@kirkelliott/zap 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +19 -0
- package/dist/init.js +14 -11
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
34
34
|
};
|
|
35
35
|
})();
|
|
36
36
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
37
|
+
const client_lambda_1 = require("@aws-sdk/client-lambda");
|
|
37
38
|
const client_s3_1 = require("@aws-sdk/client-s3");
|
|
38
39
|
const commander_1 = require("commander");
|
|
39
40
|
const promises_1 = require("node:fs/promises");
|
|
@@ -151,4 +152,22 @@ program
|
|
|
151
152
|
const files = await walkZap(demoDir, 'demo');
|
|
152
153
|
await Promise.all(files.map(({ filePath, key }) => deployFile(b, filePath, key)));
|
|
153
154
|
});
|
|
155
|
+
program
|
|
156
|
+
.command('repair')
|
|
157
|
+
.description('re-apply Lambda Function URL public access permissions')
|
|
158
|
+
.action(async () => {
|
|
159
|
+
const cfg = readConfig();
|
|
160
|
+
const region = cfg.region ?? 'us-east-1';
|
|
161
|
+
const fn = cfg.functionArn ?? cfg.function ?? 'zap-runtime';
|
|
162
|
+
const lambda = new client_lambda_1.LambdaClient({ region });
|
|
163
|
+
await lambda.send(new client_lambda_1.UpdateFunctionUrlConfigCommand({ FunctionName: fn, AuthType: 'NONE', Cors: { AllowOrigins: ['*'], AllowMethods: ['*'], AllowHeaders: ['*'] } }));
|
|
164
|
+
try {
|
|
165
|
+
await lambda.send(new client_lambda_1.RemovePermissionCommand({ FunctionName: fn, StatementId: 'public-access' }));
|
|
166
|
+
}
|
|
167
|
+
catch { }
|
|
168
|
+
await lambda.send(new client_lambda_1.AddPermissionCommand({ FunctionName: fn, StatementId: 'public-access', Action: 'lambda:InvokeFunctionUrl', Principal: '*', FunctionUrlAuthType: 'NONE' }));
|
|
169
|
+
console.log('✓ permissions repaired');
|
|
170
|
+
if (cfg.url)
|
|
171
|
+
console.log(`\n → ${cfg.url.trim()}\n`);
|
|
172
|
+
});
|
|
154
173
|
program.parse();
|
package/dist/init.js
CHANGED
|
@@ -24,6 +24,19 @@ const policy = (bucket) => JSON.stringify({
|
|
|
24
24
|
{ Effect: 'Allow', Action: ['dynamodb:GetItem', 'dynamodb:PutItem', 'dynamodb:DeleteItem'], Resource: `arn:aws:dynamodb:*:*:table/${TABLE}` },
|
|
25
25
|
],
|
|
26
26
|
});
|
|
27
|
+
async function allowPublicUrl(lambda, functionArn) {
|
|
28
|
+
try {
|
|
29
|
+
await lambda.send(new client_lambda_1.RemovePermissionCommand({ FunctionName: functionArn, StatementId: 'public-access' }));
|
|
30
|
+
}
|
|
31
|
+
catch { }
|
|
32
|
+
await lambda.send(new client_lambda_1.AddPermissionCommand({
|
|
33
|
+
FunctionName: functionArn,
|
|
34
|
+
StatementId: 'public-access',
|
|
35
|
+
Action: 'lambda:InvokeFunctionUrl',
|
|
36
|
+
Principal: '*',
|
|
37
|
+
FunctionUrlAuthType: 'NONE',
|
|
38
|
+
}));
|
|
39
|
+
}
|
|
27
40
|
function step(label) {
|
|
28
41
|
process.stdout.write(` ${label.padEnd(24)}`);
|
|
29
42
|
return (note = '') => console.log(`✓${note ? ' ' + note : ''}`);
|
|
@@ -137,10 +150,6 @@ async function init(region) {
|
|
|
137
150
|
try {
|
|
138
151
|
const { FunctionUrl } = await lambda.send(new client_lambda_1.GetFunctionUrlConfigCommand({ FunctionName: FUNCTION }));
|
|
139
152
|
await lambda.send(new client_lambda_1.UpdateFunctionUrlConfigCommand({ FunctionName: FUNCTION, AuthType: 'NONE', Cors: { AllowOrigins: ['*'], AllowMethods: ['*'], AllowHeaders: ['*'] } }));
|
|
140
|
-
try {
|
|
141
|
-
await lambda.send(new client_lambda_1.AddPermissionCommand({ FunctionName: FUNCTION, StatementId: 'public-access', Action: 'lambda:InvokeFunctionUrl', Principal: '*', FunctionUrlAuthType: 'NONE' }));
|
|
142
|
-
}
|
|
143
|
-
catch { }
|
|
144
153
|
url = FunctionUrl;
|
|
145
154
|
}
|
|
146
155
|
catch (err) {
|
|
@@ -151,15 +160,9 @@ async function init(region) {
|
|
|
151
160
|
AuthType: 'NONE',
|
|
152
161
|
Cors: { AllowOrigins: ['*'], AllowMethods: ['*'], AllowHeaders: ['*'] },
|
|
153
162
|
}));
|
|
154
|
-
await lambda.send(new client_lambda_1.AddPermissionCommand({
|
|
155
|
-
FunctionName: FUNCTION,
|
|
156
|
-
StatementId: 'public-access',
|
|
157
|
-
Action: 'lambda:InvokeFunctionUrl',
|
|
158
|
-
Principal: '*',
|
|
159
|
-
FunctionUrlAuthType: 'NONE',
|
|
160
|
-
}));
|
|
161
163
|
url = FunctionUrl;
|
|
162
164
|
}
|
|
165
|
+
await allowPublicUrl(lambda, functionArn);
|
|
163
166
|
done();
|
|
164
167
|
(0, node_fs_1.writeFileSync)('.zaprc', JSON.stringify({ bucket, function: FUNCTION, table: TABLE, region, url, functionArn }, null, 2));
|
|
165
168
|
console.log(`\n → ${url.trim()}\n`);
|