stag-sandbox-lambda

Stagirite Sandboxer as an AWS Lambda Service with REST API

A Lambda and Amazon API Gateway wrapper around the Esprima based 'Sandboxer' in the Stagirite core.

The key module is require'd by private npm: @andynuss/stag0jsmunge

Usage

Install project:
npm install

Deploy to AWS Lambda with updated code:
npm run-script deploy

Get AWS Lambda info:
npm run-script info

Note: to deploy to AWS, you must have credentials. Also, be sure to set default region to "us-west-2". Note: npm run-script deploy will tag and push to remote repo.

Client API

Currently, the API supports one method: a POST of a JavaScript "script", which will respond with the sandbox'ed result.

The API endpoint can be found at:
https://kdldbofr5a.execute-api.us-west-2.amazonaws.com/dev/sandbox-lambda

Request Body should be of type JSON(application/json), in the form:

{
  "script": "var a = b[c]"
}

Response Body returns the sandbox'ed "result" in stringify'd JSON:

{
  "result": "\"//var a=b[c];\nvar a=$$_s.Get($$_w,b,c,1);\n\""
}

Note: The AWS API Gateway endpoint is currently "open", meaning that the access to the API doesn't require an auth token. This does not mean that the Lambda function code is visible/accessible on the public Internet; the AWS API Gateway hides and secures everything behind itself.

AWS Console

AWS API Gateway console:
https://us-west-2.console.aws.amazon.com/apigateway/home?region=us-west-2#/restapis/kdldbofr5a/resources/6kw15ioppi

The Sandboxer Lambda function itself, including monitoring and logging:
https://us-west-2.console.aws.amazon.com/lambda/home?region=us-west-2#/functions/sandbox-lambda

Notes and lessons learned:

• The 'export'ed function in this file MUST be called handler or Lambda will barf.

TODO

• API key management
• Add a second endpoint called "test".