mirror of
https://github.com/nestriness/nestri.git
synced 2025-12-12 08:45:38 +02:00
⭐ feat(infra): Migrate to serverless Lambda architecture (#291)
## Description <!-- Briefly describe the purpose and scope of your changes --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced serverless API and authentication endpoints, improving scalability and reliability. - Added rate limiting to the API, providing protection against excessive requests and returning custom error responses. - **Improvements** - Simplified infrastructure for both API and authentication, reducing complexity and improving maintainability. - Updated resource allocations for backend services to optimize performance and cost. - **Bug Fixes** - Removed unused scripts and configuration, resulting in a cleaner development environment. - **Other** - Updated type declarations to reflect new infrastructure changes. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Wanjohi
GitHub
143
infra/api.ts
143
infra/api.ts
@@ -1,14 +1,14 @@
|
||||
import { bus } from "./bus";
|
||||
import { vpc } from "./vpc";
|
||||
import { auth } from "./auth";
|
||||
import { domain } from "./dns";
|
||||
import { secret } from "./secret";
|
||||
import { cluster } from "./cluster";
|
||||
import { postgres } from "./postgres";
|
||||
|
||||
export const apiService = new sst.aws.Service("Api", {
|
||||
cluster,
|
||||
cpu: $app.stage === "production" ? "2 vCPU" : undefined,
|
||||
memory: $app.stage === "production" ? "4 GB" : undefined,
|
||||
const apiFn = new sst.aws.Function("ApiFn", {
|
||||
vpc,
|
||||
handler: "packages/functions/src/api/index.handler",
|
||||
streaming: !$dev,
|
||||
link: [
|
||||
bus,
|
||||
auth,
|
||||
@@ -22,73 +22,90 @@ export const apiService = new sst.aws.Service("Api", {
|
||||
secret.NestriProMonthly,
|
||||
secret.NestriProYearly,
|
||||
],
|
||||
command: ["bun", "run", "./src/api/index.ts"],
|
||||
image: {
|
||||
dockerfile: "packages/functions/Containerfile",
|
||||
},
|
||||
loadBalancer: {
|
||||
url: true,
|
||||
});
|
||||
|
||||
const provider = new aws.Provider("UsEast1", { region: "us-east-1" });
|
||||
|
||||
const webAcl = new aws.wafv2.WebAcl(
|
||||
"ApiWaf",
|
||||
{
|
||||
scope: "CLOUDFRONT",
|
||||
defaultAction: {
|
||||
allow: {},
|
||||
},
|
||||
visibilityConfig: {
|
||||
cloudwatchMetricsEnabled: true,
|
||||
metricName: "api-rate-limit-metric",
|
||||
sampledRequestsEnabled: true,
|
||||
},
|
||||
rules: [
|
||||
{
|
||||
listen: "80/http",
|
||||
forward: "3001/http",
|
||||
name: "rate-limit-rule",
|
||||
priority: 1,
|
||||
action: {
|
||||
block: {
|
||||
customResponse: {
|
||||
responseCode: 429,
|
||||
customResponseBodyKey: "rate-limit-response",
|
||||
},
|
||||
},
|
||||
},
|
||||
statement: {
|
||||
rateBasedStatement: {
|
||||
limit: 2 * 60, // 2 rps per authorization header
|
||||
evaluationWindowSec: 60,
|
||||
aggregateKeyType: "CUSTOM_KEYS",
|
||||
customKeys: [
|
||||
{
|
||||
header: {
|
||||
name: "Authorization",
|
||||
textTransformations: [{ priority: 0, type: "NONE" }],
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
visibilityConfig: {
|
||||
cloudwatchMetricsEnabled: true,
|
||||
metricName: "rate-limit-rule-metric",
|
||||
sampledRequestsEnabled: true,
|
||||
},
|
||||
},
|
||||
],
|
||||
customResponseBodies: [
|
||||
{
|
||||
key: "rate-limit-response",
|
||||
content: JSON.stringify({
|
||||
type: "rate_limit",
|
||||
code: "too_many_requests",
|
||||
message: "Rate limit exceeded. Please try again later.",
|
||||
}),
|
||||
contentType: "APPLICATION_JSON",
|
||||
},
|
||||
],
|
||||
},
|
||||
dev: {
|
||||
url: "http://localhost:3001",
|
||||
command: "bun dev:api",
|
||||
directory: "packages/functions",
|
||||
},
|
||||
scaling:
|
||||
$app.stage === "production"
|
||||
? {
|
||||
min: 2,
|
||||
max: 10,
|
||||
}
|
||||
: undefined,
|
||||
// For persisting actor state
|
||||
transform: {
|
||||
taskDefinition: (args) => {
|
||||
const volumes = $output(args.volumes).apply(v => {
|
||||
const next = [...v, {
|
||||
name: "shared-tmp",
|
||||
dockerVolumeConfiguration: {
|
||||
scope: "shared",
|
||||
driver: "local"
|
||||
}
|
||||
}];
|
||||
{ provider },
|
||||
);
|
||||
|
||||
return next;
|
||||
})
|
||||
|
||||
// "containerDefinitions" is a JSON string, parse first
|
||||
let containers = $jsonParse(args.containerDefinitions);
|
||||
|
||||
containers = containers.apply((containerDefinitions) => {
|
||||
containerDefinitions[0].mountPoints = [
|
||||
...(containerDefinitions[0].mountPoints ?? []),
|
||||
{
|
||||
sourceVolume: "shared-tmp",
|
||||
containerPath: "/tmp"
|
||||
},
|
||||
]
|
||||
return containerDefinitions;
|
||||
});
|
||||
|
||||
args.volumes = volumes
|
||||
args.containerDefinitions = $jsonStringify(containers);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
export const api = !$dev ? new sst.aws.Router("ApiRoute", {
|
||||
export const api = new sst.aws.Router("Api", {
|
||||
routes: {
|
||||
// I think api.url should work all the same
|
||||
"/*": apiService.nodes.loadBalancer.dnsName,
|
||||
"/*": apiFn.url,
|
||||
},
|
||||
domain: {
|
||||
name: "api." + domain,
|
||||
dns: sst.cloudflare.dns(),
|
||||
},
|
||||
}) : apiService
|
||||
transform: {
|
||||
cdn(args) {
|
||||
if (!args.transform) {
|
||||
args.transform = {
|
||||
distribution: {},
|
||||
};
|
||||
}
|
||||
args.transform!.distribution = {
|
||||
webAclId: webAcl.arn,
|
||||
};
|
||||
},
|
||||
},
|
||||
});
|
||||
Reference in New Issue
Block a user