时间戳

首页 > 解决方案 > 使用来自 GET 的 CSRF 令牌并在 POST 中使用它 | 403 禁止 | AWS 拉姆达

node.js - 使用来自 GET 的 CSRF 令牌并在 POST 中使用它 | 403 禁止 | AWS 拉姆达

问题描述

我正在通过 aws lambda 创建 node.js 函数,该函数向 Hybris Market Place 发出 GET 请求并获取 CSRF 令牌。然后我使用该令牌发出另一个 POST 请求以将一些数据发布到 Hybris Market 地方,但我收到 403 Forbidden 错误。同样的事情在 Postman 中也有效,我相信由于 POSTMAN 使 GET 会话保持活动状态,因此 CSRF 令牌仍然有效。我如何在 AWS Lambda 函数中实现这一点。下面是我的代码。我正在使用 promise 提出两个请求。

const https = require('https');

exports.handler = async (event, context, callback) => {

const tokenOptions = {
     "host": "*******.s4hana.ondemand.com",
     "path": "/sap/opu/odata/sap/***********/",
     "port": null,
     "headers":{
                 "authorization": "Basic ************=",
                 "cache-control": "no-cache",
                 "x-csrf-token": "fetch"
               },
     "method": "GET"
 };

var getToken = (tokenOptions) => {
  return new Promise((resolve,reject)=>{

        const req = https.request(tokenOptions, (res) => {

              var xToken = res.headers["x-csrf-token"];
              var sCookies = res.headers["set-cookie"];
              var response = [xToken,sCookies]
              res.on('data', () => {
                    console.log('Successfully processed HTTPS response');
                    resolve(response);
                  });
                  res.on('end', () => {
                    });
                  });
        req.on('error', function(){
            reject('Request to get token failed.');
        });
          req.end();

    });
};

    var postContent = (response) => {
      return new Promise((resolve,reject)=>{

        var options = {
          "method": "POST",
          "host": "*********-***.s4hana.ondemand.com",
          "path": "/sap/opu/odata/sap/*********/*******",
      "port":null,
      "headers":
       { "authorization": "Basic *******==",
         "x-csrf-token": response[0],
         "accept": "application/json",
         "content-type": "application/json",
         "cache-control": "no-cache",
       },
      "cookie":response[1],
      "body":
       { 
     /* Data I want to POST */
       },
      "json": true
     };


        const req = https.request(options, (res,data) => {
            console.log(res.statusCode);
                  res.on('data', () => {
                    resolve('Successfully submitted.');
                  });
                  res.on('end', () => {

                    });
                  });
        req.on('error', function(err,res){
            reject('Request to get Post failed.');
        });
        req.end();    
    });
};

getToken(tokenOptions).then((response) =>{
  console.log('Result: ' +response[0]);
  return postContent(response);
}).then((successMsg) =>{
  callback(null,successMsg);
}).catch((errMsg)=>{
  callback();
});

};

标签: node.jsamazon-web-servicesaws-lambdacsrfaccess-token

解决方案

推荐阅读