headroom-cms 0.1.11 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (135) hide show
  1. package/admin/.well-known/headroom.json +9 -0
  2. package/admin/assets/{AdminsPage-BnzH9TL3.js → AdminsPage-lGd1MFW3.js} +1 -1
  3. package/admin/assets/AllContentPage-YykTt4xH.js +1 -0
  4. package/admin/assets/{ApiKeysPage-DEAa8eyC.js → ApiKeysPage-BCpNEKxF.js} +1 -1
  5. package/admin/assets/{AuditPage-BN9yNsxh.js → AuditPage-DBKiujoI.js} +1 -1
  6. package/admin/assets/BackupsPage-DCrmYnQc.js +1 -0
  7. package/admin/assets/{BlockEditor-3wnisTOZ.js → BlockEditor-BQVXN_Yn.js} +3 -3
  8. package/admin/assets/BlockTypeEditPage-BZmvEezy.js +1 -0
  9. package/admin/assets/{BlockTypesPage-Dhkho6T_.js → BlockTypesPage-CAr2JDj9.js} +1 -1
  10. package/admin/assets/BulkActionBar-CgHMxSkm.js +1 -0
  11. package/admin/assets/{CollectionEditPage-lOb4hEZy.js → CollectionEditPage-BQoXWAB-.js} +1 -1
  12. package/admin/assets/{CollectionsPage-CgtOloa1.js → CollectionsPage-Dakk_NyE.js} +1 -1
  13. package/admin/assets/{ContentCreatePage-LeQjahp_.js → ContentCreatePage-d-xxhoxO.js} +1 -1
  14. package/admin/assets/ContentEditPage-CUi_mFRC.js +1 -0
  15. package/admin/assets/{ContentField-pilCbdnA.js → ContentField-D6UO6W9G.js} +1 -1
  16. package/admin/assets/ContentListPage-8riubzdw.js +1 -0
  17. package/admin/assets/{CustomBlockPreview-DNnTFM0z.js → CustomBlockPreview-BuRfUKgt.js} +1 -1
  18. package/admin/assets/FieldRenderer-CUVay-yx.js +2 -0
  19. package/admin/assets/FileTypeIcon-DRD08pW_.js +1 -0
  20. package/admin/assets/FloatingComposerController-D4uLQfUX-Dc1_NZ4l.js +1 -0
  21. package/admin/assets/{IconPicker-CpIgiQTC.js → IconPicker-DR-6b0GI.js} +2 -2
  22. package/admin/assets/{LoginPage-D9ZsGLIi.js → LoginPage-DbHhSxgY.js} +1 -1
  23. package/admin/assets/MediaField-eRyEALYH.js +1 -0
  24. package/admin/assets/MediaPage-DW85F2UV.js +1 -0
  25. package/admin/assets/{Pagination-Df9nQ7Z0.js → Pagination-DTboMLK6.js} +1 -1
  26. package/admin/assets/{RelationshipPicker-B3Ftmqxp.js → RelationshipPicker-VVZN4dlP.js} +1 -1
  27. package/admin/assets/{SiteSettingsPage-6NvH7CiQ.js → SiteSettingsPage-5-HzcJLC.js} +1 -1
  28. package/admin/assets/{SiteUserEditPage-D5VaQ1Xq.js → SiteUserEditPage-C_PPvEye.js} +1 -1
  29. package/admin/assets/{SiteUsersPage-BYVduiqs.js → SiteUsersPage-CIgMMi-T.js} +1 -1
  30. package/admin/assets/{SitesPage-rfWWE0yK.js → SitesPage-DkG0gyHT.js} +1 -1
  31. package/admin/assets/SubmissionDetailPage-BwFWjkVu.js +1 -0
  32. package/admin/assets/SubmissionEditPage-C6Og25NH.js +1 -0
  33. package/admin/assets/SubmissionListPage-spPh8dwQ.js +1 -0
  34. package/admin/assets/{TagInput-57c4DG1w.js → TagInput-DxktEo07.js} +1 -1
  35. package/admin/assets/{TagsPage-BEO5AwCv.js → TagsPage-Dcc1IkF7.js} +1 -1
  36. package/admin/assets/TrashPage-8ybk22ZM.js +1 -0
  37. package/admin/assets/{UsersPage-BpIRorJ1.js → UsersPage-D5uXgLV4.js} +1 -1
  38. package/admin/assets/{WebhookEditPage-D5xgi56h.js → WebhookEditPage-T5KsZGqe.js} +1 -1
  39. package/admin/assets/{WebhooksPage-BY7AaiGr.js → WebhooksPage-DEIu5cX0.js} +1 -1
  40. package/admin/assets/{card-C9hfyHXf.js → card-CVAiqxnT.js} +1 -1
  41. package/admin/assets/{checkbox-DVJcwUt1.js → checkbox-BO-Fusdb.js} +1 -1
  42. package/admin/assets/{command-Bfmj0MEL.js → command-D0ojin3H.js} +1 -1
  43. package/admin/assets/{contentStatus-CkPi9Dh6.js → contentStatus-WXGfd7vX.js} +1 -1
  44. package/admin/assets/format-BRcflvs9.js +1 -0
  45. package/admin/assets/index-BCa3VYjL.css +1 -0
  46. package/admin/assets/{index-Ce5pmRMj.js → index-CbEa9yyd.js} +10 -10
  47. package/admin/assets/listCellValue-BUdbRyCz.js +1 -0
  48. package/admin/assets/{popover-CzaQYEEP.js → popover-B9WNjj2t.js} +1 -1
  49. package/admin/assets/{select-CrRhFGIi.js → select-B2yTIHJT.js} +1 -1
  50. package/admin/assets/{serializeToText-2VrsuRUh.js → serializeToText-Tv-7pIdy.js} +1 -1
  51. package/admin/assets/{table-_3bMY0_z.js → table-C3EQVw1z.js} +1 -1
  52. package/admin/assets/{textarea-6fq0R6VV.js → textarea-DIHLWabG.js} +1 -1
  53. package/admin/assets/{useAdminResolver-BJNPz3OG.js → useAdminResolver-_OHcUYwq.js} +1 -1
  54. package/admin/assets/useContent-DLo6FUYZ.js +1 -0
  55. package/admin/assets/{useContentSearch-B3aTjuCu.js → useContentSearch-D-D0veFh.js} +1 -1
  56. package/admin/assets/{usePageTitle-C1r1-C00.js → usePageTitle-BJ2ARyuc.js} +1 -1
  57. package/admin/assets/{useSiteUsers-DIaqgNSp.js → useSiteUsers-Bn3GiEYB.js} +1 -1
  58. package/admin/assets/{useTags-B-HgMVwo.js → useTags-CyGo0zXa.js} +1 -1
  59. package/admin/assets/useTrash-BFJMIP8N.js +1 -0
  60. package/admin/assets/{useWebhooks-BvZjUJkJ.js → useWebhooks-BgJL2-Ek.js} +1 -1
  61. package/admin/index.html +2 -2
  62. package/admin/sw.js +1 -1
  63. package/admin/workbox-362996ec.js +1 -0
  64. package/dist/admin-site.d.ts.map +1 -1
  65. package/dist/admin-site.js +46 -3
  66. package/dist/admin-site.js.map +1 -1
  67. package/dist/api.d.ts +2 -0
  68. package/dist/api.d.ts.map +1 -1
  69. package/dist/api.js +57 -5
  70. package/dist/api.js.map +1 -1
  71. package/dist/backup.d.ts +29 -0
  72. package/dist/backup.d.ts.map +1 -0
  73. package/dist/backup.js +95 -0
  74. package/dist/backup.js.map +1 -0
  75. package/dist/cdn-api.d.ts.map +1 -1
  76. package/dist/cdn-api.js +20 -19
  77. package/dist/cdn-api.js.map +1 -1
  78. package/dist/cron.d.ts +42 -0
  79. package/dist/cron.d.ts.map +1 -0
  80. package/dist/cron.js +128 -0
  81. package/dist/cron.js.map +1 -0
  82. package/dist/image.d.ts +8 -1
  83. package/dist/image.d.ts.map +1 -1
  84. package/dist/image.js +26 -6
  85. package/dist/image.js.map +1 -1
  86. package/dist/index.d.ts +6 -0
  87. package/dist/index.d.ts.map +1 -1
  88. package/dist/index.js +50 -1
  89. package/dist/index.js.map +1 -1
  90. package/dist/storage.d.ts +1 -0
  91. package/dist/storage.d.ts.map +1 -1
  92. package/dist/storage.js +21 -0
  93. package/dist/storage.js.map +1 -1
  94. package/dist/webhooks.d.ts +4 -3
  95. package/dist/webhooks.d.ts.map +1 -1
  96. package/dist/webhooks.js +22 -35
  97. package/dist/webhooks.js.map +1 -1
  98. package/lambda/api/bootstrap +0 -0
  99. package/lambda/backup-worker/bootstrap +0 -0
  100. package/lambda/image-lambda/index.mjs +30 -6
  101. package/lambda/image-lambda/node_modules/.package-lock.json +3 -3
  102. package/lambda/image-lambda/node_modules/semver/classes/range.js +7 -0
  103. package/lambda/image-lambda/node_modules/semver/package.json +1 -1
  104. package/lambda/image-lambda/node_modules/semver/ranges/subset.js +2 -2
  105. package/lambda/trash-sweeper/bootstrap +0 -0
  106. package/lambda/webhook-worker/bootstrap +0 -0
  107. package/package.json +1 -1
  108. package/src/admin-site.ts +46 -3
  109. package/src/api.ts +58 -5
  110. package/src/backup.ts +114 -0
  111. package/src/cdn-api.ts +20 -22
  112. package/src/cron.ts +153 -0
  113. package/src/image.ts +30 -6
  114. package/src/index.ts +58 -1
  115. package/src/sst-env.d.ts +21 -0
  116. package/src/storage.ts +22 -0
  117. package/src/webhooks.ts +22 -39
  118. package/admin/assets/AllContentPage-BtObN6oy.js +0 -1
  119. package/admin/assets/BlockTypeEditPage-C2evAESK.js +0 -1
  120. package/admin/assets/BulkActionBar-BxdfUSrN.js +0 -1
  121. package/admin/assets/ContentEditPage-xczr4d_h.js +0 -1
  122. package/admin/assets/ContentListPage-BAKDn1Xy.js +0 -1
  123. package/admin/assets/FieldRenderer-DiOKvkWV.js +0 -2
  124. package/admin/assets/FilterBar-BZoa63zh.js +0 -1
  125. package/admin/assets/FloatingComposerController-D4uLQfUX-BMIvFCoE.js +0 -1
  126. package/admin/assets/MediaField-CxccCFGQ.js +0 -1
  127. package/admin/assets/MediaPage-QvMaH2YJ.js +0 -1
  128. package/admin/assets/SubmissionDetailPage-BSUR685F.js +0 -1
  129. package/admin/assets/SubmissionEditPage-DjLXHjWU.js +0 -1
  130. package/admin/assets/SubmissionListPage-DBxNEvde.js +0 -1
  131. package/admin/assets/format-C88SDH8g.js +0 -1
  132. package/admin/assets/index-BB9Syqw2.css +0 -1
  133. package/admin/assets/useContent-Bs7nel7C.js +0 -1
  134. package/admin/assets/useMedia-ae3s_ajC.js +0 -1
  135. package/admin/workbox-7d58179f.js +0 -1
package/dist/backup.d.ts ADDED
@@ -0,0 +1,29 @@
1
+ /**
2
+ * Backup Infrastructure
3
+ *
4
+ * A single Go Lambda that handles both backup export and restore import.
5
+ * The API service invokes it synchronously via lambda:InvokeFunction for the
6
+ * "scheduled" entry point this will gain a daily EventBridge cron (Phase 4).
7
+ *
8
+ * The Lambda links every site-scoped table plus the content + backup buckets.
9
+ * Deliberately NOT linked: Collab, collabStateBucket, SchedulerLock,
10
+ * WebhookDeliveries — these are transient / operational and excluded from
11
+ * backup payloads (see steering doc "What's in scope vs. out of scope").
12
+ */
13
+ import type { StorageResources } from "./storage.js";
14
+ import type { WebhookResources } from "./webhooks.js";
15
+ export interface BackupArgs {
16
+ storage: StorageResources;
17
+ webhooks: WebhookResources;
18
+ pkgRoot: string;
19
+ dev?: {
20
+ /** Go source path, e.g. "packages/backup-worker" */
21
+ handler: string;
22
+ };
23
+ }
24
+ export declare function createBackup(name: string, args: BackupArgs): {
25
+ backupWorker: sst.aws.Function;
26
+ backupCron: sst.aws.Cron;
27
+ };
28
+ export type BackupResources = ReturnType<typeof createBackup>;
29
+ //# sourceMappingURL=backup.d.ts.map
package/dist/backup.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../src/backup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEtD,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE;QACJ,oDAAoD;QACpD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU;;;EAoF1D;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC"}
package/dist/backup.js ADDED
@@ -0,0 +1,95 @@
1
+ /**
2
+ * Backup Infrastructure
3
+ *
4
+ * A single Go Lambda that handles both backup export and restore import.
5
+ * The API service invokes it synchronously via lambda:InvokeFunction for the
6
+ * "scheduled" entry point this will gain a daily EventBridge cron (Phase 4).
7
+ *
8
+ * The Lambda links every site-scoped table plus the content + backup buckets.
9
+ * Deliberately NOT linked: Collab, collabStateBucket, SchedulerLock,
10
+ * WebhookDeliveries — these are transient / operational and excluded from
11
+ * backup payloads (see steering doc "What's in scope vs. out of scope").
12
+ */
13
+ import path from "path";
14
+ export function createBackup(name, args) {
15
+ const { storage, webhooks } = args;
16
+ const workerConfig = args.dev
17
+ ? {
18
+ handler: args.dev.handler,
19
+ runtime: "go",
20
+ }
21
+ : {
22
+ bundle: path.join(args.pkgRoot, "lambda/backup-worker"),
23
+ handler: "bootstrap",
24
+ runtime: "provided.al2023",
25
+ architecture: "arm64",
26
+ };
27
+ const backupWorker = new sst.aws.Function(`${name}BackupWorker`, {
28
+ ...workerConfig,
29
+ // 15-minute Lambda budget. Large sites with many media files may bump up
30
+ // against this; see Deferred "Step Functions for very large sites" for
31
+ // the escape hatch.
32
+ timeout: "15 minutes",
33
+ // Higher than default — the worker holds tar/gzip pipes, an in-memory
34
+ // 25-row BatchWriteItem buffer, and parallel S3 GetObject buffers.
35
+ memory: "1024 MB",
36
+ environment: {
37
+ SITES_TABLE: storage.sites.name,
38
+ CONTENT_TABLE: storage.content.name,
39
+ DRAFT_CONTENT_TABLE: storage.draftContent.name,
40
+ BLOCKS_TABLE: storage.blocks.name,
41
+ MEDIA_TABLE: storage.media.name,
42
+ COLLECTIONS_TABLE: storage.collections.name,
43
+ BLOCK_TYPES_TABLE: storage.blockTypes.name,
44
+ ADMIN_AUDIT_TABLE: storage.adminAudit.name,
45
+ RELATIONSHIPS_TABLE: storage.relationships.name,
46
+ SITE_USERS_TABLE: storage.siteUsers.name,
47
+ WEBHOOKS_TABLE: webhooks.webhooks.name,
48
+ CONTENT_BUCKET: storage.contentBucket.name,
49
+ BACKUP_BUCKET: storage.backupBucket.name,
50
+ KVS_ARN: storage.kvs.arn,
51
+ AWS_REGION_NAME: aws.getRegionOutput().name,
52
+ },
53
+ link: [
54
+ storage.sites,
55
+ storage.content,
56
+ storage.draftContent,
57
+ storage.blocks,
58
+ storage.media,
59
+ storage.collections,
60
+ storage.blockTypes,
61
+ storage.adminAudit,
62
+ storage.relationships,
63
+ storage.siteUsers,
64
+ webhooks.webhooks,
65
+ storage.contentBucket,
66
+ storage.backupBucket,
67
+ ],
68
+ permissions: [
69
+ {
70
+ // CloudFront KVS resync on restore: re-publish API key hashes so the
71
+ // edge function recognizes them. Fail-loud per steering §2.1 step 18.
72
+ actions: [
73
+ "cloudfront-keyvaluestore:DescribeKeyValueStore",
74
+ "cloudfront-keyvaluestore:PutKey",
75
+ "cloudfront-keyvaluestore:DeleteKey",
76
+ "cloudfront-keyvaluestore:GetKey",
77
+ ],
78
+ resources: [storage.kvs.arn],
79
+ },
80
+ ],
81
+ });
82
+ // Phase 4 — daily EventBridge cron that invokes the worker with a
83
+ // "scheduled" event. The handler scans the Sites table, runs backup +
84
+ // retention cleanup for every site with backupSchedule.enabled. 02:00
85
+ // UTC is a low-traffic window for most public sites; tune in the
86
+ // steering doc if needed. Cost is one Lambda invocation per day per
87
+ // stack, regardless of site count.
88
+ const backupCron = new sst.aws.Cron(`${name}BackupSchedule`, {
89
+ schedule: "cron(0 2 * * ? *)",
90
+ function: backupWorker.arn,
91
+ event: { type: "scheduled" },
92
+ });
93
+ return { backupWorker, backupCron };
94
+ }
95
+ //# sourceMappingURL=backup.js.map
package/dist/backup.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"backup.js","sourceRoot":"","sources":["../src/backup.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AAcxB,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,IAAgB;IACzD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAEnC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG;QAC3B,CAAC,CAAC;YACE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,OAAO,EAAE,IAAa;SACvB;QACH,CAAC,CAAC;YACE,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,sBAAsB,CAAC;YACvD,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,iBAA0B;YACnC,YAAY,EAAE,OAAgB;SAC/B,CAAC;IAEN,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,cAAc,EAAE;QAC/D,GAAG,YAAY;QACf,yEAAyE;QACzE,uEAAuE;QACvE,oBAAoB;QACpB,OAAO,EAAE,YAAY;QACrB,sEAAsE;QACtE,mEAAmE;QACnE,MAAM,EAAE,SAAS;QACjB,WAAW,EAAE;YACX,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;YAC/B,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;YACnC,mBAAmB,EAAE,OAAO,CAAC,YAAY,CAAC,IAAI;YAC9C,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;YACjC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;YAC/B,iBAAiB,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;YAC3C,iBAAiB,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC1C,iBAAiB,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;YAC1C,mBAAmB,EAAE,OAAO,CAAC,aAAa,CAAC,IAAI;YAC/C,gBAAgB,EAAE,OAAO,CAAC,SAAS,CAAC,IAAI;YACxC,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI;YACtC,cAAc,EAAE,OAAO,CAAC,aAAa,CAAC,IAAI;YAC1C,aAAa,EAAE,OAAO,CAAC,YAAY,CAAC,IAAI;YACxC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG;YACxB,eAAe,EAAE,GAAG,CAAC,eAAe,EAAE,CAAC,IAAI;SAC5C;QACD,IAAI,EAAE;YACJ,OAAO,CAAC,KAAK;YACb,OAAO,CAAC,OAAO;YACf,OAAO,CAAC,YAAY;YACpB,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,KAAK;YACb,OAAO,CAAC,WAAW;YACnB,OAAO,CAAC,UAAU;YAClB,OAAO,CAAC,UAAU;YAClB,OAAO,CAAC,aAAa;YACrB,OAAO,CAAC,SAAS;YACjB,QAAQ,CAAC,QAAQ;YACjB,OAAO,CAAC,aAAa;YACrB,OAAO,CAAC,YAAY;SACrB;QACD,WAAW,EAAE;YACX;gBACE,qEAAqE;gBACrE,sEAAsE;gBACtE,OAAO,EAAE;oBACP,gDAAgD;oBAChD,iCAAiC;oBACjC,oCAAoC;oBACpC,iCAAiC;iBAClC;gBACD,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;aAC7B;SACF;KACF,CAAC,CAAC;IAEH,kEAAkE;IAClE,sEAAsE;IACtE,sEAAsE;IACtE,iEAAiE;IACjE,oEAAoE;IACpE,mCAAmC;IACnC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,gBAAgB,EAAE;QAC3D,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,YAAY,CAAC,GAAG;QAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE;KAC7B,CAAC,CAAC;IAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACtC,CAAC"}
package/dist/cdn-api.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cdn-api.d.ts","sourceRoot":"","sources":["../src/cdn-api.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,YAAY,CAAC;IAClB,GAAG,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IACpE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU;;;EAob1D;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC"}
1
+ {"version":3,"file":"cdn-api.d.ts","sourceRoot":"","sources":["../src/cdn-api.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,YAAY,CAAC;IAClB,GAAG,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC7B,UAAU,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IACpE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU;;;EAkb1D;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC"}
package/dist/cdn-api.js CHANGED
@@ -119,20 +119,14 @@ export function createApiCdn(name, args) {
119
119
  enableAcceptEncodingGzip: true,
120
120
  },
121
121
  });
122
- const versionCachePolicy = new aws.cloudfront.CachePolicy(`${name}VersionCachePolicy`, {
123
- name: $interpolate `${$app.name}-${$app.stage}-version-cache`,
124
- comment: "Short-TTL cache for /version to absorb client polling",
125
- minTtl: 0,
126
- defaultTtl: 2,
127
- maxTtl: 2,
128
- parametersInCacheKeyAndForwardedToOrigin: {
129
- cookiesConfig: { cookieBehavior: "none" },
130
- headersConfig: { headerBehavior: "none" },
131
- queryStringsConfig: { queryStringBehavior: "none" },
132
- enableAcceptEncodingBrotli: true,
133
- enableAcceptEncodingGzip: true,
134
- },
135
- });
122
+ // NOTE: the old `versionCachePolicy` (custom 2-second TTL) was deleted
123
+ // when /version began returning the per-site image signing secret.
124
+ // CloudFront custom cache policies do not honor `Cache-Control: private`
125
+ // from the origin — the explicit TTLs would win and the response (with
126
+ // the secret) would be edge-cached for 2s. We now use the AWS-managed
127
+ // `CachingDisabled` policy below for /v1/*/version, so the origin's
128
+ // `Cache-Control: private, max-age=2` is what reaches the browser
129
+ // (short-window in-browser cache) while the edge bypasses caching.
136
130
  // =========================================================================
137
131
  // Origin Request Policy
138
132
  // =========================================================================
@@ -276,10 +270,17 @@ export function createApiCdn(name, args) {
276
270
  },
277
271
  ],
278
272
  },
279
- // Version endpoint: short-TTL cache (2s) shared across all consumers
280
- // for a given site. The edge function still runs for API key
281
- // validation. Placed before /v1/*/users/* and the default behavior
282
- // because CloudFront evaluates path patterns in order, first match wins.
273
+ // Version endpoint: caching DISABLED at the edge. /version now
274
+ // carries a per-site image signing secret in the body, so the
275
+ // shared edge cache must not hold it. The origin sets
276
+ // `Cache-Control: private, max-age=2` so browsers may still cache
277
+ // for the 2-second window — that absorbs single-flight contention
278
+ // from the same client without exposing the secret to any other
279
+ // viewer.
280
+ //
281
+ // Tradeoff: origin Lambda invocations on /version are now one per
282
+ // client poll instead of one per 2-second edge window. The SDK
283
+ // polls every 10s by default, so the impact is bounded.
283
284
  //
284
285
  // NOTE: pathPattern "/v1/*/version" matches exact "/version" only.
285
286
  // CloudFront's `*` wildcard does not span path segments, so any
@@ -291,7 +292,7 @@ export function createApiCdn(name, args) {
291
292
  allowedMethods: ["GET", "HEAD", "OPTIONS"],
292
293
  cachedMethods: ["GET", "HEAD", "OPTIONS"],
293
294
  compress: true,
294
- cachePolicyId: versionCachePolicy.id,
295
+ cachePolicyId: cachingDisabledPolicyId,
295
296
  originRequestPolicyId: originRequestPolicy.id,
296
297
  functionAssociations: [
297
298
  {
package/dist/cdn-api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cdn-api.js","sourceRoot":"","sources":["../src/cdn-api.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgBH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,IAAgB;IACzD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;IAE7C,oEAAoE;IACpE,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC,CAAC;IAEtE,4EAA4E;IAC5E,iCAAiC;IACjC,4EAA4E;IAC5E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,IAAI,UAAU,EAAE;QAClE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,YAAY;QACxD,OAAO,EAAE,mBAAmB;QAC5B,OAAO,EAAE,IAAI;QACb,yBAAyB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;QACpC,IAAI,EAAE,YAAY,CAAA;;;;qBAID,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiEzB;KACA,CAAC,CAAC;IAEH,4EAA4E;IAC5E,iBAAiB;IACjB,4EAA4E;IAE5E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CACnD,GAAG,IAAI,gBAAgB,EACvB;QACE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,YAAY;QACxD,OAAO,EACL,gEAAgE;QAClE,UAAU,EAAE,WAAW;QACvB,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,CAAC;QACT,wCAAwC,EAAE;YACxC,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;YACzC,aAAa,EAAE;gBACb,cAAc,EAAE,WAAW;gBAC3B,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,oBAAoB,CAAC,EAAE;aAC3C;YACD,kBAAkB,EAAE;gBAClB,mBAAmB,EAAE,WAAW;gBAChC,YAAY,EAAE;oBACZ,6DAA6D;oBAC7D,2DAA2D;oBAC3D,uDAAuD;oBACvD,8DAA8D;oBAC9D,qDAAqD;oBACrD,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC;iBAC9G;aACF;YACD,0BAA0B,EAAE,IAAI;YAChC,wBAAwB,EAAE,IAAI;SAC/B;KACF,CACF,CAAC;IAEF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CACvD,GAAG,IAAI,oBAAoB,EAC3B;QACE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,gBAAgB;QAC5D,OAAO,EAAE,uDAAuD;QAChE,MAAM,EAAE,CAAC;QACT,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,CAAC;QACT,wCAAwC,EAAE;YACxC,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;YACzC,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;YACzC,kBAAkB,EAAE,EAAE,mBAAmB,EAAE,MAAM,EAAE;YACnD,0BAA0B,EAAE,IAAI;YAChC,wBAAwB,EAAE,IAAI;SAC/B;KACF,CACF,CAAC;IAEF,4EAA4E;IAC5E,wBAAwB;IACxB,4EAA4E;IAE5E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAChE,GAAG,IAAI,qBAAqB,EAC5B;QACE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,iBAAiB;QAC7D,OAAO,EAAE,4CAA4C;QACrD,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;QACzC,aAAa,EAAE;YACb,cAAc,EAAE,WAAW;YAC3B,OAAO,EAAE;gBACP,KAAK,EAAE;oBACL,gBAAgB;oBAChB,oBAAoB;oBACpB,cAAc;oBACd,QAAQ;oBACR,oBAAoB;iBACrB;aACF;SACF;QACD,kBAAkB,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE;KACnD,CACF,CAAC;IAEF,0EAA0E;IAC1E,sEAAsE;IACtE,qEAAqE;IACrE,0EAA0E;IAC1E,0EAA0E;IAC1E,oEAAoE;IACpE,2EAA2E;IAC3E,4CAA4C;IAC5C,MAAM,wCAAwC,GAC5C,sCAAsC,CAAC;IAEzC,sEAAsE;IACtE,iCAAiC;IACjC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;IAEvE,4EAA4E;IAC5E,0BAA0B;IAC1B,4EAA4E;IAE5E,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;QACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,gBAAgB,CAAC;IAEvD,yDAAyD;IACzD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,MAAM,iBAAiB,GAAG,IAAI,CAAC,MAAM;QACnC,CAAC,CAAC;YACE,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC7C,gBAAgB,EAAE,UAAmB;YACrC,sBAAsB,EAAE,cAAuB;SAChD;QACH,CAAC,CAAC;YACE,4BAA4B,EAAE,IAAI;SACnC,CAAC;IAEN,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAClD,GAAG,IAAI,cAAc,EACrB;QACE,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,YAAY,CAAA,sBAAsB,IAAI,CAAC,KAAK,EAAE;QACvD,WAAW,EAAE,WAAW;QACxB,UAAU;QACV,OAAO;QAEP,OAAO,EAAE;YACP;gBACE,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,YAAY;gBACxB,kBAAkB,EAAE;oBAClB,QAAQ,EAAE,EAAE;oBACZ,SAAS,EAAE,GAAG;oBACd,oBAAoB,EAAE,YAAY;oBAClC,kBAAkB,EAAE,CAAC,SAAS,CAAC;iBAChC;aACF;SACF;QAED,oBAAoB,EAAE;YACpB,cAAc,EAAE,KAAK;YACrB,oBAAoB,EAAE,mBAAmB;YACzC,cAAc,EAAE;gBACd,KAAK;gBACL,MAAM;gBACN,SAAS;gBACT,KAAK;gBACL,MAAM;gBACN,OAAO;gBACP,QAAQ;aACT;YACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;YACzC,QAAQ,EAAE,IAAI;YACd,aAAa,EAAE,cAAc,CAAC,EAAE;YAChC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;YAC7C,oBAAoB,EAAE;gBACpB;oBACE,SAAS,EAAE,gBAAgB;oBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;iBAC9B;aACF;SACF;QAED,qBAAqB,EAAE;YACrB,yDAAyD;YACzD;gBACE,WAAW,EAAE,aAAa;gBAC1B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;aAChE;YACD,qEAAqE;YACrE,4DAA4D;YAC5D,iEAAiE;YACjE,mEAAmE;YACnE,mEAAmE;YACnE,0BAA0B;YAC1B;gBACE,WAAW,EAAE,cAAc;gBAC3B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;gBAC/D,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,qEAAqE;YACrE,6DAA6D;YAC7D,mEAAmE;YACnE,yEAAyE;YACzE,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,wDAAwD;YACxD;gBACE,WAAW,EAAE,eAAe;gBAC5B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBAC1C,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,kBAAkB,CAAC,EAAE;gBACpC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD;gBACE,WAAW,EAAE,eAAe;gBAC5B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;gBAC/D,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,2DAA2D;YAC3D,mEAAmE;YACnE,qEAAqE;YACrE,iEAAiE;YACjE,gEAAgE;YAChE,8DAA8D;YAC9D,uDAAuD;YACvD,EAAE;YACF,uEAAuE;YACvE,4DAA4D;YAC5D,qEAAqE;YACrE,qEAAqE;YACrE,6BAA6B;YAC7B;gBACE,WAAW,EAAE,mBAAmB;gBAChC,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD;gBACE,WAAW,EAAE,qBAAqB;gBAClC,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,uCAAuC;YACvC;gBACE,WAAW,EAAE,SAAS;gBACtB,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBAC/B,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBAC9B,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;aAC9C;SACF;QAED,YAAY,EAAE;YACZ,cAAc,EAAE,EAAE,eAAe,EAAE,MAAM,EAAE;SAC5C;QAED,iBAAiB;KAClB,CACF,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;QACrB,CAAC,CAAC,YAAY,CAAA,WAAW,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;QAC3C,CAAC,CAAC,YAAY,CAAA,WAAW,YAAY,CAAC,UAAU,EAAE,CAAC;IAErD,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;AAC/B,CAAC"}
1
+ {"version":3,"file":"cdn-api.js","sourceRoot":"","sources":["../src/cdn-api.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgBH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,IAAgB;IACzD,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;IAE7C,oEAAoE;IACpE,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC,CAAC;IAEtE,4EAA4E;IAC5E,iCAAiC;IACjC,4EAA4E;IAC5E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,IAAI,UAAU,EAAE;QAClE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,YAAY;QACxD,OAAO,EAAE,mBAAmB;QAC5B,OAAO,EAAE,IAAI;QACb,yBAAyB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;QACpC,IAAI,EAAE,YAAY,CAAA;;;;qBAID,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiEzB;KACA,CAAC,CAAC;IAEH,4EAA4E;IAC5E,iBAAiB;IACjB,4EAA4E;IAE5E,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CACnD,GAAG,IAAI,gBAAgB,EACvB;QACE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,YAAY;QACxD,OAAO,EACL,gEAAgE;QAClE,UAAU,EAAE,WAAW;QACvB,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,CAAC;QACT,wCAAwC,EAAE;YACxC,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;YACzC,aAAa,EAAE;gBACb,cAAc,EAAE,WAAW;gBAC3B,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,oBAAoB,CAAC,EAAE;aAC3C;YACD,kBAAkB,EAAE;gBAClB,mBAAmB,EAAE,WAAW;gBAChC,YAAY,EAAE;oBACZ,6DAA6D;oBAC7D,2DAA2D;oBAC3D,uDAAuD;oBACvD,8DAA8D;oBAC9D,qDAAqD;oBACrD,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC;iBAC9G;aACF;YACD,0BAA0B,EAAE,IAAI;YAChC,wBAAwB,EAAE,IAAI;SAC/B;KACF,CACF,CAAC;IAEF,uEAAuE;IACvE,mEAAmE;IACnE,yEAAyE;IACzE,uEAAuE;IACvE,sEAAsE;IACtE,oEAAoE;IACpE,kEAAkE;IAClE,mEAAmE;IAEnE,4EAA4E;IAC5E,wBAAwB;IACxB,4EAA4E;IAE5E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAChE,GAAG,IAAI,qBAAqB,EAC5B;QACE,IAAI,EAAE,YAAY,CAAA,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,iBAAiB;QAC7D,OAAO,EAAE,4CAA4C;QACrD,aAAa,EAAE,EAAE,cAAc,EAAE,MAAM,EAAE;QACzC,aAAa,EAAE;YACb,cAAc,EAAE,WAAW;YAC3B,OAAO,EAAE;gBACP,KAAK,EAAE;oBACL,gBAAgB;oBAChB,oBAAoB;oBACpB,cAAc;oBACd,QAAQ;oBACR,oBAAoB;iBACrB;aACF;SACF;QACD,kBAAkB,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE;KACnD,CACF,CAAC;IAEF,0EAA0E;IAC1E,sEAAsE;IACtE,qEAAqE;IACrE,0EAA0E;IAC1E,0EAA0E;IAC1E,oEAAoE;IACpE,2EAA2E;IAC3E,4CAA4C;IAC5C,MAAM,wCAAwC,GAC5C,sCAAsC,CAAC;IAEzC,sEAAsE;IACtE,iCAAiC;IACjC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;IAEvE,4EAA4E;IAC5E,0BAA0B;IAC1B,4EAA4E;IAE5E,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAW,EAAE,EAAE;QACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,gBAAgB,CAAC;IAEvD,yDAAyD;IACzD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,MAAM,iBAAiB,GAAG,IAAI,CAAC,MAAM;QACnC,CAAC,CAAC;YACE,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC7C,gBAAgB,EAAE,UAAmB;YACrC,sBAAsB,EAAE,cAAuB;SAChD;QACH,CAAC,CAAC;YACE,4BAA4B,EAAE,IAAI;SACnC,CAAC;IAEN,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAClD,GAAG,IAAI,cAAc,EACrB;QACE,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,YAAY,CAAA,sBAAsB,IAAI,CAAC,KAAK,EAAE;QACvD,WAAW,EAAE,WAAW;QACxB,UAAU;QACV,OAAO;QAEP,OAAO,EAAE;YACP;gBACE,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,YAAY;gBACxB,kBAAkB,EAAE;oBAClB,QAAQ,EAAE,EAAE;oBACZ,SAAS,EAAE,GAAG;oBACd,oBAAoB,EAAE,YAAY;oBAClC,kBAAkB,EAAE,CAAC,SAAS,CAAC;iBAChC;aACF;SACF;QAED,oBAAoB,EAAE;YACpB,cAAc,EAAE,KAAK;YACrB,oBAAoB,EAAE,mBAAmB;YACzC,cAAc,EAAE;gBACd,KAAK;gBACL,MAAM;gBACN,SAAS;gBACT,KAAK;gBACL,MAAM;gBACN,OAAO;gBACP,QAAQ;aACT;YACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;YACzC,QAAQ,EAAE,IAAI;YACd,aAAa,EAAE,cAAc,CAAC,EAAE;YAChC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;YAC7C,oBAAoB,EAAE;gBACpB;oBACE,SAAS,EAAE,gBAAgB;oBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;iBAC9B;aACF;SACF;QAED,qBAAqB,EAAE;YACrB,yDAAyD;YACzD;gBACE,WAAW,EAAE,aAAa;gBAC1B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;aAChE;YACD,qEAAqE;YACrE,4DAA4D;YAC5D,iEAAiE;YACjE,mEAAmE;YACnE,mEAAmE;YACnE,0BAA0B;YAC1B;gBACE,WAAW,EAAE,cAAc;gBAC3B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;gBAC/D,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,+DAA+D;YAC/D,8DAA8D;YAC9D,sDAAsD;YACtD,kEAAkE;YAClE,kEAAkE;YAClE,gEAAgE;YAChE,UAAU;YACV,EAAE;YACF,kEAAkE;YAClE,+DAA+D;YAC/D,wDAAwD;YACxD,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,wDAAwD;YACxD;gBACE,WAAW,EAAE,eAAe;gBAC5B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBAC1C,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD;gBACE,WAAW,EAAE,eAAe;gBAC5B,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,wCAAwC;gBAC/D,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,2DAA2D;YAC3D,mEAAmE;YACnE,qEAAqE;YACrE,iEAAiE;YACjE,gEAAgE;YAChE,8DAA8D;YAC9D,uDAAuD;YACvD,EAAE;YACF,uEAAuE;YACvE,4DAA4D;YAC5D,qEAAqE;YACrE,qEAAqE;YACrE,6BAA6B;YAC7B;gBACE,WAAW,EAAE,mBAAmB;gBAChC,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD;gBACE,WAAW,EAAE,qBAAqB;gBAClC,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE;oBACd,KAAK;oBACL,MAAM;oBACN,SAAS;oBACT,KAAK;oBACL,MAAM;oBACN,OAAO;oBACP,QAAQ;iBACT;gBACD,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;gBACzC,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;gBAC7C,oBAAoB,EAAE;oBACpB;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,WAAW,EAAE,YAAY,CAAC,GAAG;qBAC9B;iBACF;aACF;YACD,uCAAuC;YACvC;gBACE,WAAW,EAAE,SAAS;gBACtB,cAAc,EAAE,KAAK;gBACrB,oBAAoB,EAAE,mBAAmB;gBACzC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBAC/B,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;gBAC9B,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,uBAAuB;gBACtC,qBAAqB,EAAE,mBAAmB,CAAC,EAAE;aAC9C;SACF;QAED,YAAY,EAAE;YACZ,cAAc,EAAE,EAAE,eAAe,EAAE,MAAM,EAAE;SAC5C;QAED,iBAAiB;KAClB,CACF,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM;QACrB,CAAC,CAAC,YAAY,CAAA,WAAW,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;QAC3C,CAAC,CAAC,YAAY,CAAA,WAAW,YAAY,CAAC,UAAU,EAAE,CAAC;IAErD,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;AAC/B,CAAC"}
package/dist/cron.d.ts ADDED
@@ -0,0 +1,42 @@
1
+ /**
2
+ * Cron Infrastructure
3
+ *
4
+ * EventBridge-driven scheduled Lambdas for periodic CMS maintenance. Today
5
+ * this is just the trash sweeper (Phase 2b of `steering/TRASH_CAN.md`); other
6
+ * cron-shaped workers (backup retention, etc.) live in their own modules.
7
+ *
8
+ * The trash sweeper Lambda walks every site, every collection, and purges
9
+ * content trashed more than `model.TrashRetentionDays` (30) days ago via the
10
+ * service-layer `Purge` — which fans out to drafts, slug lookups, tag counts,
11
+ * relationships, audit, and a `content.deleted` webhook per item. See
12
+ * `packages/api/cmd/trash_sweeper/main.go` for the entrypoint.
13
+ *
14
+ * Mass-delete protection is a per-run circuit breaker inside the sweeper
15
+ * (`TRASH_PURGE_RUN_CAP`), not a CloudWatch alarm: a run that would purge at
16
+ * least the cap aborts and logs at ERROR instead of completing. This keeps the
17
+ * feature at $0-at-rest (no custom CloudWatch metric, no alarm, no SNS topic)
18
+ * while actively *preventing* a runaway purge rather than alerting after the
19
+ * fact. The abort is visible in the sweeper's daily CloudWatch Logs line.
20
+ */
21
+ import type { StorageResources } from "./storage.js";
22
+ import type { WebhookResources } from "./webhooks.js";
23
+ export interface CronArgs {
24
+ storage: StorageResources;
25
+ webhooks: WebhookResources;
26
+ pkgRoot: string;
27
+ /**
28
+ * Stage name (`$app.stage`). Used to tune per-stage alarm thresholds: prod
29
+ * is tight (1000 purges/day signals mass-delete), dev/PR stages are loose
30
+ * to absorb manual testing without paging.
31
+ */
32
+ stage: string;
33
+ dev?: {
34
+ /** Go source path for the trash sweeper, e.g. "packages/api/cmd/trash_sweeper" */
35
+ handler: string;
36
+ };
37
+ }
38
+ export declare function createCron(name: string, args: CronArgs): {
39
+ trashSweeperCron: sst.aws.Cron;
40
+ };
41
+ export type CronResources = ReturnType<typeof createCron>;
42
+ //# sourceMappingURL=cron.d.ts.map
package/dist/cron.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cron.d.ts","sourceRoot":"","sources":["../src/cron.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEtD,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE;QACJ,kFAAkF;QAClF,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAcD,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ;;EAiGtD;AAED,MAAM,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAC"}
package/dist/cron.js ADDED
@@ -0,0 +1,128 @@
1
+ /**
2
+ * Cron Infrastructure
3
+ *
4
+ * EventBridge-driven scheduled Lambdas for periodic CMS maintenance. Today
5
+ * this is just the trash sweeper (Phase 2b of `steering/TRASH_CAN.md`); other
6
+ * cron-shaped workers (backup retention, etc.) live in their own modules.
7
+ *
8
+ * The trash sweeper Lambda walks every site, every collection, and purges
9
+ * content trashed more than `model.TrashRetentionDays` (30) days ago via the
10
+ * service-layer `Purge` — which fans out to drafts, slug lookups, tag counts,
11
+ * relationships, audit, and a `content.deleted` webhook per item. See
12
+ * `packages/api/cmd/trash_sweeper/main.go` for the entrypoint.
13
+ *
14
+ * Mass-delete protection is a per-run circuit breaker inside the sweeper
15
+ * (`TRASH_PURGE_RUN_CAP`), not a CloudWatch alarm: a run that would purge at
16
+ * least the cap aborts and logs at ERROR instead of completing. This keeps the
17
+ * feature at $0-at-rest (no custom CloudWatch metric, no alarm, no SNS topic)
18
+ * while actively *preventing* a runaway purge rather than alerting after the
19
+ * fact. The abort is visible in the sweeper's daily CloudWatch Logs line.
20
+ */
21
+ import path from "path";
22
+ /**
23
+ * Per-stage value for the sweeper's per-run purge circuit breaker
24
+ * (`TRASH_PURGE_RUN_CAP`). A run that would purge at least this many items
25
+ * aborts instead of completing — the cheap, $0 replacement for the old
26
+ * CloudWatch mass-delete alarm. Production is tight (1000/run signals a likely
27
+ * mass-delete); dev/PR stages are loose so manual testing doesn't trip it.
28
+ * Read by `packages/api/cmd/trash_sweeper/main.go`.
29
+ */
30
+ function trashPurgeRunCap(stage) {
31
+ return stage === "production" ? 1000 : 10000;
32
+ }
33
+ export function createCron(name, args) {
34
+ const { storage, webhooks } = args;
35
+ const trashSweeperConfig = args.dev
36
+ ? {
37
+ handler: args.dev.handler,
38
+ runtime: "go",
39
+ }
40
+ : {
41
+ bundle: path.join(args.pkgRoot, "lambda/trash-sweeper"),
42
+ handler: "bootstrap",
43
+ runtime: "provided.al2023",
44
+ architecture: "arm64",
45
+ };
46
+ // Daily at 03:00 UTC. Cron syntax: minute hour day-of-month month day-of-week year.
47
+ // EventBridge requires either day-of-month or day-of-week to be `?`.
48
+ const trashSweeperCron = new sst.aws.Cron(`${name}TrashSweeper`, {
49
+ schedule: "cron(0 3 * * ? *)",
50
+ job: {
51
+ ...trashSweeperConfig,
52
+ // The sweeper pages through every site × every collection. 5 minutes
53
+ // is generous; a single site rarely has > 100 trashed items per
54
+ // collection per day. If we ever hit the timeout, the next run will
55
+ // pick up where we left off (items remain in the trash partition).
56
+ timeout: "5 minutes",
57
+ memory: "512 MB",
58
+ environment: {
59
+ // DynamoDB tables. NOTE: The sweeper's only entry point is
60
+ // AdminContentService.Purge, which touches content + drafts + audit
61
+ // + relationships + (indirectly via tagsRepo) ContentTable's
62
+ // tag-count items. blocksRepo and mediaRepo are passed to
63
+ // NewAdminContentService for symmetry with the API, but Purge's
64
+ // call graph never reaches them — so BLOCKS_TABLE / MEDIA_TABLE
65
+ // are deliberately omitted. If the sweeper ever grows a second
66
+ // entry point (Trash / Restore / Publish), revisit.
67
+ SITES_TABLE: storage.sites.name,
68
+ CONTENT_TABLE: storage.content.name,
69
+ DRAFT_CONTENT_TABLE: storage.draftContent.name,
70
+ COLLECTIONS_TABLE: storage.collections.name,
71
+ BLOCK_TYPES_TABLE: storage.blockTypes.name,
72
+ ADMIN_AUDIT_TABLE: storage.adminAudit.name,
73
+ RELATIONSHIPS_TABLE: storage.relationships.name,
74
+ WEBHOOKS_TABLE: webhooks.webhooks.name,
75
+ WEBHOOK_DELIVERIES_TABLE: webhooks.webhookDeliveries.name,
76
+ // Purge bumps the CDN site-version on published items, so the
77
+ // sweeper needs to write into the KVS just like the API Lambda.
78
+ KVS_ARN: storage.kvs.arn,
79
+ // Webhook fan-out async-invokes this Lambda per subscribed webhook.
80
+ WEBHOOK_WORKER_FUNCTION_NAME: webhooks.webhookWorker.name,
81
+ AWS_REGION_NAME: aws.getRegionOutput().name,
82
+ // Per-run purge circuit breaker. A sweep that would purge at least
83
+ // this many items aborts (and logs at ERROR) instead of completing —
84
+ // a $0 guard against a mass-delete / runaway, replacing the old
85
+ // CloudWatch mass-delete alarm. See trashPurgeRunCap above.
86
+ TRASH_PURGE_RUN_CAP: String(trashPurgeRunCap(args.stage)),
87
+ },
88
+ link: [
89
+ // Read/write — Purge mutates content (incl. tag-count items and
90
+ // slug-lookup rows) + drafts + audit + relationships, and emits
91
+ // per-item webhook delivery rows. Sites/collections/blockTypes are
92
+ // read-only for the sweep loop (ListAll + GetCollections).
93
+ // storage.blocks and storage.media are deliberately NOT linked —
94
+ // see env comment above.
95
+ storage.sites,
96
+ storage.content,
97
+ storage.draftContent,
98
+ storage.collections,
99
+ storage.blockTypes,
100
+ storage.adminAudit,
101
+ storage.relationships,
102
+ webhooks.webhooks,
103
+ webhooks.webhookDeliveries,
104
+ ],
105
+ permissions: [
106
+ {
107
+ // CloudFront KVS bump on Purge of a published item — mirrors the
108
+ // API Lambda's KVS permission set.
109
+ actions: [
110
+ "cloudfront-keyvaluestore:DescribeKeyValueStore",
111
+ "cloudfront-keyvaluestore:PutKey",
112
+ "cloudfront-keyvaluestore:DeleteKey",
113
+ "cloudfront-keyvaluestore:GetKey",
114
+ ],
115
+ resources: [storage.kvs.arn],
116
+ },
117
+ {
118
+ // Async invoke of the webhook worker. Same grant pattern as the
119
+ // API Lambda (`webhooks.webhookWorker.arn` in `api.ts`).
120
+ actions: ["lambda:InvokeFunction"],
121
+ resources: [webhooks.webhookWorker.arn],
122
+ },
123
+ ],
124
+ },
125
+ });
126
+ return { trashSweeperCron };
127
+ }
128
+ //# sourceMappingURL=cron.js.map
package/dist/cron.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cron.js","sourceRoot":"","sources":["../src/cron.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AAoBxB;;;;;;;GAOG;AACH,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO,KAAK,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,IAAc;IACrD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAEnC,MAAM,kBAAkB,GAAG,IAAI,CAAC,GAAG;QACjC,CAAC,CAAC;YACE,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,OAAO,EAAE,IAAa;SACvB;QACH,CAAC,CAAC;YACE,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,sBAAsB,CAAC;YACvD,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,iBAA0B;YACnC,YAAY,EAAE,OAAgB;SAC/B,CAAC;IAEN,oFAAoF;IACpF,qEAAqE;IACrE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,cAAc,EAAE;QAC/D,QAAQ,EAAE,mBAAmB;QAC7B,GAAG,EAAE;YACH,GAAG,kBAAkB;YACrB,qEAAqE;YACrE,gEAAgE;YAChE,oEAAoE;YACpE,mEAAmE;YACnE,OAAO,EAAE,WAAW;YACpB,MAAM,EAAE,QAAQ;YAChB,WAAW,EAAE;gBACX,2DAA2D;gBAC3D,oEAAoE;gBACpE,6DAA6D;gBAC7D,0DAA0D;gBAC1D,gEAAgE;gBAChE,gEAAgE;gBAChE,+DAA+D;gBAC/D,oDAAoD;gBACpD,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;gBAC/B,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,IAAI;gBACnC,mBAAmB,EAAE,OAAO,CAAC,YAAY,CAAC,IAAI;gBAC9C,iBAAiB,EAAE,OAAO,CAAC,WAAW,CAAC,IAAI;gBAC3C,iBAAiB,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;gBAC1C,iBAAiB,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI;gBAC1C,mBAAmB,EAAE,OAAO,CAAC,aAAa,CAAC,IAAI;gBAC/C,cAAc,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI;gBACtC,wBAAwB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,IAAI;gBACzD,8DAA8D;gBAC9D,gEAAgE;gBAChE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG;gBACxB,oEAAoE;gBACpE,4BAA4B,EAAE,QAAQ,CAAC,aAAa,CAAC,IAAI;gBACzD,eAAe,EAAE,GAAG,CAAC,eAAe,EAAE,CAAC,IAAI;gBAC3C,mEAAmE;gBACnE,qEAAqE;gBACrE,gEAAgE;gBAChE,4DAA4D;gBAC5D,mBAAmB,EAAE,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aAC1D;YACD,IAAI,EAAE;gBACJ,gEAAgE;gBAChE,gEAAgE;gBAChE,mEAAmE;gBACnE,2DAA2D;gBAC3D,iEAAiE;gBACjE,yBAAyB;gBACzB,OAAO,CAAC,KAAK;gBACb,OAAO,CAAC,OAAO;gBACf,OAAO,CAAC,YAAY;gBACpB,OAAO,CAAC,WAAW;gBACnB,OAAO,CAAC,UAAU;gBAClB,OAAO,CAAC,UAAU;gBAClB,OAAO,CAAC,aAAa;gBACrB,QAAQ,CAAC,QAAQ;gBACjB,QAAQ,CAAC,iBAAiB;aAC3B;YACD,WAAW,EAAE;gBACX;oBACE,iEAAiE;oBACjE,mCAAmC;oBACnC,OAAO,EAAE;wBACP,gDAAgD;wBAChD,iCAAiC;wBACjC,oCAAoC;wBACpC,iCAAiC;qBAClC;oBACD,SAAS,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;iBAC7B;gBACD;oBACE,gEAAgE;oBAChE,yDAAyD;oBACzD,OAAO,EAAE,CAAC,uBAAuB,CAAC;oBAClC,SAAS,EAAE,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC;iBACxC;aACF;SACF;KACF,CAAC,CAAC;IAEH,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAC9B,CAAC"}
package/dist/image.d.ts CHANGED
@@ -3,6 +3,12 @@
3
3
  *
4
4
  * Sharp-based image transformation Lambda with HMAC-signed URLs.
5
5
  * Supports dev mode (Node.js source) and package mode (pre-bundled handler).
6
+ *
7
+ * The signing key is per-site: the Lambda derives it from a master KDF
8
+ * input (HMAC-SHA256(master, site)) so leaking one site's key cannot be
9
+ * used to forge URLs for another site. The OLD master is an opt-in
10
+ * fallback for smooth rotation — the Sharp Lambda accepts either, the Go
11
+ * API only signs with the primary.
6
12
  */
7
13
  import type { StorageResources } from "./storage.js";
8
14
  export interface ImageArgs {
@@ -14,7 +20,8 @@ export interface ImageArgs {
14
20
  };
15
21
  }
16
22
  export declare function createImage(name: string, args: ImageArgs): {
17
- imageSigningSecret: sst.Secret;
23
+ imageSigningMasterSecret: sst.Secret;
24
+ imageSigningMasterSecretOld: sst.Secret;
18
25
  imageLambda: sst.aws.Function;
19
26
  };
20
27
  export type ImageResources = ReturnType<typeof createImage>;
package/dist/image.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../src/image.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,MAAM,WAAW,SAAS;IACxB,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAC,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE;QACJ,qEAAqE;QACrE,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS;;;EA2CxD;AAED,MAAM,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC"}
1
+ {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../src/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,MAAM,WAAW,SAAS;IACxB,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAC,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE;QACJ,qEAAqE;QACrE,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS;;;;EA6DxD;AAED,MAAM,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,WAAW,CAAC,CAAC"}
package/dist/image.js CHANGED
@@ -3,10 +3,20 @@
3
3
  *
4
4
  * Sharp-based image transformation Lambda with HMAC-signed URLs.
5
5
  * Supports dev mode (Node.js source) and package mode (pre-bundled handler).
6
+ *
7
+ * The signing key is per-site: the Lambda derives it from a master KDF
8
+ * input (HMAC-SHA256(master, site)) so leaking one site's key cannot be
9
+ * used to forge URLs for another site. The OLD master is an opt-in
10
+ * fallback for smooth rotation — the Sharp Lambda accepts either, the Go
11
+ * API only signs with the primary.
6
12
  */
7
13
  import path from "path";
8
14
  export function createImage(name, args) {
9
- const imageSigningSecret = new sst.Secret(`${name}ImageSigningSecret`);
15
+ const imageSigningMasterSecret = new sst.Secret(`${name}ImageSigningMasterSecret`);
16
+ // Optional fallback master used during rotation. SST treats unset
17
+ // secrets as empty strings, which the Lambda's deriveSiteSecret turns
18
+ // into a null per-site key — disabling the fallback path entirely.
19
+ const imageSigningMasterSecretOld = new sst.Secret(`${name}ImageSigningMasterSecretOld`);
10
20
  let imageLambda;
11
21
  if (args.dev) {
12
22
  imageLambda = new sst.aws.Function(`${name}ImageLambda`, {
@@ -23,9 +33,14 @@ export function createImage(name, args) {
23
33
  },
24
34
  environment: {
25
35
  CONTENT_BUCKET: args.contentBucket.name,
26
- IMAGE_SIGNING_SECRET: imageSigningSecret.value,
36
+ IMAGE_SIGNING_MASTER_SECRET: imageSigningMasterSecret.value,
37
+ IMAGE_SIGNING_MASTER_SECRET_OLD: imageSigningMasterSecretOld.value,
27
38
  },
28
- link: [args.contentBucket, imageSigningSecret],
39
+ link: [
40
+ args.contentBucket,
41
+ imageSigningMasterSecret,
42
+ imageSigningMasterSecretOld,
43
+ ],
29
44
  });
30
45
  }
31
46
  else {
@@ -41,11 +56,16 @@ export function createImage(name, args) {
41
56
  },
42
57
  environment: {
43
58
  CONTENT_BUCKET: args.contentBucket.name,
44
- IMAGE_SIGNING_SECRET: imageSigningSecret.value,
59
+ IMAGE_SIGNING_MASTER_SECRET: imageSigningMasterSecret.value,
60
+ IMAGE_SIGNING_MASTER_SECRET_OLD: imageSigningMasterSecretOld.value,
45
61
  },
46
- link: [args.contentBucket, imageSigningSecret],
62
+ link: [
63
+ args.contentBucket,
64
+ imageSigningMasterSecret,
65
+ imageSigningMasterSecretOld,
66
+ ],
47
67
  });
48
68
  }
49
- return { imageSigningSecret, imageLambda };
69
+ return { imageSigningMasterSecret, imageSigningMasterSecretOld, imageLambda };
50
70
  }
51
71
  //# sourceMappingURL=image.js.map
package/dist/image.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"image.js","sourceRoot":"","sources":["../src/image.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AAYxB,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,IAAe;IACvD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC;IAEvE,IAAI,WAA6B,CAAC;IAClC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,WAAW,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,aAAa,EAAE;YACvD,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,OAAO,EAAE,YAAY;YACrB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,SAAS;YACjB,GAAG,EAAE;gBACH,aAAa,EAAE,KAAK;aACrB;YACD,MAAM,EAAE;gBACN,OAAO,EAAE,CAAC,OAAO,CAAC;aACnB;YACD,WAAW,EAAE;gBACX,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;gBACvC,oBAAoB,EAAE,kBAAkB,CAAC,KAAK;aAC/C;YACD,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,aAAa,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC;YACtD,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,YAAY;YACrB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,SAAS;YACjB,GAAG,EAAE;gBACH,aAAa,EAAE,KAAK;aACrB;YACD,WAAW,EAAE;gBACX,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;gBACvC,oBAAoB,EAAE,kBAAkB,CAAC,KAAK;aAC/C;YACD,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC;AAC7C,CAAC"}
1
+ {"version":3,"file":"image.js","sourceRoot":"","sources":["../src/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AAYxB,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,IAAe;IACvD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,MAAM,CAC7C,GAAG,IAAI,0BAA0B,CAClC,CAAC;IACF,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC,MAAM,CAChD,GAAG,IAAI,6BAA6B,CACrC,CAAC;IAEF,IAAI,WAA6B,CAAC;IAClC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,WAAW,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,aAAa,EAAE;YACvD,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO;YACzB,OAAO,EAAE,YAAY;YACrB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,SAAS;YACjB,GAAG,EAAE;gBACH,aAAa,EAAE,KAAK;aACrB;YACD,MAAM,EAAE;gBACN,OAAO,EAAE,CAAC,OAAO,CAAC;aACnB;YACD,WAAW,EAAE;gBACX,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;gBACvC,2BAA2B,EAAE,wBAAwB,CAAC,KAAK;gBAC3D,+BAA+B,EAAE,2BAA2B,CAAC,KAAK;aACnE;YACD,IAAI,EAAE;gBACJ,IAAI,CAAC,aAAa;gBAClB,wBAAwB;gBACxB,2BAA2B;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,aAAa,EAAE;YACvD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC;YACtD,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,YAAY;YACrB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE,SAAS;YACjB,GAAG,EAAE;gBACH,aAAa,EAAE,KAAK;aACrB;YACD,WAAW,EAAE;gBACX,cAAc,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;gBACvC,2BAA2B,EAAE,wBAAwB,CAAC,KAAK;gBAC3D,+BAA+B,EAAE,2BAA2B,CAAC,KAAK;aACnE;YACD,IAAI,EAAE;gBACJ,IAAI,CAAC,aAAa;gBAClB,wBAAwB;gBACxB,2BAA2B;aAC5B;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,wBAAwB,EAAE,2BAA2B,EAAE,WAAW,EAAE,CAAC;AAChF,CAAC"}
package/dist/index.d.ts CHANGED
@@ -7,6 +7,7 @@
7
7
  export type { StorageResources } from "./storage.js";
8
8
  export type { AuthResources } from "./auth.js";
9
9
  export type { WebhookResources } from "./webhooks.js";
10
+ export type { BackupResources } from "./backup.js";
10
11
  export type { ImageResources } from "./image.js";
11
12
  export type { ApiResources } from "./api.js";
12
13
  export type { ApiCdnResources } from "./cdn-api.js";
@@ -14,6 +15,7 @@ export type { MediaCdnResources } from "./cdn-media.js";
14
15
  export type { SchedulerResources } from "./scheduler.js";
15
16
  export type { CollaborationResources } from "./collaboration.js";
16
17
  export type { AdminSiteResources } from "./admin-site.js";
18
+ export type { CronResources } from "./cron.js";
17
19
  export interface HeadroomCMSArgs {
18
20
  /**
19
21
  * Email address for sending admin invitations and password resets.
@@ -78,6 +80,8 @@ export interface HeadroomCMSArgs {
78
80
  apiHandler: string;
79
81
  /** Go source path for webhook worker, e.g. "packages/webhook-worker" */
80
82
  webhookWorkerHandler: string;
83
+ /** Go source path for backup worker, e.g. "packages/backup-worker" */
84
+ backupWorkerHandler: string;
81
85
  /** SST handler for custom message function, e.g. "packages/functions/custom-message.handler" */
82
86
  customMessageHandler: string;
83
87
  /** SST handler for image Lambda, e.g. "packages/image-lambda/index.handler" */
@@ -88,6 +92,8 @@ export interface HeadroomCMSArgs {
88
92
  schedulerHandler?: string;
89
93
  /** SST handler for collab Lambda, e.g. "packages/collab/src/index.handler" */
90
94
  collabHandler?: string;
95
+ /** Go source path for trash sweeper Lambda, e.g. "packages/api/cmd/trash_sweeper" */
96
+ trashSweeperHandler?: string;
91
97
  };
92
98
  /**
93
99
  * Build-time toggle for the collaboration feature in the admin UI.
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA0CH,YAAY,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC/C,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC7C,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,YAAY,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;;OAIG;IACH,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;OAGG;IACH,UAAU,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IAEpE;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,cAAc,CAAC,EAAE;QACf,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;IAEF;;;OAGG;IACH,GAAG,CAAC,EAAE;QACJ,yDAAyD;QACzD,UAAU,EAAE,MAAM,CAAC;QACnB,wEAAwE;QACxE,oBAAoB,EAAE,MAAM,CAAC;QAC7B,gGAAgG;QAChG,oBAAoB,EAAE,MAAM,CAAC;QAC7B,+EAA+E;QAC/E,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,SAAS,EAAE,MAAM,CAAC;QAClB,qEAAqE;QACrE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,8EAA8E;QAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACtB,SAAgB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,SAAgB,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChD,SAAgB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClD,SAAgB,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/C,SAAgB,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACjD,SAAgB,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvD,SAAgB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAElD,SAAgB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;gBAElD,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe;CAmIhD"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA4CH,YAAY,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC/C,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AACjD,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC7C,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,YAAY,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,YAAY,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjE,YAAY,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE/C,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,WAAW,EAAE,MAAM,CAAC;IAEpB;;;OAGG;IACH,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;;OAIG;IACH,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;OAGG;IACH,WAAW,CAAC,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,gEAAgE;QAChE,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAEF;;;OAGG;IACH,UAAU,CAAC,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IAEpE;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,cAAc,CAAC,EAAE;QACf,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,gBAAgB,CAAC,EAAE,OAAO,CAAC;QAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;IAEF;;;OAGG;IACH,GAAG,CAAC,EAAE;QACJ,yDAAyD;QACzD,UAAU,EAAE,MAAM,CAAC;QACnB,wEAAwE;QACxE,oBAAoB,EAAE,MAAM,CAAC;QAC7B,sEAAsE;QACtE,mBAAmB,EAAE,MAAM,CAAC;QAC5B,gGAAgG;QAChG,oBAAoB,EAAE,MAAM,CAAC;QAC7B,+EAA+E;QAC/E,kBAAkB,EAAE,MAAM,CAAC;QAC3B,qDAAqD;QACrD,SAAS,EAAE,MAAM,CAAC;QAClB,qEAAqE;QACrE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,8EAA8E;QAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,qFAAqF;QACrF,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B,CAAC;IAEF;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,qBAAa,WAAW;IACtB,SAAgB,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC7C,SAAgB,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChD,SAAgB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAClD,SAAgB,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/C,SAAgB,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACjD,SAAgB,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvD,SAAgB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAElD,SAAgB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;gBAElD,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe;CAoLhD"}