@digitraffic/common 2024.3.22-1 → 2024.3.28-1

package/dist/__test__/infra/acl-builder.test.mjs

@@ -0,0 +1,25 @@
+import { AclBuilder } from "../../aws/infra/acl-builder.mjs";
+import { App, Stack } from "aws-cdk-lib";
+describe("acl-builder tests", () => {
+    function createBuilder() {
+        const app = new App();
+        const stack = new Stack(app);
+        return new AclBuilder(stack);
+    }
+    test("no rules", () => {
+        expect(() => createBuilder().build()).toThrow();
+    });
+    test("default rules", () => {
+        const acl = createBuilder().withAWSManagedRules().build();
+        expect(acl.rules).toHaveLength(4);
+    });
+    test("two aws rules", () => {
+        const acl = createBuilder().withAWSManagedRules(["CommonRuleSet", "AmazonIpReputationList"]).build();
+        expect(acl.rules).toHaveLength(2);
+    });
+    test("ip restriction", () => {
+        const acl = createBuilder().withIpRestrictionRule(["1.2.3.4", "1.2.6.6"]).build();
+        expect(acl.rules).toHaveLength(1);
+    });
+});
+//# sourceMappingURL=acl-builder.test.mjs.map

package/dist/__test__/{api → infra/api}/handler-factory.test.mjs

@@ -1,6 +1,6 @@
-import { HandlerFactory } from "../../aws/infra/api/handler-factory.mjs";
-import { DtLogger } from "../../aws/runtime/dt-logger.mjs";
-import { LambdaResponse } from "../../aws/types/lambda-response.mjs";
+import { HandlerFactory } from "../../../aws/infra/api/handler-factory.mjs";
+import { DtLogger } from "../../../aws/runtime/dt-logger.mjs";
+import { LambdaResponse } from "../../../aws/types/lambda-response.mjs";
 import { jest } from "@jest/globals";
 const logger = new DtLogger();
 describe("handler-factory tests", () => {

package/dist/__test__/infra/api/response.test.d.mts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/{api → infra/api}/response.test.mjs

@@ -1,4 +1,4 @@
-import { RESPONSE_DEFAULT_LAMBDA } from "../../aws/infra/api/response.mjs";
+import { RESPONSE_DEFAULT_LAMBDA } from "../../../aws/infra/api/response.mjs";
 import etag from "etag";
 // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-var-requires
 //const velocity = require("velocityjs");

package/dist/__test__/infra/api/static-integration.test.d.mts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/infra/api/static-integration.test.mjs

@@ -0,0 +1,26 @@
+import { DigitrafficStaticIntegration } from "../../../aws/infra/api/static-integration.mjs";
+import { MediaType } from "../../../aws/types/mediatypes.mjs";
+describe("response tests", () => {
+    it("createIntegrationResponse works", () => {
+        const integrationResponse = DigitrafficStaticIntegration.createIntegrationResponse("FakeResource", MediaType.APPLICATION_JSON, { "test-header": "test-value" });
+        expect(integrationResponse).toEqual({
+            responseParameters: {
+                "method.response.header.test-header": "'test-value'"
+            },
+            responseTemplates: {
+                "application/json": "FakeResource"
+            },
+            statusCode: "200"
+        });
+    });
+    it("createMethodResponse works", () => {
+        const methodResponse = DigitrafficStaticIntegration.createMethodResponse({ "test-header": "test-value" });
+        expect(methodResponse).toEqual({
+            responseParameters: {
+                "method.response.header.test-header": true
+            },
+            statusCode: "200"
+        });
+    });
+});
+//# sourceMappingURL=static-integration.test.mjs.map

package/dist/__test__/infra/documentation.test.d.mts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/infra/documentation.test.mjs

@@ -0,0 +1,37 @@
+import { DocumentationPart } from "../../aws/infra/documentation.mjs";
+const METHOD_NAME = "test";
+const SUMMARY = "summary";
+const PARAMETER_NAME = "parameter";
+const DESCRIPTION = "description";
+const DEPRECATION_NOTE = "note";
+describe("DocumentationPart tests", () => {
+    test("method", () => {
+        const part = DocumentationPart.method([], METHOD_NAME, SUMMARY);
+        expect(part.type).toEqual("METHOD");
+        expect(part.parameterName).toEqual(METHOD_NAME);
+        expect(part.documentationProperties.summary).toEqual(SUMMARY);
+        expect(part.documentationProperties.deprecated).toBeFalsy();
+    });
+    test("method - deprecated", () => {
+        const part = DocumentationPart.method([], METHOD_NAME, SUMMARY).deprecated(DEPRECATION_NOTE);
+        expect(part.type).toEqual("METHOD");
+        expect(part.parameterName).toEqual(METHOD_NAME);
+        expect(part.documentationProperties.summary).toEqual(`${SUMMARY}. ${DEPRECATION_NOTE}`);
+        expect(part.documentationProperties.deprecated).toBeTruthy();
+    });
+    test("queryparameter", () => {
+        const part = DocumentationPart.queryParameter(PARAMETER_NAME, DESCRIPTION);
+        expect(part.type).toEqual("QUERY_PARAMETER");
+        expect(part.parameterName).toEqual(PARAMETER_NAME);
+        expect(part.documentationProperties.description).toEqual(DESCRIPTION);
+        expect(part.documentationProperties.deprecated).toBeFalsy();
+    });
+    test("pathparameter", () => {
+        const part = DocumentationPart.pathParameter(PARAMETER_NAME, DESCRIPTION);
+        expect(part.type).toEqual("PATH_PARAMETER");
+        expect(part.parameterName).toEqual(PARAMETER_NAME);
+        expect(part.documentationProperties.description).toEqual(DESCRIPTION);
+        expect(part.documentationProperties.deprecated).toBeFalsy();
+    });
+});
+//# sourceMappingURL=documentation.test.mjs.map

package/dist/__test__/infra/scheduler.test.d.mts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/infra/scheduler.test.mjs

@@ -0,0 +1,22 @@
+import { App, Stack } from "aws-cdk-lib";
+import { Scheduler } from "../../aws/infra/scheduler.mjs";
+import { Template } from "aws-cdk-lib/assertions";
+describe("scheduler tests", () => {
+    function expectRate(createScheduler, expectedRate) {
+        const app = new App();
+        const stack = new Stack(app);
+        createScheduler(stack);
+        const template = Template.fromStack(stack);
+        template.hasResource("AWS::Events::Rule", {
+            Properties: {
+                ScheduleExpression: expectedRate,
+                State: "ENABLED"
+            }
+        });
+    }
+    test("everyMinute", () => expectRate((stack) => Scheduler.everyMinute(stack, "test"), "rate(1 minute)"));
+    test("everyMinutes", () => expectRate((stack) => Scheduler.everyMinutes(stack, "test", 12), "rate(12 minutes)"));
+    test("everyHour", () => expectRate((stack) => Scheduler.everyHour(stack, "test"), "rate(1 hour)"));
+    test("everyDay", () => expectRate((stack) => Scheduler.everyDay(stack, "test"), "rate(1 day)"));
+});
+//# sourceMappingURL=scheduler.test.mjs.map

package/dist/__test__/infra/security-rule.test.d.mts

@@ -0,0 +1 @@
+export {};

package/dist/__test__/infra/security-rule.test.mjs

@@ -0,0 +1,20 @@
+import { App, Stack } from "aws-cdk-lib";
+import { Template } from "aws-cdk-lib/assertions";
+import { DigitrafficSecurityRule } from "../../aws/infra/security-rule.mjs";
+import { Topic } from "aws-cdk-lib/aws-sns";
+describe("security-rule tests", () => {
+    test("create", () => {
+        const app = new App();
+        const stack = new Stack(app);
+        const topic = new Topic(stack, "test");
+        new DigitrafficSecurityRule(stack, topic);
+        const template = Template.fromStack(stack);
+        template.hasResource("AWS::Events::Rule", {
+            Properties: {
+                EventPattern: {},
+                State: "ENABLED"
+            }
+        });
+    });
+});
+//# sourceMappingURL=security-rule.test.mjs.map

package/dist/aws/infra/acl-builder.d.mts

@@ -0,0 +1,21 @@
+import { CfnWebACL } from "aws-cdk-lib/aws-wafv2";
+import type { Construct } from "constructs";
+export type AWSManagedWafRule = "CommonRuleSet" | "AmazonIpReputationList" | "KnownBadInputsRuleSet" | "SQLiRuleSet";
+/**
+ * Builder class for building CfnWebACL.
+ *
+ * Currently supports:
+ * * Some AWS managed WAF rules
+ * * IP blacklisting
+ */
+export declare class AclBuilder {
+    readonly _construct: Construct;
+    readonly _rules: CfnWebACL.RuleProperty[];
+    _scope: string;
+    _name: string;
+    constructor(construct: Construct);
+    isRuleDefined(rules: AWSManagedWafRule[] | "all", rule: AWSManagedWafRule): boolean;
+    withAWSManagedRules(rules?: AWSManagedWafRule[] | "all"): AclBuilder;
+    withIpRestrictionRule(addresses: string[]): AclBuilder;
+    build(): CfnWebACL;
+}

package/dist/aws/infra/acl-builder.mjs

@@ -0,0 +1,136 @@
+import { CfnIPSet, CfnWebACL } from "aws-cdk-lib/aws-wafv2";
+/**
+ * Builder class for building CfnWebACL.
+ *
+ * Currently supports:
+ * * Some AWS managed WAF rules
+ * * IP blacklisting
+ */
+export class AclBuilder {
+    _construct;
+    _rules = [];
+    _scope = "CLOUDFRONT";
+    _name = "WebACL";
+    constructor(construct) {
+        this._construct = construct;
+    }
+    isRuleDefined(rules, rule) {
+        return rules === "all" || rules.includes(rule);
+    }
+    withAWSManagedRules(rules = "all") {
+        if (this.isRuleDefined(rules, "CommonRuleSet")) {
+            this._rules.push(createAWSCommonRuleSet());
+        }
+        if (this.isRuleDefined(rules, "AmazonIpReputationList")) {
+            this._rules.push(createAWSReputationList());
+        }
+        if (this.isRuleDefined(rules, "KnownBadInputsRuleSet")) {
+            this._rules.push(createAWSKnownBadInput());
+        }
+        if (this.isRuleDefined(rules, "SQLiRuleSet")) {
+            this._rules.push(createAWSAntiSQLInjection());
+        }
+        return this;
+    }
+    withIpRestrictionRule(addresses) {
+        const blocklistIpSet = new CfnIPSet(this._construct, "BlocklistIpSet", {
+            ipAddressVersion: "IPV4",
+            scope: this._scope,
+            addresses,
+        });
+        this._rules.push({
+            name: "IpBlocklist",
+            priority: 10,
+            action: { block: {} },
+            statement: {
+                ipSetReferenceStatement: {
+                    arn: blocklistIpSet.attrArn,
+                },
+            },
+            visibilityConfig: {
+                sampledRequestsEnabled: false,
+                cloudWatchMetricsEnabled: true,
+                metricName: "IpBlocklist",
+            },
+        });
+        return this;
+    }
+    build() {
+        if (this._rules.length === 0) {
+            throw new Error("No rules defined for WebACL");
+        }
+        const acl = new CfnWebACL(this._construct, this._name, {
+            defaultAction: { allow: {} },
+            scope: this._scope,
+            visibilityConfig: {
+                cloudWatchMetricsEnabled: true,
+                metricName: "WAF-Blocked",
+                sampledRequestsEnabled: false
+            },
+            rules: this._rules,
+            //            customResponseBodies
+        });
+        return acl;
+    }
+}
+function createAWSCommonRuleSet() {
+    return createRuleProperty("AWS-AWSManagedRulesCommonRuleSet", 70, {
+        statement: {
+            managedRuleGroupStatement: {
+                vendorName: "AWS",
+                name: "AWSManagedRulesCommonRuleSet",
+                excludedRules: [
+                    { name: "NoUserAgent_HEADER" },
+                    { name: "SizeRestrictions_BODY" },
+                    { name: "GenericRFI_BODY" }
+                ]
+            }
+        }
+    });
+}
+function createAWSReputationList() {
+    return createRuleProperty("AWS-AWSManagedRulesAmazonIpReputationList", 80, {
+        statement: {
+            managedRuleGroupStatement: {
+                vendorName: "AWS",
+                name: "AWSManagedRulesAmazonIpReputationList"
+            }
+        }
+    });
+}
+function createAWSKnownBadInput() {
+    return createRuleProperty("AWS-AWSManagedRulesKnownBadInputsRuleSet", 90, {
+        statement: {
+            managedRuleGroupStatement: {
+                vendorName: "AWS",
+                name: "AWSManagedRulesKnownBadInputsRuleSet"
+            }
+        }
+    });
+}
+function createAWSAntiSQLInjection() {
+    return createRuleProperty("AWS-AWSManagedRulesSQLiRuleSet", 100, {
+        statement: {
+            managedRuleGroupStatement: {
+                vendorName: "AWS",
+                name: "AWSManagedRulesSQLiRuleSet"
+            }
+        }
+    });
+}
+function createRuleProperty(name, priority, rule, overrideAction = true) {
+    return {
+        ...{
+            name,
+            priority,
+            visibilityConfig: {
+                sampledRequestsEnabled: true,
+                cloudWatchMetricsEnabled: true,
+                metricName: name
+            }
+        },
+        ...rule,
+        ...(overrideAction ? { overrideAction: { none: {} } } : {})
+    };
+}
+//# sourceMappingURL=acl-builder.mjs.map

package/dist/aws/infra/api/static-integration.d.mts

@@ -8,8 +8,17 @@ import { MediaType } from "../../types/mediatypes.mjs";
  * @param response
  */
 export declare class DigitrafficStaticIntegration extends MockIntegration {
-    constructor(resource: Resource, mediaType: MediaType, response: string, enableCors?: boolean, apiKeyRequired?: boolean);
-    static json<K>(resource: Resource, response: K, enableCors?: boolean, apiKeyRequired?: boolean): DigitrafficStaticIntegration;
-    private static createIntegrationResponse;
-    private static createMethodResponse;
+    constructor(resource: Resource, mediaType: MediaType, response: string, enableCors?: boolean, apiKeyRequired?: boolean, headers?: Record<string, string>);
+    static json<K>(resource: Resource, response: K, enableCors?: boolean, apiKeyRequired?: boolean, headers?: Record<string, string>): DigitrafficStaticIntegration;
+    static createIntegrationResponse(response: string, mediaType: MediaType, headers?: Record<string, string>): {
+        statusCode: string;
+        responseTemplates: {
+            [x: string]: string;
+        };
+        responseParameters: Record<string, string>;
+    };
+    static createMethodResponse(headers: Record<string, string>): {
+        statusCode: string;
+        responseParameters: Record<string, boolean>;
+    };
 }

package/dist/aws/infra/api/static-integration.mjs

@@ -1,12 +1,8 @@
-import { MockIntegration, PassthroughBehavior, Resource, } from "aws-cdk-lib/aws-apigateway";
+import { MockIntegration, PassthroughBehavior, Resource } from "aws-cdk-lib/aws-apigateway";
 import { MediaType } from "../../types/mediatypes.mjs";
-import { RESPONSE_CORS_INTEGRATION } from "./responses.mjs";
 const INTEGRATION_RESPONSE_200 = `{
     "statusCode": 200
 }`;
-const METHOD_RESPONSE_200 = {
-    statusCode: "200",
-};
 /**
  * Static integration, that returns the given response with given mediaType from given resource.
  *
@@ -15,8 +11,11 @@ const METHOD_RESPONSE_200 = {
  * @param response
  */
 export class DigitrafficStaticIntegration extends MockIntegration {
-    constructor(resource, mediaType, response, enableCors = true, apiKeyRequired = true) {
-        const integrationResponse = DigitrafficStaticIntegration.createIntegrationResponse(response, mediaType, enableCors);
+    constructor(resource, mediaType, response, enableCors = true, apiKeyRequired = true, headers = {}) {
+        if (enableCors) {
+            headers = { ...headers, "Access-Control-Allow-Origin": "*" };
+        }
+        const integrationResponse = DigitrafficStaticIntegration.createIntegrationResponse(response, mediaType, headers);
         super({
             passthroughBehavior: PassthroughBehavior.WHEN_NO_TEMPLATES,
             requestTemplates: {
@@ -28,39 +27,44 @@ export class DigitrafficStaticIntegration extends MockIntegration {
             resource.addMethod(httpMethod, this, {
                 apiKeyRequired,
                 methodResponses: [
-                    DigitrafficStaticIntegration.createMethodResponse(enableCors),
+                    DigitrafficStaticIntegration.createMethodResponse(headers),
                 ],
             });
         });
     }
-    static json(resource, response, enableCors = true, apiKeyRequired = true) {
-        return new DigitrafficStaticIntegration(resource, MediaType.APPLICATION_JSON, JSON.stringify(response), enableCors, apiKeyRequired);
+    static json(resource, response, enableCors = true, apiKeyRequired = true, headers = {}) {
+        return new DigitrafficStaticIntegration(resource, MediaType.APPLICATION_JSON, JSON.stringify(response), enableCors, apiKeyRequired, headers);
     }
-    static createIntegrationResponse(response, mediaType, enableCors) {
-        const integrationResponse = {
+    static createIntegrationResponse(response, mediaType, headers = {}) {
+        const params = mapRecord(headers, (entry) => ["method.response.header." + entry[0], `'${entry[1]}'`]);
+        return {
             statusCode: "200",
             responseTemplates: {
                 [mediaType]: response,
             },
+            responseParameters: params
         };
-        return enableCors
-            ? { ...integrationResponse, ...RESPONSE_CORS_INTEGRATION }
-            : integrationResponse;
     }
-    static createMethodResponse(enableCors) {
-        return enableCors
-            ? corsMethod(METHOD_RESPONSE_200)
-            : METHOD_RESPONSE_200;
+    static createMethodResponse(headers) {
+        const allowedHeaders = Object.keys(headers);
+        const entries = Object.fromEntries(allowedHeaders.map((key) => [key, true]));
+        return {
+            statusCode: "200",
+            responseParameters: prefixKeys("method.response.header.", entries)
+        };
     }
 }
-function corsMethod(response) {
-    return {
-        ...response,
-        ...{
-            responseParameters: {
-                "method.response.header.Access-Control-Allow-Origin": true,
-            },
-        },
-    };
+function mapRecord(obj, func) {
+    const mappedEntries = Object.entries(obj).map((entry) => func(entry));
+    return Object.fromEntries(mappedEntries);
+}
+/**
+ * Create a new Record with prefix added to each of the keys.
+ *
+ * @param prefix
+ * @param obj
+ */
+function prefixKeys(prefix, obj) {
+    return mapRecord(obj, (entry) => [prefix + entry[0], entry[1]]);
 }
 //# sourceMappingURL=static-integration.mjs.map

package/dist/aws/infra/security-rule.mjs

@@ -9,11 +9,11 @@ import { SnsTopic } from "aws-cdk-lib/aws-events-targets";
  */
 export class DigitrafficSecurityRule extends Rule {
     constructor(scope, topic) {
-        const ruleName = 'SecurityHubRule';
+        const ruleName = "SecurityHubRule";
         super(scope, ruleName, {
             ruleName,
             eventPattern: {
-                source: ['aws.securityhub'],
+                source: ["aws.securityhub"],
                 detailType: ["Security Hub Findings - Imported"],
                 detail: {
                     findings: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digitraffic/common",
-  "version": "2024.3.22-1",
+  "version": "2024.3.28-1",
   "description": "",
   "type": "module",
   "repository": {
@@ -56,6 +56,7 @@
     "./dist/aws/infra/stacks/db-proxy-stack": "./dist/aws/infra/stacks/db-proxy-stack.mjs",
     "./dist/aws/infra/stacks/intra-stack-configuration": "./dist/aws/infra/stacks/intra-stack-configuration.mjs",
     "./dist/aws/infra/stacks/db-dns-stack": "./dist/aws/infra/stacks/db-dns-stack.mjs",
+    "./dist/aws/infra/acl-builder": "./dist/aws/infra/acl-builder.mjs",
     "./dist/aws/infra/documentation": "./dist/aws/infra/documentation.mjs",
     "./dist/aws/infra/usage-plans": "./dist/aws/infra/usage-plans.mjs",
     "./dist/aws/infra/scheduler": "./dist/aws/infra/scheduler.mjs",
@@ -103,32 +104,32 @@
     "./dist/aws/runtime/digitraffic-integration-response": "./dist/aws/runtime/digitraffic-integration-response.mjs"
   },
   "peerDependencies": {
-    "@aws-sdk/client-s3": "^3.533.0",
-    "@aws-sdk/lib-storage": "^3.533.0",
-    "@aws-sdk/client-secrets-manager": "^3.533.0",
-    "@aws-sdk/client-api-gateway": "^3.533.0",
-    "@aws-sdk/client-sns": "^3.533.0",
+    "@aws-sdk/client-s3": "^3.540.0",
+    "@aws-sdk/lib-storage": "^3.540.0",
+    "@aws-sdk/client-secrets-manager": "^3.540.0",
+    "@aws-sdk/client-api-gateway": "^3.540.0",
+    "@aws-sdk/client-sns": "^3.540.0",
     "@types/geojson": "^7946.0.14",
-    "aws-cdk-lib": "^2.133.0",
+    "aws-cdk-lib": "^2.134.0",
     "change-case": "5.0.0",
     "constructs": "^10.3.0",
     "date-fns": "~2.30.0",
     "date-fns-tz": "~2.0.0",
     "etag": "^1.8.1",
     "geojson-validation": "^1.0.2",
-    "ky": "^1.2.2",
+    "ky": "^1.2.3",
     "lodash": "~4.17.21",
     "node-ttl": "^0.2.0",
     "pg-native": "^3.0.1",
     "pg-promise": "^11.5.4"
   },
   "devDependencies": {
-    "aws-sdk": "2.1577.0",
-    "@aws-sdk/client-s3": "3.533.0",
-    "@aws-sdk/lib-storage": "3.533.0",
-    "@aws-sdk/client-secrets-manager": "3.533.0",
-    "@aws-sdk/client-api-gateway": "3.533.0",
-    "@aws-sdk/client-sns": "3.533.0",
+    "aws-sdk": "2.1586.0",
+    "@aws-sdk/client-s3": "3.540.0",
+    "@aws-sdk/lib-storage": "3.540.0",
+    "@aws-sdk/client-secrets-manager": "3.540.0",
+    "@aws-sdk/client-api-gateway": "3.540.0",
+    "@aws-sdk/client-sns": "3.540.0",
     "@jest/globals": "^29.7.0",
     "@rushstack/eslint-config": "^3.6.4",
     "@rushstack/heft": "^0.66.0",
@@ -142,10 +143,9 @@
     "@types/jest": "29.5.12",
     "@types/lodash": "4.14.202",
     "@types/node": "20.11.27",
-    "@types/sinon": "17.0.3",
     "@typescript-eslint/eslint-plugin": "~6.18.1",
     "@typescript-eslint/parser": "^6.20.0",
-    "aws-cdk-lib": "^2.133.0",
+    "aws-cdk-lib": "^2.134.0",
     "change-case": "5.3.0",
     "constructs": "10.3.0",
     "date-fns": "~2.30.0",
@@ -157,13 +157,12 @@
     "geojson-validation": "^1.0.2",
     "jest": "^29.7.0",
     "jest-junit": "^16.0.0",
-    "ky": "^1.2.2",
+    "ky": "^1.2.3",
     "lodash": "~4.17.21",
     "node-ttl": "^0.2.0",
     "pg-promise": "^11.5.4",
     "prettier": "^3.2.5",
     "rimraf": "^5.0.5",
-    "sinon": "17.0.1",
     "ts-jest": "^29.1.2",
     "typescript": "~5.3.3",
     "velocityjs": "2.0.6"