@jaypie/constructs 1.2.17 → 1.2.19

package/dist/esm/index.js

@@ -1,5 +1,5 @@
 import * as cdk from 'aws-cdk-lib';
-import { Tags, Stack, Fn, CfnOutput, SecretValue, Duration, RemovalPolicy, CfnStack } from 'aws-cdk-lib';
+import { Tags, Stack, Fn, CfnOutput, SecretValue, Duration, RemovalPolicy, CfnStack, ArnFormat } from 'aws-cdk-lib';
 import * as s3 from 'aws-cdk-lib/aws-s3';
 import { Bucket, StorageClass, BucketAccessControl, EventType } from 'aws-cdk-lib/aws-s3';
 import { Construct } from 'constructs';
@@ -10,6 +10,7 @@ import * as route53Targets from 'aws-cdk-lib/aws-route53-targets';
 import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
 import { DatadogLambda } from 'datadog-cdk-constructs-v2';
 import { ConfigurationError } from '@jaypie/errors';
+import * as iam from 'aws-cdk-lib/aws-iam';
 import { Role, PolicyStatement, Policy, FederatedPrincipal, Effect, ServicePrincipal, ManagedPolicy } from 'aws-cdk-lib/aws-iam';
 import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
@@ -31,6 +32,8 @@ import * as path from 'path';
 import { Trail, ReadWriteType } from 'aws-cdk-lib/aws-cloudtrail';
 import { CfnPermissionSet, CfnAssignment } from 'aws-cdk-lib/aws-sso';
 import { CfnApplication } from 'aws-cdk-lib/aws-sam';
+import * as apigatewayv2 from 'aws-cdk-lib/aws-apigatewayv2';
+import * as apigatewayv2Integrations from 'aws-cdk-lib/aws-apigatewayv2-integrations';
 
 const CDK$2 = {
     ACCOUNT: {
@@ -3185,13 +3188,19 @@ class JaypieMongoDbSecret extends JaypieEnvSecret {
 class JaypieNextJs extends Construct {
     constructor(scope, id, props) {
         super(scope, id);
-        const domainName = typeof props?.domainName === "string"
-            ? props.domainName
-            : envHostname(props?.domainName);
+        // Determine if we should use a custom domain
+        const useDomain = props?.domainProps !== false;
+        // Resolve domain name only if using a custom domain
+        const domainName = useDomain
+            ? typeof props?.domainName === "string"
+                ? props.domainName
+                : envHostname(props?.domainName)
+            : undefined;
         this.domainName = domainName;
-        const domainNameSanitized = domainName
-            .replace(/\./g, "-")
-            .replace(/[^a-zA-Z0-9]/g, "_");
+        // Use domain name or construct ID for cache policy naming
+        const cachePolicyIdentifier = domainName
+            ? domainName.replace(/\./g, "-").replace(/[^a-zA-Z0-9]/g, "_")
+            : id.replace(/[^a-zA-Z0-9]/g, "_");
         // Resolve environment from array or object syntax
         const environment = resolveEnvironment(props?.environment);
         const envSecrets = props?.envSecrets || {};
@@ -3228,27 +3237,32 @@ class JaypieNextJs extends Construct {
         }, {});
         const nextjs = new Nextjs(this, "NextJsApp", {
             nextjsPath,
-            domainProps: {
-                domainName,
-                hostedZone: resolveHostedZone(this, {
-                    zone: props?.hostedZone,
-                }),
-            },
+            // Only configure custom domain if useDomain is true
+            ...(useDomain &&
+                domainName && {
+                domainProps: {
+                    domainName,
+                    hostedZone: resolveHostedZone(this, {
+                        zone: props?.hostedZone,
+                    }),
+                },
+            }),
             environment: {
                 ...jaypieLambdaEnv(),
                 ...environment,
                 ...secretsEnvironment,
                 ...jaypieSecretsEnvironment,
                 ...nextPublicEnv,
-                NEXT_PUBLIC_SITE_URL: `https://${domainName}`,
+                // NEXT_PUBLIC_SITE_URL will be set after construct creation for CloudFront URL
+                ...(domainName && { NEXT_PUBLIC_SITE_URL: `https://${domainName}` }),
             },
             overrides: {
                 nextjsDistribution: {
                     imageCachePolicyProps: {
-                        cachePolicyName: `NextJsImageCachePolicy-${domainNameSanitized}`,
+                        cachePolicyName: `NextJsImageCachePolicy-${cachePolicyIdentifier}`,
                     },
                     serverCachePolicyProps: {
-                        cachePolicyName: `NextJsServerCachePolicy-${domainNameSanitized}`,
+                        cachePolicyName: `NextJsServerCachePolicy-${cachePolicyIdentifier}`,
                     },
                 },
                 nextjsImage: {
@@ -3263,6 +3277,10 @@ class JaypieNextJs extends Construct {
                 },
             },
         });
+        // Set NEXT_PUBLIC_SITE_URL to CloudFront URL when no custom domain
+        if (!domainName) {
+            nextjs.serverFunction.lambdaFunction.addEnvironment("NEXT_PUBLIC_SITE_URL", `https://${nextjs.distribution.distributionDomain}`);
+        }
         addDatadogLayers(nextjs.imageOptimizationFunction);
         addDatadogLayers(nextjs.serverFunction.lambdaFunction);
         // Grant secret read permissions
@@ -4103,5 +4121,376 @@ class JaypieTraceSigningKeySecret extends JaypieEnvSecret {
     }
 }
 
-export { CDK$2 as CDK, JaypieAccountLoggingBucket, JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieCertificate, JaypieDatadogBucket, JaypieDatadogForwarder, JaypieDatadogSecret, JaypieDistribution, JaypieDnsRecord, JaypieDynamoDb, JaypieEnvSecret, JaypieEventsRule, JaypieExpressLambda, JaypieGitHubDeployRole, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieNextJs, JaypieOpenAiSecret, JaypieOrganizationTrail, JaypieQueuedLambda, JaypieSsoPermissions, JaypieSsoSyncApplication, JaypieStack, JaypieStaticWebBucket, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, addDatadogLayers, clearAllCertificateCaches, clearAllSecretsCaches, clearCertificateCache, clearSecretsCache, constructEnvName, constructStackName, constructTagger, envHostname, extendDatadogRole, isEnv, isProductionEnv, isSandboxEnv, isValidHostname$1 as isValidHostname, isValidSubdomain, jaypieLambdaEnv, mergeDomain, resolveCertificate, resolveDatadogForwarderFunction, resolveDatadogLayers, resolveDatadogLoggingDestination, resolveEnvironment, resolveHostedZone, resolveParamsAndSecrets, resolveSecrets };
+//
+//
+// Main
+//
+class JaypieWebSocket extends Construct {
+    constructor(scope, id, props = {}) {
+        super(scope, id);
+        const { certificate = true, connect, default: defaultHandler, disconnect, handler, host: propsHost, logRetention = logs.RetentionDays.THREE_MONTHS, name, roleTag = CDK$2.ROLE.API, routes = {}, stageName = "production", zone: propsZone, } = props;
+        // Validate: either handler OR individual handlers, not both
+        const hasIndividualHandlers = connect || disconnect || defaultHandler;
+        if (handler && hasIndividualHandlers) {
+            throw new Error("Cannot specify both 'handler' and individual route handlers (connect/disconnect/default)");
+        }
+        // Determine zone from props or environment
+        let zone = propsZone;
+        if (!zone && process.env.CDK_ENV_HOSTED_ZONE) {
+            zone = process.env.CDK_ENV_HOSTED_ZONE;
+        }
+        // Determine host from props or environment
+        let host;
+        if (typeof propsHost === "string") {
+            host = propsHost;
+        }
+        else if (typeof propsHost === "object") {
+            // Resolve host from HostConfig using envHostname()
+            host = envHostname(propsHost);
+        }
+        else if (process.env.CDK_ENV_WS_HOST_NAME) {
+            host = process.env.CDK_ENV_WS_HOST_NAME;
+        }
+        else if (process.env.CDK_ENV_WS_SUBDOMAIN &&
+            process.env.CDK_ENV_HOSTED_ZONE) {
+            host = mergeDomain(process.env.CDK_ENV_WS_SUBDOMAIN, process.env.CDK_ENV_HOSTED_ZONE);
+        }
+        const apiName = name || constructEnvName("WebSocket");
+        // Create WebSocket API
+        this._api = new apigatewayv2.WebSocketApi(this, "Api", {
+            apiName,
+        });
+        Tags.of(this._api).add(CDK$2.TAG.ROLE, roleTag);
+        // Add routes with Lambda integrations
+        const connectHandler = handler || connect;
+        const disconnectHandler = handler || disconnect;
+        const defaultRouteHandler = handler || defaultHandler;
+        if (connectHandler) {
+            this._api.addRoute("$connect", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("ConnectIntegration", connectHandler),
+            });
+        }
+        if (disconnectHandler) {
+            this._api.addRoute("$disconnect", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("DisconnectIntegration", disconnectHandler),
+            });
+        }
+        if (defaultRouteHandler) {
+            this._api.addRoute("$default", {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration("DefaultIntegration", defaultRouteHandler),
+            });
+        }
+        // Add custom routes
+        for (const [routeKey, routeHandler] of Object.entries(routes)) {
+            this._api.addRoute(routeKey, {
+                integration: new apigatewayv2Integrations.WebSocketLambdaIntegration(`${routeKey}Integration`, routeHandler),
+            });
+        }
+        // Create log group for access logs
+        // Note: logGroup is created for future use when API Gateway v2 WebSocket
+        // access logging is fully supported in CDK
+        new logs.LogGroup(this, "AccessLogs", {
+            removalPolicy: RemovalPolicy.DESTROY,
+            retention: logRetention,
+        });
+        // Create stage
+        this._stage = new apigatewayv2.WebSocketStage(this, "Stage", {
+            autoDeploy: true,
+            stageName,
+            webSocketApi: this._api,
+        });
+        Tags.of(this._stage).add(CDK$2.TAG.ROLE, roleTag);
+        // Set up custom domain if host and zone are provided
+        let hostedZone;
+        let certificateToUse;
+        if (host && zone) {
+            hostedZone = resolveHostedZone(this, { zone });
+            // Use resolveCertificate to create certificate at stack level (enables reuse)
+            certificateToUse = resolveCertificate(this, {
+                certificate,
+                domainName: host,
+                roleTag: CDK$2.ROLE.HOSTING,
+                zone: hostedZone,
+            });
+            this._certificate = certificateToUse;
+            this._host = host;
+            if (certificateToUse) {
+                // Create custom domain
+                this._domainName = new apigatewayv2.DomainName(this, "DomainName", {
+                    certificate: certificateToUse,
+                    domainName: host,
+                });
+                Tags.of(this._domainName).add(CDK$2.TAG.ROLE, roleTag);
+                // Map domain to stage
+                new apigatewayv2.ApiMapping(this, "ApiMapping", {
+                    api: this._api,
+                    domainName: this._domainName,
+                    stage: this._stage,
+                });
+                // Create DNS record
+                new route53.ARecord(this, "AliasRecord", {
+                    recordName: host,
+                    target: route53.RecordTarget.fromAlias(new route53Targets.ApiGatewayv2DomainProperties(this._domainName.regionalDomainName, this._domainName.regionalHostedZoneId)),
+                    zone: hostedZone,
+                });
+                // Also create AAAA record for IPv6
+                new route53.AaaaRecord(this, "AaaaAliasRecord", {
+                    recordName: host,
+                    target: route53.RecordTarget.fromAlias(new route53Targets.ApiGatewayv2DomainProperties(this._domainName.regionalDomainName, this._domainName.regionalHostedZoneId)),
+                    zone: hostedZone,
+                });
+            }
+        }
+        // Grant all handlers permission to manage connections
+        const allHandlers = new Set();
+        if (connectHandler)
+            allHandlers.add(connectHandler);
+        if (disconnectHandler)
+            allHandlers.add(disconnectHandler);
+        if (defaultRouteHandler)
+            allHandlers.add(defaultRouteHandler);
+        Object.values(routes).forEach((h) => allHandlers.add(h));
+        for (const lambdaHandler of allHandlers) {
+            this.grantManageConnections(lambdaHandler);
+        }
+    }
+    //
+    //
+    // Public accessors
+    //
+    get api() {
+        return this._api;
+    }
+    get apiId() {
+        return this._api.apiId;
+    }
+    get certificate() {
+        return this._certificate;
+    }
+    get domainName() {
+        return this._domainName?.name;
+    }
+    /**
+     * The WebSocket endpoint URL.
+     * Uses custom domain if configured, otherwise returns the default stage URL.
+     */
+    get endpoint() {
+        if (this._host) {
+            return `wss://${this._host}`;
+        }
+        return this._stage.url;
+    }
+    get host() {
+        return this._host;
+    }
+    get stage() {
+        return this._stage;
+    }
+    /**
+     * The callback URL for API Gateway Management API.
+     * Use this URL to send messages to connected clients.
+     */
+    get callbackUrl() {
+        if (this._host) {
+            return `https://${this._host}`;
+        }
+        // Extract callback URL from stage URL
+        // Stage URL: wss://abc123.execute-api.us-east-1.amazonaws.com/production
+        // Callback URL: https://abc123.execute-api.us-east-1.amazonaws.com/production
+        return this._stage.url.replace("wss://", "https://");
+    }
+    //
+    //
+    // Public methods
+    //
+    /**
+     * Grant a Lambda function permission to manage WebSocket connections
+     * (post to connections, delete connections).
+     */
+    grantManageConnections(grantee) {
+        return iam.Grant.addToPrincipal({
+            actions: ["execute-api:ManageConnections"],
+            grantee: grantee.grantPrincipal,
+            resourceArns: [
+                Stack.of(this).formatArn({
+                    arnFormat: ArnFormat.SLASH_RESOURCE_SLASH_RESOURCE_NAME,
+                    resource: this._api.apiId,
+                    resourceName: `${this._stage.stageName}/*`,
+                    service: "execute-api",
+                }),
+            ],
+        });
+    }
+}
+
+/**
+ * JaypieWebSocketLambda - A Lambda function optimized for WebSocket handlers.
+ *
+ * Provides sensible defaults for WebSocket event handling:
+ * - 30 second timeout (same as API handlers)
+ * - API role tag
+ *
+ * @example
+ * ```typescript
+ * const handler = new JaypieWebSocketLambda(this, "ChatHandler", {
+ *   code: "dist/handlers",
+ *   handler: "chat.handler",
+ *   secrets: ["MONGODB_URI"],
+ * });
+ *
+ * new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler,
+ * });
+ * ```
+ */
+class JaypieWebSocketLambda extends JaypieLambda {
+    constructor(scope, id, props) {
+        super(scope, id, {
+            roleTag: CDK$2.ROLE.API,
+            timeout: Duration.seconds(CDK$2.DURATION.EXPRESS_API),
+            ...props,
+        });
+    }
+}
+
+//
+//
+// Main
+//
+/**
+ * JaypieWebSocketTable - DynamoDB table for storing WebSocket connection IDs.
+ *
+ * Provides a simple table structure for tracking active WebSocket connections:
+ * - Partition key: connectionId (String)
+ * - TTL attribute: expiresAt (for automatic cleanup)
+ * - Optional GSI: userId-index (for looking up connections by user)
+ *
+ * @example
+ * ```typescript
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections");
+ *
+ * const ws = new JaypieWebSocket(this, "Chat", {
+ *   host: "ws.example.com",
+ *   handler: chatHandler,
+ * });
+ *
+ * // Grant Lambda access to the table
+ * connectionTable.grantReadWriteData(chatHandler);
+ *
+ * // Pass table name to Lambda
+ * chatHandler.addEnvironment("CONNECTION_TABLE", connectionTable.tableName);
+ * ```
+ *
+ * @example
+ * // With user index for looking up all connections for a user
+ * const connectionTable = new JaypieWebSocketTable(this, "Connections", {
+ *   userIndex: true,
+ *   ttl: Duration.hours(12),
+ * });
+ */
+class JaypieWebSocketTable extends Construct {
+    constructor(scope, id, props = {}) {
+        super(scope, id);
+        const { roleTag = CDK$2.ROLE.STORAGE, tableName, ttl = Duration.hours(24), userIndex = false, } = props;
+        this._ttlDuration = ttl;
+        // Build global secondary indexes
+        const globalSecondaryIndexes = [];
+        if (userIndex) {
+            globalSecondaryIndexes.push({
+                indexName: "userId-index",
+                partitionKey: { name: "userId", type: dynamodb.AttributeType.STRING },
+                sortKey: { name: "connectedAt", type: dynamodb.AttributeType.STRING },
+            });
+        }
+        // Create the table
+        this._table = new dynamodb.TableV2(this, "Table", {
+            billing: dynamodb.Billing.onDemand(),
+            globalSecondaryIndexes: globalSecondaryIndexes.length > 0 ? globalSecondaryIndexes : undefined,
+            partitionKey: {
+                name: "connectionId",
+                type: dynamodb.AttributeType.STRING,
+            },
+            removalPolicy: RemovalPolicy.DESTROY,
+            tableName: tableName || constructEnvName("WebSocketConnections"),
+            timeToLiveAttribute: "expiresAt",
+        });
+        Tags.of(this._table).add(CDK$2.TAG.ROLE, roleTag);
+    }
+    //
+    //
+    // Public accessors
+    //
+    /**
+     * The underlying DynamoDB TableV2 construct.
+     */
+    get table() {
+        return this._table;
+    }
+    /**
+     * The name of the DynamoDB table.
+     */
+    get tableName() {
+        return this._table.tableName;
+    }
+    /**
+     * The ARN of the DynamoDB table.
+     */
+    get tableArn() {
+        return this._table.tableArn;
+    }
+    /**
+     * TTL duration for connections in seconds.
+     * Use this to calculate expiresAt when storing connections.
+     */
+    get ttlSeconds() {
+        return this._ttlDuration.toSeconds();
+    }
+    //
+    //
+    // Grant methods
+    //
+    /**
+     * Grant read permissions to the table.
+     */
+    grantReadData(grantee) {
+        return this._table.grantReadData(grantee);
+    }
+    /**
+     * Grant write permissions to the table.
+     */
+    grantWriteData(grantee) {
+        return this._table.grantWriteData(grantee);
+    }
+    /**
+     * Grant read and write permissions to the table.
+     */
+    grantReadWriteData(grantee) {
+        return this._table.grantReadWriteData(grantee);
+    }
+    //
+    //
+    // Convenience methods
+    //
+    /**
+     * Add the table name to a Lambda function's environment variables.
+     * Also grants read/write access to the table.
+     */
+    connectLambda(lambdaFunction, options = {}) {
+        const { envKey = "CONNECTION_TABLE", readOnly = false } = options;
+        // Add environment variable
+        if ("addEnvironment" in lambdaFunction) {
+            lambdaFunction.addEnvironment(envKey, this.tableName);
+        }
+        // Grant permissions
+        if (readOnly) {
+            this.grantReadData(lambdaFunction.grantPrincipal);
+        }
+        else {
+            this.grantReadWriteData(lambdaFunction.grantPrincipal);
+        }
+    }
+}
+
+export { CDK$2 as CDK, JaypieAccountLoggingBucket, JaypieApiGateway, JaypieAppStack, JaypieBucketQueuedLambda, JaypieCertificate, JaypieDatadogBucket, JaypieDatadogForwarder, JaypieDatadogSecret, JaypieDistribution, JaypieDnsRecord, JaypieDynamoDb, JaypieEnvSecret, JaypieEventsRule, JaypieExpressLambda, JaypieGitHubDeployRole, JaypieHostedZone, JaypieInfrastructureStack, JaypieLambda, JaypieMongoDbSecret, JaypieNextJs, JaypieOpenAiSecret, JaypieOrganizationTrail, JaypieQueuedLambda, JaypieSsoPermissions, JaypieSsoSyncApplication, JaypieStack, JaypieStaticWebBucket, JaypieTraceSigningKeySecret, JaypieWebDeploymentBucket, JaypieWebSocket, JaypieWebSocketLambda, JaypieWebSocketTable, addDatadogLayers, clearAllCertificateCaches, clearAllSecretsCaches, clearCertificateCache, clearSecretsCache, constructEnvName, constructStackName, constructTagger, envHostname, extendDatadogRole, isEnv, isProductionEnv, isSandboxEnv, isValidHostname$1 as isValidHostname, isValidSubdomain, jaypieLambdaEnv, mergeDomain, resolveCertificate, resolveDatadogForwarderFunction, resolveDatadogLayers, resolveDatadogLoggingDestination, resolveEnvironment, resolveHostedZone, resolveParamsAndSecrets, resolveSecrets };
 //# sourceMappingURL=index.js.map