cdk-nextjs 0.0.0

package/lib/nextjs-build/symlink-full-route-cache.mjs

@@ -0,0 +1,23 @@
+// src/nextjs-build/symlink-full-route-cache.ts
+import { mkdirSync, readdirSync, rmSync, symlinkSync } from "node:fs";
+import { extname, join } from "node:path";
+function createSymlinks(srcPath, destPath2) {
+  mkdirSync(destPath2, { recursive: true });
+  const entries = readdirSync(srcPath, { withFileTypes: true });
+  for (const entry of entries) {
+    const entryPath = join(srcPath, entry.name);
+    if (entry.isDirectory()) {
+      createSymlinks(entryPath, join(destPath2, entry.name));
+    } else if (entry.isFile()) {
+      const ext = extname(entryPath).slice(1);
+      if (["html", "rsc", "meta"].includes(ext)) {
+        const symlink = entryPath;
+        const target = join(destPath2, entry.name);
+        rmSync(symlink);
+        symlinkSync(target, symlink, "file");
+      }
+    }
+  }
+}
+var [sourcePath, destPath] = process.argv.slice(2);
+createSymlinks(sourcePath, destPath);

package/lib/nextjs-compute/nextjs-compute-base-props.d.ts

@@ -0,0 +1,8 @@
+import { IVpc } from "aws-cdk-lib/aws-ec2";
+import { AccessPoint } from "aws-cdk-lib/aws-efs";
+export interface NextjsComputeBaseProps {
+    readonly accessPoint: AccessPoint;
+    readonly containerMountPathForEfs: string;
+    readonly healthCheckPath: string;
+    readonly vpc: IVpc;
+}

package/lib/nextjs-compute/nextjs-compute-base-props.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLWNvbXB1dGUtYmFzZS1wcm9wcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9uZXh0anMtY29tcHV0ZS9uZXh0anMtY29tcHV0ZS1iYXNlLXByb3BzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJVnBjIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lYzJcIjtcbmltcG9ydCB7IEFjY2Vzc1BvaW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1lZnNcIjtcblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNDb21wdXRlQmFzZVByb3BzIHtcbiAgcmVhZG9ubHkgYWNjZXNzUG9pbnQ6IEFjY2Vzc1BvaW50O1xuICByZWFkb25seSBjb250YWluZXJNb3VudFBhdGhGb3JFZnM6IHN0cmluZztcbiAgcmVhZG9ubHkgaGVhbHRoQ2hlY2tQYXRoOiBzdHJpbmc7XG4gIHJlYWRvbmx5IHZwYzogSVZwYztcbn1cbiJdfQ==

package/lib/nextjs-compute/nextjs-containers.d.ts

@@ -0,0 +1,43 @@
+import { DockerImageAsset } from "aws-cdk-lib/aws-ecr-assets";
+import { Cluster } from "aws-cdk-lib/aws-ecs";
+import { ApplicationLoadBalancedFargateService, ApplicationLoadBalancedFargateServiceProps } from "aws-cdk-lib/aws-ecs-patterns";
+import { FileSystem } from "aws-cdk-lib/aws-efs";
+import { Construct } from "constructs";
+import { NextjsComputeBaseProps } from "./nextjs-compute-base-props";
+import { NextjsType } from "../common";
+import { OptionalApplicationLoadBalancedTaskImageOptions } from "../generated-structs/OptionalApplicationLoadBalancedTaskImageOptions";
+import { OptionalClusterProps } from "../generated-structs/OptionalClusterProps";
+export interface NextjsContainersOverrides {
+    readonly ecsClusterProps?: OptionalClusterProps;
+    readonly albFargateServiceProps?: ApplicationLoadBalancedFargateServiceProps;
+    readonly taskImageOptions?: OptionalApplicationLoadBalancedTaskImageOptions;
+}
+export interface NextjsContainersProps extends NextjsComputeBaseProps {
+    readonly dockerImageAsset: DockerImageAsset;
+    readonly fileSystem: FileSystem;
+    readonly nextjsType: NextjsType;
+    readonly overrides?: NextjsContainersOverrides;
+    readonly relativeEntrypointPath: string;
+}
+/**
+ * Next.js load balanced via Application Load Balancer with containers via AWS
+ * Fargate.
+ */
+export declare class NextjsContainers extends Construct {
+    albFargateService: ApplicationLoadBalancedFargateService;
+    ecsCluster: Cluster;
+    url: string;
+    private props;
+    constructor(scope: Construct, id: string, props: NextjsContainersProps);
+    private createEcsCluster;
+    private createAlbFargateSevice;
+    /**
+     * Configure health checks for containers at ALB and ECS level. This ensures
+     * unhealthy containers are removed. Both of these health checks can be
+     * overwritten by user by accessing `albFargateService` property, so no need
+     * for `overrides`.
+     */
+    private configureHealthCheck;
+    private attachFileSystem;
+    private getUrl;
+}

package/lib/nextjs-compute/nextjs-containers.js

@@ -0,0 +1,149 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NextjsContainers = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_ecs_1 = require("aws-cdk-lib/aws-ecs");
+const aws_ecs_patterns_1 = require("aws-cdk-lib/aws-ecs-patterns");
+const aws_elasticloadbalancingv2_1 = require("aws-cdk-lib/aws-elasticloadbalancingv2");
+const constructs_1 = require("constructs");
+/**
+ * Next.js load balanced via Application Load Balancer with containers via AWS
+ * Fargate.
+ */
+class NextjsContainers extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.props = props;
+        this.ecsCluster = this.createEcsCluster();
+        this.albFargateService = this.createAlbFargateSevice();
+        this.configureHealthCheck();
+        this.attachFileSystem();
+        this.url = this.getUrl();
+    }
+    createEcsCluster() {
+        const cluster = new aws_ecs_1.Cluster(this, "EcsCluster", {
+            enableFargateCapacityProviders: true,
+            containerInsights: true,
+            vpc: this.props.vpc,
+            ...this.props.overrides?.ecsClusterProps,
+        });
+        return cluster;
+    }
+    createAlbFargateSevice() {
+        let cpuArchitecture = undefined;
+        if (process.arch === "x64") {
+            cpuArchitecture = aws_ecs_1.CpuArchitecture.X86_64;
+        }
+        else if (process.arch === "arm64") {
+            cpuArchitecture = aws_ecs_1.CpuArchitecture.ARM64;
+        }
+        const albFargateService = new aws_ecs_patterns_1.ApplicationLoadBalancedFargateService(this, "AlbFargateService", {
+            circuitBreaker: { rollback: true, enable: true },
+            cluster: this.ecsCluster,
+            cpu: 1024,
+            healthCheckGracePeriod: aws_cdk_lib_1.Duration.seconds(10),
+            maxHealthyPercent: 200,
+            memoryLimitMiB: 2048,
+            minHealthyPercent: 100, // maintain service availability during deployment
+            /*
+              This protocol version is for the target group (Fargate), not the ALB
+              Listener. From docs, "Application Load Balancers provide native support
+              for HTTP/2 with HTTPS listeners". See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
+              Next.js default server does not support HTTP/2 as it's recommended
+              to proxy your Next.js server which we're doing with ALB.
+              Also note, CloudFront only supports HTTP/1.1 origins.
+              https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomHTTPVersion
+            */
+            protocolVersion: aws_elasticloadbalancingv2_1.ApplicationProtocolVersion.HTTP1,
+            runtimePlatform: {
+                cpuArchitecture,
+            },
+            taskImageOptions: {
+                command: ["node", this.props.relativeEntrypointPath],
+                containerName: "nextjs",
+                containerPort: 3000,
+                image: aws_ecs_1.ContainerImage.fromDockerImageAsset(this.props.dockerImageAsset),
+                logDriver: aws_ecs_1.LogDrivers.awsLogs({
+                    streamPrefix: "nextjs",
+                    mode: aws_ecs_1.AwsLogDriverMode.NON_BLOCKING,
+                }),
+                ...this.props.overrides?.taskImageOptions,
+            },
+            ...this.props.overrides?.albFargateServiceProps,
+        });
+        // required or health checks fail
+        albFargateService.taskDefinition.defaultContainer?.addEnvironment("HOSTNAME", "0.0.0.0");
+        // security best practice to enforce readonly for root filesystem
+        // hopefully https://github.com/aws/aws-cdk/issues/23935 will result in
+        // easier way to set this property
+        const cfnTaskDef = albFargateService.taskDefinition.node
+            .defaultChild;
+        cfnTaskDef.addPropertyOverride("ContainerDefinitions.0.ReadonlyRootFilesystem", true);
+        // speed up deployments by shortening deregistration delay
+        // https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/load-balancer-connection-draining.html
+        // TODO: document that this should be increased if long lived connections are expected
+        albFargateService.targetGroup.setAttribute("deregistration_delay.timeout_seconds", "30");
+        // best practice to enable cross zone load balancing
+        // @see https://docs.aws.amazon.com/elasticloadbalancing/latest/application/disable-cross-zone.html
+        albFargateService.loadBalancer.setAttribute("load_balancing.cross_zone.enabled", "true");
+        return albFargateService;
+    }
+    /**
+     * Configure health checks for containers at ALB and ECS level. This ensures
+     * unhealthy containers are removed. Both of these health checks can be
+     * overwritten by user by accessing `albFargateService` property, so no need
+     * for `overrides`.
+     */
+    configureHealthCheck() {
+        // speed up deployments by shortening health checks
+        // see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/load-balancer-healthcheck.html
+        this.albFargateService.targetGroup.configureHealthCheck({
+            path: this.props.healthCheckPath,
+            healthyThresholdCount: 2,
+            interval: aws_cdk_lib_1.Duration.seconds(10), // too frequent? but enables faster rollback...
+            timeout: aws_cdk_lib_1.Duration.seconds(5), // must be less than interval
+        });
+        const healthCheck = {
+            command: [
+                "CMD-SHELL",
+                // curl isn't available in alpine linux
+                `wget --quiet --tries=1 --spider http://localhost:3000${this.props.healthCheckPath} || exit 1`,
+            ],
+        };
+        const defaultContainer = this.albFargateService.taskDefinition.defaultContainer;
+        if (defaultContainer) {
+            // @ts-expect-error must use internal "props" attribute b/c no other way to add health check
+            defaultContainer.props.healthCheck = healthCheck;
+        }
+    }
+    attachFileSystem() {
+        const container = this.albFargateService.taskDefinition.defaultContainer;
+        const volumeName = "cdk-nextjs-volume";
+        this.albFargateService.taskDefinition.addVolume({
+            name: volumeName,
+            efsVolumeConfiguration: {
+                fileSystemId: this.props.fileSystem.fileSystemId,
+                transitEncryption: "ENABLED",
+                authorizationConfig: {
+                    accessPointId: this.props.accessPoint.accessPointId,
+                    iam: "ENABLED",
+                },
+            },
+        });
+        container?.addMountPoints({
+            sourceVolume: volumeName,
+            containerPath: this.props.containerMountPathForEfs,
+            readOnly: false,
+        });
+    }
+    getUrl() {
+        const protocol = this.albFargateService.certificate ? "https" : "http";
+        return `${protocol}://${this.albFargateService.loadBalancer.loadBalancerDnsName}`;
+    }
+}
+exports.NextjsContainers = NextjsContainers;
+_a = JSII_RTTI_SYMBOL_1;
+NextjsContainers[_a] = { fqn: "cdk-nextjs.NextjsContainers", version: "0.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLWNvbnRhaW5lcnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbmV4dGpzLWNvbXB1dGUvbmV4dGpzLWNvbnRhaW5lcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBdUM7QUFFdkMsaURBUTZCO0FBQzdCLG1FQUdzQztBQUV0Qyx1RkFBb0Y7QUFDcEYsMkNBQXVDO0FBb0J2Qzs7O0dBR0c7QUFDSCxNQUFhLGdCQUFpQixTQUFRLHNCQUFTO0lBTzdDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNEI7UUFDcEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUNuQixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQzFDLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztRQUN2RCxJQUFJLENBQUMsb0JBQW9CLEVBQUUsQ0FBQztRQUM1QixJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUN4QixJQUFJLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRU8sZ0JBQWdCO1FBQ3RCLE1BQU0sT0FBTyxHQUFHLElBQUksaUJBQU8sQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO1lBQzlDLDhCQUE4QixFQUFFLElBQUk7WUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtZQUN2QixHQUFHLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHO1lBQ25CLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsZUFBZTtTQUN6QyxDQUFDLENBQUM7UUFDSCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBQ08sc0JBQXNCO1FBQzVCLElBQUksZUFBZSxHQUFnQyxTQUFTLENBQUM7UUFDN0QsSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzNCLGVBQWUsR0FBRyx5QkFBZSxDQUFDLE1BQU0sQ0FBQztRQUMzQyxDQUFDO2FBQU0sSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3BDLGVBQWUsR0FBRyx5QkFBZSxDQUFDLEtBQUssQ0FBQztRQUMxQyxDQUFDO1FBQ0QsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLHdEQUFxQyxDQUNqRSxJQUFJLEVBQ0osbUJBQW1CLEVBQ25CO1lBQ0UsY0FBYyxFQUFFLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFO1lBQ2hELE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVTtZQUN4QixHQUFHLEVBQUUsSUFBSTtZQUNULHNCQUFzQixFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUM1QyxpQkFBaUIsRUFBRSxHQUFHO1lBQ3RCLGNBQWMsRUFBRSxJQUFJO1lBQ3BCLGlCQUFpQixFQUFFLEdBQUcsRUFBRSxrREFBa0Q7WUFDMUU7Ozs7Ozs7O2NBUUU7WUFDRixlQUFlLEVBQUUsdURBQTBCLENBQUMsS0FBSztZQUNqRCxlQUFlLEVBQUU7Z0JBQ2YsZUFBZTthQUNoQjtZQUNELGdCQUFnQixFQUFFO2dCQUNoQixPQUFPLEVBQUUsQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztnQkFDcEQsYUFBYSxFQUFFLFFBQVE7Z0JBQ3ZCLGFBQWEsRUFBRSxJQUFJO2dCQUNuQixLQUFLLEVBQUUsd0JBQWMsQ0FBQyxvQkFBb0IsQ0FDeEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FDNUI7Z0JBQ0QsU0FBUyxFQUFFLG9CQUFVLENBQUMsT0FBTyxDQUFDO29CQUM1QixZQUFZLEVBQUUsUUFBUTtvQkFDdEIsSUFBSSxFQUFFLDBCQUFnQixDQUFDLFlBQVk7aUJBQ3BDLENBQUM7Z0JBQ0YsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRSxnQkFBZ0I7YUFDMUM7WUFDRCxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLHNCQUFzQjtTQUNoRCxDQUNGLENBQUM7UUFDRixpQ0FBaUM7UUFDakMsaUJBQWlCLENBQUMsY0FBYyxDQUFDLGdCQUFnQixFQUFFLGNBQWMsQ0FDL0QsVUFBVSxFQUNWLFNBQVMsQ0FDVixDQUFDO1FBQ0YsaUVBQWlFO1FBQ2pFLHVFQUF1RTtRQUN2RSxrQ0FBa0M7UUFDbEMsTUFBTSxVQUFVLEdBQUcsaUJBQWlCLENBQUMsY0FBYyxDQUFDLElBQUk7YUFDckQsWUFBaUMsQ0FBQztRQUNyQyxVQUFVLENBQUMsbUJBQW1CLENBQzVCLCtDQUErQyxFQUMvQyxJQUFJLENBQ0wsQ0FBQztRQUNGLDBEQUEwRDtRQUMxRCx5R0FBeUc7UUFDekcsc0ZBQXNGO1FBQ3RGLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQ3hDLHNDQUFzQyxFQUN0QyxJQUFJLENBQ0wsQ0FBQztRQUNGLG9EQUFvRDtRQUNwRCxtR0FBbUc7UUFDbkcsaUJBQWlCLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FDekMsbUNBQW1DLEVBQ25DLE1BQU0sQ0FDUCxDQUFDO1FBQ0YsT0FBTyxpQkFBaUIsQ0FBQztJQUMzQixDQUFDO0lBQ0Q7Ozs7O09BS0c7SUFDSyxvQkFBb0I7UUFDMUIsbURBQW1EO1FBQ25ELHFHQUFxRztRQUNyRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDO1lBQ3RELElBQUksRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLGVBQWU7WUFDaEMscUJBQXFCLEVBQUUsQ0FBQztZQUN4QixRQUFRLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLEVBQUUsK0NBQStDO1lBQy9FLE9BQU8sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSw2QkFBNkI7U0FDNUQsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxXQUFXLEdBQWdCO1lBQy9CLE9BQU8sRUFBRTtnQkFDUCxXQUFXO2dCQUNYLHVDQUF1QztnQkFDdkMsd0RBQXdELElBQUksQ0FBQyxLQUFLLENBQUMsZUFBZSxZQUFZO2FBQy9GO1NBQ0YsQ0FBQztRQUNGLE1BQU0sZ0JBQWdCLEdBQ3BCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLENBQUM7UUFDekQsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3JCLDRGQUE0RjtZQUM1RixnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUNuRCxDQUFDO0lBQ0gsQ0FBQztJQUNPLGdCQUFnQjtRQUN0QixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsY0FBYyxDQUFDLGdCQUFnQixDQUFDO1FBQ3pFLE1BQU0sVUFBVSxHQUFHLG1CQUFtQixDQUFDO1FBQ3ZDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDO1lBQzlDLElBQUksRUFBRSxVQUFVO1lBQ2hCLHNCQUFzQixFQUFFO2dCQUN0QixZQUFZLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsWUFBWTtnQkFDaEQsaUJBQWlCLEVBQUUsU0FBUztnQkFDNUIsbUJBQW1CLEVBQUU7b0JBQ25CLGFBQWEsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxhQUFhO29CQUNuRCxHQUFHLEVBQUUsU0FBUztpQkFDZjthQUNGO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsU0FBUyxFQUFFLGNBQWMsQ0FBQztZQUN4QixZQUFZLEVBQUUsVUFBVTtZQUN4QixhQUFhLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyx3QkFBd0I7WUFDbEQsUUFBUSxFQUFFLEtBQUs7U0FDaEIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUNPLE1BQU07UUFDWixNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUN2RSxPQUFPLEdBQUcsUUFBUSxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztJQUNwRixDQUFDOztBQTFKSCw0Q0EySkMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBEdXJhdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgRG9ja2VySW1hZ2VBc3NldCB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWNyLWFzc2V0c1wiO1xuaW1wb3J0IHtcbiAgQXdzTG9nRHJpdmVyTW9kZSxcbiAgQ2ZuVGFza0RlZmluaXRpb24sXG4gIENsdXN0ZXIsXG4gIENvbnRhaW5lckltYWdlLFxuICBDcHVBcmNoaXRlY3R1cmUsXG4gIEhlYWx0aENoZWNrLFxuICBMb2dEcml2ZXJzLFxufSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjc1wiO1xuaW1wb3J0IHtcbiAgQXBwbGljYXRpb25Mb2FkQmFsYW5jZWRGYXJnYXRlU2VydmljZSxcbiAgQXBwbGljYXRpb25Mb2FkQmFsYW5jZWRGYXJnYXRlU2VydmljZVByb3BzLFxufSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWVjcy1wYXR0ZXJuc1wiO1xuaW1wb3J0IHsgRmlsZVN5c3RlbSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWZzXCI7XG5pbXBvcnQgeyBBcHBsaWNhdGlvblByb3RvY29sVmVyc2lvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWxhc3RpY2xvYWRiYWxhbmNpbmd2MlwiO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCB7IE5leHRqc0NvbXB1dGVCYXNlUHJvcHMgfSBmcm9tIFwiLi9uZXh0anMtY29tcHV0ZS1iYXNlLXByb3BzXCI7XG5pbXBvcnQgeyBOZXh0anNUeXBlIH0gZnJvbSBcIi4uL2NvbW1vblwiO1xuaW1wb3J0IHsgT3B0aW9uYWxBcHBsaWNhdGlvbkxvYWRCYWxhbmNlZFRhc2tJbWFnZU9wdGlvbnMgfSBmcm9tIFwiLi4vZ2VuZXJhdGVkLXN0cnVjdHMvT3B0aW9uYWxBcHBsaWNhdGlvbkxvYWRCYWxhbmNlZFRhc2tJbWFnZU9wdGlvbnNcIjtcbmltcG9ydCB7IE9wdGlvbmFsQ2x1c3RlclByb3BzIH0gZnJvbSBcIi4uL2dlbmVyYXRlZC1zdHJ1Y3RzL09wdGlvbmFsQ2x1c3RlclByb3BzXCI7XG5cbmV4cG9ydCBpbnRlcmZhY2UgTmV4dGpzQ29udGFpbmVyc092ZXJyaWRlcyB7XG4gIHJlYWRvbmx5IGVjc0NsdXN0ZXJQcm9wcz86IE9wdGlvbmFsQ2x1c3RlclByb3BzO1xuICByZWFkb25seSBhbGJGYXJnYXRlU2VydmljZVByb3BzPzogQXBwbGljYXRpb25Mb2FkQmFsYW5jZWRGYXJnYXRlU2VydmljZVByb3BzO1xuICByZWFkb25seSB0YXNrSW1hZ2VPcHRpb25zPzogT3B0aW9uYWxBcHBsaWNhdGlvbkxvYWRCYWxhbmNlZFRhc2tJbWFnZU9wdGlvbnM7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgTmV4dGpzQ29udGFpbmVyc1Byb3BzIGV4dGVuZHMgTmV4dGpzQ29tcHV0ZUJhc2VQcm9wcyB7XG4gIHJlYWRvbmx5IGRvY2tlckltYWdlQXNzZXQ6IERvY2tlckltYWdlQXNzZXQ7XG4gIHJlYWRvbmx5IGZpbGVTeXN0ZW06IEZpbGVTeXN0ZW07XG4gIHJlYWRvbmx5IG5leHRqc1R5cGU6IE5leHRqc1R5cGU7XG4gIHJlYWRvbmx5IG92ZXJyaWRlcz86IE5leHRqc0NvbnRhaW5lcnNPdmVycmlkZXM7XG4gIHJlYWRvbmx5IHJlbGF0aXZlRW50cnlwb2ludFBhdGg6IHN0cmluZztcbn1cblxuLyoqXG4gKiBOZXh0LmpzIGxvYWQgYmFsYW5jZWQgdmlhIEFwcGxpY2F0aW9uIExvYWQgQmFsYW5jZXIgd2l0aCBjb250YWluZXJzIHZpYSBBV1NcbiAqIEZhcmdhdGUuXG4gKi9cbmV4cG9ydCBjbGFzcyBOZXh0anNDb250YWluZXJzIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgYWxiRmFyZ2F0ZVNlcnZpY2U6IEFwcGxpY2F0aW9uTG9hZEJhbGFuY2VkRmFyZ2F0ZVNlcnZpY2U7XG4gIGVjc0NsdXN0ZXI6IENsdXN0ZXI7XG4gIHVybDogc3RyaW5nO1xuXG4gIHByaXZhdGUgcHJvcHM6IE5leHRqc0NvbnRhaW5lcnNQcm9wcztcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTmV4dGpzQ29udGFpbmVyc1Byb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcbiAgICB0aGlzLnByb3BzID0gcHJvcHM7XG4gICAgdGhpcy5lY3NDbHVzdGVyID0gdGhpcy5jcmVhdGVFY3NDbHVzdGVyKCk7XG4gICAgdGhpcy5hbGJGYXJnYXRlU2VydmljZSA9IHRoaXMuY3JlYXRlQWxiRmFyZ2F0ZVNldmljZSgpO1xuICAgIHRoaXMuY29uZmlndXJlSGVhbHRoQ2hlY2soKTtcbiAgICB0aGlzLmF0dGFjaEZpbGVTeXN0ZW0oKTtcbiAgICB0aGlzLnVybCA9IHRoaXMuZ2V0VXJsKCk7XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZUVjc0NsdXN0ZXIoKTogQ2x1c3RlciB7XG4gICAgY29uc3QgY2x1c3RlciA9IG5ldyBDbHVzdGVyKHRoaXMsIFwiRWNzQ2x1c3RlclwiLCB7XG4gICAgICBlbmFibGVGYXJnYXRlQ2FwYWNpdHlQcm92aWRlcnM6IHRydWUsXG4gICAgICBjb250YWluZXJJbnNpZ2h0czogdHJ1ZSxcbiAgICAgIHZwYzogdGhpcy5wcm9wcy52cGMsXG4gICAgICAuLi50aGlzLnByb3BzLm92ZXJyaWRlcz8uZWNzQ2x1c3RlclByb3BzLFxuICAgIH0pO1xuICAgIHJldHVybiBjbHVzdGVyO1xuICB9XG4gIHByaXZhdGUgY3JlYXRlQWxiRmFyZ2F0ZVNldmljZSgpOiBBcHBsaWNhdGlvbkxvYWRCYWxhbmNlZEZhcmdhdGVTZXJ2aWNlIHtcbiAgICBsZXQgY3B1QXJjaGl0ZWN0dXJlOiBDcHVBcmNoaXRlY3R1cmUgfCB1bmRlZmluZWQgPSB1bmRlZmluZWQ7XG4gICAgaWYgKHByb2Nlc3MuYXJjaCA9PT0gXCJ4NjRcIikge1xuICAgICAgY3B1QXJjaGl0ZWN0dXJlID0gQ3B1QXJjaGl0ZWN0dXJlLlg4Nl82NDtcbiAgICB9IGVsc2UgaWYgKHByb2Nlc3MuYXJjaCA9PT0gXCJhcm02NFwiKSB7XG4gICAgICBjcHVBcmNoaXRlY3R1cmUgPSBDcHVBcmNoaXRlY3R1cmUuQVJNNjQ7XG4gICAgfVxuICAgIGNvbnN0IGFsYkZhcmdhdGVTZXJ2aWNlID0gbmV3IEFwcGxpY2F0aW9uTG9hZEJhbGFuY2VkRmFyZ2F0ZVNlcnZpY2UoXG4gICAgICB0aGlzLFxuICAgICAgXCJBbGJGYXJnYXRlU2VydmljZVwiLFxuICAgICAge1xuICAgICAgICBjaXJjdWl0QnJlYWtlcjogeyByb2xsYmFjazogdHJ1ZSwgZW5hYmxlOiB0cnVlIH0sXG4gICAgICAgIGNsdXN0ZXI6IHRoaXMuZWNzQ2x1c3RlcixcbiAgICAgICAgY3B1OiAxMDI0LFxuICAgICAgICBoZWFsdGhDaGVja0dyYWNlUGVyaW9kOiBEdXJhdGlvbi5zZWNvbmRzKDEwKSxcbiAgICAgICAgbWF4SGVhbHRoeVBlcmNlbnQ6IDIwMCxcbiAgICAgICAgbWVtb3J5TGltaXRNaUI6IDIwNDgsXG4gICAgICAgIG1pbkhlYWx0aHlQZXJjZW50OiAxMDAsIC8vIG1haW50YWluIHNlcnZpY2UgYXZhaWxhYmlsaXR5IGR1cmluZyBkZXBsb3ltZW50XG4gICAgICAgIC8qXG4gICAgICAgICAgVGhpcyBwcm90b2NvbCB2ZXJzaW9uIGlzIGZvciB0aGUgdGFyZ2V0IGdyb3VwIChGYXJnYXRlKSwgbm90IHRoZSBBTEJcbiAgICAgICAgICBMaXN0ZW5lci4gRnJvbSBkb2NzLCBcIkFwcGxpY2F0aW9uIExvYWQgQmFsYW5jZXJzIHByb3ZpZGUgbmF0aXZlIHN1cHBvcnRcbiAgICAgICAgICBmb3IgSFRUUC8yIHdpdGggSFRUUFMgbGlzdGVuZXJzXCIuIFNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vZWxhc3RpY2xvYWRiYWxhbmNpbmcvbGF0ZXN0L2FwcGxpY2F0aW9uL2xvYWQtYmFsYW5jZXItbGlzdGVuZXJzLmh0bWxcbiAgICAgICAgICBOZXh0LmpzIGRlZmF1bHQgc2VydmVyIGRvZXMgbm90IHN1cHBvcnQgSFRUUC8yIGFzIGl0J3MgcmVjb21tZW5kZWRcbiAgICAgICAgICB0byBwcm94eSB5b3VyIE5leHQuanMgc2VydmVyIHdoaWNoIHdlJ3JlIGRvaW5nIHdpdGggQUxCLlxuICAgICAgICAgIEFsc28gbm90ZSwgQ2xvdWRGcm9udCBvbmx5IHN1cHBvcnRzIEhUVFAvMS4xIG9yaWdpbnMuXG4gICAgICAgICAgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL1JlcXVlc3RBbmRSZXNwb25zZUJlaGF2aW9yQ3VzdG9tT3JpZ2luLmh0bWwjUmVxdWVzdEN1c3RvbUhUVFBWZXJzaW9uXG4gICAgICAgICovXG4gICAgICAgIHByb3RvY29sVmVyc2lvbjogQXBwbGljYXRpb25Qcm90b2NvbFZlcnNpb24uSFRUUDEsXG4gICAgICAgIHJ1bnRpbWVQbGF0Zm9ybToge1xuICAgICAgICAgIGNwdUFyY2hpdGVjdHVyZSxcbiAgICAgICAgfSxcbiAgICAgICAgdGFza0ltYWdlT3B0aW9uczoge1xuICAgICAgICAgIGNvbW1hbmQ6IFtcIm5vZGVcIiwgdGhpcy5wcm9wcy5yZWxhdGl2ZUVudHJ5cG9pbnRQYXRoXSxcbiAgICAgICAgICBjb250YWluZXJOYW1lOiBcIm5leHRqc1wiLFxuICAgICAgICAgIGNvbnRhaW5lclBvcnQ6IDMwMDAsXG4gICAgICAgICAgaW1hZ2U6IENvbnRhaW5lckltYWdlLmZyb21Eb2NrZXJJbWFnZUFzc2V0KFxuICAgICAgICAgICAgdGhpcy5wcm9wcy5kb2NrZXJJbWFnZUFzc2V0LFxuICAgICAgICAgICksXG4gICAgICAgICAgbG9nRHJpdmVyOiBMb2dEcml2ZXJzLmF3c0xvZ3Moe1xuICAgICAgICAgICAgc3RyZWFtUHJlZml4OiBcIm5leHRqc1wiLFxuICAgICAgICAgICAgbW9kZTogQXdzTG9nRHJpdmVyTW9kZS5OT05fQkxPQ0tJTkcsXG4gICAgICAgICAgfSksXG4gICAgICAgICAgLi4udGhpcy5wcm9wcy5vdmVycmlkZXM/LnRhc2tJbWFnZU9wdGlvbnMsXG4gICAgICAgIH0sXG4gICAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5hbGJGYXJnYXRlU2VydmljZVByb3BzLFxuICAgICAgfSxcbiAgICApO1xuICAgIC8vIHJlcXVpcmVkIG9yIGhlYWx0aCBjaGVja3MgZmFpbFxuICAgIGFsYkZhcmdhdGVTZXJ2aWNlLnRhc2tEZWZpbml0aW9uLmRlZmF1bHRDb250YWluZXI/LmFkZEVudmlyb25tZW50KFxuICAgICAgXCJIT1NUTkFNRVwiLFxuICAgICAgXCIwLjAuMC4wXCIsXG4gICAgKTtcbiAgICAvLyBzZWN1cml0eSBiZXN0IHByYWN0aWNlIHRvIGVuZm9yY2UgcmVhZG9ubHkgZm9yIHJvb3QgZmlsZXN5c3RlbVxuICAgIC8vIGhvcGVmdWxseSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvaXNzdWVzLzIzOTM1IHdpbGwgcmVzdWx0IGluXG4gICAgLy8gZWFzaWVyIHdheSB0byBzZXQgdGhpcyBwcm9wZXJ0eVxuICAgIGNvbnN0IGNmblRhc2tEZWYgPSBhbGJGYXJnYXRlU2VydmljZS50YXNrRGVmaW5pdGlvbi5ub2RlXG4gICAgICAuZGVmYXVsdENoaWxkIGFzIENmblRhc2tEZWZpbml0aW9uO1xuICAgIGNmblRhc2tEZWYuYWRkUHJvcGVydHlPdmVycmlkZShcbiAgICAgIFwiQ29udGFpbmVyRGVmaW5pdGlvbnMuMC5SZWFkb25seVJvb3RGaWxlc3lzdGVtXCIsXG4gICAgICB0cnVlLCAvLyBUT0RPOiBmaWd1cmUgd2h5IHN5bWxpbmsgbm90IGJlaW5nIGNyZWF0ZWQgYmV0d2VlbiBmdWxsIHJvdXRlIGNhY2hlXG4gICAgKTtcbiAgICAvLyBzcGVlZCB1cCBkZXBsb3ltZW50cyBieSBzaG9ydGVuaW5nIGRlcmVnaXN0cmF0aW9uIGRlbGF5XG4gICAgLy8gaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkVDUy9sYXRlc3QvYmVzdHByYWN0aWNlc2d1aWRlL2xvYWQtYmFsYW5jZXItY29ubmVjdGlvbi1kcmFpbmluZy5odG1sXG4gICAgLy8gVE9ETzogZG9jdW1lbnQgdGhhdCB0aGlzIHNob3VsZCBiZSBpbmNyZWFzZWQgaWYgbG9uZyBsaXZlZCBjb25uZWN0aW9ucyBhcmUgZXhwZWN0ZWRcbiAgICBhbGJGYXJnYXRlU2VydmljZS50YXJnZXRHcm91cC5zZXRBdHRyaWJ1dGUoXG4gICAgICBcImRlcmVnaXN0cmF0aW9uX2RlbGF5LnRpbWVvdXRfc2Vjb25kc1wiLFxuICAgICAgXCIzMFwiLFxuICAgICk7XG4gICAgLy8gYmVzdCBwcmFjdGljZSB0byBlbmFibGUgY3Jvc3Mgem9uZSBsb2FkIGJhbGFuY2luZ1xuICAgIC8vIEBzZWUgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2VsYXN0aWNsb2FkYmFsYW5jaW5nL2xhdGVzdC9hcHBsaWNhdGlvbi9kaXNhYmxlLWNyb3NzLXpvbmUuaHRtbFxuICAgIGFsYkZhcmdhdGVTZXJ2aWNlLmxvYWRCYWxhbmNlci5zZXRBdHRyaWJ1dGUoXG4gICAgICBcImxvYWRfYmFsYW5jaW5nLmNyb3NzX3pvbmUuZW5hYmxlZFwiLFxuICAgICAgXCJ0cnVlXCIsXG4gICAgKTtcbiAgICByZXR1cm4gYWxiRmFyZ2F0ZVNlcnZpY2U7XG4gIH1cbiAgLyoqXG4gICAqIENvbmZpZ3VyZSBoZWFsdGggY2hlY2tzIGZvciBjb250YWluZXJzIGF0IEFMQiBhbmQgRUNTIGxldmVsLiBUaGlzIGVuc3VyZXNcbiAgICogdW5oZWFsdGh5IGNvbnRhaW5lcnMgYXJlIHJlbW92ZWQuIEJvdGggb2YgdGhlc2UgaGVhbHRoIGNoZWNrcyBjYW4gYmVcbiAgICogb3ZlcndyaXR0ZW4gYnkgdXNlciBieSBhY2Nlc3NpbmcgYGFsYkZhcmdhdGVTZXJ2aWNlYCBwcm9wZXJ0eSwgc28gbm8gbmVlZFxuICAgKiBmb3IgYG92ZXJyaWRlc2AuXG4gICAqL1xuICBwcml2YXRlIGNvbmZpZ3VyZUhlYWx0aENoZWNrKCkge1xuICAgIC8vIHNwZWVkIHVwIGRlcGxveW1lbnRzIGJ5IHNob3J0ZW5pbmcgaGVhbHRoIGNoZWNrc1xuICAgIC8vIHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uRUNTL2xhdGVzdC9iZXN0cHJhY3RpY2VzZ3VpZGUvbG9hZC1iYWxhbmNlci1oZWFsdGhjaGVjay5odG1sXG4gICAgdGhpcy5hbGJGYXJnYXRlU2VydmljZS50YXJnZXRHcm91cC5jb25maWd1cmVIZWFsdGhDaGVjayh7XG4gICAgICBwYXRoOiB0aGlzLnByb3BzLmhlYWx0aENoZWNrUGF0aCxcbiAgICAgIGhlYWx0aHlUaHJlc2hvbGRDb3VudDogMixcbiAgICAgIGludGVydmFsOiBEdXJhdGlvbi5zZWNvbmRzKDEwKSwgLy8gdG9vIGZyZXF1ZW50PyBidXQgZW5hYmxlcyBmYXN0ZXIgcm9sbGJhY2suLi5cbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoNSksIC8vIG11c3QgYmUgbGVzcyB0aGFuIGludGVydmFsXG4gICAgfSk7XG4gICAgY29uc3QgaGVhbHRoQ2hlY2s6IEhlYWx0aENoZWNrID0ge1xuICAgICAgY29tbWFuZDogW1xuICAgICAgICBcIkNNRC1TSEVMTFwiLFxuICAgICAgICAvLyBjdXJsIGlzbid0IGF2YWlsYWJsZSBpbiBhbHBpbmUgbGludXhcbiAgICAgICAgYHdnZXQgLS1xdWlldCAtLXRyaWVzPTEgLS1zcGlkZXIgaHR0cDovL2xvY2FsaG9zdDozMDAwJHt0aGlzLnByb3BzLmhlYWx0aENoZWNrUGF0aH0gfHwgZXhpdCAxYCxcbiAgICAgIF0sXG4gICAgfTtcbiAgICBjb25zdCBkZWZhdWx0Q29udGFpbmVyID1cbiAgICAgIHRoaXMuYWxiRmFyZ2F0ZVNlcnZpY2UudGFza0RlZmluaXRpb24uZGVmYXVsdENvbnRhaW5lcjtcbiAgICBpZiAoZGVmYXVsdENvbnRhaW5lcikge1xuICAgICAgLy8gQHRzLWV4cGVjdC1lcnJvciBtdXN0IHVzZSBpbnRlcm5hbCBcInByb3BzXCIgYXR0cmlidXRlIGIvYyBubyBvdGhlciB3YXkgdG8gYWRkIGhlYWx0aCBjaGVja1xuICAgICAgZGVmYXVsdENvbnRhaW5lci5wcm9wcy5oZWFsdGhDaGVjayA9IGhlYWx0aENoZWNrO1xuICAgIH1cbiAgfVxuICBwcml2YXRlIGF0dGFjaEZpbGVTeXN0ZW0oKSB7XG4gICAgY29uc3QgY29udGFpbmVyID0gdGhpcy5hbGJGYXJnYXRlU2VydmljZS50YXNrRGVmaW5pdGlvbi5kZWZhdWx0Q29udGFpbmVyO1xuICAgIGNvbnN0IHZvbHVtZU5hbWUgPSBcImNkay1uZXh0anMtdm9sdW1lXCI7XG4gICAgdGhpcy5hbGJGYXJnYXRlU2VydmljZS50YXNrRGVmaW5pdGlvbi5hZGRWb2x1bWUoe1xuICAgICAgbmFtZTogdm9sdW1lTmFtZSxcbiAgICAgIGVmc1ZvbHVtZUNvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgZmlsZVN5c3RlbUlkOiB0aGlzLnByb3BzLmZpbGVTeXN0ZW0uZmlsZVN5c3RlbUlkLFxuICAgICAgICB0cmFuc2l0RW5jcnlwdGlvbjogXCJFTkFCTEVEXCIsXG4gICAgICAgIGF1dGhvcml6YXRpb25Db25maWc6IHtcbiAgICAgICAgICBhY2Nlc3NQb2ludElkOiB0aGlzLnByb3BzLmFjY2Vzc1BvaW50LmFjY2Vzc1BvaW50SWQsXG4gICAgICAgICAgaWFtOiBcIkVOQUJMRURcIixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgY29udGFpbmVyPy5hZGRNb3VudFBvaW50cyh7XG4gICAgICBzb3VyY2VWb2x1bWU6IHZvbHVtZU5hbWUsXG4gICAgICBjb250YWluZXJQYXRoOiB0aGlzLnByb3BzLmNvbnRhaW5lck1vdW50UGF0aEZvckVmcyxcbiAgICAgIHJlYWRPbmx5OiBmYWxzZSxcbiAgICB9KTtcbiAgfVxuICBwcml2YXRlIGdldFVybCgpOiBzdHJpbmcge1xuICAgIGNvbnN0IHByb3RvY29sID0gdGhpcy5hbGJGYXJnYXRlU2VydmljZS5jZXJ0aWZpY2F0ZSA/IFwiaHR0cHNcIiA6IFwiaHR0cFwiO1xuICAgIHJldHVybiBgJHtwcm90b2NvbH06Ly8ke3RoaXMuYWxiRmFyZ2F0ZVNlcnZpY2UubG9hZEJhbGFuY2VyLmxvYWRCYWxhbmNlckRuc05hbWV9YDtcbiAgfVxufVxuIl19

package/lib/nextjs-compute/nextjs-functions.d.ts

@@ -0,0 +1,23 @@
+import { DockerImageCode, DockerImageFunction, FunctionUrl } from "aws-cdk-lib/aws-lambda";
+import { Construct } from "constructs";
+import { NextjsComputeBaseProps } from "./nextjs-compute-base-props";
+import { OptionalDockerImageFunctionProps } from "../generated-structs/OptionalDockerImageFunctionProps";
+import { OptionalFunctionUrlProps } from "../generated-structs/OptionalFunctionUrlProps";
+export interface NextjsFunctionsOverrides {
+    readonly dockerImageFunctionProps?: OptionalDockerImageFunctionProps;
+    readonly functionUrlProps?: OptionalFunctionUrlProps;
+}
+export interface NextjsFunctionsProps extends NextjsComputeBaseProps {
+    readonly dockerImageCode: DockerImageCode;
+    readonly overrides?: NextjsFunctionsOverrides;
+}
+/**
+ * Run Next.js in functions on AWS with AWS Lambda.
+ */
+export declare class NextjsFunctions extends Construct {
+    function: DockerImageFunction;
+    functionUrl: FunctionUrl;
+    private props;
+    constructor(scope: Construct, id: string, props: NextjsFunctionsProps);
+    private createFunction;
+}

package/lib/nextjs-compute/nextjs-functions.js

@@ -0,0 +1,57 @@
+"use strict";
+var _a;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NextjsFunctions = void 0;
+const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const aws_lambda_1 = require("aws-cdk-lib/aws-lambda");
+const constructs_1 = require("constructs");
+/**
+ * Run Next.js in functions on AWS with AWS Lambda.
+ */
+class NextjsFunctions extends constructs_1.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        this.props = props;
+        this.function = this.createFunction();
+        this.functionUrl = this.function.addFunctionUrl({
+            authType: aws_lambda_1.FunctionUrlAuthType.AWS_IAM,
+            invokeMode: aws_lambda_1.InvokeMode.RESPONSE_STREAM,
+            ...this.props.overrides?.functionUrlProps,
+        });
+        if (!this.function.role) {
+            throw new Error("Function role is undefined");
+        }
+    }
+    createFunction() {
+        let architecture = undefined;
+        if (process.arch === "x64") {
+            architecture = aws_lambda_1.Architecture.X86_64;
+        }
+        else if (process.arch === "arm64") {
+            architecture = aws_lambda_1.Architecture.ARM_64;
+        }
+        const fn = new aws_lambda_1.DockerImageFunction(this, "Functions", {
+            architecture,
+            code: this.props.dockerImageCode,
+            filesystem: aws_lambda_1.FileSystem.fromEfsAccessPoint(this.props.accessPoint, this.props.containerMountPathForEfs),
+            memorySize: 2048,
+            timeout: aws_cdk_lib_1.Duration.seconds(30),
+            vpc: this.props.vpc,
+            ...this.props.overrides?.dockerImageFunctionProps,
+            environment: {
+                AWS_LWA_ENABLE_COMPRESSION: "true",
+                AWS_LWA_INVOKE_MODE: "response_stream",
+                AWS_LWA_READINESS_CHECK_PATH: this.props.healthCheckPath,
+                AWS_LWA_READINESS_CHECK_PORT: "3000",
+                READINESS_CHECK_PATH: `http://127.0.0.1:3000${this.props.healthCheckPath}`,
+                ...this.props.overrides?.dockerImageFunctionProps?.environment,
+            },
+        });
+        return fn;
+    }
+}
+exports.NextjsFunctions = NextjsFunctions;
+_a = JSII_RTTI_SYMBOL_1;
+NextjsFunctions[_a] = { fqn: "cdk-nextjs.NextjsFunctions", version: "0.0.0" };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLWZ1bmN0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9uZXh0anMtY29tcHV0ZS9uZXh0anMtZnVuY3Rpb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsNkNBQXVDO0FBQ3ZDLHVEQVFnQztBQUNoQywyQ0FBdUM7QUFldkM7O0dBRUc7QUFDSCxNQUFhLGVBQWdCLFNBQVEsc0JBQVM7SUFNNUMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUEyQjtRQUNuRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2pCLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBQ25CLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ3RDLElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUM7WUFDOUMsUUFBUSxFQUFFLGdDQUFtQixDQUFDLE9BQU87WUFDckMsVUFBVSxFQUFFLHVCQUFVLENBQUMsZUFBZTtZQUN0QyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLGdCQUFnQjtTQUMxQyxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7UUFDaEQsQ0FBQztJQUNILENBQUM7SUFFTyxjQUFjO1FBQ3BCLElBQUksWUFBWSxHQUE2QixTQUFTLENBQUM7UUFDdkQsSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQzNCLFlBQVksR0FBRyx5QkFBWSxDQUFDLE1BQU0sQ0FBQztRQUNyQyxDQUFDO2FBQU0sSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3BDLFlBQVksR0FBRyx5QkFBWSxDQUFDLE1BQU0sQ0FBQztRQUNyQyxDQUFDO1FBQ0QsTUFBTSxFQUFFLEdBQUcsSUFBSSxnQ0FBbUIsQ0FBQyxJQUFJLEVBQUUsV0FBVyxFQUFFO1lBQ3BELFlBQVk7WUFDWixJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlO1lBQ2hDLFVBQVUsRUFBRSx1QkFBVSxDQUFDLGtCQUFrQixDQUN2QyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFDdEIsSUFBSSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDcEM7WUFDRCxVQUFVLEVBQUUsSUFBSTtZQUNoQixPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzdCLEdBQUcsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUc7WUFDbkIsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRSx3QkFBd0I7WUFDakQsV0FBVyxFQUFFO2dCQUNYLDBCQUEwQixFQUFFLE1BQU07Z0JBQ2xDLG1CQUFtQixFQUFFLGlCQUFpQjtnQkFDdEMsNEJBQTRCLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlO2dCQUN4RCw0QkFBNEIsRUFBRSxNQUFNO2dCQUNwQyxvQkFBb0IsRUFBRSx3QkFBd0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxlQUFlLEVBQUU7Z0JBQzFFLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsd0JBQXdCLEVBQUUsV0FBVzthQUMvRDtTQUNGLENBQUMsQ0FBQztRQUNILE9BQU8sRUFBRSxDQUFDO0lBQ1osQ0FBQzs7QUFoREgsMENBaURDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRHVyYXRpb24gfSBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCB7XG4gIEFyY2hpdGVjdHVyZSxcbiAgRG9ja2VySW1hZ2VDb2RlLFxuICBEb2NrZXJJbWFnZUZ1bmN0aW9uLFxuICBGaWxlU3lzdGVtLFxuICBGdW5jdGlvblVybCxcbiAgRnVuY3Rpb25VcmxBdXRoVHlwZSxcbiAgSW52b2tlTW9kZSxcbn0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIjtcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgeyBOZXh0anNDb21wdXRlQmFzZVByb3BzIH0gZnJvbSBcIi4vbmV4dGpzLWNvbXB1dGUtYmFzZS1wcm9wc1wiO1xuaW1wb3J0IHsgT3B0aW9uYWxEb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHMgfSBmcm9tIFwiLi4vZ2VuZXJhdGVkLXN0cnVjdHMvT3B0aW9uYWxEb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHNcIjtcbmltcG9ydCB7IE9wdGlvbmFsRnVuY3Rpb25VcmxQcm9wcyB9IGZyb20gXCIuLi9nZW5lcmF0ZWQtc3RydWN0cy9PcHRpb25hbEZ1bmN0aW9uVXJsUHJvcHNcIjtcblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNGdW5jdGlvbnNPdmVycmlkZXMge1xuICByZWFkb25seSBkb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHM/OiBPcHRpb25hbERvY2tlckltYWdlRnVuY3Rpb25Qcm9wcztcbiAgcmVhZG9ubHkgZnVuY3Rpb25VcmxQcm9wcz86IE9wdGlvbmFsRnVuY3Rpb25VcmxQcm9wcztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBOZXh0anNGdW5jdGlvbnNQcm9wcyBleHRlbmRzIE5leHRqc0NvbXB1dGVCYXNlUHJvcHMge1xuICByZWFkb25seSBkb2NrZXJJbWFnZUNvZGU6IERvY2tlckltYWdlQ29kZTtcbiAgcmVhZG9ubHkgb3ZlcnJpZGVzPzogTmV4dGpzRnVuY3Rpb25zT3ZlcnJpZGVzO1xufVxuXG4vKipcbiAqIFJ1biBOZXh0LmpzIGluIGZ1bmN0aW9ucyBvbiBBV1Mgd2l0aCBBV1MgTGFtYmRhLlxuICovXG5leHBvcnQgY2xhc3MgTmV4dGpzRnVuY3Rpb25zIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgZnVuY3Rpb246IERvY2tlckltYWdlRnVuY3Rpb247XG4gIGZ1bmN0aW9uVXJsOiBGdW5jdGlvblVybDtcblxuICBwcml2YXRlIHByb3BzOiBOZXh0anNGdW5jdGlvbnNQcm9wcztcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTmV4dGpzRnVuY3Rpb25zUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIHRoaXMucHJvcHMgPSBwcm9wcztcbiAgICB0aGlzLmZ1bmN0aW9uID0gdGhpcy5jcmVhdGVGdW5jdGlvbigpO1xuICAgIHRoaXMuZnVuY3Rpb25VcmwgPSB0aGlzLmZ1bmN0aW9uLmFkZEZ1bmN0aW9uVXJsKHtcbiAgICAgIGF1dGhUeXBlOiBGdW5jdGlvblVybEF1dGhUeXBlLkFXU19JQU0sXG4gICAgICBpbnZva2VNb2RlOiBJbnZva2VNb2RlLlJFU1BPTlNFX1NUUkVBTSxcbiAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5mdW5jdGlvblVybFByb3BzLFxuICAgIH0pO1xuICAgIGlmICghdGhpcy5mdW5jdGlvbi5yb2xlKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJGdW5jdGlvbiByb2xlIGlzIHVuZGVmaW5lZFwiKTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGNyZWF0ZUZ1bmN0aW9uKCkge1xuICAgIGxldCBhcmNoaXRlY3R1cmU6IEFyY2hpdGVjdHVyZSB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZDtcbiAgICBpZiAocHJvY2Vzcy5hcmNoID09PSBcIng2NFwiKSB7XG4gICAgICBhcmNoaXRlY3R1cmUgPSBBcmNoaXRlY3R1cmUuWDg2XzY0O1xuICAgIH0gZWxzZSBpZiAocHJvY2Vzcy5hcmNoID09PSBcImFybTY0XCIpIHtcbiAgICAgIGFyY2hpdGVjdHVyZSA9IEFyY2hpdGVjdHVyZS5BUk1fNjQ7XG4gICAgfVxuICAgIGNvbnN0IGZuID0gbmV3IERvY2tlckltYWdlRnVuY3Rpb24odGhpcywgXCJGdW5jdGlvbnNcIiwge1xuICAgICAgYXJjaGl0ZWN0dXJlLFxuICAgICAgY29kZTogdGhpcy5wcm9wcy5kb2NrZXJJbWFnZUNvZGUsXG4gICAgICBmaWxlc3lzdGVtOiBGaWxlU3lzdGVtLmZyb21FZnNBY2Nlc3NQb2ludChcbiAgICAgICAgdGhpcy5wcm9wcy5hY2Nlc3NQb2ludCxcbiAgICAgICAgdGhpcy5wcm9wcy5jb250YWluZXJNb3VudFBhdGhGb3JFZnMsXG4gICAgICApLFxuICAgICAgbWVtb3J5U2l6ZTogMjA0OCxcbiAgICAgIHRpbWVvdXQ6IER1cmF0aW9uLnNlY29uZHMoMzApLFxuICAgICAgdnBjOiB0aGlzLnByb3BzLnZwYyxcbiAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5kb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHMsXG4gICAgICBlbnZpcm9ubWVudDoge1xuICAgICAgICBBV1NfTFdBX0VOQUJMRV9DT01QUkVTU0lPTjogXCJ0cnVlXCIsXG4gICAgICAgIEFXU19MV0FfSU5WT0tFX01PREU6IFwicmVzcG9uc2Vfc3RyZWFtXCIsXG4gICAgICAgIEFXU19MV0FfUkVBRElORVNTX0NIRUNLX1BBVEg6IHRoaXMucHJvcHMuaGVhbHRoQ2hlY2tQYXRoLFxuICAgICAgICBBV1NfTFdBX1JFQURJTkVTU19DSEVDS19QT1JUOiBcIjMwMDBcIixcbiAgICAgICAgUkVBRElORVNTX0NIRUNLX1BBVEg6IGBodHRwOi8vMTI3LjAuMC4xOjMwMDAke3RoaXMucHJvcHMuaGVhbHRoQ2hlY2tQYXRofWAsXG4gICAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5kb2NrZXJJbWFnZUZ1bmN0aW9uUHJvcHM/LmVudmlyb25tZW50LFxuICAgICAgfSxcbiAgICB9KTtcbiAgICByZXR1cm4gZm47XG4gIH1cbn1cbiJdfQ==

package/lib/nextjs-distribution.d.ts

@@ -0,0 +1,120 @@
+import { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
+import { AddBehaviorOptions, CachePolicyProps, Distribution, ResponseHeadersPolicyProps } from "aws-cdk-lib/aws-cloudfront";
+import { HttpOriginProps } from "aws-cdk-lib/aws-cloudfront-origins";
+import { IBucket } from "aws-cdk-lib/aws-s3";
+import { Construct } from "constructs";
+import { NextjsType } from "./common";
+import { OptionalDistributionProps } from "./generated-structs/OptionalDistributionProps";
+import { OptionalFunctionProps } from "./generated-structs/OptionalFunctionProps";
+import { OptionalS3OriginProps } from "./generated-structs/OptionalS3OriginProps";
+import { PublicDirEntry } from "./nextjs-build/nextjs-build";
+export interface NextjsDistributionOverrides {
+    readonly edgeFunctionProps?: OptionalFunctionProps;
+    readonly distributionProps?: OptionalDistributionProps;
+    readonly imageBehaviorOptions?: AddBehaviorOptions;
+    readonly imageCachePolicyProps?: CachePolicyProps;
+    readonly imageResponseHeadersPolicyProps?: ResponseHeadersPolicyProps;
+    readonly dynamicBehaviorOptions?: AddBehaviorOptions;
+    readonly dynamicCachePolicyProps?: CachePolicyProps;
+    readonly dynamicResponseHeadersPolicyProps?: ResponseHeadersPolicyProps;
+    readonly dynamicHttpOriginProps?: HttpOriginProps;
+    readonly staticBehaviorOptions?: AddBehaviorOptions;
+    readonly staticResponseHeadersPolicyProps?: ResponseHeadersPolicyProps;
+    readonly s3OriginProps?: OptionalS3OriginProps;
+}
+export interface NextjsDistributionProps {
+    /**
+     * Bucket containing static assets.
+     * Must be provided if you want to serve static files.
+     */
+    readonly assetsBucket: IBucket;
+    readonly basePath?: string;
+    /**
+     * Optional but only applicable for `NextjsType.GLOBAL_CONTAINERS`
+     */
+    readonly certificate?: ICertificate;
+    readonly distribution?: Distribution;
+    /**
+     * Dynamic (Next.js server) URL to add behavior to distribution
+     */
+    readonly dynamicUrl: string;
+    /**
+     * Required if `NextjsType.GLOBAL_FUNCTIONS`
+     */
+    readonly functionArn?: string;
+    readonly nextjsType: NextjsType;
+    /**
+     * Override props for every construct.
+     */
+    readonly overrides?: NextjsDistributionOverrides;
+    /**
+     * Path to directory of Next.js app's public directory. Used to add static
+     * behaviors to distribution.
+     */
+    readonly publicDirEntries: PublicDirEntry[];
+}
+export declare class NextjsDistribution extends Construct {
+    distribution: Distribution;
+    private props;
+    /**
+     * Common security headers applied by default to all origins
+     * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-response-headers-policies.html#managed-response-headers-policies-security
+     */
+    private commonSecurityHeadersBehavior;
+    private staticOrigin;
+    private dynamicOrigin;
+    private dynamicOriginResponsePolicy;
+    private dynamicCloudFrontFunctionAssociations;
+    private edgeLambdas?;
+    private isFunctionCompute;
+    private staticBehaviorOptions;
+    private dynamicBehaviorOptions;
+    private imageBehaviorOptions;
+    /**
+     * Given stack id: "arn:aws:cloudformation:us-east-1:905418358903:stack/lh-stickb-idp/4bf74be0-e880-11ee-aea9-0affc6185b25",
+     * returns "4bf74be0"
+     */
+    private uniqueStackIdPart;
+    constructor(scope: Construct, id: string, props: NextjsDistributionProps);
+    private createStaticOrigin;
+    private createDynamicOrigin;
+    /**
+     * Lambda Function URLs "expect the `Host` header to contain the origin domain
+     * name, not the domain name of the CloudFront distribution."
+     * @see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html#managed-origin-request-policy-all-viewer-except-host-header
+     */
+    private createDynamicOriginRequestPolicy;
+    /**
+     * Ensures Next.js `request.url` will be correct domain instead of URL of
+     * compute option (App Runner, Fargate, or Lambda)
+     * @see https://open-next.js.org/advanced/workaround#workaround-set-x-forwarded-host-header-aws-specific
+     */
+    private createDynamicCloudFrontFunctionAssociations;
+    /**
+     * Required to sign requests so that we can use IAM_AUTH for Lambda Function URL
+     * to prevent public access. Once CloudFront Lambda OAC is released, we can
+     * use infra configuration for this instead of custom code.
+     */
+    private createEdgeLambdas;
+    private createStaticBehaviorOptions;
+    private createDynamicBehaviorOptions;
+    private createImageBehaviorOptions;
+    /**
+     * Creates or uses user specified CloudFront Distribution
+     */
+    private getDistribution;
+    private addDynamicBehaviors;
+    private addStaticBehaviors;
+    /**
+     * Optionally prepends base path to given path pattern.
+     */
+    private getPathPattern;
+    /**
+     * Add Origin Access Control (OAC) to CloudFront Distribution which is preferred
+     * way to secure access from Distribution to S3. Remove legacy OAI.
+     *
+     * When CDK releases L2 support for this, please remove this code.
+     * @see https://github.com/aws/aws-cdk/issues/21771#issuecomment-1567647338
+     */
+    private addS3OacAndRemoveOai;
+}