Untitled

'use strict';
exports.handler = (event, context, callback) => {

  // Get request and request headers
  const request = event.Records[0].cf.request;
  const headers = request.headers;

  // Configure authentication
  const authUser = 'huchauser';
  const authPass = 'czn6jk;9';

  // Construct the Basic Auth string
  const authString = 'Basic ' + new Buffer(authUser + ':' + authPass).toString('base64');
  const isImageRequest = /\.(ico|png\svg)$/.test(request.uri);

  // Require Basic authentication
  if (!isImageRequest && (typeof headers.authorization == 'undefined' || headers.authorization[0].value != authString)) {
      const body = 'Unauthorized';
      const response = {
          status: '401',
          statusDescription: 'Unauthorized',
          body: body,
          headers: {
              'www-authenticate': [{key: 'WWW-Authenticate', value:'Basic'}],
              'strict-transport-security': [{key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload'}],
              'x-content-type-options': [{key: 'X-Content-Type-Options', value: 'nosniff'}],
              'x-frame-options': [{key: 'X-Frame-Options', value: 'DENY'}],
              'x-xss-protection': [{key: 'X-XSS-Protection', value: '1; mode=block'}],
              'referrer-policy': [{key: 'Referrer-Policy', value: 'same-origin'}],
          },
      };
      callback(null, response);
  }

  // Continue request processing if authentication passed
  callback(null, request);
};