An AWS CDK construct library that provides a reCaptcha Authorizer for API Gateway REST APIs
npm install cdk-recaptcha-authorizerThis construct provides an API Gateway REST API authorizer that uses Google's reCAPTCHA service to detect abusive
traffic and allow or deny access to the API methods.
It currently only supports v3 of the reCAPTCHA service.
npm install cdk-recaptcha-authorizer
or
yarn add cdk-recaptcha-authorizer
pip install cdk-recaptcha-authorizer
``xml`
dotnet add package EngineAL.CDK.RecaptchaAuthorizer
See https://developers.google.com/recaptcha/docs/v3 for how to integrate reCAPTCHA in your client code. When
your client code executes the reCAPTCHA client, the returned token from the Google reCAPTCHA client library
should be included in the API Gateway request in the X-reCAPTCHA-Token header.
The RecaptchaAuthorizer can be used similarly to the TokenAuthorizer and RequestAuthorizer that areaws-cdk-lib/aws-apigateway
provided by the package. It accepts 3 properties:
* scoreThreshold (default: 0.5) is the threshold below which requests will be denied.allowedActions
* is a list of allowed actions. When your frontend executes the reCAPTCHA client, it providesreCaptchaSecretKey
an action name. The reCAPTCHA authorizer will verify this action is allowed and deny a request if the action
is not in this list.
* is a SecretKey that provides the reCAPTCHA secret key to the reCAPTCHA authorizer.
See Secret Key.
The following code attaches the reCAPTCHA authorizer to the 'GET' method of the root resource.
`typescript
const authorizer = new RecaptchaAuthorizer(this, 'reCaptchaAuthorizer', {
allowedActions: ['my-action'],
reCaptchaSecretKey: SecretKey.fromPlainText('my-secret-key')
});
api.root.addMethod('GET', new apigateway.MockIntegration(), {
authorizer
});
`
Authorizers can also be passed via the defaultMethodOptions property within the RestApi construct or the
Method construct. Unless explicitly overridden, the specified defaults will be applied across all Methods
across the RestApi or across all Resources, depending on where the defaults were specified.
#### Plain text
`typescript`
SecretKey.fromPlainText('my-secret-key')
#### SSM Parameter Store
`typescript`
const parameter = ssm.StringParameter.fromStringParameterName(this, 'TestParameter', 'test-secret-key');
SecretKey.fromSsmParameter(parameter)
#### Secrets Manager
`typescriptarn:${Stack.of(this).partition}:secretsmanager:${Stack.of(this).region}:${Stack.of(this).account}:secret:test-secret
const secretArn = ;`
const secret = secretsmanager.Secret.fromSecretArn(this, 'TestSecret', secretArn);
SecretKey.fromSecretsManager(secret)
This also supports JSON secrets, and you can specify an optional field to use:.
`typescriptarn:${Stack.of(this).partition}:secretsmanager:${Stack.of(this).region}:${Stack.of(this).account}:secret:test-secret
const secretArn = ;`
const secret = secretsmanager.Secret.fromSecretArn(this, 'TestSecret', secretArn);
SecretKey.fromSecretsManager(secret, 'my-secret-field')
* npm run build compile the projectnpm run watch
* watch for changes and compile as needednpm run package
* generates libraries for all languagesnpm run test` perform the jest unit tests
*
Copyright 2023 Aaron Lucia
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.