wirejs-deploy-amplify-basic 0.1.171 → 0.1.173

package/amplify-backend-assets/backend.ts

@@ -16,6 +16,7 @@ import { Table, AttributeType, BillingMode } from 'aws-cdk-lib/aws-dynamodb';
 import { AnyPrincipal, PolicyStatement } from 'aws-cdk-lib/aws-iam';
 import { Rule, RuleTargetInput, Schedule } from 'aws-cdk-lib/aws-events';
 import { LambdaFunction as LambdaFunctionTarget } from 'aws-cdk-lib/aws-events-targets';
+import { SESClient, VerifyEmailIdentityCommand, GetIdentityVerificationAttributesCommand } from '@aws-sdk/client-ses';
 
 import { TableDefinition, indexName, DeploymentConfig } from 'wirejs-resources';
 import { TableIndexes } from './constructs/table-indexes';
@@ -236,11 +237,15 @@ for (const resource of generated) {
  */
 function cronExpressionToSchedule(expression: string): Schedule {
   const [minute, hour, dayOfMonth, month, dayOfWeek] = expression.trim().split(/\s+/);
-  // EventBridge requires exactly one of day-of-month or day-of-week to be '?'.
-  // If neither is wildcarded, prefer keeping day-of-month and set weekday to '?'.
-  const ebDayOfMonth = dayOfWeek !== '*' && dayOfWeek !== '?' ? '?' : dayOfMonth;
-  const ebDayOfWeek  = ebDayOfMonth === '?' ? dayOfWeek : '?';
-  return Schedule.cron({ minute, hour, day: ebDayOfMonth, month, weekDay: ebDayOfWeek });
+  // CDK's Schedule.cron() does not accept both `day` and `weekDay` simultaneously.
+  // If dayOfWeek is specified (not '*' or '?'), use it; otherwise use dayOfMonth.
+  const useWeekDay = dayOfWeek !== '*' && dayOfWeek !== '?';
+  return Schedule.cron({
+    minute,
+    hour,
+    month,
+    ...(useWeekDay ? { weekDay: dayOfWeek } : { day: dayOfMonth }),
+  });
 }
 
 /**
@@ -305,4 +310,75 @@ api.addToRolePolicy(new PolicyStatement({
 }));
 
 
+/**
+ * SES permissions for EmailSender resources
+ */
+function isEmailSender(resource: any): resource is {
+  type: 'EmailSender';
+  options: { absoluteId: string; from: string };
+} {
+  return resource.type === 'EmailSender';
+}
+
+const emailSenderResources = generated.filter(isEmailSender);
+if (emailSenderResources.length > 0) {
+  const senderAddresses = emailSenderResources.map(r => r.options.from);
+  api.addToRolePolicy(new PolicyStatement({
+    actions: [
+      'ses:SendEmail',
+      'ses:SendRawEmail',
+    ],
+    resources: [
+      `arn:${backend.stack.partition}:ses:${backend.stack.region}:${backend.stack.account}:identity/*`,
+    ],
+  }));
+
+  // Initiate SES email verification for each sender address during deployment.
+  // This sends a verification email to each address automatically so customers
+  // don't need to manually trigger it from the AWS console.
+  const sesClient = new SESClient();
+  const verificationResults: { address: string; status: string }[] = [];
+
+  for (const address of senderAddresses) {
+    try {
+      // Check current verification status first
+      const statusResult = await sesClient.send(
+        new GetIdentityVerificationAttributesCommand({ Identities: [address] })
+      );
+      const currentStatus = statusResult.VerificationAttributes?.[address]?.VerificationStatus;
+
+      if (currentStatus === 'Success') {
+        verificationResults.push({ address, status: 'already verified ✅' });
+      } else {
+        // Trigger a (new) verification email
+        await sesClient.send(new VerifyEmailIdentityCommand({ EmailAddress: address }));
+        verificationResults.push({ address, status: 'verification email sent 📧' });
+      }
+    } catch (err: any) {
+      verificationResults.push({ address, status: `could not initiate automatically — ${err?.message ?? err}` });
+    }
+  }
+
+  console.log(`
+⚠️  AWS SES Email Verification
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Your app uses EmailSender with the following sender address(es):
+
+${verificationResults.map(r => `  • ${r.address} — ${r.status}`).join('\n')}
+
+${verificationResults.some(r => r.status.includes('sent'))
+  ? 'Check your inbox and click the verification link in each email from AWS SES.'
+  : ''}
+AWS SES starts in "sandbox" mode — you must also verify recipient addresses
+or request production access to send to arbitrary recipients.
+
+To request production (sandbox removal) access:
+  https://docs.aws.amazon.com/ses/latest/dg/request-production-access.html
+
+See docs/amplify.md in your project for more details.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+`);
+}
+
+
 backend.addOutput({ custom: { api: apiUrl.url } });

package/amplify-hosting-assets/compute/default/package.json

@@ -3,6 +3,6 @@
 	"dependencies": {
 		"jsdom": "^25.0.1",
 		"wirejs-dom": "^1.0.44",
-		"wirejs-resources": "^0.1.171"
+		"wirejs-resources": "^0.1.173"
 	}
 }

package/dist/index.d.ts

@@ -1,6 +1,7 @@
 export * from 'wirejs-resources';
 export { FileService } from './services/file.js';
 export { AuthenticationService } from './services/authentication.js';
+export { EmailSender } from './services/email-sender.js';
 export { LLM } from './services/llm.js';
 export { DistributedTable } from './resources/distributed-table.js';
 export { RealtimeService } from './services/realtime.js';

package/dist/index.js

@@ -6,6 +6,8 @@ import { FileService } from './services/file.js';
 export { FileService } from './services/file.js';
 import { AuthenticationService } from './services/authentication.js';
 export { AuthenticationService } from './services/authentication.js';
+import { EmailSender } from './services/email-sender.js';
+export { EmailSender } from './services/email-sender.js';
 import { LLM } from './services/llm.js';
 export { LLM } from './services/llm.js';
 import { DistributedTable } from './resources/distributed-table.js';
@@ -23,6 +25,7 @@ overrides.AuthenticationService = AuthenticationService;
 overrides.BackgroundJob = BackgroundJob;
 overrides.CronJob = CronJob;
 overrides.DistributedTable = DistributedTable;
+overrides.EmailSender = EmailSender;
 overrides.Endpoint = Endpoint;
 overrides.FileService = FileService;
 overrides.LLM = LLM;

package/dist/services/email-sender.d.ts

@@ -0,0 +1,7 @@
+import { Resource, EmailSender as BaseEmailSender, EmailMessage } from 'wirejs-resources';
+export declare class EmailSender extends BaseEmailSender {
+    constructor(scope: Resource | string, id: string, options: {
+        from: string;
+    });
+    send(message: EmailMessage): Promise<void>;
+}

package/dist/services/email-sender.js

@@ -0,0 +1,24 @@
+import { SESClient, SendEmailCommand, } from '@aws-sdk/client-ses';
+import { EmailSender as BaseEmailSender, } from 'wirejs-resources';
+import { addResource } from '../resource-collector.js';
+const ses = new SESClient();
+export class EmailSender extends BaseEmailSender {
+    constructor(scope, id, options) {
+        super(scope, id, options);
+        addResource('EmailSender', { absoluteId: this.absoluteId, from: options.from });
+    }
+    async send(message) {
+        const toAddresses = Array.isArray(message.to) ? message.to : [message.to];
+        await ses.send(new SendEmailCommand({
+            Source: this.from,
+            Destination: { ToAddresses: toAddresses },
+            Message: {
+                Subject: { Data: message.subject },
+                Body: {
+                    Text: { Data: message.body },
+                    ...(message.html !== undefined ? { Html: { Data: message.html } } : {}),
+                },
+            },
+        }));
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "wirejs-deploy-amplify-basic",
-	"version": "0.1.171",
+	"version": "0.1.173",
 	"type": "module",
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",
@@ -32,6 +32,7 @@
 		"@aws-sdk/client-cognito-identity-provider": "^3.741.0",
 		"@aws-sdk/client-dynamodb": "^3.774.0",
 		"@aws-sdk/client-s3": "^3.738.0",
+		"@aws-sdk/client-ses": "^3.738.0",
 		"@aws-sdk/credential-provider-node": "^3.806.0",
 		"@aws-sdk/client-lambda": "3.821.0",
 		"@aws-sdk/lib-dynamodb": "^3.778.0",
@@ -44,7 +45,7 @@
 		"recursive-copy": "^2.0.14",
 		"rimraf": "^6.0.1",
 		"wirejs-dom": "^1.0.44",
-		"wirejs-resources": "^0.1.171"
+		"wirejs-resources": "^0.1.173"
 	},
 	"devDependencies": {
 		"@aws-amplify/backend": "^1.14.0",