serverless/test/fixtures/programmatic/api-gateway-extended/helper.js

'use strict'

// custom authorizer
function generatePolicy(principalId, effect, resource) {
  const authResponse = {}
  authResponse.principalId = principalId

  if (effect && resource) {
    const policyDocument = {}
    policyDocument.Version = '2012-10-17'
    policyDocument.Statement = []

    const statementOne = {}
    statementOne.Action = 'execute-api:Invoke'
    statementOne.Effect = effect
    statementOne.Resource = resource
    policyDocument.Statement[0] = statementOne
    authResponse.policyDocument = policyDocument
  }

  return authResponse
}

async function auth(event, context) {
  const token = event.authorizationToken.split(' ')

  if (token[0] === 'Bearer' && token[1] === 'ShouldBeAuthorized') {
    return context.succeed(generatePolicy('SomeRandomId', 'Allow', '*'))
  }

  return context.fail('Unauthorized')
}

module.exports = {
  auth,
}