sst 2.21.6 → 2.21.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bootstrap.js +6 -1
- package/cli/local/server.js +27 -7
- package/constructs/App.js +3 -4
- package/constructs/RemixSite.js +6 -4
- package/constructs/SsrFunction.d.ts +2 -0
- package/constructs/SsrFunction.js +2 -0
- package/constructs/util/permission.js +3 -0
- package/package.json +1 -1
- package/sst.mjs +42 -8
package/bootstrap.js
CHANGED
|
@@ -5,7 +5,7 @@ import { spawn } from "child_process";
|
|
|
5
5
|
import { DescribeStacksCommand, CloudFormationClient, } from "@aws-sdk/client-cloudformation";
|
|
6
6
|
import { App, DefaultStackSynthesizer, Duration, CfnOutput, Tags, Stack, RemovalPolicy, } from "aws-cdk-lib/core";
|
|
7
7
|
import { Function, Runtime, Code } from "aws-cdk-lib/aws-lambda";
|
|
8
|
-
import { PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
8
|
+
import { ManagedPolicy, PermissionsBoundary, PolicyStatement, } from "aws-cdk-lib/aws-iam";
|
|
9
9
|
import { Rule } from "aws-cdk-lib/aws-events";
|
|
10
10
|
import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
|
|
11
11
|
import { BlockPublicAccess, Bucket, BucketEncryption, } from "aws-cdk-lib/aws-s3";
|
|
@@ -215,6 +215,11 @@ export async function bootstrapSST() {
|
|
|
215
215
|
},
|
|
216
216
|
});
|
|
217
217
|
rule.addTarget(new LambdaFunction(fn));
|
|
218
|
+
// Create permissions boundary
|
|
219
|
+
if (cdk?.customPermissionsBoundary) {
|
|
220
|
+
const boundaryPolicy = ManagedPolicy.fromManagedPolicyName(stack, "PermissionBoundaryPolicy", cdk.customPermissionsBoundary);
|
|
221
|
+
PermissionsBoundary.of(stack).apply(boundaryPolicy);
|
|
222
|
+
}
|
|
218
223
|
// Create stack outputs to store bootstrap stack info
|
|
219
224
|
new CfnOutput(stack, OUTPUT_VERSION, { value: LATEST_VERSION });
|
|
220
225
|
new CfnOutput(stack, OUTPUT_BUCKET, { value: bucket.bucketName });
|
package/cli/local/server.js
CHANGED
|
@@ -104,11 +104,38 @@ export async function useLocalServer(opts) {
|
|
|
104
104
|
const wss = new WebSocketServer({ noServer: true });
|
|
105
105
|
const wss2 = new WebSocketServer({ noServer: true });
|
|
106
106
|
const sockets = new Set();
|
|
107
|
+
let buffer = [
|
|
108
|
+
{
|
|
109
|
+
type: "cli.dev",
|
|
110
|
+
properties: {
|
|
111
|
+
stage: project.config.stage,
|
|
112
|
+
app: project.config.name,
|
|
113
|
+
},
|
|
114
|
+
},
|
|
115
|
+
];
|
|
116
|
+
function publish(type, properties) {
|
|
117
|
+
const msg = {
|
|
118
|
+
type,
|
|
119
|
+
properties,
|
|
120
|
+
};
|
|
121
|
+
buffer.push(msg);
|
|
122
|
+
const json = JSON.stringify(msg);
|
|
123
|
+
[...sockets.values()].map((s) => s.send(json));
|
|
124
|
+
}
|
|
107
125
|
wss2.on("connection", (socket, req) => {
|
|
108
126
|
sockets.add(socket);
|
|
127
|
+
for (const msg of buffer) {
|
|
128
|
+
socket.send(JSON.stringify(msg));
|
|
129
|
+
}
|
|
109
130
|
socket.on("close", () => {
|
|
110
131
|
sockets.delete(socket);
|
|
111
132
|
});
|
|
133
|
+
socket.on("message", (data) => {
|
|
134
|
+
const parsed = JSON.parse(data.toString());
|
|
135
|
+
if (parsed.type === "log.cleared") {
|
|
136
|
+
buffer = buffer.filter((msg) => msg.properties?.functionID !== parsed.properties?.functionID);
|
|
137
|
+
}
|
|
138
|
+
});
|
|
112
139
|
});
|
|
113
140
|
wss.on("connection", (socket, req) => {
|
|
114
141
|
if (req.headers.origin?.endsWith("localhost:3000"))
|
|
@@ -179,13 +206,6 @@ export async function useLocalServer(opts) {
|
|
|
179
206
|
cb(func);
|
|
180
207
|
});
|
|
181
208
|
}
|
|
182
|
-
function publish(type, properties) {
|
|
183
|
-
const msg = JSON.stringify({
|
|
184
|
-
type,
|
|
185
|
-
properties,
|
|
186
|
-
});
|
|
187
|
-
[...sockets.values()].map((s) => s.send(msg));
|
|
188
|
-
}
|
|
189
209
|
bus.subscribe("function.invoked", async (evt) => {
|
|
190
210
|
publish("function.invoked", evt.properties);
|
|
191
211
|
updateFunction(evt.properties.functionID, (draft) => {
|
package/constructs/App.js
CHANGED
|
@@ -2,7 +2,6 @@ import path from "path";
|
|
|
2
2
|
import fs from "fs";
|
|
3
3
|
import { Stack } from "./Stack.js";
|
|
4
4
|
import { isSSTConstruct, isStackConstruct, } from "./Construct.js";
|
|
5
|
-
import { Function } from "./Function.js";
|
|
6
5
|
import { bindParameters, bindType } from "./util/functionBinding.js";
|
|
7
6
|
import { stack } from "./FunctionalStack.js";
|
|
8
7
|
import { createRequire } from "module";
|
|
@@ -230,7 +229,7 @@ export class App extends CDKApp {
|
|
|
230
229
|
if (!isSSTConstruct(c)) {
|
|
231
230
|
return;
|
|
232
231
|
}
|
|
233
|
-
if (
|
|
232
|
+
if ("_doNotAllowOthersToBind" in c && c._doNotAllowOthersToBind) {
|
|
234
233
|
return;
|
|
235
234
|
}
|
|
236
235
|
bindParameters(c);
|
|
@@ -353,7 +352,7 @@ export class App extends CDKApp {
|
|
|
353
352
|
if (!isSSTConstruct(c)) {
|
|
354
353
|
return;
|
|
355
354
|
}
|
|
356
|
-
if (
|
|
355
|
+
if ("_doNotAllowOthersToBind" in c && c._doNotAllowOthersToBind) {
|
|
357
356
|
return;
|
|
358
357
|
}
|
|
359
358
|
const className = c.constructor.name;
|
|
@@ -431,7 +430,7 @@ export class App extends CDKApp {
|
|
|
431
430
|
if (!isSSTConstruct(c)) {
|
|
432
431
|
return;
|
|
433
432
|
}
|
|
434
|
-
if (
|
|
433
|
+
if ("_doNotAllowOthersToBind" in c && c._doNotAllowOthersToBind) {
|
|
435
434
|
return;
|
|
436
435
|
}
|
|
437
436
|
const binding = bindType(c);
|
package/constructs/RemixSite.js
CHANGED
|
@@ -72,9 +72,11 @@ export class RemixSite extends SsrSite {
|
|
|
72
72
|
// appropriate Lambda@Edge handler. We will utilise an internal asset
|
|
73
73
|
// template to create this wrapper within the "core server build" output
|
|
74
74
|
// directory.
|
|
75
|
+
// Ensure build directory exists
|
|
76
|
+
const buildPath = path.join(this.props.path, "build");
|
|
77
|
+
fs.mkdirSync(buildPath, { recursive: true });
|
|
75
78
|
// Copy the server lambda handler
|
|
76
|
-
|
|
77
|
-
fs.copyFileSync(path.resolve(__dirname, `../support/remix-site-function/${wrapperFile}`), handler);
|
|
79
|
+
fs.copyFileSync(path.resolve(__dirname, `../support/remix-site-function/${wrapperFile}`), path.join(buildPath, "server.js"));
|
|
78
80
|
// Copy the Remix polyfil to the server build directory
|
|
79
81
|
//
|
|
80
82
|
// Note: We need to ensure that the polyfills are injected above other code that
|
|
@@ -82,10 +84,10 @@ export class RemixSite extends SsrSite {
|
|
|
82
84
|
// doesn't appear to guarantee this, we therefore leverage ESBUild's
|
|
83
85
|
// `inject` option to ensure that the polyfills are injected at the top of
|
|
84
86
|
// the bundle.
|
|
85
|
-
const polyfillDest = path.join(
|
|
87
|
+
const polyfillDest = path.join(buildPath, "polyfill.js");
|
|
86
88
|
fs.copyFileSync(path.resolve(__dirname, "../support/remix-site-function/polyfill.js"), polyfillDest);
|
|
87
89
|
return {
|
|
88
|
-
handler: path.join(
|
|
90
|
+
handler: path.join(buildPath, "server.handler"),
|
|
89
91
|
esbuild: { inject: [polyfillDest] },
|
|
90
92
|
};
|
|
91
93
|
}
|
|
@@ -26,6 +26,8 @@ export declare class SsrFunction extends Construct implements SSTConstruct {
|
|
|
26
26
|
private assetReplacer;
|
|
27
27
|
private assetReplacerPolicy;
|
|
28
28
|
private props;
|
|
29
|
+
/** @internal */
|
|
30
|
+
_doNotAllowOthersToBind: boolean;
|
|
29
31
|
constructor(scope: Construct, id: string, props: SsrFunctionProps);
|
|
30
32
|
get role(): import("aws-cdk-lib/aws-iam").IRole | undefined;
|
|
31
33
|
get functionArn(): string;
|
|
@@ -195,6 +195,9 @@ function permissionsToStatementsAndGrants(permissions) {
|
|
|
195
195
|
if (secret) {
|
|
196
196
|
statements.push(buildPolicyStatement(["secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"], [secret.secretArn]));
|
|
197
197
|
}
|
|
198
|
+
if (secret?.encryptionKey) {
|
|
199
|
+
statements.push(buildPolicyStatement(["kms:Decrypt"], [secret.encryptionKey.keyArn]));
|
|
200
|
+
}
|
|
198
201
|
}
|
|
199
202
|
////////////////////////////////////
|
|
200
203
|
// Case: grant method
|
package/package.json
CHANGED
package/sst.mjs
CHANGED
|
@@ -6661,7 +6661,11 @@ import {
|
|
|
6661
6661
|
RemovalPolicy
|
|
6662
6662
|
} from "aws-cdk-lib/core";
|
|
6663
6663
|
import { Function, Runtime as Runtime2, Code } from "aws-cdk-lib/aws-lambda";
|
|
6664
|
-
import {
|
|
6664
|
+
import {
|
|
6665
|
+
ManagedPolicy,
|
|
6666
|
+
PermissionsBoundary,
|
|
6667
|
+
PolicyStatement
|
|
6668
|
+
} from "aws-cdk-lib/aws-iam";
|
|
6665
6669
|
import { Rule } from "aws-cdk-lib/aws-events";
|
|
6666
6670
|
import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
|
|
6667
6671
|
import {
|
|
@@ -6815,6 +6819,14 @@ async function bootstrapSST() {
|
|
|
6815
6819
|
}
|
|
6816
6820
|
});
|
|
6817
6821
|
rule.addTarget(new LambdaFunction(fn));
|
|
6822
|
+
if (cdk?.customPermissionsBoundary) {
|
|
6823
|
+
const boundaryPolicy = ManagedPolicy.fromManagedPolicyName(
|
|
6824
|
+
stack,
|
|
6825
|
+
"PermissionBoundaryPolicy",
|
|
6826
|
+
cdk.customPermissionsBoundary
|
|
6827
|
+
);
|
|
6828
|
+
PermissionsBoundary.of(stack).apply(boundaryPolicy);
|
|
6829
|
+
}
|
|
6818
6830
|
new CfnOutput(stack, OUTPUT_VERSION, { value: LATEST_VERSION });
|
|
6819
6831
|
new CfnOutput(stack, OUTPUT_BUCKET, { value: bucket.bucketName });
|
|
6820
6832
|
const asm = app.synth();
|
|
@@ -7085,11 +7097,40 @@ async function useLocalServer(opts) {
|
|
|
7085
7097
|
const wss = new WebSocketServer({ noServer: true });
|
|
7086
7098
|
const wss2 = new WebSocketServer({ noServer: true });
|
|
7087
7099
|
const sockets = /* @__PURE__ */ new Set();
|
|
7100
|
+
let buffer = [
|
|
7101
|
+
{
|
|
7102
|
+
type: "cli.dev",
|
|
7103
|
+
properties: {
|
|
7104
|
+
stage: project.config.stage,
|
|
7105
|
+
app: project.config.name
|
|
7106
|
+
}
|
|
7107
|
+
}
|
|
7108
|
+
];
|
|
7109
|
+
function publish(type, properties) {
|
|
7110
|
+
const msg = {
|
|
7111
|
+
type,
|
|
7112
|
+
properties
|
|
7113
|
+
};
|
|
7114
|
+
buffer.push(msg);
|
|
7115
|
+
const json = JSON.stringify(msg);
|
|
7116
|
+
[...sockets.values()].map((s) => s.send(json));
|
|
7117
|
+
}
|
|
7088
7118
|
wss2.on("connection", (socket, req) => {
|
|
7089
7119
|
sockets.add(socket);
|
|
7120
|
+
for (const msg of buffer) {
|
|
7121
|
+
socket.send(JSON.stringify(msg));
|
|
7122
|
+
}
|
|
7090
7123
|
socket.on("close", () => {
|
|
7091
7124
|
sockets.delete(socket);
|
|
7092
7125
|
});
|
|
7126
|
+
socket.on("message", (data2) => {
|
|
7127
|
+
const parsed = JSON.parse(data2.toString());
|
|
7128
|
+
if (parsed.type === "log.cleared") {
|
|
7129
|
+
buffer = buffer.filter(
|
|
7130
|
+
(msg) => msg.properties?.functionID !== parsed.properties?.functionID
|
|
7131
|
+
);
|
|
7132
|
+
}
|
|
7133
|
+
});
|
|
7093
7134
|
});
|
|
7094
7135
|
wss.on("connection", (socket, req) => {
|
|
7095
7136
|
if (req.headers.origin?.endsWith("localhost:3000"))
|
|
@@ -7160,13 +7201,6 @@ async function useLocalServer(opts) {
|
|
|
7160
7201
|
cb(func);
|
|
7161
7202
|
});
|
|
7162
7203
|
}
|
|
7163
|
-
function publish(type, properties) {
|
|
7164
|
-
const msg = JSON.stringify({
|
|
7165
|
-
type,
|
|
7166
|
-
properties
|
|
7167
|
-
});
|
|
7168
|
-
[...sockets.values()].map((s) => s.send(msg));
|
|
7169
|
-
}
|
|
7170
7204
|
bus.subscribe("function.invoked", async (evt) => {
|
|
7171
7205
|
publish("function.invoked", evt.properties);
|
|
7172
7206
|
updateFunction(evt.properties.functionID, (draft) => {
|