Serverless: APIG events now force both json and form-urlencoded templates

Created on 1 Sep 2016 · 3Comments · Source: serverless/serverless

This is a Feature Proposal

Description

When defining APIG http events the code now forces creation of mappings for both application/json as well as application/x-www-form-urlencoded. While you can override the template, there is no way to exclude these mappings (i.e., I only want to allow json requests on an endpoint)

This change was recently introduced via this commit into lib/plugins/aws/deploy/compile/events/apiGateway/lib/methods.js:

const integrationRequestTemplates = {
  'application/json': DEFAULT_JSON_REQUEST_TEMPLATE,
  'application/x-www-form-urlencoded': DEFAULT_FORM_URL_ENCODED_REQUEST_TEMPLATE,
};

While I think it's incredibly useful to have these 2 options (and templates pre-defined), I think it would be best to allow the user to optionally include only the templates they want.

Something like the following might make sense:

functions:
  create:
    handler: posts.create
    events:
      - http:
          method: get
          path: whatever
          request:
            template:
              text/xhtml: { "stage" : "$context.stage" }   # add additional template
              application/json: { "httpMethod" : "$context.httpMethod" }  # add mapping and override default template
              application/x-www-form-urlencoded: true    # add mapping and use default template

With the current open issue (#1168) around APIG pass through behavior, and a pending PR (#1992) to address it, this becomes more important to be able to fully restrict methods to desired Content-Types.

Source

anreved

👍1

Most helpful comment

I definitely like the idea of the feature to be able to really lock down the default templates, but imho it would have to happen for the whole service.

My assumption is that if you want to completely lock down the default templates you'll want to do this in every method across your service. So I think I'd prefer something like

provider:
  apigateway:
    default-request-templates: false

Otherwise you'd have to duplicate configuration like crazy (which is already necessary for example when you want to set separate templates for several functions, but imho less of a problem because you only need this for events that have request data.

But I'm not sure yet :D. @serverless/vip any thoughts on that, especially @HyperBrain ?

flomotlik on 2 Sep 2016

👍2

All 3 comments

I definitely like the idea of the feature to be able to really lock down the default templates, but imho it would have to happen for the whole service.

My assumption is that if you want to completely lock down the default templates you'll want to do this in every method across your service. So I think I'd prefer something like

provider:
  apigateway:
    default-request-templates: false

But I'm not sure yet :D. @serverless/vip any thoughts on that, especially @HyperBrain ?

flomotlik on 2 Sep 2016

👍2

This should be possible with this now: https://serverless.com/framework/docs/providers/aws/events/apigateway#custom-request-templates

flomotlik on 5 Nov 2016

@flomotlik How do custom templates address the OP use case of simply opting out of the default application/x-www-form-urlencoded template, without the need to create a custom template for application/json?