{"id":23066932,"url":"https://github.com/dvsa/cvs-svc-authoriser","last_synced_at":"2026-04-05T08:02:06.975Z","repository":{"id":37444836,"uuid":"169060734","full_name":"dvsa/cvs-svc-authoriser","owner":"dvsa","description":"Lambda Custom Authoriser for CVS Services exposed via AWS APIG","archived":false,"fork":false,"pushed_at":"2026-02-22T06:20:55.000Z","size":1625,"stargazers_count":0,"open_issues_count":18,"forks_count":3,"subscribers_count":8,"default_branch":"develop","last_synced_at":"2026-02-22T13:27:49.510Z","etag":null,"topics":["app-dev","cvs-project","lambda-authorizer"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvsa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-02-04T10:19:45.000Z","updated_at":"2026-01-22T12:03:17.000Z","dependencies_parsed_at":"2025-04-23T12:31:11.635Z","dependency_job_id":"b30ddf40-ec74-4f69-a0cf-ee46a538c13b","html_url":"https://github.com/dvsa/cvs-svc-authoriser","commit_stats":null,"previous_names":[],"tags_count":2973,"template":false,"template_full_name":null,"purl":"pkg:github/dvsa/cvs-svc-authoriser","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcvs-svc-authoriser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcvs-svc-authoriser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcvs-svc-authoriser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcvs-svc-authoriser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvsa","download_url":"https://codeload.github.com/dvsa/cvs-svc-authoriser/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcvs-svc-authoriser/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29995910,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["app-dev","cvs-project","lambda-authorizer"],"created_at":"2024-12-16T05:15:37.302Z","updated_at":"2026-03-02T08:08:21.980Z","avatar_url":"https://github.com/dvsa.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cvs-svc-authoriser\n\nCustom authentication and authorisation mechanism for all CVS API Gateway calls.\n\n- Calls to CVS APIG trigger Lambda handler [authorizer.ts][authorizer-ts], as described on [AWS Lambda Authorizer Input][lambda-authorizer-input].\n- This Lambda will return a policy document, as described on [AWS Lambda Authorizer Input][lambda-authorizer-input].\n\n## Documentation\n\nSee the [Lambda Authorizer Confluence page][confluence].\n\n## Configuration\n\n- Configuration is a TS object of type `AuthorizerConfig`.\n- Both `AuthorizerConfig` and the configuration itself are in [configuration.ts][configuration-ts].\n- A (fake) example can be found [here][fake-config].\n\n## Prerequisites\n\n### Node JS\n\nCheck you have Node and NPM in your terminal:\n\n```shell script\nnode --version\nnpm --version\n```\n\n**We strongly recommend [`nvm`][nvm] to manage your Node installations** ([`nvm-windows`][nvm-windows] on Windows). The project's `.nvmrc` (root directory) contains the recommended Node version.\n\nTo install on Linux:\n\n```shell script\nsudo apt install nodejs\n```\n\nTo install on MacOS, either:\n\n- Download from [official site][nodejs]\n- Use [Homebrew][homebrew]: `brew install node`\n\nTo install on Windows, either:\n\n- Download from [official site][nodejs]\n- Use [Chocolatey][chocolatey]: `cinst nodejs.install`\n\n## Dependencies\n\n```shell script\nnpm install\n```\n\nNote the project's `.npmrc` intentionally specifies [`save-exact`][save-exact]. This means dependencies at runtime will be locked to the specific version present in `package.json`.\n\n## Environment variables\n\nThis project does not have a `.env` file. Environment variables are not needed for local development, including for running tests. _If this changes in future, please update this documentation._\n\nPolicy documents (authorizer return values) use four environment variables:\n\n| Environment variable | Default     |\n| -------------------- | ----------- |\n| `AWS_REGION `        | `eu-west-1` |\n| `AWS_ACCOUNT_ID`     | `*`         |\n| `AWS_APIG_ID`        | `*`         |\n| `AWS_APIG_STAGE`     | `*`         |\n\nCurrently, **none of these are explicitly set by Terraform**, so the default values are important.\n\nIn addition, all Terraform'd Lambda functions in DVSA share three environment variables:\n\n- `BRANCH`, currently set in `package.json` scripts. Doesn't make a difference when running locally.\n- `BUCKET`, unused.\n- `SECRET_NAME`, unused.\n\n## Build\n\n```shell script\nnpm run build\n```\n\nOutput folder: `build/` (Git-ignored)\n\nOn Windows, you will need to use [Git Bash][git-bash]. You may also need to:\n\n- replace `export` statements with your own environment variable configuration.\n- find binaries for things like `cpio`.\n\n## Test\n\n```shell script\nnpm test\n```\n\nThis project only contains unit tests. For integration tests, see [cvs-svc-auto][cvs-svc-auto].\n\n## Local Invocation\n\nThe [serverless-offline][serverless-offline] package is used to run the lambda locally. A test function is initialiased and protected by the lambda authoriser. Details of the configuration are in the serverless.yml file.\nBefore running/debugging, copy the `.env.example` file to `.env`.\n\n- `AZURE_CLIENT_ID` needs to be a list of audiences the tokens will be validated against.\n- `AZURE_TENANT_ID` needs to be the tenantId to use for the token validation.\n\n### Running\n\nRun `npm start` to run the test function and lambda authoriser. Once running, the test function can be called using postman or something similar. An example postman collection can be found at `tests/resources/authoriser.postman_collection.json`. There are a number of variables that need population before it will work. These are the details of credentials you will want to test i.e. clientId, secret etc.\nIf there is any reason the token does not allow access to the resource the reason is sent back in the response.\n\n```json\n{\n  \"statusCode\": 403,\n  \"error\": \"Forbidden\",\n  \"message\": \"User is not authorized to access this resource\"\n}\n```\n\nIf the token does allow access, the request will be allowed through to the test function and `\"Test function successfully invoked. Access was granted.\"` is returned in the response.\n\n### Debugging\n\nA debug configuration has been added that runs `npm start` under a debug session. Testing is performed via postman as described above.\n\n[confluence]: https://wiki.dvsacloud.uk/display/HVT/Lambda+Authoriser\n[nvm]: https://github.com/nvm-sh/nvm\n[nvm-windows]: https://github.com/coreybutler/nvm-windows\n[nodejs]: https://nodejs.org\n[homebrew]: https://brew.sh\n[chocolatey]: https://chocolatey.org\n[git-bash]: https://git-scm.com/downloads\n[save-exact]: https://docs.npmjs.com/cli/v6/using-npm/config#save-exact\n[cvs-svc-auto]: https://github.com/dvsa/cvs-auto-svc\n[authorizer-ts]: https://github.com/dvsa/cvs-svc-authoriser/blob/develop/src/functions/authorizer.ts\n[configuration-ts]: https://github.com/dvsa/cvs-svc-authoriser/blob/develop/src/services/configuration.ts\n[fake-config]: https://github.com/dvsa/cvs-svc-authoriser/blob/develop/tests/resources/config-test.yml\n[lambda-authorizer-input]: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html\n[lambda-authorizer-output]: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html\n[serverless-offline]: https://www.serverless.com/plugins/serverless-offline\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvsa%2Fcvs-svc-authoriser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvsa%2Fcvs-svc-authoriser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvsa%2Fcvs-svc-authoriser/lists"}