sst 3.0.19 → 3.0.20

package/dist/auth/adapter/index.d.ts

@@ -8,3 +8,4 @@ export * from "./oauth.js";
 export * from "./spotify.js";
 export * from "./code.js";
 export * from "./apple.js";
+export type { Adapter } from "./adapter.js";

package/dist/auth/index.d.ts

@@ -1,4 +1,4 @@
-export type { Adapter } from "./adapter/adapter.js";
+export * from "./adapter/index.js";
 export * from "./session.js";
 export * from "./handler.js";
 export { Issuer } from "openid-client";

package/dist/auth/index.js

@@ -1,3 +1,4 @@
+export * from "./adapter/index.js";
 export * from "./session.js";
 export * from "./handler.js";
 export { Issuer } from "openid-client";

package/dist/aws/bus.d.ts

@@ -0,0 +1,24 @@
+/// <reference types="node" resolution-mode="require"/>
+import { AwsOptions } from "../aws/client.js";
+import { Resource } from "../resource.js";
+import { event } from "../event/index.js";
+import { EventBridgeEvent, EventBridgeHandler } from "aws-lambda";
+export declare namespace bus {
+    type Name = Extract<typeof Resource, {
+        type: "sst.aws.Bus";
+    }>["name"];
+    function handle<Events extends event.Definition>(_events: Events | Events[], cb: (input: {
+        [K in Events["type"]]: Extract<Events, {
+            type: K;
+        }>["$payload"];
+    }[Events["type"]], raw: EventBridgeEvent<string, any>) => Promise<void>): EventBridgeHandler<string, any, void>;
+    function publish<Definition extends event.Definition>(name: string | {
+        name: string;
+    }, def: Definition, properties: Definition["$input"], options?: {
+        aws?: AwsOptions;
+    }): Promise<any>;
+    class PublishError extends Error {
+        readonly response: Response;
+        constructor(response: Response);
+    }
+}

package/dist/aws/bus.js

@@ -0,0 +1,57 @@
+import { client } from "../aws/client.js";
+import { Resource } from "../resource.js";
+export var bus;
+(function (bus) {
+    function url(options) {
+        const region = options?.region || client.region;
+        return `https://events.${region}.amazonaws.com/`;
+    }
+    function handle(_events, cb) {
+        return async function (event) {
+            const payload = {
+                type: event["detail-type"],
+                properties: event.detail.properties,
+                metadata: event.detail.metadata,
+            };
+            return cb(payload, event);
+        };
+    }
+    bus.handle = handle;
+    async function publish(name, def, properties, options) {
+        const u = url(options?.aws);
+        const evt = await def.create(properties);
+        const res = await client.fetch(u, {
+            method: "POST",
+            aws: options?.aws,
+            headers: {
+                "X-Amz-Target": "AWSEvents.PutEvents",
+                "Content-Type": "application/x-amz-json-1.1",
+            },
+            body: JSON.stringify({
+                Entries: [
+                    {
+                        Source: [Resource.App.name, Resource.App.stage].join("."),
+                        DetailType: evt.type,
+                        Detail: JSON.stringify({
+                            metadata: evt.metadata,
+                            payload: evt.properties,
+                        }),
+                        EventBusName: typeof name === "string" ? name : name.name,
+                    },
+                ],
+            }),
+        });
+        if (!res.ok)
+            throw new PublishError(res);
+        return res.json();
+    }
+    bus.publish = publish;
+    class PublishError extends Error {
+        response;
+        constructor(response) {
+            super("Failed to publish event to bus");
+            this.response = response;
+        }
+    }
+    bus.PublishError = PublishError;
+})(bus || (bus = {}));

package/dist/aws/client.d.ts

@@ -0,0 +1,3 @@
+import { AwsClient } from "aws4fetch";
+export declare const client: AwsClient;
+export type AwsOptions = Exclude<Parameters<AwsClient["fetch"]>[1], null | undefined>["aws"];

package/dist/aws/client.js

@@ -0,0 +1,7 @@
+import { AwsClient } from "aws4fetch";
+export const client = new AwsClient({
+    accessKeyId: process.env.AWS_ACCESS_KEY_ID,
+    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
+    sessionToken: process.env.AWS_SESSION_TOKEN,
+    region: process.env.AWS_REGION,
+});

package/dist/aws/realtime.d.ts

@@ -0,0 +1,61 @@
+import { IoTCustomAuthorizerHandler } from "aws-lambda";
+export declare namespace realtime {
+    interface AuthResult {
+        /**
+         * The topics the client can subscribe to.
+         * @example
+         * For example, this subscribes to specific topics.
+         * ```js
+         * {
+         *   subscribe: ["chat/room1", "chat/room2"]
+         * }
+         * ```
+         *
+         * And to subscribe to all topics under a specific prefix.
+         * ```js
+         * {
+         *   subscribe: ["chat/*"]
+         * }
+         * ```
+         */
+        subscribe?: string[];
+        /**
+         * The topics the client can publish to.
+         * @example
+         * For example, this publishes to specific topics.
+         * ```js
+         * {
+         *   publish: ["chat/room1", "chat/room2"]
+         * }
+         * ```
+         * And to publish to all topics under a specific prefix.
+         * ```js
+         * {
+         *   publish: ["chat/*"]
+         * }
+         * ```
+         */
+        publish?: string[];
+    }
+    /**
+     * Creates an authorization handler for the `Realtime` component, that validates
+     * the token and grants permissions for the topics the client can subscribe and publish to.
+     *
+     * @example
+     * ```js
+     * import { realtime } from "sst/aws/realtime";
+     *
+     * export const handler = realtime.authorizer(async (token) => {
+     *   // Validate the token
+     *   console.log(token);
+     *
+     *   // Return the topics to subscribe and publish
+     *   return {
+     *     subscribe: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
+     *     publish: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
+     *   };
+     * });
+     * ```
+     */
+    function authorizer(input: (token: string) => Promise<AuthResult>): IoTCustomAuthorizerHandler;
+}

package/dist/aws/realtime.js

@@ -0,0 +1,76 @@
+export var realtime;
+(function (realtime) {
+    /**
+     * Creates an authorization handler for the `Realtime` component, that validates
+     * the token and grants permissions for the topics the client can subscribe and publish to.
+     *
+     * @example
+     * ```js
+     * import { realtime } from "sst/aws/realtime";
+     *
+     * export const handler = realtime.authorizer(async (token) => {
+     *   // Validate the token
+     *   console.log(token);
+     *
+     *   // Return the topics to subscribe and publish
+     *   return {
+     *     subscribe: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
+     *     publish: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
+     *   };
+     * });
+     * ```
+     */
+    function authorizer(input) {
+        return async (evt, context) => {
+            const [, , , region, accountId] = context.invokedFunctionArn.split(":");
+            const token = Buffer.from(evt.protocolData.mqtt?.password ?? "", "base64").toString();
+            const ret = await input(token);
+            return {
+                isAuthenticated: true,
+                principalId: Date.now().toString(),
+                disconnectAfterInSeconds: 86400,
+                refreshAfterInSeconds: 300,
+                policyDocuments: [
+                    {
+                        Version: "2012-10-17",
+                        Statement: [
+                            {
+                                Action: "iot:Connect",
+                                Effect: "Allow",
+                                Resource: "*",
+                            },
+                            ...(ret.subscribe
+                                ? [
+                                    {
+                                        Action: "iot:Receive",
+                                        Effect: "Allow",
+                                        Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
+                                    },
+                                ]
+                                : []),
+                            ...(ret.subscribe
+                                ? [
+                                    {
+                                        Action: "iot:Subscribe",
+                                        Effect: "Allow",
+                                        Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topicfilter/${t}`),
+                                    },
+                                ]
+                                : []),
+                            ...(ret.publish
+                                ? [
+                                    {
+                                        Action: "iot:Publish",
+                                        Effect: "Allow",
+                                        Resource: ret.publish.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
+                                    },
+                                ]
+                                : []),
+                        ],
+                    },
+                ],
+            };
+        };
+    }
+    realtime.authorizer = authorizer;
+})(realtime || (realtime = {}));

package/dist/event/bus.d.ts

@@ -0,0 +1,20 @@
+/// <reference types="node" resolution-mode="require"/>
+import { AwsOptions } from "../aws/client.js";
+import { Resource } from "../resource.js";
+import { EventDefinition } from "./event.js";
+import { EventBridgeEvent, EventBridgeHandler } from "aws-lambda";
+export declare namespace bus {
+    type Name = Extract<typeof Resource, {
+        type: "sst.aws.Bus";
+    }>["name"];
+    function handle<Events extends EventDefinition>(_events: Events | Events[], cb: (input: {
+        [K in Events["type"]]: Extract<Events, {
+            type: K;
+        }>["$payload"];
+    }[Events["type"]], raw: EventBridgeEvent<string, any>) => Promise<void>): EventBridgeHandler<string, any, void>;
+    function publish<N extends Name, Definition extends EventDefinition>(name: N, def: Definition, properties: Definition["$input"], options?: AwsOptions): Promise<unknown>;
+    class PublishError extends Error {
+        readonly response: Response;
+        constructor(response: Response);
+    }
+}

package/dist/event/bus.js

@@ -0,0 +1,57 @@
+import { client } from "../aws/client.js";
+import { Resource } from "../resource.js";
+export var bus;
+(function (bus) {
+    function url(options) {
+        const region = options?.region || client.region;
+        return `https://events.${region}.amazonaws.com/`;
+    }
+    function handle(_events, cb) {
+        return async function (event) {
+            const payload = {
+                type: event["detail-type"],
+                properties: event.detail.properties,
+                metadata: event.detail.metadata,
+            };
+            return cb(payload, event);
+        };
+    }
+    bus.handle = handle;
+    async function publish(name, def, properties, options) {
+        const u = url(options);
+        const evt = await def.create(properties);
+        const res = await client.fetch(u, {
+            method: "POST",
+            aws: options,
+            headers: {
+                "X-Amz-Target": "AWSEvents.PutEvents",
+                "Content-Type": "application/x-amz-json-1.1",
+            },
+            body: JSON.stringify({
+                Entries: [
+                    {
+                        Source: [Resource.App.name, Resource.App.stage].join("."),
+                        DetailType: evt.type,
+                        Detail: JSON.stringify({
+                            metadata: evt.metadata,
+                            payload: evt.properties,
+                        }),
+                        EventBusName: name,
+                    },
+                ],
+            }),
+        });
+        if (!res.ok)
+            throw new PublishError(res);
+        return res.json();
+    }
+    bus.publish = publish;
+    class PublishError extends Error {
+        response;
+        constructor(response) {
+            super("Failed to publish event to bus");
+            this.response = response;
+        }
+    }
+    bus.PublishError = PublishError;
+})(bus || (bus = {}));

package/dist/event/destination.d.ts

@@ -0,0 +1,19 @@
+import { Prettify } from "../util/prettify.js";
+export interface Payload {
+    type: string;
+    properties: any;
+    metadata: any;
+}
+declare const Publishers: {
+    "sst.aws.Bus": (properties: {
+        name: string;
+    }, payload: Payload) => void;
+};
+type Publishers = typeof Publishers;
+export type Destinations = {
+    [key in keyof Publishers]: Prettify<{
+        type: key;
+    } & Parameters<Publishers[key]>[0]>;
+}[keyof Publishers];
+export declare function publish(destination: Destinations, payload: Payload): void;
+export {};

package/dist/event/destination.js

@@ -0,0 +1,6 @@
+const Publishers = {
+    "sst.aws.Bus": (properties, payload) => { },
+};
+export function publish(destination, payload) {
+    return Publishers[destination.type](destination, payload);
+}

package/dist/event/event.d.ts

@@ -0,0 +1,75 @@
+import { ZodSchema, z } from "zod";
+export declare namespace event {
+    export type Definition = {
+        type: string;
+        $input: any;
+        $output: any;
+        $metadata: any;
+        $payload: any;
+        create: (...args: any[]) => Promise<any>;
+    };
+    export function builder<MetadataFunction extends (type: string, properties: any) => any, Validator extends (schema: any) => (input: any) => any, MetadataSchema extends Parameters<Validator>[0] | undefined>(input: {
+        metadata?: MetadataSchema;
+        metadataFn?: MetadataFunction;
+        validator: Validator;
+    }): {
+        <Type extends string, Schema extends Parameters<Validator>[0]>(type: Type, schema: Schema): {
+            create: undefined extends MetadataSchema ? (properties: inferParser<Schema>["in"]) => Promise<{
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            }> : (properties: inferParser<Schema>["in"], metadata: inferParser<MetadataSchema>["in"]) => Promise<{
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            }>;
+            type: Type;
+            $input: inferParser<Schema>["in"];
+            $output: inferParser<Schema>["out"];
+            $payload: {
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            };
+            $metadata: ReturnType<MetadataFunction>;
+        };
+        coerce<Events extends Definition>(_events: Events | Events[], raw: any): { [K in Events["type"]]: Extract<Events, {
+            type: K;
+        }>["$payload"]; }[Events["type"]];
+    };
+    export function ZodValidator<Schema extends ZodSchema>(schema: Schema): (input: z.input<Schema>) => z.output<Schema>;
+    type ParserZodEsque<TInput, TParsedInput> = {
+        _input: TInput;
+        _output: TParsedInput;
+    };
+    type ParserValibotEsque<TInput, TParsedInput> = {
+        _types?: {
+            input: TInput;
+            output: TParsedInput;
+        };
+    };
+    type ParserMyZodEsque<TInput> = {
+        parse: (input: any) => TInput;
+    };
+    type ParserSuperstructEsque<TInput> = {
+        create: (input: unknown) => TInput;
+    };
+    type ParserCustomValidatorEsque<TInput> = (input: unknown) => Promise<TInput> | TInput;
+    type ParserYupEsque<TInput> = {
+        validateSync: (input: unknown) => TInput;
+    };
+    type ParserScaleEsque<TInput> = {
+        assert(value: unknown): asserts value is TInput;
+    };
+    export type ParserWithoutInput<TInput> = ParserCustomValidatorEsque<TInput> | ParserMyZodEsque<TInput> | ParserScaleEsque<TInput> | ParserSuperstructEsque<TInput> | ParserYupEsque<TInput>;
+    export type ParserWithInputOutput<TInput, TParsedInput> = ParserZodEsque<TInput, TParsedInput> | ParserValibotEsque<TInput, TParsedInput>;
+    export type Parser = ParserWithInputOutput<any, any> | ParserWithoutInput<any>;
+    export type inferParser<TParser extends Parser> = TParser extends ParserWithInputOutput<infer $TIn, infer $TOut> ? {
+        in: $TIn;
+        out: $TOut;
+    } : TParser extends ParserWithoutInput<infer $InOut> ? {
+        in: $InOut;
+        out: $InOut;
+    } : never;
+    export {};
+}

package/dist/event/event.js

@@ -0,0 +1,43 @@
+export var event;
+(function (event) {
+    function builder(input) {
+        const validator = input.validator;
+        const metadataValidator = input.metadata ? validator(input.metadata) : null;
+        const fn = function event(type, schema) {
+            const validate = validator(schema);
+            async function create(properties, metadata) {
+                if (metadataValidator) {
+                    metadata = metadataValidator(metadata);
+                }
+                if (input.metadataFn) {
+                    metadata = input.metadataFn(type, properties);
+                }
+                properties = validate(properties);
+                return {
+                    type,
+                    properties,
+                    metadata,
+                };
+            }
+            return {
+                create: create,
+                type,
+                $input: {},
+                $output: {},
+                $payload: {},
+                $metadata: {},
+            };
+        };
+        fn.coerce = (_events, raw) => {
+            return raw;
+        };
+        return fn;
+    }
+    event.builder = builder;
+    function ZodValidator(schema) {
+        return (input) => {
+            return schema.parse(input);
+        };
+    }
+    event.ZodValidator = ZodValidator;
+})(event || (event = {}));

package/dist/event/index.d.ts

@@ -1,74 +1,75 @@
-import { ZodObject, ZodSchema, z } from "zod";
-type Event = {
-    type: string;
-    $output: any;
-    $metadata: any;
-    $payload: any;
-};
-export declare function EventClient<MetadataFunction extends () => any, Validator extends (schema: any) => (input: any) => any, MetadataSchema extends Parameters<Validator>[0] | undefined>(input: {
-    metadata?: MetadataSchema;
-    metadataFn?: MetadataFunction;
-    validator: Validator;
-}): {
-    <Type extends string, Schema extends Parameters<Validator>[0]>(type: Type, schema: Schema): {
-        create: undefined extends MetadataSchema ? (properties: inferParser<Schema>["in"]) => Promise<{
-            type: Type;
-            properties: inferParser<Schema>["out"];
-            metadata: ReturnType<MetadataFunction>;
-        }> : (properties: inferParser<Schema>["in"], metadata: inferParser<MetadataSchema>["in"]) => Promise<{
-            type: Type;
-            properties: inferParser<Schema>["out"];
-            metadata: ReturnType<MetadataFunction>;
-        }>;
-        type: Type;
-        $input: inferParser<Schema>["in"];
-        $output: inferParser<Schema>["out"];
-        $payload: {
+import { ZodSchema, z } from "zod";
+export declare namespace event {
+    export type Definition = {
+        type: string;
+        $input: any;
+        $output: any;
+        $metadata: any;
+        $payload: any;
+        create: (...args: any[]) => Promise<any>;
+    };
+    export function builder<MetadataFunction extends (type: string, properties: any) => any, Validator extends (schema: any) => (input: any) => any, MetadataSchema extends Parameters<Validator>[0] | undefined>(input: {
+        metadata?: MetadataSchema;
+        metadataFn?: MetadataFunction;
+        validator: Validator;
+    }): {
+        <Type extends string, Schema extends Parameters<Validator>[0]>(type: Type, schema: Schema): {
+            create: undefined extends MetadataSchema ? (properties: inferParser<Schema>["in"]) => Promise<{
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            }> : (properties: inferParser<Schema>["in"], metadata: inferParser<MetadataSchema>["in"]) => Promise<{
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            }>;
             type: Type;
-            properties: inferParser<Schema>["out"];
-            metadata: ReturnType<MetadataFunction>;
+            $input: inferParser<Schema>["in"];
+            $output: inferParser<Schema>["out"];
+            $payload: {
+                type: Type;
+                properties: inferParser<Schema>["out"];
+                metadata: ReturnType<MetadataFunction>;
+            };
+            $metadata: ReturnType<MetadataFunction>;
         };
-        $metadata: ReturnType<MetadataFunction>;
+        coerce<Events extends Definition>(_events: Events | Events[], raw: any): { [K in Events["type"]]: Extract<Events, {
+            type: K;
+        }>["$payload"]; }[Events["type"]];
+    };
+    export function ZodValidator<Schema extends ZodSchema>(schema: Schema): (input: z.input<Schema>) => z.output<Schema>;
+    type ParserZodEsque<TInput, TParsedInput> = {
+        _input: TInput;
+        _output: TParsedInput;
+    };
+    type ParserValibotEsque<TInput, TParsedInput> = {
+        _types?: {
+            input: TInput;
+            output: TParsedInput;
+        };
+    };
+    type ParserMyZodEsque<TInput> = {
+        parse: (input: any) => TInput;
+    };
+    type ParserSuperstructEsque<TInput> = {
+        create: (input: unknown) => TInput;
+    };
+    type ParserCustomValidatorEsque<TInput> = (input: unknown) => Promise<TInput> | TInput;
+    type ParserYupEsque<TInput> = {
+        validateSync: (input: unknown) => TInput;
     };
-    coerce<Events extends Event>(_events: Events | Events[], raw: any): { [K in Events["type"]]: Extract<Events, {
-        type: K;
-    }>["$payload"]; }[Events["type"]];
-};
-export declare function ZodValidator<Schema extends ZodSchema>(schema: Schema): (input: z.input<Schema>) => z.output<Schema>;
-export type ParserZodEsque<TInput, TParsedInput> = {
-    _input: TInput;
-    _output: TParsedInput;
-};
-export type ParserValibotEsque<TInput, TParsedInput> = {
-    _types?: {
-        input: TInput;
-        output: TParsedInput;
+    type ParserScaleEsque<TInput> = {
+        assert(value: unknown): asserts value is TInput;
     };
-};
-export type ParserMyZodEsque<TInput> = {
-    parse: (input: any) => TInput;
-};
-export type ParserSuperstructEsque<TInput> = {
-    create: (input: unknown) => TInput;
-};
-export type ParserCustomValidatorEsque<TInput> = (input: unknown) => Promise<TInput> | TInput;
-export type ParserYupEsque<TInput> = {
-    validateSync: (input: unknown) => TInput;
-};
-export type ParserScaleEsque<TInput> = {
-    assert(value: unknown): asserts value is TInput;
-};
-export type ParserWithoutInput<TInput> = ParserCustomValidatorEsque<TInput> | ParserMyZodEsque<TInput> | ParserScaleEsque<TInput> | ParserSuperstructEsque<TInput> | ParserYupEsque<TInput>;
-export type ParserWithInputOutput<TInput, TParsedInput> = ParserZodEsque<TInput, TParsedInput> | ParserValibotEsque<TInput, TParsedInput>;
-export type Parser = ParserWithInputOutput<any, any> | ParserWithoutInput<any>;
-export type inferParser<TParser extends Parser> = TParser extends ParserWithInputOutput<infer $TIn, infer $TOut> ? {
-    in: $TIn;
-    out: $TOut;
-} : TParser extends ParserWithoutInput<infer $InOut> ? {
-    in: $InOut;
-    out: $InOut;
-} : never;
-export type inferEvent<T extends {
-    shape: ZodObject<any>;
-}> = z.infer<T["shape"]>;
-export {};
+    export type ParserWithoutInput<TInput> = ParserCustomValidatorEsque<TInput> | ParserMyZodEsque<TInput> | ParserScaleEsque<TInput> | ParserSuperstructEsque<TInput> | ParserYupEsque<TInput>;
+    export type ParserWithInputOutput<TInput, TParsedInput> = ParserZodEsque<TInput, TParsedInput> | ParserValibotEsque<TInput, TParsedInput>;
+    export type Parser = ParserWithInputOutput<any, any> | ParserWithoutInput<any>;
+    export type inferParser<TParser extends Parser> = TParser extends ParserWithInputOutput<infer $TIn, infer $TOut> ? {
+        in: $TIn;
+        out: $TOut;
+    } : TParser extends ParserWithoutInput<infer $InOut> ? {
+        in: $InOut;
+        out: $InOut;
+    } : never;
+    export {};
+}

package/dist/event/index.js

@@ -1,38 +1,43 @@
-export function EventClient(input) {
-    const validator = input.validator;
-    const metadataValidator = input.metadata ? validator(input.metadata) : null;
-    const fn = function event(type, schema) {
-        const validate = validator(schema);
-        async function create(properties, metadata) {
-            if (metadataValidator) {
-                metadata = metadataValidator(metadata);
+export var event;
+(function (event) {
+    function builder(input) {
+        const validator = input.validator;
+        const metadataValidator = input.metadata ? validator(input.metadata) : null;
+        const fn = function event(type, schema) {
+            const validate = validator(schema);
+            async function create(properties, metadata) {
+                if (metadataValidator) {
+                    metadata = metadataValidator(metadata);
+                }
+                if (input.metadataFn) {
+                    metadata = input.metadataFn(type, properties);
+                }
+                properties = validate(properties);
+                return {
+                    type,
+                    properties,
+                    metadata,
+                };
             }
-            if (input.metadataFn) {
-                metadata = input.metadataFn();
-            }
-            properties = validate(properties);
             return {
+                create: create,
                 type,
-                properties,
-                metadata,
+                $input: {},
+                $output: {},
+                $payload: {},
+                $metadata: {},
             };
-        }
-        return {
-            create: create,
-            type,
-            $input: {},
-            $output: {},
-            $payload: {},
-            $metadata: {},
         };
-    };
-    fn.coerce = (_events, raw) => {
-        return raw;
-    };
-    return fn;
-}
-export function ZodValidator(schema) {
-    return (input) => {
-        return schema.parse(input);
-    };
-}
+        fn.coerce = (_events, raw) => {
+            return raw;
+        };
+        return fn;
+    }
+    event.builder = builder;
+    function ZodValidator(schema) {
+        return (input) => {
+            return schema.parse(input);
+        };
+    }
+    event.ZodValidator = ZodValidator;
+})(event || (event = {}));

package/dist/realtime/index.d.ts

@@ -1,42 +1,8 @@
-import type { IoTCustomAuthorizerHandler } from "aws-lambda";
-export interface RealtimeAuthResult {
-    /**
-     * The topics the client can subscribe to.
-     * @example
-     * For example, this subscribes to specific topics.
-     * ```js
-     * {
-     *   subscribe: ["chat/room1", "chat/room2"]
-     * }
-     * ```
-     *
-     * And to subscribe to all topics under a specific prefix.
-     * ```js
-     * {
-     *   subscribe: ["chat/*"]
-     * }
-     * ```
-     */
-    subscribe?: string[];
-    /**
-     * The topics the client can publish to.
-     * @example
-     * For example, this publishes to specific topics.
-     * ```js
-     * {
-     *   publish: ["chat/room1", "chat/room2"]
-     * }
-     * ```
-     * And to publish to all topics under a specific prefix.
-     * ```js
-     * {
-     *   publish: ["chat/*"]
-     * }
-     * ```
-     */
-    publish?: string[];
-}
+import { realtime } from "../aws/realtime.js";
+export type RealtimeAuthResult = realtime.AuthResult;
 /**
+ * @deprecated import from `sst/aws/realtime` instead.
+ *
  * Creates an authorization handler for the `Realtime` component, that validates
  * the token and grants permissions for the topics the client can subscribe and publish to.
  *
@@ -56,4 +22,4 @@ export interface RealtimeAuthResult {
  * });
  * ```
  */
-export declare function RealtimeAuthHandler(input: (token: string) => Promise<RealtimeAuthResult>): IoTCustomAuthorizerHandler;
+export declare const RealtimeAuthHandler: typeof realtime.authorizer;

package/dist/realtime/index.js

@@ -1,4 +1,7 @@
+import { realtime } from "../aws/realtime.js";
 /**
+ * @deprecated import from `sst/aws/realtime` instead.
+ *
  * Creates an authorization handler for the `Realtime` component, that validates
  * the token and grants permissions for the topics the client can subscribe and publish to.
  *
@@ -18,55 +21,4 @@
  * });
  * ```
  */
-export function RealtimeAuthHandler(input) {
-    return async (evt, context) => {
-        const [, , , region, accountId] = context.invokedFunctionArn.split(":");
-        const token = Buffer.from(evt.protocolData.mqtt?.password ?? "", "base64").toString();
-        const ret = await input(token);
-        return {
-            isAuthenticated: true,
-            principalId: Date.now().toString(),
-            disconnectAfterInSeconds: 86400,
-            refreshAfterInSeconds: 300,
-            policyDocuments: [
-                {
-                    Version: "2012-10-17",
-                    Statement: [
-                        {
-                            Action: "iot:Connect",
-                            Effect: "Allow",
-                            Resource: "*",
-                        },
-                        ...(ret.subscribe
-                            ? [
-                                {
-                                    Action: "iot:Receive",
-                                    Effect: "Allow",
-                                    Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
-                                },
-                            ]
-                            : []),
-                        ...(ret.subscribe
-                            ? [
-                                {
-                                    Action: "iot:Subscribe",
-                                    Effect: "Allow",
-                                    Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topicfilter/${t}`),
-                                },
-                            ]
-                            : []),
-                        ...(ret.publish
-                            ? [
-                                {
-                                    Action: "iot:Publish",
-                                    Effect: "Allow",
-                                    Resource: ret.publish.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
-                                },
-                            ]
-                            : []),
-                    ],
-                },
-            ],
-        };
-    };
-}
+export const RealtimeAuthHandler = realtime.authorizer;

package/package.json

@@ -3,19 +3,20 @@
   "name": "sst",
   "type": "module",
   "sideEffects": false,
-  "version": "3.0.19",
+  "version": "3.0.20",
   "main": "./dist/index.js",
   "exports": {
     ".": "./dist/index.js",
     "./auth": "./dist/auth/index.js",
-    "./auth/adapter": "./dist/auth/index.js",
+    "./event": "./dist/event/index.js",
+    "./realtime": "./dist/realtime/index.js",
     "./*": "./dist/*.js"
   },
   "devDependencies": {
     "@tsconfig/node18": "^18.2.2",
     "@types/node": "^20.11.0",
-    "typescript": "^5.3.3",
-    "hono": "4.3.9"
+    "hono": "4.3.9",
+    "typescript": "^5.3.3"
   },
   "files": [
     "dist"
@@ -25,6 +26,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-lambda": "3.478.0",
+    "aws4fetch": "^1.0.18",
     "jose": "5.2.3",
     "openid-client": "5.6.4"
   },