@openhi/constructs 0.0.133 → 0.0.135

package/lib/index.mjs

@@ -460,10 +460,14 @@ var OpenHiService = class extends Stack {
     );
   }
   /**
-   * DNS prefix for this branche's child zone.
+   * DNS prefix for this branche's child zone. Capped at 56 chars so
+   * that a `<service>-<prefix>` hostname segment stays under the 63-byte
+   * DNS label limit even for the longest current prefix (`admin-`, 6
+   * bytes; the matching API uses `api-`, 4 bytes). 56 leaves 1 byte of
+   * headroom on the longer side.
    */
   get childZonePrefix() {
-    return paramCase(this.branchName).slice(0, 200);
+    return paramCase(this.branchName).slice(0, 56);
   }
 };
 
@@ -1507,6 +1511,9 @@ import {
   CachePolicy,
   CacheQueryStringBehavior,
   Distribution,
+  Function as CloudFrontFunction,
+  FunctionCode,
+  FunctionEventType,
   LambdaEdgeEventType,
   OriginProtocolPolicy,
   OriginRequestPolicy,
@@ -1526,7 +1533,7 @@ import { CloudFrontTarget } from "aws-cdk-lib/aws-route53-targets";
 import { Bucket as Bucket2 } from "aws-cdk-lib/aws-s3";
 import { Construct as Construct8 } from "constructs";
 var STATIC_HOSTING_SERVICE_TYPE = "website";
-var PER_BRANCH_PREVIEW_PREFIX = "admin-pr-";
+var PER_BRANCH_PREVIEW_PREFIX = "admin-";
 var DEFAULT_PREVIEW_EXPIRATION_DAYS = 14;
 var _StaticHosting = class _StaticHosting extends Construct8 {
   /**
@@ -1605,10 +1612,14 @@ var _StaticHosting = class _StaticHosting extends Construct8 {
       originAccessLevels: [AccessLevel.READ]
     });
     const hasCustomDomain = props.certificate !== void 0 && props.hostedZone !== void 0 && props.domainNames !== void 0 && props.domainNames.length > 0;
-    const additionalBehaviors = this.buildRestApiBehaviors(
+    const restApiWiring = this.buildRestApiBehaviors(
       stack.branchHash,
       props.restApi
     );
+    const additionalBehaviors = restApiWiring?.behaviors;
+    this.configJsonRewriteFunction = restApiWiring?.configJsonRewriteFunction;
+    this.hostCopyFunction = restApiWiring?.hostCopyFunction;
+    this.originRequestHandler = restApiWiring?.originRequestHandler;
     this.distribution = new Distribution(this, "distribution", {
       comment: `Static hosting distribution for ${props.description ?? id}`,
       ...hasCustomDomain ? {
@@ -1672,14 +1683,20 @@ var _StaticHosting = class _StaticHosting extends Construct8 {
     });
   }
   /**
-   * Builds the `/api/*` and `/api/control/runtime-config` behaviors backed
-   * by the REST API custom-domain origin. Returns `undefined` when no
-   * `restApi` prop is supplied so the Distribution stays S3-only.
+   * Builds the `/config.json`, `/api/*`, and `/api/control/runtime-config`
+   * behaviors backed by the REST API custom-domain origin, plus the
+   * viewer-request CloudFront Functions and the origin-request
+   * Lambda@Edge that route each request to the matching per-PR API
+   * origin. Returns `undefined` when no `restApi` prop is supplied so
+   * the Distribution stays S3-only.
    */
   buildRestApiBehaviors(branchHash, restApi) {
     if (restApi === void 0) {
       return void 0;
     }
+    const runtimeConfigPath = restApi.runtimeConfigPath ?? "/control/runtime-config";
+    const viewerHostPrefix = restApi.hostMapping?.viewerPrefix ?? "admin";
+    const apiHostPrefix = restApi.hostMapping?.apiPrefix ?? "api";
     const apiOrigin = new HttpOrigin(restApi.domainName, {
       protocolPolicy: OriginProtocolPolicy.HTTPS_ONLY
     });
@@ -1688,31 +1705,150 @@ var _StaticHosting = class _StaticHosting extends Construct8 {
       "runtime-config-cache-policy",
       {
         cachePolicyName: `static-hosting-runtime-config-${branchHash}`,
-        comment: "/api/control/runtime-config: cache key includes only `v` so the bundle's deploy-hash bust works automatically.",
+        comment: "/config.json: cache key keyed on Host + `v` so per-PR responses cannot leak across hosts.",
         defaultTtl: restApi.runtimeConfigCacheTtl?.defaultTtl ?? Duration5.minutes(5),
         minTtl: Duration5.seconds(0),
         maxTtl: restApi.runtimeConfigCacheTtl?.maxTtl ?? Duration5.hours(1),
-        headerBehavior: CacheHeaderBehavior.none(),
+        // `Host` keys the cache per-PR — the origin-request edge Lambda
+        // forwards each PR's request to its own API origin, and two
+        // PRs' /config.json payloads must not share a cache slot.
+        headerBehavior: CacheHeaderBehavior.allowList("Host"),
         queryStringBehavior: CacheQueryStringBehavior.allowList("v"),
         cookieBehavior: CacheCookieBehavior.none(),
         enableAcceptEncodingGzip: true,
         enableAcceptEncodingBrotli: true
       }
     );
+    const runtimeConfigPathLiteral = JSON.stringify(runtimeConfigPath);
+    const configJsonRewriteFunction = new CloudFrontFunction(
+      this,
+      "config-json-rewrite-function",
+      {
+        functionName: `static-hosting-config-json-rewrite-${branchHash}`,
+        // CloudFront caps `Comment` at 128 chars; the full rationale is in
+        // the preceding code comment.
+        comment: "Rewrites /config.json to the runtime-config path; copies Host into x-viewer-host.",
+        code: FunctionCode.fromInline(
+          [
+            "function handler(event) {",
+            "  var request = event.request;",
+            "  if (request.headers.host && request.headers.host.value) {",
+            "    request.headers['x-viewer-host'] = { value: request.headers.host.value };",
+            "  }",
+            `  request.uri = ${runtimeConfigPathLiteral};`,
+            "  return request;",
+            "}"
+          ].join("\n")
+        )
+      }
+    );
+    const hostCopyFunction = new CloudFrontFunction(
+      this,
+      "host-copy-function",
+      {
+        functionName: `static-hosting-host-copy-${branchHash}`,
+        // CloudFront caps `Comment` at 128 chars; the full rationale is in
+        // the preceding code comment.
+        comment: "Copies viewer Host into x-viewer-host for the origin-request Lambda@Edge.",
+        code: FunctionCode.fromInline(
+          [
+            "function handler(event) {",
+            "  var request = event.request;",
+            "  if (request.headers.host && request.headers.host.value) {",
+            "    request.headers['x-viewer-host'] = { value: request.headers.host.value };",
+            "  }",
+            "  return request;",
+            "}"
+          ].join("\n")
+        )
+      }
+    );
+    const originHandlerJs = path6.join(
+      __dirname,
+      "static-hosting.origin-request-handler.js"
+    );
+    const originHandlerTs = path6.join(
+      __dirname,
+      "static-hosting.origin-request-handler.ts"
+    );
+    const originHandlerEntry = fs6.existsSync(originHandlerJs) ? originHandlerJs : originHandlerTs;
+    const originRequestHandler = new NodejsFunction6(
+      this,
+      "origin-request-handler",
+      {
+        entry: originHandlerEntry,
+        handler: "originRequestHandler",
+        memorySize: 128,
+        runtime: Runtime6.NODEJS_LATEST,
+        logGroup: new LogGroup(this, "origin-request-handler-log-group", {
+          retention: RetentionDays.ONE_MONTH
+        }),
+        // Lambda@Edge forbids runtime env vars, so the host-prefix
+        // mapping is inlined into the bundle at synth time via esbuild
+        // `define`. The handler reads `process.env.VIEWER_HOST_PREFIX`
+        // and `process.env.API_HOST_PREFIX` at module load; esbuild
+        // replaces those identifiers with literal strings during
+        // bundling so the shipped code carries no env-var lookups.
+        bundling: {
+          define: {
+            "process.env.VIEWER_HOST_PREFIX": JSON.stringify(viewerHostPrefix),
+            "process.env.API_HOST_PREFIX": JSON.stringify(apiHostPrefix)
+          }
+        }
+      }
+    );
+    const originRequestEdgeLambda = {
+      functionVersion: originRequestHandler.currentVersion,
+      eventType: LambdaEdgeEventType.ORIGIN_REQUEST,
+      includeBody: false
+    };
     return {
-      "/api/control/runtime-config": {
-        origin: apiOrigin,
-        viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-        allowedMethods: AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
-        cachePolicy: runtimeConfigCachePolicy,
-        originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER
-      },
-      "/api/*": {
-        origin: apiOrigin,
-        viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-        allowedMethods: AllowedMethods.ALLOW_ALL,
-        cachePolicy: CachePolicy.CACHING_DISABLED,
-        originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER
+      configJsonRewriteFunction,
+      hostCopyFunction,
+      originRequestHandler,
+      behaviors: {
+        "/config.json": {
+          origin: apiOrigin,
+          viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+          cachePolicy: runtimeConfigCachePolicy,
+          originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
+          functionAssociations: [
+            {
+              function: configJsonRewriteFunction,
+              eventType: FunctionEventType.VIEWER_REQUEST
+            }
+          ],
+          edgeLambdas: [originRequestEdgeLambda]
+        },
+        "/api/control/runtime-config": {
+          origin: apiOrigin,
+          viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: AllowedMethods.ALLOW_GET_HEAD_OPTIONS,
+          cachePolicy: runtimeConfigCachePolicy,
+          originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
+          functionAssociations: [
+            {
+              function: hostCopyFunction,
+              eventType: FunctionEventType.VIEWER_REQUEST
+            }
+          ],
+          edgeLambdas: [originRequestEdgeLambda]
+        },
+        "/api/*": {
+          origin: apiOrigin,
+          viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: AllowedMethods.ALLOW_ALL,
+          cachePolicy: CachePolicy.CACHING_DISABLED,
+          originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
+          functionAssociations: [
+            {
+              function: hostCopyFunction,
+              eventType: FunctionEventType.VIEWER_REQUEST
+            }
+          ],
+          edgeLambdas: [originRequestEdgeLambda]
+        }
       }
     };
   }
@@ -1766,7 +1902,7 @@ var PerBranchHostname = class extends Construct9 {
         distributionId
       }
     );
-    this.record = new ARecord2(this, "alias-record", {
+    this.record = new ARecord2(this, `alias-record-${props.hostname}`, {
       zone: props.hostedZone,
       recordName: props.hostname,
       target: RecordTarget2.fromAlias(new CloudFrontTarget2(distribution))
@@ -3072,7 +3208,7 @@ var _OpenHiRestApiService = class _OpenHiRestApiService extends OpenHiService {
       integration
     });
     const apiPrefix = this.branchName === "main" ? `api` : `api-${this.childZonePrefix}`;
-    new ARecord3(this, "api-a-record", {
+    new ARecord3(this, `api-a-record-${apiPrefix}`, {
       zone: hostedZone,
       recordName: apiPrefix,
       target: RecordTarget3.fromAlias(
@@ -3208,7 +3344,6 @@ var OpenHiGraphqlService = _OpenHiGraphqlService;
 // src/services/open-hi-website-service.ts
 var import_config5 = __toESM(require_lib2());
 import { Bucket as Bucket3 } from "aws-cdk-lib/aws-s3";
-var OPENHI_PR_NUMBER_ENV_VAR = "OPENHI_PR_NUMBER";
 var SSM_PARAM_NAME_FULL_DOMAIN = "WEBSITE_FULL_DOMAIN";
 var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
   /**
@@ -3269,12 +3404,6 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
     this.props = props;
     this.validateConfig(props);
     const isReleaseBranch = this.branchName === this.defaultReleaseBranch;
-    this.prNumber = this.resolvePrNumber(props);
-    if (!isReleaseBranch && this.prNumber === void 0) {
-      throw new Error(
-        `OpenHiWebsiteService: prNumber is required on non-release-branch deploys (branchName="${this.branchName}", defaultReleaseBranch="${this.defaultReleaseBranch}"). Pass the \`prNumber\` prop or set the ${OPENHI_PR_NUMBER_ENV_VAR} env var.`
-      );
-    }
     const hostedZone = this.createHostedZone();
     this.fullDomain = this.computeFullDomain(hostedZone);
     const shouldCreateHostingInfra = props.createHostingInfrastructure ?? isReleaseBranch;
@@ -3329,32 +3458,12 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
     return OpenHiGlobalService.rootWildcardCertificateFromConstruct(this);
   }
   /**
-   * Resolves the PR number from props or the `OPENHI_PR_NUMBER` env var.
-   * Returns `undefined` on release-branch deploys where no PR number is
-   * needed.
-   */
-  resolvePrNumber(props) {
-    if (props.prNumber !== void 0) {
-      return props.prNumber;
-    }
-    const raw = process.env[OPENHI_PR_NUMBER_ENV_VAR]?.trim();
-    if (!raw) {
-      return void 0;
-    }
-    const parsed = Number.parseInt(raw, 10);
-    if (!Number.isInteger(parsed) || parsed <= 0) {
-      throw new Error(
-        `${OPENHI_PR_NUMBER_ENV_VAR} must be a positive integer; got "${raw}".`
-      );
-    }
-    return parsed;
-  }
-  /**
-   * Computes the full website domain from `domainPrefix`, the PR number,
-   * and the child zone name. Release-branch deploys serve at
-   * `\<domainPrefix\>.\<zone\>` (e.g. `admin.dev.openhi.org`); every other
-   * deploy serves a per-PR preview at `\<domainPrefix\>-pr-\<N\>.\<zone\>`
-   * (e.g. `admin-pr-123.dev.openhi.org`).
+   * Computes the full website domain from `domainPrefix`,
+   * `childZonePrefix`, and the child zone name. Release-branch deploys
+   * serve at `\<domainPrefix\>.\<zone\>` (e.g. `admin.dev.openhi.org`);
+   * every other deploy serves a per-PR preview at
+   * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>`
+   * (e.g. `admin-feat-1093-patient-migration.dev.openhi.org`).
    */
   computeFullDomain(hostedZone) {
     const subDomain = this.computeSubDomain();
@@ -3366,16 +3475,20 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
    * key prefix passed to {@link StaticContent} so the upload prefix
    * always matches the served hostname.
    *
-   * Non-release deploys compose the per-PR slug from
-   * {@link PER_BRANCH_PREVIEW_PREFIX} so the per-PR S3 key prefix
+   * Non-release deploys compose the per-PR slug as
+   * `\<domainPrefix\>-\<childZonePrefix\>`, mirroring the REST API's
+   * `api-\<childZonePrefix\>` convention. When `domainPrefix` is `admin`
+   * (the only consumer today), the resulting sub-domain starts with
+   * {@link PER_BRANCH_PREVIEW_PREFIX}, so the per-PR S3 key prefix
    * matches what `StaticHosting`'s lifecycle rule expires.
    */
   computeSubDomain() {
     const isReleaseBranch = this.branchName === this.defaultReleaseBranch;
+    const domainPrefix = this.props.domainPrefix ?? "www";
     if (isReleaseBranch) {
-      return this.props.domainPrefix ?? "www";
+      return domainPrefix;
     }
-    return `${PER_BRANCH_PREVIEW_PREFIX}${this.prNumber}`;
+    return `${domainPrefix}-${this.childZonePrefix}`;
   }
   /**
    * Creates the StaticHosting infrastructure (bucket + distribution +
@@ -3436,8 +3549,9 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
    * The S3 key prefix is `\<sub-domain\>.\<zone\>/\<contentDest\>` so the
    * upload location matches the Host-header-derived folder the Lambda@Edge
    * viewer-request handler prepends. Passing the zone name (rather than
-   * `this.fullDomain`) for the `fullDomain` prop keeps the prefix flat
-   * — `admin-pr-123.dev.openhi.org/`, not `admin-pr-123.admin.dev.openhi.org/`.
+   * `this.fullDomain`) for the `fullDomain` prop keeps the prefix flat —
+   * `admin-feat-foo.dev.openhi.org/`, not
+   * `admin-feat-foo.admin.dev.openhi.org/`.
    */
   createStaticContent(bucket) {
     const { contentSourceDirectory, contentDestinationDirectory } = this.props;
@@ -3451,9 +3565,10 @@ var _OpenHiWebsiteService = class _OpenHiWebsiteService extends OpenHiService {
   }
   /**
    * Creates the per-PR `PerBranchHostname` alias record on non-release
-   * branch deploys. The record points `\<domainPrefix\>-pr-\<N\>.\<zone\>`
-   * at the release-branch CloudFront distribution (resolved from SSM
-   * against {@link OpenHiService.releaseBranchHash}).
+   * branch deploys. The record points
+   * `\<domainPrefix\>-\<childZonePrefix\>.\<zone\>` at the release-branch
+   * CloudFront distribution (resolved from SSM against
+   * {@link OpenHiService.releaseBranchHash}).
    */
   createPerBranchHostname(hostedZone) {
     return new PerBranchHostname(this, "per-branch-hostname", {
@@ -4029,7 +4144,6 @@ export {
   DataStorePostgresReplica,
   DiscoverableStringParameter,
   DynamoDbDataStore,
-  OPENHI_PR_NUMBER_ENV_VAR,
   OPENHI_REPO_TAG_KEY_ENV_VAR,
   OPENHI_RESOURCE_URN_SYSTEM,
   OPENHI_TAG_KEY_PREFIX_ENV_VAR,