github-mirrors/netris-nestri
1
0
Fork 0
mirror of https://github.com/nestriness/nestri.git synced 2025-12-12 16:55:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: Use CF

Browse Source
This commit is contained in:
Wanjohi
2025-06-06 09:09:11 +03:00
parent a47dc91b22
commit 5fd5608e6e
8 changed files with 129 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/api.ts
View File

@@ -4,7 +4,6 @@ import { domain } from "./dns";
import { secret } from "./secret";
import { cluster } from "./cluster";
import { postgres } from "./postgres";
import { storage } from "./storage";
export const apiService = new sst.aws.Service("Api", {
cluster,
@@ -13,7 +12,6 @@ export const apiService = new sst.aws.Service("Api", {
link: [
bus,
auth,
storage,
postgres,
secret.SteamApiKey,
secret.PolarSecret,

197
infra/images.ts
View File

@@ -1,170 +1,57 @@
import {api} from "./api"
import { domain } from "./dns";
import { storage } from "./storage";
sst.Linkable.wrap(aws.iam.AccessKey, (resource) => ({
properties: {
key: resource.id,
secret: resource.secret,
},
}))
const cache = new sst.cloudflare.Kv("ImageCache");
const bucket = new sst.cloudflare.Bucket("ImageBucket");
const lambdaInvokerUser = new aws.iam.User("ImageIAMUser", {
name: `${$app.name}-${$app.stage}-ImageIAMUser`,
forceDestroy: true
});
const imageProcessorFunction = new sst.aws.Function("ImageProcessor",
{
memory: "1024 MB",
link: [storage],
timeout: "30 seconds",
nodejs: { install: ["sharp"] },
handler: "packages/functions/src/images/processor.handler",
},
);
new aws.iam.UserPolicy("InvokeLambdaPolicy", {
user: lambdaInvokerUser.name,
policy: $output({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["lambda:InvokeFunction"],
Resource: imageProcessorFunction.arn,
},
],
}).apply(JSON.stringify),
});
const accessKey = new aws.iam.AccessKey("ImageInvokerAccessKey", {
user: lambdaInvokerUser.name,
});
export const imageCdn = new sst.cloudflare.Worker("ImageCDN", {
url: true,
domain: "cdn." + domain,
link: [bucket, cache, api],
link: [bucket, cache, imageProcessorFunction, accessKey],
handler: "packages/functions/src/images/index.ts",
});
export const outputs = {
cdn: imageCdn.url
}
// const transformedImageBucket = new sst.aws.Bucket("TranformedStorage");
// const imageProcessorFunction = new sst.aws.Function("ImageProcessor",
// {
// handler: "src/image-processor.handler",
// nodejs: { install: ["sharp"] },
// memory: "1024 MB",
// timeout: "30 seconds",
// url: true,
// link: [storage, transformedImageBucket],
// environment: {
// transformedImageCacheTTL:
// process.env.transformedImageCacheTTL ?? "max-age=31622400",
// maxImageSize: process.env.MAX_IMAGE_SIZE ?? "4700000",
// },
// },
// );
// const cloudfrontOAI = new aws.cloudfront.OriginAccessIdentity("CloudfrontOAI");
// const lambdaOAC = new aws.cloudfront.OriginAccessControl("OriginAccessControl",
// {
// name: `${$app.name}-${$app.stage}-OriginAccessControl`,
// originAccessControlOriginType: "lambda",
// signingBehavior: "always",
// signingProtocol: "sigv4",
// },
// );
// const cloudfrontResponseHeadersPolicy =
// new aws.cloudfront.ResponseHeadersPolicy("ResponseHeadersPolicy",
// {
// name: `${$app.name}-${$app.stage}-ResponseHeadersPolicy`,
// customHeadersConfig: {
// items: [
// {
// header: "x-aws-image-optimization",
// value: "v1.0",
// override: true,
// },
// { header: "vary", value: "accept", override: true },
// ],
// },
// corsConfig: {
// accessControlAllowCredentials: false,
// accessControlAllowHeaders: {
// items: ["*"],
// },
// accessControlAllowMethods: {
// items: ["GET"],
// },
// accessControlAllowOrigins: {
// items: ["*"],
// },
// accessControlMaxAgeSec: 600,
// originOverride: false,
// },
// },
// );
// const cachePolicy = new aws.cloudfront.CachePolicy("CachePolicy",
// {
// name: `${$app.name}-${$app.stage}-CachePolicy`,
// defaultTtl: 86400,
// maxTtl: 31536000,
// minTtl: 0,
// parametersInCacheKeyAndForwardedToOrigin: {
// cookiesConfig: {
// cookieBehavior: "none",
// },
// headersConfig: {
// headerBehavior: "none",
// },
// queryStringsConfig: {
// queryStringBehavior: "whitelist",
// queryStrings: {
// items: ["w", "h", "dpr", "format"]
// },
// },
// },
// },
// );
// const groupOriginId = `${$app.name}-${$app.stage}-"GroupOrigin`;
// const primaryOriginId = `${$app.name}-${$app.stage}-PrimaryOrigin`;
// const secondaryOriginId = `${$app.name}-${$app.stage}-SecondaryOrigin`;
// const s3Distribution = new sst.aws.Cdn("ImageDistribution",
// {
// originGroups: [
// {
// originId: groupOriginId,
// failoverCriteria: {
// statusCodes: [403, 500, 503, 504],
// },
// members: [
// {
// originId: primaryOriginId,
// },
// {
// originId: secondaryOriginId,
// },
// ],
// },
// ],
// origins: [
// {
// originId: primaryOriginId,
// domainName: imageProcessorFunction.url.apply(
// (url) => new URL(url).hostname,
// ),
// originAccessControlId: lambdaOAC.id,
// customOriginConfig: {
// originProtocolPolicy: "https-only",
// httpPort: 443,
// httpsPort: 443,
// originSslProtocols: ["TLSv1.2"],
// },
// },
// {
// originId: secondaryOriginId,
// domainName:
// transformedImageBucket.nodes.bucket.bucketRegionalDomainName,
// s3OriginConfig: {
// originAccessIdentity: cloudfrontOAI.cloudfrontAccessIdentityPath,
// },
// },
// ],
// defaultCacheBehavior: {
// cachePolicyId: cachePolicy.id,
// allowedMethods: ["GET", "HEAD"],
// cachedMethods: ["GET", "HEAD"],
// targetOriginId: groupOriginId,
// viewerProtocolPolicy: "redirect-to-https",
// functionAssociations: [
// {
// eventType: "viewer-request",
// functionArn: cloudfrontRewriteFunction.arn,
// },
// ],
// responseHeadersPolicyId: cloudfrontResponseHeadersPolicy.id,
// },
// },
// );
// new aws.lambda.Permission("AllowCloudFrontServicePrincipal", {
// action: "lambda:InvokeFunctionUrl",
// function: imageProcessorFunction.arn,
// principal: "cloudfront.amazonaws.com",
// statementId: "AllowCloudFrontServicePrincipal",
// sourceArn: s3Distribution.nodes.distribution.arn,
// });