cdk-nuxt 2.4.0 → 2.5.0

package/lib/stack/server/NuxtServerAppStack.ts

@@ -12,10 +12,10 @@ import {
     Distribution, HttpVersion,
     type IOriginAccessIdentity,
     OriginAccessIdentity,
-    OriginProtocolPolicy,
+    OriginProtocolPolicy, OriginRequestPolicy,
     PriceClass,
     SecurityPolicyProtocol,
-    ViewerProtocolPolicy
+    ViewerProtocolPolicy,OriginRequestCookieBehavior, OriginRequestHeaderBehavior, OriginRequestQueryStringBehavior
 } from "aws-cdk-lib/aws-cloudfront";
 import {Architecture, Code, Function, Runtime, Tracing} from "aws-cdk-lib/aws-lambda";
 import {
@@ -29,18 +29,16 @@ import {AaaaRecord, ARecord, HostedZone, type IHostedZone, RecordTarget} from "a
 import {BucketDeployment, Source, StorageClass} from "aws-cdk-lib/aws-s3-deployment";
 import {HttpOrigin, S3BucketOrigin} from "aws-cdk-lib/aws-cloudfront-origins";
 import {CloudFrontTarget} from "aws-cdk-lib/aws-route53-targets";
-import {HttpMethod} from "aws-cdk-lib/aws-stepfunctions-tasks";
-import {RetentionDays} from "aws-cdk-lib/aws-logs";
+import { LogGroup, RetentionDays } from "aws-cdk-lib/aws-logs";
 import {getNuxtAppStaticAssetConfigs, type StaticAssetConfig} from "../NuxtAppStaticAssets";
-import * as fs from "fs";
 import {Rule, RuleTargetInput, Schedule} from "aws-cdk-lib/aws-events";
 import {LambdaFunction} from "aws-cdk-lib/aws-events-targets";
 import * as path from "path";
-import {writeFileSync} from "fs";
+import {writeFileSync, mkdirSync, existsSync} from "fs";
 import {type NuxtServerAppStackProps} from "./NuxtServerAppStackProps";
 import {CloudFrontAccessLogsAnalysis} from "../access-logs-analysis/CloudFrontAccessLogsAnalysis";
 import {HttpLambdaIntegration} from "aws-cdk-lib/aws-apigatewayv2-integrations";
-import {DomainName, EndpointType, HttpApi, SecurityPolicy} from "aws-cdk-lib/aws-apigatewayv2";
+import {DomainName, EndpointType, HttpApi, HttpMethod, SecurityPolicy} from "aws-cdk-lib/aws-apigatewayv2";
 
 /**
  * CDK stack to deploy a dynamic Nuxt app (target=server) on AWS with Lambda, ApiGateway, S3 and CloudFront.
@@ -118,10 +116,23 @@ export class NuxtServerAppStack extends Stack {
     private httpOrigin: HttpOrigin;
 
     /**
-     * The cache policy for the Nuxt app route behaviors of the CloudFront distribution.
+     * The cache policy that specifies which HTTP headers, cookies, and query strings
+     * CloudFront forwards to the Nuxt app and uses to generate a cache key.
      */
     private appCachePolicy: CachePolicy;
 
+    /**
+     * The origin request policy that specifies which HTTP headers, cookies, and query strings
+     * CloudFront forwards to the Nuxt app without affecting the cache key.
+     */
+    private appRequestPolicy: OriginRequestPolicy;
+
+    /**
+     * The behavior for the CloudFront distribution to route incoming web requests
+     * to the Nuxt Lambda function (via API gateway).
+     */
+    private nuxtServerRouteBehavior: BehaviorOptions;
+
     /**
      * The CloudFront distribution to route incoming requests to the Nuxt Lambda function (via the API gateway)
      * or the S3 assets folder (with caching).
@@ -154,6 +165,8 @@ export class NuxtServerAppStack extends Stack {
         this.apiGateway = this.createApiGateway(props);
         this.httpOrigin = this.createNuxtAppHttpOrigin();
         this.appCachePolicy = this.createNuxtAppCachePolicy(props)
+        this.appRequestPolicy = this.createNuxtAppRequestPolicy(props)
+        this.nuxtServerRouteBehavior = this.createNuxtServerRouteBehavior()
         this.cdn = this.createCloudFrontDistribution(props);
         this.configureDeployments();
         this.createDnsRecords(props);
@@ -169,10 +182,11 @@ export class NuxtServerAppStack extends Stack {
      * and returns the current revision.
      */
     private createDeploymentRevision(props: NuxtServerAppStackProps): string {
-        const revisionFilePath = `${props.rootDir ?? '.'}/.output/public/app-revision`;
         const appRevision = new Date().toISOString();
 
-        writeFileSync(revisionFilePath, appRevision, {encoding: 'utf-8'});
+        const dir = path.join(props.rootDir ?? '.', '.output', 'public');
+        mkdirSync(dir, { recursive: true });
+        writeFileSync(path.join(dir, 'app-revision'), appRevision, { encoding: 'utf-8' });
 
         return appRevision;
     }
@@ -239,6 +253,12 @@ export class NuxtServerAppStack extends Stack {
     private createAppLambdaFunction(props: NuxtServerAppStackProps): Function {
         const funcName = `${this.resourceIdPrefix}-app-function`;
 
+        const appLogGroup = new LogGroup(this, `${funcName}-logs`, {
+            logGroupName: `/aws/lambda/${funcName}`,
+            retention: RetentionDays.ONE_MONTH,
+        });
+        appLogGroup.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
         return new Function(this, funcName, {
             functionName: funcName,
             description: `Renders the ${this.resourceIdPrefix} Nuxt app.`,
@@ -250,9 +270,9 @@ export class NuxtServerAppStack extends Stack {
             }),
             timeout: Duration.seconds(10),
             memorySize: props.memorySize ?? 1792,
-            logRetention: RetentionDays.ONE_MONTH,
             allowPublicSubnet: false,
             tracing: props.enableTracing ? Tracing.ACTIVE : Tracing.DISABLED,
+            logGroup: appLogGroup,
             environment: {
                 NODE_OPTIONS: '--enable-source-maps',
                 ...JSON.parse(props.entrypointEnv ?? '{}'),
@@ -269,6 +289,12 @@ export class NuxtServerAppStack extends Stack {
         const functionName: string = `${this.resourceIdPrefix}-cleanup-function`;
         const functionDirPath = path.join(__dirname, '../../functions/assets-cleanup');
 
+        const cleanupLogGroup = new LogGroup(this, `${functionName}-logs`, {
+            logGroupName: `/aws/lambda/${functionName}`,
+            retention: RetentionDays.TWO_WEEKS,
+        });
+        cleanupLogGroup.applyRemovalPolicy(RemovalPolicy.DESTROY);
+
         const result: Function = new Function(this, functionName, {
             functionName: functionName,
             description: `Auto-deletes the outdated static assets in the ${this.staticAssetsBucket.bucketName} S3 bucket.`,
@@ -280,7 +306,6 @@ export class NuxtServerAppStack extends Stack {
             }),
             timeout: Duration.minutes(5),
             memorySize: 128,
-            logRetention: RetentionDays.TWO_WEEKS,
             environment: {
                 STATIC_ASSETS_BUCKET: this.staticAssetsBucket.bucketName,
                 OUTDATED_ASSETS_RETENTION_DAYS: `${props.outdatedAssetsRetentionDays ?? 30}`,
@@ -288,6 +313,7 @@ export class NuxtServerAppStack extends Stack {
                 AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
                 NODE_OPTIONS: '--enable-source-maps',
             },
+            logGroup: cleanupLogGroup,
         });
 
         // grant function access to S3 bucket
@@ -330,7 +356,15 @@ export class NuxtServerAppStack extends Stack {
         apiGateway.addRoutes({
             integration: lambdaIntegration,
             path: '/{proxy+}',
-            methods: [HttpMethod.GET, HttpMethod.HEAD],
+            methods: [
+                HttpMethod.GET,
+                HttpMethod.HEAD,
+                HttpMethod.OPTIONS,
+                HttpMethod.POST,
+                HttpMethod.PUT,
+                HttpMethod.PATCH,
+                HttpMethod.DELETE,
+            ],
         });
 
         return apiGateway;
@@ -352,12 +386,12 @@ export class NuxtServerAppStack extends Stack {
             minimumProtocolVersion: SecurityPolicyProtocol.TLS_V1_2_2018,
             certificate: Certificate.fromCertificateArn(this, `${this.resourceIdPrefix}-global-certificate`, props.globalTlsCertificateArn),
             httpVersion: HttpVersion.HTTP2_AND_3,
-            defaultBehavior: this.createNuxtAppRouteBehavior(),
+            defaultBehavior: this.nuxtServerRouteBehavior,
             additionalBehaviors: this.setupCloudFrontRouting(props),
             priceClass: PriceClass.PRICE_CLASS_100, // Use only North America and Europe
             logBucket: this.accessLogsBucket,
             logFilePrefix: props.enableAccessLogsAnalysis ? CloudFrontAccessLogsAnalysis.getLogFilePrefix() : undefined,
-            logIncludesCookies: true,
+            logIncludesCookies: props.enableAccessLogsAnalysis,
         });
     }
 
@@ -378,19 +412,23 @@ export class NuxtServerAppStack extends Stack {
      * to the Nuxt render Lambda function (via API gateway).
      * Additionally, this automatically redirects HTTP requests to HTTPS.
      */
-    private createNuxtAppRouteBehavior(): BehaviorOptions {
+    private createNuxtServerRouteBehavior(): BehaviorOptions {
         return {
             origin: this.httpOrigin,
             allowedMethods: AllowedMethods.ALLOW_GET_HEAD,
             compress: true,
             viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
-            originRequestPolicy: undefined,
+            originRequestPolicy: this.appRequestPolicy,
             cachePolicy: this.appCachePolicy
         };
     }
 
     private setupCloudFrontRouting(props: NuxtServerAppStackProps): Record<string, BehaviorOptions> {
-        let routingBehaviours: Record<string, BehaviorOptions> = {};
+        let routingBehaviours: Record<string, BehaviorOptions> = {
+
+            // Nuxt I18n files are served via a server route
+            '/_i18n/*': this.nuxtServerRouteBehavior,
+        };
 
         // Specific ones first
         if (props.enableApi) {
@@ -415,14 +453,27 @@ export class NuxtServerAppStack extends Stack {
             defaultTtl: Duration.seconds(0),
             minTtl: Duration.seconds(0),
             maxTtl: Duration.days(365),
-            queryStringBehavior: props.allowQueryParams?.length ? CacheQueryStringBehavior.allowList(...props.allowQueryParams) : (props.denyQueryParams?.length ? CacheQueryStringBehavior.denyList(...props.denyQueryParams) : CacheQueryStringBehavior.all()),
-            headerBehavior: props.allowHeaders?.length ? CacheHeaderBehavior.allowList(...props.allowHeaders) : CacheHeaderBehavior.none(),
-            cookieBehavior: props.allowCookies?.length ? CacheCookieBehavior.allowList(...props.allowCookies) : CacheCookieBehavior.none(),
+            queryStringBehavior: props.cacheKeyQueryParams?.length ? CacheQueryStringBehavior.allowList(...props.cacheKeyQueryParams) : (props.denyCacheKeyQueryParams?.length ? CacheQueryStringBehavior.denyList(...props.denyCacheKeyQueryParams) : (props.allowQueryParams?.length ? CacheQueryStringBehavior.allowList(...props.allowQueryParams) : (props.denyQueryParams?.length ? CacheQueryStringBehavior.denyList(...props.denyQueryParams) : CacheQueryStringBehavior.all()))),
+            headerBehavior: props.cacheKeyHeaders?.length ? CacheHeaderBehavior.allowList(...props.cacheKeyHeaders) : (props.allowHeaders?.length ? CacheHeaderBehavior.allowList(...props.allowHeaders) : CacheHeaderBehavior.none()),
+            cookieBehavior: props.cacheKeyCookies?.length ? CacheCookieBehavior.allowList(...props.cacheKeyCookies) : (props.allowCookies?.length ? CacheCookieBehavior.allowList(...props.allowCookies) : CacheCookieBehavior.none()),
             enableAcceptEncodingBrotli: true,
             enableAcceptEncodingGzip: true,
         });
     }
 
+    /**
+     * Creates an origin request policy for the Nuxt app route behavior of the CloudFront distribution.
+     */
+    private createNuxtAppRequestPolicy(props: NuxtServerAppStackProps): OriginRequestPolicy {
+        return new OriginRequestPolicy(this, `${this.resourceIdPrefix}-request-policy`, {
+            originRequestPolicyName: `${this.resourceIdPrefix}-cdn-request-policy`,
+            comment: `Defines which request data to pass to the ${this.resourceIdPrefix} origin without affecting the cache key.`,
+            queryStringBehavior: props.forwardQueryParams?.length ? OriginRequestQueryStringBehavior.allowList(...props.forwardQueryParams) : OriginRequestQueryStringBehavior.all(),
+            headerBehavior: props.forwardHeaders?.length ? OriginRequestHeaderBehavior.allowList(...props.forwardHeaders) : OriginRequestHeaderBehavior.none(),
+            cookieBehavior: props.forwardCookies?.length ? OriginRequestCookieBehavior.allowList(...props.forwardCookies) : OriginRequestCookieBehavior.none(),
+        });
+    }
+
     /**
      * Creates a behavior for the CloudFront distribution to route matching Nuxt app API requests to the API gateway.
      */
@@ -433,6 +484,7 @@ export class NuxtServerAppStack extends Stack {
             allowedMethods: AllowedMethods.ALLOW_ALL,
             cachedMethods: CachedMethods.CACHE_GET_HEAD_OPTIONS,
             cachePolicy: this.appCachePolicy,
+            originRequestPolicy: this.appRequestPolicy,
             viewerProtocolPolicy: ViewerProtocolPolicy.HTTPS_ONLY
         };
 
@@ -511,7 +563,7 @@ export class NuxtServerAppStack extends Stack {
      */
     private configureDeployments(): BucketDeployment[] {
         // Returns a deployment for every configured static asset type to respect the different cache settings
-        return this.staticAssetConfigs.filter(asset => fs.existsSync(asset.source)).map((asset, assetIndex) => {
+        return this.staticAssetConfigs.filter(asset => existsSync(asset.source)).map((asset, assetIndex) => {
             return new BucketDeployment(this, `${this.resourceIdPrefix}-assets-deployment-${assetIndex}`, {
                 sources: [Source.asset(asset.source, {
                     exclude: asset.exclude,
@@ -616,7 +668,7 @@ export class NuxtServerAppStack extends Stack {
 
 
     /**
-     * Creates a scheduled rule that runs every tuesday at 03:30 AM GMT to trigger
+     * Creates a scheduled rule that runs every Tuesday at 03:30 AM GMT to trigger
      * our cleanup Lambda function.
      *
      * @private
@@ -626,7 +678,7 @@ export class NuxtServerAppStack extends Stack {
             ruleName: `${this.resourceIdPrefix}-scheduler`,
             description: `Triggers a cleanup of the outdated static assets at the ${this.staticAssetsBucket.bucketName} S3 bucket.`,
             enabled: true,
-            schedule: Schedule.cron({weekDay: '3', hour: '3', minute: '30'}),
+            schedule: Schedule.cron({weekDay: '2', hour: '3', minute: '30'}),
             targets: [new LambdaFunction(this.cleanupLambdaFunction)],
         });
     }

package/lib/stack/server/NuxtServerAppStackProps.d.ts

@@ -50,11 +50,78 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * Defaults to 30 days.
      */
     readonly outdatedAssetsRetentionDays?: number;
+    /**
+     * An array of HTTP headers to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for headers that do not affect the response.
+     *
+     * No headers are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardHeaders?: string[];
+    /**
+     * An array of HTTP headers to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for headers that might affect the response, e.g., 'Authorization'.
+     *
+     * No headers are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyHeaders?: string[];
+    /**
+     * An array of cookies to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for cookies that do not affect the response.
+     *
+     * No cookies are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardCookies?: string[];
+    /**
+     * An array of cookies to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for cookies that might affect the response, e.g., authentication cookies.
+     *
+     * No cookies are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyCookies?: string[];
+    /**
+     * An array of query params to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for query params that do not affect the response and are required on SSR requests.
+     *
+     * All query params are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardQueryParams?: string[];
+    /**
+     * An array of query params to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for query params that affect the response and are required on SSR requests, e.g., filters.
+     *
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyQueryParams?: string[];
+    /**
+     * An array of query params to prevent forwarding to the Nuxt app and to not include in the cache key for objects that are cached at CloudFront edge locations.
+     * When set, all query params that are not specified in this array will be forwarded to the Nuxt app and included in the cache key.
+     * This should be used for query params that do not affect the response and are not required on SSR requests, e.g., 'fbclid' or 'utm_campaign'.
+     *
+     * If both {@see cacheKeyQueryParams} and {@see denyCacheKeyQueryParams} are specified, the {@see denyCacheKeyQueryParams} will be ignored.
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly denyCacheKeyQueryParams?: string[];
     /**
      * An array of headers to pass to the Nuxt app on SSR requests.
      * The more headers are passed, the weaker the cache performance will be, as the cache key
      * is based on the headers.
      * No headers are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyHeaders} instead.
      */
     readonly allowHeaders?: string[];
     /**
@@ -62,6 +129,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * The more cookies are passed, the weaker the cache performance will be, as the cache key
      * is based on the cookies.
      * No cookies are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyCookies} instead.
      */
     readonly allowCookies?: string[];
     /**
@@ -71,6 +140,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * Note that this config can not be combined with {@see denyQueryParams}.
      * If both are specified, the {@see denyQueryParams} will be ignored.
      * All query params are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyQueryParams} instead.
      */
     readonly allowQueryParams?: string[];
     /**
@@ -80,6 +151,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * Note that this config can not be combined with {@see allowQueryParams}.
      * If both are specified, the {@see denyQueryParams} will be ignored.
      * All query params are passed by default.
+     *
+     * @deprecated Use {@see denyCacheKeyQueryParams} instead.
      */
     readonly denyQueryParams?: string[];
 }

package/lib/stack/server/NuxtServerAppStackProps.js

@@ -1,3 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTnV4dFNlcnZlckFwcFN0YWNrUHJvcHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJOdXh0U2VydmVyQXBwU3RhY2tQcm9wcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHt0eXBlIE51eHRBcHBTdGFja1Byb3BzfSBmcm9tIFwiLi4vTnV4dEFwcFN0YWNrUHJvcHNcIjtcblxuLyoqXG4gKiBEZWZpbmVzIHRoZSBwcm9wcyByZXF1aXJlZCBmb3IgdGhlIHtAc2VlIE51eHRTZXJ2ZXJBcHBTdGFja30uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgTnV4dFNlcnZlckFwcFN0YWNrUHJvcHMgZXh0ZW5kcyBOdXh0QXBwU3RhY2tQcm9wcyB7XG5cbiAgICAvKipcbiAgICAgKiBUaGUgQVJOIG9mIHRoZSBjZXJ0aWZpY2F0ZSB0byB1c2UgYXQgdGhlIEFwaUdhdGV3YXkgZm9yIHRoZSBOdXh0IGFwcCB0byBtYWtlIGl0IGFjY2Vzc2libGUgdmlhIHRoZSBjdXN0b20gZG9tYWluXG4gICAgICogYW5kIHRvIHByb3ZpZGUgdGhlIGN1c3RvbSBkb21haW4gdG8gdGhlIE51eHQgYXBwIHZpYSB0aGUgJ0hvc3QnIGhlYWRlciBmb3Igc2VydmVyIHNpZGUgcmVuZGVyaW5nIHVzZSBjYXNlcy5cbiAgICAgKiBUaGUgY2VydGlmaWNhdGUgbXVzdCBiZSBpc3N1ZWQgaW4gdGhlIHNhbWUgcmVnaW9uIGFzIHNwZWNpZmllZCB2aWEgJ2Vudi5yZWdpb24nIGFzIEFwaUdhdGV3YXkgd29ya3MgcmVnaW9uYWxseS5cbiAgICAgKi9cbiAgICByZWFkb25seSByZWdpb25hbFRsc0NlcnRpZmljYXRlQXJuOiBzdHJpbmc7XG5cbiAgICAvKipcbiAgICAgKiBUaGUgZmlsZSBuYW1lICh3aXRob3V0IGV4dGVuc2lvbikgb2YgdGhlIExhbWJkYSBlbnRyeXBvaW50IHdpdGhpbiB0aGUgJ3NlcnZlcicgZGlyZWN0b3J5IGV4cG9ydGluZyBhIGhhbmRsZXIuXG4gICAgICogRGVmYXVsdHMgdG8gXCJpbmRleFwiLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGVudHJ5cG9pbnQ/OiBzdHJpbmc7XG5cbiAgICAvKipcbiAgICAgKiBBIEpTT04gc2VyaWFsaXplZCBzdHJpbmcgb2YgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIHBhc3MgdG8gdGhlIExhbWJkYSBmdW5jdGlvbi5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbnRyeXBvaW50RW52Pzogc3RyaW5nO1xuXG4gICAgLyoqXG4gICAgICogVGhlIG1lbW9yeSBzaXplIHRvIGFwcGx5IHRvIHRoZSBOdXh0IGFwcCdzIExhbWJkYS5cbiAgICAgKiBEZWZhdWx0cyB0byAxNzkyTUIgKG9wdGltaXplZCBmb3IgY29zdHMgYW5kIHBlcmZvcm1hbmNlIGZvciBzdGFuZGFyZCBOdXh0IGFwcHMpLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IG1lbW9yeVNpemU/OiBudW1iZXI7XG5cbiAgICAvKipcbiAgICAgKiBXaGV0aGVyIHRvIGVuYWJsZSBBV1MgWC1SYXkgZm9yIHRoZSBOdXh0IExhbWJkYSBmdW5jdGlvbi5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbmFibGVUcmFjaW5nPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIGEgZ2xvYmFsIFNpdGVtYXAgYnVja2V0IHdoaWNoIGlzIHBlcm1hbmVudGx5IGFjY2Vzc2libGUgdGhyb3VnaCBtdWx0aXBsZSBkZXBsb3ltZW50cy5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbmFibGVTaXRlbWFwPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIChIVFRQUyBvbmx5KSBBUEkgYWNjZXNzIHRvIHRoZSBOdXh0IGFwcCB2aWEgdGhlIGAvYXBpYCBwYXRoIHdoaWNoIHN1cHBvcnQgYWxsIEhUVFAgbWV0aG9kcy5cbiAgICAgKiBTZWUgaHR0cHM6Ly9udXh0LmNvbS9kb2NzL2d1aWRlL2RpcmVjdG9yeS1zdHJ1Y3R1cmUvc2VydmVyI3JlY2lwZXMgZm9yIGRldGFpbHMuXG4gICAgICovXG4gICAgcmVhZG9ubHkgZW5hYmxlQXBpPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIHJlcG9ydGluZyBvZiBDbG91ZEZyb250IGFjY2VzcyBsb2dzIHZpYSBBdGhlbmEuXG4gICAgICovXG4gICAgcmVhZG9ubHkgZW5hYmxlQWNjZXNzTG9nc0FuYWx5c2lzPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIEFycmF5IG9mIGNvb2tpZSBuYW1lcyB0byBpbmNsdWRlIGluIHRoZSBhY2Nlc3MgbG9ncyAod2hpdGVsaXN0KS5cbiAgICAgKi9cbiAgICByZWFkb25seSBhY2Nlc3NMb2dDb29raWVzPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBUaGUgbnVtYmVyIG9mIGRheXMgdG8gcmV0YWluIHN0YXRpYyBhc3NldHMgb2Ygb3V0ZGF0ZWQgZGVwbG95bWVudHMgaW4gdGhlIFMzIGJ1Y2tldC5cbiAgICAgKiBVc2VmdWwgdG8gYWxsb3cgdXNlcnMgdG8gc3RpbGwgYWNjZXNzIG9sZCBhc3NldHMgYWZ0ZXIgYSBuZXcgZGVwbG95bWVudCB3aGVuIHRoZXkgYXJlIHN0aWxsIGJyb3dzaW5nIG9uIGFuIG9sZCB2ZXJzaW9uLlxuICAgICAqIERlZmF1bHRzIHRvIDMwIGRheXMuXG4gICAgICovXG4gICAgcmVhZG9ubHkgb3V0ZGF0ZWRBc3NldHNSZXRlbnRpb25EYXlzPzogbnVtYmVyO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgaGVhZGVycyB0byBwYXNzIHRvIHRoZSBOdXh0IGFwcCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICogVGhlIG1vcmUgaGVhZGVycyBhcmUgcGFzc2VkLCB0aGUgd2Vha2VyIHRoZSBjYWNoZSBwZXJmb3JtYW5jZSB3aWxsIGJlLCBhcyB0aGUgY2FjaGUga2V5XG4gICAgICogaXMgYmFzZWQgb24gdGhlIGhlYWRlcnMuXG4gICAgICogTm8gaGVhZGVycyBhcmUgcGFzc2VkIGJ5IGRlZmF1bHQuXG4gICAgICovXG4gICAgcmVhZG9ubHkgYWxsb3dIZWFkZXJzPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBBbiBhcnJheSBvZiBjb29raWVzIHRvIHBhc3MgdG8gdGhlIE51eHQgYXBwIG9uIFNTUiByZXF1ZXN0cy5cbiAgICAgKiBUaGUgbW9yZSBjb29raWVzIGFyZSBwYXNzZWQsIHRoZSB3ZWFrZXIgdGhlIGNhY2hlIHBlcmZvcm1hbmNlIHdpbGwgYmUsIGFzIHRoZSBjYWNoZSBrZXlcbiAgICAgKiBpcyBiYXNlZCBvbiB0aGUgY29va2llcy5cbiAgICAgKiBObyBjb29raWVzIGFyZSBwYXNzZWQgYnkgZGVmYXVsdC5cbiAgICAgKi9cbiAgICByZWFkb25seSBhbGxvd0Nvb2tpZXM/OiBzdHJpbmdbXTtcblxuICAgIC8qKlxuICAgICAqIEFuIGFycmF5IG9mIHF1ZXJ5IHBhcmFtIGtleXMgdG8gcGFzcyB0byB0aGUgTnV4dCBhcHAgb24gU1NSIHJlcXVlc3RzLlxuICAgICAqIFRoZSBtb3JlIHF1ZXJ5IHBhcmFtcyBhcmUgcGFzc2VkLCB0aGUgd2Vha2VyIHRoZSBjYWNoZSBwZXJmb3JtYW5jZSB3aWxsIGJlLCBhcyB0aGUgY2FjaGUga2V5XG4gICAgICogaXMgYmFzZWQgb24gdGhlIHF1ZXJ5IHBhcmFtcy5cbiAgICAgKiBOb3RlIHRoYXQgdGhpcyBjb25maWcgY2FuIG5vdCBiZSBjb21iaW5lZCB3aXRoIHtAc2VlIGRlbnlRdWVyeVBhcmFtc30uXG4gICAgICogSWYgYm90aCBhcmUgc3BlY2lmaWVkLCB0aGUge0BzZWUgZGVueVF1ZXJ5UGFyYW1zfSB3aWxsIGJlIGlnbm9yZWQuXG4gICAgICogQWxsIHF1ZXJ5IHBhcmFtcyBhcmUgcGFzc2VkIGJ5IGRlZmF1bHQuXG4gICAgICovXG4gICAgcmVhZG9ubHkgYWxsb3dRdWVyeVBhcmFtcz86IHN0cmluZ1tdO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgcXVlcnkgcGFyYW0ga2V5cyB0byBkZW55IHBhc3NpbmcgdG8gdGhlIE51eHQgYXBwIG9uIFNTUiByZXF1ZXN0cy5cbiAgICAgKiBJdCBtaWdodCBiZSB1c2VmdWwgdG8gcHJldmVudCBzcGVjaWZpYyBleHRlcm5hbCBxdWVyeSBwYXJhbXMsIGUuZy4sIGZiY2xpZCwgdXRtX2NhbXBhaWduLCAuLi4sXG4gICAgICogdG8gaW1wcm92ZSBjYWNoZSBwZXJmb3JtYW5jZSwgYXMgdGhlIGNhY2hlIGtleSBpcyBiYXNlZCBvbiB0aGUgc3BlY2lmaWVkIHF1ZXJ5IHBhcmFtcy5cbiAgICAgKiBOb3RlIHRoYXQgdGhpcyBjb25maWcgY2FuIG5vdCBiZSBjb21iaW5lZCB3aXRoIHtAc2VlIGFsbG93UXVlcnlQYXJhbXN9LlxuICAgICAqIElmIGJvdGggYXJlIHNwZWNpZmllZCwgdGhlIHtAc2VlIGRlbnlRdWVyeVBhcmFtc30gd2lsbCBiZSBpZ25vcmVkLlxuICAgICAqIEFsbCBxdWVyeSBwYXJhbXMgYXJlIHBhc3NlZCBieSBkZWZhdWx0LlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGRlbnlRdWVyeVBhcmFtcz86IHN0cmluZ1tdO1xufSJdfQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTnV4dFNlcnZlckFwcFN0YWNrUHJvcHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJOdXh0U2VydmVyQXBwU3RhY2tQcm9wcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHt0eXBlIE51eHRBcHBTdGFja1Byb3BzfSBmcm9tIFwiLi4vTnV4dEFwcFN0YWNrUHJvcHNcIjtcblxuLyoqXG4gKiBEZWZpbmVzIHRoZSBwcm9wcyByZXF1aXJlZCBmb3IgdGhlIHtAc2VlIE51eHRTZXJ2ZXJBcHBTdGFja30uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgTnV4dFNlcnZlckFwcFN0YWNrUHJvcHMgZXh0ZW5kcyBOdXh0QXBwU3RhY2tQcm9wcyB7XG5cbiAgICAvKipcbiAgICAgKiBUaGUgQVJOIG9mIHRoZSBjZXJ0aWZpY2F0ZSB0byB1c2UgYXQgdGhlIEFwaUdhdGV3YXkgZm9yIHRoZSBOdXh0IGFwcCB0byBtYWtlIGl0IGFjY2Vzc2libGUgdmlhIHRoZSBjdXN0b20gZG9tYWluXG4gICAgICogYW5kIHRvIHByb3ZpZGUgdGhlIGN1c3RvbSBkb21haW4gdG8gdGhlIE51eHQgYXBwIHZpYSB0aGUgJ0hvc3QnIGhlYWRlciBmb3Igc2VydmVyIHNpZGUgcmVuZGVyaW5nIHVzZSBjYXNlcy5cbiAgICAgKiBUaGUgY2VydGlmaWNhdGUgbXVzdCBiZSBpc3N1ZWQgaW4gdGhlIHNhbWUgcmVnaW9uIGFzIHNwZWNpZmllZCB2aWEgJ2Vudi5yZWdpb24nIGFzIEFwaUdhdGV3YXkgd29ya3MgcmVnaW9uYWxseS5cbiAgICAgKi9cbiAgICByZWFkb25seSByZWdpb25hbFRsc0NlcnRpZmljYXRlQXJuOiBzdHJpbmc7XG5cbiAgICAvKipcbiAgICAgKiBUaGUgZmlsZSBuYW1lICh3aXRob3V0IGV4dGVuc2lvbikgb2YgdGhlIExhbWJkYSBlbnRyeXBvaW50IHdpdGhpbiB0aGUgJ3NlcnZlcicgZGlyZWN0b3J5IGV4cG9ydGluZyBhIGhhbmRsZXIuXG4gICAgICogRGVmYXVsdHMgdG8gXCJpbmRleFwiLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGVudHJ5cG9pbnQ/OiBzdHJpbmc7XG5cbiAgICAvKipcbiAgICAgKiBBIEpTT04gc2VyaWFsaXplZCBzdHJpbmcgb2YgZW52aXJvbm1lbnQgdmFyaWFibGVzIHRvIHBhc3MgdG8gdGhlIExhbWJkYSBmdW5jdGlvbi5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbnRyeXBvaW50RW52Pzogc3RyaW5nO1xuXG4gICAgLyoqXG4gICAgICogVGhlIG1lbW9yeSBzaXplIHRvIGFwcGx5IHRvIHRoZSBOdXh0IGFwcCdzIExhbWJkYS5cbiAgICAgKiBEZWZhdWx0cyB0byAxNzkyTUIgKG9wdGltaXplZCBmb3IgY29zdHMgYW5kIHBlcmZvcm1hbmNlIGZvciBzdGFuZGFyZCBOdXh0IGFwcHMpLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IG1lbW9yeVNpemU/OiBudW1iZXI7XG5cbiAgICAvKipcbiAgICAgKiBXaGV0aGVyIHRvIGVuYWJsZSBBV1MgWC1SYXkgZm9yIHRoZSBOdXh0IExhbWJkYSBmdW5jdGlvbi5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbmFibGVUcmFjaW5nPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIGEgZ2xvYmFsIFNpdGVtYXAgYnVja2V0IHdoaWNoIGlzIHBlcm1hbmVudGx5IGFjY2Vzc2libGUgdGhyb3VnaCBtdWx0aXBsZSBkZXBsb3ltZW50cy5cbiAgICAgKi9cbiAgICByZWFkb25seSBlbmFibGVTaXRlbWFwPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIChIVFRQUyBvbmx5KSBBUEkgYWNjZXNzIHRvIHRoZSBOdXh0IGFwcCB2aWEgdGhlIGAvYXBpYCBwYXRoIHdoaWNoIHN1cHBvcnQgYWxsIEhUVFAgbWV0aG9kcy5cbiAgICAgKiBTZWUgaHR0cHM6Ly9udXh0LmNvbS9kb2NzL2d1aWRlL2RpcmVjdG9yeS1zdHJ1Y3R1cmUvc2VydmVyI3JlY2lwZXMgZm9yIGRldGFpbHMuXG4gICAgICovXG4gICAgcmVhZG9ubHkgZW5hYmxlQXBpPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIFdoZXRoZXIgdG8gZW5hYmxlIHJlcG9ydGluZyBvZiBDbG91ZEZyb250IGFjY2VzcyBsb2dzIHZpYSBBdGhlbmEuXG4gICAgICovXG4gICAgcmVhZG9ubHkgZW5hYmxlQWNjZXNzTG9nc0FuYWx5c2lzPzogYm9vbGVhbjtcblxuICAgIC8qKlxuICAgICAqIEFycmF5IG9mIGNvb2tpZSBuYW1lcyB0byBpbmNsdWRlIGluIHRoZSBhY2Nlc3MgbG9ncyAod2hpdGVsaXN0KS5cbiAgICAgKi9cbiAgICByZWFkb25seSBhY2Nlc3NMb2dDb29raWVzPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBUaGUgbnVtYmVyIG9mIGRheXMgdG8gcmV0YWluIHN0YXRpYyBhc3NldHMgb2Ygb3V0ZGF0ZWQgZGVwbG95bWVudHMgaW4gdGhlIFMzIGJ1Y2tldC5cbiAgICAgKiBVc2VmdWwgdG8gYWxsb3cgdXNlcnMgdG8gc3RpbGwgYWNjZXNzIG9sZCBhc3NldHMgYWZ0ZXIgYSBuZXcgZGVwbG95bWVudCB3aGVuIHRoZXkgYXJlIHN0aWxsIGJyb3dzaW5nIG9uIGFuIG9sZCB2ZXJzaW9uLlxuICAgICAqIERlZmF1bHRzIHRvIDMwIGRheXMuXG4gICAgICovXG4gICAgcmVhZG9ubHkgb3V0ZGF0ZWRBc3NldHNSZXRlbnRpb25EYXlzPzogbnVtYmVyO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgSFRUUCBoZWFkZXJzIHRvIGZvcndhcmQgdG8gdGhlIE51eHQgYXBwIG9uIG9yaWdpbiByZXF1ZXN0cyB3aXRob3V0IGFmZmVjdGluZyB0aGUgY2FjaGUga2V5IGF0IENsb3VkRnJvbnQgZWRnZSBsb2NhdGlvbnMuXG4gICAgICogVGhpcyBzaG91bGQgb25seSBiZSB1c2VkIGZvciBoZWFkZXJzIHRoYXQgZG8gbm90IGFmZmVjdCB0aGUgcmVzcG9uc2UuXG4gICAgICpcbiAgICAgKiBObyBoZWFkZXJzIGFyZSBmb3J3YXJkZWQgYnkgZGVmYXVsdC5cbiAgICAgKlxuICAgICAqIHtAbGluayBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uQ2xvdWRGcm9udC9sYXRlc3QvRGV2ZWxvcGVyR3VpZGUvY29udHJvbGxpbmctb3JpZ2luLXJlcXVlc3RzLmh0bWx9XG4gICAgICovXG4gICAgcmVhZG9ubHkgZm9yd2FyZEhlYWRlcnM/OiBzdHJpbmdbXTtcblxuICAgIC8qKlxuICAgICAqIEFuIGFycmF5IG9mIEhUVFAgaGVhZGVycyB0byBmb3J3YXJkIHRvIHRoZSBOdXh0IGFwcCBhbmQgdG8gaW5jbHVkZSBpbiB0aGUgY2FjaGUga2V5IGZvciBvYmplY3RzIHRoYXQgYXJlIGNhY2hlZCBhdCBDbG91ZEZyb250IGVkZ2UgbG9jYXRpb25zLlxuICAgICAqIFRoaXMgc2hvdWxkIGJlIHVzZWQgZm9yIGhlYWRlcnMgdGhhdCBtaWdodCBhZmZlY3QgdGhlIHJlc3BvbnNlLCBlLmcuLCAnQXV0aG9yaXphdGlvbicuXG4gICAgICpcbiAgICAgKiBObyBoZWFkZXJzIGFyZSBmb3J3YXJkZWQgb3IgaW5jbHVkZWQgaW4gdGhlIGNhY2hlIGtleSBieSBkZWZhdWx0LlxuICAgICAqXG4gICAgICoge0BsaW5rIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BbWF6b25DbG91ZEZyb250L2xhdGVzdC9EZXZlbG9wZXJHdWlkZS9jb250cm9sbGluZy10aGUtY2FjaGUta2V5Lmh0bWx9XG4gICAgICovXG4gICAgcmVhZG9ubHkgY2FjaGVLZXlIZWFkZXJzPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBBbiBhcnJheSBvZiBjb29raWVzIHRvIGZvcndhcmQgdG8gdGhlIE51eHQgYXBwIG9uIG9yaWdpbiByZXF1ZXN0cyB3aXRob3V0IGFmZmVjdGluZyB0aGUgY2FjaGUga2V5IGF0IENsb3VkRnJvbnQgZWRnZSBsb2NhdGlvbnMuXG4gICAgICogVGhpcyBzaG91bGQgb25seSBiZSB1c2VkIGZvciBjb29raWVzIHRoYXQgZG8gbm90IGFmZmVjdCB0aGUgcmVzcG9uc2UuXG4gICAgICpcbiAgICAgKiBObyBjb29raWVzIGFyZSBmb3J3YXJkZWQgYnkgZGVmYXVsdC5cbiAgICAgKlxuICAgICAqIHtAbGluayBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uQ2xvdWRGcm9udC9sYXRlc3QvRGV2ZWxvcGVyR3VpZGUvY29udHJvbGxpbmctb3JpZ2luLXJlcXVlc3RzLmh0bWx9XG4gICAgICovXG4gICAgcmVhZG9ubHkgZm9yd2FyZENvb2tpZXM/OiBzdHJpbmdbXTtcblxuICAgIC8qKlxuICAgICAqIEFuIGFycmF5IG9mIGNvb2tpZXMgdG8gZm9yd2FyZCB0byB0aGUgTnV4dCBhcHAgYW5kIHRvIGluY2x1ZGUgaW4gdGhlIGNhY2hlIGtleSBmb3Igb2JqZWN0cyB0aGF0IGFyZSBjYWNoZWQgYXQgQ2xvdWRGcm9udCBlZGdlIGxvY2F0aW9ucy5cbiAgICAgKiBUaGlzIHNob3VsZCBiZSB1c2VkIGZvciBjb29raWVzIHRoYXQgbWlnaHQgYWZmZWN0IHRoZSByZXNwb25zZSwgZS5nLiwgYXV0aGVudGljYXRpb24gY29va2llcy5cbiAgICAgKlxuICAgICAqIE5vIGNvb2tpZXMgYXJlIGZvcndhcmRlZCBvciBpbmNsdWRlZCBpbiB0aGUgY2FjaGUga2V5IGJ5IGRlZmF1bHQuXG4gICAgICpcbiAgICAgKiB7QGxpbmsgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL2NvbnRyb2xsaW5nLXRoZS1jYWNoZS1rZXkuaHRtbH1cbiAgICAgKi9cbiAgICByZWFkb25seSBjYWNoZUtleUNvb2tpZXM/OiBzdHJpbmdbXTtcblxuICAgIC8qKlxuICAgICAqIEFuIGFycmF5IG9mIHF1ZXJ5IHBhcmFtcyB0byBmb3J3YXJkIHRvIHRoZSBOdXh0IGFwcCBvbiBvcmlnaW4gcmVxdWVzdHMgd2l0aG91dCBhZmZlY3RpbmcgdGhlIGNhY2hlIGtleSBhdCBDbG91ZEZyb250IGVkZ2UgbG9jYXRpb25zLlxuICAgICAqIFRoaXMgc2hvdWxkIG9ubHkgYmUgdXNlZCBmb3IgcXVlcnkgcGFyYW1zIHRoYXQgZG8gbm90IGFmZmVjdCB0aGUgcmVzcG9uc2UgYW5kIGFyZSByZXF1aXJlZCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICpcbiAgICAgKiBBbGwgcXVlcnkgcGFyYW1zIGFyZSBmb3J3YXJkZWQgYnkgZGVmYXVsdC5cbiAgICAgKlxuICAgICAqIHtAbGluayBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQW1hem9uQ2xvdWRGcm9udC9sYXRlc3QvRGV2ZWxvcGVyR3VpZGUvY29udHJvbGxpbmctb3JpZ2luLXJlcXVlc3RzLmh0bWx9XG4gICAgICovXG4gICAgcmVhZG9ubHkgZm9yd2FyZFF1ZXJ5UGFyYW1zPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBBbiBhcnJheSBvZiBxdWVyeSBwYXJhbXMgdG8gZm9yd2FyZCB0byB0aGUgTnV4dCBhcHAgYW5kIHRvIGluY2x1ZGUgaW4gdGhlIGNhY2hlIGtleSBmb3Igb2JqZWN0cyB0aGF0IGFyZSBjYWNoZWQgYXQgQ2xvdWRGcm9udCBlZGdlIGxvY2F0aW9ucy5cbiAgICAgKiBUaGlzIHNob3VsZCBiZSB1c2VkIGZvciBxdWVyeSBwYXJhbXMgdGhhdCBhZmZlY3QgdGhlIHJlc3BvbnNlIGFuZCBhcmUgcmVxdWlyZWQgb24gU1NSIHJlcXVlc3RzLCBlLmcuLCBmaWx0ZXJzLlxuICAgICAqXG4gICAgICogQWxsIHF1ZXJ5IHBhcmFtcyBhcmUgZm9yd2FyZGVkIGFuZCBpbmNsdWRlZCBpbiB0aGUgY2FjaGUga2V5IGJ5IGRlZmF1bHQuXG4gICAgICpcbiAgICAgKiB7QGxpbmsgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL2NvbnRyb2xsaW5nLXRoZS1jYWNoZS1rZXkuaHRtbH1cbiAgICAgKi9cbiAgICByZWFkb25seSBjYWNoZUtleVF1ZXJ5UGFyYW1zPzogc3RyaW5nW107XG5cbiAgICAvKipcbiAgICAgKiBBbiBhcnJheSBvZiBxdWVyeSBwYXJhbXMgdG8gcHJldmVudCBmb3J3YXJkaW5nIHRvIHRoZSBOdXh0IGFwcCBhbmQgdG8gbm90IGluY2x1ZGUgaW4gdGhlIGNhY2hlIGtleSBmb3Igb2JqZWN0cyB0aGF0IGFyZSBjYWNoZWQgYXQgQ2xvdWRGcm9udCBlZGdlIGxvY2F0aW9ucy5cbiAgICAgKiBXaGVuIHNldCwgYWxsIHF1ZXJ5IHBhcmFtcyB0aGF0IGFyZSBub3Qgc3BlY2lmaWVkIGluIHRoaXMgYXJyYXkgd2lsbCBiZSBmb3J3YXJkZWQgdG8gdGhlIE51eHQgYXBwIGFuZCBpbmNsdWRlZCBpbiB0aGUgY2FjaGUga2V5LlxuICAgICAqIFRoaXMgc2hvdWxkIGJlIHVzZWQgZm9yIHF1ZXJ5IHBhcmFtcyB0aGF0IGRvIG5vdCBhZmZlY3QgdGhlIHJlc3BvbnNlIGFuZCBhcmUgbm90IHJlcXVpcmVkIG9uIFNTUiByZXF1ZXN0cywgZS5nLiwgJ2ZiY2xpZCcgb3IgJ3V0bV9jYW1wYWlnbicuXG4gICAgICpcbiAgICAgKiBJZiBib3RoIHtAc2VlIGNhY2hlS2V5UXVlcnlQYXJhbXN9IGFuZCB7QHNlZSBkZW55Q2FjaGVLZXlRdWVyeVBhcmFtc30gYXJlIHNwZWNpZmllZCwgdGhlIHtAc2VlIGRlbnlDYWNoZUtleVF1ZXJ5UGFyYW1zfSB3aWxsIGJlIGlnbm9yZWQuXG4gICAgICogQWxsIHF1ZXJ5IHBhcmFtcyBhcmUgZm9yd2FyZGVkIGFuZCBpbmNsdWRlZCBpbiB0aGUgY2FjaGUga2V5IGJ5IGRlZmF1bHQuXG4gICAgICpcbiAgICAgKiB7QGxpbmsgaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL0FtYXpvbkNsb3VkRnJvbnQvbGF0ZXN0L0RldmVsb3Blckd1aWRlL2NvbnRyb2xsaW5nLXRoZS1jYWNoZS1rZXkuaHRtbH1cbiAgICAgKi9cbiAgICByZWFkb25seSBkZW55Q2FjaGVLZXlRdWVyeVBhcmFtcz86IHN0cmluZ1tdO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgaGVhZGVycyB0byBwYXNzIHRvIHRoZSBOdXh0IGFwcCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICogVGhlIG1vcmUgaGVhZGVycyBhcmUgcGFzc2VkLCB0aGUgd2Vha2VyIHRoZSBjYWNoZSBwZXJmb3JtYW5jZSB3aWxsIGJlLCBhcyB0aGUgY2FjaGUga2V5XG4gICAgICogaXMgYmFzZWQgb24gdGhlIGhlYWRlcnMuXG4gICAgICogTm8gaGVhZGVycyBhcmUgcGFzc2VkIGJ5IGRlZmF1bHQuXG4gICAgICpcbiAgICAgKiBAZGVwcmVjYXRlZCBVc2Uge0BzZWUgY2FjaGVLZXlIZWFkZXJzfSBpbnN0ZWFkLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGFsbG93SGVhZGVycz86IHN0cmluZ1tdO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgY29va2llcyB0byBwYXNzIHRvIHRoZSBOdXh0IGFwcCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICogVGhlIG1vcmUgY29va2llcyBhcmUgcGFzc2VkLCB0aGUgd2Vha2VyIHRoZSBjYWNoZSBwZXJmb3JtYW5jZSB3aWxsIGJlLCBhcyB0aGUgY2FjaGUga2V5XG4gICAgICogaXMgYmFzZWQgb24gdGhlIGNvb2tpZXMuXG4gICAgICogTm8gY29va2llcyBhcmUgcGFzc2VkIGJ5IGRlZmF1bHQuXG4gICAgICpcbiAgICAgKiBAZGVwcmVjYXRlZCBVc2Uge0BzZWUgY2FjaGVLZXlDb29raWVzfSBpbnN0ZWFkLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGFsbG93Q29va2llcz86IHN0cmluZ1tdO1xuXG4gICAgLyoqXG4gICAgICogQW4gYXJyYXkgb2YgcXVlcnkgcGFyYW0ga2V5cyB0byBwYXNzIHRvIHRoZSBOdXh0IGFwcCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICogVGhlIG1vcmUgcXVlcnkgcGFyYW1zIGFyZSBwYXNzZWQsIHRoZSB3ZWFrZXIgdGhlIGNhY2hlIHBlcmZvcm1hbmNlIHdpbGwgYmUsIGFzIHRoZSBjYWNoZSBrZXlcbiAgICAgKiBpcyBiYXNlZCBvbiB0aGUgcXVlcnkgcGFyYW1zLlxuICAgICAqIE5vdGUgdGhhdCB0aGlzIGNvbmZpZyBjYW4gbm90IGJlIGNvbWJpbmVkIHdpdGgge0BzZWUgZGVueVF1ZXJ5UGFyYW1zfS5cbiAgICAgKiBJZiBib3RoIGFyZSBzcGVjaWZpZWQsIHRoZSB7QHNlZSBkZW55UXVlcnlQYXJhbXN9IHdpbGwgYmUgaWdub3JlZC5cbiAgICAgKiBBbGwgcXVlcnkgcGFyYW1zIGFyZSBwYXNzZWQgYnkgZGVmYXVsdC5cbiAgICAgKlxuICAgICAqIEBkZXByZWNhdGVkIFVzZSB7QHNlZSBjYWNoZUtleVF1ZXJ5UGFyYW1zfSBpbnN0ZWFkLlxuICAgICAqL1xuICAgIHJlYWRvbmx5IGFsbG93UXVlcnlQYXJhbXM/OiBzdHJpbmdbXTtcblxuICAgIC8qKlxuICAgICAqIEFuIGFycmF5IG9mIHF1ZXJ5IHBhcmFtIGtleXMgdG8gZGVueSBwYXNzaW5nIHRvIHRoZSBOdXh0IGFwcCBvbiBTU1IgcmVxdWVzdHMuXG4gICAgICogSXQgbWlnaHQgYmUgdXNlZnVsIHRvIHByZXZlbnQgc3BlY2lmaWMgZXh0ZXJuYWwgcXVlcnkgcGFyYW1zLCBlLmcuLCBmYmNsaWQsIHV0bV9jYW1wYWlnbiwgLi4uLFxuICAgICAqIHRvIGltcHJvdmUgY2FjaGUgcGVyZm9ybWFuY2UsIGFzIHRoZSBjYWNoZSBrZXkgaXMgYmFzZWQgb24gdGhlIHNwZWNpZmllZCBxdWVyeSBwYXJhbXMuXG4gICAgICogTm90ZSB0aGF0IHRoaXMgY29uZmlnIGNhbiBub3QgYmUgY29tYmluZWQgd2l0aCB7QHNlZSBhbGxvd1F1ZXJ5UGFyYW1zfS5cbiAgICAgKiBJZiBib3RoIGFyZSBzcGVjaWZpZWQsIHRoZSB7QHNlZSBkZW55UXVlcnlQYXJhbXN9IHdpbGwgYmUgaWdub3JlZC5cbiAgICAgKiBBbGwgcXVlcnkgcGFyYW1zIGFyZSBwYXNzZWQgYnkgZGVmYXVsdC5cbiAgICAgKlxuICAgICAqIEBkZXByZWNhdGVkIFVzZSB7QHNlZSBkZW55Q2FjaGVLZXlRdWVyeVBhcmFtc30gaW5zdGVhZC5cbiAgICAgKi9cbiAgICByZWFkb25seSBkZW55UXVlcnlQYXJhbXM/OiBzdHJpbmdbXTtcbn0iXX0=

package/lib/stack/server/NuxtServerAppStackProps.ts

@@ -62,11 +62,85 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      */
     readonly outdatedAssetsRetentionDays?: number;
 
+    /**
+     * An array of HTTP headers to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for headers that do not affect the response.
+     *
+     * No headers are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardHeaders?: string[];
+
+    /**
+     * An array of HTTP headers to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for headers that might affect the response, e.g., 'Authorization'.
+     *
+     * No headers are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyHeaders?: string[];
+
+    /**
+     * An array of cookies to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for cookies that do not affect the response.
+     *
+     * No cookies are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardCookies?: string[];
+
+    /**
+     * An array of cookies to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for cookies that might affect the response, e.g., authentication cookies.
+     *
+     * No cookies are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyCookies?: string[];
+
+    /**
+     * An array of query params to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for query params that do not affect the response and are required on SSR requests.
+     *
+     * All query params are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    readonly forwardQueryParams?: string[];
+
+    /**
+     * An array of query params to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for query params that affect the response and are required on SSR requests, e.g., filters.
+     *
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly cacheKeyQueryParams?: string[];
+
+    /**
+     * An array of query params to prevent forwarding to the Nuxt app and to not include in the cache key for objects that are cached at CloudFront edge locations.
+     * When set, all query params that are not specified in this array will be forwarded to the Nuxt app and included in the cache key.
+     * This should be used for query params that do not affect the response and are not required on SSR requests, e.g., 'fbclid' or 'utm_campaign'.
+     *
+     * If both {@see cacheKeyQueryParams} and {@see denyCacheKeyQueryParams} are specified, the {@see denyCacheKeyQueryParams} will be ignored.
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    readonly denyCacheKeyQueryParams?: string[];
+
     /**
      * An array of headers to pass to the Nuxt app on SSR requests.
      * The more headers are passed, the weaker the cache performance will be, as the cache key
      * is based on the headers.
      * No headers are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyHeaders} instead.
      */
     readonly allowHeaders?: string[];
 
@@ -75,6 +149,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * The more cookies are passed, the weaker the cache performance will be, as the cache key
      * is based on the cookies.
      * No cookies are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyCookies} instead.
      */
     readonly allowCookies?: string[];
 
@@ -85,6 +161,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * Note that this config can not be combined with {@see denyQueryParams}.
      * If both are specified, the {@see denyQueryParams} will be ignored.
      * All query params are passed by default.
+     *
+     * @deprecated Use {@see cacheKeyQueryParams} instead.
      */
     readonly allowQueryParams?: string[];
 
@@ -95,6 +173,8 @@ export interface NuxtServerAppStackProps extends NuxtAppStackProps {
      * Note that this config can not be combined with {@see allowQueryParams}.
      * If both are specified, the {@see denyQueryParams} will be ignored.
      * All query params are passed by default.
+     *
+     * @deprecated Use {@see denyCacheKeyQueryParams} instead.
      */
     readonly denyQueryParams?: string[];
 }

package/lib/templates/stack-index-server.ts

@@ -104,40 +104,76 @@ const appStackProps: NuxtServerAppStackProps = {
     outdatedAssetsRetentionDays: 30,
 
     /**
-     * An array of headers to pass to the Nuxt app on SSR requests.
-     * The more headers are passed, the weaker the cache performance will be, as the cache key
-     * is based on the headers.
-     * No headers are passed by default.
+     * An array of HTTP headers to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for headers that do not affect the response.
+     *
+     * No headers are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
      */
-    allowHeaders: [],
+    forwardHeaders: [],
 
     /**
-     * An array of cookies to pass to the Nuxt app on SSR requests.
-     * The more cookies are passed, the weaker the cache performance will be, as the cache key
-     * is based on the cookies.
-     * No cookies are passed by default.
+     * An array of HTTP headers to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for headers that might affect the response, e.g., 'Authorization'.
+     *
+     * No headers are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
      */
-    allowCookies: [],
+    cacheKeyHeaders: [],
 
     /**
-     * An array of query param keys to pass to the Nuxt app on SSR requests.
-     * The more query params are passed, the weaker the cache performance will be, as the cache key
-     * is based on the query params.
-     * Note that this config can not be combined with {@see denyQueryParams}.
-     * If both are specified, the {@see denyQueryParams} will be ignored.
-     * All query params are passed by default.
+     * An array of cookies to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for cookies that do not affect the response.
+     *
+     * No cookies are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
      */
-    allowQueryParams: [],
+    forwardCookies: [],
 
     /**
-     * An array of query param keys to deny passing to the Nuxt app on SSR requests.
-     * It might be useful to prevent specific external query params, e.g., fbclid, utm_campaign, ...,
-     * to improve cache performance, as the cache key is based on the specified query params.
-     * Note that this config can not be combined with {@see allowQueryParams}.
-     * If both are specified, the {@see denyQueryParams} will be ignored.
-     * All query params are passed by default.
+     * An array of cookies to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for cookies that might affect the response, e.g., authentication cookies.
+     *
+     * No cookies are forwarded or included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
      */
-    denyQueryParams: [],
+    cacheKeyCookies: [],
+
+    /**
+     * An array of query params to forward to the Nuxt app on origin requests without affecting the cache key at CloudFront edge locations.
+     * This should only be used for query params that do not affect the response and are required on SSR requests.
+     *
+     * All query params are forwarded by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html}
+     */
+    forwardQueryParams: [],
+
+    /**
+     * An array of query params to forward to the Nuxt app and to include in the cache key for objects that are cached at CloudFront edge locations.
+     * This should be used for query params that affect the response and are required on SSR requests, e.g., filters.
+     *
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    cacheKeyQueryParams: [],
+
+    /**
+     * An array of query params to prevent forwarding to the Nuxt app and to not include in the cache key for objects that are cached at CloudFront edge locations.
+     * When set, all query params that are not specified in this array will be forwarded to the Nuxt app and included in the cache key.
+     * This should be used for query params that do not affect the response and are not required on SSR requests, e.g., 'fbclid' or 'utm_campaign'.
+     *
+     * If both {@see cacheKeyQueryParams} and {@see denyCacheKeyQueryParams} are specified, the {@see denyCacheKeyQueryParams} will be ignored.
+     * All query params are forwarded and included in the cache key by default.
+     *
+     * {@link https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html}
+     */
+    denyCacheKeyQueryParams: [],
 
     /**
      * Stack tags that will be applied to all the taggable resources and the stack itself.