sst 2.8.8 → 2.8.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constructs/Bucket.d.ts +13 -2
- package/constructs/Bucket.js +15 -4
- package/package.json +1 -1
package/constructs/Bucket.d.ts
CHANGED
|
@@ -149,9 +149,8 @@ export interface BucketProps {
|
|
|
149
149
|
name?: string;
|
|
150
150
|
/**
|
|
151
151
|
* The CORS configuration of this bucket.
|
|
152
|
-
*
|
|
152
|
+
* @default true
|
|
153
153
|
* @example
|
|
154
|
-
*
|
|
155
154
|
* ```js
|
|
156
155
|
* new Bucket(stack, "Bucket", {
|
|
157
156
|
* cors: true,
|
|
@@ -170,6 +169,17 @@ export interface BucketProps {
|
|
|
170
169
|
* ```
|
|
171
170
|
*/
|
|
172
171
|
cors?: boolean | BucketCorsRule[];
|
|
172
|
+
/**
|
|
173
|
+
* Block public access to this bucket.
|
|
174
|
+
* @default false
|
|
175
|
+
* @example
|
|
176
|
+
* ```js
|
|
177
|
+
* new Bucket(stack, "Bucket", {
|
|
178
|
+
* blockPublicAccess: true,
|
|
179
|
+
* });
|
|
180
|
+
* ```
|
|
181
|
+
*/
|
|
182
|
+
blockPublicAccess?: boolean;
|
|
173
183
|
/**
|
|
174
184
|
* The default function props to be applied to all the Lambda functions in the API. The `environment`, `permissions` and `layers` properties will be merged with per route definitions if they are defined.
|
|
175
185
|
*
|
|
@@ -347,5 +357,6 @@ export declare class Bucket extends Construct implements SSTConstruct {
|
|
|
347
357
|
private addTopicNotification;
|
|
348
358
|
private addFunctionNotification;
|
|
349
359
|
private buildCorsConfig;
|
|
360
|
+
private buildBlockPublicAccessConfig;
|
|
350
361
|
}
|
|
351
362
|
export {};
|
package/constructs/Bucket.js
CHANGED
|
@@ -4,7 +4,7 @@ import { Topic } from "./Topic.js";
|
|
|
4
4
|
import { getFunctionRef, isCDKConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, } from "./Function.js";
|
|
6
6
|
import { toCdkDuration } from "./util/duration.js";
|
|
7
|
-
import { Bucket as CDKBucket, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
7
|
+
import { Bucket as CDKBucket, BlockPublicAccess, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
8
8
|
import { LambdaDestination, SnsDestination, SqsDestination, } from "aws-cdk-lib/aws-s3-notifications";
|
|
9
9
|
/////////////////////
|
|
10
10
|
// Construct
|
|
@@ -171,7 +171,7 @@ export class Bucket extends Construct {
|
|
|
171
171
|
};
|
|
172
172
|
}
|
|
173
173
|
createBucket() {
|
|
174
|
-
const { name, cors, cdk } = this.props;
|
|
174
|
+
const { name, cors, blockPublicAccess, cdk } = this.props;
|
|
175
175
|
if (isCDKConstruct(cdk?.bucket)) {
|
|
176
176
|
if (cors !== undefined) {
|
|
177
177
|
throw new Error(`Cannot configure the "cors" when "cdk.bucket" is a construct`);
|
|
@@ -182,6 +182,7 @@ export class Bucket extends Construct {
|
|
|
182
182
|
this.cdk.bucket = new CDKBucket(this, "Bucket", {
|
|
183
183
|
bucketName: name,
|
|
184
184
|
cors: this.buildCorsConfig(cors),
|
|
185
|
+
blockPublicAccess: this.buildBlockPublicAccessConfig(blockPublicAccess),
|
|
185
186
|
...cdk?.bucket,
|
|
186
187
|
});
|
|
187
188
|
}
|
|
@@ -281,10 +282,10 @@ export class Bucket extends Construct {
|
|
|
281
282
|
fn.bind(this.bindingForAllNotifications);
|
|
282
283
|
}
|
|
283
284
|
buildCorsConfig(cors) {
|
|
284
|
-
if (cors ===
|
|
285
|
+
if (cors === false) {
|
|
285
286
|
return;
|
|
286
287
|
}
|
|
287
|
-
if (cors === true) {
|
|
288
|
+
if (cors === undefined || cors === true) {
|
|
288
289
|
return [
|
|
289
290
|
{
|
|
290
291
|
allowedHeaders: ["*"],
|
|
@@ -308,4 +309,14 @@ export class Bucket extends Construct {
|
|
|
308
309
|
maxAge: e.maxAge && toCdkDuration(e.maxAge).toSeconds(),
|
|
309
310
|
}));
|
|
310
311
|
}
|
|
312
|
+
buildBlockPublicAccessConfig(config) {
|
|
313
|
+
return config === true
|
|
314
|
+
? BlockPublicAccess.BLOCK_ALL
|
|
315
|
+
: new BlockPublicAccess({
|
|
316
|
+
blockPublicAcls: false,
|
|
317
|
+
blockPublicPolicy: false,
|
|
318
|
+
ignorePublicAcls: false,
|
|
319
|
+
restrictPublicBuckets: false,
|
|
320
|
+
});
|
|
321
|
+
}
|
|
311
322
|
}
|