@quiltdata/benchling-webhook 0.8.8 → 0.9.0-20251126T040420Z

package/dist/lib/alb-api-gateway.js

@@ -1,211 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AlbApiGateway = void 0;
-const cdk = __importStar(require("aws-cdk-lib"));
-const apigateway = __importStar(require("aws-cdk-lib/aws-apigateway"));
-const iam = __importStar(require("aws-cdk-lib/aws-iam"));
-const logs = __importStar(require("aws-cdk-lib/aws-logs"));
-class AlbApiGateway {
-    constructor(scope, id, props) {
-        const { config } = props;
-        this.logGroup = new logs.LogGroup(scope, "ApiGatewayAccessLogs", {
-            logGroupName: "/aws/apigateway/benchling-webhook",
-            retention: logs.RetentionDays.ONE_WEEK,
-            removalPolicy: cdk.RemovalPolicy.DESTROY,
-        });
-        this.createCloudWatchRole(scope);
-        // Get webhook allow list from config
-        const webhookAllowList = config.security?.webhookAllowList || "";
-        // Parse IP allowlist for resource policy
-        let allowedIps = undefined;
-        if (webhookAllowList) {
-            if (cdk.Token.isUnresolved(webhookAllowList)) {
-                // For CDK tokens (parameters), we can't evaluate at synth time
-                // Split and let CloudFormation handle it
-                allowedIps = cdk.Fn.split(",", webhookAllowList);
-            }
-            else if (webhookAllowList.trim() !== "") {
-                // For concrete values, parse and filter
-                const parsed = webhookAllowList
-                    .split(",")
-                    .map(ip => ip.trim())
-                    .filter(ip => ip.length > 0);
-                if (parsed.length > 0) {
-                    allowedIps = parsed;
-                }
-            }
-        }
-        // Create resource policy for IP filtering at the edge
-        // Only create policy if we have IPs and they're not from an empty parameter
-        const policyDocument = this.createResourcePolicy(allowedIps, webhookAllowList);
-        this.api = new apigateway.RestApi(scope, "BenchlingWebhookAPI", {
-            restApiName: "BenchlingWebhookAPI",
-            policy: policyDocument,
-            deployOptions: {
-                stageName: "prod",
-                accessLogDestination: new apigateway.LogGroupLogDestination(this.logGroup),
-                methodOptions: {
-                    "/*/*": {
-                        loggingLevel: apigateway.MethodLoggingLevel.INFO,
-                        dataTraceEnabled: true,
-                    },
-                },
-            },
-        });
-        this.addWebhookEndpoints(props.loadBalancer);
-        // Output API Gateway ID for execution logs
-        new cdk.CfnOutput(scope, "ApiGatewayId", {
-            value: this.api.restApiId,
-            description: "API Gateway REST API ID",
-        });
-        // Output execution log group name
-        new cdk.CfnOutput(scope, "ApiGatewayExecutionLogGroup", {
-            value: `API-Gateway-Execution-Logs_${this.api.restApiId}/prod`,
-            description: "API Gateway execution log group for detailed request/response logs",
-        });
-        // Output ALB DNS for direct testing
-        new cdk.CfnOutput(scope, "LoadBalancerDNS", {
-            value: props.loadBalancer.loadBalancerDnsName,
-            description: "Application Load Balancer DNS name for direct testing",
-        });
-    }
-    createResourcePolicy(allowedIps, rawParameter) {
-        // Don't create policy if no IPs provided
-        if (!allowedIps) {
-            return undefined;
-        }
-        // Don't create policy for empty arrays
-        if (Array.isArray(allowedIps) && allowedIps.length === 0) {
-            return undefined;
-        }
-        // For CDK tokens (CloudFormation parameters), we can't evaluate at synth time
-        // Don't create policy for parameters since we can't conditionally apply them
-        // API Gateway doesn't support conditional policies, so we skip the policy entirely
-        // when using parameters. This means WebhookAllowList parameter won't work for
-        // runtime IP filtering - IPs must be set at deployment time.
-        if (rawParameter && cdk.Token.isUnresolved(rawParameter)) {
-            return undefined;
-        }
-        return new iam.PolicyDocument({
-            statements: [
-                new iam.PolicyStatement({
-                    effect: iam.Effect.ALLOW,
-                    principals: [new iam.AnyPrincipal()],
-                    actions: ["execute-api:Invoke"],
-                    resources: ["execute-api:/*"],
-                    conditions: {
-                        IpAddress: {
-                            "aws:SourceIp": allowedIps,
-                        },
-                    },
-                }),
-            ],
-        });
-    }
-    createCloudWatchRole(scope) {
-        const cloudWatchRole = new iam.Role(scope, "ApiGatewayCloudWatchRole", {
-            assumedBy: new iam.ServicePrincipal("apigateway.amazonaws.com"),
-            managedPolicies: [
-                iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AmazonAPIGatewayPushToCloudWatchLogs"),
-            ],
-        });
-        new apigateway.CfnAccount(scope, "ApiGatewayAccount", {
-            cloudWatchRoleArn: cloudWatchRole.roleArn,
-        });
-        return cloudWatchRole;
-    }
-    addWebhookEndpoints(loadBalancer) {
-        // Create HTTP integration to ALB
-        const albIntegration = new apigateway.HttpIntegration(`http://${loadBalancer.loadBalancerDnsName}/{proxy}`, {
-            httpMethod: "ANY",
-            options: {
-                requestParameters: {
-                    "integration.request.path.proxy": "method.request.path.proxy",
-                },
-                integrationResponses: [
-                    {
-                        statusCode: "200",
-                    },
-                    {
-                        statusCode: "400",
-                        selectionPattern: "4\\d{2}",
-                    },
-                    {
-                        statusCode: "500",
-                        selectionPattern: "5\\d{2}",
-                    },
-                ],
-            },
-        });
-        // Create proxy resource to forward all requests to ALB
-        const proxyResource = this.api.root.addResource("{proxy+}");
-        proxyResource.addMethod("ANY", albIntegration, {
-            requestParameters: {
-                "method.request.path.proxy": true,
-            },
-            methodResponses: [
-                { statusCode: "200" },
-                { statusCode: "400" },
-                { statusCode: "500" },
-            ],
-        });
-        // Also handle root path
-        this.api.root.addMethod("ANY", new apigateway.HttpIntegration(`http://${loadBalancer.loadBalancerDnsName}/`, {
-            httpMethod: "ANY",
-            options: {
-                integrationResponses: [
-                    { statusCode: "200" },
-                    {
-                        statusCode: "400",
-                        selectionPattern: "4\\d{2}",
-                    },
-                    {
-                        statusCode: "500",
-                        selectionPattern: "5\\d{2}",
-                    },
-                ],
-            },
-        }), {
-            methodResponses: [
-                { statusCode: "200" },
-                { statusCode: "400" },
-                { statusCode: "500" },
-            ],
-        });
-    }
-}
-exports.AlbApiGateway = AlbApiGateway;
-//# sourceMappingURL=alb-api-gateway.js.map

package/dist/lib/alb-api-gateway.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"alb-api-gateway.js","sourceRoot":"","sources":["../../lib/alb-api-gateway.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AACnC,uEAAyD;AACzD,yDAA2C;AAC3C,2DAA6C;AAe7C,MAAa,aAAa;IAItB,YACI,KAAgB,EAChB,EAAU,EACV,KAAyB;QAEzB,MAAM,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAEzB,IAAI,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,sBAAsB,EAAE;YAC7D,YAAY,EAAE,mCAAmC;YACjD,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ;YACtC,aAAa,EAAE,GAAG,CAAC,aAAa,CAAC,OAAO;SAC3C,CAAC,CAAC;QAEH,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAEjC,qCAAqC;QACrC,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,EAAE,CAAC;QAEjE,yCAAyC;QACzC,IAAI,UAAU,GAAyB,SAAS,CAAC;QACjD,IAAI,gBAAgB,EAAE,CAAC;YACnB,IAAI,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3C,+DAA+D;gBAC/D,yCAAyC;gBACzC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAwB,CAAC;YAC5E,CAAC;iBAAM,IAAI,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBACxC,wCAAwC;gBACxC,MAAM,MAAM,GAAG,gBAAgB;qBAC1B,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;qBACpB,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACjC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpB,UAAU,GAAG,MAAM,CAAC;gBACxB,CAAC;YACL,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,4EAA4E;QAC5E,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAE/E,IAAI,CAAC,GAAG,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,qBAAqB,EAAE;YAC5D,WAAW,EAAE,qBAAqB;YAClC,MAAM,EAAE,cAAc;YACtB,aAAa,EAAE;gBACX,SAAS,EAAE,MAAM;gBACjB,oBAAoB,EAAE,IAAI,UAAU,CAAC,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAC1E,aAAa,EAAE;oBACX,MAAM,EAAE;wBACJ,YAAY,EAAE,UAAU,CAAC,kBAAkB,CAAC,IAAI;wBAChD,gBAAgB,EAAE,IAAI;qBACzB;iBACJ;aACJ;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAE7C,2CAA2C;QAC3C,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,EAAE;YACrC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS;YACzB,WAAW,EAAE,yBAAyB;SACzC,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,6BAA6B,EAAE;YACpD,KAAK,EAAE,8BAA8B,IAAI,CAAC,GAAG,CAAC,SAAS,OAAO;YAC9D,WAAW,EAAE,oEAAoE;SACpF,CAAC,CAAC;QAEH,oCAAoC;QACpC,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,iBAAiB,EAAE;YACxC,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,mBAAmB;YAC7C,WAAW,EAAE,uDAAuD;SACvE,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB,CACxB,UAAgC,EAChC,YAAgC;QAEhC,yCAAyC;QACzC,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,uCAAuC;QACvC,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvD,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,8EAA8E;QAC9E,6EAA6E;QAC7E,mFAAmF;QACnF,8EAA8E;QAC9E,6DAA6D;QAC7D,IAAI,YAAY,IAAI,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC;YACvD,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,GAAG,CAAC,cAAc,CAAC;YAC1B,UAAU,EAAE;gBACR,IAAI,GAAG,CAAC,eAAe,CAAC;oBACpB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;oBACxB,UAAU,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;oBACpC,OAAO,EAAE,CAAC,oBAAoB,CAAC;oBAC/B,SAAS,EAAE,CAAC,gBAAgB,CAAC;oBAC7B,UAAU,EAAE;wBACR,SAAS,EAAE;4BACP,cAAc,EAAE,UAAU;yBAC7B;qBACJ;iBACJ,CAAC;aACL;SACJ,CAAC,CAAC;IACP,CAAC;IAEO,oBAAoB,CAAC,KAAgB;QACzC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,0BAA0B,EAAE;YACnE,SAAS,EAAE,IAAI,GAAG,CAAC,gBAAgB,CAAC,0BAA0B,CAAC;YAC/D,eAAe,EAAE;gBACb,GAAG,CAAC,aAAa,CAAC,wBAAwB,CACtC,mDAAmD,CACtD;aACJ;SACJ,CAAC,CAAC;QAEH,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,mBAAmB,EAAE;YAClD,iBAAiB,EAAE,cAAc,CAAC,OAAO;SAC5C,CAAC,CAAC;QAEH,OAAO,cAAc,CAAC;IAC1B,CAAC;IAEO,mBAAmB,CACvB,YAA2C;QAE3C,iCAAiC;QACjC,MAAM,cAAc,GAAG,IAAI,UAAU,CAAC,eAAe,CACjD,UAAU,YAAY,CAAC,mBAAmB,UAAU,EACpD;YACI,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACL,iBAAiB,EAAE;oBACf,gCAAgC,EAAE,2BAA2B;iBAChE;gBACD,oBAAoB,EAAE;oBAClB;wBACI,UAAU,EAAE,KAAK;qBACpB;oBACD;wBACI,UAAU,EAAE,KAAK;wBACjB,gBAAgB,EAAE,SAAS;qBAC9B;oBACD;wBACI,UAAU,EAAE,KAAK;wBACjB,gBAAgB,EAAE,SAAS;qBAC9B;iBACJ;aACJ;SACJ,CACJ,CAAC;QAEF,uDAAuD;QACvD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC5D,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,EAAE;YAC3C,iBAAiB,EAAE;gBACf,2BAA2B,EAAE,IAAI;aACpC;YACD,eAAe,EAAE;gBACb,EAAE,UAAU,EAAE,KAAK,EAAE;gBACrB,EAAE,UAAU,EAAE,KAAK,EAAE;gBACrB,EAAE,UAAU,EAAE,KAAK,EAAE;aACxB;SACJ,CAAC,CAAC;QAEH,wBAAwB;QACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,UAAU,CAAC,eAAe,CACzD,UAAU,YAAY,CAAC,mBAAmB,GAAG,EAC7C;YACI,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACL,oBAAoB,EAAE;oBAClB,EAAE,UAAU,EAAE,KAAK,EAAE;oBACrB;wBACI,UAAU,EAAE,KAAK;wBACjB,gBAAgB,EAAE,SAAS;qBAC9B;oBACD;wBACI,UAAU,EAAE,KAAK;wBACjB,gBAAgB,EAAE,SAAS;qBAC9B;iBACJ;aACJ;SACJ,CACJ,EAAE;YACC,eAAe,EAAE;gBACb,EAAE,UAAU,EAAE,KAAK,EAAE;gBACrB,EAAE,UAAU,EAAE,KAAK,EAAE;gBACrB,EAAE,UAAU,EAAE,KAAK,EAAE;aACxB;SACJ,CAAC,CAAC;IACP,CAAC;CACJ;AA/MD,sCA+MC"}