chore: wip

chrisbbreuer · chrisbbreuer · commit 34d98a454524 · 2023-10-29T13:25:50.000-07:00
diff --git a/.stacks/core/cloud/src/cloud/cdn.ts b/.stacks/core/cloud/src/cloud/cdn.ts
@@ -30,9 +30,14 @@ export class CdnStack extends NestedStack {
   certificateArn: string
   certificate: acm.ICertificate
   logBucket: s3.IBucket
+  publicBucket: s3.IBucket
+  firewallArn: string
+  apiCachePolicy: cloudfront.CachePolicy | undefined
+  props: NestedCloudProps
 
   constructor(scope: Construct, props: NestedCloudProps) {
     super(scope, 'Cdn', props)
+    this.props = props
 
     // do lookups
     this.zone = route53.PublicHostedZone.fromLookup(this, 'AppUrlHostedZone', {
@@ -41,11 +46,18 @@ export class CdnStack extends NestedStack {
     this.certificateArn = Stack.of(this).formatArn({
       service: 'acm',
       resource: 'certificate',
-      resourceName: 'Certificate', // replace with your actual certificate logical ID
+      resourceName: 'Certificate',
     })
     this.certificate = acm.Certificate.fromCertificateArn(this, 'Certificate', this.certificateArn)
+    this.firewallArn = Stack.of(this).formatArn({
+      service: 'wafv2',
+      resource: 'webacl',
+      resourceName: 'WebFirewall',
+    })
+
     const bucketPrefix = `${props.appName}-${props.appEnv}`
     this.logBucket = s3.Bucket.fromBucketName(this, 'LogBucket', `${bucketPrefix}-logs-${props.partialAppKey}`)
+    this.publicBucket = s3.Bucket.fromBucketName(this, 'PublicBucket', `${bucketPrefix}-${props.partialAppKey}`)
 
     // proceed with cdn logic
     this.originAccessIdentity = new cloudfront.OriginAccessIdentity(this, 'OAI')
@@ -99,22 +111,23 @@ export class CdnStack extends NestedStack {
     const cfnOriginRequestFunction = originRequestFunction.node.defaultChild as CfnResource
     cfnOriginRequestFunction.applyRemovalPolicy(RemovalPolicy.RETAIN)
 
-    const cdn = new cloudfront.Distribution(this, 'Distribution', {
+    // the actual CDN distribution
+    new cloudfront.Distribution(this, 'Distribution', {
       domainNames: [props.domain],
       defaultRootObject: 'index.html',
       comment: `CDN for ${config.app.url}`,
-      certificate,
+      certificate: this.certificate,
       enableLogging: true,
-      logBucket: props.logBucket,
+      logBucket: this.logBucket,
       httpVersion: cloudfront.HttpVersion.HTTP2_AND_3,
       priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL,
       enabled: true,
       minimumProtocolVersion: cloudfront.SecurityPolicyProtocol.TLS_V1_2_2021,
-      webAclId: props.firewall.attrArn,
+      webAclId: this.firewallArn,
       enableIpv6: true,
 
       defaultBehavior: {
-        origin: new origins.S3Origin(props.publicBucket, {
+        origin: new origins.S3Origin(this.publicBucket, {
           originAccessIdentity: this.originAccessIdentity,
         }),
         edgeLambdas: [
@@ -240,24 +253,6 @@ export class CdnStack extends NestedStack {
     return config.cloud.deploy?.api
   }
 
-  deployApi(props) {
-    const keysToRemove = ['_HANDLER', '_X_AMZN_TRACE_ID', 'AWS_REGION', 'AWS_EXECUTION_ENV', 'AWS_LAMBDA_FUNCTION_NAME', 'AWS_LAMBDA_FUNCTION_MEMORY_SIZE', 'AWS_LAMBDA_FUNCTION_VERSION', 'AWS_LAMBDA_INITIALIZATION_TYPE', 'AWS_LAMBDA_LOG_GROUP_NAME', 'AWS_LAMBDA_LOG_STREAM_NAME', 'AWS_ACCESS_KEY', 'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN', 'AWS_LAMBDA_RUNTIME_API', 'LAMBDA_TASK_ROOT', 'LAMBDA_RUNTIME_DIR', '_']
-    keysToRemove.forEach(key => delete env[key as EnvKey])
-
-    const secrets = new secretsmanager.Secret(this, 'StacksSecrets', {
-      secretName: `${props.appName}-${props.appEnv}-secrets`,
-      description: 'Secrets for the Stacks application',
-      generateSecretString: {
-        secretStringTemplate: JSON.stringify(env),
-        generateStringKey: Object.keys(env).join(',').length.toString(),
-      },
-    })
-
-    const functionName = `${props.appName}-${props.appEnv}-server`
-
-    // this.apiVanityUrl = api.url
-  }
-
   apiBehaviorOptions(): Record<string, cloudfront.BehaviorOptions> {
     const origin = (path: '/api' | '/api/*' = '/api') => new origins.HttpOrigin(Fn.select(2, Fn.split('/', this.apiVanityUrl)), { // removes the https://
       originPath: path,
@@ -287,7 +282,7 @@ export class CdnStack extends NestedStack {
   docsBehaviorOptions(): Record<string, cloudfront.BehaviorOptions> {
     return {
       '/docs': {
-        origin: new origins.S3Origin(this.props.storage.publicBucket, {
+        origin: new origins.S3Origin(this.publicBucket, {
           originAccessIdentity: this.originAccessIdentity,
           originPath: '/docs',
         }),
@@ -298,7 +293,7 @@ export class CdnStack extends NestedStack {
         cachePolicy: cloudfront.CachePolicy.CACHING_OPTIMIZED,
       },
       '/docs/*': {
-        origin: new origins.S3Origin(this.props.storage.publicBucket, {
+        origin: new origins.S3Origin(this.publicBucket, {
           originAccessIdentity: this.originAccessIdentity,
           originPath: '/docs',
         }),
@@ -315,13 +310,23 @@ export class CdnStack extends NestedStack {
     return hasFiles(p.projectPath('docs'))
   }
 
-  additionalBehaviors(props): Record<string, cloudfront.BehaviorOptions> {
+  additionalBehaviors(props: NestedCloudProps): Record<string, cloudfront.BehaviorOptions> {
     let behaviorOptions: Record<string, cloudfront.BehaviorOptions> = {}
 
     if (this.shouldDeployApi()) {
-      this.deployApi(props)
+      const keysToRemove = ['_HANDLER', '_X_AMZN_TRACE_ID', 'AWS_REGION', 'AWS_EXECUTION_ENV', 'AWS_LAMBDA_FUNCTION_NAME', 'AWS_LAMBDA_FUNCTION_MEMORY_SIZE', 'AWS_LAMBDA_FUNCTION_VERSION', 'AWS_LAMBDA_INITIALIZATION_TYPE', 'AWS_LAMBDA_LOG_GROUP_NAME', 'AWS_LAMBDA_LOG_STREAM_NAME', 'AWS_ACCESS_KEY', 'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN', 'AWS_LAMBDA_RUNTIME_API', 'LAMBDA_TASK_ROOT', 'LAMBDA_RUNTIME_DIR', '_']
+      keysToRemove.forEach(key => delete env[key as EnvKey])
+
+      new secretsmanager.Secret(this, 'StacksSecrets', {
+        secretName: `${props.appName}-${props.appEnv}-secrets`,
+        description: 'Secrets for the Stacks application',
+        generateSecretString: {
+          secretStringTemplate: JSON.stringify(env),
+          generateStringKey: Object.keys(env).join(',').length.toString(),
+        },
+      })
 
-      behaviorOptions = this.apiBehaviorOptions()
+      // behaviorOptions = this.apiBehaviorOptions()
     }
 
     // if docMode is used, we don't need to add a behavior for the docs
diff --git a/.stacks/core/cloud/src/cloud/docs.ts b/.stacks/core/cloud/src/cloud/docs.ts
@@ -1,10 +1,22 @@
-import { NestedStack } from 'aws-cdk-lib'
+/* eslint-disable no-new */
+import {
+  NestedStack,
+  CfnOutput as Output,
+} from 'aws-cdk-lib'
 import type { Construct } from 'constructs'
+import { config } from '@stacksjs/config'
 import type { NestedCloudProps } from '../types'
 
 export class DocsStack extends NestedStack {
   constructor(scope: Construct, props: NestedCloudProps) {
     super(scope, 'Docs', props)
-    // ...
+    // if docsPrefix is not set, then we know we are in docsMode and the documentation lives at the root of the domain
+    const docsPrefix = config.app.docMode ? undefined : config.docs.base
+    const docsSource = '../../../storage/framework/docs'
+
+    new Output(this, 'DocsUrl', {
+      value: `https://${props.domain}/${docsPrefix}`,
+      description: 'The URL of the deployed documentation',
+    })
   }
 }
diff --git a/.stacks/core/cloud/src/old.ts b/.stacks/core/cloud/src/old.ts
@@ -44,10 +44,8 @@ export class StacksCloud extends Stack {
   appName = config.app.name?.toLocaleLowerCase() || 'stacks'
   teamName = config.team.name.toLowerCase() || 'stacks'
   apiPrefix!: string
-  docsPrefix?: string
   apiVanityUrl!: string
   vanityUrl!: string
-  docsSource!: string
   websiteSource!: string
   privateSource!: string
   zone!: route53.IHostedZone
@@ -100,8 +98,7 @@ export class StacksCloud extends Stack {
       this.domain = `${appEnv}.${config.app.url}`
 
     this.apiPrefix = config.api.prefix || 'api'
-    this.docsPrefix = config.app.docMode ? undefined : config.docs.base
-    this.docsSource = '../../../storage/framework/docs'
+    // this.docsSource = '../../../storage/framework/docs'
     this.websiteSource = config.app.docMode ? this.docsSource : '../../../storage/public'
     this.privateSource = '../../../storage/private'
     this.apiVanityUrl = ''
@@ -1045,14 +1042,6 @@ export class StacksCloud extends Stack {
         description: 'The ID of the EC2 instance that can be used to SSH into the Stacks Cloud.',
       })
     }
-
-    // if docsPrefix is not set, then we know we are in docsMode and the documentation lives at the root of the domain
-    if (this.shouldDeployDocs() && this.docsPrefix) {
-      new Output(this, 'DocsUrl', {
-        value: `https://${this.domain}/${this.docsPrefix}`,
-        description: 'The URL of the deployed documentation',
-      })
-    }
   }
 
   handleEmailBucket(bucketPrefix: string): s3.Bucket {
