https://github.com/wulfmann/serverless-static-site-password

Serverless Static Site Password
https://github.com/wulfmann/serverless-static-site-password

aws cloudfront jwt lambda password serverless static-site

Last synced: about 2 months ago
JSON representation

Serverless Static Site Password

• Host: GitHub
• URL: https://github.com/wulfmann/serverless-static-site-password
• Owner: wulfmann
• Created: 2020-11-17T20:57:01.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-11-18T14:07:16.000Z (over 5 years ago)
• Last Synced: 2025-04-03T06:34:02.236Z (about 1 year ago)
• Topics: aws, cloudfront, jwt, lambda, password, serverless, static-site
• Language: Python
• Homepage:
• Size: 31.3 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Serverless Static Site Password

This repo contains example code for implementing a static site password via AWS lambda@edge and CDK.

## Overview

When a request is made to the site, a lambda@edge (Viewer Certificate) is triggered by cloudfront. This lambda checks for the presence of a cookie that contains a signed token. It validates the signature and checks if it is expired. If it's valid, it allows the request. If the token is absent or invalid/expired, the request is redirected to the login page. The login page is configured to send the password to a `/_callback` route. When the lambda is triggered, it checks the request uri to see if it matched `_callback`. If it does, it validates the password and issues a new token. If the password is invalid, the request is blocked. The newly created token is passed back in the aforementioned cookie.