@digitraffic/common 2022.10.25-1 → 2022.10.31-1

package/dist/aws/infra/canaries/database-checker.js

@@ -0,0 +1,103 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DatabaseChecker = void 0;
+const database_1 = require("../../../database/database");
+const proxy_holder_1 = require("../../runtime/secrets/proxy-holder");
+const rds_holder_1 = require("../../runtime/secrets/rds-holder");
+const utils_1 = require("../../../utils/utils");
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const synthetics = require("Synthetics");
+class DatabaseCheck {
+    constructor(name, sql) {
+        this.name = name;
+        this.sql = sql;
+        this.failed = false;
+    }
+}
+class CountDatabaseCheck extends DatabaseCheck {
+    constructor(name, sql, minCount, maxCount) {
+        super(name, sql);
+        if (minCount == null && maxCount == null) {
+            throw new Error("no max or min given!");
+        }
+        this.minCount = minCount;
+        this.maxCount = maxCount;
+    }
+    check(value) {
+        if (!value) {
+            this.failed = true;
+            throw new Error("no return value");
+        }
+        else {
+            if ("count" in value) {
+                if (this.minCount && value.count < this.minCount) {
+                    this.failed = true;
+                    throw new Error(`count was ${value.count}, minimum is ${this.minCount}`);
+                }
+                if (this.maxCount && value.count > this.maxCount) {
+                    this.failed = true;
+                    throw new Error(`count was ${value.count}, max is ${this.maxCount}`);
+                }
+            }
+            else {
+                this.failed = true;
+                console.info("received " + JSON.stringify(value));
+                throw new Error("no count available");
+            }
+        }
+    }
+}
+const stepConfig = {
+    continueOnStepFailure: true,
+    screenshotOnStepStart: false,
+    screenshotOnStepSuccess: false,
+    screenshotOnStepFailure: false,
+};
+class DatabaseChecker {
+    constructor(credentialsFunction) {
+        this.credentialsFunction = credentialsFunction;
+        this.checks = [];
+        synthetics.getConfiguration().disableRequestMetrics();
+        synthetics.getConfiguration().withFailedCanaryMetric(true);
+    }
+    static createForProxy() {
+        return new DatabaseChecker(() => new proxy_holder_1.ProxyHolder((0, utils_1.getEnvVariable)("SECRET_ID")).setCredentials());
+    }
+    static createForRds() {
+        return new DatabaseChecker(() => new rds_holder_1.RdsHolder((0, utils_1.getEnvVariable)("SECRET_ID")).setCredentials());
+    }
+    one(name, sql) {
+        this.checks.push(new CountDatabaseCheck(name, sql, 1, 1));
+        return this;
+    }
+    empty(name, sql) {
+        this.checks.push(new CountDatabaseCheck(name, sql, null, 0));
+        return this;
+    }
+    notEmpty(name, sql) {
+        this.checks.push(new CountDatabaseCheck(name, sql, 1, null));
+        return this;
+    }
+    async expect() {
+        if (!this.checks.length) {
+            throw new Error("No checks");
+        }
+        await this.credentialsFunction();
+        await (0, database_1.inDatabaseReadonly)(async (db) => {
+            for (const check of this.checks) {
+                console.info("canary checking sql " + check.sql);
+                const value = await db.oneOrNone(check.sql);
+                const checkFunction = () => {
+                    check.check(value);
+                };
+                synthetics.executeStep(check.name, checkFunction, stepConfig);
+            }
+        });
+        if (this.checks.some((check) => check.failed)) {
+            throw new Error("Failed");
+        }
+        return "OK";
+    }
+}
+exports.DatabaseChecker = DatabaseChecker;
+//# sourceMappingURL=database-checker.js.map

package/dist/aws/infra/canaries/url-canary.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UrlCanary = void 0;
+const canary_1 = require("./canary");
+const canary_keys_1 = require("./canary-keys");
+class UrlCanary extends canary_1.DigitrafficCanary {
+    constructor(stack, role, params, secret) {
+        const canaryName = `${params.name}-url`;
+        const environmentVariables = {};
+        environmentVariables[canary_keys_1.ENV_HOSTNAME] = params.hostname;
+        if (params.secret) {
+            environmentVariables[canary_keys_1.ENV_SECRET] = params.secret;
+        }
+        if (params.apiKeyId) {
+            environmentVariables[canary_keys_1.ENV_API_KEY] = params.apiKeyId;
+        }
+        if (secret) {
+            secret.grantRead(role);
+        }
+        // the handler code is defined at the actual project using this
+        super(stack, canaryName, role, params, environmentVariables);
+    }
+    static create(stack, role, publicApi, params) {
+        return new UrlCanary(stack, role, {
+            ...{
+                handler: `${params.name}.handler`,
+                hostname: publicApi.hostname(),
+                apiKeyId: this.getApiKey(publicApi),
+            },
+            ...params,
+        });
+    }
+    static getApiKey(publicApi) {
+        const apiKeys = publicApi.apiKeyIds;
+        if (apiKeys.length > 1) {
+            console.info("rest api has more than one api key");
+        }
+        if (apiKeys.length === 0) {
+            console.info("rest api has no api keys");
+            return undefined;
+        }
+        // always use first api key
+        return publicApi.apiKeyIds[0];
+    }
+}
+exports.UrlCanary = UrlCanary;
+//# sourceMappingURL=url-canary.js.map

package/dist/aws/infra/canaries/url-checker.js

@@ -0,0 +1,252 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HeaderChecker = exports.GeoJsonChecker = exports.ContentTypeChecker = exports.ContentChecker = exports.ResponseChecker = exports.UrlChecker = exports.API_KEY_HEADER = void 0;
+const asserter_1 = require("../../../test/asserter");
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const synthetics = require("Synthetics");
+const zlib = require("zlib");
+const mediatypes_1 = require("../../types/mediatypes");
+const apikey_1 = require("../../runtime/apikey");
+const geometry_1 = require("../../../utils/geometry");
+const utils_1 = require("../../../utils/utils");
+const canary_keys_1 = require("./canary-keys");
+exports.API_KEY_HEADER = "x-api-key";
+const baseHeaders = {
+    "Digitraffic-User": "internal-digitraffic-canary",
+    "Accept-Encoding": "gzip",
+    Accept: "*/*",
+};
+class UrlChecker {
+    constructor(hostname, apiKey) {
+        const headers = { ...baseHeaders };
+        if (apiKey) {
+            headers[exports.API_KEY_HEADER] = apiKey;
+        }
+        this.requestOptions = {
+            hostname,
+            method: "GET",
+            protocol: "https:",
+            headers,
+        };
+        synthetics.getConfiguration().disableRequestMetrics();
+        synthetics
+            .getConfiguration()
+            .withIncludeRequestBody(false)
+            .withIncludeRequestHeaders(false)
+            .withIncludeResponseBody(false)
+            .withIncludeResponseHeaders(false)
+            .withFailedCanaryMetric(true);
+    }
+    static create(hostname, apiKeyId) {
+        return (0, apikey_1.getApiKeyFromAPIGateway)(apiKeyId).then((apiKey) => {
+            return new UrlChecker(hostname, apiKey.value);
+        });
+    }
+    static createV2() {
+        return this.create((0, utils_1.getEnvVariable)(canary_keys_1.ENV_HOSTNAME), (0, utils_1.getEnvVariable)(canary_keys_1.ENV_API_KEY));
+    }
+    expectStatus(statusCode, url, callback) {
+        const requestOptions = {
+            ...this.requestOptions,
+            ...{
+                path: url,
+            },
+        };
+        return synthetics.executeHttpStep(`Verify ${statusCode} for ${url.replace(/auth=.*/, "")}`, requestOptions, callback);
+    }
+    expect200(url, ...callbacks) {
+        const callback = async (json, body, res) => {
+            await Promise.allSettled(callbacks.map((c) => c(json, body, res)));
+        };
+        return this.expectStatus(200, url, callback);
+    }
+    expect404(url) {
+        const requestOptions = {
+            ...this.requestOptions,
+            ...{
+                path: url,
+            },
+        };
+        return synthetics.executeHttpStep(`Verify 404 for ${url}`, requestOptions, validateStatusCodeAndContentType(404, mediatypes_1.MediaType.TEXT_PLAIN));
+    }
+    expect400(url) {
+        const requestOptions = {
+            ...this.requestOptions,
+            ...{
+                path: url,
+            },
+        };
+        return synthetics.executeHttpStep(`Verify 400 for ${url}`, requestOptions, validateStatusCodeAndContentType(400, mediatypes_1.MediaType.TEXT_PLAIN));
+    }
+    expect403WithoutApiKey(url, mediaType) {
+        if (!this.requestOptions.headers ||
+            !this.requestOptions.headers[exports.API_KEY_HEADER]) {
+            console.error("No api key defined");
+        }
+        const requestOptions = {
+            ...this.requestOptions,
+            ...{
+                path: url,
+                headers: baseHeaders,
+            },
+        };
+        return synthetics.executeHttpStep(`Verify 403 for ${url}`, requestOptions, validateStatusCodeAndContentType(403, mediaType || mediatypes_1.MediaType.APPLICATION_JSON));
+    }
+    done() {
+        return "Canary successful";
+    }
+}
+exports.UrlChecker = UrlChecker;
+async function getResponseBody(response) {
+    const body = await getBodyFromResponse(response);
+    if (response.headers["content-encoding"] === "gzip") {
+        try {
+            return zlib.gunzipSync(body).toString();
+        }
+        catch (e) {
+            console.info("error " + JSON.stringify(e));
+        }
+    }
+    return body.toString();
+}
+function getBodyFromResponse(response) {
+    return new Promise((resolve) => {
+        const buffers = [];
+        response.on("data", (data) => {
+            buffers.push(data);
+        });
+        response.on("end", () => {
+            resolve(Buffer.concat(buffers).toString());
+        });
+    });
+}
+/**
+ * Returns function, that validates that the status code and content-type from response are the given values
+ * @param statusCode
+ * @param contentType
+ */
+function validateStatusCodeAndContentType(statusCode, contentType) {
+    return (res) => {
+        return new Promise((resolve) => {
+            if (res.statusCode !== statusCode) {
+                throw new Error(`${res.statusCode} ${res.statusMessage}`);
+            }
+            if (res.headers["content-type"] !== contentType) {
+                throw new Error("Wrong content-type " + res.headers["content-type"]);
+            }
+            resolve();
+        });
+    };
+}
+// DEPRECATED
+class ResponseChecker {
+    constructor(contentType) {
+        this.checkCors = true;
+        this.contentType = contentType;
+    }
+    static forJson() {
+        return new ResponseChecker(mediatypes_1.MediaType.APPLICATION_JSON);
+    }
+    static forCSV() {
+        return new ResponseChecker(mediatypes_1.MediaType.TEXT_CSV);
+    }
+    static forGeojson() {
+        return new ResponseChecker(mediatypes_1.MediaType.APPLICATION_GEOJSON);
+    }
+    static forJpeg() {
+        return new ResponseChecker(mediatypes_1.MediaType.IMAGE_JPEG);
+    }
+    check() {
+        return this.responseChecker(() => {
+            // no need to do anything
+        });
+    }
+    checkJson(fn) {
+        return this.responseChecker((body, res) => {
+            fn(JSON.parse(body), body, res);
+        });
+    }
+    responseChecker(fn) {
+        return async (res) => {
+            if (!res.statusCode) {
+                throw new Error("statusCode missing");
+            }
+            if (res.statusCode < 200 || res.statusCode > 299) {
+                throw new Error(`${res.statusCode} ${res.statusMessage}`);
+            }
+            if (this.checkCors && !res.headers["access-control-allow-origin"]) {
+                throw new Error("CORS missing");
+            }
+            if (res.headers["content-type"] !== this.contentType) {
+                throw new Error("Wrong content-type " + res.headers["content-type"]);
+            }
+            const body = await getResponseBody(res);
+            fn(body, res);
+        };
+    }
+}
+exports.ResponseChecker = ResponseChecker;
+class ContentChecker {
+    static checkJson(fn) {
+        return async (res) => {
+            const body = await getResponseBody(res);
+            fn(JSON.parse(body), body, res);
+        };
+    }
+    static checkResponse(fn) {
+        return async (res) => {
+            const body = await getResponseBody(res);
+            fn(body, res);
+        };
+    }
+}
+exports.ContentChecker = ContentChecker;
+class ContentTypeChecker {
+    static checkContentType(contentType) {
+        return (res) => {
+            if (!res.statusCode) {
+                throw new Error("statusCode missing");
+            }
+            if (res.statusCode < 200 || res.statusCode > 299) {
+                throw new Error(`${res.statusCode} ${res.statusMessage}`);
+            }
+            if (!res.headers["access-control-allow-origin"]) {
+                throw new Error("CORS missing");
+            }
+            if (res.headers["content-type"] !== contentType) {
+                throw new Error("Wrong content-type " + res.headers["content-type"]);
+            }
+        };
+    }
+}
+exports.ContentTypeChecker = ContentTypeChecker;
+class GeoJsonChecker {
+    static validFeatureCollection(fn) {
+        return ResponseChecker.forGeojson().checkJson((json) => {
+            asserter_1.Asserter.assertEquals(json.type, "FeatureCollection");
+            asserter_1.Asserter.assertTrue((0, geometry_1.isValidGeoJson)(json));
+            if (fn) {
+                fn(json);
+            }
+        });
+    }
+}
+exports.GeoJsonChecker = GeoJsonChecker;
+class HeaderChecker {
+    static checkHeaderExists(headerName) {
+        return (res) => {
+            if (!res.headers[headerName]) {
+                throw new Error("Missing header: " + headerName);
+            }
+        };
+    }
+    static checkHeaderMissing(headerName) {
+        return (res) => {
+            if (res.headers[headerName]) {
+                throw new Error("Header should not exist: " + headerName);
+            }
+        };
+    }
+}
+exports.HeaderChecker = HeaderChecker;
+//# sourceMappingURL=url-checker.js.map

package/dist/aws/infra/documentation.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DocumentationPart = exports.addTagsAndSummary = exports.addTags = exports.addDocumentation = exports.addQueryParameterDescription = void 0;
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+// Documentation parts are objects that describe an API Gateway API or parts of an API
+// https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-documenting-api.html
+/**
+ * Add description to a query parameter
+ * @param name query parameter name
+ * @param description query parameter description
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ *
+ * @deprecated Use DigitrafficRestApi.documentResource
+ */
+function addQueryParameterDescription(name, description, resource, stack) {
+    new aws_apigateway_1.CfnDocumentationPart(stack, `${name}Documentation`, {
+        restApiId: resource.api.restApiId,
+        location: {
+            type: 'QUERY_PARAMETER',
+            name,
+            path: resource.path,
+        },
+        properties: JSON.stringify({ description }),
+    });
+}
+exports.addQueryParameterDescription = addQueryParameterDescription;
+/**
+ * Add a documentation part to a method
+ * @param methodDescription
+ * @param documentationProperties
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+function addDocumentation(methodDescription, documentationProperties, resource, stack) {
+    new aws_apigateway_1.CfnDocumentationPart(stack, `${methodDescription}Documentation`, {
+        restApiId: resource.api.restApiId,
+        location: {
+            type: 'METHOD',
+            path: resource.path,
+        },
+        properties: JSON.stringify(documentationProperties),
+    });
+}
+exports.addDocumentation = addDocumentation;
+/**
+ * Adds OpenAPI tags to an API method
+ * @param methodDescription Description of API method
+ * @param tags OpenAPI tags
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+function addTags(methodDescription, tags, resource, stack) {
+    addDocumentation(methodDescription, { tags }, resource, stack);
+}
+exports.addTags = addTags;
+/**
+ * Adds OpenAPI tags and a method summary to an API method
+ *
+ * @deprecated Use DigitrafficRestApi.documentResource
+ *
+ * @param methodDescription Description of API method
+ * @param tags OpenAPI tags
+ * @param summary OpenAPI summary
+ * @param resource REST API resource
+ * @param stack CloudFormation stack
+ */
+function addTagsAndSummary(methodDescription, tags, summary, resource, stack) {
+    addDocumentation(methodDescription, { tags, summary }, resource, stack);
+}
+exports.addTagsAndSummary = addTagsAndSummary;
+class DocumentationPart {
+    constructor(parameterName, documentationProperties, type) {
+        this.parameterName = parameterName;
+        this.documentationProperties = documentationProperties;
+        this.type = type;
+    }
+    deprecated(note) {
+        // deprecated is not supported ATM: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html
+        this.documentationProperties.deprecated = true;
+        this.documentationProperties.summary += '. ' + note;
+        return this;
+    }
+    static queryParameter(parameterName, description) {
+        return new DocumentationPart(parameterName, { description }, "QUERY_PARAMETER");
+    }
+    static pathParameter(parameterName, description) {
+        return new DocumentationPart(parameterName, { description }, "PATH_PARAMETER");
+    }
+    static method(tags, name, summary) {
+        return new DocumentationPart(name, { tags, summary }, "METHOD");
+    }
+}
+exports.DocumentationPart = DocumentationPart;
+//# sourceMappingURL=documentation.js.map

package/dist/aws/infra/scheduler.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Scheduler = void 0;
+const aws_events_1 = require("aws-cdk-lib/aws-events");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_events_targets_1 = require("aws-cdk-lib/aws-events-targets");
+class Scheduler extends aws_events_1.Rule {
+    constructor(stack, ruleName, schedule, lambda) {
+        super(stack, ruleName, { ruleName, schedule });
+        if (lambda) {
+            this.addTarget(new aws_events_targets_1.LambdaFunction(lambda));
+        }
+    }
+    static everyMinute(stack, ruleName, lambda) {
+        return Scheduler.every(stack, ruleName, aws_cdk_lib_1.Duration.minutes(1), lambda);
+    }
+    static everyMinutes(stack, ruleName, minutes, lambda) {
+        return Scheduler.every(stack, ruleName, aws_cdk_lib_1.Duration.minutes(minutes), lambda);
+    }
+    static everyHour(stack, ruleName, lambda) {
+        return Scheduler.every(stack, ruleName, aws_cdk_lib_1.Duration.hours(1), lambda);
+    }
+    static everyDay(stack, ruleName, lambda) {
+        return Scheduler.every(stack, ruleName, aws_cdk_lib_1.Duration.days(1), lambda);
+    }
+    static every(stack, ruleName, duration, lambda) {
+        return new Scheduler(stack, ruleName, aws_events_1.Schedule.rate(duration), lambda);
+    }
+}
+exports.Scheduler = Scheduler;
+//# sourceMappingURL=scheduler.js.map

package/dist/aws/infra/security-rule.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DigitrafficSecurityRule = void 0;
+const aws_events_1 = require("aws-cdk-lib/aws-events");
+const aws_events_targets_1 = require("aws-cdk-lib/aws-events-targets");
+/**
+ * Automatic rule for Security Hub.  Send notification to given topic if the following conditions apply:
+ * * There is a finding with a status of NEW
+ * * It has severity of HIGH or CRITICAL
+ * * It is in a FAILED state
+ */
+class DigitrafficSecurityRule extends aws_events_1.Rule {
+    constructor(scope, topic) {
+        const ruleName = 'SecurityHubRule';
+        super(scope, ruleName, {
+            ruleName,
+            eventPattern: {
+                source: ['aws.securityhub'],
+                detailType: ["Security Hub Findings - Imported"],
+                detail: {
+                    findings: {
+                        "Compliance": {
+                            "Status": ["FAILED"],
+                        },
+                        "Workflow": {
+                            "Status": ["NEW"],
+                        },
+                        "Severity": {
+                            "Label": ["HIGH", "CRITICAL"],
+                        },
+                    },
+                },
+            },
+        });
+        this.addTarget(new aws_events_targets_1.SnsTopic(topic));
+    }
+}
+exports.DigitrafficSecurityRule = DigitrafficSecurityRule;
+//# sourceMappingURL=security-rule.js.map

package/dist/aws/infra/sqs-integration.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.attachQueueToApiGatewayResource = void 0;
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_apigateway_1 = require("aws-cdk-lib/aws-apigateway");
+const aws_iam_1 = require("aws-cdk-lib/aws-iam");
+function attachQueueToApiGatewayResource(stack, queue, resource, requestValidator, resourceName, apiKeyRequired, requestModels) {
+    // role for API Gateway
+    const apiGwRole = new aws_iam_1.Role(stack, `${resourceName}APIGatewayToSQSRole`, {
+        assumedBy: new aws_iam_1.ServicePrincipal('apigateway.amazonaws.com'),
+    });
+    // grants API Gateway the right to send SQS messages
+    apiGwRole.addToPolicy(new aws_iam_1.PolicyStatement({
+        resources: [
+            queue.queueArn,
+        ],
+        actions: [
+            'sqs:SendMessage',
+        ],
+    }));
+    // grants API Gateway the right write CloudWatch Logs
+    apiGwRole.addToPolicy(new aws_iam_1.PolicyStatement({
+        resources: [
+            '*',
+        ],
+        actions: [
+            'logs:CreateLogGroup',
+            'logs:CreateLogStream',
+            'logs:DescribeLogGroups',
+            'logs:DescribeLogStreams',
+            'logs:PutLogEvents',
+            'logs:GetLogEvents',
+            'logs:FilterLogEvents',
+        ],
+    }));
+    // create an integration between API Gateway and an SQS queue
+    const fifoMessageGroupId = queue.fifo ? '&MessageGroupId=AlwaysSameFifoGroup' : '';
+    const sqsIntegration = new aws_apigateway_1.AwsIntegration({
+        service: 'sqs',
+        integrationHttpMethod: 'POST',
+        options: {
+            passthroughBehavior: aws_apigateway_1.PassthroughBehavior.NEVER,
+            credentialsRole: apiGwRole,
+            requestParameters: {
+                // SQS requires the Content-Type of the HTTP request to be application/x-www-form-urlencoded
+                'integration.request.header.Content-Type': "'application/x-www-form-urlencoded'",
+            },
+            requestTemplates: {
+                // map the JSON request to a form parameter, FIFO needs also MessageGroupId
+                // https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html
+                'application/json': `Action=SendMessage${fifoMessageGroupId}&MessageBody=$util.urlEncode($input.body)`,
+            },
+            // these are required by SQS
+            integrationResponses: [
+                {
+                    statusCode: '200',
+                    responseTemplates: {
+                        'text/html': 'Success',
+                    },
+                },
+                {
+                    statusCode: '500',
+                    responseTemplates: {
+                        'text/html': 'Error',
+                    },
+                    selectionPattern: '500',
+                },
+            ],
+        },
+        path: `${aws_cdk_lib_1.Aws.ACCOUNT_ID}/${queue.queueName}`,
+    });
+    resource.addMethod('POST', sqsIntegration, {
+        requestValidator,
+        apiKeyRequired,
+        requestModels: requestModels ?? {},
+        methodResponses: [
+            {
+                statusCode: '200',
+                responseParameters: {
+                    'method.response.header.Content-Type': true,
+                },
+            },
+            {
+                statusCode: '500',
+                responseParameters: {
+                    'method.response.header.Content-Type': true,
+                },
+            },
+        ],
+    });
+}
+exports.attachQueueToApiGatewayResource = attachQueueToApiGatewayResource;
+//# sourceMappingURL=sqs-integration.js.map