@awsless/awsless 0.0.401 → 0.0.402

package/dist/bin.js

@@ -12288,6 +12288,7 @@ var pubsubFeature = defineFeature({
       const authorizer = new aws13.iot.Authorizer(group, "authorizer", {
         name,
         functionArn: lambda.arn
+        // enableSigning: false,
       });
       new aws13.lambda.Permission(group, "permission", {
         functionArn: lambda.arn,

package/dist/client.d.ts

@@ -56,13 +56,12 @@ declare const createHttpClient: <S extends Schema>(fetcher: HttpFetcher) => {
 
 type MessageCallback = (payload: any) => void;
 type ClientProps = {
-    app: string;
     endpoint: string;
     authorizer: string;
     token?: string;
 };
 type ClientPropsProvider = () => Promise<ClientProps> | ClientProps;
-declare const createPubSubClient: (props: ClientProps | ClientPropsProvider) => {
+declare const createPubSubClient: (app: string, props: ClientProps | ClientPropsProvider) => {
     publish(topic: string, event: string, payload: unknown, qos: QoS): Promise<void>;
     subscribe(topic: string, event: string, callback: MessageCallback): Promise<_awsless_mqtt.Unsubscribe>;
     connected: boolean;

package/dist/client.js

@@ -80,11 +80,9 @@ var createHttpClient = (fetcher) => {
 
 // src/lib/client/pubsub.ts
 import { createClient } from "@awsless/mqtt";
-var createPubSubClient = (props) => {
-  let app;
+var createPubSubClient = (app, props) => {
   const mqtt = createClient(async () => {
     const config = typeof props === "function" ? await props() : props;
-    app = config.app;
     return {
       endpoint: `wss://${config.endpoint}/mqtt`,
       username: `?x-amz-customauthorizer-name=${config.authorizer}`,

package/dist/server.d.ts

@@ -1,8 +1,9 @@
 import { AwsCredentialIdentityProvider } from '@aws-sdk/types';
 import { Mock } from 'vitest';
+import { Duration, DurationFormat } from '@awsless/duration';
 import { QoS } from '@awsless/iot';
 export { QoS } from '@awsless/iot';
-import { DurationFormat } from '@awsless/duration';
+import { IoTCustomAuthorizerResult } from 'aws-lambda';
 
 declare const regions: readonly ["us-east-2", "us-east-1", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-2", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-south-2", "eu-north-1", "eu-central-2", "me-south-1", "me-central-1", "sa-east-1"];
 type Region = (typeof regions)[number];
@@ -89,6 +90,23 @@ type PublishOptions = {
 declare const PubSub: {
     publish(topic: string, event: string, payload: unknown, opts?: PublishOptions): Promise<void>;
 };
+type PubsubAuthorizerResponse = {
+    authorized: boolean;
+    principalId?: string;
+    publish?: string[];
+    subscribe?: string[];
+    disconnectAfter?: Duration;
+    refreshAfter?: Duration;
+};
+type PubsubAuthorizerEvent = {
+    protocolData: {
+        mqtt?: {
+            password?: string;
+        };
+    };
+};
+declare const pubsubAuthorizerHandle: (cb: (token: string) => PubsubAuthorizerResponse | Promise<PubsubAuthorizerResponse>) => Promise<(event: PubsubAuthorizerEvent) => Promise<IoTCustomAuthorizerResult>>;
+declare const pubsubAuthorizerResponse: (props: PubsubAuthorizerResponse) => IoTCustomAuthorizerResult;
 
 declare const getQueueName: <N extends string, S extends string = "stack">(resourceName: N, stackName?: S) => `app--${S}--queue--${N}`;
 declare const getQueueUrl: (name: string, stack?: string) => string | undefined;
@@ -137,4 +155,4 @@ declare const Topic: TopicResources;
 declare const APP: "app";
 declare const STACK: "stack";
 
-export { APP, Auth, type AuthResources, Cache, type CacheResources, type CommandContext, type CommandHandler, CommandOptions, Config, type ConfigResources, Fn, Function, type FunctionMock, type FunctionMockResponse, type FunctionResources, PubSub, type PublishOptions, Queue, type QueueMock, type QueueMockResponse, type QueueResources, type RpcAuthorizerResponse, STACK, Search, type SearchResources, Store, type StoreResources, Table, type TableResources, Task, type TaskMock, type TaskMockResponse, type TaskResources, Topic, type TopicMock, type TopicMockResponse, type TopicResources, getAuthProps, getCacheProps, getConfigName, getConfigValue, getFunctionName, getPubSubTopic, getQueueName, getQueueUrl, getSearchName, getSearchProps, getSiteBucketName, getStoreName, getTableName, getTaskName, getTopicName, mockFunction, mockPubSub, mockQueue, mockTask, mockTopic, setConfigValue };
+export { APP, Auth, type AuthResources, Cache, type CacheResources, type CommandContext, type CommandHandler, CommandOptions, Config, type ConfigResources, Fn, Function, type FunctionMock, type FunctionMockResponse, type FunctionResources, PubSub, type PublishOptions, Queue, type QueueMock, type QueueMockResponse, type QueueResources, type RpcAuthorizerResponse, STACK, Search, type SearchResources, Store, type StoreResources, Table, type TableResources, Task, type TaskMock, type TaskMockResponse, type TaskResources, Topic, type TopicMock, type TopicMockResponse, type TopicResources, getAuthProps, getCacheProps, getConfigName, getConfigValue, getFunctionName, getPubSubTopic, getQueueName, getQueueUrl, getSearchName, getSearchProps, getSiteBucketName, getStoreName, getTableName, getTaskName, getTopicName, mockFunction, mockPubSub, mockQueue, mockTask, mockTopic, pubsubAuthorizerHandle, pubsubAuthorizerResponse, setConfigValue };

package/dist/server.js

@@ -363,6 +363,7 @@ var Config = /* @__PURE__ */ new Proxy(
 );
 
 // src/lib/server/pubsub.ts
+import { hours, toSeconds } from "@awsless/duration";
 import { publish as publish2, QoS } from "@awsless/iot";
 var getPubSubTopic = (name) => {
   return `${APP}/pubsub/${name}`;
@@ -376,6 +377,65 @@ var PubSub = {
     });
   }
 };
+var pubsubAuthorizerHandle = async (cb) => {
+  return async (event) => {
+    const token = Buffer.from(event.protocolData.mqtt?.password ?? "", "base64").toString();
+    const response = await cb(token);
+    return pubsubAuthorizerResponse(response);
+  };
+};
+var pubsubAuthorizerResponse = (props) => {
+  const region = process.env.AWS_REGION;
+  const accountId = process.env.AWS_ACCOUNT_ID;
+  const prefix = `arn:aws:iot:${region}:${accountId}`;
+  const statements = [];
+  if (props.publish) {
+    statements.push({
+      Action: "iot:Publish",
+      Effect: "Allow",
+      Resource: props.publish.map((topic) => {
+        return `${prefix}:topic/${topic}`;
+      })
+    });
+  }
+  if (props.subscribe) {
+    statements.push(
+      {
+        Action: "iot:Subscribe",
+        Effect: "Allow",
+        Resource: props.subscribe.map((topic) => {
+          return `${prefix}:topicfilter/${topic}`;
+        })
+      },
+      {
+        Action: "iot:Receive",
+        Effect: "Allow",
+        Resource: props.subscribe.map((topic) => {
+          return `${prefix}:topic/${topic}`;
+        })
+      }
+    );
+  }
+  return {
+    isAuthenticated: props.authorized,
+    principalId: props.principalId ?? Date.now().toString(),
+    disconnectAfterInSeconds: Number(toSeconds(props.disconnectAfter ?? hours(1))),
+    refreshAfterInSeconds: Number(toSeconds(props.disconnectAfter ?? hours(1))),
+    policyDocuments: [
+      {
+        Version: "2012-10-17",
+        Statement: [
+          {
+            Action: "iot:Connect",
+            Effect: "Allow",
+            Resource: `${prefix}:client/\${iot:ClientId}`
+          },
+          ...statements
+        ]
+      }
+    ]
+  };
+};
 
 // src/lib/server/search.ts
 import { define, searchClient } from "@awsless/open-search";
@@ -483,5 +543,7 @@ export {
   mockQueue,
   mockTask,
   mockTopic,
+  pubsubAuthorizerHandle,
+  pubsubAuthorizerResponse,
   setConfigValue
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@awsless/awsless",
-  "version": "0.0.401",
+  "version": "0.0.402",
   "license": "MIT",
   "type": "module",
   "sideEffects": false,
@@ -28,17 +28,17 @@
     }
   },
   "peerDependencies": {
-    "@awsless/iot": "^0.0.2",
     "@awsless/lambda": "^0.0.27",
-    "@awsless/redis": "^0.0.13",
     "@awsless/mqtt": "^0.0.2",
-    "@awsless/s3": "^0.0.18",
-    "@awsless/sns": "^0.0.7",
-    "@awsless/sqs": "^0.0.7",
-    "@awsless/ssm": "^0.0.7",
     "@awsless/open-search": "^0.0.15",
+    "@awsless/iot": "^0.0.2",
+    "@awsless/redis": "^0.0.13",
+    "@awsless/ssm": "^0.0.7",
+    "@awsless/weak-cache": "^0.0.1",
     "@awsless/validate": "^0.0.16",
-    "@awsless/weak-cache": "^0.0.1"
+    "@awsless/s3": "^0.0.18",
+    "@awsless/sqs": "^0.0.7",
+    "@awsless/sns": "^0.0.7"
   },
   "dependencies": {
     "@arcanyx/cidr-slicer": "^0.3.0",
@@ -112,12 +112,12 @@
     "zip-a-folder": "^3.1.6",
     "zod": "^3.21.4",
     "zod-to-json-schema": "^3.22.3",
-    "@awsless/code": "^0.0.10",
     "@awsless/duration": "^0.0.1",
-    "@awsless/formation": "^0.0.57",
     "@awsless/size": "^0.0.1",
-    "@awsless/ts-file-cache": "^0.0.10",
+    "@awsless/formation": "^0.0.57",
     "@awsless/validate": "^0.0.16",
+    "@awsless/code": "^0.0.10",
+    "@awsless/ts-file-cache": "^0.0.10",
     "@awsless/graphql": "^0.0.9"
   },
   "devDependencies": {