sst 2.23.10 → 2.23.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli/commands/bind.js +0 -4
- package/constructs/EdgeFunction.d.ts +1 -2
- package/constructs/EdgeFunction.js +2 -5
- package/constructs/NextjsSite.js +23 -3
- package/constructs/SsrSite.d.ts +11 -2
- package/constructs/SsrSite.js +37 -2
- package/package.json +3 -1
- package/support/custom-resources/index.mjs +1 -1
- package/support/signing-function/index.mjs +3223 -0
package/cli/commands/bind.js
CHANGED
|
@@ -90,25 +90,21 @@ export const bind = (program) => program
|
|
|
90
90
|
function isInSsrSite() {
|
|
91
91
|
const cwd = process.cwd();
|
|
92
92
|
return useSsrSites().all.find(({ props }) => {
|
|
93
|
-
console.log(path.resolve(project.paths.root, props.path));
|
|
94
93
|
return path.resolve(project.paths.root, props.path) === cwd;
|
|
95
94
|
});
|
|
96
95
|
}
|
|
97
96
|
function isInStaticSite() {
|
|
98
97
|
const cwd = process.cwd();
|
|
99
98
|
return (useStaticSites().all.find(({ props }) => {
|
|
100
|
-
console.log(path.resolve(project.paths.root, props.path));
|
|
101
99
|
return path.resolve(project.paths.root, props.path) === cwd;
|
|
102
100
|
}) ||
|
|
103
101
|
useSlsNextjsSites().all.find(({ props }) => {
|
|
104
|
-
console.log(path.resolve(project.paths.root, props.path));
|
|
105
102
|
return path.resolve(project.paths.root, props.path) === cwd;
|
|
106
103
|
}));
|
|
107
104
|
}
|
|
108
105
|
function isInService() {
|
|
109
106
|
const cwd = process.cwd();
|
|
110
107
|
return useServices().all.find(({ props }) => {
|
|
111
|
-
console.log(path.resolve(project.paths.root, props.path));
|
|
112
108
|
return path.resolve(project.paths.root, props.path) === cwd;
|
|
113
109
|
});
|
|
114
110
|
}
|
|
@@ -22,15 +22,14 @@ export declare class EdgeFunction extends Construct {
|
|
|
22
22
|
role: Role;
|
|
23
23
|
functionArn: string;
|
|
24
24
|
function: CdkIFunction;
|
|
25
|
+
currentVersion: IVersion;
|
|
25
26
|
private functionCR;
|
|
26
27
|
private assetReplacer;
|
|
27
28
|
private assetReplacerPolicy;
|
|
28
29
|
private scope;
|
|
29
|
-
private versionId;
|
|
30
30
|
private bindingEnvs;
|
|
31
31
|
private props;
|
|
32
32
|
constructor(scope: Construct, id: string, props: EdgeFunctionProps);
|
|
33
|
-
get currentVersion(): IVersion;
|
|
34
33
|
build(): Promise<void>;
|
|
35
34
|
attachPermissions(permissions: Permissions): void;
|
|
36
35
|
addEnvironment(key: string, value: string): void;
|
|
@@ -24,11 +24,11 @@ export class EdgeFunction extends Construct {
|
|
|
24
24
|
role;
|
|
25
25
|
functionArn;
|
|
26
26
|
function;
|
|
27
|
+
currentVersion;
|
|
27
28
|
functionCR;
|
|
28
29
|
assetReplacer;
|
|
29
30
|
assetReplacerPolicy;
|
|
30
31
|
scope;
|
|
31
|
-
versionId;
|
|
32
32
|
bindingEnvs;
|
|
33
33
|
props;
|
|
34
34
|
constructor(scope, id, props) {
|
|
@@ -64,13 +64,10 @@ export class EdgeFunction extends Construct {
|
|
|
64
64
|
});
|
|
65
65
|
this.functionCR = fn;
|
|
66
66
|
this.functionArn = fnArn;
|
|
67
|
-
this.
|
|
67
|
+
this.currentVersion = Version.fromVersionArn(this, `${id}FunctionVersion`, `${fnArn}:${versionId}`);
|
|
68
68
|
this.assetReplacer = assetReplacer;
|
|
69
69
|
this.assetReplacerPolicy = assetReplacerPolicy;
|
|
70
70
|
}
|
|
71
|
-
get currentVersion() {
|
|
72
|
-
return Version.fromVersionArn(this, `${this.node.id}FunctionVersion`, `${this.functionArn}:${this.versionId}`);
|
|
73
|
-
}
|
|
74
71
|
async build() {
|
|
75
72
|
const { bundle, handler } = this.props;
|
|
76
73
|
const { asset, handlerFilename } = bundle
|
package/constructs/NextjsSite.js
CHANGED
|
@@ -4,7 +4,7 @@ import { Fn, Duration as CdkDuration, RemovalPolicy, CustomResource, } from "aws
|
|
|
4
4
|
import { Effect, Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
5
5
|
import { RetentionDays } from "aws-cdk-lib/aws-logs";
|
|
6
6
|
import { Code, Runtime, Architecture, Function as CdkFunction, FunctionUrlAuthType, } from "aws-cdk-lib/aws-lambda";
|
|
7
|
-
import { ViewerProtocolPolicy, AllowedMethods, CachedMethods, } from "aws-cdk-lib/aws-cloudfront";
|
|
7
|
+
import { ViewerProtocolPolicy, AllowedMethods, CachedMethods, LambdaEdgeEventType, } from "aws-cdk-lib/aws-cloudfront";
|
|
8
8
|
import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
|
|
9
9
|
import { Rule, Schedule } from "aws-cdk-lib/aws-events";
|
|
10
10
|
import { LambdaFunction } from "aws-cdk-lib/aws-events-targets";
|
|
@@ -314,10 +314,12 @@ export class NextjsSite extends SsrSite {
|
|
|
314
314
|
]);
|
|
315
315
|
}
|
|
316
316
|
buildImageBehavior(cachePolicy) {
|
|
317
|
-
const { cdk } = this.props;
|
|
317
|
+
const { cdk, regional } = this.props;
|
|
318
318
|
const imageFn = this.createImageOptimizationFunction();
|
|
319
319
|
const imageFnUrl = imageFn.addFunctionUrl({
|
|
320
|
-
authType:
|
|
320
|
+
authType: regional?.enableServerUrlIamAuth
|
|
321
|
+
? FunctionUrlAuthType.AWS_IAM
|
|
322
|
+
: FunctionUrlAuthType.NONE,
|
|
321
323
|
});
|
|
322
324
|
return {
|
|
323
325
|
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
|
|
@@ -327,6 +329,24 @@ export class NextjsSite extends SsrSite {
|
|
|
327
329
|
compress: true,
|
|
328
330
|
cachePolicy,
|
|
329
331
|
responseHeadersPolicy: cdk?.responseHeadersPolicy,
|
|
332
|
+
edgeLambdas: regional?.enableServerUrlIamAuth
|
|
333
|
+
? [
|
|
334
|
+
(() => {
|
|
335
|
+
const fn = this.useServerUrlSigningFunction();
|
|
336
|
+
fn.attachPermissions([
|
|
337
|
+
new PolicyStatement({
|
|
338
|
+
actions: ["lambda:InvokeFunctionUrl"],
|
|
339
|
+
resources: [imageFn.functionArn],
|
|
340
|
+
}),
|
|
341
|
+
]);
|
|
342
|
+
return {
|
|
343
|
+
includeBody: true,
|
|
344
|
+
eventType: LambdaEdgeEventType.ORIGIN_REQUEST,
|
|
345
|
+
functionVersion: fn.currentVersion,
|
|
346
|
+
};
|
|
347
|
+
})(),
|
|
348
|
+
]
|
|
349
|
+
: [],
|
|
330
350
|
};
|
|
331
351
|
}
|
|
332
352
|
generateBuildId() {
|
package/constructs/SsrSite.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Construct } from "constructs";
|
|
2
2
|
import { Bucket, BucketProps, IBucket } from "aws-cdk-lib/aws-s3";
|
|
3
|
-
import {
|
|
3
|
+
import { FunctionProps } from "aws-cdk-lib/aws-lambda";
|
|
4
4
|
import { ICachePolicy, IResponseHeadersPolicy, BehaviorOptions, CachePolicy, Function as CfFunction, FunctionEventType as CfFunctionEventType } from "aws-cdk-lib/aws-cloudfront";
|
|
5
5
|
import { Distribution, DistributionDomainProps } from "./Distribution.js";
|
|
6
6
|
import { SSTConstruct } from "./Construct.js";
|
|
@@ -136,6 +136,13 @@ export interface SsrSiteProps {
|
|
|
136
136
|
* ```
|
|
137
137
|
*/
|
|
138
138
|
environment?: Record<string, string>;
|
|
139
|
+
regional?: {
|
|
140
|
+
/**
|
|
141
|
+
* Secure the server function URL using AWS IAM authentication. By default, the server function URL is publicly accessible. When this flag is enabled, the server function URL will require IAM authorization, and a Lambda@Edge function will sign the requests. Be aware that this introduces added latency to the requests.
|
|
142
|
+
* @default false
|
|
143
|
+
*/
|
|
144
|
+
enableServerUrlIamAuth?: boolean;
|
|
145
|
+
};
|
|
139
146
|
dev?: {
|
|
140
147
|
/**
|
|
141
148
|
* When running `sst dev, site is not deployed. This is to ensure `sst dev` can start up quickly.
|
|
@@ -275,6 +282,7 @@ export declare abstract class SsrSite extends Construct implements SSTConstruct
|
|
|
275
282
|
protected serverLambdaForEdge?: EdgeFunction;
|
|
276
283
|
protected serverLambdaForRegional?: SsrFunction;
|
|
277
284
|
private serverLambdaForDev?;
|
|
285
|
+
private serverUrlSigningFunction?;
|
|
278
286
|
protected bucket: Bucket;
|
|
279
287
|
private cfFunction;
|
|
280
288
|
private s3Origin;
|
|
@@ -293,7 +301,7 @@ export declare abstract class SsrSite extends Construct implements SSTConstruct
|
|
|
293
301
|
* The internally created CDK resources.
|
|
294
302
|
*/
|
|
295
303
|
get cdk(): {
|
|
296
|
-
function:
|
|
304
|
+
function: import("aws-cdk-lib/aws-lambda").IFunction | undefined;
|
|
297
305
|
bucket: Bucket;
|
|
298
306
|
distribution: import("aws-cdk-lib/aws-cloudfront").IDistribution;
|
|
299
307
|
hostedZone: import("aws-cdk-lib/aws-route53").IHostedZone | undefined;
|
|
@@ -343,6 +351,7 @@ export declare abstract class SsrSite extends Construct implements SSTConstruct
|
|
|
343
351
|
protected createCloudFrontDistributionForRegional(): Distribution;
|
|
344
352
|
protected createCloudFrontDistributionForEdge(): Distribution;
|
|
345
353
|
protected buildDefaultBehaviorForRegional(cachePolicy: ICachePolicy): BehaviorOptions;
|
|
354
|
+
protected useServerUrlSigningFunction(): EdgeFunction;
|
|
346
355
|
protected buildDefaultBehaviorForEdge(cachePolicy: ICachePolicy): BehaviorOptions;
|
|
347
356
|
protected buildBehaviorFunctionAssociations(): {
|
|
348
357
|
eventType: CfFunctionEventType;
|
package/constructs/SsrSite.js
CHANGED
|
@@ -21,6 +21,7 @@ import { createAppContext } from "./context.js";
|
|
|
21
21
|
import { isCDKConstruct } from "./Construct.js";
|
|
22
22
|
import { Secret } from "./Secret.js";
|
|
23
23
|
import { SsrFunction } from "./SsrFunction.js";
|
|
24
|
+
import { EdgeFunction } from "./EdgeFunction.js";
|
|
24
25
|
import { getBuildCmdEnvironment, } from "./BaseSite.js";
|
|
25
26
|
import { useDeferredTasks } from "./deferred_task.js";
|
|
26
27
|
import { toCdkDuration } from "./util/duration.js";
|
|
@@ -48,6 +49,7 @@ export class SsrSite extends Construct {
|
|
|
48
49
|
serverLambdaForEdge;
|
|
49
50
|
serverLambdaForRegional;
|
|
50
51
|
serverLambdaForDev;
|
|
52
|
+
serverUrlSigningFunction;
|
|
51
53
|
bucket;
|
|
52
54
|
cfFunction;
|
|
53
55
|
s3Origin;
|
|
@@ -101,6 +103,7 @@ export class SsrSite extends Construct {
|
|
|
101
103
|
// Build server functions
|
|
102
104
|
await this.serverLambdaForEdge?.build();
|
|
103
105
|
await this.serverLambdaForRegional?.build();
|
|
106
|
+
await this.serverUrlSigningFunction?.build();
|
|
104
107
|
// Create S3 Deployment
|
|
105
108
|
const cliLayer = new AwsCliLayer(this, "AwsCliLayer");
|
|
106
109
|
const assets = this.createS3Assets();
|
|
@@ -539,10 +542,12 @@ function handler(event) {
|
|
|
539
542
|
});
|
|
540
543
|
}
|
|
541
544
|
buildDefaultBehaviorForRegional(cachePolicy) {
|
|
542
|
-
const { timeout, cdk } = this.props;
|
|
545
|
+
const { timeout, regional, cdk } = this.props;
|
|
543
546
|
const cfDistributionProps = cdk?.distribution || {};
|
|
544
547
|
const fnUrl = this.serverLambdaForRegional.addFunctionUrl({
|
|
545
|
-
authType:
|
|
548
|
+
authType: regional?.enableServerUrlIamAuth
|
|
549
|
+
? FunctionUrlAuthType.AWS_IAM
|
|
550
|
+
: FunctionUrlAuthType.NONE,
|
|
546
551
|
invokeMode: this.supportsStreaming()
|
|
547
552
|
? InvokeMode.RESPONSE_STREAM
|
|
548
553
|
: undefined,
|
|
@@ -565,8 +570,38 @@ function handler(event) {
|
|
|
565
570
|
...this.buildBehaviorFunctionAssociations(),
|
|
566
571
|
...(cfDistributionProps.defaultBehavior?.functionAssociations || []),
|
|
567
572
|
],
|
|
573
|
+
edgeLambdas: [
|
|
574
|
+
...(regional?.enableServerUrlIamAuth
|
|
575
|
+
? [
|
|
576
|
+
{
|
|
577
|
+
includeBody: true,
|
|
578
|
+
eventType: LambdaEdgeEventType.ORIGIN_REQUEST,
|
|
579
|
+
functionVersion: this.useServerUrlSigningFunction().currentVersion,
|
|
580
|
+
},
|
|
581
|
+
]
|
|
582
|
+
: []),
|
|
583
|
+
...(cfDistributionProps.defaultBehavior?.edgeLambdas || []),
|
|
584
|
+
],
|
|
568
585
|
};
|
|
569
586
|
}
|
|
587
|
+
useServerUrlSigningFunction() {
|
|
588
|
+
this.serverUrlSigningFunction =
|
|
589
|
+
this.serverUrlSigningFunction ??
|
|
590
|
+
new EdgeFunction(this, "ServerUrlSigningFunction", {
|
|
591
|
+
bundle: path.join(__dirname, "../support/signing-function"),
|
|
592
|
+
runtime: "nodejs18.x",
|
|
593
|
+
handler: "index.handler",
|
|
594
|
+
timeout: 10,
|
|
595
|
+
memorySize: 128,
|
|
596
|
+
permissions: [
|
|
597
|
+
new PolicyStatement({
|
|
598
|
+
actions: ["lambda:InvokeFunctionUrl"],
|
|
599
|
+
resources: [this.serverLambdaForRegional?.functionArn],
|
|
600
|
+
}),
|
|
601
|
+
],
|
|
602
|
+
});
|
|
603
|
+
return this.serverUrlSigningFunction;
|
|
604
|
+
}
|
|
570
605
|
buildDefaultBehaviorForEdge(cachePolicy) {
|
|
571
606
|
const { cdk } = this.props;
|
|
572
607
|
const cfDistributionProps = cdk?.distribution || {};
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"sideEffects": false,
|
|
3
3
|
"name": "sst",
|
|
4
|
-
"version": "2.23.
|
|
4
|
+
"version": "2.23.12",
|
|
5
5
|
"bin": {
|
|
6
6
|
"sst": "cli/sst.js"
|
|
7
7
|
},
|
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
"@aws-cdk/cloud-assembly-schema": "2.84.0",
|
|
32
32
|
"@aws-cdk/cloudformation-diff": "2.84.0",
|
|
33
33
|
"@aws-cdk/cx-api": "2.84.0",
|
|
34
|
+
"@aws-crypto/sha256-js": "^5.0.0",
|
|
34
35
|
"@aws-sdk/client-cloudformation": "^3.279.0",
|
|
35
36
|
"@aws-sdk/client-ecs": "^3.279.0",
|
|
36
37
|
"@aws-sdk/client-eventbridge": "^3.342.0",
|
|
@@ -51,6 +52,7 @@
|
|
|
51
52
|
"@babel/core": "^7.0.0-0",
|
|
52
53
|
"@babel/generator": "^7.20.5",
|
|
53
54
|
"@babel/plugin-syntax-typescript": "^7.21.4",
|
|
55
|
+
"@smithy/signature-v4": "^2.0.1",
|
|
54
56
|
"@trpc/server": "9.16.0",
|
|
55
57
|
"adm-zip": "^0.5.10",
|
|
56
58
|
"aws-cdk-lib": "2.84.0",
|
|
@@ -113935,7 +113935,7 @@ var require_dist_cjs109 = __commonJS({
|
|
|
113935
113935
|
"../../node_modules/.pnpm/@aws-sdk+types@3.208.0/node_modules/@aws-sdk/types/dist-cjs/index.js"(exports) {
|
|
113936
113936
|
"use strict";
|
|
113937
113937
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
113938
|
-
var tslib_1 = (
|
|
113938
|
+
var tslib_1 = (init_tslib_es62(), __toCommonJS(tslib_es6_exports2));
|
|
113939
113939
|
tslib_1.__exportStar(require_abort2(), exports);
|
|
113940
113940
|
tslib_1.__exportStar(require_auth3(), exports);
|
|
113941
113941
|
tslib_1.__exportStar(require_client4(), exports);
|