diff --git a/libnymea-remoteproxy/authentication/aws/authenticationprocess.cpp b/libnymea-remoteproxy/authentication/aws/authenticationprocess.cpp index 92d9954..a24e73d 100644 --- a/libnymea-remoteproxy/authentication/aws/authenticationprocess.cpp +++ b/libnymea-remoteproxy/authentication/aws/authenticationprocess.cpp @@ -27,7 +27,7 @@ #include #include - +#include "engine.h" #include "sigv4utils.h" namespace remoteproxy { @@ -47,13 +47,12 @@ AuthenticationProcess::AuthenticationProcess(QNetworkAccessManager *manager, con void AuthenticationProcess::invokeLambdaFunction() { // Known configurations - QString region = "eu-west-1"; - QString lambdaFunctionName = "system-services-authorizer-dev-checkToken"; + QString region = Engine::instance()->configuration()->awsRegion(); + QString lambdaFunctionName = Engine::instance()->configuration()->awsAuthorizerLambdaFunctionName(); + QString invocationType = "RequestResponse"; QString service = "lambda"; - // {'url_path': '/2015-03-31/functions/system-services-authorizer-dev-checkToken/invocations', 'query_string': {}, 'method': 'POST', 'headers': {'X-Amz-Invocation-Type': 'RequestResponse', 'User-Agent': 'aws-cli/1.14.44 Python/3.6.5 Linux/4.15.0-1019-aws botocore/1.8.48'}, 'body': b'{"token": "...."}', 'url': 'https://lambda.eu-west-1.amazonaws.com/2015-03-31/functions/system-services-authorizer-dev-checkToken/invocations', 'context': {'client_region': 'eu-west-1', 'client_config': , 'has_streaming_input': True, 'auth_type': None}} - QUrl requestUrl; requestUrl.setScheme("https"); requestUrl.setHost(QString("lambda.%1.amazonaws.com").arg(region)); diff --git a/libnymea-remoteproxy/proxyconfiguration.cpp b/libnymea-remoteproxy/proxyconfiguration.cpp index dbc300f..375eb38 100644 --- a/libnymea-remoteproxy/proxyconfiguration.cpp +++ b/libnymea-remoteproxy/proxyconfiguration.cpp @@ -51,11 +51,15 @@ bool ProxyConfiguration::loadConfiguration(const QString &fileName) setWriteLogFile(settings.value("writeLogs", false).toBool()); setLogFileName(settings.value("logFile", "/var/log/nymea-remoteproxy.log").toString()); setMonitorSocketFileName(settings.value("monitorSocket", "/tmp/nymea-remoteproxy.monitor").toString()); - setJsonRpcTimeout(settings.value("jsonRpcTimeout", 10000).toInt()); setAuthenticationTimeout(settings.value("authenticationTimeout", 8000).toInt()); setInactiveTimeout(settings.value("inactiveTimeout", 8000).toInt()); setAloneTimeout(settings.value("aloneTimeout", 8000).toInt()); + settings.endGroup(); + + settings.beginGroup("AWS"); + setAwsRegion(settings.value("region", "eu-west-1").toString()); + setAwsAuthorizerLambdaFunctionName(settings.value("authorizerLambdaFunction", "system-services-authorizer-dev-checkToken").toString()); setAwsCredentialsUrl(QUrl(settings.value("awsCredentialsUrl", "http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2-Remote-Connection-Proxy-Role").toString())); settings.endGroup(); @@ -205,6 +209,26 @@ void ProxyConfiguration::setAloneTimeout(int timeout) m_aloneTimeout = timeout; } +QString ProxyConfiguration::awsRegion() const +{ + return m_awsRegion; +} + +void ProxyConfiguration::setAwsRegion(const QString ®ion) +{ + m_awsRegion = region; +} + +QString ProxyConfiguration::awsAuthorizerLambdaFunctionName() const +{ + return m_awsAuthorizerLambdaFunctionName; +} + +void ProxyConfiguration::setAwsAuthorizerLambdaFunctionName(const QString &functionName) +{ + m_awsAuthorizerLambdaFunctionName = functionName; +} + QUrl ProxyConfiguration::awsCredentialsUrl() const { return m_awsCredentialsUrl; @@ -302,7 +326,10 @@ QDebug operator<<(QDebug debug, ProxyConfiguration *configuration) debug.nospace() << " - Authentication timeout:" << configuration->authenticationTimeout() << " [ms]" << endl; debug.nospace() << " - Inactive timeout:" << configuration->inactiveTimeout() << " [ms]" << endl; debug.nospace() << " - Alone timeout:" << configuration->aloneTimeout() << " [ms]" << endl; - debug.nospace() << " - AWS credentials URL:" << configuration->awsCredentialsUrl().toString() << endl; + debug.nospace() << "AWS configuration" << endl; + debug.nospace() << " - Region:" << configuration->awsRegion() << endl; + debug.nospace() << " - Authorizer lambda function:" << configuration->awsAuthorizerLambdaFunctionName() << endl; + debug.nospace() << " - Credentials URL:" << configuration->awsCredentialsUrl().toString() << endl; debug.nospace() << "SSL configuration" << endl; debug.nospace() << " - Certificate:" << configuration->sslCertificateFileName() << endl; debug.nospace() << " - Certificate key:" << configuration->sslCertificateKeyFileName() << endl; diff --git a/libnymea-remoteproxy/proxyconfiguration.h b/libnymea-remoteproxy/proxyconfiguration.h index c1a8225..cfebf6a 100644 --- a/libnymea-remoteproxy/proxyconfiguration.h +++ b/libnymea-remoteproxy/proxyconfiguration.h @@ -65,6 +65,13 @@ public: int aloneTimeout() const; void setAloneTimeout(int timeout); + // AWS + QString awsRegion() const; + void setAwsRegion(const QString ®ion); + + QString awsAuthorizerLambdaFunctionName() const; + void setAwsAuthorizerLambdaFunctionName( const QString &functionName); + QUrl awsCredentialsUrl() const; void setAwsCredentialsUrl(const QUrl &url); @@ -107,6 +114,9 @@ private: int m_inactiveTimeout = 8000; int m_aloneTimeout = 8000; + // AWS + QString m_awsRegion; + QString m_awsAuthorizerLambdaFunctionName; QUrl m_awsCredentialsUrl; // Ssl diff --git a/nymea-remoteproxy.conf b/nymea-remoteproxy.conf index 2cc38f3..7690741 100644 --- a/nymea-remoteproxy.conf +++ b/nymea-remoteproxy.conf @@ -7,6 +7,10 @@ jsonRpcTimeout=10000 authenticationTimeout=8000 inactiveTimeout=8000 aloneTimeout=8000 + +[AWS] +region=eu-west-1 +authorizerLambdaFunction=system-services-authorizer-dev-checkToken awsCredentialsUrl=http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2-Remote-Connection-Proxy-Role [SSL]