@aligent/cdk-secure-rest-api 1.1.0 → 1.2.0

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # @aligent/cdk-secure-rest-api
 
+## 1.2.0
+
+### Minor Changes
+
+- [#1720](https://github.com/aligent/cdk-constructs/pull/1720) [`2649bf8`](https://github.com/aligent/cdk-constructs/commit/2649bf833e9b8bec9261918bd013b4b71f368fe5) Thanks [@toddhainsworth](https://github.com/toddhainsworth)! - Support nested (multi-segment) route paths in the `routes` helper. Paths such as `rewards/accounts/{accountId}/redeem` now create the intermediate resources instead of throwing `ResourceSPathPartOnly` at synth time. Routes sharing a common prefix resolve idempotently.
+
+  Add a `deployOptions` prop (CDK `StageOptions`) so the deployed stage name and other stage settings can be configured. Defaults to the CDK `prod` stage when omitted.
+
+## 1.1.2
+
+### Patch Changes
+
+- [#1688](https://github.com/aligent/cdk-constructs/pull/1688) [`5fc3de2`](https://github.com/aligent/cdk-constructs/commit/5fc3de2da74962c1e11a57a375fb11c71406d5c8) Thanks [@dependabot](https://github.com/apps/dependabot)! - chore(deps): bump the aws group across 1 directory with 10 updates
+
+## 1.1.1
+
+### Patch Changes
+
+- [#1689](https://github.com/aligent/cdk-constructs/pull/1689) [`6f1930f`](https://github.com/aligent/cdk-constructs/commit/6f1930f8d8b6d646252217a4c7363458bd22f597) Thanks [@toddhainsworth](https://github.com/toddhainsworth)! - Fix published artifact: declarations (`*.d.ts`) were missing from the tarball because the package had no `.npmignore`, so `npm pack` fell back to the workspace `.gitignore` (which excludes build outputs). Consumers with `isolatedModules: true` then resolved `index.ts` directly and hit `TS1205` on the type re-exports. This release adds the package's own `.npmignore` (matching sibling packages) and converts the type re-exports in `index.ts` to `export type`.
+
 ## 1.1.0
 
 ### Minor Changes

package/README.md

@@ -12,6 +12,8 @@ A CDK construct for provisioning an API Gateway REST API secured with API Key au
 - Usage plan with configurable throttle rate and burst limits
 - Configurable CORS preflight options
 - Accepts any CDK `Integration` per route (Lambda, HTTP, Mock, Step Functions, etc.)
+- Supports nested, multi-segment route paths (e.g. `rewards/accounts/{accountId}/redeem`)
+- Configurable deployment stage via `deployOptions` (stage name defaults to `prod`)
 
 ## Installation
 
@@ -74,6 +76,29 @@ const api = new SecureRestApi(this, 'Api', {
 });
 ```
 
+### Nested route paths
+
+Multi-segment paths create the intermediate resources automatically. Routes
+sharing a common prefix resolve to the same parent resource.
+
+```typescript
+const api = new SecureRestApi(this, 'Api', {
+  apiName: 'rewards-api',
+  routes: [
+    {
+      path: 'rewards/accounts/{accountId}/redeem',
+      methods: [HttpMethod.POST],
+      integration: new LambdaIntegration(redeemFunction),
+    },
+    {
+      path: 'rewards/reversal', // reuses the shared `rewards` resource
+      methods: [HttpMethod.POST],
+      integration: new LambdaIntegration(reversalFunction),
+    },
+  ],
+});
+```
+
 ### Custom throttling
 
 ```typescript
@@ -87,6 +112,19 @@ const api = new SecureRestApi(this, 'Api', {
 });
 ```
 
+### Custom stage name
+
+By default the API deploys to a `prod` stage. Pass `deployOptions` to override
+the stage name (or any other CDK `StageOptions`, e.g. logging or tracing).
+
+```typescript
+const api = new SecureRestApi(this, 'Api', {
+  apiName: 'my-api',
+  deployOptions: { stageName: 'staging' },
+  routes: [...],
+});
+```
+
 ### Custom CORS configuration
 
 ```typescript
@@ -119,10 +157,17 @@ Routes to register on the API. Each route requires:
 
 | Property | Type | Description |
 |----------|------|-------------|
-| `path` | `string` | The resource path (leading slash is stripped automatically) |
+| `path` | `string` | The resource path; may be nested/multi-segment (leading slash is stripped automatically) |
 | `methods` | `HttpMethod[]` | HTTP methods to register on the resource |
 | `integration` | `Integration` | Any CDK API Gateway integration |
 
+### `deployOptions` (StageOptions)
+
+Stage options for the API's default deployment, passed through to the underlying
+CDK `RestApi`. Use `stageName` to override the deployed stage name.
+
+Default: CDK default (`prod` stage).
+
 ### `throttle` (object)
 
 Throttling limits applied to the usage plan.

package/index.d.ts

@@ -0,0 +1,3 @@
+import { SecureRestApi, SecureRestApiProps, SecureRestApiRoute } from "./lib/secure-rest-api";
+export { SecureRestApi };
+export type { SecureRestApiProps, SecureRestApiRoute };

package/index.js

@@ -3,4 +3,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SecureRestApi = void 0;
 const secure_rest_api_1 = require("./lib/secure-rest-api");
 Object.defineProperty(exports, "SecureRestApi", { enumerable: true, get: function () { return secure_rest_api_1.SecureRestApi; } });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFJK0I7QUFFdEIsOEZBTFAsK0JBQWEsT0FLTyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7XG4gIFNlY3VyZVJlc3RBcGksXG4gIFNlY3VyZVJlc3RBcGlQcm9wcyxcbiAgU2VjdXJlUmVzdEFwaVJvdXRlLFxufSBmcm9tIFwiLi9saWIvc2VjdXJlLXJlc3QtYXBpXCI7XG5cbmV4cG9ydCB7IFNlY3VyZVJlc3RBcGksIFNlY3VyZVJlc3RBcGlQcm9wcywgU2VjdXJlUmVzdEFwaVJvdXRlIH07XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwyREFJK0I7QUFFdEIsOEZBTFAsK0JBQWEsT0FLTyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7XG4gIFNlY3VyZVJlc3RBcGksXG4gIFNlY3VyZVJlc3RBcGlQcm9wcyxcbiAgU2VjdXJlUmVzdEFwaVJvdXRlLFxufSBmcm9tIFwiLi9saWIvc2VjdXJlLXJlc3QtYXBpXCI7XG5cbmV4cG9ydCB7IFNlY3VyZVJlc3RBcGkgfTtcbmV4cG9ydCB0eXBlIHsgU2VjdXJlUmVzdEFwaVByb3BzLCBTZWN1cmVSZXN0QXBpUm91dGUgfTtcbiJdfQ==

package/lib/secure-rest-api.d.ts

@@ -0,0 +1,65 @@
+import { ApiKey, Integration, RestApi, StageOptions, UsagePlan } from "aws-cdk-lib/aws-apigateway";
+import { HttpMethod } from "aws-cdk-lib/aws-apigatewayv2";
+import { Construct } from "constructs";
+export interface SecureRestApiRoute {
+    path: string;
+    methods: HttpMethod[];
+    integration: Integration;
+}
+export interface SecureRestApiProps {
+    /**
+     * The name of the API.
+     */
+    apiName: string;
+    /**
+     * Description for the API.
+     */
+    description?: string;
+    /**
+     * CORS configuration.
+     *
+     * `allowOrigins` overrides the default (all origins).
+     * `additionalMethods` and `additionalHeaders` are appended to the defaults
+     * (GET/OPTIONS and Content-Type/X-Api-Key respectively).
+     */
+    corsOptions?: {
+        allowOrigins?: string[];
+        additionalMethods?: string[];
+        additionalHeaders?: string[];
+    };
+    /**
+     * Routes to register on the API.
+     */
+    routes: SecureRestApiRoute[];
+    /**
+     * Stage options for the API's default deployment.
+     *
+     * Use `stageName` to override the deployed stage name.
+     * @default stageName "prod" (CDK default)
+     */
+    deployOptions?: StageOptions;
+    /**
+     * Throttling limits for the usage plan.
+     * @default { rateLimit: 100, burstLimit: 200 }
+     */
+    throttle?: {
+        rateLimit: number;
+        burstLimit: number;
+    };
+    /**
+     * Override the generated API key name.
+     * @default `{apiName}-api-key`
+     */
+    apiKeyName?: string;
+    /**
+     * Override the generated usage plan name.
+     * @default `{apiName}-usage-plan`
+     */
+    usagePlanName?: string;
+}
+export declare class SecureRestApi extends Construct {
+    readonly api: RestApi;
+    readonly apiKey: ApiKey;
+    readonly usagePlan: UsagePlan;
+    constructor(scope: Construct, id: string, props: SecureRestApiProps);
+}

package/lib/secure-rest-api.js

@@ -7,10 +7,11 @@ class SecureRestApi extends constructs_1.Construct {
     constructor(scope, id, props) {
         var _a, _b, _c;
         super(scope, id);
-        const { apiName, description, corsOptions, routes, throttle = { rateLimit: 100, burstLimit: 200 }, apiKeyName, usagePlanName, } = props;
+        const { apiName, description, corsOptions, routes, deployOptions, throttle = { rateLimit: 100, burstLimit: 200 }, apiKeyName, usagePlanName, } = props;
         this.api = new aws_apigateway_1.RestApi(this, "Api", {
             restApiName: apiName,
             description: description !== null && description !== void 0 ? description : `REST API for ${apiName} service`,
+            deployOptions,
             defaultCorsPreflightOptions: {
                 allowOrigins: (_a = corsOptions === null || corsOptions === void 0 ? void 0 : corsOptions.allowOrigins) !== null && _a !== void 0 ? _a : aws_apigateway_1.Cors.ALL_ORIGINS,
                 allowMethods: [
@@ -26,7 +27,7 @@ class SecureRestApi extends constructs_1.Construct {
             },
         });
         for (const route of routes) {
-            const resource = this.api.root.addResource(route.path.replace(/^\//, ""));
+            const resource = this.api.root.resourceForPath(route.path.replace(/^\//, ""));
             for (const method of route.methods) {
                 resource.addMethod(method, route.integration, { apiKeyRequired: true });
             }
@@ -48,4 +49,4 @@ class SecureRestApi extends constructs_1.Construct {
     }
 }
 exports.SecureRestApi = SecureRestApi;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJlLXJlc3QtYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2VjdXJlLXJlc3QtYXBpLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtEQU9vQztBQUVwQywyQ0FBdUM7QUEyRHZDLE1BQWEsYUFBYyxTQUFRLHNCQUFTO0lBSzFDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBeUI7O1FBQ2pFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxFQUNKLE9BQU8sRUFDUCxXQUFXLEVBQ1gsV0FBVyxFQUNYLE1BQU0sRUFDTixRQUFRLEdBQUcsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsRUFDOUMsVUFBVSxFQUNWLGFBQWEsR0FDZCxHQUFHLEtBQUssQ0FBQztRQUVWLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSx3QkFBTyxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUU7WUFDbEMsV0FBVyxFQUFFLE9BQU87WUFDcEIsV0FBVyxFQUFFLFdBQVcsYUFBWCxXQUFXLGNBQVgsV0FBVyxHQUFJLGdCQUFnQixPQUFPLFVBQVU7WUFDN0QsMkJBQTJCLEVBQUU7Z0JBQzNCLFlBQVksRUFBRSxNQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxZQUFZLG1DQUFJLHFCQUFJLENBQUMsV0FBVztnQkFDM0QsWUFBWSxFQUFFO29CQUNaLEtBQUs7b0JBQ0wsU0FBUztvQkFDVCxHQUFHLENBQUMsTUFBQSxXQUFXLGFBQVgsV0FBVyx1QkFBWCxXQUFXLENBQUUsaUJBQWlCLG1DQUFJLEVBQUUsQ0FBQztpQkFDMUM7Z0JBQ0QsWUFBWSxFQUFFO29CQUNaLGNBQWM7b0JBQ2QsV0FBVztvQkFDWCxHQUFHLENBQUMsTUFBQSxXQUFXLGFBQVgsV0FBVyx1QkFBWCxXQUFXLENBQUUsaUJBQWlCLG1DQUFJLEVBQUUsQ0FBQztpQkFDMUM7YUFDRjtTQUNGLENBQUMsQ0FBQztRQUVILEtBQUssTUFBTSxLQUFLLElBQUksTUFBTSxFQUFFLENBQUM7WUFDM0IsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQzFFLEtBQUssTUFBTSxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQyxRQUFRLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsV0FBVyxFQUFFLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7WUFDMUUsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksdUJBQU0sQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ3ZDLFdBQVcsRUFBRSxlQUFlLE9BQU8sVUFBVTtZQUM3QyxVQUFVLEVBQUUsVUFBVSxhQUFWLFVBQVUsY0FBVixVQUFVLEdBQUksR0FBRyxPQUFPLFVBQVU7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLDBCQUFTLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRTtZQUNoRCxJQUFJLEVBQUUsYUFBYSxhQUFiLGFBQWEsY0FBYixhQUFhLEdBQUksR0FBRyxPQUFPLGFBQWE7WUFDOUMsV0FBVyxFQUFFLGtCQUFrQixPQUFPLFVBQVU7WUFDaEQsUUFBUTtTQUNULENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO1lBQ3pCLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBZTtZQUN6QixLQUFLLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxlQUFlO1NBQ2hDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0NBQ0Y7QUE1REQsc0NBNERDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgQXBpS2V5LFxuICBDb3JzLFxuICBJbnRlZ3JhdGlvbixcbiAgSVJlc3RBcGksXG4gIFJlc3RBcGksXG4gIFVzYWdlUGxhbixcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1hcGlnYXRld2F5XCI7XG5pbXBvcnQgeyBIdHRwTWV0aG9kIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1hcGlnYXRld2F5djJcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VjdXJlUmVzdEFwaVJvdXRlIHtcbiAgcGF0aDogc3RyaW5nO1xuICBtZXRob2RzOiBIdHRwTWV0aG9kW107XG4gIGludGVncmF0aW9uOiBJbnRlZ3JhdGlvbjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBTZWN1cmVSZXN0QXBpUHJvcHMge1xuICAvKipcbiAgICogVGhlIG5hbWUgb2YgdGhlIEFQSS5cbiAgICovXG4gIGFwaU5hbWU6IHN0cmluZztcblxuICAvKipcbiAgICogRGVzY3JpcHRpb24gZm9yIHRoZSBBUEkuXG4gICAqL1xuICBkZXNjcmlwdGlvbj86IHN0cmluZztcblxuICAvKipcbiAgICogQ09SUyBjb25maWd1cmF0aW9uLlxuICAgKlxuICAgKiBgYWxsb3dPcmlnaW5zYCBvdmVycmlkZXMgdGhlIGRlZmF1bHQgKGFsbCBvcmlnaW5zKS5cbiAgICogYGFkZGl0aW9uYWxNZXRob2RzYCBhbmQgYGFkZGl0aW9uYWxIZWFkZXJzYCBhcmUgYXBwZW5kZWQgdG8gdGhlIGRlZmF1bHRzXG4gICAqIChHRVQvT1BUSU9OUyBhbmQgQ29udGVudC1UeXBlL1gtQXBpLUtleSByZXNwZWN0aXZlbHkpLlxuICAgKi9cbiAgY29yc09wdGlvbnM/OiB7XG4gICAgYWxsb3dPcmlnaW5zPzogc3RyaW5nW107XG4gICAgYWRkaXRpb25hbE1ldGhvZHM/OiBzdHJpbmdbXTtcbiAgICBhZGRpdGlvbmFsSGVhZGVycz86IHN0cmluZ1tdO1xuICB9O1xuXG4gIC8qKlxuICAgKiBSb3V0ZXMgdG8gcmVnaXN0ZXIgb24gdGhlIEFQSS5cbiAgICovXG4gIHJvdXRlczogU2VjdXJlUmVzdEFwaVJvdXRlW107XG5cbiAgLyoqXG4gICAqIFRocm90dGxpbmcgbGltaXRzIGZvciB0aGUgdXNhZ2UgcGxhbi5cbiAgICogQGRlZmF1bHQgeyByYXRlTGltaXQ6IDEwMCwgYnVyc3RMaW1pdDogMjAwIH1cbiAgICovXG4gIHRocm90dGxlPzoge1xuICAgIHJhdGVMaW1pdDogbnVtYmVyO1xuICAgIGJ1cnN0TGltaXQ6IG51bWJlcjtcbiAgfTtcblxuICAvKipcbiAgICogT3ZlcnJpZGUgdGhlIGdlbmVyYXRlZCBBUEkga2V5IG5hbWUuXG4gICAqIEBkZWZhdWx0IGB7YXBpTmFtZX0tYXBpLWtleWBcbiAgICovXG4gIGFwaUtleU5hbWU/OiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIE92ZXJyaWRlIHRoZSBnZW5lcmF0ZWQgdXNhZ2UgcGxhbiBuYW1lLlxuICAgKiBAZGVmYXVsdCBge2FwaU5hbWV9LXVzYWdlLXBsYW5gXG4gICAqL1xuICB1c2FnZVBsYW5OYW1lPzogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgU2VjdXJlUmVzdEFwaSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBhcGk6IFJlc3RBcGk7XG4gIHB1YmxpYyByZWFkb25seSBhcGlLZXk6IEFwaUtleTtcbiAgcHVibGljIHJlYWRvbmx5IHVzYWdlUGxhbjogVXNhZ2VQbGFuO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBTZWN1cmVSZXN0QXBpUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgY29uc3Qge1xuICAgICAgYXBpTmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uLFxuICAgICAgY29yc09wdGlvbnMsXG4gICAgICByb3V0ZXMsXG4gICAgICB0aHJvdHRsZSA9IHsgcmF0ZUxpbWl0OiAxMDAsIGJ1cnN0TGltaXQ6IDIwMCB9LFxuICAgICAgYXBpS2V5TmFtZSxcbiAgICAgIHVzYWdlUGxhbk5hbWUsXG4gICAgfSA9IHByb3BzO1xuXG4gICAgdGhpcy5hcGkgPSBuZXcgUmVzdEFwaSh0aGlzLCBcIkFwaVwiLCB7XG4gICAgICByZXN0QXBpTmFtZTogYXBpTmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uOiBkZXNjcmlwdGlvbiA/PyBgUkVTVCBBUEkgZm9yICR7YXBpTmFtZX0gc2VydmljZWAsXG4gICAgICBkZWZhdWx0Q29yc1ByZWZsaWdodE9wdGlvbnM6IHtcbiAgICAgICAgYWxsb3dPcmlnaW5zOiBjb3JzT3B0aW9ucz8uYWxsb3dPcmlnaW5zID8/IENvcnMuQUxMX09SSUdJTlMsXG4gICAgICAgIGFsbG93TWV0aG9kczogW1xuICAgICAgICAgIFwiR0VUXCIsXG4gICAgICAgICAgXCJPUFRJT05TXCIsXG4gICAgICAgICAgLi4uKGNvcnNPcHRpb25zPy5hZGRpdGlvbmFsTWV0aG9kcyA/PyBbXSksXG4gICAgICAgIF0sXG4gICAgICAgIGFsbG93SGVhZGVyczogW1xuICAgICAgICAgIFwiQ29udGVudC1UeXBlXCIsXG4gICAgICAgICAgXCJYLUFwaS1LZXlcIixcbiAgICAgICAgICAuLi4oY29yc09wdGlvbnM/LmFkZGl0aW9uYWxIZWFkZXJzID8/IFtdKSxcbiAgICAgICAgXSxcbiAgICAgIH0sXG4gICAgfSk7XG5cbiAgICBmb3IgKGNvbnN0IHJvdXRlIG9mIHJvdXRlcykge1xuICAgICAgY29uc3QgcmVzb3VyY2UgPSB0aGlzLmFwaS5yb290LmFkZFJlc291cmNlKHJvdXRlLnBhdGgucmVwbGFjZSgvXlxcLy8sIFwiXCIpKTtcbiAgICAgIGZvciAoY29uc3QgbWV0aG9kIG9mIHJvdXRlLm1ldGhvZHMpIHtcbiAgICAgICAgcmVzb3VyY2UuYWRkTWV0aG9kKG1ldGhvZCwgcm91dGUuaW50ZWdyYXRpb24sIHsgYXBpS2V5UmVxdWlyZWQ6IHRydWUgfSk7XG4gICAgICB9XG4gICAgfVxuXG4gICAgdGhpcy5hcGlLZXkgPSBuZXcgQXBpS2V5KHRoaXMsIFwiQXBpS2V5XCIsIHtcbiAgICAgIGRlc2NyaXB0aW9uOiBgQVBJIEtleSBmb3IgJHthcGlOYW1lfSBzZXJ2aWNlYCxcbiAgICAgIGFwaUtleU5hbWU6IGFwaUtleU5hbWUgPz8gYCR7YXBpTmFtZX0tYXBpLWtleWAsXG4gICAgfSk7XG5cbiAgICB0aGlzLnVzYWdlUGxhbiA9IG5ldyBVc2FnZVBsYW4odGhpcywgXCJVc2FnZVBsYW5cIiwge1xuICAgICAgbmFtZTogdXNhZ2VQbGFuTmFtZSA/PyBgJHthcGlOYW1lfS11c2FnZS1wbGFuYCxcbiAgICAgIGRlc2NyaXB0aW9uOiBgVXNhZ2UgcGxhbiBmb3IgJHthcGlOYW1lfSBzZXJ2aWNlYCxcbiAgICAgIHRocm90dGxlLFxuICAgIH0pO1xuXG4gICAgdGhpcy51c2FnZVBsYW4uYWRkQXBpU3RhZ2Uoe1xuICAgICAgYXBpOiB0aGlzLmFwaSBhcyBJUmVzdEFwaSxcbiAgICAgIHN0YWdlOiB0aGlzLmFwaS5kZXBsb3ltZW50U3RhZ2UsXG4gICAgfSk7XG4gICAgdGhpcy51c2FnZVBsYW4uYWRkQXBpS2V5KHRoaXMuYXBpS2V5KTtcbiAgfVxufVxuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJlLXJlc3QtYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2VjdXJlLXJlc3QtYXBpLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtEQVFvQztBQUVwQywyQ0FBdUM7QUFtRXZDLE1BQWEsYUFBYyxTQUFRLHNCQUFTO0lBSzFDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBeUI7O1FBQ2pFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsTUFBTSxFQUNKLE9BQU8sRUFDUCxXQUFXLEVBQ1gsV0FBVyxFQUNYLE1BQU0sRUFDTixhQUFhLEVBQ2IsUUFBUSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLEVBQzlDLFVBQVUsRUFDVixhQUFhLEdBQ2QsR0FBRyxLQUFLLENBQUM7UUFFVixJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksd0JBQU8sQ0FBQyxJQUFJLEVBQUUsS0FBSyxFQUFFO1lBQ2xDLFdBQVcsRUFBRSxPQUFPO1lBQ3BCLFdBQVcsRUFBRSxXQUFXLGFBQVgsV0FBVyxjQUFYLFdBQVcsR0FBSSxnQkFBZ0IsT0FBTyxVQUFVO1lBQzdELGFBQWE7WUFDYiwyQkFBMkIsRUFBRTtnQkFDM0IsWUFBWSxFQUFFLE1BQUEsV0FBVyxhQUFYLFdBQVcsdUJBQVgsV0FBVyxDQUFFLFlBQVksbUNBQUkscUJBQUksQ0FBQyxXQUFXO2dCQUMzRCxZQUFZLEVBQUU7b0JBQ1osS0FBSztvQkFDTCxTQUFTO29CQUNULEdBQUcsQ0FBQyxNQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxpQkFBaUIsbUNBQUksRUFBRSxDQUFDO2lCQUMxQztnQkFDRCxZQUFZLEVBQUU7b0JBQ1osY0FBYztvQkFDZCxXQUFXO29CQUNYLEdBQUcsQ0FBQyxNQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxpQkFBaUIsbUNBQUksRUFBRSxDQUFDO2lCQUMxQzthQUNGO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsS0FBSyxNQUFNLEtBQUssSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUMzQixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQzVDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FDOUIsQ0FBQztZQUNGLEtBQUssTUFBTSxNQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQyxRQUFRLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsV0FBVyxFQUFFLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7WUFDMUUsQ0FBQztRQUNILENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksdUJBQU0sQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ3ZDLFdBQVcsRUFBRSxlQUFlLE9BQU8sVUFBVTtZQUM3QyxVQUFVLEVBQUUsVUFBVSxhQUFWLFVBQVUsY0FBVixVQUFVLEdBQUksR0FBRyxPQUFPLFVBQVU7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLDBCQUFTLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRTtZQUNoRCxJQUFJLEVBQUUsYUFBYSxhQUFiLGFBQWEsY0FBYixhQUFhLEdBQUksR0FBRyxPQUFPLGFBQWE7WUFDOUMsV0FBVyxFQUFFLGtCQUFrQixPQUFPLFVBQVU7WUFDaEQsUUFBUTtTQUNULENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO1lBQ3pCLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBZTtZQUN6QixLQUFLLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxlQUFlO1NBQ2hDLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0NBQ0Y7QUFoRUQsc0NBZ0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgQXBpS2V5LFxuICBDb3JzLFxuICBJbnRlZ3JhdGlvbixcbiAgSVJlc3RBcGksXG4gIFJlc3RBcGksXG4gIFN0YWdlT3B0aW9ucyxcbiAgVXNhZ2VQbGFuLFxufSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWFwaWdhdGV3YXlcIjtcbmltcG9ydCB7IEh0dHBNZXRob2QgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWFwaWdhdGV3YXl2MlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcblxuZXhwb3J0IGludGVyZmFjZSBTZWN1cmVSZXN0QXBpUm91dGUge1xuICBwYXRoOiBzdHJpbmc7XG4gIG1ldGhvZHM6IEh0dHBNZXRob2RbXTtcbiAgaW50ZWdyYXRpb246IEludGVncmF0aW9uO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNlY3VyZVJlc3RBcGlQcm9wcyB7XG4gIC8qKlxuICAgKiBUaGUgbmFtZSBvZiB0aGUgQVBJLlxuICAgKi9cbiAgYXBpTmFtZTogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBEZXNjcmlwdGlvbiBmb3IgdGhlIEFQSS5cbiAgICovXG4gIGRlc2NyaXB0aW9uPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBDT1JTIGNvbmZpZ3VyYXRpb24uXG4gICAqXG4gICAqIGBhbGxvd09yaWdpbnNgIG92ZXJyaWRlcyB0aGUgZGVmYXVsdCAoYWxsIG9yaWdpbnMpLlxuICAgKiBgYWRkaXRpb25hbE1ldGhvZHNgIGFuZCBgYWRkaXRpb25hbEhlYWRlcnNgIGFyZSBhcHBlbmRlZCB0byB0aGUgZGVmYXVsdHNcbiAgICogKEdFVC9PUFRJT05TIGFuZCBDb250ZW50LVR5cGUvWC1BcGktS2V5IHJlc3BlY3RpdmVseSkuXG4gICAqL1xuICBjb3JzT3B0aW9ucz86IHtcbiAgICBhbGxvd09yaWdpbnM/OiBzdHJpbmdbXTtcbiAgICBhZGRpdGlvbmFsTWV0aG9kcz86IHN0cmluZ1tdO1xuICAgIGFkZGl0aW9uYWxIZWFkZXJzPzogc3RyaW5nW107XG4gIH07XG5cbiAgLyoqXG4gICAqIFJvdXRlcyB0byByZWdpc3RlciBvbiB0aGUgQVBJLlxuICAgKi9cbiAgcm91dGVzOiBTZWN1cmVSZXN0QXBpUm91dGVbXTtcblxuICAvKipcbiAgICogU3RhZ2Ugb3B0aW9ucyBmb3IgdGhlIEFQSSdzIGRlZmF1bHQgZGVwbG95bWVudC5cbiAgICpcbiAgICogVXNlIGBzdGFnZU5hbWVgIHRvIG92ZXJyaWRlIHRoZSBkZXBsb3llZCBzdGFnZSBuYW1lLlxuICAgKiBAZGVmYXVsdCBzdGFnZU5hbWUgXCJwcm9kXCIgKENESyBkZWZhdWx0KVxuICAgKi9cbiAgZGVwbG95T3B0aW9ucz86IFN0YWdlT3B0aW9ucztcblxuICAvKipcbiAgICogVGhyb3R0bGluZyBsaW1pdHMgZm9yIHRoZSB1c2FnZSBwbGFuLlxuICAgKiBAZGVmYXVsdCB7IHJhdGVMaW1pdDogMTAwLCBidXJzdExpbWl0OiAyMDAgfVxuICAgKi9cbiAgdGhyb3R0bGU/OiB7XG4gICAgcmF0ZUxpbWl0OiBudW1iZXI7XG4gICAgYnVyc3RMaW1pdDogbnVtYmVyO1xuICB9O1xuXG4gIC8qKlxuICAgKiBPdmVycmlkZSB0aGUgZ2VuZXJhdGVkIEFQSSBrZXkgbmFtZS5cbiAgICogQGRlZmF1bHQgYHthcGlOYW1lfS1hcGkta2V5YFxuICAgKi9cbiAgYXBpS2V5TmFtZT86IHN0cmluZztcblxuICAvKipcbiAgICogT3ZlcnJpZGUgdGhlIGdlbmVyYXRlZCB1c2FnZSBwbGFuIG5hbWUuXG4gICAqIEBkZWZhdWx0IGB7YXBpTmFtZX0tdXNhZ2UtcGxhbmBcbiAgICovXG4gIHVzYWdlUGxhbk5hbWU/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBjbGFzcyBTZWN1cmVSZXN0QXBpIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGFwaTogUmVzdEFwaTtcbiAgcHVibGljIHJlYWRvbmx5IGFwaUtleTogQXBpS2V5O1xuICBwdWJsaWMgcmVhZG9ubHkgdXNhZ2VQbGFuOiBVc2FnZVBsYW47XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFNlY3VyZVJlc3RBcGlQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBjb25zdCB7XG4gICAgICBhcGlOYW1lLFxuICAgICAgZGVzY3JpcHRpb24sXG4gICAgICBjb3JzT3B0aW9ucyxcbiAgICAgIHJvdXRlcyxcbiAgICAgIGRlcGxveU9wdGlvbnMsXG4gICAgICB0aHJvdHRsZSA9IHsgcmF0ZUxpbWl0OiAxMDAsIGJ1cnN0TGltaXQ6IDIwMCB9LFxuICAgICAgYXBpS2V5TmFtZSxcbiAgICAgIHVzYWdlUGxhbk5hbWUsXG4gICAgfSA9IHByb3BzO1xuXG4gICAgdGhpcy5hcGkgPSBuZXcgUmVzdEFwaSh0aGlzLCBcIkFwaVwiLCB7XG4gICAgICByZXN0QXBpTmFtZTogYXBpTmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uOiBkZXNjcmlwdGlvbiA/PyBgUkVTVCBBUEkgZm9yICR7YXBpTmFtZX0gc2VydmljZWAsXG4gICAgICBkZXBsb3lPcHRpb25zLFxuICAgICAgZGVmYXVsdENvcnNQcmVmbGlnaHRPcHRpb25zOiB7XG4gICAgICAgIGFsbG93T3JpZ2luczogY29yc09wdGlvbnM/LmFsbG93T3JpZ2lucyA/PyBDb3JzLkFMTF9PUklHSU5TLFxuICAgICAgICBhbGxvd01ldGhvZHM6IFtcbiAgICAgICAgICBcIkdFVFwiLFxuICAgICAgICAgIFwiT1BUSU9OU1wiLFxuICAgICAgICAgIC4uLihjb3JzT3B0aW9ucz8uYWRkaXRpb25hbE1ldGhvZHMgPz8gW10pLFxuICAgICAgICBdLFxuICAgICAgICBhbGxvd0hlYWRlcnM6IFtcbiAgICAgICAgICBcIkNvbnRlbnQtVHlwZVwiLFxuICAgICAgICAgIFwiWC1BcGktS2V5XCIsXG4gICAgICAgICAgLi4uKGNvcnNPcHRpb25zPy5hZGRpdGlvbmFsSGVhZGVycyA/PyBbXSksXG4gICAgICAgIF0sXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgZm9yIChjb25zdCByb3V0ZSBvZiByb3V0ZXMpIHtcbiAgICAgIGNvbnN0IHJlc291cmNlID0gdGhpcy5hcGkucm9vdC5yZXNvdXJjZUZvclBhdGgoXG4gICAgICAgIHJvdXRlLnBhdGgucmVwbGFjZSgvXlxcLy8sIFwiXCIpXG4gICAgICApO1xuICAgICAgZm9yIChjb25zdCBtZXRob2Qgb2Ygcm91dGUubWV0aG9kcykge1xuICAgICAgICByZXNvdXJjZS5hZGRNZXRob2QobWV0aG9kLCByb3V0ZS5pbnRlZ3JhdGlvbiwgeyBhcGlLZXlSZXF1aXJlZDogdHJ1ZSB9KTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICB0aGlzLmFwaUtleSA9IG5ldyBBcGlLZXkodGhpcywgXCJBcGlLZXlcIiwge1xuICAgICAgZGVzY3JpcHRpb246IGBBUEkgS2V5IGZvciAke2FwaU5hbWV9IHNlcnZpY2VgLFxuICAgICAgYXBpS2V5TmFtZTogYXBpS2V5TmFtZSA/PyBgJHthcGlOYW1lfS1hcGkta2V5YCxcbiAgICB9KTtcblxuICAgIHRoaXMudXNhZ2VQbGFuID0gbmV3IFVzYWdlUGxhbih0aGlzLCBcIlVzYWdlUGxhblwiLCB7XG4gICAgICBuYW1lOiB1c2FnZVBsYW5OYW1lID8/IGAke2FwaU5hbWV9LXVzYWdlLXBsYW5gLFxuICAgICAgZGVzY3JpcHRpb246IGBVc2FnZSBwbGFuIGZvciAke2FwaU5hbWV9IHNlcnZpY2VgLFxuICAgICAgdGhyb3R0bGUsXG4gICAgfSk7XG5cbiAgICB0aGlzLnVzYWdlUGxhbi5hZGRBcGlTdGFnZSh7XG4gICAgICBhcGk6IHRoaXMuYXBpIGFzIElSZXN0QXBpLFxuICAgICAgc3RhZ2U6IHRoaXMuYXBpLmRlcGxveW1lbnRTdGFnZSxcbiAgICB9KTtcbiAgICB0aGlzLnVzYWdlUGxhbi5hZGRBcGlLZXkodGhpcy5hcGlLZXkpO1xuICB9XG59XG4iXX0=

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aligent/cdk-secure-rest-api",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "A CDK construct for creating API Gateway REST APIs secured with API Key authentication and usage plan throttling",
   "main": "index.js",
   "types": "index.d.ts",
@@ -20,8 +20,8 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.10",
-    "@types/node": "^20.19.39",
-    "aws-cdk": "^2.1120.0",
+    "@types/node": "^24.13.2",
+    "aws-cdk": "^2.1124.1",
     "jest": "^29.7.0",
     "ts-jest": "^29.4.9",
     "ts-node": "^10.9.1",

package/index.ts

@@ -1,7 +0,0 @@
-import {
-  SecureRestApi,
-  SecureRestApiProps,
-  SecureRestApiRoute,
-} from "./lib/secure-rest-api";
-
-export { SecureRestApi, SecureRestApiProps, SecureRestApiRoute };

package/jest.config.ts

@@ -1,11 +0,0 @@
-/* eslint-disable */
-export default {
-  displayName: "secure-rest-api",
-  preset: "../../../jest.preset.js",
-  testEnvironment: "node",
-  transform: {
-    "^.+\\.[tj]s$": ["ts-jest", { tsconfig: "<rootDir>/tsconfig.spec.json" }],
-  },
-  moduleFileExtensions: ["ts", "js", "html"],
-  coverageDirectory: "../../../coverage/packages/secure-rest-api",
-};

package/lib/secure-rest-api.test.ts

@@ -1,308 +0,0 @@
-import { App, Stack } from "aws-cdk-lib";
-import { Template } from "aws-cdk-lib/assertions";
-import { LambdaIntegration, MockIntegration } from "aws-cdk-lib/aws-apigateway";
-import { HttpMethod } from "aws-cdk-lib/aws-apigatewayv2";
-import { Function, InlineCode, Runtime } from "aws-cdk-lib/aws-lambda";
-import { Construct } from "constructs";
-import { SecureRestApi } from "./secure-rest-api";
-
-const createStack = () => {
-  const app = new App();
-  const stack = new Stack(app, "TestStack");
-  return { app, stack };
-};
-
-const mockIntegration = () =>
-  new MockIntegration({
-    integrationResponses: [{ statusCode: "200" }],
-  });
-
-const lambdaIntegration = (scope: Construct) => {
-  const fn = new Function(scope, "Handler", {
-    runtime: Runtime.NODEJS_22_X,
-    handler: "index.handler",
-    code: InlineCode.fromInline("exports.handler = () => {}"),
-  });
-  return new LambdaIntegration(fn);
-};
-
-describe("SecureRestApi", () => {
-  describe("API Gateway", () => {
-    it("creates a REST API with the given name", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::RestApi",
-        { Name: "my-api" }
-      );
-    });
-
-    it("uses the provided description", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        description: "Custom description",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::RestApi",
-        { Description: "Custom description" }
-      );
-    });
-
-    it("registers each route method with apiKeyRequired", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET, HttpMethod.POST],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      const template = Template.fromStack(stack);
-      template.hasResourceProperties("AWS::ApiGateway::Method", {
-        HttpMethod: "GET",
-        ApiKeyRequired: true,
-      });
-      template.hasResourceProperties("AWS::ApiGateway::Method", {
-        HttpMethod: "POST",
-        ApiKeyRequired: true,
-      });
-    });
-
-    it("accepts a LambdaIntegration as route integration", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: lambdaIntegration(stack),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).resourceCountIs("AWS::Lambda::Function", 1);
-    });
-  });
-
-  describe("API Key", () => {
-    it("creates an API key with a default name", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::ApiKey",
-        { Name: "my-api-api-key" }
-      );
-    });
-
-    it("uses a custom API key name when provided", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        apiKeyName: "custom-key",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::ApiKey",
-        { Name: "custom-key" }
-      );
-    });
-  });
-
-  describe("Usage Plan", () => {
-    it("creates a usage plan with default throttle settings", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::UsagePlan",
-        {
-          Throttle: {
-            BurstLimit: 200,
-            RateLimit: 100,
-          },
-        }
-      );
-    });
-
-    it("uses custom throttle settings when provided", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        throttle: { rateLimit: 50, burstLimit: 100 },
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::UsagePlan",
-        {
-          Throttle: {
-            BurstLimit: 100,
-            RateLimit: 50,
-          },
-        }
-      );
-    });
-
-    it("uses a custom usage plan name when provided", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        usagePlanName: "custom-plan",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::UsagePlan",
-        { UsagePlanName: "custom-plan" }
-      );
-    });
-  });
-
-  describe("CORS", () => {
-    it("applies default CORS settings", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::Method",
-        { HttpMethod: "OPTIONS" }
-      );
-    });
-
-    it("appends additionalHeaders to the defaults", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        corsOptions: { additionalHeaders: ["Authorization"] },
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      // OPTIONS mock integration response headers include the allow-headers value
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::Method",
-        {
-          HttpMethod: "OPTIONS",
-          Integration: {
-            IntegrationResponses: [
-              {
-                ResponseParameters: {
-                  "method.response.header.Access-Control-Allow-Headers":
-                    "'Content-Type,X-Api-Key,Authorization'",
-                },
-              },
-            ],
-          },
-        }
-      );
-    });
-
-    it("appends additionalMethods to the defaults", () => {
-      const { stack } = createStack();
-      new SecureRestApi(stack, "Api", {
-        apiName: "my-api",
-        corsOptions: { additionalMethods: ["POST"] },
-        routes: [
-          {
-            path: "items",
-            methods: [HttpMethod.GET],
-            integration: mockIntegration(),
-          },
-        ],
-      });
-
-      Template.fromStack(stack).hasResourceProperties(
-        "AWS::ApiGateway::Method",
-        {
-          HttpMethod: "OPTIONS",
-          Integration: {
-            IntegrationResponses: [
-              {
-                ResponseParameters: {
-                  "method.response.header.Access-Control-Allow-Methods":
-                    "'GET,OPTIONS,POST'",
-                },
-              },
-            ],
-          },
-        }
-      );
-    });
-  });
-});

package/lib/secure-rest-api.ts

@@ -1,129 +0,0 @@
-import {
-  ApiKey,
-  Cors,
-  Integration,
-  IRestApi,
-  RestApi,
-  UsagePlan,
-} from "aws-cdk-lib/aws-apigateway";
-import { HttpMethod } from "aws-cdk-lib/aws-apigatewayv2";
-import { Construct } from "constructs";
-
-export interface SecureRestApiRoute {
-  path: string;
-  methods: HttpMethod[];
-  integration: Integration;
-}
-
-export interface SecureRestApiProps {
-  /**
-   * The name of the API.
-   */
-  apiName: string;
-
-  /**
-   * Description for the API.
-   */
-  description?: string;
-
-  /**
-   * CORS configuration.
-   *
-   * `allowOrigins` overrides the default (all origins).
-   * `additionalMethods` and `additionalHeaders` are appended to the defaults
-   * (GET/OPTIONS and Content-Type/X-Api-Key respectively).
-   */
-  corsOptions?: {
-    allowOrigins?: string[];
-    additionalMethods?: string[];
-    additionalHeaders?: string[];
-  };
-
-  /**
-   * Routes to register on the API.
-   */
-  routes: SecureRestApiRoute[];
-
-  /**
-   * Throttling limits for the usage plan.
-   * @default { rateLimit: 100, burstLimit: 200 }
-   */
-  throttle?: {
-    rateLimit: number;
-    burstLimit: number;
-  };
-
-  /**
-   * Override the generated API key name.
-   * @default `{apiName}-api-key`
-   */
-  apiKeyName?: string;
-
-  /**
-   * Override the generated usage plan name.
-   * @default `{apiName}-usage-plan`
-   */
-  usagePlanName?: string;
-}
-
-export class SecureRestApi extends Construct {
-  public readonly api: RestApi;
-  public readonly apiKey: ApiKey;
-  public readonly usagePlan: UsagePlan;
-
-  constructor(scope: Construct, id: string, props: SecureRestApiProps) {
-    super(scope, id);
-
-    const {
-      apiName,
-      description,
-      corsOptions,
-      routes,
-      throttle = { rateLimit: 100, burstLimit: 200 },
-      apiKeyName,
-      usagePlanName,
-    } = props;
-
-    this.api = new RestApi(this, "Api", {
-      restApiName: apiName,
-      description: description ?? `REST API for ${apiName} service`,
-      defaultCorsPreflightOptions: {
-        allowOrigins: corsOptions?.allowOrigins ?? Cors.ALL_ORIGINS,
-        allowMethods: [
-          "GET",
-          "OPTIONS",
-          ...(corsOptions?.additionalMethods ?? []),
-        ],
-        allowHeaders: [
-          "Content-Type",
-          "X-Api-Key",
-          ...(corsOptions?.additionalHeaders ?? []),
-        ],
-      },
-    });
-
-    for (const route of routes) {
-      const resource = this.api.root.addResource(route.path.replace(/^\//, ""));
-      for (const method of route.methods) {
-        resource.addMethod(method, route.integration, { apiKeyRequired: true });
-      }
-    }
-
-    this.apiKey = new ApiKey(this, "ApiKey", {
-      description: `API Key for ${apiName} service`,
-      apiKeyName: apiKeyName ?? `${apiName}-api-key`,
-    });
-
-    this.usagePlan = new UsagePlan(this, "UsagePlan", {
-      name: usagePlanName ?? `${apiName}-usage-plan`,
-      description: `Usage plan for ${apiName} service`,
-      throttle,
-    });
-
-    this.usagePlan.addApiStage({
-      api: this.api as IRestApi,
-      stage: this.api.deploymentStage,
-    });
-    this.usagePlan.addApiKey(this.apiKey);
-  }
-}

package/project.json

@@ -1,36 +0,0 @@
-{
-  "name": "secure-rest-api",
-  "$schema": "../../../node_modules/nx/schemas/project-schema.json",
-  "sourceRoot": "packages/constructs/secure-rest-api/lib",
-  "projectType": "application",
-  "targets": {
-    "build": {
-      "executor": "nx:run-commands",
-      "options": {
-        "command": "tsc --project tsconfig.app.json",
-        "cwd": "packages/constructs/secure-rest-api"
-      }
-    },
-    "lint": {
-      "executor": "@nx/eslint:lint",
-      "outputs": ["{options.outputFile}"]
-    },
-    "test": {
-      "executor": "@nx/jest:jest",
-      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
-      "options": {
-        "jestConfig": "packages/constructs/secure-rest-api/jest.config.ts",
-        "passWithNoTests": true
-      }
-    },
-    "publish": {
-      "executor": "nx:run-commands",
-      "options": {
-        "command": "npm publish --access public",
-        "cwd": "packages/constructs/secure-rest-api"
-      },
-      "dependsOn": ["build"]
-    }
-  },
-  "tags": []
-}

package/tsconfig.app.json

@@ -1,11 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "outDir": ".",
-    "rootDir": ".",
-    "module": "commonjs",
-    "types": ["node"]
-  },
-  "exclude": ["./jest.config.ts", "**/*.test.ts", "**/*.spec.ts"],
-  "include": ["lib/**/*.ts", "index.ts"]
-}

package/tsconfig.json

@@ -1,16 +0,0 @@
-{
-  "extends": "../../../tsconfig.base.json",
-  "files": [],
-  "include": [],
-  "references": [
-    {
-      "path": "./tsconfig.app.json"
-    },
-    {
-      "path": "./tsconfig.spec.json"
-    }
-  ],
-  "compilerOptions": {
-    "esModuleInterop": true
-  }
-}

package/tsconfig.spec.json

@@ -1,8 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "outDir": "../../dist/out-tsc",
-    "module": "commonjs",
-    "types": ["jest", "node"]
-  }
-}