Request validation using serverless framework
I am using serverless framework for the backend. How can I implement request validation? (do not want to write validation inside lambda functions).
Answer
To implement request validation using serverless you need to do a couple of things:
Include your model/header definitions in your stack, and then tell API gateway to use them for request validation.
You'll need to install the following packages:
And then you'll need to include them in your serverless.yml:
plugins:
- serverless-reqvalidator-plugin
- serverless-aws-documentation
Note: below is only a quick run-down of how to incorporate the packages. Visit the packages' documentation pages for more comprehensive examples...
Provide API gateway with a description of your models / headers.
You can import json schemas for your models, and declare http headers using the
serverless-aws-documentationplugin. Here's how you'd add a model to yourserverless.yml:custom: documentation: api: info: version: v0.0.0 title: Some API title description: Some API description models: - name: SomeLambdaRequest contentType: application/json schema: ${file(models/SomeLambdaRequest.json)} # reference to your model's json schema file. You can also declare the model inline.And here's how you'd reference the model in your lambda definition:
functions: someLambda: handler: src/someLambda.handler events: - http: # ... snip ... documentation: summary: some summary description: some description requestBody: description: some description requestModels: application/json: SomeLambdaRequestYou can also declare request headers against your lambda definition like so:
functions: someLambda: handler: src/someLambda.handler events: - http: # ... snip ... documentation: summary: some summary description: some description requestHeaders: - name: x-some-header description: some header value required: true # true or false - name: x-another-header description: some header value required: false # true or falseTell API gateway to actually use the models for validation
This part makes use of the
serverless-reqvalidator-pluginpackage, and you need to addAWS::ApiGateway::RequestValidatorresources to yourserverless.ymlfile. You can specify whether you want to validate request body, request headers, or both.resources: Resources: onlyBody: Type: AWS::ApiGateway::RequestValidator Properties: Name: 'only-body' RestApiId: Ref: ApiGatewayRestApi ValidateRequestBody: true # true or false ValidateRequestParameters: false # true or falseAnd then on individual functions you can make use of the validator like so:
functions: someLambda: handler: src/someLambda.handler events: - http: # ... snip ... reqValidatorName: onlyBody # reference and use the 'only-body' request validator
Put all together your lambda definition would end up looking a little like this:
functions:
someLambda:
handler: src/someLambda.handler
events:
- http:
# ... snip ...
reqValidatorName: onlyBody # reference and use the 'only-body' request validator
documentation:
summary: some summary
description: some description
requestBody:
description: some description
requestModels:
application/json: SomeLambdaRequest
requestHeaders:
- name: x-some-header
description: some header value
required: true # true or false
- name: x-another-header
description: some header value
required: false # true or false