@infoxchange/make-it-so 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-2.6 → 2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cdk-constructs/SiteOidcAuth/auth-check-handler-body.js +5 -5
  2. package/dist/cdk-constructs/SiteOidcAuth/index.d.ts.map +1 -1
  3. package/dist/cdk-constructs/SiteOidcAuth/index.js +7 -10
  4. package/package.json +1 -1
  5. package/src/cdk-constructs/SiteOidcAuth/auth-check-handler-body.ts +17 -13
  6. package/src/cdk-constructs/SiteOidcAuth/index.ts +24 -20
package/dist/cdk-constructs/SiteOidcAuth/auth-check-handler-body.js CHANGED
@@ -87,11 +87,11 @@ function _sign(input, key, method) {
87
87
  return crypto.createHmac(method, key).update(input).digest("base64url");
88
88
  }
89
89
  function _base64urlDecode(str) {
90
- str = str.replace(/-/g, '+').replace(/_/g, '/');
90
+ str = str.replace(/-/g, "+").replace(/_/g, "/");
91
91
  while (str.length % 4)
92
- str += '=';
93
- const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
94
- let output = '';
92
+ str += "=";
93
+ const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
94
+ let output = "";
95
95
  let bc = 0, bs = 0, buffer, i = 0;
96
96
  for (; i < str.length; i++) {
97
97
  buffer = chars.indexOf(str.charAt(i));
@@ -101,7 +101,7 @@ function _base64urlDecode(str) {
101
101
  bc += 6;
102
102
  if (bc >= 8) {
103
103
  bc -= 8;
104
- output += String.fromCharCode((bs >> bc) & 0xFF);
104
+ output += String.fromCharCode((bs >> bc) & 0xff);
105
105
  }
106
106
  }
107
107
  return output;
package/dist/cdk-constructs/SiteOidcAuth/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/SiteOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,UAAU,MAAM,4BAA4B,CAAC;AACpD,OAAO,GAAG,MAAM,aAAa,CAAC;AAE9B,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AAOtC,OAAO,KAAK,EACV,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,2BAA2B,CAAC;AAEnC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,MAAM,MAAM,KAAK,GAAG;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,cAAc,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAIjD,qBAAa,YAAa,SAAQ,SAAS;IACzC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,oBAAoB,CAAC,SAAS,SAAS,uBAAuB,EAC5D,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4C1D,iBAAiB,CAAC,SAAS,SAAS,uBAAuB,EACzD,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqC1D,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,sBAAsB;IA+B9B,OAAO,CAAC,2BAA2B;IAoBnC,OAAO,CAAC,yCAAyC;IAgBjD,OAAO,CAAC,sBAAsB;CAiF/B"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cdk-constructs/SiteOidcAuth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,OAAO,UAAU,MAAM,4BAA4B,CAAC;AACpD,OAAO,GAAG,MAAM,aAAa,CAAC;AAE9B,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AAOtC,OAAO,KAAK,EACV,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,2BAA2B,CAAC;AAEnC,KAAK,cAAc,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,KAAK,WAAW,GAAG,qBAAqB,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9D,MAAM,MAAM,KAAK,GAAG;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AACF,MAAM,MAAM,cAAc,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAIjD,qBAAa,YAAa,SAAQ,SAAS;IACzC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAER,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK;IAQhE,oBAAoB,CAAC,SAAS,SAAS,uBAAuB,EAC5D,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4C1D,iBAAiB,CAAC,SAAS,SAAS,uBAAuB,EACzD,KAAK,EAAE,cAAc,EACrB,SAAS,EAAE,SAAS,EACpB,EAAE,MAA+B,EAAE,GAAE,cAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuC1D,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,sBAAsB;IA8B9B,OAAO,CAAC,2BAA2B;IAsBnC,OAAO,CAAC,yCAAyC;IAgBjD,OAAO,CAAC,sBAAsB;CAkF/B"}
package/dist/cdk-constructs/SiteOidcAuth/index.js CHANGED
@@ -72,7 +72,7 @@ export class SiteOidcAuth extends Construct {
72
72
  const jwtSecret = this.createJwtSecret();
73
73
  updatedSiteProps.cdk.transform = (plan) => {
74
74
  siteProps?.cdk?.transform?.(plan);
75
- plan.cloudFrontFunctions?.serverCfFunction.injections.push(this.getAuthCheckHandlerBodyCode(jwtSecret, prefix));
75
+ plan.cloudFrontFunctions?.serverCfFunction.injections.push(this.convertToCloudFrontFunctionCompatibleCode(this.getAuthCheckHandlerBodyCode(jwtSecret, prefix)));
76
76
  };
77
77
  updatedSiteProps.cdk.distribution.additionalBehaviors[behaviourName] =
78
78
  this.getAuthBehaviorOptions(scope, jwtSecret, prefix);
@@ -94,42 +94,39 @@ export class SiteOidcAuth extends Construct {
94
94
  // Get the CloudFront Function Association for auth checking
95
95
  // Roughly based off https://github.com/sst/v2/blob/4283d706f251724308b397996ff307929bf3a976/packages/sst/src/constructs/SsrSite.ts#L941
96
96
  getFunctionAssociation(scope, jwtSecret, authRoutePrefix) {
97
- console.log("---- 1");
98
97
  const authCheckFunction = new CloudFront.Function(scope, `${this.id}AuthCheckFunction`, {
99
98
  code: CloudFront.FunctionCode.fromInline(this.convertToCloudFrontFunctionCompatibleCode(`function handler(event) {
100
99
  var request = event.request;
101
100
  ${this.getAuthCheckHandlerBodyCode(jwtSecret, authRoutePrefix)}
102
101
  return request;
103
- }`)),
102
+ }`, { minify: true })),
104
103
  // We could specify the JS v2.0 runtime here but for SSR sites SST does the function creation and that currently
105
104
  // uses JS v1.0 so no point using v2.0 here as the code has to be compatible with v1.0 anyway.
106
105
  });
107
- console.log("---- 2");
108
106
  return {
109
107
  function: authCheckFunction,
110
108
  eventType: CloudFront.FunctionEventType.VIEWER_REQUEST,
111
109
  };
112
110
  }
113
111
  getAuthCheckHandlerBodyCode(jwtSecret, authRoutePrefix) {
114
- return fs
112
+ return (fs
115
113
  .readFileSync(path.join(import.meta.dirname, "auth-check-handler-body.js"), "utf8")
116
114
  .replace("__placeholder-for-jwt-secret__", jwtSecret.secretValue.toString())
117
115
  .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
118
116
  // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
119
117
  // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
120
118
  // remove it here.
121
- .replace(/export {};\s*$/g, "");
119
+ .replace(/export {};\s*$/g, ""));
122
120
  }
123
- convertToCloudFrontFunctionCompatibleCode(sourceCode) {
121
+ convertToCloudFrontFunctionCompatibleCode(sourceCode, esbuildOptions) {
124
122
  // ESBuild doesn't currently support transforming const/let to var, which is required for CloudFront Functions
125
123
  // JS runtime 1.0.
126
124
  sourceCode = sourceCode
127
125
  .replaceAll(/const /g, "var ")
128
126
  .replaceAll(/let /g, "var ");
129
- console.log("---- 3", sourceCode);
130
127
  return transformSync(sourceCode, {
131
- minify: true,
132
128
  target: "es5",
129
+ ...esbuildOptions,
133
130
  }).code;
134
131
  }
135
132
  // Get the behavior options for the auth route
@@ -161,7 +158,7 @@ export class SiteOidcAuth extends Construct {
161
158
  const request = event.request;
162
159
  request.headers["x-forwarded-host"] = { value: request.headers.host.value };
163
160
  return request;
164
- }`)),
161
+ }`, { minify: true })),
165
162
  runtime: CloudFront.FunctionRuntime.JS_2_0,
166
163
  });
167
164
  return {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@infoxchange/make-it-so",
3
- "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-2.6",
3
+ "version": "2.11.0-internal-testing-vdt-199-add-auth-token-verify-function-3.1",
4
4
  "description": "Makes deploying services to IX infra easy",
5
5
  "repository": "github:infoxchange/make-it-so",
6
6
  "type": "module",
package/src/cdk-constructs/SiteOidcAuth/auth-check-handler-body.ts CHANGED
@@ -116,24 +116,28 @@ function _sign(input: string, key: string, method: string) {
116
116
  }
117
117
 
118
118
  function _base64urlDecode(str: string) {
119
- str = str.replace(/-/g, '+').replace(/_/g, '/');
120
- while (str.length % 4) str += '=';
119
+ str = str.replace(/-/g, "+").replace(/_/g, "/");
120
+ while (str.length % 4) str += "=";
121
121
 
122
- const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
123
- let output = '';
122
+ const chars =
123
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
124
+ let output = "";
124
125
 
125
- let bc = 0, bs = 0, buffer, i = 0;
126
+ let bc = 0,
127
+ bs = 0,
128
+ buffer,
129
+ i = 0;
126
130
  for (; i < str.length; i++) {
127
- buffer = chars.indexOf(str.charAt(i));
128
- if (buffer === -1) continue;
131
+ buffer = chars.indexOf(str.charAt(i));
132
+ if (buffer === -1) continue;
129
133
 
130
- bs = (bs << 6) | buffer;
131
- bc += 6;
134
+ bs = (bs << 6) | buffer;
135
+ bc += 6;
132
136
 
133
- if (bc >= 8) {
134
- bc -= 8;
135
- output += String.fromCharCode((bs >> bc) & 0xFF);
136
- }
137
+ if (bc >= 8) {
138
+ bc -= 8;
139
+ output += String.fromCharCode((bs >> bc) & 0xff);
140
+ }
137
141
  }
138
142
 
139
143
  return output;
package/src/cdk-constructs/SiteOidcAuth/index.ts CHANGED
@@ -9,7 +9,7 @@ import { Config as SSTInternalConfig } from "sst/config.js";
9
9
  import CloudFrontOrigins from "aws-cdk-lib/aws-cloudfront-origins";
10
10
  import path from "node:path";
11
11
  import fs from "node:fs";
12
- import { transformSync } from "esbuild";
12
+ import { TransformOptions, transformSync } from "esbuild";
13
13
  import type {
14
14
  ExtendedNextjsSiteProps,
15
15
  ExtendedStaticSiteProps,
@@ -118,7 +118,9 @@ export class SiteOidcAuth extends Construct {
118
118
  siteProps?.cdk?.transform?.(plan);
119
119
 
120
120
  plan.cloudFrontFunctions?.serverCfFunction.injections.push(
121
- this.getAuthCheckHandlerBodyCode(jwtSecret, prefix),
121
+ this.convertToCloudFrontFunctionCompatibleCode(
122
+ this.getAuthCheckHandlerBodyCode(jwtSecret, prefix),
123
+ ),
122
124
  );
123
125
  };
124
126
 
@@ -149,7 +151,6 @@ export class SiteOidcAuth extends Construct {
149
151
  jwtSecret: SecretsManager.Secret,
150
152
  authRoutePrefix: string,
151
153
  ): CloudFront.FunctionAssociation {
152
- console.log("---- 1")
153
154
  const authCheckFunction = new CloudFront.Function(
154
155
  scope,
155
156
  `${this.id}AuthCheckFunction`,
@@ -161,13 +162,13 @@ export class SiteOidcAuth extends Construct {
161
162
  ${this.getAuthCheckHandlerBodyCode(jwtSecret, authRoutePrefix)}
162
163
  return request;
163
164
  }`,
165
+ { minify: true },
164
166
  ),
165
167
  ),
166
168
  // We could specify the JS v2.0 runtime here but for SSR sites SST does the function creation and that currently
167
169
  // uses JS v1.0 so no point using v2.0 here as the code has to be compatible with v1.0 anyway.
168
170
  },
169
171
  );
170
- console.log("---- 2")
171
172
 
172
173
  return {
173
174
  function: authCheckFunction,
@@ -179,34 +180,36 @@ export class SiteOidcAuth extends Construct {
179
180
  jwtSecret: SecretsManager.Secret,
180
181
  authRoutePrefix: string,
181
182
  ): string {
182
- return fs
183
- .readFileSync(
184
- path.join(import.meta.dirname, "auth-check-handler-body.js"),
185
- "utf8",
186
- )
187
- .replace(
188
- "__placeholder-for-jwt-secret__",
189
- jwtSecret.secretValue.toString(),
190
- )
191
- .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
192
- // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
193
- // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
194
- // remove it here.
195
- .replace(/export {};\s*$/g, "");
183
+ return (
184
+ fs
185
+ .readFileSync(
186
+ path.join(import.meta.dirname, "auth-check-handler-body.js"),
187
+ "utf8",
188
+ )
189
+ .replace(
190
+ "__placeholder-for-jwt-secret__",
191
+ jwtSecret.secretValue.toString(),
192
+ )
193
+ .replace("__placeholder-for-auth-route-prefix__", authRoutePrefix)
194
+ // When typescript builds the make-it-so code including "auth-check-handler-body.ts" it will add "export {}" to
195
+ // the end of the file if it's not already a module. This will cause a syntax error in CloudFront Functions so we
196
+ // remove it here.
197
+ .replace(/export {};\s*$/g, "")
198
+ );
196
199
  }
197
200
 
198
201
  private convertToCloudFrontFunctionCompatibleCode(
199
202
  sourceCode: string,
203
+ esbuildOptions?: TransformOptions,
200
204
  ): string {
201
205
  // ESBuild doesn't currently support transforming const/let to var, which is required for CloudFront Functions
202
206
  // JS runtime 1.0.
203
207
  sourceCode = sourceCode
204
208
  .replaceAll(/const /g, "var ")
205
209
  .replaceAll(/let /g, "var ");
206
- console.log("---- 3", sourceCode)
207
210
  return transformSync(sourceCode, {
208
- minify: true,
209
211
  target: "es5",
212
+ ...esbuildOptions,
210
213
  }).code;
211
214
  }
212
215
 
@@ -255,6 +258,7 @@ export class SiteOidcAuth extends Construct {
255
258
  request.headers["x-forwarded-host"] = { value: request.headers.host.value };
256
259
  return request;
257
260
  }`,
261
+ { minify: true },
258
262
  ),
259
263
  ),
260
264
  runtime: CloudFront.FunctionRuntime.JS_2_0,