sst 3.0.22 → 3.0.24

package/dist/auth/handler.d.ts

@@ -1,58 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-import { Adapter } from "./adapter/adapter.js";
-import { JWTPayload } from "jose";
-import { SessionBuilder } from "./session.js";
-import { Hono } from "hono/tiny";
-interface OnSuccessResponder<T extends {
-    type: any;
-    properties: any;
-}> {
-    session(input: T & JWTPayload): Promise<Response>;
-}
-export declare class UnknownProviderError extends Error {
-    provider?: string | undefined;
-    constructor(provider?: string | undefined);
-}
-export declare class MissingParameterError extends Error {
-    parameter: string;
-    constructor(parameter: string);
-}
-export declare class UnknownStateError extends Error {
-    constructor();
-}
-export declare class UnauthorizedClientError extends Error {
-    client: string;
-    redirect_uri: string;
-    constructor(client: string, redirect_uri: string);
-}
-export declare class InvalidSessionError extends Error {
-    constructor();
-}
-export type Prettify<T> = {
-    [K in keyof T]: T[K];
-} & {};
-export declare const aws: <E extends import("hono").Env = import("hono").Env, S extends import("hono").Schema = {}, BasePath extends string = "/">(app: import("hono").Hono<E, S, BasePath>) => (event: import("hono/aws-lambda").LambdaEvent, lambdaContext?: import("hono/aws-lambda").LambdaContext | undefined) => Promise<import("hono/aws-lambda").APIGatewayProxyResult>;
-export declare function AuthHandler<Providers extends Record<string, Adapter<any>>, Sessions extends SessionBuilder = SessionBuilder, Result = {
-    [key in keyof Providers]: Prettify<{
-        provider: key;
-    } & (Providers[key] extends Adapter<infer T> ? T : {})>;
-}[keyof Providers]>(input: {
-    session?: Sessions;
-    providers: Providers;
-    callbacks: {
-        index?(req: Request): Promise<Response>;
-        error?(error: UnknownStateError, req: Request): Promise<Response | undefined>;
-        auth: {
-            error?(error: MissingParameterError | UnauthorizedClientError | UnknownProviderError, req: Request): Promise<Response>;
-            start?(event: Request): Promise<void>;
-            allowClient(clientID: string, redirect: string, req: Request): Promise<boolean>;
-            success(response: OnSuccessResponder<Sessions["$typeValues"]>, input: Result, req: Request): Promise<Response>;
-        };
-        connect?: {
-            error?(error: InvalidSessionError | UnknownProviderError, req: Request): Promise<Response | undefined>;
-            start?(session: Sessions["$typeValues"], req: Request): Promise<void>;
-            success?(session: Sessions["$typeValues"], input: {}): Promise<Response>;
-        };
-    };
-}): Hono<import("hono").Env, import("hono/types").BlankSchema, "/">;
-export {};

package/dist/auth/handler.js

@@ -1,207 +0,0 @@
-import { SignJWT, importPKCS8, importSPKI, jwtVerify } from "jose";
-import { Hono } from "hono/tiny";
-import { handle as awsHandle } from "hono/aws-lambda";
-import { deleteCookie, getCookie, setCookie } from "hono/cookie";
-export class UnknownProviderError extends Error {
-    provider;
-    constructor(provider) {
-        super("Unknown provider: " + provider);
-        this.provider = provider;
-    }
-}
-export class MissingParameterError extends Error {
-    parameter;
-    constructor(parameter) {
-        super("Missing parameter: " + parameter);
-        this.parameter = parameter;
-    }
-}
-export class UnknownStateError extends Error {
-    constructor() {
-        super("The browser was in an unknown state. This could be because certain cookies expired or the browser was switched in the middle of an authentication flow");
-    }
-}
-export class UnauthorizedClientError extends Error {
-    client;
-    redirect_uri;
-    constructor(client, redirect_uri) {
-        super("Unauthorized client");
-        this.client = client;
-        this.redirect_uri = redirect_uri;
-    }
-}
-export class InvalidSessionError extends Error {
-    constructor() {
-        super("Invalid session");
-    }
-}
-import process from "node:process";
-import { Resource } from "../resource.js";
-export const aws = awsHandle;
-export function AuthHandler(input) {
-    const app = new Hono();
-    if (!input.callbacks.auth.error) {
-        input.callbacks.auth.error = async (err) => {
-            return new Response(err.message, {
-                status: 400,
-                headers: {
-                    "Content-Type": "text/plain",
-                },
-            });
-        };
-    }
-    const options = {
-        signing: {
-            privateKey: () => importPKCS8(
-            // @ts-expect-error
-            process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RS512"),
-            publicKey: () => importSPKI(
-            // @ts-expect-error
-            process.env.AUTH_PUBLIC_KEY || Resource.AUTH_PUBLIC_KEY, "RS512"),
-        },
-        encryption: {
-            privateKey: () => importPKCS8(
-            // @ts-expect-error
-            process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RSA-OAEP-512"),
-            publicKey: () => importSPKI(
-            // @ts-expect-error
-            process.env.AUTH_PUBLIC_KEY || Resource.AUTH_PUBLIC_KEY, "RSA-OAEP-512"),
-        },
-        algorithm: "RS512",
-        async success(ctx, properties) {
-            const redirect_uri = getCookie(ctx, "redirect_uri");
-            const response_type = getCookie(ctx, "response_type");
-            if (!redirect_uri) {
-                return options.forward(ctx, await input.callbacks.auth.error(new UnknownStateError(), ctx.req.raw));
-            }
-            return await input.callbacks.auth.success({
-                async session(session) {
-                    const token = await new SignJWT(session)
-                        .setProtectedHeader({ alg: "RS512" })
-                        .setExpirationTime("1yr")
-                        .sign(await options.signing.privateKey());
-                    deleteCookie(ctx, "provider");
-                    deleteCookie(ctx, "response_type");
-                    deleteCookie(ctx, "redirect_uri");
-                    deleteCookie(ctx, "state");
-                    const client_id = getCookie(ctx, "client_id");
-                    const state = getCookie(ctx, "state");
-                    if (response_type === "token") {
-                        const location = new URL(redirect_uri);
-                        location.hash = `access_token=${token}&state=${state || ""}`;
-                        return ctx.redirect(location.toString(), 302);
-                    }
-                    if (response_type === "code") {
-                        // This allows the code to be reused within a 30 second window
-                        // The code should be single use but we're making this tradeoff to remain stateless
-                        // In the future can store this in a dynamo table to ensure single use
-                        const code = await new SignJWT({
-                            client_id,
-                            redirect_uri,
-                            token,
-                        })
-                            .setProtectedHeader({ alg: "RS512" })
-                            .setExpirationTime("30s")
-                            .sign(await options.signing.privateKey());
-                        const location = new URL(redirect_uri);
-                        location.searchParams.set("code", code);
-                        location.searchParams.set("state", state || "");
-                        return ctx.redirect(location.toString(), 302);
-                    }
-                    ctx.status(400);
-                    return ctx.text(`Unsupported response_type: ${response_type}`);
-                },
-            }, {
-                provider: ctx.get("provider"),
-                ...properties,
-            }, ctx.req.raw);
-        },
-        forward(ctx, response) {
-            return ctx.newResponse(response.body, response.status, Object.fromEntries(response.headers.entries()));
-        },
-        cookie(c, key, value, maxAge) {
-            setCookie(c, key, value, {
-                maxAge,
-                httpOnly: true,
-                ...(c.req.url.startsWith("https://")
-                    ? { secure: true, sameSite: "None" }
-                    : {}),
-            });
-        },
-    };
-    app.post("/token", async (c) => {
-        console.log("token request");
-        const form = await c.req.formData();
-        if (form.get("grant_type") !== "authorization_code") {
-            c.status(400);
-            return c.text("Invalid grant_type");
-        }
-        const code = form.get("code");
-        if (!code) {
-            c.status(400);
-            return c.text("Missing code");
-        }
-        const { payload } = await jwtVerify(code, await options.signing.publicKey());
-        if (payload.redirect_uri !== form.get("redirect_uri")) {
-            c.status(400);
-            return c.text("redirect_uri mismatch");
-        }
-        if (payload.client_id !== form.get("client_id")) {
-            c.status(400);
-            return c.text("client_id mismatch");
-        }
-        return c.json({
-            access_token: payload.token,
-        });
-    });
-    app.use("/:provider/authorize", async (c, next) => {
-        const provider = c.req.param("provider");
-        console.log("authorize request for", provider);
-        const response_type = c.req.query("response_type") || getCookie(c, "response_type");
-        const redirect_uri = c.req.query("redirect_uri") || getCookie(c, "redirect_uri");
-        const state = c.req.query("state") || getCookie(c, "state");
-        const client_id = c.req.query("client_id") || getCookie(c, "client_id");
-        if (!provider) {
-            c.status(400);
-            return c.text("Missing provider");
-        }
-        if (!redirect_uri) {
-            c.status(400);
-            return c.text("Missing redirect_uri");
-        }
-        if (!response_type) {
-            c.status(400);
-            return c.text("Missing response_type");
-        }
-        if (!client_id) {
-            c.status(400);
-            return c.text("Missing client_id");
-        }
-        options.cookie(c, "provider", provider, 60 * 10);
-        options.cookie(c, "response_type", response_type, 60 * 10);
-        options.cookie(c, "redirect_uri", redirect_uri, 60 * 10);
-        options.cookie(c, "state", state || "", 60 * 10);
-        options.cookie(c, "client_id", client_id || "", 60 * 10);
-        if (input.callbacks.auth.start) {
-            await input.callbacks.auth.start(c.req.raw);
-        }
-        await next();
-    });
-    for (const [name, value] of Object.entries(input.providers)) {
-        const route = new Hono();
-        route.use(async (c, next) => {
-            c.set("provider", name);
-            await next();
-        });
-        value(route, {
-            name,
-            ...options,
-        });
-        app.route(`/${name}`, route);
-    }
-    app.all("/*", async (c) => {
-        return c.notFound();
-    });
-    console.log(app.routes);
-    return app;
-}

package/dist/auth/index.d.ts

@@ -1,10 +0,0 @@
-export * from "./session.js";
-export * from "./handler.js";
-export { Issuer } from "openid-client";
-import { AuthHandler } from "./handler.js";
-import { createSessionBuilder } from "./session.js";
-export declare namespace auth {
-    type Issuer = import("openid-client").Issuer;
-    const authorizer: typeof AuthHandler;
-    const sessions: typeof createSessionBuilder;
-}

package/dist/auth/index.js

@@ -1,10 +0,0 @@
-export * from "./session.js";
-export * from "./handler.js";
-export { Issuer } from "openid-client";
-import { AuthHandler } from "./handler.js";
-import { createSessionBuilder } from "./session.js";
-export var auth;
-(function (auth) {
-    auth.authorizer = AuthHandler;
-    auth.sessions = createSessionBuilder;
-})(auth || (auth = {}));

package/dist/auth/session.d.ts

@@ -1,25 +0,0 @@
-export type SessionBuilder = ReturnType<typeof createSessionBuilder>;
-export declare function createSessionBuilder<SessionTypes extends Record<string, any> = {}>(): {
-    verify(token: string): Promise<{ [type in keyof SessionTypes]: {
-        type: type;
-        properties: SessionTypes[type];
-    }; }[keyof SessionTypes] | {
-        type: "public";
-        properties: {};
-    }>;
-    create(session: { [type in keyof SessionTypes]: {
-        type: type;
-        properties: SessionTypes[type];
-    }; }[keyof SessionTypes] | {
-        type: "public";
-        properties: {};
-    }): Promise<string>;
-    $type: SessionTypes;
-    $typeValues: { [type in keyof SessionTypes]: {
-        type: type;
-        properties: SessionTypes[type];
-    }; }[keyof SessionTypes] | {
-        type: "public";
-        properties: {};
-    };
-};

package/dist/auth/session.js

@@ -1,28 +0,0 @@
-import { SignJWT, importPKCS8, importSPKI, jwtVerify } from "jose";
-import { Resource } from "../resource.js";
-import process from "node:process";
-export function createSessionBuilder() {
-    return {
-        async verify(token) {
-            const auth = Object.values(Resource).find((value) => value.publicKey);
-            if (!auth) {
-                throw new Error("No auth resource found. Make sure to link the auth resource to this function.");
-            }
-            const publicKey = auth.publicKey;
-            const result = await jwtVerify(token, await importSPKI(publicKey, "RS512"));
-            return result.payload;
-        },
-        async create(session) {
-            const privateKey = await importPKCS8(
-            // @ts-expect-error
-            process.env.AUTH_PRIVATE_KEY || Resource.AUTH_PRIVATE_KEY, "RS512");
-            const token = await new SignJWT(session)
-                .setProtectedHeader({ alg: "RS512" })
-                .setExpirationTime("1yr")
-                .sign(privateKey);
-            return token;
-        },
-        $type: {},
-        $typeValues: {},
-    };
-}

package/dist/aws/bus.d.ts

@@ -1,24 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-import { AwsOptions } from "../aws/client.js";
-import { Resource } from "../resource.js";
-import { event } from "../event/index.js";
-import { EventBridgeEvent, EventBridgeHandler } from "aws-lambda";
-export declare namespace bus {
-    type Name = Extract<typeof Resource, {
-        type: "sst.aws.Bus";
-    }>["name"];
-    function handle<Events extends event.Definition>(_events: Events | Events[], cb: (input: {
-        [K in Events["type"]]: Extract<Events, {
-            type: K;
-        }>["$payload"];
-    }[Events["type"]], raw: EventBridgeEvent<string, any>) => Promise<void>): EventBridgeHandler<string, any, void>;
-    function publish<Definition extends event.Definition>(name: string | {
-        name: string;
-    }, def: Definition, properties: Definition["$input"], options?: {
-        aws?: AwsOptions;
-    }): Promise<any>;
-    class PublishError extends Error {
-        readonly response: Response;
-        constructor(response: Response);
-    }
-}

package/dist/aws/bus.js

@@ -1,57 +0,0 @@
-import { client } from "../aws/client.js";
-import { Resource } from "../resource.js";
-export var bus;
-(function (bus) {
-    function url(options) {
-        const region = options?.region || client.region;
-        return `https://events.${region}.amazonaws.com/`;
-    }
-    function handle(_events, cb) {
-        return async function (event) {
-            const payload = {
-                type: event["detail-type"],
-                properties: event.detail.properties,
-                metadata: event.detail.metadata,
-            };
-            return cb(payload, event);
-        };
-    }
-    bus.handle = handle;
-    async function publish(name, def, properties, options) {
-        const u = url(options?.aws);
-        const evt = await def.create(properties);
-        const res = await client.fetch(u, {
-            method: "POST",
-            aws: options?.aws,
-            headers: {
-                "X-Amz-Target": "AWSEvents.PutEvents",
-                "Content-Type": "application/x-amz-json-1.1",
-            },
-            body: JSON.stringify({
-                Entries: [
-                    {
-                        Source: [Resource.App.name, Resource.App.stage].join("."),
-                        DetailType: evt.type,
-                        Detail: JSON.stringify({
-                            metadata: evt.metadata,
-                            payload: evt.properties,
-                        }),
-                        EventBusName: typeof name === "string" ? name : name.name,
-                    },
-                ],
-            }),
-        });
-        if (!res.ok)
-            throw new PublishError(res);
-        return res.json();
-    }
-    bus.publish = publish;
-    class PublishError extends Error {
-        response;
-        constructor(response) {
-            super("Failed to publish event to bus");
-            this.response = response;
-        }
-    }
-    bus.PublishError = PublishError;
-})(bus || (bus = {}));

package/dist/aws/client.d.ts

@@ -1,3 +0,0 @@
-import { AwsClient } from "aws4fetch";
-export declare const client: AwsClient;
-export type AwsOptions = Exclude<Parameters<AwsClient["fetch"]>[1], null | undefined>["aws"];

package/dist/aws/client.js

@@ -1,7 +0,0 @@
-import { AwsClient } from "aws4fetch";
-export const client = new AwsClient({
-    accessKeyId: process.env.AWS_ACCESS_KEY_ID,
-    secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
-    sessionToken: process.env.AWS_SESSION_TOKEN,
-    region: process.env.AWS_REGION,
-});

package/dist/aws/realtime.d.ts

@@ -1,61 +0,0 @@
-import { IoTCustomAuthorizerHandler } from "aws-lambda";
-export declare namespace realtime {
-    interface AuthResult {
-        /**
-         * The topics the client can subscribe to.
-         * @example
-         * For example, this subscribes to specific topics.
-         * ```js
-         * {
-         *   subscribe: ["chat/room1", "chat/room2"]
-         * }
-         * ```
-         *
-         * And to subscribe to all topics under a specific prefix.
-         * ```js
-         * {
-         *   subscribe: ["chat/*"]
-         * }
-         * ```
-         */
-        subscribe?: string[];
-        /**
-         * The topics the client can publish to.
-         * @example
-         * For example, this publishes to specific topics.
-         * ```js
-         * {
-         *   publish: ["chat/room1", "chat/room2"]
-         * }
-         * ```
-         * And to publish to all topics under a specific prefix.
-         * ```js
-         * {
-         *   publish: ["chat/*"]
-         * }
-         * ```
-         */
-        publish?: string[];
-    }
-    /**
-     * Creates an authorization handler for the `Realtime` component, that validates
-     * the token and grants permissions for the topics the client can subscribe and publish to.
-     *
-     * @example
-     * ```js
-     * import { realtime } from "sst/aws/realtime";
-     *
-     * export const handler = realtime.authorizer(async (token) => {
-     *   // Validate the token
-     *   console.log(token);
-     *
-     *   // Return the topics to subscribe and publish
-     *   return {
-     *     subscribe: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
-     *     publish: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
-     *   };
-     * });
-     * ```
-     */
-    function authorizer(input: (token: string) => Promise<AuthResult>): IoTCustomAuthorizerHandler;
-}

package/dist/aws/realtime.js

@@ -1,76 +0,0 @@
-export var realtime;
-(function (realtime) {
-    /**
-     * Creates an authorization handler for the `Realtime` component, that validates
-     * the token and grants permissions for the topics the client can subscribe and publish to.
-     *
-     * @example
-     * ```js
-     * import { realtime } from "sst/aws/realtime";
-     *
-     * export const handler = realtime.authorizer(async (token) => {
-     *   // Validate the token
-     *   console.log(token);
-     *
-     *   // Return the topics to subscribe and publish
-     *   return {
-     *     subscribe: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
-     *     publish: [`${Resource.App.name}/${Resource.App.stage}/chat/room1`],
-     *   };
-     * });
-     * ```
-     */
-    function authorizer(input) {
-        return async (evt, context) => {
-            const [, , , region, accountId] = context.invokedFunctionArn.split(":");
-            const token = Buffer.from(evt.protocolData.mqtt?.password ?? "", "base64").toString();
-            const ret = await input(token);
-            return {
-                isAuthenticated: true,
-                principalId: Date.now().toString(),
-                disconnectAfterInSeconds: 86400,
-                refreshAfterInSeconds: 300,
-                policyDocuments: [
-                    {
-                        Version: "2012-10-17",
-                        Statement: [
-                            {
-                                Action: "iot:Connect",
-                                Effect: "Allow",
-                                Resource: "*",
-                            },
-                            ...(ret.subscribe
-                                ? [
-                                    {
-                                        Action: "iot:Receive",
-                                        Effect: "Allow",
-                                        Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
-                                    },
-                                ]
-                                : []),
-                            ...(ret.subscribe
-                                ? [
-                                    {
-                                        Action: "iot:Subscribe",
-                                        Effect: "Allow",
-                                        Resource: ret.subscribe.map((t) => `arn:aws:iot:${region}:${accountId}:topicfilter/${t}`),
-                                    },
-                                ]
-                                : []),
-                            ...(ret.publish
-                                ? [
-                                    {
-                                        Action: "iot:Publish",
-                                        Effect: "Allow",
-                                        Resource: ret.publish.map((t) => `arn:aws:iot:${region}:${accountId}:topic/${t}`),
-                                    },
-                                ]
-                                : []),
-                        ],
-                    },
-                ],
-            };
-        };
-    }
-    realtime.authorizer = authorizer;
-})(realtime || (realtime = {}));

package/dist/event/bus.d.ts

@@ -1,20 +0,0 @@
-/// <reference types="node" resolution-mode="require"/>
-import { AwsOptions } from "../aws/client.js";
-import { Resource } from "../resource.js";
-import { EventDefinition } from "./event.js";
-import { EventBridgeEvent, EventBridgeHandler } from "aws-lambda";
-export declare namespace bus {
-    type Name = Extract<typeof Resource, {
-        type: "sst.aws.Bus";
-    }>["name"];
-    function handle<Events extends EventDefinition>(_events: Events | Events[], cb: (input: {
-        [K in Events["type"]]: Extract<Events, {
-            type: K;
-        }>["$payload"];
-    }[Events["type"]], raw: EventBridgeEvent<string, any>) => Promise<void>): EventBridgeHandler<string, any, void>;
-    function publish<N extends Name, Definition extends EventDefinition>(name: N, def: Definition, properties: Definition["$input"], options?: AwsOptions): Promise<unknown>;
-    class PublishError extends Error {
-        readonly response: Response;
-        constructor(response: Response);
-    }
-}

package/dist/event/bus.js

@@ -1,57 +0,0 @@
-import { client } from "../aws/client.js";
-import { Resource } from "../resource.js";
-export var bus;
-(function (bus) {
-    function url(options) {
-        const region = options?.region || client.region;
-        return `https://events.${region}.amazonaws.com/`;
-    }
-    function handle(_events, cb) {
-        return async function (event) {
-            const payload = {
-                type: event["detail-type"],
-                properties: event.detail.properties,
-                metadata: event.detail.metadata,
-            };
-            return cb(payload, event);
-        };
-    }
-    bus.handle = handle;
-    async function publish(name, def, properties, options) {
-        const u = url(options);
-        const evt = await def.create(properties);
-        const res = await client.fetch(u, {
-            method: "POST",
-            aws: options,
-            headers: {
-                "X-Amz-Target": "AWSEvents.PutEvents",
-                "Content-Type": "application/x-amz-json-1.1",
-            },
-            body: JSON.stringify({
-                Entries: [
-                    {
-                        Source: [Resource.App.name, Resource.App.stage].join("."),
-                        DetailType: evt.type,
-                        Detail: JSON.stringify({
-                            metadata: evt.metadata,
-                            payload: evt.properties,
-                        }),
-                        EventBusName: name,
-                    },
-                ],
-            }),
-        });
-        if (!res.ok)
-            throw new PublishError(res);
-        return res.json();
-    }
-    bus.publish = publish;
-    class PublishError extends Error {
-        response;
-        constructor(response) {
-            super("Failed to publish event to bus");
-            this.response = response;
-        }
-    }
-    bus.PublishError = PublishError;
-})(bus || (bus = {}));

package/dist/event/destination.d.ts

@@ -1,19 +0,0 @@
-import { Prettify } from "../util/prettify.js";
-export interface Payload {
-    type: string;
-    properties: any;
-    metadata: any;
-}
-declare const Publishers: {
-    "sst.aws.Bus": (properties: {
-        name: string;
-    }, payload: Payload) => void;
-};
-type Publishers = typeof Publishers;
-export type Destinations = {
-    [key in keyof Publishers]: Prettify<{
-        type: key;
-    } & Parameters<Publishers[key]>[0]>;
-}[keyof Publishers];
-export declare function publish(destination: Destinations, payload: Payload): void;
-export {};