@digitraffic/common 2024.8.14-1 → 2024.8.27-1

package/dist/__test__/promise/{promise.test.mjs → promise.test.js}

@@ -1,7 +1,7 @@
-import { getRandomInteger } from "../../test/testutils.mjs";
-import { retry, RetryLogError } from "../../utils/retry.mjs";
-import { logger } from "../../aws/runtime/dt-logger-default.mjs";
-import { jest } from '@jest/globals';
+import { getRandomInteger } from "../../__test__/testutils.js";
+import { retry, RetryLogError } from "../../utils/retry.js";
+import { logger } from "../../aws/runtime/dt-logger-default.js";
+import { jest } from "@jest/globals";
 jest.useFakeTimers();
 describe("Promise utils tests", () => {
     test("retry - no retries", async () => {
@@ -32,8 +32,7 @@ describe("Promise utils tests", () => {
     });
     test("retry - errors with no error logging", async () => {
         const fn = jest.fn(() => Promise.reject("error"));
-        const consoleErrorSpy = jest
-            .spyOn(logger, "error");
+        const consoleErrorSpy = jest.spyOn(logger, "error");
         try {
             await retry(fn, getRandomInteger(0, 10), RetryLogError.NO_LOGGING);
         }
@@ -47,8 +46,7 @@ describe("Promise utils tests", () => {
     });
     test("retry - no retries with error logging", async () => {
         const fn = jest.fn(() => Promise.reject("error"));
-        const consoleErrorSpy = jest
-            .spyOn(logger, "error");
+        const consoleErrorSpy = jest.spyOn(logger, "error");
         try {
             await retry(fn, 0, RetryLogError.LOG_ALL_AS_ERRORS);
         }
@@ -63,8 +61,7 @@ describe("Promise utils tests", () => {
     test("retry - retries with error logging", async () => {
         const fn = jest.fn(() => Promise.reject("error"));
         const retries = getRandomInteger(1, 10);
-        const consoleErrorSpy = jest
-            .spyOn(logger, "error");
+        const consoleErrorSpy = jest.spyOn(logger, "error");
         try {
             await retry(fn, retries, RetryLogError.LOG_ALL_AS_ERRORS);
         }
@@ -82,8 +79,7 @@ describe("Promise utils tests", () => {
     });
     test("retry - defaults", async () => {
         const fn = jest.fn(() => Promise.reject("error"));
-        const consoleErrorSpy = jest
-            .spyOn(logger, "error");
+        const consoleErrorSpy = jest.spyOn(logger, "error");
         try {
             await retry(fn);
         }
@@ -127,4 +123,4 @@ describe("Promise utils tests", () => {
         expect(ret).toBe(val);
     });
 });
-//# sourceMappingURL=promise.test.mjs.map
+//# sourceMappingURL=promise.test.js.map

package/dist/__test__/runtime/{dt-logger.test.mjs → dt-logger.test.js}

@@ -1,5 +1,5 @@
 import { Writable } from "stream";
-import { DtLogger } from "../../aws/runtime/dt-logger.mjs";
+import { DtLogger } from "../../aws/runtime/dt-logger.js";
 const LOG_LINE = {
     method: "dt-logger.test",
     message: "FOO",
@@ -30,11 +30,11 @@ describe("dt-logger", () => {
         expect(logged.length).toBe(1);
         const loggedLine = JSON.parse(logged[0]);
         console.info(loggedLine);
-        if (typeof expected === "object" &&
-            "stack" in expected &&
-            expected.stack) {
-            const stack = loggedLine['stack'];
-            delete loggedLine['stack'];
+        if (typeof expected === "object" && "stack" in expected && expected.stack) {
+            // eslint-disable-next-line dot-notation
+            const stack = loggedLine["stack"];
+            // eslint-disable-next-line dot-notation
+            delete loggedLine["stack"];
             delete expected.stack;
             expect(stack).toBeDefined();
         }
@@ -105,4 +105,4 @@ describe("dt-logger", () => {
         });
     });
 });
-//# sourceMappingURL=dt-logger.test.mjs.map
+//# sourceMappingURL=dt-logger.test.js.map

package/dist/__test__/secrets/{secret-holder.test.mjs → secret-holder.test.js}

@@ -10,8 +10,9 @@ const emptySecret = { $metadata: {} };
 const getSecretValueMock = jest.fn();
 // eslint-disable-next-line @typescript-eslint/no-misused-promises
 jest.spyOn(SecretsManager.prototype, "getSecretValue").mockImplementation(getSecretValueMock);
-const { SecretHolder } = await import("../../aws/runtime/secrets/secret-holder.mjs");
-const { DatabaseEnvironmentKeys } = await import("../../database/database.mjs");
+const { SecretHolder } = await import("../../aws/runtime/secrets/secret-holder.js");
+const { DatabaseEnvironmentKeys } = await import("../../database/database.js");
+// eslint-disable-next-line @rushstack/no-new-null
 function mockSecret(secret) {
     if (!secret) {
         getSecretValueMock.mockImplementation(() => Promise.resolve(emptySecret));
@@ -22,11 +23,12 @@ function mockSecret(secret) {
 }
 describe("SecretHolder - tests", () => {
     beforeEach(() => {
+        // eslint-disable-next-line dot-notation
         process.env["SECRET_ID"] = "test-id";
+        // eslint-disable-next-line dot-notation
         process.env["AWS_REGION"] = "eu-west-1";
     });
     afterEach(() => {
-        // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
         delete process.env[DatabaseEnvironmentKeys.DB_USER];
     });
     test("get - no secret", () => {
@@ -93,4 +95,4 @@ describe("SecretHolder - tests", () => {
         expect(getSecretValueMock).toHaveBeenCalledTimes(callCount + 2);
     });
 });
-//# sourceMappingURL=secret-holder.test.mjs.map
+//# sourceMappingURL=secret-holder.test.js.map

package/dist/__test__/secrets/{secret.test.mjs → secret.test.js}

@@ -10,6 +10,7 @@ const emptySecret = { $metadata: {} };
 const getSecretValueMock = jest.fn();
 // eslint-disable-next-line @typescript-eslint/no-misused-promises
 jest.spyOn(SecretsManager.prototype, "getSecretValue").mockImplementation(getSecretValueMock);
+// eslint-disable-next-line @rushstack/no-new-null
 function mockSecret(secret) {
     if (!secret) {
         getSecretValueMock.mockImplementation(() => Promise.resolve(emptySecret));
@@ -18,8 +19,9 @@ function mockSecret(secret) {
         getSecretValueMock.mockImplementation(() => Promise.resolve({ ...emptySecret, ...{ SecretString: JSON.stringify(secret) } }));
     }
 }
+// eslint-disable-next-line dot-notation
 process.env["AWS_REGION"] = "eu-west-1";
-const secret = await import("../../aws/runtime/secrets/secret.mjs");
+const secret = await import("../../aws/runtime/secrets/secret.js");
 const { getSecret } = secret;
 describe("secret - test", () => {
     test("getSecret - no secret", async () => {
@@ -47,4 +49,4 @@ describe("secret - test", () => {
         });
     });
 });
-//# sourceMappingURL=secret.test.mjs.map
+//# sourceMappingURL=secret.test.js.map

package/dist/__test__/stack/{rest-apis.test.mjs → rest-apis.test.js}

@@ -1,7 +1,7 @@
 import { App } from "aws-cdk-lib";
-import { DigitrafficRestApi } from "../../aws/infra/stack/rest_apis.mjs";
-import { DigitrafficStack } from "../../aws/infra/stack/stack.mjs";
-import { TrafficType } from "../../types/traffictype.mjs";
+import { DigitrafficRestApi } from "../../aws/infra/stack/rest_apis.js";
+import { DigitrafficStack } from "../../aws/infra/stack/stack.js";
+import { TrafficType } from "../../types/traffictype.js";
 import { Match, Template } from "aws-cdk-lib/assertions";
 describe("Rest api test", () => {
     test("OPTIONS method is added to API-gateway", () => {
@@ -39,4 +39,4 @@ describe("Rest api test", () => {
         });
     });
 });
-//# sourceMappingURL=rest-apis.test.mjs.map
+//# sourceMappingURL=rest-apis.test.js.map

package/dist/__test__/test/{mock-ky.test.mjs → mock-ky.test.js}

@@ -1,5 +1,5 @@
-import { mockKyResponse } from "../../test/mock-ky.mjs";
-import { describe, test, jest } from "@jest/globals";
+import { mockKyResponse } from "../../__test__/mock-ky.js";
+import { describe, jest, test } from "@jest/globals";
 const ky = (await import("ky")).default;
 describe("mockKyResponse", () => {
     const testObj = { test: "data" };
@@ -43,4 +43,4 @@ describe("mockKyResponse", () => {
         expect(await (await ky.get(url)).json()).toEqual(testObj);
     });
 });
-//# sourceMappingURL=mock-ky.test.mjs.map
+//# sourceMappingURL=mock-ky.test.js.map

package/dist/{test/testutils.mjs → __test__/testutils.js}

@@ -26,8 +26,7 @@ export function randomBoolean() {
 export function shuffle(array) {
     // pretty fast way to copy an array, not necessarily the fastest
     const newArray = array.slice(0);
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
     newArray.sort((_) => 0.5 - Math.random());
     return newArray;
 }
-//# sourceMappingURL=testutils.mjs.map
+//# sourceMappingURL=testutils.js.map

package/dist/__test__/types/{lambda-response.test.mjs → lambda-response.test.js}

@@ -1,4 +1,4 @@
-import { LambdaResponse } from "../../aws/types/lambda-response.mjs";
+import { LambdaResponse } from "../../aws/types/lambda-response.js";
 describe("lambda-response", () => {
     const TEST_MESSAGE = "HELLO";
     const TEST_COUNT = 12;
@@ -55,4 +55,4 @@ describe("lambda-response", () => {
         assertBinary(response, "Not implemented", 501);
     });
 });
-//# sourceMappingURL=lambda-response.test.mjs.map
+//# sourceMappingURL=lambda-response.test.js.map

package/dist/__test__/utils/{date-utils.test.mjs → date-utils.test.js}

@@ -1,5 +1,5 @@
 import { parseISO } from "date-fns";
-import * as CommonDateUtils from "../../utils/date-utils.mjs";
+import * as CommonDateUtils from "../../utils/date-utils.js";
 const ISO = "2022-01-02T01:02:03.004Z";
 describe("CommonDateUtilsTest", () => {
     test("dateFromIsoString", () => {
@@ -7,7 +7,7 @@ describe("CommonDateUtilsTest", () => {
         expect(parsed.toISOString()).toEqual(ISO);
     });
     test("dateFromIsoString fails", () => {
-        expect(() => CommonDateUtils.dateFromIsoString(ISO + "foobar")).toThrowError();
+        expect(() => CommonDateUtils.dateFromIsoString(ISO + "foobar")).toThrow();
     });
     test("countDiffMs", () => {
         const start = new Date();
@@ -24,4 +24,4 @@ describe("CommonDateUtilsTest", () => {
         expect(CommonDateUtils.dateToUTCString(date, CommonDateUtils.MYSQL_DATETIME_FORMAT)).toEqual("2023-01-01 00:00");
     });
 });
-//# sourceMappingURL=date-utils.test.mjs.map
+//# sourceMappingURL=date-utils.test.js.map

package/dist/__test__/utils/{geometry.test.mjs → geometry.test.js}

@@ -1,5 +1,5 @@
-import { Asserter } from "../../test/asserter.mjs";
-import * as Geometry from "../../utils/geometry.mjs";
+import { Asserter } from "../asserter.js";
+import * as Geometry from "../../utils/geometry.js";
 const TAMPERE_WGS84_X = 23.761290078;
 const TAMPERE_WGS84_Y = 61.49774257;
 const KUOPIO_WGS84_X = 27.688935;
@@ -21,4 +21,4 @@ describe("CommonGeometryTest", () => {
         expect(Geometry.areDistinctPositions([1, 2], [1, 2.000000000000001])).toBe(true);
     });
 });
-//# sourceMappingURL=geometry.test.mjs.map
+//# sourceMappingURL=geometry.test.js.map

package/dist/__test__/utils/{logging.test.mjs → logging.test.js}

@@ -1,6 +1,6 @@
 import { Writable } from "stream";
-import { DtLogger } from "../../aws/runtime/dt-logger.mjs";
-import { logException } from "../../utils/logging.mjs";
+import { DtLogger } from "../../aws/runtime/dt-logger.js";
+import { logException } from "../../utils/logging.js";
 const TEST_METHODNAME = "test.logException";
 describe("dt-logger", () => {
     function assertLogError(error, expected, includeStack = false) {
@@ -33,7 +33,7 @@ describe("dt-logger", () => {
             delete expected.stack;
             expect(stack).toBeDefined();
         }
-        expect(loggedLine).toEqual(expected);
+        expect(loggedLine).toMatchObject(expected);
     }
     test("log error - string", () => {
         const STRING_ERROR = "string error";
@@ -75,4 +75,4 @@ describe("dt-logger", () => {
         });
     });
 });
-//# sourceMappingURL=logging.test.mjs.map
+//# sourceMappingURL=logging.test.js.map

package/dist/__test__/utils/{utils.test.mjs → utils.test.js}

@@ -1,4 +1,4 @@
-import * as ArrayUtils from "../../utils/utils.mjs";
+import * as ArrayUtils from "../../utils/utils.js";
 describe("ArrayUtils", () => {
     test("bothArraysHasSameValues", () => {
         expect(ArrayUtils.bothArraysHasSameValues([], [])).toEqual(true);
@@ -10,7 +10,6 @@ describe("ArrayUtils", () => {
         expect(ArrayUtils.bothArraysHasSameValues(null, undefined)).toEqual(true);
         expect(ArrayUtils.bothArraysHasSameValues(["a"], undefined)).toEqual(false);
         expect(ArrayUtils.bothArraysHasSameValues(["a"], null)).toEqual(false);
-        /* eslint-enable */
         expect(ArrayUtils.bothArraysHasSameValues(["a", "b"], ["a", "a"])).toEqual(false);
         expect(ArrayUtils.bothArraysHasSameValues(["a", "a", "a"], ["a", "b", "c"])).toEqual(false);
         const o1 = { a: 1, b: 2 };
@@ -43,4 +42,4 @@ describe("ArrayUtils", () => {
         expect([1, 2, undefined, null, 3].filter(ArrayUtils.isDefined)).toEqual([1, 2, 3]);
     });
 });
-//# sourceMappingURL=utils.test.mjs.map
+//# sourceMappingURL=utils.test.js.map

package/dist/aws/infra/acl-builder.d.ts

@@ -0,0 +1,41 @@
+import { CfnWebACL } from "aws-cdk-lib/aws-wafv2";
+import type { Construct } from "constructs";
+export type AWSManagedWafRule = "CommonRuleSet" | "AmazonIpReputationList" | "KnownBadInputsRuleSet" | "SQLiRuleSet";
+export type ExcludedAWSRules = {
+    [key in AWSManagedWafRule]?: string[];
+};
+export type CfnWebAclRuleProperty = {
+    [P in keyof CfnWebACL.RuleProperty as Exclude<P, "priority">]: (CfnWebACL.RuleProperty)[P];
+};
+/**
+ * Builder class for building CfnWebACL.
+ *
+ * Currently supports:
+ * * Some AWS managed WAF rules
+ * * IP blacklisting
+ */
+export declare class AclBuilder {
+    readonly _construct: Construct;
+    readonly _countRules: CfnWebAclRuleProperty[];
+    readonly _blockRules: CfnWebAclRuleProperty[];
+    readonly _name: string;
+    _scope: string;
+    _customResponseBodies: Record<string, CfnWebACL.CustomResponseBodyProperty>;
+    constructor(construct: Construct, name?: string);
+    isRuleDefined(rules: AWSManagedWafRule[] | "all", rule: AWSManagedWafRule): boolean;
+    withAWSManagedRules(rules?: AWSManagedWafRule[] | "all", excludedRules?: ExcludedAWSRules): AclBuilder;
+    withIpRestrictionRule(addresses: string[]): AclBuilder;
+    withThrottleRule(name: string, limit: number, isHeaderRequired: boolean, isBasedOnIpAndUriPath: boolean, customResponseBodyKey?: string): AclBuilder;
+    withCustomResponseBody(key: string, customResponseBody: CfnWebACL.CustomResponseBodyProperty): AclBuilder;
+    withThrottleDigitrafficUserIp(limit: number | undefined): AclBuilder;
+    withThrottleDigitrafficUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    withThrottleAnonymousUserIp(limit: number | undefined): AclBuilder;
+    withThrottleAnonymousUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    withCountDigitrafficUserIp(limit: number | undefined): AclBuilder;
+    withCountDigitrafficUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    withCountAnonymousUserIp(limit: number | undefined): AclBuilder;
+    withCountAnonymousUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    _isCustomResponseBodyKeySet(key: string): boolean;
+    _addThrottleResponseBody(customResponseBodyKey: string, limit: number): void;
+    build(): CfnWebACL;
+}

package/dist/aws/infra/{acl-builder.mjs → acl-builder.js}

@@ -1,5 +1,6 @@
 import { CfnIPSet, CfnWebACL } from "aws-cdk-lib/aws-wafv2";
-import { logger } from "../runtime/dt-logger-default.mjs";
+import { logger } from "../runtime/dt-logger-default.js";
+import { zipWith, range, concat } from "lodash-es";
 /**
  * Builder class for building CfnWebACL.
  *
@@ -9,8 +10,9 @@ import { logger } from "../runtime/dt-logger-default.mjs";
  */
 export class AclBuilder {
     _construct;
-    _rules = [];
-    _name;
+    _countRules = [];
+    _blockRules = [];
+    _name = "WebACL";
     _scope = "CLOUDFRONT";
     _customResponseBodies = {};
     constructor(construct, name = "WebACL") {
@@ -20,18 +22,18 @@ export class AclBuilder {
     isRuleDefined(rules, rule) {
         return rules === "all" || rules.includes(rule);
     }
-    withAWSManagedRules(rules = "all") {
+    withAWSManagedRules(rules = "all", excludedRules = {}) {
         if (this.isRuleDefined(rules, "CommonRuleSet")) {
-            this._rules.push(createAWSCommonRuleSet());
+            this._blockRules.push(createAWSCommonRuleSet(excludedRules?.CommonRuleSet));
         }
         if (this.isRuleDefined(rules, "AmazonIpReputationList")) {
-            this._rules.push(createAWSReputationList());
+            this._blockRules.push(createAWSReputationList(excludedRules?.AmazonIpReputationList));
         }
         if (this.isRuleDefined(rules, "KnownBadInputsRuleSet")) {
-            this._rules.push(createAWSKnownBadInput());
+            this._blockRules.push(createAWSKnownBadInput(excludedRules?.KnownBadInputsRuleSet));
         }
         if (this.isRuleDefined(rules, "SQLiRuleSet")) {
-            this._rules.push(createAWSAntiSQLInjection());
+            this._blockRules.push(createAWSAntiSQLInjection(excludedRules?.SQLiRuleSet));
         }
         return this;
     }
@@ -41,9 +43,8 @@ export class AclBuilder {
             scope: this._scope,
             addresses,
         });
-        this._rules.push({
+        this._blockRules.push({
             name: "IpBlocklist",
-            priority: 10,
             action: { block: {} },
             statement: {
                 ipSetReferenceStatement: {
@@ -58,23 +59,27 @@ export class AclBuilder {
         });
         return this;
     }
-    withThrottleRule(name, priority, limit, customResponseBodyKey, isHeaderRequired, isBasedOnIpAndUriPath) {
-        this._rules.push({
+    withThrottleRule(name, limit, isHeaderRequired, isBasedOnIpAndUriPath, customResponseBodyKey) {
+        const isBlockRule = !!customResponseBodyKey;
+        const rules = isBlockRule ? this._blockRules : this._countRules;
+        const action = isBlockRule ? {
+            block: {
+                customResponse: {
+                    responseCode: 429,
+                    customResponseBodyKey,
+                },
+            },
+        } : {
+            count: {}
+        };
+        rules.push({
             name,
-            priority,
             visibilityConfig: {
                 sampledRequestsEnabled: true,
                 cloudWatchMetricsEnabled: true,
                 metricName: name,
             },
-            action: {
-                block: {
-                    customResponse: {
-                        responseCode: 429,
-                        customResponseBodyKey,
-                    },
-                },
-            },
+            action,
             statement: createThrottleStatement(limit, isHeaderRequired, isBasedOnIpAndUriPath),
         });
         return this;
@@ -90,40 +95,60 @@ export class AclBuilder {
         return this;
     }
     withThrottleDigitrafficUserIp(limit) {
-        if (limit == null) {
-            this._logMissingLimit("withThrottleDigitrafficUserIp");
+        if (limit === undefined) {
             return this;
         }
         const customResponseBodyKey = `IP_THROTTLE_DIGITRAFFIC_USER_${limit}`;
         this._addThrottleResponseBody(customResponseBodyKey, limit);
-        return this.withThrottleRule("ThrottleRuleWithDigitrafficUser", 1, limit, customResponseBodyKey, true, false);
+        return this.withThrottleRule("ThrottleRuleWithDigitrafficUser", limit, true, false, customResponseBodyKey);
     }
     withThrottleDigitrafficUserIpAndUriPath(limit) {
-        if (limit == null) {
-            this._logMissingLimit("withThrottleDigitrafficUserIpAndUriPath");
+        if (limit === undefined) {
             return this;
         }
         const customResponseBodyKey = `IP_PATH_THROTTLE_DIGITRAFFIC_USER_${limit}`;
         this._addThrottleResponseBody(customResponseBodyKey, limit);
-        return this.withThrottleRule("ThrottleRuleIPQueryWithDigitrafficUser", 2, limit, customResponseBodyKey, true, true);
+        return this.withThrottleRule("ThrottleRuleIPQueryWithDigitrafficUser", limit, true, true, customResponseBodyKey);
     }
     withThrottleAnonymousUserIp(limit) {
-        if (limit == null) {
-            this._logMissingLimit("withThrottleAnonymousUserIp");
+        if (limit === undefined) {
             return this;
         }
         const customResponseBodyKey = `IP_THROTTLE_ANONYMOUS_USER_${limit}`;
         this._addThrottleResponseBody(customResponseBodyKey, limit);
-        return this.withThrottleRule("ThrottleRuleWithAnonymousUser", 3, limit, customResponseBodyKey, false, false);
+        return this.withThrottleRule("ThrottleRuleWithAnonymousUser", limit, false, false, customResponseBodyKey);
     }
     withThrottleAnonymousUserIpAndUriPath(limit) {
-        if (limit == null) {
-            this._logMissingLimit("withThrottleAnonymousUserIpAndUriPath");
+        if (limit === undefined) {
             return this;
         }
         const customResponseBodyKey = `IP_PATH_THROTTLE_ANONYMOUS_USER_${limit}`;
         this._addThrottleResponseBody(customResponseBodyKey, limit);
-        return this.withThrottleRule("ThrottleRuleIPQueryWithAnonymousUser", 4, limit, customResponseBodyKey, false, true);
+        return this.withThrottleRule("ThrottleRuleIPQueryWithAnonymousUser", limit, false, true, customResponseBodyKey);
+    }
+    withCountDigitrafficUserIp(limit) {
+        if (limit === undefined) {
+            return this;
+        }
+        return this.withThrottleRule(`CountRuleWithDigitrafficUser${limit}`, limit, true, false);
+    }
+    withCountDigitrafficUserIpAndUriPath(limit) {
+        if (limit === undefined) {
+            return this;
+        }
+        return this.withThrottleRule(`CountRuleIPQueryWithDigitrafficUser${limit}`, limit, true, true);
+    }
+    withCountAnonymousUserIp(limit) {
+        if (limit === undefined) {
+            return this;
+        }
+        return this.withThrottleRule(`CountRuleWithAnonymousUser${limit}`, limit, false, false);
+    }
+    withCountAnonymousUserIpAndUriPath(limit) {
+        if (limit === undefined) {
+            return this;
+        }
+        return this.withThrottleRule(`CountRuleIPQueryWithAnonymousUser${limit}`, limit, false, true);
     }
     _isCustomResponseBodyKeySet(key) {
         return key in this._customResponseBodies;
@@ -136,21 +161,20 @@ export class AclBuilder {
             });
         }
     }
-    _logMissingLimit(method) {
-        logger.warn({
-            method: `acl-builder.${method}`,
-            message: `'limit' was not defined. Not setting a throttle rule for ${this._name}`,
-        });
-    }
     build() {
-        if (this._rules.length === 0) {
+        const addPriority = (rule, priority) => ({
+            ...rule,
+            priority
+        });
+        const rules = concat(zipWith(this._countRules, range(this._countRules.length), addPriority), zipWith(this._blockRules, range(this._blockRules.length).map(n => n + this._countRules.length), addPriority));
+        if (rules.length === 0) {
             throw new Error("No rules defined for WebACL");
         }
-        const uniqueRuleNames = new Set(this._rules.map((rule) => rule.name));
-        if (uniqueRuleNames.size != this._rules.length) {
+        const uniqueRuleNames = new Set(rules.map((rule) => rule.name));
+        if (uniqueRuleNames.size !== rules.length) {
             throw new Error("Tried to create an Access Control List with multiple rules having the same name");
         }
-        const acl = new CfnWebACL(this._construct, this._name, {
+        return new CfnWebACL(this._construct, this._name, {
             defaultAction: { allow: {} },
             scope: this._scope,
             visibilityConfig: {
@@ -158,10 +182,9 @@ export class AclBuilder {
                 metricName: "WAF-Blocked",
                 sampledRequestsEnabled: false,
             },
-            rules: this._rules,
+            rules,
             customResponseBodies: this._customResponseBodies,
         });
-        return acl;
     }
 }
 const CUSTOM_KEYS_IP_AND_URI_PATH = [
@@ -228,8 +251,8 @@ function createThrottleStatement(limit, isHeaderRequired, isBasedOnIpAndUriPath)
         },
     };
 }
-function createAWSCommonRuleSet() {
-    return createRuleProperty("AWS-AWSManagedRulesCommonRuleSet", 70, {
+function createAWSCommonRuleSet(excludedRules = []) {
+    return createRuleProperty("AWS-AWSManagedRulesCommonRuleSet", {
         statement: {
             managedRuleGroupStatement: {
                 vendorName: "AWS",
@@ -238,46 +261,48 @@ function createAWSCommonRuleSet() {
                     { name: "NoUserAgent_HEADER" },
                     { name: "SizeRestrictions_BODY" },
                     { name: "GenericRFI_BODY" },
-                ],
+                ].concat((excludedRules ?? []).map((rule) => ({ name: rule }))),
             },
         },
     });
 }
-function createAWSReputationList() {
-    return createRuleProperty("AWS-AWSManagedRulesAmazonIpReputationList", 80, {
+function createAWSReputationList(excludedRules = []) {
+    return createRuleProperty("AWS-AWSManagedRulesAmazonIpReputationList", {
         statement: {
             managedRuleGroupStatement: {
                 vendorName: "AWS",
                 name: "AWSManagedRulesAmazonIpReputationList",
+                excludedRules: (excludedRules ?? []).map((rule) => ({ name: rule })),
             },
         },
     });
 }
-function createAWSKnownBadInput() {
-    return createRuleProperty("AWS-AWSManagedRulesKnownBadInputsRuleSet", 90, {
+function createAWSKnownBadInput(excludedRules = []) {
+    return createRuleProperty("AWS-AWSManagedRulesKnownBadInputsRuleSet", {
         statement: {
             managedRuleGroupStatement: {
                 vendorName: "AWS",
                 name: "AWSManagedRulesKnownBadInputsRuleSet",
+                excludedRules: (excludedRules ?? []).map((rule) => ({ name: rule })),
             },
         },
     });
 }
-function createAWSAntiSQLInjection() {
-    return createRuleProperty("AWS-AWSManagedRulesSQLiRuleSet", 100, {
+function createAWSAntiSQLInjection(excludedRules = []) {
+    return createRuleProperty("AWS-AWSManagedRulesSQLiRuleSet", {
         statement: {
             managedRuleGroupStatement: {
                 vendorName: "AWS",
                 name: "AWSManagedRulesSQLiRuleSet",
+                excludedRules: (excludedRules ?? []).map((rule) => ({ name: rule })),
             },
         },
     });
 }
-function createRuleProperty(name, priority, rule, overrideAction = true) {
+function createRuleProperty(name, rule, overrideAction = true) {
     return {
         ...{
             name,
-            priority,
             visibilityConfig: {
                 sampledRequestsEnabled: true,
                 cloudWatchMetricsEnabled: true,
@@ -288,4 +313,4 @@ function createRuleProperty(name, priority, rule, overrideAction = true) {
         ...(overrideAction ? { overrideAction: { none: {} } } : {}),
     };
 }
-//# sourceMappingURL=acl-builder.mjs.map
+//# sourceMappingURL=acl-builder.js.map

package/dist/aws/infra/api/{handler-factory.d.mts → handler-factory.d.ts}

@@ -1,5 +1,5 @@
-import { DtLogger } from "../../runtime/dt-logger.mjs";
-import { LambdaResponse } from "../../types/lambda-response.mjs";
+import type { DtLogger } from "../../runtime/dt-logger.js";
+import type { LambdaResponse } from "../../types/lambda-response.js";
 export type LoggingHandler = (method: () => Promise<LambdaResponse>, logger: DtLogger) => Promise<LambdaResponse>;
 export type ErrorHandler = (error: unknown, logger: DtLogger) => LambdaResponse;
 /**
@@ -15,8 +15,8 @@ export declare class HandlerFactory {
     private loggingHandler;
     private errorHandler;
     constructor();
-    withLoggingHandler(loggingHandler: LoggingHandler): this;
-    withErrorHandler(errorHandler: ErrorHandler): this;
+    withLoggingHandler(loggingHandler: LoggingHandler): HandlerFactory;
+    withErrorHandler(errorHandler: ErrorHandler): HandlerFactory;
     createEventHandler(handler: (event: unknown) => Promise<LambdaResponse>, logger: DtLogger): (event: unknown) => Promise<LambdaResponse>;
 }
 export declare function createJsonLoggingHandler(): LoggingHandler;

package/dist/aws/infra/api/{handler-factory.mjs → handler-factory.js}

@@ -1,6 +1,5 @@
-import { getEnvVariableOrElse } from "../../../utils/utils.mjs";
-import { DtLogger } from "../../runtime/dt-logger.mjs";
-import { LambdaResponse } from "../../types/lambda-response.mjs";
+import { getEnvVariableOrElse } from "../../../utils/utils.js";
+import { logger } from "../../runtime/dt-logger-default.js";
 const functionName = getEnvVariableOrElse("AWS_LAMBDA_FUNCTION_NAME", "test");
 /**
  * Factory class for creating lambda-handler functions.  You can set functionality to handle logging and error-handling,
@@ -21,7 +20,10 @@ export class HandlerFactory {
                 return await method();
             }
             finally {
-                console.info("method=%s.handler tookMs=%d", functionName, Date.now() - start);
+                logger.info({
+                    method: `${functionName}.handler`,
+                    tookMs: Date.now() - start,
+                });
             }
         };
         this.errorHandler = (error) => {
@@ -63,4 +65,4 @@ export function createJsonLoggingHandler() {
         }
     };
 }
-//# sourceMappingURL=handler-factory.mjs.map
+//# sourceMappingURL=handler-factory.js.map