cdk-nextjs 0.0.0

package/lib/lambdas/sign-fn-url/sign-request.js

@@ -0,0 +1,119 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signRequest = signRequest;
+exports.getRegionFromLambdaUrl = getRegionFromLambdaUrl;
+exports.cfHeadersToHeaderBag = cfHeadersToHeaderBag;
+exports.headerBagToCfHeaders = headerBagToCfHeaders;
+exports.queryStringToQueryParamBag = queryStringToQueryParamBag;
+// we bundle lambdas during build, so below dependencies actually don't need to be included in "dependencies"
+// eslint-disable-next-line import/no-extraneous-dependencies
+const sha256_js_1 = require("@aws-crypto/sha256-js");
+// eslint-disable-next-line import/no-extraneous-dependencies
+const signature_v4_1 = require("@smithy/signature-v4");
+let sigv4;
+/**
+ * Enables use of IAM_AUTH on Lambda Function URL
+ * @link https://medium.com/@dario_26152/restrict-access-to-lambda-functionurl-to-cloudfront-using-aws-iam-988583834705
+ */
+async function signRequest(request) {
+    if (!sigv4) {
+        const region = getRegionFromLambdaUrl(request.origin?.custom?.domainName || "");
+        sigv4 = getSigV4(region);
+    }
+    // remove x-forwarded-for b/c it changes from hop to hop
+    delete request.headers["x-forwarded-for"];
+    const headerBag = cfHeadersToHeaderBag(request.headers);
+    const hostname = headerBag.host;
+    if (!hostname)
+        throw new Error("host header missing");
+    let body;
+    if (request.body?.data) {
+        body = Buffer.from(request.body.data, "base64").toString();
+    }
+    const params = queryStringToQueryParamBag(request.querystring);
+    const signed = await sigv4.sign({
+        method: request.method,
+        headers: headerBag,
+        hostname,
+        path: request.uri,
+        body,
+        query: params,
+        protocol: "https",
+    });
+    request.headers = headerBagToCfHeaders(signed.headers);
+}
+function getSigV4(region) {
+    const accessKeyId = process.env.AWS_ACCESS_KEY_ID;
+    const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
+    const sessionToken = process.env.AWS_SESSION_TOKEN;
+    if (!region)
+        throw new Error("AWS_REGION missing");
+    if (!accessKeyId)
+        throw new Error("AWS_ACCESS_KEY_ID missing");
+    if (!secretAccessKey)
+        throw new Error("AWS_SECRET_ACCESS_KEY missing");
+    if (!sessionToken)
+        throw new Error("AWS_SESSION_TOKEN missing");
+    return new signature_v4_1.SignatureV4({
+        service: "lambda",
+        region,
+        credentials: {
+            accessKeyId,
+            secretAccessKey,
+            sessionToken,
+        },
+        sha256: sha256_js_1.Sha256,
+    });
+}
+function getRegionFromLambdaUrl(url) {
+    const region = url.split(".").at(2);
+    if (!region)
+        throw new Error("Region couldn't be extracted from Lambda Function URL");
+    return region;
+}
+/**
+ * Converts CloudFront headers (can have array of header values) to simple
+ * header bag (object) required by `sigv4.sign`
+ *
+ * NOTE: only includes headers allowed by origin policy to prevent signature
+ * mismatch
+ */
+function cfHeadersToHeaderBag(headers) {
+    const headerBag = {};
+    // assume first header value is the best match
+    // headerKey is case insensitive whereas key (adjacent property value that is
+    // not destructured) is case sensitive. we arbitrarily use case insensitive key
+    for (const [headerKey, [headerObj]] of Object.entries(headers)) {
+        const value = headerObj?.value;
+        if (value) {
+            headerBag[headerKey] = value;
+        }
+    }
+    return headerBag;
+}
+/**
+ * Converts simple header bag (object) to CloudFront headers
+ */
+function headerBagToCfHeaders(headerBag) {
+    const cfHeaders = {};
+    for (const [headerKey, value] of Object.entries(headerBag)) {
+        /*
+          When your Lambda function adds or modifies request headers and you don't include the header key field, Lambda@Edge automatically inserts a header key using the header name that you provide. Regardless of how you've formatted the header name, the header key that's inserted automatically is formatted with initial capitalization for each part, separated by hyphens (-).
+          See: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-event-structure.html
+        */
+        cfHeaders[headerKey] = [{ value }];
+    }
+    return cfHeaders;
+}
+/**
+ * Converts CloudFront querystring to QueryParamaterBag for IAM Sig V4
+ */
+function queryStringToQueryParamBag(querystring) {
+    const oldParams = new URLSearchParams(querystring);
+    const newParams = {};
+    for (const [k, v] of oldParams) {
+        newParams[k] = v;
+    }
+    return newParams;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lnbi1yZXF1ZXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xhbWJkYXMvc2lnbi1mbi11cmwvc2lnbi1yZXF1ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBYUEsa0NBMkJDO0FBc0JELHdEQUtDO0FBYUQsb0RBWUM7QUFLRCxvREFVQztBQUtELGdFQU9DO0FBdkhELDZHQUE2RztBQUM3Ryw2REFBNkQ7QUFDN0QscURBQStDO0FBQy9DLDZEQUE2RDtBQUM3RCx1REFBbUQ7QUFHbkQsSUFBSSxLQUFrQixDQUFDO0FBRXZCOzs7R0FHRztBQUNJLEtBQUssVUFBVSxXQUFXLENBQUMsT0FBMEI7SUFDMUQsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ1gsTUFBTSxNQUFNLEdBQUcsc0JBQXNCLENBQ25DLE9BQU8sQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLFVBQVUsSUFBSSxFQUFFLENBQ3pDLENBQUM7UUFDRixLQUFLLEdBQUcsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQzNCLENBQUM7SUFDRCx3REFBd0Q7SUFDeEQsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDMUMsTUFBTSxTQUFTLEdBQUcsb0JBQW9CLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3hELE1BQU0sUUFBUSxHQUFHLFNBQVMsQ0FBQyxJQUFJLENBQUM7SUFDaEMsSUFBSSxDQUFDLFFBQVE7UUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLHFCQUFxQixDQUFDLENBQUM7SUFDdEQsSUFBSSxJQUF3QixDQUFDO0lBQzdCLElBQUksT0FBTyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsQ0FBQztRQUN2QixJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUM3RCxDQUFDO0lBQ0QsTUFBTSxNQUFNLEdBQUcsMEJBQTBCLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9ELE1BQU0sTUFBTSxHQUFHLE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQztRQUM5QixNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU07UUFDdEIsT0FBTyxFQUFFLFNBQVM7UUFDbEIsUUFBUTtRQUNSLElBQUksRUFBRSxPQUFPLENBQUMsR0FBRztRQUNqQixJQUFJO1FBQ0osS0FBSyxFQUFFLE1BQU07UUFDYixRQUFRLEVBQUUsT0FBTztLQUNsQixDQUFDLENBQUM7SUFDSCxPQUFPLENBQUMsT0FBTyxHQUFHLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztBQUN6RCxDQUFDO0FBRUQsU0FBUyxRQUFRLENBQUMsTUFBYztJQUM5QixNQUFNLFdBQVcsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDO0lBQ2xELE1BQU0sZUFBZSxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMscUJBQXFCLENBQUM7SUFDMUQsTUFBTSxZQUFZLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQztJQUNuRCxJQUFJLENBQUMsTUFBTTtRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUNuRCxJQUFJLENBQUMsV0FBVztRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsZUFBZTtRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLENBQUMsQ0FBQztJQUN2RSxJQUFJLENBQUMsWUFBWTtRQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMsMkJBQTJCLENBQUMsQ0FBQztJQUNoRSxPQUFPLElBQUksMEJBQVcsQ0FBQztRQUNyQixPQUFPLEVBQUUsUUFBUTtRQUNqQixNQUFNO1FBQ04sV0FBVyxFQUFFO1lBQ1gsV0FBVztZQUNYLGVBQWU7WUFDZixZQUFZO1NBQ2I7UUFDRCxNQUFNLEVBQUUsa0JBQU07S0FDZixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBZ0Isc0JBQXNCLENBQUMsR0FBVztJQUNoRCxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNwQyxJQUFJLENBQUMsTUFBTTtRQUNULE1BQU0sSUFBSSxLQUFLLENBQUMsdURBQXVELENBQUMsQ0FBQztJQUMzRSxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBTUQ7Ozs7OztHQU1HO0FBQ0gsU0FBZ0Isb0JBQW9CLENBQUMsT0FBMEI7SUFDN0QsTUFBTSxTQUFTLEdBQVEsRUFBRSxDQUFDO0lBQzFCLDhDQUE4QztJQUM5Qyw2RUFBNkU7SUFDN0UsK0VBQStFO0lBQy9FLEtBQUssTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQy9ELE1BQU0sS0FBSyxHQUFHLFNBQVMsRUFBRSxLQUFLLENBQUM7UUFDL0IsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLFNBQVMsQ0FBQyxTQUFTLENBQUMsR0FBRyxLQUFLLENBQUM7UUFDL0IsQ0FBQztJQUNILENBQUM7SUFDRCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxTQUFnQixvQkFBb0IsQ0FBQyxTQUFjO0lBQ2pELE1BQU0sU0FBUyxHQUFzQixFQUFFLENBQUM7SUFDeEMsS0FBSyxNQUFNLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztRQUMzRDs7O1VBR0U7UUFDRixTQUFTLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUNELE9BQU8sU0FBUyxDQUFDO0FBQ25CLENBQUM7QUFFRDs7R0FFRztBQUNILFNBQWdCLDBCQUEwQixDQUFDLFdBQW1CO0lBQzVELE1BQU0sU0FBUyxHQUFHLElBQUksZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ25ELE1BQU0sU0FBUyxHQUFRLEVBQUUsQ0FBQztJQUMxQixLQUFLLE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksU0FBUyxFQUFFLENBQUM7UUFDL0IsU0FBUyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQixDQUFDO0lBQ0QsT0FBTyxTQUFTLENBQUM7QUFDbkIsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8vIHdlIGJ1bmRsZSBsYW1iZGFzIGR1cmluZyBidWlsZCwgc28gYmVsb3cgZGVwZW5kZW5jaWVzIGFjdHVhbGx5IGRvbid0IG5lZWQgdG8gYmUgaW5jbHVkZWQgaW4gXCJkZXBlbmRlbmNpZXNcIlxuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgU2hhMjU2IH0gZnJvbSBcIkBhd3MtY3J5cHRvL3NoYTI1Ni1qc1wiO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgU2lnbmF0dXJlVjQgfSBmcm9tIFwiQHNtaXRoeS9zaWduYXR1cmUtdjRcIjtcbmltcG9ydCB0eXBlIHsgQ2xvdWRGcm9udEhlYWRlcnMsIENsb3VkRnJvbnRSZXF1ZXN0IH0gZnJvbSBcImF3cy1sYW1iZGFcIjtcblxubGV0IHNpZ3Y0OiBTaWduYXR1cmVWNDtcblxuLyoqXG4gKiBFbmFibGVzIHVzZSBvZiBJQU1fQVVUSCBvbiBMYW1iZGEgRnVuY3Rpb24gVVJMXG4gKiBAbGluayBodHRwczovL21lZGl1bS5jb20vQGRhcmlvXzI2MTUyL3Jlc3RyaWN0LWFjY2Vzcy10by1sYW1iZGEtZnVuY3Rpb251cmwtdG8tY2xvdWRmcm9udC11c2luZy1hd3MtaWFtLTk4ODU4MzgzNDcwNVxuICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gc2lnblJlcXVlc3QocmVxdWVzdDogQ2xvdWRGcm9udFJlcXVlc3QpIHtcbiAgaWYgKCFzaWd2NCkge1xuICAgIGNvbnN0IHJlZ2lvbiA9IGdldFJlZ2lvbkZyb21MYW1iZGFVcmwoXG4gICAgICByZXF1ZXN0Lm9yaWdpbj8uY3VzdG9tPy5kb21haW5OYW1lIHx8IFwiXCIsXG4gICAgKTtcbiAgICBzaWd2NCA9IGdldFNpZ1Y0KHJlZ2lvbik7XG4gIH1cbiAgLy8gcmVtb3ZlIHgtZm9yd2FyZGVkLWZvciBiL2MgaXQgY2hhbmdlcyBmcm9tIGhvcCB0byBob3BcbiAgZGVsZXRlIHJlcXVlc3QuaGVhZGVyc1tcIngtZm9yd2FyZGVkLWZvclwiXTtcbiAgY29uc3QgaGVhZGVyQmFnID0gY2ZIZWFkZXJzVG9IZWFkZXJCYWcocmVxdWVzdC5oZWFkZXJzKTtcbiAgY29uc3QgaG9zdG5hbWUgPSBoZWFkZXJCYWcuaG9zdDtcbiAgaWYgKCFob3N0bmFtZSkgdGhyb3cgbmV3IEVycm9yKFwiaG9zdCBoZWFkZXIgbWlzc2luZ1wiKTtcbiAgbGV0IGJvZHk6IHN0cmluZyB8IHVuZGVmaW5lZDtcbiAgaWYgKHJlcXVlc3QuYm9keT8uZGF0YSkge1xuICAgIGJvZHkgPSBCdWZmZXIuZnJvbShyZXF1ZXN0LmJvZHkuZGF0YSwgXCJiYXNlNjRcIikudG9TdHJpbmcoKTtcbiAgfVxuICBjb25zdCBwYXJhbXMgPSBxdWVyeVN0cmluZ1RvUXVlcnlQYXJhbUJhZyhyZXF1ZXN0LnF1ZXJ5c3RyaW5nKTtcbiAgY29uc3Qgc2lnbmVkID0gYXdhaXQgc2lndjQuc2lnbih7XG4gICAgbWV0aG9kOiByZXF1ZXN0Lm1ldGhvZCxcbiAgICBoZWFkZXJzOiBoZWFkZXJCYWcsXG4gICAgaG9zdG5hbWUsXG4gICAgcGF0aDogcmVxdWVzdC51cmksXG4gICAgYm9keSxcbiAgICBxdWVyeTogcGFyYW1zLFxuICAgIHByb3RvY29sOiBcImh0dHBzXCIsXG4gIH0pO1xuICByZXF1ZXN0LmhlYWRlcnMgPSBoZWFkZXJCYWdUb0NmSGVhZGVycyhzaWduZWQuaGVhZGVycyk7XG59XG5cbmZ1bmN0aW9uIGdldFNpZ1Y0KHJlZ2lvbjogc3RyaW5nKTogU2lnbmF0dXJlVjQge1xuICBjb25zdCBhY2Nlc3NLZXlJZCA9IHByb2Nlc3MuZW52LkFXU19BQ0NFU1NfS0VZX0lEO1xuICBjb25zdCBzZWNyZXRBY2Nlc3NLZXkgPSBwcm9jZXNzLmVudi5BV1NfU0VDUkVUX0FDQ0VTU19LRVk7XG4gIGNvbnN0IHNlc3Npb25Ub2tlbiA9IHByb2Nlc3MuZW52LkFXU19TRVNTSU9OX1RPS0VOO1xuICBpZiAoIXJlZ2lvbikgdGhyb3cgbmV3IEVycm9yKFwiQVdTX1JFR0lPTiBtaXNzaW5nXCIpO1xuICBpZiAoIWFjY2Vzc0tleUlkKSB0aHJvdyBuZXcgRXJyb3IoXCJBV1NfQUNDRVNTX0tFWV9JRCBtaXNzaW5nXCIpO1xuICBpZiAoIXNlY3JldEFjY2Vzc0tleSkgdGhyb3cgbmV3IEVycm9yKFwiQVdTX1NFQ1JFVF9BQ0NFU1NfS0VZIG1pc3NpbmdcIik7XG4gIGlmICghc2Vzc2lvblRva2VuKSB0aHJvdyBuZXcgRXJyb3IoXCJBV1NfU0VTU0lPTl9UT0tFTiBtaXNzaW5nXCIpO1xuICByZXR1cm4gbmV3IFNpZ25hdHVyZVY0KHtcbiAgICBzZXJ2aWNlOiBcImxhbWJkYVwiLFxuICAgIHJlZ2lvbixcbiAgICBjcmVkZW50aWFsczoge1xuICAgICAgYWNjZXNzS2V5SWQsXG4gICAgICBzZWNyZXRBY2Nlc3NLZXksXG4gICAgICBzZXNzaW9uVG9rZW4sXG4gICAgfSxcbiAgICBzaGEyNTY6IFNoYTI1NixcbiAgfSk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBnZXRSZWdpb25Gcm9tTGFtYmRhVXJsKHVybDogc3RyaW5nKTogc3RyaW5nIHtcbiAgY29uc3QgcmVnaW9uID0gdXJsLnNwbGl0KFwiLlwiKS5hdCgyKTtcbiAgaWYgKCFyZWdpb24pXG4gICAgdGhyb3cgbmV3IEVycm9yKFwiUmVnaW9uIGNvdWxkbid0IGJlIGV4dHJhY3RlZCBmcm9tIExhbWJkYSBGdW5jdGlvbiBVUkxcIik7XG4gIHJldHVybiByZWdpb247XG59XG5cbi8qKlxuICogQmFnIG9yIE1hcCB1c2VkIGZvciBIZWFkZXJCYWcgb3IgUXVlcnlTdHJpbmdQYXJhbWV0ZXJCYWcgZm9yIGBzaWd2NC5zaWduKClgXG4gKi9cbnR5cGUgQmFnID0gUmVjb3JkPHN0cmluZywgc3RyaW5nPjtcbi8qKlxuICogQ29udmVydHMgQ2xvdWRGcm9udCBoZWFkZXJzIChjYW4gaGF2ZSBhcnJheSBvZiBoZWFkZXIgdmFsdWVzKSB0byBzaW1wbGVcbiAqIGhlYWRlciBiYWcgKG9iamVjdCkgcmVxdWlyZWQgYnkgYHNpZ3Y0LnNpZ25gXG4gKlxuICogTk9URTogb25seSBpbmNsdWRlcyBoZWFkZXJzIGFsbG93ZWQgYnkgb3JpZ2luIHBvbGljeSB0byBwcmV2ZW50IHNpZ25hdHVyZVxuICogbWlzbWF0Y2hcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNmSGVhZGVyc1RvSGVhZGVyQmFnKGhlYWRlcnM6IENsb3VkRnJvbnRIZWFkZXJzKTogQmFnIHtcbiAgY29uc3QgaGVhZGVyQmFnOiBCYWcgPSB7fTtcbiAgLy8gYXNzdW1lIGZpcnN0IGhlYWRlciB2YWx1ZSBpcyB0aGUgYmVzdCBtYXRjaFxuICAvLyBoZWFkZXJLZXkgaXMgY2FzZSBpbnNlbnNpdGl2ZSB3aGVyZWFzIGtleSAoYWRqYWNlbnQgcHJvcGVydHkgdmFsdWUgdGhhdCBpc1xuICAvLyBub3QgZGVzdHJ1Y3R1cmVkKSBpcyBjYXNlIHNlbnNpdGl2ZS4gd2UgYXJiaXRyYXJpbHkgdXNlIGNhc2UgaW5zZW5zaXRpdmUga2V5XG4gIGZvciAoY29uc3QgW2hlYWRlcktleSwgW2hlYWRlck9ial1dIG9mIE9iamVjdC5lbnRyaWVzKGhlYWRlcnMpKSB7XG4gICAgY29uc3QgdmFsdWUgPSBoZWFkZXJPYmo/LnZhbHVlO1xuICAgIGlmICh2YWx1ZSkge1xuICAgICAgaGVhZGVyQmFnW2hlYWRlcktleV0gPSB2YWx1ZTtcbiAgICB9XG4gIH1cbiAgcmV0dXJuIGhlYWRlckJhZztcbn1cblxuLyoqXG4gKiBDb252ZXJ0cyBzaW1wbGUgaGVhZGVyIGJhZyAob2JqZWN0KSB0byBDbG91ZEZyb250IGhlYWRlcnNcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGhlYWRlckJhZ1RvQ2ZIZWFkZXJzKGhlYWRlckJhZzogQmFnKTogQ2xvdWRGcm9udEhlYWRlcnMge1xuICBjb25zdCBjZkhlYWRlcnM6IENsb3VkRnJvbnRIZWFkZXJzID0ge307XG4gIGZvciAoY29uc3QgW2hlYWRlcktleSwgdmFsdWVdIG9mIE9iamVjdC5lbnRyaWVzKGhlYWRlckJhZykpIHtcbiAgICAvKlxuICAgICAgV2hlbiB5b3VyIExhbWJkYSBmdW5jdGlvbiBhZGRzIG9yIG1vZGlmaWVzIHJlcXVlc3QgaGVhZGVycyBhbmQgeW91IGRvbid0IGluY2x1ZGUgdGhlIGhlYWRlciBrZXkgZmllbGQsIExhbWJkYUBFZGdlIGF1dG9tYXRpY2FsbHkgaW5zZXJ0cyBhIGhlYWRlciBrZXkgdXNpbmcgdGhlIGhlYWRlciBuYW1lIHRoYXQgeW91IHByb3ZpZGUuIFJlZ2FyZGxlc3Mgb2YgaG93IHlvdSd2ZSBmb3JtYXR0ZWQgdGhlIGhlYWRlciBuYW1lLCB0aGUgaGVhZGVyIGtleSB0aGF0J3MgaW5zZXJ0ZWQgYXV0b21hdGljYWxseSBpcyBmb3JtYXR0ZWQgd2l0aCBpbml0aWFsIGNhcGl0YWxpemF0aW9uIGZvciBlYWNoIHBhcnQsIHNlcGFyYXRlZCBieSBoeXBoZW5zICgtKS5cbiAgICAgIFNlZTogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL2xhbWJkYS1ldmVudC1zdHJ1Y3R1cmUuaHRtbFxuICAgICovXG4gICAgY2ZIZWFkZXJzW2hlYWRlcktleV0gPSBbeyB2YWx1ZSB9XTtcbiAgfVxuICByZXR1cm4gY2ZIZWFkZXJzO1xufVxuXG4vKipcbiAqIENvbnZlcnRzIENsb3VkRnJvbnQgcXVlcnlzdHJpbmcgdG8gUXVlcnlQYXJhbWF0ZXJCYWcgZm9yIElBTSBTaWcgVjRcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIHF1ZXJ5U3RyaW5nVG9RdWVyeVBhcmFtQmFnKHF1ZXJ5c3RyaW5nOiBzdHJpbmcpOiBCYWcge1xuICBjb25zdCBvbGRQYXJhbXMgPSBuZXcgVVJMU2VhcmNoUGFyYW1zKHF1ZXJ5c3RyaW5nKTtcbiAgY29uc3QgbmV3UGFyYW1zOiBCYWcgPSB7fTtcbiAgZm9yIChjb25zdCBbaywgdl0gb2Ygb2xkUGFyYW1zKSB7XG4gICAgbmV3UGFyYW1zW2tdID0gdjtcbiAgfVxuICByZXR1cm4gbmV3UGFyYW1zO1xufVxuIl19

package/lib/lambdas/sign-fn-url/sign-request.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/lambdas/sign-fn-url/sign-request.test.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const sign_request_1 = require("./sign-request");
+describe("LambdaOriginRequestIamAuth", () => {
+    test("signRequest should add x-amz headers", async () => {
+        // dummy AWS credentials
+        process.env = { ...process.env, ...getFakeAwsCreds() };
+        const event = getFakePageRequest();
+        const request = event.Records[0]?.cf.request;
+        if (!request)
+            throw new Error("Missing request");
+        await (0, sign_request_1.signRequest)(request);
+        const securityHeaders = [
+            "x-amz-date",
+            "x-amz-security-token",
+            "x-amz-content-sha256",
+            "authorization",
+        ];
+        const hasSignedHeaders = securityHeaders.every((h) => h in request.headers);
+        expect(hasSignedHeaders).toBe(true);
+    });
+    test("getRegionFromLambdaUrl should correctly get region", () => {
+        const event = getFakePageRequest();
+        const request = event.Records[0]?.cf.request;
+        if (!request)
+            throw new Error("Missing request");
+        const actual = (0, sign_request_1.getRegionFromLambdaUrl)(request.origin?.custom?.domainName || "");
+        expect(actual).toBe("us-east-1");
+    });
+});
+function getFakePageRequest() {
+    return {
+        Records: [
+            {
+                cf: {
+                    config: {
+                        distributionDomainName: "d6b8brjqfujeb.cloudfront.net",
+                        distributionId: "EHX2SDUU61T7U",
+                        eventType: "origin-request",
+                        requestId: "",
+                    },
+                    request: {
+                        clientIp: "1.1.1.1",
+                        headers: {
+                            host: [
+                                {
+                                    key: "Host",
+                                    value: "d6b8brjqfujeb.cloudfront.net",
+                                },
+                            ],
+                            "accept-language": [
+                                {
+                                    key: "Accept-Language",
+                                    value: "en-US,en;q=0.9",
+                                },
+                            ],
+                            referer: [
+                                {
+                                    key: "Referer",
+                                    value: "https://d6b8brjqfujeb.cloudfront.net/some/path",
+                                },
+                            ],
+                            "x-forwarded-for": [
+                                {
+                                    key: "X-Forwarded-For",
+                                    value: "1.1.1.1",
+                                },
+                            ],
+                            "user-agent": [
+                                {
+                                    key: "User-Agent",
+                                    value: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36",
+                                },
+                            ],
+                            via: [
+                                {
+                                    key: "Via",
+                                    value: "2.0 8bf94e29f889f8d0076c4502ae008b58.cloudfront.net (CloudFront)",
+                                },
+                            ],
+                            "accept-encoding": [
+                                {
+                                    key: "Accept-Encoding",
+                                    value: "br,gzip",
+                                },
+                            ],
+                            "sec-ch-ua": [
+                                {
+                                    key: "sec-ch-ua",
+                                    value: '"Google Chrome";v="113", "Chromium";v="113", "Not-A.Brand";v="24"',
+                                },
+                            ],
+                        },
+                        method: "GET",
+                        querystring: "",
+                        uri: "/some/path",
+                        origin: {
+                            custom: {
+                                customHeaders: {},
+                                domainName: "kjtbbx7u533q7p7n5font6gpci0phrng.lambda-url.us-east-1.on.aws",
+                                keepaliveTimeout: 5,
+                                path: "",
+                                port: 443,
+                                protocol: "https",
+                                readTimeout: 30,
+                                sslProtocols: ["TLSv1.2"],
+                            },
+                        },
+                        body: {
+                            action: "read-only",
+                            data: "",
+                            encoding: "base64",
+                            inputTruncated: false,
+                        },
+                    },
+                },
+            },
+        ],
+    };
+}
+function getFakeAwsCreds() {
+    return {
+        AWS_REGION: "us-east-1",
+        AWS_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE",
+        AWS_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+        AWS_SESSION_TOKEN: "ZQoJb3JpZ2luX2VjEFgaCXVzLWVhc3QtMSJGMEQCIHijzdTXh59aSe2hRfCWpFd2/jacPUC+8rCq3qBIiuG2AiAGX8jqld+p04nPYfuShi1lLN/Z1hEXG9QSNEmEFLTxGSqmAgiR//////////8BEAIaDDI2ODkxNDQ2NTIzMSIMrAMO5/GTvMgoG+chKvoB4f4V1TfkZiHOlmeMK6Ep58mav65A0WU3K9WPzdrJojnGqqTuS85zTlKhm3lfmMxCOtwS/OlOuiBQ1MZNlksK2je1FazgbXN46fNSi+iHiY9VfyRAd0wSLmXB8FFrCGsU92QOy/+deji0qIVadsjEyvBRxzQj5oIUI5sb74Yt7uNvka9fVZcT4s4IndYda0N7oZwIrApCuzzBMuoMAhabmgVrZTbiLmvOiFHS2XZWBySABdygqaIzfV7G4hjckvcXhtxpkw+HJUZTNzVUlspghzte1UG6VvIRV8ax3kWA3zqm8nA/1gHkl40DubJIXz1AJbg5Cps5moE1pjD7vNijBjqeAZh0Q/e0awIHnV4dXMfXUu5mWJ7Db9K1eUlSSL9FyiKeKd94HEdrbIrnPuIWVT/I/5RjNm7NgPYiqmpyx3fSpVcq9CKws0oEfBw6J9Hxk0IhV8yWFZYNMWIarUUZdmL9vVeJmFZmwyL4JjY1s/SZIU/oa8DtvkmP4RG4tTJfpyyhoKL0wJOevkYyoigNllBlLN59SZAT8CCADpN/B+sK",
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lnbi1yZXF1ZXN0LnRlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGFtYmRhcy9zaWduLWZuLXVybC9zaWduLXJlcXVlc3QudGVzdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUNBLGlEQUFxRTtBQUVyRSxRQUFRLENBQUMsNEJBQTRCLEVBQUUsR0FBRyxFQUFFO0lBQzFDLElBQUksQ0FBQyxzQ0FBc0MsRUFBRSxLQUFLLElBQUksRUFBRTtRQUN0RCx3QkFBd0I7UUFDeEIsT0FBTyxDQUFDLEdBQUcsR0FBRyxFQUFFLEdBQUcsT0FBTyxDQUFDLEdBQUcsRUFBRSxHQUFHLGVBQWUsRUFBRSxFQUFFLENBQUM7UUFDdkQsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLEVBQUUsQ0FBQztRQUNuQyxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUM7UUFDN0MsSUFBSSxDQUFDLE9BQU87WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDakQsTUFBTSxJQUFBLDBCQUFXLEVBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0IsTUFBTSxlQUFlLEdBQUc7WUFDdEIsWUFBWTtZQUNaLHNCQUFzQjtZQUN0QixzQkFBc0I7WUFDdEIsZUFBZTtTQUNoQixDQUFDO1FBQ0YsTUFBTSxnQkFBZ0IsR0FBRyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzVFLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN0QyxDQUFDLENBQUMsQ0FBQztJQUVILElBQUksQ0FBQyxvREFBb0QsRUFBRSxHQUFHLEVBQUU7UUFDOUQsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLEVBQUUsQ0FBQztRQUNuQyxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUM7UUFDN0MsSUFBSSxDQUFDLE9BQU87WUFBRSxNQUFNLElBQUksS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDakQsTUFBTSxNQUFNLEdBQUcsSUFBQSxxQ0FBc0IsRUFDbkMsT0FBTyxDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsVUFBVSxJQUFJLEVBQUUsQ0FDekMsQ0FBQztRQUNGLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDbkMsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDLENBQUMsQ0FBQztBQUVILFNBQVMsa0JBQWtCO0lBQ3pCLE9BQU87UUFDTCxPQUFPLEVBQUU7WUFDUDtnQkFDRSxFQUFFLEVBQUU7b0JBQ0YsTUFBTSxFQUFFO3dCQUNOLHNCQUFzQixFQUFFLDhCQUE4Qjt3QkFDdEQsY0FBYyxFQUFFLGVBQWU7d0JBQy9CLFNBQVMsRUFBRSxnQkFBZ0I7d0JBQzNCLFNBQVMsRUFBRSxFQUFFO3FCQUNkO29CQUNELE9BQU8sRUFBRTt3QkFDUCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsT0FBTyxFQUFFOzRCQUNQLElBQUksRUFBRTtnQ0FDSjtvQ0FDRSxHQUFHLEVBQUUsTUFBTTtvQ0FDWCxLQUFLLEVBQUUsOEJBQThCO2lDQUN0Qzs2QkFDRjs0QkFDRCxpQkFBaUIsRUFBRTtnQ0FDakI7b0NBQ0UsR0FBRyxFQUFFLGlCQUFpQjtvQ0FDdEIsS0FBSyxFQUFFLGdCQUFnQjtpQ0FDeEI7NkJBQ0Y7NEJBQ0QsT0FBTyxFQUFFO2dDQUNQO29DQUNFLEdBQUcsRUFBRSxTQUFTO29DQUNkLEtBQUssRUFBRSxnREFBZ0Q7aUNBQ3hEOzZCQUNGOzRCQUNELGlCQUFpQixFQUFFO2dDQUNqQjtvQ0FDRSxHQUFHLEVBQUUsaUJBQWlCO29DQUN0QixLQUFLLEVBQUUsU0FBUztpQ0FDakI7NkJBQ0Y7NEJBQ0QsWUFBWSxFQUFFO2dDQUNaO29DQUNFLEdBQUcsRUFBRSxZQUFZO29DQUNqQixLQUFLLEVBQ0gsdUhBQXVIO2lDQUMxSDs2QkFDRjs0QkFDRCxHQUFHLEVBQUU7Z0NBQ0g7b0NBQ0UsR0FBRyxFQUFFLEtBQUs7b0NBQ1YsS0FBSyxFQUNILGtFQUFrRTtpQ0FDckU7NkJBQ0Y7NEJBQ0QsaUJBQWlCLEVBQUU7Z0NBQ2pCO29DQUNFLEdBQUcsRUFBRSxpQkFBaUI7b0NBQ3RCLEtBQUssRUFBRSxTQUFTO2lDQUNqQjs2QkFDRjs0QkFDRCxXQUFXLEVBQUU7Z0NBQ1g7b0NBQ0UsR0FBRyxFQUFFLFdBQVc7b0NBQ2hCLEtBQUssRUFDSCxtRUFBbUU7aUNBQ3RFOzZCQUNGO3lCQUNGO3dCQUNELE1BQU0sRUFBRSxLQUFLO3dCQUNiLFdBQVcsRUFBRSxFQUFFO3dCQUNmLEdBQUcsRUFBRSxZQUFZO3dCQUNqQixNQUFNLEVBQUU7NEJBQ04sTUFBTSxFQUFFO2dDQUNOLGFBQWEsRUFBRSxFQUFFO2dDQUNqQixVQUFVLEVBQ1IsOERBQThEO2dDQUNoRSxnQkFBZ0IsRUFBRSxDQUFDO2dDQUNuQixJQUFJLEVBQUUsRUFBRTtnQ0FDUixJQUFJLEVBQUUsR0FBRztnQ0FDVCxRQUFRLEVBQUUsT0FBTztnQ0FDakIsV0FBVyxFQUFFLEVBQUU7Z0NBQ2YsWUFBWSxFQUFFLENBQUMsU0FBUyxDQUFDOzZCQUMxQjt5QkFDRjt3QkFDRCxJQUFJLEVBQUU7NEJBQ0osTUFBTSxFQUFFLFdBQVc7NEJBQ25CLElBQUksRUFBRSxFQUFFOzRCQUNSLFFBQVEsRUFBRSxRQUFROzRCQUNsQixjQUFjLEVBQUUsS0FBSzt5QkFDdEI7cUJBQ0Y7aUJBQ0Y7YUFDRjtTQUNGO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFTLGVBQWU7SUFDdEIsT0FBTztRQUNMLFVBQVUsRUFBRSxXQUFXO1FBQ3ZCLGlCQUFpQixFQUFFLHNCQUFzQjtRQUN6QyxxQkFBcUIsRUFBRSwwQ0FBMEM7UUFDakUsaUJBQWlCLEVBQ2YsOHVCQUE4dUI7S0FDanZCLENBQUM7QUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBDbG91ZEZyb250UmVxdWVzdEV2ZW50IH0gZnJvbSBcImF3cy1sYW1iZGFcIjtcbmltcG9ydCB7IGdldFJlZ2lvbkZyb21MYW1iZGFVcmwsIHNpZ25SZXF1ZXN0IH0gZnJvbSBcIi4vc2lnbi1yZXF1ZXN0XCI7XG5cbmRlc2NyaWJlKFwiTGFtYmRhT3JpZ2luUmVxdWVzdElhbUF1dGhcIiwgKCkgPT4ge1xuICB0ZXN0KFwic2lnblJlcXVlc3Qgc2hvdWxkIGFkZCB4LWFteiBoZWFkZXJzXCIsIGFzeW5jICgpID0+IHtcbiAgICAvLyBkdW1teSBBV1MgY3JlZGVudGlhbHNcbiAgICBwcm9jZXNzLmVudiA9IHsgLi4ucHJvY2Vzcy5lbnYsIC4uLmdldEZha2VBd3NDcmVkcygpIH07XG4gICAgY29uc3QgZXZlbnQgPSBnZXRGYWtlUGFnZVJlcXVlc3QoKTtcbiAgICBjb25zdCByZXF1ZXN0ID0gZXZlbnQuUmVjb3Jkc1swXT8uY2YucmVxdWVzdDtcbiAgICBpZiAoIXJlcXVlc3QpIHRocm93IG5ldyBFcnJvcihcIk1pc3NpbmcgcmVxdWVzdFwiKTtcbiAgICBhd2FpdCBzaWduUmVxdWVzdChyZXF1ZXN0KTtcbiAgICBjb25zdCBzZWN1cml0eUhlYWRlcnMgPSBbXG4gICAgICBcIngtYW16LWRhdGVcIixcbiAgICAgIFwieC1hbXotc2VjdXJpdHktdG9rZW5cIixcbiAgICAgIFwieC1hbXotY29udGVudC1zaGEyNTZcIixcbiAgICAgIFwiYXV0aG9yaXphdGlvblwiLFxuICAgIF07XG4gICAgY29uc3QgaGFzU2lnbmVkSGVhZGVycyA9IHNlY3VyaXR5SGVhZGVycy5ldmVyeSgoaCkgPT4gaCBpbiByZXF1ZXN0LmhlYWRlcnMpO1xuICAgIGV4cGVjdChoYXNTaWduZWRIZWFkZXJzKS50b0JlKHRydWUpO1xuICB9KTtcblxuICB0ZXN0KFwiZ2V0UmVnaW9uRnJvbUxhbWJkYVVybCBzaG91bGQgY29ycmVjdGx5IGdldCByZWdpb25cIiwgKCkgPT4ge1xuICAgIGNvbnN0IGV2ZW50ID0gZ2V0RmFrZVBhZ2VSZXF1ZXN0KCk7XG4gICAgY29uc3QgcmVxdWVzdCA9IGV2ZW50LlJlY29yZHNbMF0/LmNmLnJlcXVlc3Q7XG4gICAgaWYgKCFyZXF1ZXN0KSB0aHJvdyBuZXcgRXJyb3IoXCJNaXNzaW5nIHJlcXVlc3RcIik7XG4gICAgY29uc3QgYWN0dWFsID0gZ2V0UmVnaW9uRnJvbUxhbWJkYVVybChcbiAgICAgIHJlcXVlc3Qub3JpZ2luPy5jdXN0b20/LmRvbWFpbk5hbWUgfHwgXCJcIixcbiAgICApO1xuICAgIGV4cGVjdChhY3R1YWwpLnRvQmUoXCJ1cy1lYXN0LTFcIik7XG4gIH0pO1xufSk7XG5cbmZ1bmN0aW9uIGdldEZha2VQYWdlUmVxdWVzdCgpOiBDbG91ZEZyb250UmVxdWVzdEV2ZW50IHtcbiAgcmV0dXJuIHtcbiAgICBSZWNvcmRzOiBbXG4gICAgICB7XG4gICAgICAgIGNmOiB7XG4gICAgICAgICAgY29uZmlnOiB7XG4gICAgICAgICAgICBkaXN0cmlidXRpb25Eb21haW5OYW1lOiBcImQ2YjhicmpxZnVqZWIuY2xvdWRmcm9udC5uZXRcIixcbiAgICAgICAgICAgIGRpc3RyaWJ1dGlvbklkOiBcIkVIWDJTRFVVNjFUN1VcIixcbiAgICAgICAgICAgIGV2ZW50VHlwZTogXCJvcmlnaW4tcmVxdWVzdFwiLFxuICAgICAgICAgICAgcmVxdWVzdElkOiBcIlwiLFxuICAgICAgICAgIH0sXG4gICAgICAgICAgcmVxdWVzdDoge1xuICAgICAgICAgICAgY2xpZW50SXA6IFwiMS4xLjEuMVwiLFxuICAgICAgICAgICAgaGVhZGVyczoge1xuICAgICAgICAgICAgICBob3N0OiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIkhvc3RcIixcbiAgICAgICAgICAgICAgICAgIHZhbHVlOiBcImQ2YjhicmpxZnVqZWIuY2xvdWRmcm9udC5uZXRcIixcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICBcImFjY2VwdC1sYW5ndWFnZVwiOiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIkFjY2VwdC1MYW5ndWFnZVwiLFxuICAgICAgICAgICAgICAgICAgdmFsdWU6IFwiZW4tVVMsZW47cT0wLjlcIixcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICByZWZlcmVyOiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIlJlZmVyZXJcIixcbiAgICAgICAgICAgICAgICAgIHZhbHVlOiBcImh0dHBzOi8vZDZiOGJyanFmdWplYi5jbG91ZGZyb250Lm5ldC9zb21lL3BhdGhcIixcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICBcIngtZm9yd2FyZGVkLWZvclwiOiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIlgtRm9yd2FyZGVkLUZvclwiLFxuICAgICAgICAgICAgICAgICAgdmFsdWU6IFwiMS4xLjEuMVwiLFxuICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIFwidXNlci1hZ2VudFwiOiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIlVzZXItQWdlbnRcIixcbiAgICAgICAgICAgICAgICAgIHZhbHVlOlxuICAgICAgICAgICAgICAgICAgICBcIk1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzE1XzcpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTMuMC4wLjAgU2FmYXJpLzUzNy4zNlwiLFxuICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIHZpYTogW1xuICAgICAgICAgICAgICAgIHtcbiAgICAgICAgICAgICAgICAgIGtleTogXCJWaWFcIixcbiAgICAgICAgICAgICAgICAgIHZhbHVlOlxuICAgICAgICAgICAgICAgICAgICBcIjIuMCA4YmY5NGUyOWY4ODlmOGQwMDc2YzQ1MDJhZTAwOGI1OC5jbG91ZGZyb250Lm5ldCAoQ2xvdWRGcm9udClcIixcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgICBcImFjY2VwdC1lbmNvZGluZ1wiOiBbXG4gICAgICAgICAgICAgICAge1xuICAgICAgICAgICAgICAgICAga2V5OiBcIkFjY2VwdC1FbmNvZGluZ1wiLFxuICAgICAgICAgICAgICAgICAgdmFsdWU6IFwiYnIsZ3ppcFwiLFxuICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgIF0sXG4gICAgICAgICAgICAgIFwic2VjLWNoLXVhXCI6IFtcbiAgICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgICBrZXk6IFwic2VjLWNoLXVhXCIsXG4gICAgICAgICAgICAgICAgICB2YWx1ZTpcbiAgICAgICAgICAgICAgICAgICAgJ1wiR29vZ2xlIENocm9tZVwiO3Y9XCIxMTNcIiwgXCJDaHJvbWl1bVwiO3Y9XCIxMTNcIiwgXCJOb3QtQS5CcmFuZFwiO3Y9XCIyNFwiJyxcbiAgICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICBdLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIG1ldGhvZDogXCJHRVRcIixcbiAgICAgICAgICAgIHF1ZXJ5c3RyaW5nOiBcIlwiLFxuICAgICAgICAgICAgdXJpOiBcIi9zb21lL3BhdGhcIixcbiAgICAgICAgICAgIG9yaWdpbjoge1xuICAgICAgICAgICAgICBjdXN0b206IHtcbiAgICAgICAgICAgICAgICBjdXN0b21IZWFkZXJzOiB7fSxcbiAgICAgICAgICAgICAgICBkb21haW5OYW1lOlxuICAgICAgICAgICAgICAgICAgXCJranRiYng3dTUzM3E3cDduNWZvbnQ2Z3BjaTBwaHJuZy5sYW1iZGEtdXJsLnVzLWVhc3QtMS5vbi5hd3NcIixcbiAgICAgICAgICAgICAgICBrZWVwYWxpdmVUaW1lb3V0OiA1LFxuICAgICAgICAgICAgICAgIHBhdGg6IFwiXCIsXG4gICAgICAgICAgICAgICAgcG9ydDogNDQzLFxuICAgICAgICAgICAgICAgIHByb3RvY29sOiBcImh0dHBzXCIsXG4gICAgICAgICAgICAgICAgcmVhZFRpbWVvdXQ6IDMwLFxuICAgICAgICAgICAgICAgIHNzbFByb3RvY29sczogW1wiVExTdjEuMlwiXSxcbiAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBib2R5OiB7XG4gICAgICAgICAgICAgIGFjdGlvbjogXCJyZWFkLW9ubHlcIixcbiAgICAgICAgICAgICAgZGF0YTogXCJcIixcbiAgICAgICAgICAgICAgZW5jb2Rpbmc6IFwiYmFzZTY0XCIsXG4gICAgICAgICAgICAgIGlucHV0VHJ1bmNhdGVkOiBmYWxzZSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgXSxcbiAgfTtcbn1cblxuZnVuY3Rpb24gZ2V0RmFrZUF3c0NyZWRzKCkge1xuICByZXR1cm4ge1xuICAgIEFXU19SRUdJT046IFwidXMtZWFzdC0xXCIsXG4gICAgQVdTX0FDQ0VTU19LRVlfSUQ6IFwiQUtJQUlPU0ZPRE5ON0VYQU1QTEVcIixcbiAgICBBV1NfU0VDUkVUX0FDQ0VTU19LRVk6IFwid0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWVwiLFxuICAgIEFXU19TRVNTSU9OX1RPS0VOOlxuICAgICAgXCJaUW9KYjNKcFoybHVYMlZqRUZnYUNYVnpMV1ZoYzNRdE1TSkdNRVFDSUhpanpkVFhoNTlhU2UyaFJmQ1dwRmQyL2phY1BVQys4ckNxM3FCSWl1RzJBaUFHWDhqcWxkK3AwNG5QWWZ1U2hpMWxMTi9aMWhFWEc5UVNORW1FRkxUeEdTcW1BZ2lSLy8vLy8vLy8vLzhCRUFJYURESTJPRGt4TkRRMk5USXpNU0lNckFNTzUvR1R2TWdvRytjaEt2b0I0ZjRWMVRma1ppSE9sbWVNSzZFcDU4bWF2NjVBMFdVM0s5V1B6ZHJKb2puR3FxVHVTODV6VGxLaG0zbGZtTXhDT3R3Uy9PbE91aUJRMU1aTmxrc0syamUxRmF6Z2JYTjQ2Zk5TaStpSGlZOVZmeVJBZDB3U0xtWEI4RkZyQ0dzVTkyUU95LytkZWppMHFJVmFkc2pFeXZCUnh6UWo1b0lVSTVzYjc0WXQ3dU52a2E5ZlZaY1Q0czRJbmRZZGEwTjdvWndJckFwQ3V6ekJNdW9NQWhhYm1nVnJaVGJpTG12T2lGSFMyWFpXQnlTQUJkeWdxYUl6ZlY3RzRoamNrdmNYaHR4cGt3K0hKVVpUTnpWVWxzcGdoenRlMVVHNlZ2SVJWOGF4M2tXQTN6cW04bkEvMWdIa2w0MER1YkpJWHoxQUpiZzVDcHM1bW9FMXBqRDd2TmlqQmpxZUFaaDBRL2UwYXdJSG5WNGRYTWZYVXU1bVdKN0RiOUsxZVVsU1NMOUZ5aUtlS2Q5NEhFZHJiSXJuUHVJV1ZUL0kvNVJqTm03TmdQWWlxbXB5eDNmU3BWY3E5Q0t3czBvRWZCdzZKOUh4azBJaFY4eVdGWllOTVdJYXJVVVpkbUw5dlZlSm1GWm13eUw0SmpZMXMvU1pJVS9vYThEdHZrbVA0Ukc0dFRKZnB5eWhvS0wwd0pPZXZrWXlvaWdObGxCbExONTlTWkFUOENDQURwTi9CK3NLXCIsXG4gIH07XG59XG4iXX0=

package/lib/nextjs-assets-deployment.d.ts

@@ -0,0 +1,116 @@
+import { CustomResource } from "aws-cdk-lib";
+import { IVpc } from "aws-cdk-lib/aws-ec2";
+import { AccessPoint } from "aws-cdk-lib/aws-efs";
+import { DockerImageCode, DockerImageFunction } from "aws-cdk-lib/aws-lambda";
+import { Bucket } from "aws-cdk-lib/aws-s3";
+import { Construct } from "constructs";
+import { OptionalDockerImageFunctionProps } from "./generated-structs/OptionalDockerImageFunctionProps";
+import { NextjsBuild } from "./nextjs-build/nextjs-build";
+export interface NextjsAssetDeploymentOverrides {
+    readonly dockerImageFunctionProps?: OptionalDockerImageFunctionProps;
+}
+export interface NextjsAssetsDeploymentProps {
+    readonly accessPoint: AccessPoint;
+    /**
+     * @see {@link NextjsBuild.buildImageDigest}
+     */
+    readonly buildImageDigest: string;
+    /**
+     * @default true
+     */
+    readonly debug?: boolean;
+    readonly dockerImageCode: DockerImageCode;
+    /**
+     * @see {@link NextjsBuild.containerMountPathForEfs}
+     */
+    readonly containerMountPathForEfs: NextjsBuild["containerMountPathForEfs"];
+    readonly overrides?: NextjsAssetDeploymentOverrides;
+    /**
+     * @see {@link NextjsBaseProps.relativePathToWorkspace}
+     */
+    readonly relativePathToWorkspace?: string;
+    /**
+     * Required for `NextjsType.GlobalFunctions` and `NextjsType.GlobalContainers`
+     */
+    readonly staticAssetsBucket?: Bucket;
+    readonly vpc: IVpc;
+}
+/**
+ * @internal
+ */
+export interface FsToS3Action {
+    type: "fs-to-s3";
+    destinationBucketName: string;
+    destinationKeyPrefix?: string;
+    sourcePath: string;
+}
+/**
+ * @internal
+ */
+export interface FsToFsAction {
+    type: "fs-to-fs";
+    sourcePath: string;
+    destinationPath: string;
+}
+/**
+ * @internal
+ */
+export interface PruneS3Action {
+    type: "prune-s3";
+    /**
+     * The minimum previous deployment count to prune
+     * @default 3
+     */
+    minPreviousDeployCountToPrune: number;
+    /**
+     * The minimum previous deployment date to prune
+     * @default new Date(new Date().setMonth(new Date().getMonth() - 1))
+     */
+    minPreviousDeployDateToPrune: string;
+    bucketName: string;
+    bucketPrefix?: string;
+}
+/**
+ * @internal
+ */
+export interface PruneFsAction {
+    type: "prune-fs";
+    /**
+     * The minimum previous deployment count to prune
+     * @default 3
+     */
+    minPreviousDeployCountToPrune: number;
+    /**
+     * The minimum previous deployment date to prune
+     * @default new Date(new Date().setMonth(new Date().getMonth() - 1))
+     */
+    minPreviousDeployDateToPrune: string;
+    directory: string;
+}
+/**
+ * @internal
+ */
+export interface CustomResourceProperties {
+    actions: (FsToS3Action | FsToFsAction | PruneS3Action | PruneFsAction)[];
+    /**
+     * {@link NextjsAssetDeploymentProps.builderImageDigest}
+     */
+    buildImageDigest: string;
+    imageCachePath: string;
+    prerenderManifestPath: string;
+}
+/**
+ * Deploys static assets to S3 and cache assets to EFS in Lambda Custom Resource.
+ */
+export declare class NextjsAssetsDeployment extends Construct {
+    customResource: CustomResource;
+    dockerImageFunction: DockerImageFunction;
+    /**
+     * Only used for `NextjsGlobalFunctions`
+     */
+    previewModeId: string;
+    private props;
+    constructor(scope: Construct, id: string, props: NextjsAssetsDeploymentProps);
+    private createFunction;
+    private createCustomResource;
+}

package/lib/nextjs-assets-deployment.js

@@ -0,0 +1,93 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NextjsAssetsDeployment = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const posix_1 = require("path/posix");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const constructs_1 = require("constructs");
+const common_1 = require("./common");
+/**
+ * Deploys static assets to S3 and cache assets to EFS in Lambda Custom Resource.
+ */
+class NextjsAssetsDeployment extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.props = props;
+        this.dockerImageFunction = this.createFunction();
+        this.customResource = this.createCustomResource();
+        this.previewModeId = this.customResource.getAttString("previewModeId");
+    }
+    createFunction() {
+        let architecture = undefined;
+        if (process.arch === "x64") {
+            architecture = aws_lambda_1.Architecture.X86_64;
+        }
+        else if (process.arch === "arm64") {
+            architecture = aws_lambda_1.Architecture.ARM_64;
+        }
+        const fn = new aws_lambda_1.DockerImageFunction(this, "Fn", {
+            architecture,
+            code: this.props.dockerImageCode,
+            memorySize: 2048,
+            filesystem: aws_lambda_1.FileSystem.fromEfsAccessPoint(this.props.accessPoint, this.props.containerMountPathForEfs),
+            vpc: this.props.vpc,
+            timeout: aws_cdk_lib_1.Duration.minutes(5),
+            ...this.props.overrides?.dockerImageFunctionProps,
+        });
+        if (this.props.debug !== false) {
+            fn.addEnvironment("DEBUG", "1");
+        }
+        if (this.props.staticAssetsBucket) {
+            this.props.staticAssetsBucket.grantReadWrite(fn);
+        }
+        return fn;
+    }
+    createCustomResource() {
+        const root = "/app";
+        const actions = [];
+        if (this.props.staticAssetsBucket?.bucketName) {
+            actions.push({
+                type: "fs-to-s3",
+                sourcePath: (0, posix_1.join)(root, "public"),
+                destinationBucketName: this.props.staticAssetsBucket.bucketName,
+            }, 
+            // static files
+            {
+                type: "fs-to-s3",
+                sourcePath: (0, posix_1.join)(root, ".next", "static"),
+                destinationBucketName: this.props.staticAssetsBucket.bucketName,
+                destinationKeyPrefix: "_next/static",
+            });
+        }
+        actions.push(
+        // data cache - https://nextjs.org/docs/app/building-your-application/caching#data-cache
+        {
+            type: "fs-to-fs",
+            sourcePath: (0, posix_1.join)(root, ".next", "cache", "fetch-cache"),
+            destinationPath: (0, posix_1.join)(this.props.containerMountPathForEfs, common_1.DATA_CACHE_DIR),
+        }, 
+        // full route cache - https://nextjs.org/docs/app/building-your-application/caching#full-route-cache
+        {
+            type: "fs-to-fs",
+            sourcePath: (0, posix_1.join)(root, ".next", "standalone", this.props.relativePathToWorkspace || "", ".next", "server", "app"),
+            destinationPath: (0, posix_1.join)(this.props.containerMountPathForEfs, common_1.FULL_ROUTE_CACHE_DIR),
+        });
+        const properties = {
+            actions,
+            buildImageDigest: this.props.buildImageDigest,
+            imageCachePath: (0, posix_1.join)(this.props.containerMountPathForEfs, common_1.IMAGE_CACHE_DIR),
+            prerenderManifestPath: (0, posix_1.join)(root, ".next", "prerender-manifest.json"),
+        };
+        return new aws_cdk_lib_1.CustomResource(this, "CustomResource", {
+            properties,
+            resourceType: "Custom::NextjsAssetsDeployment",
+            serviceToken: this.dockerImageFunction.functionArn,
+        });
+    }
+}
+exports.NextjsAssetsDeployment = NextjsAssetsDeployment;
+_a = JSII_RTTI_SYMBOL_1;
+NextjsAssetsDeployment[_a] = { fqn: "cdk-nextjs.NextjsAssetsDeployment", version: "0.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLWFzc2V0cy1kZXBsb3ltZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL25leHRqcy1hc3NldHMtZGVwbG95bWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHNDQUFrQztBQUNsQyw2Q0FBdUQ7QUFHdkQsdURBS2dDO0FBRWhDLDJDQUF1QztBQUN2QyxxQ0FJa0I7QUFzR2xCOztHQUVHO0FBQ0gsTUFBYSxzQkFBdUIsU0FBUSxzQkFBUztJQVVuRCxZQUNFLEtBQWdCLEVBQ2hCLEVBQVUsRUFDVixLQUFrQztRQUVsQyxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBQ25CLElBQUksQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDakQsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztRQUNsRCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsWUFBWSxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFFTyxjQUFjO1FBQ3BCLElBQUksWUFBWSxHQUE2QixTQUFTLENBQUM7UUFDdkQsSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzNCLFlBQVksR0FBRyx5QkFBWSxDQUFDLE1BQU0sQ0FBQztRQUNyQyxDQUFDO2FBQU0sSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3BDLFlBQVksR0FBRyx5QkFBWSxDQUFDLE1BQU0sQ0FBQztRQUNyQyxDQUFDO1FBQ0QsTUFBTSxFQUFFLEdBQUcsSUFBSSxnQ0FBbUIsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFO1lBQzdDLFlBQVk7WUFDWixJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlO1lBQ2hDLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFVBQVUsRUFBRSx1QkFBVSxDQUFDLGtCQUFrQixDQUN2QyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFDdEIsSUFBSSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDcEM7WUFDRCxHQUFHLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHO1lBQ25CLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDNUIsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRSx3QkFBd0I7U0FDbEQsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUMvQixFQUFFLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNsQyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELE9BQU8sRUFBRSxDQUFDO0lBQ1osQ0FBQztJQUVPLG9CQUFvQjtRQUMxQixNQUFNLElBQUksR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxPQUFPLEdBQXdDLEVBQUUsQ0FBQztRQUN4RCxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsa0JBQWtCLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDOUMsT0FBTyxDQUFDLElBQUksQ0FDVjtnQkFDRSxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsVUFBVSxFQUFFLElBQUEsWUFBSSxFQUFDLElBQUksRUFBRSxRQUFRLENBQUM7Z0JBQ2hDLHFCQUFxQixFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUMsVUFBVTthQUNoRTtZQUNELGVBQWU7WUFDZjtnQkFDRSxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsVUFBVSxFQUFFLElBQUEsWUFBSSxFQUFDLElBQUksRUFBRSxPQUFPLEVBQUUsUUFBUSxDQUFDO2dCQUN6QyxxQkFBcUIsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFVBQVU7Z0JBQy9ELG9CQUFvQixFQUFFLGNBQWM7YUFDckMsQ0FDRixDQUFDO1FBQ0osQ0FBQztRQUNELE9BQU8sQ0FBQyxJQUFJO1FBQ1Ysd0ZBQXdGO1FBQ3hGO1lBQ0UsSUFBSSxFQUFFLFVBQVU7WUFDaEIsVUFBVSxFQUFFLElBQUEsWUFBSSxFQUFDLElBQUksRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsQ0FBQztZQUN2RCxlQUFlLEVBQUUsSUFBQSxZQUFJLEVBQ25CLElBQUksQ0FBQyxLQUFLLENBQUMsd0JBQXdCLEVBQ25DLHVCQUFjLENBQ2Y7U0FDRjtRQUNELG9HQUFvRztRQUNwRztZQUNFLElBQUksRUFBRSxVQUFVO1lBQ2hCLFVBQVUsRUFBRSxJQUFBLFlBQUksRUFDZCxJQUFJLEVBQ0osT0FBTyxFQUNQLFlBQVksRUFDWixJQUFJLENBQUMsS0FBSyxDQUFDLHVCQUF1QixJQUFJLEVBQUUsRUFDeEMsT0FBTyxFQUNQLFFBQVEsRUFDUixLQUFLLENBQ047WUFDRCxlQUFlLEVBQUUsSUFBQSxZQUFJLEVBQ25CLElBQUksQ0FBQyxLQUFLLENBQUMsd0JBQXdCLEVBQ25DLDZCQUFvQixDQUNyQjtTQUNGLENBRUYsQ0FBQztRQUNGLE1BQU0sVUFBVSxHQUE2QjtZQUMzQyxPQUFPO1lBQ1AsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0I7WUFDN0MsY0FBYyxFQUFFLElBQUEsWUFBSSxFQUNsQixJQUFJLENBQUMsS0FBSyxDQUFDLHdCQUF3QixFQUNuQyx3QkFBZSxDQUNoQjtZQUNELHFCQUFxQixFQUFFLElBQUEsWUFBSSxFQUFDLElBQUksRUFBRSxPQUFPLEVBQUUseUJBQXlCLENBQUM7U0FDdEUsQ0FBQztRQUNGLE9BQU8sSUFBSSw0QkFBYyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUNoRCxVQUFVO1lBQ1YsWUFBWSxFQUFFLGdDQUFnQztZQUM5QyxZQUFZLEVBQUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVc7U0FDbkQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUFoSEgsd0RBaUhDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgam9pbiB9IGZyb20gXCJwYXRoL3Bvc2l4XCI7XG5pbXBvcnQgeyBDdXN0b21SZXNvdXJjZSwgRHVyYXRpb24gfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7IElWcGMgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjMlwiO1xuaW1wb3J0IHsgQWNjZXNzUG9pbnQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVmc1wiO1xuaW1wb3J0IHtcbiAgQXJjaGl0ZWN0dXJlLFxuICBEb2NrZXJJbWFnZUNvZGUsXG4gIERvY2tlckltYWdlRnVuY3Rpb24sXG4gIEZpbGVTeXN0ZW0sXG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtbGFtYmRhXCI7XG5pbXBvcnQgeyBCdWNrZXQgfSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHtcbiAgREFUQV9DQUNIRV9ESVIsXG4gIEZVTExfUk9VVEVfQ0FDSEVfRElSLFxuICBJTUFHRV9DQUNIRV9ESVIsXG59IGZyb20gXCIuL2NvbW1vblwiO1xuaW1wb3J0IHsgT3B0aW9uYWxEb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHMgfSBmcm9tIFwiLi9nZW5lcmF0ZWQtc3RydWN0cy9PcHRpb25hbERvY2tlckltYWdlRnVuY3Rpb25Qcm9wc1wiO1xuaW1wb3J0IHsgTmV4dGpzQnVpbGQgfSBmcm9tIFwiLi9uZXh0anMtYnVpbGQvbmV4dGpzLWJ1aWxkXCI7XG5pbXBvcnQgeyBOZXh0anNCYXNlUHJvcHMgfSBmcm9tIFwiLi9yb290LWNvbnN0cnVjdHMvbmV4dGpzLWJhc2UtcHJvcHNcIjtcblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNBc3NldERlcGxveW1lbnRPdmVycmlkZXMge1xuICByZWFkb25seSBkb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHM/OiBPcHRpb25hbERvY2tlckltYWdlRnVuY3Rpb25Qcm9wcztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNBc3NldHNEZXBsb3ltZW50UHJvcHMge1xuICByZWFkb25seSBhY2Nlc3NQb2ludDogQWNjZXNzUG9pbnQ7XG4gIC8qKlxuICAgKiBAc2VlIHtAbGluayBOZXh0anNCdWlsZC5idWlsZEltYWdlRGlnZXN0fVxuICAgKi9cbiAgcmVhZG9ubHkgYnVpbGRJbWFnZURpZ2VzdDogc3RyaW5nO1xuICAvKipcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgZGVidWc/OiBib29sZWFuO1xuICByZWFkb25seSBkb2NrZXJJbWFnZUNvZGU6IERvY2tlckltYWdlQ29kZTsgLy8gVE9ETzogcmVtb3ZlIGFuZCBidWlsZCBmcm9tIGNvbW1vbiBidWlsZGVyIGJhc2U/XG4gIC8qKlxuICAgKiBAc2VlIHtAbGluayBOZXh0anNCdWlsZC5jb250YWluZXJNb3VudFBhdGhGb3JFZnN9XG4gICAqL1xuICByZWFkb25seSBjb250YWluZXJNb3VudFBhdGhGb3JFZnM6IE5leHRqc0J1aWxkW1wiY29udGFpbmVyTW91bnRQYXRoRm9yRWZzXCJdO1xuICByZWFkb25seSBvdmVycmlkZXM/OiBOZXh0anNBc3NldERlcGxveW1lbnRPdmVycmlkZXM7XG4gIC8qKlxuICAgKiBAc2VlIHtAbGluayBOZXh0anNCYXNlUHJvcHMucmVsYXRpdmVQYXRoVG9Xb3Jrc3BhY2V9XG4gICAqL1xuICByZWFkb25seSByZWxhdGl2ZVBhdGhUb1dvcmtzcGFjZT86IHN0cmluZztcbiAgLyoqXG4gICAqIFJlcXVpcmVkIGZvciBgTmV4dGpzVHlwZS5HbG9iYWxGdW5jdGlvbnNgIGFuZCBgTmV4dGpzVHlwZS5HbG9iYWxDb250YWluZXJzYFxuICAgKi9cbiAgcmVhZG9ubHkgc3RhdGljQXNzZXRzQnVja2V0PzogQnVja2V0O1xuICByZWFkb25seSB2cGM6IElWcGM7XG59XG5cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRnNUb1MzQWN0aW9uIHtcbiAgdHlwZTogXCJmcy10by1zM1wiO1xuICBkZXN0aW5hdGlvbkJ1Y2tldE5hbWU6IHN0cmluZztcbiAgZGVzdGluYXRpb25LZXlQcmVmaXg/OiBzdHJpbmc7XG4gIHNvdXJjZVBhdGg6IHN0cmluZztcbn1cbi8qKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgRnNUb0ZzQWN0aW9uIHtcbiAgdHlwZTogXCJmcy10by1mc1wiO1xuICBzb3VyY2VQYXRoOiBzdHJpbmc7XG4gIGRlc3RpbmF0aW9uUGF0aDogc3RyaW5nO1xufVxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBQcnVuZVMzQWN0aW9uIHtcbiAgdHlwZTogXCJwcnVuZS1zM1wiO1xuICAvKipcbiAgICogVGhlIG1pbmltdW0gcHJldmlvdXMgZGVwbG95bWVudCBjb3VudCB0byBwcnVuZVxuICAgKiBAZGVmYXVsdCAzXG4gICAqL1xuICBtaW5QcmV2aW91c0RlcGxveUNvdW50VG9QcnVuZTogbnVtYmVyO1xuICAvKipcbiAgICogVGhlIG1pbmltdW0gcHJldmlvdXMgZGVwbG95bWVudCBkYXRlIHRvIHBydW5lXG4gICAqIEBkZWZhdWx0IG5ldyBEYXRlKG5ldyBEYXRlKCkuc2V0TW9udGgobmV3IERhdGUoKS5nZXRNb250aCgpIC0gMSkpXG4gICAqL1xuICBtaW5QcmV2aW91c0RlcGxveURhdGVUb1BydW5lOiBzdHJpbmc7XG4gIGJ1Y2tldE5hbWU6IHN0cmluZztcbiAgYnVja2V0UHJlZml4Pzogc3RyaW5nO1xufVxuLyoqXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGludGVyZmFjZSBQcnVuZUZzQWN0aW9uIHtcbiAgdHlwZTogXCJwcnVuZS1mc1wiO1xuICAvKipcbiAgICogVGhlIG1pbmltdW0gcHJldmlvdXMgZGVwbG95bWVudCBjb3VudCB0byBwcnVuZVxuICAgKiBAZGVmYXVsdCAzXG4gICAqL1xuICBtaW5QcmV2aW91c0RlcGxveUNvdW50VG9QcnVuZTogbnVtYmVyO1xuICAvKipcbiAgICogVGhlIG1pbmltdW0gcHJldmlvdXMgZGVwbG95bWVudCBkYXRlIHRvIHBydW5lXG4gICAqIEBkZWZhdWx0IG5ldyBEYXRlKG5ldyBEYXRlKCkuc2V0TW9udGgobmV3IERhdGUoKS5nZXRNb250aCgpIC0gMSkpXG4gICAqL1xuICBtaW5QcmV2aW91c0RlcGxveURhdGVUb1BydW5lOiBzdHJpbmc7XG4gIGRpcmVjdG9yeTogc3RyaW5nO1xufVxuXG4vKipcbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgaW50ZXJmYWNlIEN1c3RvbVJlc291cmNlUHJvcGVydGllcyB7XG4gIGFjdGlvbnM6IChGc1RvUzNBY3Rpb24gfCBGc1RvRnNBY3Rpb24gfCBQcnVuZVMzQWN0aW9uIHwgUHJ1bmVGc0FjdGlvbilbXTtcbiAgLyoqXG4gICAqIHtAbGluayBOZXh0anNBc3NldERlcGxveW1lbnRQcm9wcy5idWlsZGVySW1hZ2VEaWdlc3R9XG4gICAqL1xuICBidWlsZEltYWdlRGlnZXN0OiBzdHJpbmc7XG4gIGltYWdlQ2FjaGVQYXRoOiBzdHJpbmc7XG4gIHByZXJlbmRlck1hbmlmZXN0UGF0aDogc3RyaW5nO1xufVxuXG4vKipcbiAqIERlcGxveXMgc3RhdGljIGFzc2V0cyB0byBTMyBhbmQgY2FjaGUgYXNzZXRzIHRvIEVGUyBpbiBMYW1iZGEgQ3VzdG9tIFJlc291cmNlLlxuICovXG5leHBvcnQgY2xhc3MgTmV4dGpzQXNzZXRzRGVwbG95bWVudCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGN1c3RvbVJlc291cmNlOiBDdXN0b21SZXNvdXJjZTtcbiAgZG9ja2VySW1hZ2VGdW5jdGlvbjogRG9ja2VySW1hZ2VGdW5jdGlvbjtcbiAgLyoqXG4gICAqIE9ubHkgdXNlZCBmb3IgYE5leHRqc0dsb2JhbEZ1bmN0aW9uc2BcbiAgICovXG4gIHByZXZpZXdNb2RlSWQ6IHN0cmluZztcblxuICBwcml2YXRlIHByb3BzOiBOZXh0anNBc3NldHNEZXBsb3ltZW50UHJvcHM7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgc2NvcGU6IENvbnN0cnVjdCxcbiAgICBpZDogc3RyaW5nLFxuICAgIHByb3BzOiBOZXh0anNBc3NldHNEZXBsb3ltZW50UHJvcHMsXG4gICkge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgdGhpcy5wcm9wcyA9IHByb3BzO1xuICAgIHRoaXMuZG9ja2VySW1hZ2VGdW5jdGlvbiA9IHRoaXMuY3JlYXRlRnVuY3Rpb24oKTtcbiAgICB0aGlzLmN1c3RvbVJlc291cmNlID0gdGhpcy5jcmVhdGVDdXN0b21SZXNvdXJjZSgpO1xuICAgIHRoaXMucHJldmlld01vZGVJZCA9IHRoaXMuY3VzdG9tUmVzb3VyY2UuZ2V0QXR0U3RyaW5nKFwicHJldmlld01vZGVJZFwiKTtcbiAgfVxuXG4gIHByaXZhdGUgY3JlYXRlRnVuY3Rpb24oKSB7XG4gICAgbGV0IGFyY2hpdGVjdHVyZTogQXJjaGl0ZWN0dXJlIHwgdW5kZWZpbmVkID0gdW5kZWZpbmVkO1xuICAgIGlmIChwcm9jZXNzLmFyY2ggPT09IFwieDY0XCIpIHtcbiAgICAgIGFyY2hpdGVjdHVyZSA9IEFyY2hpdGVjdHVyZS5YODZfNjQ7XG4gICAgfSBlbHNlIGlmIChwcm9jZXNzLmFyY2ggPT09IFwiYXJtNjRcIikge1xuICAgICAgYXJjaGl0ZWN0dXJlID0gQXJjaGl0ZWN0dXJlLkFSTV82NDtcbiAgICB9XG4gICAgY29uc3QgZm4gPSBuZXcgRG9ja2VySW1hZ2VGdW5jdGlvbih0aGlzLCBcIkZuXCIsIHtcbiAgICAgIGFyY2hpdGVjdHVyZSxcbiAgICAgIGNvZGU6IHRoaXMucHJvcHMuZG9ja2VySW1hZ2VDb2RlLFxuICAgICAgbWVtb3J5U2l6ZTogMjA0OCxcbiAgICAgIGZpbGVzeXN0ZW06IEZpbGVTeXN0ZW0uZnJvbUVmc0FjY2Vzc1BvaW50KFxuICAgICAgICB0aGlzLnByb3BzLmFjY2Vzc1BvaW50LFxuICAgICAgICB0aGlzLnByb3BzLmNvbnRhaW5lck1vdW50UGF0aEZvckVmcyxcbiAgICAgICksXG4gICAgICB2cGM6IHRoaXMucHJvcHMudnBjLFxuICAgICAgdGltZW91dDogRHVyYXRpb24ubWludXRlcyg1KSxcbiAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5kb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHMsXG4gICAgfSk7XG4gICAgaWYgKHRoaXMucHJvcHMuZGVidWcgIT09IGZhbHNlKSB7XG4gICAgICBmbi5hZGRFbnZpcm9ubWVudChcIkRFQlVHXCIsIFwiMVwiKTtcbiAgICB9XG4gICAgaWYgKHRoaXMucHJvcHMuc3RhdGljQXNzZXRzQnVja2V0KSB7XG4gICAgICB0aGlzLnByb3BzLnN0YXRpY0Fzc2V0c0J1Y2tldC5ncmFudFJlYWRXcml0ZShmbik7XG4gICAgfVxuICAgIHJldHVybiBmbjtcbiAgfVxuXG4gIHByaXZhdGUgY3JlYXRlQ3VzdG9tUmVzb3VyY2UoKSB7XG4gICAgY29uc3Qgcm9vdCA9IFwiL2FwcFwiO1xuICAgIGNvbnN0IGFjdGlvbnM6IEN1c3RvbVJlc291cmNlUHJvcGVydGllc1tcImFjdGlvbnNcIl0gPSBbXTtcbiAgICBpZiAodGhpcy5wcm9wcy5zdGF0aWNBc3NldHNCdWNrZXQ/LmJ1Y2tldE5hbWUpIHtcbiAgICAgIGFjdGlvbnMucHVzaChcbiAgICAgICAge1xuICAgICAgICAgIHR5cGU6IFwiZnMtdG8tczNcIixcbiAgICAgICAgICBzb3VyY2VQYXRoOiBqb2luKHJvb3QsIFwicHVibGljXCIpLFxuICAgICAgICAgIGRlc3RpbmF0aW9uQnVja2V0TmFtZTogdGhpcy5wcm9wcy5zdGF0aWNBc3NldHNCdWNrZXQuYnVja2V0TmFtZSxcbiAgICAgICAgfSxcbiAgICAgICAgLy8gc3RhdGljIGZpbGVzXG4gICAgICAgIHtcbiAgICAgICAgICB0eXBlOiBcImZzLXRvLXMzXCIsXG4gICAgICAgICAgc291cmNlUGF0aDogam9pbihyb290LCBcIi5uZXh0XCIsIFwic3RhdGljXCIpLFxuICAgICAgICAgIGRlc3RpbmF0aW9uQnVja2V0TmFtZTogdGhpcy5wcm9wcy5zdGF0aWNBc3NldHNCdWNrZXQuYnVja2V0TmFtZSxcbiAgICAgICAgICBkZXN0aW5hdGlvbktleVByZWZpeDogXCJfbmV4dC9zdGF0aWNcIixcbiAgICAgICAgfSxcbiAgICAgICk7XG4gICAgfVxuICAgIGFjdGlvbnMucHVzaChcbiAgICAgIC8vIGRhdGEgY2FjaGUgLSBodHRwczovL25leHRqcy5vcmcvZG9jcy9hcHAvYnVpbGRpbmcteW91ci1hcHBsaWNhdGlvbi9jYWNoaW5nI2RhdGEtY2FjaGVcbiAgICAgIHtcbiAgICAgICAgdHlwZTogXCJmcy10by1mc1wiLFxuICAgICAgICBzb3VyY2VQYXRoOiBqb2luKHJvb3QsIFwiLm5leHRcIiwgXCJjYWNoZVwiLCBcImZldGNoLWNhY2hlXCIpLFxuICAgICAgICBkZXN0aW5hdGlvblBhdGg6IGpvaW4oXG4gICAgICAgICAgdGhpcy5wcm9wcy5jb250YWluZXJNb3VudFBhdGhGb3JFZnMsXG4gICAgICAgICAgREFUQV9DQUNIRV9ESVIsXG4gICAgICAgICksXG4gICAgICB9LFxuICAgICAgLy8gZnVsbCByb3V0ZSBjYWNoZSAtIGh0dHBzOi8vbmV4dGpzLm9yZy9kb2NzL2FwcC9idWlsZGluZy15b3VyLWFwcGxpY2F0aW9uL2NhY2hpbmcjZnVsbC1yb3V0ZS1jYWNoZVxuICAgICAge1xuICAgICAgICB0eXBlOiBcImZzLXRvLWZzXCIsXG4gICAgICAgIHNvdXJjZVBhdGg6IGpvaW4oXG4gICAgICAgICAgcm9vdCxcbiAgICAgICAgICBcIi5uZXh0XCIsXG4gICAgICAgICAgXCJzdGFuZGFsb25lXCIsXG4gICAgICAgICAgdGhpcy5wcm9wcy5yZWxhdGl2ZVBhdGhUb1dvcmtzcGFjZSB8fCBcIlwiLFxuICAgICAgICAgIFwiLm5leHRcIixcbiAgICAgICAgICBcInNlcnZlclwiLFxuICAgICAgICAgIFwiYXBwXCIsXG4gICAgICAgICksXG4gICAgICAgIGRlc3RpbmF0aW9uUGF0aDogam9pbihcbiAgICAgICAgICB0aGlzLnByb3BzLmNvbnRhaW5lck1vdW50UGF0aEZvckVmcyxcbiAgICAgICAgICBGVUxMX1JPVVRFX0NBQ0hFX0RJUixcbiAgICAgICAgKSxcbiAgICAgIH0sXG4gICAgICAvLyBpbWFnZXMgYXJlIG9wdGltaXplZCBhdCBydW50aW1lIHNvIG5vdGhpbmcgdG8gZGVwbG95XG4gICAgKTtcbiAgICBjb25zdCBwcm9wZXJ0aWVzOiBDdXN0b21SZXNvdXJjZVByb3BlcnRpZXMgPSB7XG4gICAgICBhY3Rpb25zLFxuICAgICAgYnVpbGRJbWFnZURpZ2VzdDogdGhpcy5wcm9wcy5idWlsZEltYWdlRGlnZXN0LFxuICAgICAgaW1hZ2VDYWNoZVBhdGg6IGpvaW4oXG4gICAgICAgIHRoaXMucHJvcHMuY29udGFpbmVyTW91bnRQYXRoRm9yRWZzLFxuICAgICAgICBJTUFHRV9DQUNIRV9ESVIsXG4gICAgICApLFxuICAgICAgcHJlcmVuZGVyTWFuaWZlc3RQYXRoOiBqb2luKHJvb3QsIFwiLm5leHRcIiwgXCJwcmVyZW5kZXItbWFuaWZlc3QuanNvblwiKSxcbiAgICB9O1xuICAgIHJldHVybiBuZXcgQ3VzdG9tUmVzb3VyY2UodGhpcywgXCJDdXN0b21SZXNvdXJjZVwiLCB7XG4gICAgICBwcm9wZXJ0aWVzLFxuICAgICAgcmVzb3VyY2VUeXBlOiBcIkN1c3RvbTo6TmV4dGpzQXNzZXRzRGVwbG95bWVudFwiLFxuICAgICAgc2VydmljZVRva2VuOiB0aGlzLmRvY2tlckltYWdlRnVuY3Rpb24uZnVuY3Rpb25Bcm4sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==

package/lib/nextjs-build/add-cache-handler.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/nextjs-build/add-cache-handler.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = require("fs");
+/**
+ * For `NextjsGlobalFunctions`, adds custom [Cache Handler](https://nextjs.org/docs/app/api-reference/next-config-js/incrementalCacheHandlerPath)
+ * so that time-based revalidation works. In serverless environment, functions
+ * spin down after request is complete but Next.js depends upon compute to still
+ * be running for time-based revalidation to work properly so we need to perform
+ * work async and use SQS Queue to do so.
+ */
+function addCacheHandler(requiredServerFilesPath) {
+    if (!(0, fs_1.existsSync)(requiredServerFilesPath)) {
+        throw new Error(`Could not find required server files path: ${requiredServerFilesPath}`);
+    }
+    const requiredServerFiles = JSON.parse((0, fs_1.readFileSync)(requiredServerFilesPath, {
+        encoding: "utf-8",
+    }));
+    requiredServerFiles.config.cacheHandler = "../cache-handler.cjs";
+    (0, fs_1.writeFileSync)(requiredServerFilesPath, JSON.stringify(requiredServerFiles));
+}
+const [requiredServerFilesPath] = process.argv.slice(2);
+addCacheHandler(requiredServerFilesPath);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWRkLWNhY2hlLWhhbmRsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbmV4dGpzLWJ1aWxkL2FkZC1jYWNoZS1oYW5kbGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsMkJBQTZEO0FBRTdEOzs7Ozs7R0FNRztBQUNILFNBQVMsZUFBZSxDQUFDLHVCQUErQjtJQUN0RCxJQUFJLENBQUMsSUFBQSxlQUFVLEVBQUMsdUJBQXVCLENBQUMsRUFBRSxDQUFDO1FBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsOENBQThDLHVCQUF1QixFQUFFLENBQ3hFLENBQUM7SUFDSixDQUFDO0lBQ0QsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUNwQyxJQUFBLGlCQUFZLEVBQUMsdUJBQXVCLEVBQUU7UUFDcEMsUUFBUSxFQUFFLE9BQU87S0FDbEIsQ0FBQyxDQUNILENBQUM7SUFDRixtQkFBbUIsQ0FBQyxNQUFNLENBQUMsWUFBWSxHQUFHLHNCQUFzQixDQUFDO0lBQ2pFLElBQUEsa0JBQWEsRUFBQyx1QkFBdUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQztBQUM5RSxDQUFDO0FBRUQsTUFBTSxDQUFDLHVCQUF1QixDQUFDLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDeEQsZUFBZSxDQUFDLHVCQUF1QixDQUFDLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBleGlzdHNTeW5jLCByZWFkRmlsZVN5bmMsIHdyaXRlRmlsZVN5bmMgfSBmcm9tIFwiZnNcIjtcblxuLyoqXG4gKiBGb3IgYE5leHRqc0dsb2JhbEZ1bmN0aW9uc2AsIGFkZHMgY3VzdG9tIFtDYWNoZSBIYW5kbGVyXShodHRwczovL25leHRqcy5vcmcvZG9jcy9hcHAvYXBpLXJlZmVyZW5jZS9uZXh0LWNvbmZpZy1qcy9pbmNyZW1lbnRhbENhY2hlSGFuZGxlclBhdGgpXG4gKiBzbyB0aGF0IHRpbWUtYmFzZWQgcmV2YWxpZGF0aW9uIHdvcmtzLiBJbiBzZXJ2ZXJsZXNzIGVudmlyb25tZW50LCBmdW5jdGlvbnNcbiAqIHNwaW4gZG93biBhZnRlciByZXF1ZXN0IGlzIGNvbXBsZXRlIGJ1dCBOZXh0LmpzIGRlcGVuZHMgdXBvbiBjb21wdXRlIHRvIHN0aWxsXG4gKiBiZSBydW5uaW5nIGZvciB0aW1lLWJhc2VkIHJldmFsaWRhdGlvbiB0byB3b3JrIHByb3Blcmx5IHNvIHdlIG5lZWQgdG8gcGVyZm9ybVxuICogd29yayBhc3luYyBhbmQgdXNlIFNRUyBRdWV1ZSB0byBkbyBzby5cbiAqL1xuZnVuY3Rpb24gYWRkQ2FjaGVIYW5kbGVyKHJlcXVpcmVkU2VydmVyRmlsZXNQYXRoOiBzdHJpbmcpIHtcbiAgaWYgKCFleGlzdHNTeW5jKHJlcXVpcmVkU2VydmVyRmlsZXNQYXRoKSkge1xuICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgIGBDb3VsZCBub3QgZmluZCByZXF1aXJlZCBzZXJ2ZXIgZmlsZXMgcGF0aDogJHtyZXF1aXJlZFNlcnZlckZpbGVzUGF0aH1gLFxuICAgICk7XG4gIH1cbiAgY29uc3QgcmVxdWlyZWRTZXJ2ZXJGaWxlcyA9IEpTT04ucGFyc2UoXG4gICAgcmVhZEZpbGVTeW5jKHJlcXVpcmVkU2VydmVyRmlsZXNQYXRoLCB7XG4gICAgICBlbmNvZGluZzogXCJ1dGYtOFwiLFxuICAgIH0pLFxuICApO1xuICByZXF1aXJlZFNlcnZlckZpbGVzLmNvbmZpZy5jYWNoZUhhbmRsZXIgPSBcIi4uL2NhY2hlLWhhbmRsZXIuY2pzXCI7XG4gIHdyaXRlRmlsZVN5bmMocmVxdWlyZWRTZXJ2ZXJGaWxlc1BhdGgsIEpTT04uc3RyaW5naWZ5KHJlcXVpcmVkU2VydmVyRmlsZXMpKTtcbn1cblxuY29uc3QgW3JlcXVpcmVkU2VydmVyRmlsZXNQYXRoXSA9IHByb2Nlc3MuYXJndi5zbGljZSgyKTtcbmFkZENhY2hlSGFuZGxlcihyZXF1aXJlZFNlcnZlckZpbGVzUGF0aCk7XG4iXX0=

package/lib/nextjs-build/add-cache-handler.mjs

@@ -0,0 +1,18 @@
+// src/nextjs-build/add-cache-handler.ts
+import { existsSync, readFileSync, writeFileSync } from "fs";
+function addCacheHandler(requiredServerFilesPath2) {
+  if (!existsSync(requiredServerFilesPath2)) {
+    throw new Error(
+      `Could not find required server files path: ${requiredServerFilesPath2}`
+    );
+  }
+  const requiredServerFiles = JSON.parse(
+    readFileSync(requiredServerFilesPath2, {
+      encoding: "utf-8"
+    })
+  );
+  requiredServerFiles.config.cacheHandler = "../cache-handler.cjs";
+  writeFileSync(requiredServerFilesPath2, JSON.stringify(requiredServerFiles));
+}
+var [requiredServerFilesPath] = process.argv.slice(2);
+addCacheHandler(requiredServerFilesPath);

package/lib/nextjs-build/builder.Dockerfile

@@ -0,0 +1,29 @@
+#checkov:skip=CKV_DOCKER_2: healthcheck not needed for local only container
+#checkov:skip=CKV_DOCKER_3: user not required for local builder container
+FROM public.ecr.aws/docker/library/node:20-alpine
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+# It's preferrable to only copy package.json's and lockfiles, install, and then
+# copy the rest of the code to efficiently utilize build cache. We don't do that
+#$ here because it's highly customized based on a projects setup. We recommend
+# developers use `overrides.nextjsXX.nextjsBuildProps.builderImageProps.srcDockerfilePath`
+# to optimize for their setup.
+COPY . .
+# Install dependencies based on the preferred package manager
+RUN \
+  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
+  elif [ -f package-lock.json ]; then npm ci; \
+  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
+  else echo "Lockfile not found." && exit 1; \
+  fi
+ARG BUILD_COMMAND
+ARG RELATIVE_PATH_TO_WORKSPACE
+RUN \
+  if [ -f ./cdk-nextjs-load-env-vars.sh ]; then \
+    chmod u+x ./cdk-nextjs-load-env-vars.sh && \
+    . ./cdk-nextjs-load-env-vars.sh; \
+  fi && \
+  cd $RELATIVE_PATH_TO_WORKSPACE && \
+  $BUILD_COMMAND
+# TODO: remove unnecessary node_modules: https://github.com/sst/open-next/pull/242