@inizioevoke/aws-cdk-helpers 1.0.0

package/.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false

package/constructs/certificatemanager.ts

@@ -0,0 +1,29 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { Certificate, CertificateValidation } from "aws-cdk-lib/aws-certificatemanager";
+import { IHostedZone } from "aws-cdk-lib/aws-route53";
+import { tagResource } from "../lib/utils";
+
+export interface SSLCertificateProps {
+  hostedZone: IHostedZone;
+  domainName: string;
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+
+export class SSLCertificate extends Construct {
+  public readonly certificate: Certificate;
+
+  constructor(scope: Construct, id: string, props: SSLCertificateProps) {
+    super(scope, id);
+
+    this.certificate = new Certificate(this, `Certificate-${props.domainName}`, {
+      domainName: props.domainName,
+      validation: CertificateValidation.fromDns(props.hostedZone),
+    });
+    tagResource(this.certificate, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.certificate.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+}

package/constructs/cloudfront.ts

@@ -0,0 +1,124 @@
+import { resolve } from 'node:path';
+import { readFileSync } from 'node:fs';
+import { Buffer } from 'node:buffer';
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { ICertificate } from 'aws-cdk-lib/aws-certificatemanager';
+import { BehaviorOptions, Distribution, Function, FunctionCode, FunctionEventType, FunctionRuntime, IOrigin, PriceClass } from 'aws-cdk-lib/aws-cloudfront';
+import { tagResource } from '../lib/utils';
+import type { IResourceProps } from '../lib/types';
+
+export interface CloudFrontDistributionProps extends IResourceProps {
+  domainName: string;
+  description?: string;
+  defaultBehavior: BehaviorOptions;
+  additionalBehaviors?: Record<string, BehaviorOptions>;
+  priceClass?: 'PRICE_CLASS_ALL' | 'PRICE_CLASS_100' | 'PRICE_CLASS_200' | 'NOT_PROD' | 'PROD';
+  certificate: ICertificate;
+  webAclId?: string;
+}
+export class CloudFrontDistribution extends Construct {
+  public readonly distribution: Distribution;
+
+  constructor(scope: Construct, id: string, props: CloudFrontDistributionProps) {
+    super(scope, id);
+
+    let priceClass = PriceClass.PRICE_CLASS_ALL;
+    switch (props.priceClass) {
+      case 'NOT_PROD':
+      case 'PRICE_CLASS_100':
+        priceClass = PriceClass.PRICE_CLASS_100;
+        break;
+      case 'PRICE_CLASS_200':
+        priceClass = PriceClass.PRICE_CLASS_200;
+        break;
+    }
+
+    this.distribution = new Distribution(this, `${id}|CloudFrontDistribution`, {
+      comment: props.description,
+      defaultBehavior: props.defaultBehavior,
+      additionalBehaviors: props.additionalBehaviors,
+      domainNames: [props.domainName],
+      certificate: props.certificate,
+      priceClass,
+      webAclId: props.webAclId
+    });
+    tagResource(this.distribution, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.distribution.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+}
+
+export type CloudFrontFunctionRedirectPaths = Record<string, string | [string, 301|302]>; 
+
+export interface CloudFrontFunctionRedirects {
+  trailingSlash?: boolean;
+  defaultDocument?: string;
+  redirectDefaultDocument?: boolean;
+  paths?: CloudFrontFunctionRedirectPaths;
+}
+
+export interface DefaultDocFunctionProps extends IResourceProps {
+  functionName?: string;
+  defaultDocument?: string;
+  redirects?: CloudFrontFunctionRedirects;
+}
+
+export interface BasicAuthDefaultDocFunctionProps extends DefaultDocFunctionProps {
+  user: string;
+  password: string;
+}
+
+export interface CloudFrontFunctionProps extends IResourceProps {
+  code: string;
+  functionName?: string;
+  runtime?: 'JS_1_0' | 'JS_2_0';
+}
+export class CloudFrontFunction extends Construct {
+  public readonly fn: Function;
+
+  constructor(scope: Construct, id: string, props: CloudFrontFunctionProps) {
+    super(scope, id);
+
+    this.fn = new Function(this, 'CloudFrontFunction', {
+      functionName: props.functionName,
+      runtime: FunctionRuntime[props.runtime ?? 'JS_2_0'],
+      code: FunctionCode.fromInline(props.code)
+    });
+    tagResource(this.fn, props.tags);
+
+    if (typeof props.destroy == 'boolean') {
+      this.fn.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+
+  static createDefaultDoc(scope: Construct, id: string, props: DefaultDocFunctionProps) {
+    const code = readFileSync(resolve(__dirname, '../templates/cffn-default-doc.js'), 'utf8')
+      .replace('__DEFAULT_DOCUMENT__', props.defaultDocument ?? 'index.html')
+      .replace('__REDIRECTS__', props.redirects?.paths ? JSON.stringify(props.redirects?.paths ) : 'null')
+      .replace('__TRAILING_SLASH__', props.redirects?.trailingSlash?.toString() ?? 'null')
+      .replace('__REDIR_DEF_DOC__', props.redirects?.redirectDefaultDocument?.toString() ?? 'false');
+
+    return new CloudFrontFunction(scope, 'DefaultDocFunction', {
+      functionName: props.functionName,
+      runtime: 'JS_2_0',
+      code
+    });
+  }
+
+  static createBasicAuthDefaultDoc(scope: Construct, id: string, props: BasicAuthDefaultDocFunctionProps) {
+    const code = readFileSync(resolve(__dirname, '../templates/cffn-default-doc-basic-auth.js'), 'utf8')
+      .replace('__DEFAULT_DOCUMENT__', props.defaultDocument ?? 'index.html')
+      .replace('__CREDENTIALS__', Buffer.from(`${props.user}:${props.password}`).toString('base64'))
+      .replace('__REDIRECTS__', props.redirects?.paths ? JSON.stringify(props.redirects?.paths ) : 'null')
+      .replace('__TRAILING_SLASH__', props.redirects?.trailingSlash?.toString() ?? 'null')
+      .replace('__REDIR_DEF_DOC__', props.redirects?.redirectDefaultDocument?.toString() ?? 'false');
+    
+    return new CloudFrontFunction(scope, 'BasicAuthDefaultDocFunction', {
+      functionName: props.functionName,
+      runtime: 'JS_2_0',
+      code
+    });
+  }
+}

package/constructs/codebuild.ts

@@ -0,0 +1,102 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { BuildEnvironmentVariableType, BuildSpec, ComputeType, IBuildImage, LinuxBuildImage, PipelineProject } from 'aws-cdk-lib/aws-codebuild';
+import { Repository } from "aws-cdk-lib/aws-ecr";
+import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
+import { Bucket, IBucket } from 'aws-cdk-lib/aws-s3';
+
+import { tagResource } from "../lib/utils";
+
+export type EnvironmentVariables = Record<string, { value: any, type?: BuildEnvironmentVariableType }>;
+
+export interface EcrBuildImage {
+  repository: string;
+  tag: string;
+}
+export interface CodeBuildPipelineProjectProps {
+  projectName?: string;
+  buildSpec?: string | object;
+  buildImage?: ('STANDARD_5_0' | 'STANDARD_6_0' | 'STANDARD_7_0') | IBuildImage;
+  ecrBuildImage?: EcrBuildImage,
+  computeType?: ('SMALL' | 'MEDIUM' | 'LARGE' | 'X_LARGE' | 'X2_LARGE') | string;
+  environmentVariables?: EnvironmentVariables;
+  cloudFrontDistributionArn?: string;
+  s3BucketName?: string;
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+
+export class CodeBuildPipelineProject extends Construct {
+  public readonly project: PipelineProject;
+
+  constructor(scope: Construct, id: string, props: CodeBuildPipelineProjectProps) {
+    super(scope, id);
+
+    if (!props.environmentVariables) {
+      props.environmentVariables = {};
+    }
+    if (props.cloudFrontDistributionArn && !props.environmentVariables.CLOUDFRONT_DISTRIBUTION_ID) {
+      props.environmentVariables.CLOUDFRONT_DISTRIBUTION_ID = {
+        value: props.cloudFrontDistributionArn.split('/').pop()
+      };
+    }
+
+    if (props.s3BucketName && !props.environmentVariables.S3_BUCKET_NAME) {
+      props.environmentVariables.S3_BUCKET_NAME = {
+        value: props.s3BucketName
+      };
+    }
+
+    let buildImage: IBuildImage | undefined = undefined;
+    if (props.ecrBuildImage) {
+      const repository = props.ecrBuildImage.repository.startsWith('arn:aws') ? 
+        Repository.fromRepositoryArn(this, 'EcrRepository', props.ecrBuildImage.repository) :
+        Repository.fromRepositoryName(this, 'EcrRepository', props.ecrBuildImage.repository);
+      buildImage = LinuxBuildImage.fromEcrRepository(repository, props.ecrBuildImage.tag);
+    } else if (props.buildImage) {
+      if (typeof props.buildImage == 'string') {
+        buildImage = LinuxBuildImage[props.buildImage ?? 'STANDARD_7_0']
+      } else {
+        buildImage = props.buildImage as IBuildImage;
+      }
+    }
+
+    this.project = new PipelineProject(this, 'CodeBuildPipelineProjectProps', {
+      projectName: props.projectName,
+      buildSpec: props.buildSpec ? typeof props.buildSpec == 'object' ? BuildSpec.fromObjectToYaml(props.buildSpec) : BuildSpec.fromSourceFilename(props.buildSpec ?? 'buildspec.yml') : undefined,
+      environment: {
+        buildImage: buildImage ?? LinuxBuildImage.STANDARD_7_0,
+        computeType: ComputeType[props.computeType as (keyof typeof ComputeType | undefined) ?? 'SMALL'],
+        environmentVariables: props.environmentVariables
+      }
+    });
+    tagResource(this.project, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.project.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+
+    // Add CloudWatch log permissions
+    this.project.addToRolePolicy(new PolicyStatement({
+      actions: [
+        'logs:CreateLogGroup',
+        'logs:CreateLogStream',
+        'logs:PutLogEvents'
+      ],
+      resources: [this.project.projectArn]
+    }));
+
+    // Allow the project to create an invalidation
+    if (props.cloudFrontDistributionArn) {
+      this.project.addToRolePolicy(new PolicyStatement({
+        actions: ['cloudfront:CreateInvalidation'],
+        resources: [props.cloudFrontDistributionArn]
+      }));
+    }
+
+    // Allow the project to sync files to S3
+    if (props.s3BucketName) {
+      const s3Bucket = Bucket.fromBucketName(this, 'S3BucketByName', props.s3BucketName);
+      s3Bucket.grantReadWrite(this.project);
+    }
+  }
+}

package/constructs/codepipeline.ts

@@ -0,0 +1,86 @@
+import { RemovalPolicy, PhysicalName } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { IProject } from "aws-cdk-lib/aws-codebuild";
+import { Artifact, Pipeline } from "aws-cdk-lib/aws-codepipeline";
+import { CodeBuildAction, CodeStarConnectionsSourceAction } from "aws-cdk-lib/aws-codepipeline-actions";
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+
+import type { EnvironmentVariables } from './codebuild';
+import { tagResource } from "../lib/utils";
+
+export interface AddSourceStageParams {
+  stageName?: string;
+  codestarConnectionArn: string;
+  repoOwner: string;
+  repo: string;
+  branch: string;
+}
+export interface AddBuildStageParams {
+  stageName?: string;
+  codeBuildProject: IProject;
+  sourceArtifact: Artifact;
+  environmentVariables?: EnvironmentVariables;
+}
+
+export interface CodePipelineProjectProps {
+  pipelineName?: string;
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+export class CodePipelineProject extends Construct {
+  public readonly s3Bucket: Bucket;
+  public readonly pipeline: Pipeline;
+
+  constructor(scope: Construct, id: string, props: CodePipelineProjectProps) {
+    super(scope, id);
+
+    this.s3Bucket = new Bucket(this, 'CodePipelineArtifactBucket', {
+      bucketName: PhysicalName.GENERATE_IF_NEEDED,
+      removalPolicy: props.destroy !== undefined ? props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN : undefined,
+      autoDeleteObjects: props.destroy === true ? true : undefined
+    });
+    tagResource(this.s3Bucket, props.tags);
+
+    this.pipeline = new Pipeline(this, 'CodePipelineProject', {
+      pipelineName: props.pipelineName,
+      artifactBucket: this.s3Bucket
+    });
+
+    tagResource(this.pipeline, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.pipeline.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    }
+  }
+
+  addSourceStage(params: AddSourceStageParams): Artifact {
+    const artifact = new Artifact();
+    this.pipeline.addStage({
+      stageName: params.stageName ?? 'Source',
+      actions: [
+        new CodeStarConnectionsSourceAction({
+          actionName: params.stageName ?? 'Source',
+          output: artifact,
+          connectionArn: params.codestarConnectionArn,
+          owner: params.repoOwner,
+          repo: params.repo,
+          branch: params.branch
+        })
+      ]
+    });
+    return artifact;
+  }
+
+  addBuildStage(params: AddBuildStageParams) {
+    this.pipeline.addStage({
+      stageName: params.stageName ?? 'Build',
+      actions: [
+        new CodeBuildAction({
+          actionName: params.stageName ?? 'Build',
+          project: params.codeBuildProject,
+          input: params.sourceArtifact,
+          environmentVariables: params.environmentVariables
+        })
+      ]
+    });
+  }
+}

package/constructs/route53.ts

@@ -0,0 +1,34 @@
+import { IDistribution } from "aws-cdk-lib/aws-cloudfront";
+import { ARecord, AaaaRecord, HostedZone, IHostedZone, RecordTarget } from "aws-cdk-lib/aws-route53";
+import { CloudFrontTarget } from "aws-cdk-lib/aws-route53-targets";
+import { Construct } from "constructs";
+
+export interface CloudFrontAliasProps {
+  hostedZone: IHostedZone;
+  domainName: string;
+  distribution: IDistribution; 
+}
+export class CloudFrontAlias extends Construct {
+  public readonly aRecord: ARecord;
+  public readonly aaaaRecord: AaaaRecord;
+
+  constructor(scope: Construct, id: string, props: CloudFrontAliasProps) {
+    super(scope, id);
+
+    this.aRecord = new ARecord(this, `ARecord-${props.domainName}`, {
+      zone: props.hostedZone,
+      target: RecordTarget.fromAlias(new CloudFrontTarget(props.distribution)),
+      recordName: props.domainName
+    });
+
+    this.aaaaRecord = new AaaaRecord(this, `AaaaRecord-${props.domainName}`, {
+      zone: props.hostedZone,
+      target: RecordTarget.fromAlias(new CloudFrontTarget(props.distribution)),
+      recordName: props.domainName
+    });
+  }
+}
+
+export function getHostedZone(scope: Construct, id: string, domainName: string) {
+  return HostedZone.fromLookup(scope, `getHostedZone-${domainName}`, { domainName });
+}

package/constructs/s3.ts

@@ -0,0 +1,26 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { tagResource } from '../lib/utils';
+
+export interface S3BucketProps {
+  /** The name of the S3 bucket */
+  bucketName?: string;
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+
+export class S3Bucket extends Construct {
+  public readonly bucket: Bucket;
+
+  constructor(scope: Construct, id: string, props: S3BucketProps) {
+    super(scope, id);
+
+    this.bucket = new Bucket(this, 'S3Bucket', {
+      bucketName: props.bucketName,
+      removalPolicy: props.destroy !== undefined ? props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN : undefined,
+      autoDeleteObjects: props.destroy === true ? true : undefined
+    });
+    tagResource(this.bucket, props.tags);
+  }
+}

package/constructs/waf.ts

@@ -0,0 +1,113 @@
+import { RemovalPolicy } from "aws-cdk-lib";
+import { Construct } from 'constructs';
+import { CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
+import { cleanResourceName, tagResource } from '../lib/utils';
+import type { IResourceProps } from '../lib/types';
+
+export type WebAclManagedRule = 
+  'AWSManagedRulesAmazonIpReputationList' |
+  'AWSManagedRulesAnonymousIpList' |
+  'AWSManagedRulesCommonRuleSet' |
+  'AWSManagedRulesKnownBadInputsRuleSet' |
+  'AWSManagedRulesSQLiRuleSet';
+
+export interface CloudFrontWebAclProps extends IResourceProps {
+  name: string;
+  managedRules?: (WebAclManagedRule & string)[];
+}
+export class CloudFrontWebAcl extends Construct {
+  public readonly acl: CfnWebACL;
+
+  constructor(scope: Construct, id: string, props: CloudFrontWebAclProps) {
+    super(scope, id);
+
+    props.name = cleanResourceName(props.name);
+
+    if (!props.managedRules) {
+      props.managedRules = [
+        'AWSManagedRulesAmazonIpReputationList',
+        'AWSManagedRulesAnonymousIpList',
+        'AWSManagedRulesCommonRuleSet',
+        'AWSManagedRulesKnownBadInputsRuleSet'
+      ];
+    }
+
+    this.acl = new CfnWebACL(this, 'CloudFrontWebAcl', {
+      scope: 'CLOUDFRONT',
+      name: props.name,
+      defaultAction: { allow: {} },
+      visibilityConfig: {
+        cloudWatchMetricsEnabled: true,
+        sampledRequestsEnabled: true,
+        metricName: `${props.name}-metrics`
+      },
+      rules: transformManagedRules(props.managedRules)
+    });
+    tagResource(this.acl, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.acl.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    } 
+  }
+}
+
+export interface ApiGatewayWebAclProps extends IResourceProps {
+  name: string;
+  aclScope?: 'CLOUDFRONT' | 'REGIONAL';
+  managedRules?: (WebAclManagedRule & string)[];
+}
+export class ApiGatewayWebAcl extends Construct {
+  public readonly acl: CfnWebACL;
+  constructor(scope: Construct, id: string, props: ApiGatewayWebAclProps) {
+    super(scope, id);
+
+    props.name = cleanResourceName(props.name);
+
+    if (!props.managedRules) {
+      props.managedRules = [
+        'AWSManagedRulesAmazonIpReputationList',
+        'AWSManagedRulesAnonymousIpList',
+        'AWSManagedRulesCommonRuleSet',
+        'AWSManagedRulesKnownBadInputsRuleSet',
+        'AWSManagedRulesSQLiRuleSet'
+      ];
+    }
+
+    this.acl = new CfnWebACL(this, 'ApiGatewayWebAcl', {
+      scope: props.aclScope ?? 'REGIONAL',
+      name: props.name,
+      defaultAction: { allow: {} },
+      visibilityConfig: {
+        cloudWatchMetricsEnabled: true,
+        sampledRequestsEnabled: true,
+        metricName: `${props.name}-metrics`
+      },
+      rules: transformManagedRules(props.managedRules)
+    });
+    tagResource(this.acl, props.tags);
+    if (typeof props.destroy == 'boolean') {
+      this.acl.applyRemovalPolicy(props.destroy ? RemovalPolicy.DESTROY : RemovalPolicy.RETAIN);
+    } 
+  }
+}
+
+
+function transformManagedRules(rules: (WebAclManagedRule | string)[]): CfnWebACL.RuleProperty[] {
+  return rules.map((ruleName, i) => {
+    return {
+      name: `AWS-${ruleName}`,
+      priority: i,
+      statement: {
+        managedRuleGroupStatement: {
+          name: ruleName,
+          vendorName: 'AWS'
+        }
+      },
+      overrideAction: { none: {} },
+      visibilityConfig: { 
+        cloudWatchMetricsEnabled: true,
+        sampledRequestsEnabled: true,
+        metricName: `AWS-${ruleName}`
+      }
+    } as CfnWebACL.RuleProperty;
+  });
+}

package/lib/types.d.ts

@@ -0,0 +1,12 @@
+export type DeepPartial<T> = T extends object ? {
+  [P in keyof T]?: DeepPartial<T[P]>;
+} : T;
+
+export type WithRequiredProperty<Type, Key extends keyof Type> = Omit<Type, Key> & {
+  [Property in Key]-?: Type[Property];
+};
+
+export interface IResourceProps {
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}

package/lib/utils.ts

@@ -0,0 +1,23 @@
+import { IConstruct } from 'constructs';
+import { Tags } from 'aws-cdk-lib/core';
+
+export function domainAsId(domain: string) {
+  return domain.replace(/\./g, '-');
+}
+
+export function cleanResourceName(name: string) {
+  return name.replace(/[^0-9a-z_\-]/gi, '');
+}
+
+export function tagResource(resource: IConstruct, tags?: Record<string, string>) {
+  if (tags) {
+    for (const [key, value] of Object.entries(tags)) {
+      Tags.of(resource).add(key, value);
+    }
+  }
+}
+
+export function mergeTags(...tags: (Record<string, string> | null | undefined)[]): Record<string, string> {
+  const _tags = tags.filter(t => t !== undefined && t !== null) ?? [];
+  return Object.assign({}, ..._tags);
+}

package/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "@inizioevoke/aws-cdk-helpers",
+  "version": "1.0.0",
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "aws-cdk-lib": "^2.238.0",
+    "constructs": "^10.5.1",
+    "typescript": "^5.9.3"
+  }
+}

package/readme.md

@@ -0,0 +1,80 @@
+# @inizioevoke/aws-cdk-helpers
+
+## Example App
+
+```typescript
+import * as cdk from 'aws-cdk-lib/core';
+import { CloudFrontFunctionRedirects } from '@inizioevoke/aws-cdk-helpers/constructs/cloudfront';
+import { WebStaticServerlessStage } from '@inizioevoke/aws-cdk-helpers/stages/web-static-serverless-stage';
+import { AddSourceStageParams } from '@inizioevoke/aws-cdk-helpers/constructs/codepipeline'; 
+
+const app = new cdk.App();
+
+const env = {
+  account: '000000000000',
+  region: 'us-east-1'
+};
+
+const tags: Record<string, string> = {
+  'Account': 'Account Name',
+  'Brand': 'Brand Name'
+};
+
+const repository: Omit<AddSourceStageParams, 'branch'> = {
+  codestarConnectionArn: 'ARN',
+  repoOwner: 'evokegroup',
+  repo: 'myproject-v1'
+};
+
+const redirects: CloudFrontFunctionRedirects = {
+  paths: {
+    '/hello': '/world',
+    '/redirect': ['/here', 302]
+  }
+};
+
+new WebStaticServerlessStage(app, 'dev', {
+  env,
+  tags,
+  stageName: 'myproject-v1-dev',
+  envType: 'NOT_PROD',
+  description: 'My Project DEV',
+  hostedZone: 'evodev.net',
+  domainName: 'myproject-v1.evodev.net',
+  basicAuth: {
+    user: 'user',
+    password: 'password'
+  },
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'develop'
+    }
+  }
+});
+
+new WebStaticServerlessStage(app, 'prd', {
+  env,
+  tags,
+  stageName: 'myproject-v1-prd',
+  envType: 'PROD',
+  description: 'My Project PRD',
+  hostedZone: 'myproject.com',
+  domainName: 'www.myproject.com',
+  attachWebAcl: true,
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'prod'
+    }
+  }
+});
+```
+```
+cdk deploy dev/*
+```
+```
+cdk deploy prd/*
+```

package/samples/app.ts

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+import * as cdk from 'aws-cdk-lib/core';
+import { CloudFrontFunctionRedirects } from '../constructs/cloudfront'; // @inizioevoke/aws-cdk-helpers
+import { WebStaticServerlessStage } from '../stages/web-static-serverless-stage'; // @inizioevoke/aws-cdk-helpers
+import { AddSourceStageParams } from '../constructs/codepipeline'; // @inizioevoke/aws-cdk-helpers
+
+const app = new cdk.App();
+
+const env = {
+  account: '000000000000',
+  region: 'us-east-1'
+};
+
+const tags: Record<string, string> = {
+  'Account': 'Account Name',
+  'Brand': 'Brand Name'
+};
+
+const repository: Omit<AddSourceStageParams, 'branch'> = {
+  codestarConnectionArn: 'ARN',
+  repoOwner: 'evokegroup',
+  repo: 'myproject-v1'
+};
+
+const redirects: CloudFrontFunctionRedirects = {
+  paths: {
+    '/hello': '/world',
+    '/redirect': ['/here', 302]
+  }
+};
+
+new WebStaticServerlessStage(app, 'dev', {
+  env,
+  tags,
+  stageName: 'myproject-v1-dev',
+  envType: 'NOT_PROD',
+  description: 'My Project DEV',
+  hostedZone: 'evodev.net',
+  domainName: 'myproject-v1.evodev.net',
+  basicAuth: {
+    user: 'user',
+    password: 'password'
+  },
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'develop'
+    }
+  }
+});
+
+new WebStaticServerlessStage(app, 'prd', {
+  env,
+  tags,
+  stageName: 'myproject-v1-prd',
+  envType: 'PROD',
+  description: 'My Project PRD',
+  hostedZone: 'myproject.com',
+  domainName: 'www.myproject.com',
+  attachWebAcl: true,
+  redirects,
+  pipeline: {
+    sourceStage: {
+      ...repository,
+      branch: 'prod'
+    }
+  }
+});

package/samples/codebuild/buildspec.yml

@@ -0,0 +1,24 @@
+version: 0.2
+
+env:
+  variables:
+    # Environment variables
+    S3_BUCKET_NAME:
+    CLOUDFRONT_DISTRIBUTION_ID:
+
+phases:
+  install:
+    runtime-versions:
+      nodejs: 24
+    commands:
+      - npm install
+  build:
+    commands:
+      - npm run build
+  post_build:
+    commands:
+      - '[ ${CODEBUILD_BUILD_SUCCEEDING:-0} -eq 1 ] || exit 1'
+      - echo "Syncing to S3"
+      - aws s3 sync dist s3://${S3_BUCKET_NAME}/ --delete
+      - echo "Invalidating CloudFront"
+      - aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_DISTRIBUTION_ID} --paths "/*"

package/stacks/web-static-serverless/codepipeline-stack.ts

@@ -0,0 +1,42 @@
+import { Stack, StackProps } from 'aws-cdk-lib/core';
+import { Construct } from 'constructs';
+import { CodeBuildPipelineProject, CodeBuildPipelineProjectProps } from '../../constructs/codebuild';
+import { CodePipelineProject, AddSourceStageParams, AddBuildStageParams } from '../../constructs/codepipeline';
+
+export interface CodePipelineStackProps {
+  pipelineName?: string;
+  sourceStage: AddSourceStageParams;
+  buildStage?: Pick<AddBuildStageParams, 'stageName' | 'environmentVariables'>;
+  codeBuildProject?: Omit<CodeBuildPipelineProjectProps, 'destroy' | 'tags'>,
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+export class CodePipelineStack extends Stack {
+  public readonly codeBuildPipelineProject: CodeBuildPipelineProject;
+  public readonly codePipelineProject: CodePipelineProject;
+
+  constructor(scope: Construct, id: string, props: CodePipelineStackProps & StackProps) {
+    super(scope, id, props);
+
+    this.codeBuildPipelineProject = new CodeBuildPipelineProject(this, 'CodeBuildPipelineProject', {
+      ...(props.codeBuildProject ?? {}),
+      destroy: props.destroy,
+      tags: props.tags
+    });
+
+    this.codePipelineProject = new CodePipelineProject(this, 'CodePipelineProject', {
+      pipelineName: props.pipelineName,
+      destroy: props.destroy,
+      tags: props.tags
+    });
+
+    const sourceArtifact = this.codePipelineProject.addSourceStage(props.sourceStage);
+
+    this.codePipelineProject.addBuildStage({
+      stageName: props.buildStage?.stageName,
+      codeBuildProject: this.codeBuildPipelineProject.project,
+      sourceArtifact: sourceArtifact,
+      environmentVariables: props.buildStage?.environmentVariables
+    });
+  }
+}

package/stacks/web-static-serverless/web-global-stack.ts

@@ -0,0 +1,119 @@
+import { Stack, StackProps, PhysicalName } from 'aws-cdk-lib/core';
+import { Construct } from 'constructs';
+
+import { Certificate } from "aws-cdk-lib/aws-certificatemanager";
+import { BehaviorOptions, Distribution, Function, FunctionEventType } from 'aws-cdk-lib/aws-cloudfront';
+import { ARecord, AaaaRecord } from "aws-cdk-lib/aws-route53";
+import { Bucket } from "aws-cdk-lib/aws-s3";
+import { CfnWebACL } from 'aws-cdk-lib/aws-wafv2';
+
+import { S3BucketOrigin } from 'aws-cdk-lib/aws-cloudfront-origins';
+import { SSLCertificate } from '../../constructs/certificatemanager';
+import { CloudFrontFunctionRedirects, CloudFrontFunction, CloudFrontDistribution } from '../../constructs/cloudfront';
+import { getHostedZone, CloudFrontAlias } from '../../constructs/route53';
+import { S3Bucket } from '../../constructs/s3';
+import { CloudFrontWebAcl } from '../../constructs/waf';
+import { domainAsId } from '../../lib/utils';
+
+export interface BasicAuthCredentials {
+  user: string;
+  password: string;
+}
+
+export interface WebGlobalStackProps {
+  envType: 'NOT_PROD' | 'PROD';
+  description?: string;
+  bucketName?: string;
+  hostedZone: string;
+  domainName: string;
+  basicAuth?: BasicAuthCredentials;
+  redirects?: CloudFrontFunctionRedirects;
+  attachWebAcl?: boolean;
+  destroy?: boolean;
+}
+
+export class WebGlobalStack extends Stack {
+  public readonly sslCertificate: Certificate;
+  public readonly s3Bucket: Bucket;
+  public readonly cloudFrontFunction: Function;
+  public readonly cloudFrontDistribution: Distribution;
+  public readonly webAcl: CfnWebACL | undefined;
+  public readonly aRecord: ARecord;
+  public readonly aaaaRecord: AaaaRecord;
+
+  constructor(scope: Construct, id: string, props: WebGlobalStackProps & StackProps) {
+    super(scope, id, props);
+
+    const hostedZone = getHostedZone(this, 'getHostedZone', props.hostedZone);
+
+    const _sslCert = new SSLCertificate(this, 'SSLCertificate', {
+      hostedZone: hostedZone,
+      domainName: props.domainName,
+      destroy: props.destroy
+    });
+    this.sslCertificate = _sslCert.certificate;
+
+    const _s3Bucket = new S3Bucket(this, 'S3Bucket', {
+      bucketName: props.bucketName ?? PhysicalName.GENERATE_IF_NEEDED,
+      destroy: props.destroy
+    });
+    this.s3Bucket = _s3Bucket.bucket;
+
+    const defaultBehavior: BehaviorOptions = {
+      origin: S3BucketOrigin.withOriginAccessControl(this.s3Bucket),
+      functionAssociations: []
+    };
+
+    let cffn: CloudFrontFunction;
+    if (props.basicAuth) {
+      cffn = CloudFrontFunction.createBasicAuthDefaultDoc(this, 'createBasicAuthDefaultDoc', {
+        user: props.basicAuth.user,
+        password: props.basicAuth.password,
+        redirects: props.redirects,
+        destroy: props.destroy
+      });
+    } else {
+      cffn = CloudFrontFunction.createDefaultDoc(this, 'createDefaultDoc', {
+        redirects: props.redirects,
+        destroy: props.destroy
+      });
+    }
+    this.cloudFrontFunction = cffn.fn;
+    
+    defaultBehavior.functionAssociations!.push({
+      eventType: FunctionEventType.VIEWER_REQUEST,
+      function: this.cloudFrontFunction
+    });
+    defaultBehavior.functionAssociations!.push({
+      eventType: FunctionEventType.VIEWER_RESPONSE,
+      function: this.cloudFrontFunction
+    });
+    
+
+    if (props.attachWebAcl !== false) {
+      const waf = new CloudFrontWebAcl(this, 'CloudFrontWebAcl', {
+        name: `${domainAsId(props.domainName)}`,
+        destroy: props.destroy
+      });
+      this.webAcl = waf.acl;
+    }
+
+    const cfDistribution = new CloudFrontDistribution(this, 'CloudFrontDistribution', {
+      domainName: props.domainName,
+      description: props.description ?? props.domainName,
+      priceClass: props.envType,
+      certificate: this.sslCertificate,
+      defaultBehavior,
+      webAclId: this.webAcl?.attrArn
+    });
+    this.cloudFrontDistribution = cfDistribution.distribution;
+
+    const cfAlias = new CloudFrontAlias(this, 'CloudFrontAlias', {
+      distribution: cfDistribution.distribution,
+      domainName: props.domainName,
+      hostedZone: hostedZone
+    });
+    this.aRecord = cfAlias.aRecord;
+    this.aaaaRecord = cfAlias.aaaaRecord;
+  }
+}

package/stages/str8r-clm-stage.ts

@@ -0,0 +1,55 @@
+import { Stage, StageProps } from 'aws-cdk-lib/core';
+import { Construct } from 'constructs';
+
+import { CodeBuildPipelineProjectProps } from '../constructs/codebuild';
+import { WebGlobalStack, WebGlobalStackProps } from '../stacks/web-static-serverless/web-global-stack';
+import { CodePipelineStack, CodePipelineStackProps } from '../stacks/web-static-serverless/codepipeline-stack';
+
+export interface Str8rClmStageProps extends WebGlobalStackProps, StageProps {
+  pipeline?: Omit<CodePipelineStackProps, 'codeBuildProject'> & {
+    codeBuildProject?: Omit<CodeBuildPipelineProjectProps, 'cloudFrontDistributionArn' | 's3BucketName' | 'destroy' | 'tags'>
+  }
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+
+export class Str8rClmStage extends Stage {
+  public readonly webStack: WebGlobalStack;
+  public readonly codePipelineStack: CodePipelineStack;
+
+  constructor(scope: Construct, id: string, props: Str8rClmStageProps) {
+    super(scope, id);
+
+    if (props.destroy === undefined) {
+      props.destroy = true;
+    }
+
+    this.webStack = new WebGlobalStack(this, 'web-global', {
+      ...props,
+      env: {
+        account: props.env?.account,
+        region: 'us-east-1'
+      },
+      stackName: `${props.stageName}-web-global-stack`,
+      destroy: props.destroy,
+      tags: props.tags
+    });
+
+    if (props.pipeline) {
+      props.pipeline.codeBuildProject = props.pipeline.codeBuildProject ?? {};
+      if (!props.pipeline.codeBuildProject.ecrBuildImage && !props.pipeline.codeBuildProject.buildImage) {
+        props.pipeline.codeBuildProject.ecrBuildImage = { repository: 'str8r-v3/codebuild', tag: 'veeva-clm' };
+      }
+      (props.pipeline.codeBuildProject as CodeBuildPipelineProjectProps).cloudFrontDistributionArn = this.webStack.cloudFrontDistribution.distributionArn;
+      (props.pipeline.codeBuildProject as CodeBuildPipelineProjectProps).s3BucketName = this.webStack.s3Bucket.bucketName;
+
+      this.codePipelineStack = new CodePipelineStack(this, 'codepipeline', {
+        ...props.pipeline,
+        env: props.env,
+        stackName: `${props.stageName}-codepipeline-stack`,
+        destroy: props.destroy,
+        tags: props.tags
+      });
+    }
+  }
+}

package/stages/web-static-serverless-stage.ts

@@ -0,0 +1,55 @@
+import { Stage, StageProps } from 'aws-cdk-lib/core';
+import { Construct } from 'constructs';
+
+import { CodeBuildPipelineProjectProps } from '../constructs/codebuild';
+import { WebGlobalStack, WebGlobalStackProps } from '../stacks/web-static-serverless/web-global-stack';
+// import { WebRegionalStack } from '../stacks/web-static-serverless/web-regional-stack';
+import { CodePipelineStack, CodePipelineStackProps } from '../stacks/web-static-serverless/codepipeline-stack';
+
+export interface WebStaticServerlessStageProps extends WebGlobalStackProps, StageProps {
+  pipeline?: Omit<CodePipelineStackProps, 'codeBuildProject'> & {
+    codeBuildProject?: Omit<CodeBuildPipelineProjectProps, 'cloudFrontDistributionArn' | 's3BucketName' | 'destroy' | 'tags'>
+  }
+  destroy?: boolean;
+  tags?: Record<string, string>;
+}
+
+export class WebStaticServerlessStage extends Stage {
+  // public readonly regionalStack: WebRegionalStack;
+  public readonly webStack: WebGlobalStack;
+  public readonly codePipelineStack: CodePipelineStack;
+
+  constructor(scope: Construct, id: string, props: WebStaticServerlessStageProps) {
+    super(scope, id);
+
+    if (props.destroy === undefined) {
+      props.destroy = true;
+    }
+
+    this.webStack = new WebGlobalStack(this, 'web-global', {
+      ...props,
+      env: {
+        account: props.env?.account,
+        region: 'us-east-1'
+      },
+      stackName: `${props.stageName}-web-global-stack`,
+      // s3BucketName: this.regionalStack.s3Bucket.bucketName
+      destroy: props.destroy,
+      tags: props.tags
+    });
+
+    if (props.pipeline) {
+      props.pipeline.codeBuildProject = props.pipeline.codeBuildProject ?? {};
+      (props.pipeline.codeBuildProject as CodeBuildPipelineProjectProps).cloudFrontDistributionArn = this.webStack.cloudFrontDistribution.distributionArn;
+      (props.pipeline.codeBuildProject as CodeBuildPipelineProjectProps).s3BucketName = this.webStack.s3Bucket.bucketName;
+
+      this.codePipelineStack = new CodePipelineStack(this, 'codepipeline', {
+        ...props.pipeline,
+        env: props.env,
+        stackName: `${props.stageName}-codepipeline-stack`,
+        destroy: props.destroy,
+        tags: props.tags
+      });
+    }
+  }
+}

package/templates/cffn-default-doc-basic-auth.js

@@ -0,0 +1,148 @@
+/**
+ * Viewer Request - handle basic authorization, redirects, append index.html to origin
+ * Viewer Response - handle 301 redirect with request querystring
+ */
+
+const DEFAULT_DOCUMENT = "__DEFAULT_DOCUMENT__";
+const BASIC_AUTH = ["Basic __CREDENTIALS__"];
+
+/** @type {Record<string, string | [string, 301|302]>} */
+const redirects = __REDIRECTS__;
+
+const useTrailingSlash = __TRAILING_SLASH__;
+const shouldRedirDefDoc = __REDIR_DEF_DOC__;
+
+
+function handler(event) {
+  switch (event.context.eventType) {
+    case "viewer-request":
+      return handleRequest(event);
+    case "viewer-response":
+      return handleResponse(event);
+    default:
+      return {
+        statusCode: 400,
+        statusDescription: "Bad request",
+      };
+  }
+}
+
+function handleRequest(event) {
+  if (authorized(event)) {
+    const request = event.request;
+    const uri = request.uri;
+
+    const redirect = redirects ? redirects[uri] : null;
+    if (redirect) {
+      const redir = Array.isArray(redirect) ? redirect : [redirect, 301];
+      return redirectResponse(event, redir[0], redir[1]);
+    }
+    
+    if (/^(?:.+?)\.[^\.\/]+$/.test(uri)) {
+      // uri has a file extension
+      if (uri.endsWith(DEFAULT_DOCUMENT) && shouldRedirDefDoc === true) {
+        return redirectResponse(event, uri.slice(0, -1 * DEFAULT_DOCUMENT.length - (useTrailingSlash ? 0 : 1)));
+      } else {
+        return request;
+      }
+    } else if (useTrailingSlash === true && !uri.endsWith("/")) {
+      return redirectResponse(event, `${uri}/`);
+    } else if (uri !== '/' && useTrailingSlash === false && uri.endsWith("/")) {
+      return redirectResponse(event, uri.slice(0, -1));
+    } else {
+      request.uri = `${uri}${uri.endsWith("/") ? "" : "/"}${DEFAULT_DOCUMENT}`;
+      return request;
+    }
+  } else {
+    return {
+      statusCode: 401,
+      statusDescription: "Unauthorized",
+      headers: {
+        "www-authenticate": { value: "Basic" },
+      },
+    };
+  }
+}
+
+function authorized(event) {
+  let flag = false;
+  const authHeader = event.request.headers["authorization"];
+  if (authHeader && authHeader.value) {
+    BASIC_AUTH.every((val) => {
+      flag = authHeader.value === val;
+      return !flag;
+    });
+  }
+  return flag;
+}
+
+function handleResponse(event) {
+  switch (event.response.statusCode) {
+    case 301:
+    case 302:
+      return redirectResponse(event);
+    default:
+      return event.response;
+  }
+}
+
+function redirectResponse(event, location, statusCode) {
+  const response = event.response || {};
+  if (statusCode === 302) {
+    response.statusCode = 302;
+    response.statusDescription = "Found";
+  } else {
+    response.statusCode = 301;
+    response.statusDescription = "Moved Permanently";
+  }
+  const path = location || getLocationHeaderValue(response.headers) || '/';
+  const querystring = event.request.querystring;
+  response.headers = updateLocationHeader(response.headers, pathWithQS(path, querystring));
+  return response;
+}
+
+function getLocationHeaderValue(headers) {
+  return headers && headers["location"] ? headers["location"].value : undefined;
+}
+
+function updateLocationHeader(headers, location) {
+  headers = headers || {};
+  headers["location"] = {
+    value: location,
+  };
+  return headers;
+}
+
+function qsParamExists(path, key, value) {
+  return path.indexOf(`${key}=${value}`) != -1;
+}
+
+function pathWithQS(path, querystring) {
+  let qs = [];
+  if (querystring) {
+    qs = Object.keys(querystring)
+      .map(function (key) {
+        if (querystring[key].multiValue) {
+          return querystring[key].multiValue.map((multiKey) => {
+            return !qsParamExists(path, key, multiKey.value)
+              ? `${key}=${multiKey.value}`
+              : null;
+          });
+        } else {
+          return !qsParamExists(path, key, querystring[key].value)
+            ? `${key}=${querystring[key].value}`
+            : null;
+        }
+      })
+      .reduce((r, item) => {
+        (item instanceof Array ? item : [item]).forEach((i) => {
+          r.push(i);
+        });
+        return r;
+      }, [])
+      .filter((item) => {
+        return item !== null;
+      });
+  }
+  return `${path}${qs.length > 0 ? (path.indexOf("?") == -1 ? "?" : "&") : ""}${qs.join("&")}`;
+}

package/templates/cffn-default-doc.js

@@ -0,0 +1,125 @@
+/**
+ * Viewer Request - redirects, append index.html to origin
+ * Viewer Response - handle 301 redirect with request querystring
+ */
+
+const DEFAULT_DOCUMENT = "__DEFAULT_DOCUMENT__";
+
+/** @type {Record<string, string | [string, 301|302]>} */
+const redirects = __REDIRECTS__;
+
+const useTrailingSlash = __TRAILING_SLASH__;
+const shouldRedirDefDoc = __REDIR_DEF_DOC__;
+
+
+function handler(event) {
+  switch (event.context.eventType) {
+    case "viewer-request":
+      return handleRequest(event);
+    case "viewer-response":
+      return handleResponse(event);
+    default:
+      return {
+        statusCode: 400,
+        statusDescription: "Bad request",
+      };
+  }
+}
+
+function handleRequest(event) {
+  const request = event.request;
+  const uri = request.uri;
+
+  const redirect = redirects ? redirects[uri] : null;
+  if (redirect) {
+    const redir = Array.isArray(redirect) ? redirect : [redirect, 301];
+    return redirectResponse(event, redir[0], redir[1]);
+  }
+  
+  if (/^(?:.+?)\.[^\.\/]+$/.test(uri)) {
+    // uri has a file extension
+    if (uri.endsWith(DEFAULT_DOCUMENT) && shouldRedirDefDoc === true) {
+      return redirectResponse(event, uri.slice(0, -1 * DEFAULT_DOCUMENT.length - (useTrailingSlash ? 0 : 1)));
+    } else {
+      return request;
+    }
+  } else if (useTrailingSlash === true && !uri.endsWith("/")) {
+    return redirectResponse(event, `${uri}/`);
+  } else if (uri !== '/' && useTrailingSlash === false && uri.endsWith("/")) {
+    return redirectResponse(event, uri.slice(0, -1));
+  } else {
+    request.uri = `${uri}${uri.endsWith("/") ? "" : "/"}${DEFAULT_DOCUMENT}`;
+    return request;
+  }
+}
+
+function handleResponse(event) {
+  switch (event.response.statusCode) {
+    case 301:
+    case 302:
+      return redirectResponse(event);
+    default:
+      return event.response;
+  }
+}
+
+function redirectResponse(event, location, statusCode) {
+  const response = event.response || {};
+  if (statusCode === 302) {
+    response.statusCode = 302;
+    response.statusDescription = "Found";
+  } else {
+    response.statusCode = 301;
+    response.statusDescription = "Moved Permanently";
+  }
+  const path = location || getLocationHeaderValue(response.headers) || '/';
+  const querystring = event.request.querystring;
+  response.headers = updateLocationHeader(response.headers, pathWithQS(path, querystring));
+  return response;
+}
+
+function getLocationHeaderValue(headers) {
+  return headers && headers["location"] ? headers["location"].value : undefined;
+}
+
+function updateLocationHeader(headers, location) {
+  headers = headers || {};
+  headers["location"] = {
+    value: location,
+  };
+  return headers;
+}
+
+function qsParamExists(path, key, value) {
+  return path.indexOf(`${key}=${value}`) != -1;
+}
+
+function pathWithQS(path, querystring) {
+  let qs = [];
+  if (querystring) {
+    qs = Object.keys(querystring)
+      .map(function (key) {
+        if (querystring[key].multiValue) {
+          return querystring[key].multiValue.map((multiKey) => {
+            return !qsParamExists(path, key, multiKey.value)
+              ? `${key}=${multiKey.value}`
+              : null;
+          });
+        } else {
+          return !qsParamExists(path, key, querystring[key].value)
+            ? `${key}=${querystring[key].value}`
+            : null;
+        }
+      })
+      .reduce((r, item) => {
+        (item instanceof Array ? item : [item]).forEach((i) => {
+          r.push(i);
+        });
+        return r;
+      }, [])
+      .filter((item) => {
+        return item !== null;
+      });
+  }
+  return `${path}${qs.length > 0 ? (path.indexOf("?") == -1 ? "?" : "&") : ""}${qs.join("&")}`;
+}

package/tsconfig.json

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "lib": [
+      "es2022"
+    ],
+    "declaration": true,
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": false,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "experimentalDecorators": true,
+    "strictPropertyInitialization": false,
+    "skipLibCheck": true,
+    "types": ["node"]
+  },
+  "exclude": [
+    "node_modules"
+  ]
+}