@openhi/constructs 0.0.11 → 0.0.13

package/lib/index.mjs

@@ -802,15 +802,6 @@ import {
 } from "aws-cdk-lib/aws-cognito";
 import { Key as Key2 } from "aws-cdk-lib/aws-kms";
 var _OpenHiAuthService = class _OpenHiAuthService extends OpenHiService {
-  constructor(ohEnv, props = {}) {
-    super(ohEnv, _OpenHiAuthService.SERVICE_TYPE, props);
-    this.props = props;
-    this.userPoolKmsKey = this.createUserPoolKmsKey();
-    this.preTokenGenerationLambda = this.createPreTokenGenerationLambda();
-    this.userPool = this.createUserPool();
-    this.userPoolClient = this.createUserPoolClient();
-    this.userPoolDomain = this.createUserPoolDomain();
-  }
   /**
    * Returns an IUserPool by looking up the Auth stack's User Pool ID from SSM.
    */
@@ -861,6 +852,15 @@ var _OpenHiAuthService = class _OpenHiAuthService extends OpenHiService {
   get serviceType() {
     return _OpenHiAuthService.SERVICE_TYPE;
   }
+  constructor(ohEnv, props = {}) {
+    super(ohEnv, _OpenHiAuthService.SERVICE_TYPE, props);
+    this.props = props;
+    this.userPoolKmsKey = this.createUserPoolKmsKey();
+    this.preTokenGenerationLambda = this.createPreTokenGenerationLambda();
+    this.userPool = this.createUserPool();
+    this.userPoolClient = this.createUserPoolClient();
+    this.userPoolDomain = this.createUserPoolDomain();
+  }
   /**
    * Creates the KMS key for the Cognito User Pool and exports its ARN to SSM.
    * Look up via {@link OpenHiAuthService.userPoolKmsKeyFromConstruct}.
@@ -992,6 +992,7 @@ var _OpenHiGlobalService = class _OpenHiGlobalService extends OpenHiService {
   }
   constructor(ohEnv, props = {}) {
     super(ohEnv, _OpenHiGlobalService.SERVICE_TYPE, props);
+    this.props = props;
     this.validateConfig(props);
     this.rootHostedZone = this.createRootHostedZone();
     this.childHostedZone = this.createChildHostedZone();
@@ -1052,9 +1053,11 @@ var OpenHiGlobalService = _OpenHiGlobalService;
 
 // src/services/open-hi-rest-api-service.ts
 import {
+  CorsHttpMethod,
   DomainName,
   HttpApi as HttpApi2,
   HttpMethod,
+  HttpNoneAuthorizer,
   HttpRoute,
   HttpRouteKey
 } from "aws-cdk-lib/aws-apigatewayv2";
@@ -1067,6 +1070,7 @@ import {
   RecordTarget
 } from "aws-cdk-lib/aws-route53";
 import { ApiGatewayv2DomainProperties } from "aws-cdk-lib/aws-route53-targets";
+import { Duration as Duration2 } from "aws-cdk-lib/core";
 
 // src/services/open-hi-data-service.ts
 import { Table as Table2 } from "aws-cdk-lib/aws-dynamodb";
@@ -1103,6 +1107,7 @@ var _OpenHiDataService = class _OpenHiDataService extends OpenHiService {
   }
   constructor(ohEnv, props = {}) {
     super(ohEnv, _OpenHiDataService.SERVICE_TYPE, props);
+    this.props = props;
     this.dataEventBus = this.createDataEventBus();
     this.opsEventBus = this.createOpsEventBus();
     this.dataStore = this.createDataStore();
@@ -1180,6 +1185,7 @@ var _OpenHiRestApiService = class _OpenHiRestApiService extends OpenHiService {
   }
   constructor(ohEnv, props = {}) {
     super(ohEnv, _OpenHiRestApiService.SERVICE_TYPE, props);
+    this.props = props;
     this.validateConfig(props);
     const hostedZone = this.createHostedZone();
     const certificate = this.createCertificate();
@@ -1296,6 +1302,19 @@ var _OpenHiRestApiService = class _OpenHiRestApiService extends OpenHiService {
       })
     );
     const integration = new HttpLambdaIntegration("lambda-integration", lambda);
+    const noAuth = new HttpNoneAuthorizer();
+    new HttpRoute(this, "options-route-root", {
+      httpApi: this.rootHttpApi,
+      routeKey: HttpRouteKey.with("/", HttpMethod.OPTIONS),
+      integration,
+      authorizer: noAuth
+    });
+    new HttpRoute(this, "options-route-proxy", {
+      httpApi: this.rootHttpApi,
+      routeKey: HttpRouteKey.with("/{proxy+}", HttpMethod.OPTIONS),
+      integration,
+      authorizer: noAuth
+    });
     new HttpRoute(this, "proxy-route-root", {
       httpApi: this.rootHttpApi,
       routeKey: HttpRouteKey.with("/", HttpMethod.ANY),
@@ -1331,12 +1350,32 @@ var _OpenHiRestApiService = class _OpenHiRestApiService extends OpenHiService {
       userPool,
       { userPoolClients: [userPoolClient] }
     );
+    const cors = this.props.cors;
+    const corsPreflight = cors && cors.allowOrigins.length > 0 ? {
+      allowOrigins: cors.allowOrigins,
+      allowMethods: cors.allowMethods ?? [
+        CorsHttpMethod.GET,
+        CorsHttpMethod.HEAD,
+        CorsHttpMethod.POST,
+        CorsHttpMethod.PUT,
+        CorsHttpMethod.PATCH,
+        CorsHttpMethod.DELETE,
+        CorsHttpMethod.OPTIONS
+      ],
+      allowHeaders: cors.allowHeaders ?? [
+        "Content-Type",
+        "Authorization"
+      ],
+      allowCredentials: cors.allowCredentials ?? true,
+      maxAge: cors.maxAge ?? Duration2.days(1)
+    } : void 0;
     const rootHttpApi = new RootHttpApi(this, {
       defaultDomainMapping: {
         domainName,
         mappingKey: void 0
       },
-      defaultAuthorizer: cognitoAuthorizer
+      defaultAuthorizer: cognitoAuthorizer,
+      ...corsPreflight && { corsPreflight }
     });
     new DiscoverableStringParameter(this, "http-api-url-param", {
       ssmParamName: RootHttpApi.SSM_PARAM_NAME,