(fix) bypass OPTIONS method from authorizer

scud.go

@@ -14,7 +14,6 @@ import (
 	"strings"
 
 	"github.com/aws/aws-cdk-go/awscdk/v2"
-	"github.com/aws/aws-cdk-go/awscdk/v2/awsapigateway"
 	apigw2 "github.com/aws/aws-cdk-go/awscdk/v2/awsapigatewayv2"
 	authorizers "github.com/aws/aws-cdk-go/awscdk/v2/awsapigatewayv2authorizers"
 	integrations "github.com/aws/aws-cdk-go/awscdk/v2/awsapigatewayv2integrations"
@@ -31,15 +30,17 @@ import (
 
 type GatewayProps struct {
 	*apigw2.HttpApiProps
-	Host   *string
-	TlsArn *string
+	Host         *string
+	TlsArn       *string
+	AllowOrigins *string
 }
 
 type Gateway struct {
 	constructs.Construct
 	RestAPI apigw2.HttpApi
 	domain  apigw2.DomainName
 	aRecord awsroute53.ARecord
+	methods *[]apigw2.HttpMethod
 }
 
 // NewGateway creates new instance of Gateway
@@ -53,10 +54,26 @@ func NewGateway(scope constructs.Construct, id *string, props *GatewayProps) *Ga
 		props.ApiName = awscdk.Aws_STACK_NAME()
 	}
 
-	if props.HttpApiProps.CorsPreflight == nil {
+	if props.HttpApiProps.CorsPreflight == nil && props.AllowOrigins != nil {
 		props.CorsPreflight = &apigw2.CorsPreflightOptions{
-			AllowOrigins: awsapigateway.Cors_ALL_ORIGINS(),
-			MaxAge:       awscdk.Duration_Minutes(jsii.Number(10)),
+			AllowOrigins: &[]*string{props.AllowOrigins},
+			AllowMethods: &[]apigw2.CorsHttpMethod{apigw2.CorsHttpMethod_ANY},
+			AllowHeaders: jsii.Strings(
+				"Authorization",
+				"Content-Type",
+			),
+			MaxAge: awscdk.Duration_Minutes(jsii.Number(10)),
+		}
+	}
+
+	if props.HttpApiProps.CorsPreflight != nil {
+		gw.methods = &[]apigw2.HttpMethod{
+			apigw2.HttpMethod_GET,
+			apigw2.HttpMethod_HEAD,
+			apigw2.HttpMethod_PATCH,
+			apigw2.HttpMethod_POST,
+			apigw2.HttpMethod_PUT,
+			apigw2.HttpMethod_DELETE,
 		}
 	}
 
@@ -122,6 +139,7 @@ func (gw *Gateway) createRoute53(host string) *Gateway {
 func (gw *Gateway) NewAuthorizerPublic() *AuthorizerPublic {
 	return &AuthorizerPublic{
 		RestAPI: gw.RestAPI,
+		methods: gw.methods,
 	}
 }
 
@@ -163,6 +181,7 @@ func (gw *Gateway) NewAuthorizerBasic(access, secret string, source ...string) *
 	return &AuthorizerBasic{
 		RestAPI:    gw.RestAPI,
 		authorizer: authorizer,
+		methods:    gw.methods,
 	}
 }
 
@@ -175,6 +194,7 @@ func (gw *Gateway) NewAuthorizerIAM() *AuthorizerIAM {
 	return &AuthorizerIAM{
 		RestAPI:    gw.RestAPI,
 		authorizer: authorizers.NewHttpIamAuthorizer(),
+		methods:    gw.methods,
 	}
 }
 
@@ -216,6 +236,7 @@ func (gw *Gateway) NewAuthorizerCognito(cognitoArn string, clients ...string) *A
 	return &AuthorizerJwt{
 		RestAPI:    gw.RestAPI,
 		authorizer: authorizer,
+		methods:    gw.methods,
 	}
 }
 
@@ -239,13 +260,15 @@ func (gw *Gateway) NewAuthorizerJwt(iss string, aud ...string) *AuthorizerJwt {
 	return &AuthorizerJwt{
 		RestAPI:    gw.RestAPI,
 		authorizer: authorizer,
+		methods:    gw.methods,
 	}
 }
 
 //------------------------------------------------------------------------------
 
 type AuthorizerPublic struct {
 	RestAPI apigw2.HttpApi
+	methods *[]apigw2.HttpMethod
 }
 
 // Associate a Lambda function with a REST API path. It uses the specified
@@ -267,6 +290,7 @@ func (api *AuthorizerPublic) AddResource(
 		api.RestAPI.AddRoutes(&apigw2.AddRoutesOptions{
 			Path:        jsii.String(path),
 			Integration: lambda,
+			Methods:     api.methods,
 		})
 	}
 
@@ -278,6 +302,7 @@ func (api *AuthorizerPublic) AddResource(
 type AuthorizerBasic struct {
 	RestAPI    apigw2.HttpApi
 	authorizer authorizers.HttpLambdaAuthorizer
+	methods    *[]apigw2.HttpMethod
 }
 
 // Associate a Lambda function with a REST API path. It uses the specified
@@ -300,6 +325,7 @@ func (api *AuthorizerBasic) AddResource(
 			Path:        jsii.String(path),
 			Integration: lambda,
 			Authorizer:  api.authorizer,
+			Methods:     api.methods,
 		})
 	}
 
@@ -312,6 +338,7 @@ type AuthorizerIAM struct {
 	constructs.Construct
 	RestAPI    apigw2.HttpApi
 	authorizer apigw2.IHttpRouteAuthorizer
+	methods    *[]apigw2.HttpMethod
 }
 
 // Associate a Lambda function with a REST API path. It uses the specified
@@ -337,6 +364,7 @@ func (api *AuthorizerIAM) AddResource(
 			Path:        jsii.String(path),
 			Integration: lambda,
 			Authorizer:  api.authorizer,
+			Methods:     api.methods,
 		})
 		(*routes)[0].GrantInvoke(grantee, nil)
 	}
@@ -350,6 +378,7 @@ type AuthorizerJwt struct {
 	constructs.Construct
 	RestAPI    apigw2.HttpApi
 	authorizer apigw2.IHttpRouteAuthorizer
+	methods    *[]apigw2.HttpMethod
 }
 
 // Associate a Lambda function with a REST API path. It uses the specified
@@ -376,6 +405,7 @@ func (api *AuthorizerJwt) AddResource(
 			Integration:         lambda,
 			Authorizer:          api.authorizer,
 			AuthorizationScopes: jsii.Strings(accessScope...),
+			Methods:             api.methods,
 		})
 	}