brought back handling of base64 values from api gateway stage variables

framework/aegis.go

@@ -28,6 +28,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode"
 
 	"github.com/aws/aws-lambda-go/events"
 	"github.com/aws/aws-lambda-go/lambda"
@@ -168,20 +169,26 @@ func (a *Aegis) setAegisVariables(ctx context.Context, evt map[string]interface{
 				// Try to base64 decode it, because API Gateway stage variables may be encoded because
 				// they do not support certain special characters, which is a big problem for sensitive
 				// credentials that often include special characters.
-				// TODO: Find another solution, if possible. May need to pre/suffix variables because
-				// it's actually possible to have a value that's a valid base64 string that isn't
-				// intended to be decoded.
-				// It may ultimately be up to the user to decode. They set the value after all.
-				//
-				// sDec, err := base64.StdEncoding.DecodeString(v)
-				// if err == nil {
-				// 	a.Services.Variables[k] = string(sDec)
-				// }
+				sDec, err := base64.StdEncoding.DecodeString(v)
+				if err == nil && isASCII(string(sDec)) {
+					a.Services.Variables[k] = string(sDec)
+				}
 			}
 		}
 	}
 }
 
+// isASCII is a simple check to help determine if a base64 decode was necessary when reading values
+// from API Gateway stage variables
+func isASCII(s string) bool {
+	for _, c := range s {
+		if c > unicode.MaxASCII {
+			return false
+		}
+	}
+	return true
+}
+
 // aegisHandler configures services and determines how to handle the Lambda event
 func (a *Aegis) aegisHandler(ctx context.Context, evt map[string]interface{}) (interface{}, error) {
 	if a.TraceContext == nil {

framework/aegis_test.go

@@ -43,8 +43,9 @@ func TestAegis(t *testing.T) {
 		"httpMethod": "GET",
 		"path":       "/",
 		"stageVariables": map[string]string{
-			"foo": "bar",
-			"b64": "aGVsbG8gd29ybGQ=",
+			"foo":              "bar",
+			"b64":              "aGVsbG8gd29ybGQ=",
+			"b64FalsePositive": "aegistest",
 		},
 		"requestContext": map[string]interface{}{
 			"stage": "dev",
@@ -79,6 +80,12 @@ func TestAegis(t *testing.T) {
 		a.setAegisVariables(ctx, evt)
 		Convey("Should set variables from API Gateway stage variables", func() {
 			So(a.Variables, ShouldContainKey, "foo")
+			So(a.Variables, ShouldContainKey, "b64FalsePositive")
+			So(a.Variables["b64FalsePositive"], ShouldEqual, "aegistest")
+		})
+		Convey("Should handle base64 encoded values from API Gateway stage variables", func() {
+			So(a.Variables, ShouldContainKey, "b64")
+			So(a.Variables["b64"], ShouldEqual, "hello world")
 		})
 	})
 

version/HISTORY.md

@@ -28,6 +28,10 @@ a lightweight set of helpers or framework to help build things faster. It's to b
 and flexible. 1.x will focus on adding more event router/handlers and helper functions.
 Not every possible service will likely ever covered, the focus will be on the common.
 
+## 1.16.1
+
+- Brought back the base64 decoding of API Gateway stage variables
+
 ## 1.16.0
 
 - Fixed an issue where convenience was causing problems with AWS SDK rate limiting, using Cognito

version/version.go

@@ -2,7 +2,7 @@
 package version
 
 // Semantic defines a semver string for aegis
-const Semantic = "1.16.0"
+const Semantic = "1.16.1"
 
 // Current will return the current version
 func Current() string {