub || 'undefined',
+            sub: decodedJWTToken?.sub || 'undefined',
             issuer: 'string',
-            username: opts?.username || 'undefined',
-            claims: {},
+            username: decodedJWTToken?.['cognito:username'] || 'undefined',
+            claims: decodedJWTToken,
             sourceIp: [opts?.sourceIp || 'undefined'],
             defaultAuthStrategy: 'string',
             groups: ['admin', 'member'],
@@ -70,4 +71,5 @@ interface mockOptions {
     username: string
     sourceIp: string
     resolverContext: any
+    jwt: string
 }
diff --git a/scripts/test.mjs b/scripts/test.mjs
@@ -10,5 +10,5 @@ await $`npx prisma generate --schema tests/prisma/schema.prisma`
 
 // unit tests
 console.log(chalk.blue('\nTest :: Client\n'))
-await $`vitest run tests/**/*.spec.ts`
+await $`vitest run tests`
 
diff --git a/tests/server/utils/useLambdaIdentity.spec.ts b/tests/server/utils/useLambdaIdentity.spec.ts
@@ -0,0 +1,50 @@
+import useLambdaIdentity from '@appsync-server/utils/useLambdaIdentity'
+import { Authorizations } from '@client'
+import { describe, expect, it } from 'vitest'
+
+const toBase64 = (str: string) => Buffer.from(str).toString('base64')
+
+describe('Server | Utils', () => {
+    describe('#useLambdaIdentity', () => {
+        describe('when the identity equals to AMAZON_COGNITO_USER_POOLS', () => {
+            it('should extract data from JWT token', () => {
+                const header = {
+                    alg: 'RS256',
+                }
+                const data = {
+                    'sub': 'sub',
+                    'email_verified': true,
+                    'iss': 'https://cognito-idp.us-east-1.amazonaws.com/user_pool_id',
+                    'cognito:username': 'username',
+                    'origin_jti': 'origin_jti',
+                    'custom:variable': 'custom variable',
+                    'aud': 'aud',
+                    'event_id': 'event_id',
+                    'token_use': 'id',
+                    'auth_time': 1683789834,
+                    'exp': 1684737597,
+                    'iat': 1684733997,
+                    'jti': 'jti',
+                    'email': 'user@example.com',
+                }
+                const token = `${toBase64(JSON.stringify(header))}.${toBase64(JSON.stringify(data))}.fakesignature`
+
+                expect(useLambdaIdentity(Authorizations.AMAZON_COGNITO_USER_POOLS, {
+                    jwt: token,
+                    sub: 'mockSub',
+                    sourceIp: 'sourceId',
+                    username: 'mockUsername',
+                    resolverContext: {},
+                })).toEqual({
+                    sub: data.sub,
+                    issuer: 'string',
+                    username: data['cognito:username'],
+                    claims: data,
+                    sourceIp: ['sourceId'],
+                    defaultAuthStrategy: 'string',
+                    groups: ['admin', 'member'],
+                })
+            })
+        })
+    })
+})