npm - @digitraffic/common - Versions diffs - 2025.4.29-1 → 2025.5.28-1 - Mend

@digitraffic/common 2025.4.29-1 → 2025.5.28-1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +4 -0
package/dist/__test__/infra/acl-builder.test.js +7 -2
package/dist/aws/infra/acl-builder.d.ts +19 -12
package/dist/aws/infra/acl-builder.js +34 -2
package/dist/aws/runtime/secrets/secret-holder.d.ts +3 -1
package/dist/aws/runtime/secrets/secret-holder.js +12 -8
package/dist/types/openapi-schema.d.ts +128 -128
package/dist/utils/logging.d.ts +1 -2
package/dist/utils/logging.js +1 -2
package/package.json +29 -33

package/README.md CHANGED Viewed

@@ -17,6 +17,10 @@ Format code
     pnpm run:format-changed # Formats stagged files
     pnpm run:format # Format all files
+## Reinstall lefthook git hooks
+    pnpm prepare
 ## How to use
 In package.json dependencies:

package/dist/__test__/infra/acl-builder.test.js CHANGED Viewed

@@ -21,8 +21,13 @@ describe("acl-builder tests", () => {
         ]).build();
         expect(acl.rules).toHaveLength(2);
     });
-    test("ip restriction", () => {
-        const acl = createBuilder().withIpRestrictionRule(["1.2.3.4", "1.2.6.6"])
+    test("ip blacklist", () => {
+        const acl = createBuilder().withIpBlacklistRule(["1.2.3.4", "1.2.6.6"])
+            .build();
+        expect(acl.rules).toHaveLength(1);
+    });
+    test("ip whitelist", () => {
+        const acl = createBuilder().withIpWhitelistRule(["1.2.3.4", "1.2.6.6"])
             .build();
         expect(acl.rules).toHaveLength(1);
     });

package/dist/aws/infra/acl-builder.d.ts CHANGED Viewed

@@ -12,7 +12,7 @@ export type CfnWebAclRuleProperty = {
  *
  * Currently supports:
  * * Some AWS managed WAF rules
- * * IP blacklisting
+ * * IP blacklisting/whitelisting
  */
 export declare class AclBuilder {
     readonly _construct: Construct;
@@ -23,18 +23,25 @@ export declare class AclBuilder {
     _customResponseBodies: Record<string, CfnWebACL.CustomResponseBodyProperty>;
     constructor(construct: Construct, name?: string);
     isRuleDefined(rules: AWSManagedWafRule[] | "all", rule: AWSManagedWafRule): boolean;
-    withAWSManagedRules(rules?: AWSManagedWafRule[] | "all", excludedRules?: ExcludedAWSRules): AclBuilder;
-    withIpRestrictionRule(addresses: string[]): AclBuilder;
-    withThrottleRule(name: string, limit: number, isHeaderRequired: boolean, isBasedOnIpAndUriPath: boolean, customResponseBodyKey?: string): AclBuilder;
-    withCustomResponseBody(key: string, customResponseBody: CfnWebACL.CustomResponseBodyProperty): AclBuilder;
-    withThrottleDigitrafficUserIp(limit: number | undefined): AclBuilder;
-    withThrottleDigitrafficUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    withAWSManagedRules(rules?: AWSManagedWafRule[] | "all", excludedRules?: ExcludedAWSRules): this;
+    /**
+     * Block access from given addresses
+     */
+    withIpBlacklistRule(addresses: string[]): this;
+    /**
+     * Allow access only from the given addresses
+     */
+    withIpWhitelistRule(addresses: string[]): this;
+    withThrottleRule(name: string, limit: number, isHeaderRequired: boolean, isBasedOnIpAndUriPath: boolean, customResponseBodyKey?: string): this;
+    withCustomResponseBody(key: string, customResponseBody: CfnWebACL.CustomResponseBodyProperty): this;
+    withThrottleDigitrafficUserIp(limit: number | undefined): this;
+    withThrottleDigitrafficUserIpAndUriPath(limit: number | undefined): this;
     withThrottleAnonymousUserIp(limit: number | undefined): AclBuilder;
-    withThrottleAnonymousUserIpAndUriPath(limit: number | undefined): AclBuilder;
-    withCountDigitrafficUserIp(limit: number | undefined): AclBuilder;
-    withCountDigitrafficUserIpAndUriPath(limit: number | undefined): AclBuilder;
-    withCountAnonymousUserIp(limit: number | undefined): AclBuilder;
-    withCountAnonymousUserIpAndUriPath(limit: number | undefined): AclBuilder;
+    withThrottleAnonymousUserIpAndUriPath(limit: number | undefined): this;
+    withCountDigitrafficUserIp(limit: number | undefined): this;
+    withCountDigitrafficUserIpAndUriPath(limit: number | undefined): this;
+    withCountAnonymousUserIp(limit: number | undefined): this;
+    withCountAnonymousUserIpAndUriPath(limit: number | undefined): this;
     _isCustomResponseBodyKeySet(key: string): boolean;
     _addThrottleResponseBody(customResponseBodyKey: string, limit: number): void;
     build(): CfnWebACL;

package/dist/aws/infra/acl-builder.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { concat, range, zipWith } from "lodash-es";
  *
  * Currently supports:
  * * Some AWS managed WAF rules
- * * IP blacklisting
+ * * IP blacklisting/whitelisting
  */
 export class AclBuilder {
     _construct;
@@ -37,7 +37,10 @@ export class AclBuilder {
         }
         return this;
     }
-    withIpRestrictionRule(addresses) {
+    /**
+     * Block access from given addresses
+     */
+    withIpBlacklistRule(addresses) {
         const blocklistIpSet = new CfnIPSet(this._construct, "BlocklistIpSet", {
             ipAddressVersion: "IPV4",
             scope: this._scope,
@@ -59,6 +62,35 @@ export class AclBuilder {
         });
         return this;
     }
+    /**
+     * Allow access only from the given addresses
+     */
+    withIpWhitelistRule(addresses) {
+        const blocklistIpSet = new CfnIPSet(this._construct, "AllowlistIpSet", {
+            ipAddressVersion: "IPV4",
+            scope: this._scope,
+            addresses,
+        });
+        this._blockRules.push({
+            name: "IpAllowlist",
+            action: { block: {} },
+            statement: {
+                notStatement: {
+                    statement: {
+                        ipSetReferenceStatement: {
+                            arn: blocklistIpSet.attrArn,
+                        },
+                    },
+                },
+            },
+            visibilityConfig: {
+                sampledRequestsEnabled: false,
+                cloudWatchMetricsEnabled: true,
+                metricName: "IpAllowlist",
+            },
+        });
+        return this;
+    }
     withThrottleRule(name, limit, isHeaderRequired, isBasedOnIpAndUriPath, customResponseBodyKey) {
         const isBlockRule = !!customResponseBodyKey;
         const rules = isBlockRule ? this._blockRules : this._countRules;

package/dist/aws/runtime/secrets/secret-holder.d.ts CHANGED Viewed

@@ -17,7 +17,9 @@ export declare class SecretHolder<Secret extends GenericSecret> {
     private readonly secretId;
     private readonly prefix;
     private readonly expectedKeys;
-    private readonly secretCache;
+    private cachedSecret?;
+    private expirationTime;
+    private readonly ttl;
     constructor(secretId: string, prefix?: string, expectedKeys?: string[], configuration?: typeof DEFAULT_CONFIGURATION);
     private initSecret;
     static create<S extends GenericSecret>(prefix?: string, expectedKeys?: string[]): SecretHolder<S>;

package/dist/aws/runtime/secrets/secret-holder.js CHANGED Viewed

@@ -2,9 +2,7 @@ import { getSecret } from "./secret.js";
 import { checkExpectedSecretKeys } from "./dbsecret.js";
 import { getEnvVariable } from "../../../utils/utils.js";
 import { logger } from "../dt-logger-default.js";
-import NodeTtl from "node-ttl";
 const DEFAULT_PREFIX = "";
-const DEFAULT_SECRET_KEY = "SECRET";
 const DEFAULT_CONFIGURATION = {
     ttl: 5 * 60, // timeout secrets in 5 minutes
 };
@@ -23,12 +21,15 @@ export class SecretHolder {
     secretId;
     prefix;
     expectedKeys;
-    secretCache;
+    cachedSecret;
+    expirationTime;
+    ttl; // seconds
     constructor(secretId, prefix = "", expectedKeys = [], configuration = DEFAULT_CONFIGURATION) {
         this.secretId = secretId;
         this.prefix = prefix;
         this.expectedKeys = expectedKeys;
-        this.secretCache = new NodeTtl(configuration);
+        this.expirationTime = new Date(0);
+        this.ttl = configuration.ttl;
     }
     async initSecret() {
         const secretValue = await getSecret(this.secretId);
@@ -36,7 +37,8 @@ export class SecretHolder {
             method: "SecretHolder.initSecret",
             message: "Refreshing secret " + this.secretId,
         });
-        this.secretCache.push(DEFAULT_SECRET_KEY, secretValue);
+        this.cachedSecret = secretValue;
+        this.expirationTime = new Date(Date.now() + this.ttl * 1000);
     }
     static create(prefix = DEFAULT_PREFIX, expectedKeys = []) {
         return new SecretHolder(getEnvVariable("SECRET_ID"), prefix, expectedKeys);
@@ -67,11 +69,13 @@ export class SecretHolder {
         return parsed;
     }
     async getSecret() {
-        const secret = this.secretCache.get(DEFAULT_SECRET_KEY);
-        if (!secret) {
+        if (this.expirationTime.getTime() < Date.now()) {
             await this.initSecret();
         }
-        return secret ?? this.secretCache.get(DEFAULT_SECRET_KEY);
+        if (this.cachedSecret === undefined) {
+            throw new Error("SecretHolder in illegal state");
+        }
+        return this.cachedSecret;
     }
 }
 //# sourceMappingURL=secret-holder.js.map