wirejs-deploy-amplify-basic 0.0.147-payments → 0.0.149-payments
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -70,6 +70,8 @@ backend.api.resources.lambda.role?.addToPrincipalPolicy(new PolicyStatement({
|
|
|
70
70
|
],
|
|
71
71
|
}));
|
|
72
72
|
|
|
73
|
+
const allLambdas = [ backend.api.resources.lambda ];
|
|
74
|
+
|
|
73
75
|
/**
|
|
74
76
|
* CDK resources
|
|
75
77
|
*/
|
|
@@ -80,6 +82,30 @@ const bucket = new Bucket(backend.stack, 'data', {
|
|
|
80
82
|
});
|
|
81
83
|
bucket.grantReadWrite(backend.api.resources.lambda);
|
|
82
84
|
|
|
85
|
+
function isRealtimeService(resource: any): resource is {
|
|
86
|
+
type: 'RealtimeService';
|
|
87
|
+
options: { namespace: string; };
|
|
88
|
+
} {
|
|
89
|
+
return resource.type === 'RealtimeService';
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
if (generated.some(isRealtimeService)) {
|
|
93
|
+
const realtimeStack = new NestedStack(backend.stack, 'realtime', {
|
|
94
|
+
description: 'Realtime service for distributed resources',
|
|
95
|
+
});
|
|
96
|
+
const realtime = new RealtimeService(realtimeStack, 'realtime', {
|
|
97
|
+
appId: APP_ID!,
|
|
98
|
+
branchId: BRANCH_ID,
|
|
99
|
+
publisher: backend.api,
|
|
100
|
+
bucket: bucket.bucketName,
|
|
101
|
+
namespaces: generated
|
|
102
|
+
.filter(isRealtimeService)
|
|
103
|
+
.map(r => r.options.namespace),
|
|
104
|
+
});
|
|
105
|
+
bucket.grantReadWrite(realtime.authHandler);
|
|
106
|
+
allLambdas.push(realtime.authHandler);
|
|
107
|
+
}
|
|
108
|
+
|
|
83
109
|
/**
|
|
84
110
|
* DDB Tables
|
|
85
111
|
*/
|
|
@@ -141,53 +167,27 @@ for (const resource of generated) {
|
|
|
141
167
|
}
|
|
142
168
|
);
|
|
143
169
|
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
170
|
+
for (const lambda of allLambdas) {
|
|
171
|
+
table.grantReadWriteData(lambda);
|
|
172
|
+
|
|
173
|
+
// indexes created by custom resource and require explicit
|
|
174
|
+
// permissions to be added to the lambda role (apparently).
|
|
175
|
+
lambda.addToRolePolicy(new PolicyStatement({
|
|
176
|
+
actions: [
|
|
177
|
+
"dynamodb:Query",
|
|
178
|
+
"dynamodb:Scan",
|
|
179
|
+
"dynamodb:GetItem",
|
|
180
|
+
"dynamodb:BatchGetItem",
|
|
181
|
+
],
|
|
182
|
+
resources: [
|
|
183
|
+
table.tableArn,
|
|
184
|
+
`${table.tableArn}/index/*`,
|
|
185
|
+
],
|
|
186
|
+
}));
|
|
187
|
+
}
|
|
160
188
|
}
|
|
161
189
|
}
|
|
162
190
|
|
|
163
|
-
function isRealtimeService(resource: any): resource is {
|
|
164
|
-
type: 'RealtimeService';
|
|
165
|
-
options: { namespace: string; };
|
|
166
|
-
} {
|
|
167
|
-
return resource.type === 'RealtimeService';
|
|
168
|
-
}
|
|
169
|
-
|
|
170
|
-
if (generated.some(isRealtimeService)) {
|
|
171
|
-
const realtimeStack = new NestedStack(backend.stack, 'realtime', {
|
|
172
|
-
description: 'Realtime service for distributed resources',
|
|
173
|
-
});
|
|
174
|
-
const realtime = new RealtimeService(realtimeStack, 'realtime', {
|
|
175
|
-
appId: APP_ID!,
|
|
176
|
-
branchId: BRANCH_ID,
|
|
177
|
-
publisher: backend.api,
|
|
178
|
-
bucket: bucket.bucketName,
|
|
179
|
-
namespaces: generated
|
|
180
|
-
.filter(isRealtimeService)
|
|
181
|
-
.map(r => r.options.namespace),
|
|
182
|
-
});
|
|
183
|
-
// TODO: is there a better way to ensure we grant access specifically
|
|
184
|
-
// to what `Secret` uses to store its creds without creating N places to
|
|
185
|
-
// map this?
|
|
186
|
-
// Longer term: Secrets will be stored either in DDB, parameter store, something
|
|
187
|
-
// else that is more appropriate than S3.
|
|
188
|
-
bucket.grantReadWrite(realtime.authHandler);
|
|
189
|
-
}
|
|
190
|
-
|
|
191
191
|
/**
|
|
192
192
|
* Lambda environment vars
|
|
193
193
|
*/
|
|
@@ -39,12 +39,17 @@ export class RealtimeService extends Construct {
|
|
|
39
39
|
entry: path.join(__dirname, 'authorizer-lambda.ts'),
|
|
40
40
|
timeout: Duration.seconds(30),
|
|
41
41
|
environment: {
|
|
42
|
-
// global storage bucket
|
|
42
|
+
// global storage bucket. TODO: remove?
|
|
43
43
|
BUCKET: props.bucket,
|
|
44
44
|
|
|
45
|
+
// TODO: refactor. set env variables ... better.
|
|
46
|
+
// must match TABLE_NAME_PREFIX from outer scope.
|
|
47
|
+
TABLE_NAME_PREFIX: `${props.appId}-${props.branchId}-`,
|
|
48
|
+
|
|
45
49
|
// NOTE: These MUST equal those defined in RealtimeService resource.
|
|
46
50
|
SECRET_SCOPE: 'wirejs-global',
|
|
47
51
|
SECRET_ID: 'realtime-secret',
|
|
52
|
+
|
|
48
53
|
}
|
|
49
54
|
});
|
|
50
55
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "wirejs-deploy-amplify-basic",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.149-payments",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -42,7 +42,7 @@
|
|
|
42
42
|
"recursive-copy": "^2.0.14",
|
|
43
43
|
"rimraf": "^6.0.1",
|
|
44
44
|
"wirejs-dom": "^1.0.42",
|
|
45
|
-
"wirejs-resources": "^0.1.
|
|
45
|
+
"wirejs-resources": "^0.1.117-payments"
|
|
46
46
|
},
|
|
47
47
|
"devDependencies": {
|
|
48
48
|
"@aws-amplify/backend": "^1.14.0",
|