@awsless/awsless 0.0.485 → 0.0.486

package/dist/bin.js

@@ -202,11 +202,12 @@ var createWorkSpace = async (props) => {
   if (process.env.VERBOSE) {
     enableDebug();
   }
-  const aws = await terraform.install("hashicorp", "aws", "5.94.1");
+  const aws = await terraform.install("hashicorp", "aws", "5.98.0");
   const workspace = new WorkSpace({
     providers: [
       createLambdaProvider(props),
       createCloudFrontProvider(props),
+      // createCloudFrontKvsProvider(props),
       aws(
         {
           profile: props.profile,
@@ -1391,7 +1392,10 @@ var SitesSchema = z31.record(
     ),
     ssr: FunctionSchema.optional().describe("Specifies the file that will render the site on the server."),
     // envPrefix: z.string().optional().describe('Specifies a prefix for all '),
-    origin: z31.enum(["ssr-first", "static-first"]).default("static-first").describe("Specifies the origin fallback ordering."),
+    // origin: z
+    // 	.enum(['ssr-first', 'static-first'])
+    // 	.default('static-first')
+    // 	.describe('Specifies the origin fallback ordering.'),
     // bind: z.object({
     // 	auth:
     // 	h
@@ -1405,13 +1409,16 @@ var SitesSchema = z31.record(
     // 	}),
     // ]),
     geoRestrictions: z31.array(z31.string().length(2).toUpperCase()).default([]).describe("Specifies a blacklist of countries that should be blocked."),
-    forwardHost: z31.boolean().default(false).describe(
-      [
-        "Specify if the original `host` header should be forwarded to the SSR function.",
-        "The original `host` header will be forwarded as `x-forwarded-host`.",
-        "Keep in mind that this requires an extra CloudFront Function."
-      ].join("\n")
-    ),
+    // forwardHost: z
+    // 	.boolean()
+    // 	.default(false)
+    // 	.describe(
+    // 		[
+    // 			'Specify if the original `host` header should be forwarded to the SSR function.',
+    // 			'The original `host` header will be forwarded as `x-forwarded-host`.',
+    // 			'Keep in mind that this requires an extra CloudFront Function.',
+    // 		].join('\n')
+    // 	),
     errors: z31.object({
       400: ErrorResponseSchema.describe("Customize a `400 Bad Request` response."),
       403: ErrorResponseSchema.describe("Customize a `403 Forbidden` response."),
@@ -4396,20 +4403,140 @@ var getCacheControl = (file) => {
 var getContentType = (file) => {
   return contentType(extname2(file)) || "text/html; charset=utf-8";
 };
-var getForwardHostFunctionCode = () => {
-  return [
-    "function handler(event) {",
-    "const request = event.request",
-    "const headers = request.headers",
-    "const host = request.headers.host.value",
-    'headers["x-forwarded-host"] = { value: host }',
-    "return request",
-    "}"
-  ].join("\n");
+var getViewerRequestFunctionCode = (domain2, bucket, functionUrl) => {
+  return $resolve([bucket?.bucketRegionalDomainName, functionUrl?.functionUrl], (bucketDomain, lambdaUrl) => {
+    return CF_FUNC_WRAP([
+      // --------------------------------------------------------
+      // Block direct access to cloudfront.
+      domain2 ? BLOCK_DIRECT_ACCESS_TO_CLOUDFRONT : "",
+      // --------------------------------------------------------
+      // Define functions.
+      bucketDomain ? GET_PREFIXES : "",
+      bucketDomain ? SET_S3_ORIGIN : "",
+      lambdaUrl ? SET_LAMBDA_ORIGIN : "",
+      // --------------------------------------------------------
+      // Route asset requests to the s3 bucket.
+      bucketDomain ? ROUTE_TO_S3_ORIGIN_IF_STATIC_ASSET(bucketDomain) : "",
+      // --------------------------------------------------------
+      // Route SSR requests.
+      lambdaUrl ? ROUTE_TO_LAMBDA_ORIGIN(lambdaUrl.split("/")[2]) : "",
+      // --------------------------------------------------------
+      // Return original response
+      bucketDomain && !lambdaUrl ? ROUTE_TO_S3_ORIGIN(bucketDomain) : ""
+    ]);
+  });
 };
+var CF_FUNC_WRAP = (code) => `
+import cf from "cloudfront";
+
+async function handler(event) {
+	${code.join("\n")}
+
+	return event.request;
+}
+`;
+var BLOCK_DIRECT_ACCESS_TO_CLOUDFRONT = `
+if (event.request.headers.host.value.includes('cloudfront.net')) {
+	return {
+		statusCode: 403,
+		statusDescription: 'Forbidden',
+		body: {
+			encoding: 'text',
+			data: '<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>'
+		}
+	};
+}`;
+var SET_S3_ORIGIN = `
+function setS3Origin(s3Domain) {
+	const origin = {
+		domainName: s3Domain,
+		originAccessControlConfig: {
+			enabled: true,
+			signingBehavior: 'always',
+			signingProtocol: 'sigv4',
+			originType: 's3',
+		}
+	};
+
+	console.log("s3 origin")
+	console.log(origin)
+	cf.updateRequestOrigin(origin);
+}`;
+var SET_LAMBDA_ORIGIN = `
+function setLambdaOrigin(urlHost) {
+	cf.updateRequestOrigin({
+		domainName: urlHost,
+		customOriginConfig: {
+			port: 443,
+			protocol: 'https',
+			sslProtocols: ['TLSv1.2'],
+		},
+		originAccessControlConfig: {
+			enabled: true,
+			signingBehavior: 'always',
+			signingProtocol: 'sigv4',
+			originType: 'lambda',
+		}
+	});
+}`;
+var GET_PREFIXES = `
+function getPostfixes(path) {
+	if(path === '') {
+		return ['/index.html'];
+	}
+
+	if(path.endsWith('/')) {
+		return ['index.html'];
+	}
+
+	const parts = path.split('/');
+	const lastPart = parts[parts.length - 1];
+
+	if(lastPart.includes('.')) {
+		return [''];
+	}
+
+	return ['', '.html', '/index.html'];
+}`;
+var ROUTE_TO_S3_ORIGIN_IF_STATIC_ASSET = (bucketDomain) => `
+if (event.request.method === 'GET' || event.request.method === 'HEAD') {
+	const s3Domain = '${bucketDomain}';
+	const path = decodeURIComponent(event.request.uri);
+	const postfixes = getPostfixes(path);
+
+	try {
+		const postfix = await Promise.any(
+			postfixes.map(p => {
+				return cf
+					.kvs()
+					.get(path + p)
+					.then(v => p);
+			})
+		);
+
+		event.request.uri = event.request.uri + postfix;
+		setS3Origin(s3Domain);
+		return event.request;
+	} catch (e) {}
+}`;
+var ROUTE_TO_S3_ORIGIN = (bucketDomain) => `
+setS3Origin('${bucketDomain}');`;
+var ROUTE_TO_LAMBDA_ORIGIN = (url) => `
+for (var key in event.request.querystring) {
+	if (key.includes('/')) {
+		event.request.querystring[encodeURIComponent(key)] = event.request.querystring[key];
+		delete event.request.querystring[key];
+	}
+}
+
+if (event.request.headers.host) {
+	event.request.headers['x-forwarded-host'] = event.request.headers.host;
+}
+
+setLambdaOrigin('${url}');`;
 
 // src/feature/site/index.ts
-import { camelCase as camelCase6, constantCase as constantCase10 } from "change-case";
+import { camelCase as camelCase6 } from "change-case";
 
 // src/util/exec.ts
 import { exec } from "promisify-child-process";
@@ -4448,10 +4575,19 @@ var siteFeature = defineFeature({
           });
         });
       }
-      const origins = [];
-      const originGroups = [];
-      let bucket;
+      const kvs = new $15.aws.cloudfront.KeyValueStore(group, "kvs", {
+        name,
+        comment: "Store for static assets"
+      });
+      const keys = [];
+      new $15.aws.cloudfrontkeyvaluestore.KeysExclusive(group, "keys", {
+        keyValueStoreArn: kvs.arn,
+        resourceKeyValuePair: new Future3((resolve) => {
+          resolve(keys);
+        })
+      });
       const versions = [];
+      let functionUrl;
       if (props.ssr) {
         const result = createLambdaFunction(group, ctx, `site`, id, props.ssr);
         versions.push(result.code.sourceHash);
@@ -4465,28 +4601,12 @@ var siteFeature = defineFeature({
           functionUrlAuthType: "AWS_IAM",
           sourceArn: `arn:aws:cloudfront::${ctx.accountId}:distribution/*`
         });
-        const url = new $15.aws.lambda.FunctionUrl(group, "url", {
+        functionUrl = new $15.aws.lambda.FunctionUrl(group, "url", {
           functionName: result.lambda.functionName,
           authorizationType: "AWS_IAM"
         });
-        const ssrAccessControl = new $15.aws.cloudfront.OriginAccessControl(group, "ssr-access", {
-          name: `${name}-ssr`,
-          originAccessControlOriginType: "lambda",
-          signingBehavior: "always",
-          signingProtocol: "sigv4"
-        });
-        origins.push({
-          originId: "ssr",
-          domainName: url.functionUrl.pipe((url2) => url2.split("/")[2]),
-          originAccessControlId: ssrAccessControl.id,
-          customOriginConfig: {
-            originProtocolPolicy: "https-only",
-            httpPort: 80,
-            httpsPort: 443,
-            originSslProtocols: ["TLSv1.2"]
-          }
-        });
       }
+      let bucket;
       if (props.static) {
         bucket = new $15.aws.s3.Bucket(group, "bucket", {
           bucket: formatLocalResourceName({
@@ -4527,14 +4647,8 @@ var siteFeature = defineFeature({
             bucket.arn.pipe((arn) => `${arn}/*`)
           ]
         });
-        const accessControl = new $15.aws.cloudfront.OriginAccessControl(group, `access`, {
-          name,
-          originAccessControlOriginType: "s3",
-          signingBehavior: "always",
-          signingProtocol: "sigv4"
-        });
         ctx.onReady(() => {
-          if (typeof props.static === "string") {
+          if (typeof props.static === "string" && bucket) {
             const files = glob2.sync("**", {
               // cwd: join(directories.root, props.static),
               cwd: props.static,
@@ -4549,29 +4663,12 @@ var siteFeature = defineFeature({
                 source: join11(props.static, file),
                 sourceHash: $hash(join11(props.static, file))
               });
+              keys.push({ key: `/${file}`, value: "s3" });
               versions.push(object.key);
               versions.push(object.sourceHash);
             }
           }
         });
-        origins.push({
-          originId: "static",
-          domainName: bucket.bucketRegionalDomainName,
-          originAccessControlId: accessControl.id,
-          s3OriginConfig: {
-            // is required to have an value for s3 origins when using origin access control
-            originAccessIdentity: ""
-          }
-        });
-      }
-      if (props.ssr && props.static) {
-        originGroups.push({
-          originId: "group",
-          member: props.origin === "ssr-first" ? [{ originId: "ssr" }, { originId: "static" }] : [{ originId: "static" }, { originId: "ssr" }],
-          failoverCriteria: {
-            statusCodes: [403, 404]
-          }
-        });
       }
       const cache = new $15.aws.cloudfront.CachePolicy(group, "cache", {
         name,
@@ -4655,30 +4752,25 @@ var siteFeature = defineFeature({
       });
       const domainName = props.domain ? formatFullDomainName(ctx.appConfig, props.domain, props.subDomain) : void 0;
       const certificateArn = props.domain ? ctx.shared.entry("domain", `global-certificate-arn`, props.domain) : void 0;
-      const associations = [];
-      if (props.forwardHost) {
-        const viewerRequest = new $15.aws.cloudfront.Function(group, "forward-host", {
-          name: formatLocalResourceName({
-            appName: ctx.app.name,
-            stackName: ctx.stack.name,
-            resourceType: "site",
-            resourceName: "forward-host"
-          }),
-          runtime: `cloudfront-js-2.0`,
-          comment: "Forward the host header to the origin",
-          publish: true,
-          code: getForwardHostFunctionCode()
-        });
-        associations.push({
-          eventType: "viewer-request",
-          functionArn: viewerRequest.arn
-        });
-      }
+      const viewerRequest = new $15.aws.cloudfront.Function(group, "viewer-request", {
+        name: formatLocalResourceName({
+          appName: ctx.app.name,
+          stackName: ctx.stack.name,
+          resourceType: "site",
+          resourceName: `request-${id}`
+        }),
+        runtime: `cloudfront-js-2.0`,
+        comment: `Viewer Request - ${name}`,
+        publish: true,
+        code: getViewerRequestFunctionCode(domainName, bucket, functionUrl),
+        keyValueStoreAssociations: [kvs.arn]
+      });
       const distribution = new $15.aws.cloudfront.Distribution(group, "distribution", {
         // name,
-        tags: {
-          Name: name
-        },
+        // tags: {
+        // 	Name: name,
+        // },
+        comment: name,
         enabled: true,
         aliases: domainName ? [domainName] : void 0,
         priceClass: "PriceClass_All",
@@ -4690,8 +4782,19 @@ var siteFeature = defineFeature({
         } : {
           cloudfrontDefaultCertificate: true
         },
-        origin: origins,
-        originGroup: originGroups,
+        origin: [
+          {
+            originId: "default",
+            domainName: "placeholder.awsless.dev",
+            customOriginConfig: {
+              httpPort: 80,
+              httpsPort: 443,
+              originProtocolPolicy: "http-only",
+              originReadTimeout: 20,
+              originSslProtocols: ["TLSv1.2"]
+            }
+          }
+        ],
         customErrorResponse: Object.entries(props.errors ?? {}).map(([errorCode, item]) => {
           if (typeof item === "string") {
             return {
@@ -4715,14 +4818,21 @@ var siteFeature = defineFeature({
         },
         defaultCacheBehavior: {
           compress: true,
-          targetOriginId: props.ssr && props.static ? "group" : props.ssr ? "ssr" : "static",
-          functionAssociation: associations,
+          targetOriginId: "default",
+          functionAssociation: [
+            {
+              eventType: "viewer-request",
+              functionArn: viewerRequest.arn
+            }
+          ],
           originRequestPolicyId: originRequest.id,
           cachePolicyId: cache.id,
           responseHeadersPolicyId: responseHeaders.id,
           viewerProtocolPolicy: "redirect-to-https",
           allowedMethods: ["GET", "HEAD", "POST", "PUT", "PATCH", "OPTIONS", "DELETE"],
           cachedMethods: ["GET", "HEAD"]
+          // cachedMethods: ['GET', 'HEAD', 'OPTIONS'],
+          // cachedMethods: [],
         }
       });
       new Invalidation(group, "invalidate", {
@@ -4736,7 +4846,7 @@ var siteFeature = defineFeature({
           });
         })
       });
-      if (props.static) {
+      if (bucket) {
         new $15.aws.s3.BucketPolicy(
           group,
           `policy`,
@@ -4780,9 +4890,6 @@ var siteFeature = defineFeature({
           }
         });
       }
-      if (domainName) {
-        ctx.bind(`SITE_${constantCase10(ctx.stack.name)}_${constantCase10(id)}_ENDPOINT`, domainName);
-      }
     }
   }
 });
@@ -4939,7 +5046,7 @@ var storeFeature = defineFeature({
 
 // src/feature/table/index.ts
 import { $ as $17, Group as Group17 } from "@awsless/formation";
-import { constantCase as constantCase11 } from "change-case";
+import { constantCase as constantCase10 } from "change-case";
 import { toSeconds as toSeconds7 } from "@awsless/duration";
 var tableFeature = defineFeature({
   name: "table",
@@ -5021,8 +5128,8 @@ var tableFeature = defineFeature({
           name,
           billingMode: "PAY_PER_REQUEST",
           streamEnabled: !!props.stream,
-          streamViewType: props.stream && constantCase11(props.stream?.type),
-          tableClass: constantCase11(props.class),
+          streamViewType: props.stream && constantCase10(props.stream?.type),
+          tableClass: constantCase10(props.class),
           hashKey: props.hash,
           rangeKey: props.sort,
           attribute: attributeDefinitions(),
@@ -5037,7 +5144,7 @@ var tableFeature = defineFeature({
             name: name2,
             hashKey: index.hash,
             rangeKey: index.sort,
-            projectionType: constantCase11(index.projection)
+            projectionType: constantCase10(index.projection)
           })),
           deletionProtectionEnabled: ctx.appConfig.removal === "retain"
         },
@@ -6923,7 +7030,7 @@ var auth = (program2) => {
 
 // src/cli/command/bind.ts
 import { log as log10, note as note3 } from "@clack/prompts";
-import { constantCase as constantCase12 } from "change-case";
+import { constantCase as constantCase11 } from "change-case";
 import { spawn } from "child_process";
 var bind = (program2) => {
   program2.command("bind").argument("[command...]", "The command to execute").option("--config <string...>", "List of config values that will be accessable", (v) => v.split(",")).description(`Bind your site environment variables to a command`).action(async (commands7 = [], opts) => {
@@ -6952,10 +7059,10 @@ var bind = (program2) => {
       const configList = opts.config ?? [];
       const configs = {};
       for (const name of configList) {
-        configs[`CONFIG_${constantCase12(name)}`] = name;
+        configs[`CONFIG_${constantCase11(name)}`] = name;
       }
       if (configList.length ?? 0 > 0) {
-        note3(wrap(configList.map((v) => color.label(constantCase12(v)))), "Bind Config");
+        note3(wrap(configList.map((v) => color.label(constantCase11(v)))), "Bind Config");
       }
       if (commands7.length === 0) {
         return "No command to execute.";

package/dist/build-json-schema.js

@@ -901,7 +901,10 @@ var SitesSchema = z29.record(
     ),
     ssr: FunctionSchema.optional().describe("Specifies the file that will render the site on the server."),
     // envPrefix: z.string().optional().describe('Specifies a prefix for all '),
-    origin: z29.enum(["ssr-first", "static-first"]).default("static-first").describe("Specifies the origin fallback ordering."),
+    // origin: z
+    // 	.enum(['ssr-first', 'static-first'])
+    // 	.default('static-first')
+    // 	.describe('Specifies the origin fallback ordering.'),
     // bind: z.object({
     // 	auth:
     // 	h
@@ -915,13 +918,16 @@ var SitesSchema = z29.record(
     // 	}),
     // ]),
     geoRestrictions: z29.array(z29.string().length(2).toUpperCase()).default([]).describe("Specifies a blacklist of countries that should be blocked."),
-    forwardHost: z29.boolean().default(false).describe(
-      [
-        "Specify if the original `host` header should be forwarded to the SSR function.",
-        "The original `host` header will be forwarded as `x-forwarded-host`.",
-        "Keep in mind that this requires an extra CloudFront Function."
-      ].join("\n")
-    ),
+    // forwardHost: z
+    // 	.boolean()
+    // 	.default(false)
+    // 	.describe(
+    // 		[
+    // 			'Specify if the original `host` header should be forwarded to the SSR function.',
+    // 			'The original `host` header will be forwarded as `x-forwarded-host`.',
+    // 			'Keep in mind that this requires an extra CloudFront Function.',
+    // 		].join('\n')
+    // 	),
     errors: z29.object({
       400: ErrorResponseSchema.describe("Customize a `400 Bad Request` response."),
       403: ErrorResponseSchema.describe("Customize a `403 Forbidden` response."),