Merge pull request #51 from supabase-community/fix-cdn

feat: Add Smart CDN Caching

Author: mats16

.projen/deps.json

@@ -23,6 +23,7 @@ const project = new awscdk.AwsCdkTypeScriptApp({
     '@databases/pg',
     '@types/aws-lambda',
     'cdk-bootstrapless-synthesizer@^2.2.2',
+    'hono@^3.2.6',
     'jsonwebtoken@^8.5.1',
     'utf8',
   ],

.projenrc.js

@@ -1,3 +1,4 @@
+import * as path from 'path';
 import * as cdk from 'aws-cdk-lib';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as lambda from 'aws-cdk-lib/aws-lambda';
@@ -8,12 +9,14 @@ import { Construct } from 'constructs';
 export class WebAcl extends cdk.NestedStack {
   webAclArn: string;
 
+  /** Default Web ACL */
   constructor(scope: Construct, id: string, props: cdk.NestedStackProps) {
     super(scope, id, props);
 
+    /** Custom resource handler */
     const crFunction = new NodejsFunction(this, 'Function', {
       description: `Supabase - Create Web ACL Function (${this.node.path}/Function)`,
-      entry: './src/functions/create-web-acl.ts',
+      entry: path.resolve(__dirname, 'cr-web-acl.ts'),
       runtime: lambda.Runtime.NODEJS_18_X,
       timeout: cdk.Duration.seconds(15),
       initialPolicy: [
@@ -40,18 +43,20 @@ export class WebAcl extends cdk.NestedStack {
       ],
     });
 
+    /** Custom resource provider */
     const crProvider = new cr.Provider(this, 'Provider', { onEventHandler: crFunction });
 
+    /** Web ACL */
     const resource = new cdk.CustomResource(this, 'Resource', {
       resourceType: 'Custom::WebACL',
       serviceToken: crProvider.serviceToken,
       properties: {
         Name: this.node.path.replace(/\//g, '-'),
         Description: this.node.path,
-        Fingerprint: cdk.FileSystem.fingerprint('./src/functions/create-web-acl.ts'),
+        Fingerprint: cdk.FileSystem.fingerprint(path.resolve(__dirname, 'cr-web-acl.ts')),
       },
     });
-    this.webAclArn = resource.getAttString('Arn');
 
+    this.webAclArn = resource.getAttString('Arn');
   }
 };

package.json

@@ -0,0 +1,47 @@
+import { Logger } from '@aws-lambda-powertools/logger';
+import { Tracer } from '@aws-lambda-powertools/tracer';
+import { SQSClient, SendMessageCommand } from '@aws-sdk/client-sqs';
+import { Handler } from 'aws-lambda';
+import { Hono } from 'hono';
+import { handle } from 'hono/aws-lambda';
+import { bearerAuth } from 'hono/bearer-auth';
+import { WebhookEvent } from './types';
+
+const region = process.env.AWS_REGION;
+const queueUrl = process.env.QUEUE_URL;
+const token = process.env.API_KEY!;
+const eventList = process.env.EVENT_LIST!.split(',');
+
+const logger = new Logger();
+const tracer = new Tracer();
+const sqs = tracer.captureAWSv3Client(new SQSClient({ region }));
+
+/**
+ * Send message to SQS
+ * @param message webhook event
+ * @returns void
+ */
+const enqueue = async (message: object) => {
+  const cmd = new SendMessageCommand({
+    QueueUrl: queueUrl,
+    MessageBody: JSON.stringify(message),
+  });
+  await sqs.send(cmd);
+};
+
+/** Hono app */
+const app = new Hono();
+
+/** Webhook endpoint */
+app.post('/', bearerAuth({ token }), async (c) => {
+  const body: WebhookEvent = await c.req.json();
+  console.log(JSON.stringify(body));
+
+  if (eventList.includes(body.event.type)) {
+    await enqueue(body);
+  }
+  return c.text('Accepted', 202);
+});
+
+/** Lambda handler */
+export const handler = handle(app) as Handler;

src/functions/create-web-acl.ts renamed to src/aws-waf/cr-web-acl.ts

@@ -10,6 +10,7 @@ const logger = new Logger();
 const tracer = new Tracer();
 const cloudfront = tracer.captureAWSv3Client(new CloudFrontClient({ region: 'us-east-1' }));
 
+/** Create CloudFront invalidation. */
 const createInvalidation = async(paths: string[], callerReference: string) => {
   const cmd = new CreateInvalidationCommand({
     DistributionId: distributionId,
@@ -25,10 +26,16 @@ const createInvalidation = async(paths: string[], callerReference: string) => {
   return output;
 };
 
+/** Convert webhook event to CloudFront paths. */
 const eventToPath = (event: WebhookEvent): string[] => {
   const bucketId = event.event.payload.bucketId;
   const objectName = event.event.payload.name;
-  return [`/storage/v1/object/${bucketId}/${objectName}`, `/storage/v1/object/public/${bucketId}/${objectName}`];
+  const objectPaths = [
+    `/storage/v1/object/${bucketId}/${objectName}*`,
+    `/storage/v1/object/sign/${bucketId}/${objectName}*`,
+    `/storage/v1/object/public/${bucketId}/${objectName}*`,
+  ];
+  return objectPaths;
 };
 
 export const handler: SQSHandler = async (event, context) => {

src/aws-waf-for-cloudfront.ts renamed to src/aws-waf/index.ts

@@ -10,7 +10,7 @@ export type ObjectMetadata = {
   httpStatusCode: number;
 }
 
-// https://github.com/supabase/storage-api/blob/master/src/queue/events/base-event.ts#L10
+// https://github.com/supabase/storage-api/blob/master/src/queue/events/base-event.ts
 export interface BasePayload {
   $version: string;
   tenant: {
@@ -19,27 +19,34 @@ export interface BasePayload {
   };
 }
 
+// https://github.com/supabase/storage-api/blob/master/src/queue/events/object-created.ts
 interface ObjectCreatedEvent extends BasePayload {
   name: string;
   bucketId: string;
   metadata: ObjectMetadata;
 }
+
+// https://github.com/supabase/storage-api/blob/master/src/queue/events/object-removed.ts
 interface ObjectRemovedEvent extends BasePayload {
   name: string;
   bucketId: string;
 }
+
+// https://github.com/supabase/storage-api/blob/master/src/queue/events/object-updated.ts
 interface ObjectUpdatedMetadataEvent extends BasePayload {
   name: string;
   bucketId: string;
   metadata: ObjectMetadata;
 }
 
+type EventName = 'ObjectCreated:Put'|'ObjectCreated:Post'|'ObjectCreated:Copy'|'ObjectCreated:Move'|'ObjectRemoved:Delete'|'ObjectRemoved:Move'|'ObjectUpdated:Metadata'
+
 // https://github.com/supabase/storage-api/blob/master/src/queue/events/webhook.ts#L9
 export interface WebhookEvent {
   type: string;
   event: {
     $version: string;
-    type: string;
+    type: EventName;
     payload: ObjectCreatedEvent|ObjectRemovedEvent|ObjectUpdatedMetadataEvent;
     applyTime: number;
   };