问题
I've configured API gateway via lambda function deployed with serverless framework. I've defined some queryStringParameters to be true in the yaml file. But the request is passing through the service even when the Required(mandatory) queryStringParams are not passed in URL. PFB the similar config.
functions:
functionName:
name: serviceName
handler: handler.handle
events:
- http:
path: /path
method: get
request:
parameters:
querystrings:
param1: true
param2: true
Seems serverless is not validating whether param1 and param2 are passed as queryString. Should we have an explicit Request validator?. Is it possible to do so with Serverless?
回答1:
Came here looking for a simple, straightforward answer and didn't want to add plugins as suggested in "Request validation using serverless framework".
If you set parameters as required and want to validate them, you must add a request validator to your serverless.yml
Resources:
ParameterRequestValidator:
Type: AWS::ApiGateway::RequestValidator
Properties:
Name: ParameterRequestValidator
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: false
ValidateRequestParameters: true
ApiGatewayMethodNameOfYourApiLookItUpInYourTemplate:
Properties:
RequestValidatorId:
Ref: ParameterRequestValidator
The method you want to validate will be named something like ApiGateway<Method><Get | Post | Patch | Put | Delete >:. You can look the name up when you package your serverless functions in the created template files.
Courtesy for this solutions goes to https://github.com/serverless/serverless/issues/5034#issuecomment-581832806
回答2:
For those of you failing to see this, like I also did.
This is what you need to do in plain english.
Turn
ApiGatewayMethodNameOfYourApiLookItUpInYourTemplate
to
APIGatewayMethod<1><2>
In my case, it was APIGatewayDealsGet
The thing I was looking at was my handler name in serverless
list:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /deals
# - method: GET request
handler: list.main
events:
- http:
path: deals
method: get
cors: true
authorizer: aws_iam
request:
parameters:
querystrings:
country: true
type: true
Alternatively, if this does not work, check the s3 bucket, mine was called xxxxxxx-ap-serverlessdeploymentbuck-1epdp60eqveqr and go to serverless > yyyyyyyyyyy > aaaa > timestamp > compiled-cloudformation-template.json
And look for the name of your method in there, example mine was:
"ApiGatewayMethodDealsGet": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"HttpMethod": "GET",
"RequestParameters": {
来源:https://stackoverflow.com/questions/49065665/querystring-parameters-are-not-getting-validated-even-after-setting-the-params-t