feat(nextjs-component): forward common headers such as authorization and host by default (#1660)

dphang · web-flow · commit 793f0a205bc0 · 2021-09-09T13:46:57.000-07:00
diff --git a/packages/e2e-tests/next-app/cypress/integration/api-routes.test.ts b/packages/e2e-tests/next-app/cypress/integration/api-routes.test.ts
@@ -18,7 +18,8 @@ describe("API Routes Tests", () => {
             } else {
               expect(response.body).to.deep.equal({
                 name: "This is a basic API route.",
-                method: method
+                method: method,
+                body: ""
               });
             }
           });
diff --git a/packages/e2e-tests/next-app/cypress/integration/rewrites.test.ts b/packages/e2e-tests/next-app/cypress/integration/rewrites.test.ts
@@ -177,5 +177,25 @@ describe("Rewrites Tests", () => {
         });
       });
     });
+
+    it("externally rewrites to /api/basic-api with correct method, body and forwarded auth headers", () => {
+      cy.request({
+        url: "/api/external-rewrite-internal-api",
+        method: "POST",
+        body: "blah",
+        failOnStatusCode: false,
+        headers: { Authorization: `Bearer 12345` }
+      }).then((response) => {
+        expect(response.status).to.equal(200);
+
+        // body should be the same as /api/basic-api
+        expect(response.body).to.deep.equal({
+          name: "This is a basic API route.",
+          method: "POST",
+          body: "blah",
+          authorization: "Bearer 12345" // authorization header is forwarded via CF, and external rewrite should forward it as well
+        });
+      });
+    });
   });
 });
diff --git a/packages/e2e-tests/next-app/next.config.js b/packages/e2e-tests/next-app/next.config.js
@@ -150,6 +150,10 @@ module.exports = {
       {
         source: "/no-op-rewrite",
         destination: "/ssr-page"
+      },
+      {
+        source: "/api/external-rewrite-internal-api",
+        destination: "/api/basic-api"
       }
     ];
   },
diff --git a/packages/e2e-tests/next-app/pages/api/basic-api.ts b/packages/e2e-tests/next-app/pages/api/basic-api.ts
@@ -3,13 +3,17 @@ import { NextApiRequest, NextApiResponse } from "next";
 type Data = {
   name: string;
   method: string | undefined;
+  authorization: string | undefined;
+  body: string;
 };
 
 export default (req: NextApiRequest, res: NextApiResponse<Data>) => {
   res.setHeader("Content-Type", "application/json");
 
   res.status(200).json({
     name: "This is a basic API route.",
-    method: req.method
+    method: req.method,
+    authorization: req.headers.authorization,
+    body: req.body
   });
 };
diff --git a/packages/serverless-components/nextjs-component/__tests__/custom-inputs.test.ts b/packages/serverless-components/nextjs-component/__tests__/custom-inputs.test.ts
@@ -808,6 +808,11 @@ describe("Custom inputs", () => {
         "PUT",
         "PATCH"
       ],
+      forward: {
+        cookies: "all",
+        headers: ["Authorization", "Host"],
+        queryString: true
+      },
       "lambda@edge": {
         ...(expectedInConfig["api/*"] &&
           expectedInConfig["api/*"]["lambda@edge"]),
@@ -844,6 +849,7 @@ describe("Custom inputs", () => {
         ],
         forward: {
           cookies: "all",
+          headers: ["Authorization", "Host"],
           queryString: true
         },
         compress: true,
@@ -869,6 +875,11 @@ describe("Custom inputs", () => {
               defaultTTL: 0,
               maxTTL: 31536000,
               allowedHttpMethods: ["HEAD", "GET"],
+              forward: {
+                cookies: "all",
+                headers: ["Authorization", "Host"],
+                queryString: true
+              },
               "lambda@edge": {
                 "origin-request":
                   "arn:aws:lambda:us-east-1:123456789012:function:my-func:v1",
@@ -880,6 +891,11 @@ describe("Custom inputs", () => {
               minTTL: 0,
               defaultTTL: 0,
               maxTTL: 31536000,
+              forward: {
+                cookies: "all",
+                headers: ["Authorization", "Host"],
+                queryString: true
+              },
               ...expectedApiCacheBehaviour
             },
             "_next/image*": {
@@ -893,7 +909,15 @@ describe("Custom inputs", () => {
               forward: {
                 headers: ["Accept"]
               },
-              allowedHttpMethods: expect.any(Array)
+              allowedHttpMethods: [
+                "HEAD",
+                "DELETE",
+                "POST",
+                "GET",
+                "OPTIONS",
+                "PUT",
+                "PATCH"
+              ]
             },
             "static/*": {
               ...customPageCacheBehaviours["static/*"],
@@ -975,18 +999,9 @@ describe("Custom inputs", () => {
           "arn:aws:lambda:us-east-1:123456789012:function:my-func:v1"
       };
 
-      // If path is api/*, then it has allowed HTTP methods by default
-      if (pathName === "api/*") {
-        cloudFrontInput[pathName]["allowedHttpMethods"] = [
-          "HEAD",
-          "DELETE",
-          "POST",
-          "GET",
-          "OPTIONS",
-          "PUT",
-          "PATCH"
-        ];
-      }
+      // we want to make sure that default behaviors are combined correctly
+      const apiCloudFrontInput = cloudFrontInput["api/*"];
+      delete cloudFrontInput["api/*"];
 
       const expectedInput = {
         origins: [
@@ -1002,7 +1017,12 @@ describe("Custom inputs", () => {
                     "arn:aws:lambda:us-east-1:123456789012:function:my-func:v1"
                 },
                 maxTTL: 31536000,
-                minTTL: 0
+                minTTL: 0,
+                forward: {
+                  cookies: "all",
+                  headers: ["Authorization", "Host"],
+                  queryString: true
+                }
               },
               "_next/static/*": {
                 defaultTTL: 86400,
@@ -1024,13 +1044,19 @@ describe("Custom inputs", () => {
                   "PUT",
                   "PATCH"
                 ],
+                forward: {
+                  cookies: "all",
+                  headers: ["Authorization", "Host"],
+                  queryString: true
+                },
                 defaultTTL: 0,
                 "lambda@edge": {
                   "origin-request":
                     "arn:aws:lambda:us-east-1:123456789012:function:my-func:v1"
                 },
                 maxTTL: 31536000,
-                minTTL: 0
+                minTTL: 0,
+                ...apiCloudFrontInput
               },
               "_next/image*": {
                 minTTL: 0,
@@ -1043,7 +1069,15 @@ describe("Custom inputs", () => {
                 forward: {
                   headers: ["Accept"]
                 },
-                allowedHttpMethods: expect.any(Array)
+                allowedHttpMethods: [
+                  "HEAD",
+                  "DELETE",
+                  "POST",
+                  "GET",
+                  "OPTIONS",
+                  "PUT",
+                  "PATCH"
+                ]
               },
               "static/*": {
                 defaultTTL: 86400,
diff --git a/packages/serverless-components/nextjs-component/__tests__/deploy.test.ts b/packages/serverless-components/nextjs-component/__tests__/deploy.test.ts
@@ -310,10 +310,19 @@ describe.each`
     it("creates distribution", () => {
       expect(mockCloudFront).toBeCalledWith({
         defaults: {
-          allowedHttpMethods: expect.any(Array),
+          allowedHttpMethods: [
+            "HEAD",
+            "DELETE",
+            "POST",
+            "GET",
+            "OPTIONS",
+            "PUT",
+            "PATCH"
+          ],
           forward: {
-            queryString: true,
-            cookies: "all"
+            cookies: "all",
+            headers: ["Authorization", "Host"],
+            queryString: true
           },
           minTTL: 0,
           defaultTTL: 0,
@@ -346,6 +355,11 @@ describe.each`
                 defaultTTL: 0,
                 maxTTL: 31536000,
                 allowedHttpMethods: ["HEAD", "GET"],
+                forward: {
+                  cookies: "all",
+                  headers: ["Authorization", "Host"],
+                  queryString: true
+                },
                 "lambda@edge": {
                   "origin-request":
                     "arn:aws:lambda:us-east-1:123456789012:function:default-cachebehavior-func:v1",
@@ -371,7 +385,20 @@ describe.each`
                   "origin-request":
                     "arn:aws:lambda:us-east-1:123456789012:function:api-cachebehavior-func:v1"
                 },
-                allowedHttpMethods: expect.any(Array)
+                allowedHttpMethods: [
+                  "HEAD",
+                  "DELETE",
+                  "POST",
+                  "GET",
+                  "OPTIONS",
+                  "PUT",
+                  "PATCH"
+                ],
+                forward: {
+                  cookies: "all",
+                  headers: ["Authorization", "Host"],
+                  queryString: true
+                }
               },
               "_next/image*": {
                 minTTL: 0,
@@ -384,7 +411,15 @@ describe.each`
                 forward: {
                   headers: ["Accept"]
                 },
-                allowedHttpMethods: expect.any(Array)
+                allowedHttpMethods: [
+                  "HEAD",
+                  "DELETE",
+                  "POST",
+                  "GET",
+                  "OPTIONS",
+                  "PUT",
+                  "PATCH"
+                ]
               }
             }
           }
diff --git a/packages/serverless-components/nextjs-component/src/component.ts b/packages/serverless-components/nextjs-component/src/component.ts
@@ -661,6 +661,13 @@ class NextjsComponent extends Component {
           "PUT",
           "PATCH"
         ],
+        forward: {
+          headers: routesManifest.i18n
+            ? ["Accept-Language", "Authorization", "Host"]
+            : ["Authorization", "Host"],
+          cookies: "all",
+          queryString: true
+        },
         // lambda@edge key is last and therefore cannot be overridden
         "lambda@edge": {
           "origin-request": `${apiEdgeLambdaOutputs.arn}:${apiEdgeLambdaPublishOutputs.version}`
@@ -782,6 +789,11 @@ class NextjsComponent extends Component {
       defaultTTL: 0,
       maxTTL: 31536000,
       allowedHttpMethods: ["HEAD", "GET"],
+      forward: {
+        cookies: "all",
+        headers: ["Authorization", "Host"],
+        queryString: true
+      },
       "lambda@edge": {
         "origin-response": `${defaultEdgeLambdaOutputs.arn}:${defaultEdgeLambdaPublishOutputs.version}`,
         "origin-request": `${defaultEdgeLambdaOutputs.arn}:${defaultEdgeLambdaPublishOutputs.version}`
@@ -850,7 +862,9 @@ class NextjsComponent extends Component {
         maxTTL: 31536000,
         ...cloudFrontDefaults,
         forward: {
-          headers: routesManifest.i18n ? ["Accept-Language"] : undefined,
+          headers: routesManifest.i18n
+            ? ["Accept-Language", "Authorization", "Host"]
+            : ["Authorization", "Host"],
           cookies: "all",
           queryString: true,
           ...cloudFrontDefaults.forward

Original file line number	Diff line number	Diff line change
`@@ -150,6 +150,10 @@ module.exports = {`
`150`	`150`	`{`
`151`	`151`	`source: "/no-op-rewrite",`
`152`	`152`	`destination: "/ssr-page"`
	`153`	`+ },`
	`154`	`+ {`
	`155`	`+ source: "/api/external-rewrite-internal-api",`
	`156`	`+ destination: "/api/basic-api"`
`153`	`157`	`}`
`154`	`158`	`];`
`155`	`159`	`},`