github-mirrors/netris-nestri
1
0
Fork 0
mirror of https://github.com/nestriness/nestri.git synced 2025-12-12 16:55:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(infra): Migrate to serverless Lambda architecture (#291)

Browse Source 
## Description
<!-- Briefly describe the purpose and scope of your changes -->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Introduced serverless API and authentication endpoints, improving
scalability and reliability.
- Added rate limiting to the API, providing protection against excessive
requests and returning custom error responses.

- **Improvements**
- Simplified infrastructure for both API and authentication, reducing
complexity and improving maintainability.
- Updated resource allocations for backend services to optimize
performance and cost.

- **Bug Fixes**
- Removed unused scripts and configuration, resulting in a cleaner
development environment.

- **Other**
  - Updated type declarations to reflect new infrastructure changes.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
Wanjohi
2025-06-09 10:06:58 +03:00
committed by GitHub
parent 6e82eff9e2
commit be85594bdc
8 changed files with 122 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
infra/auth.ts
View File

@@ -1,98 +1,32 @@
import { bus } from "./bus";
import { vpc } from "./vpc";
import { domain } from "./dns";
import { secret } from "./secret";
import { cluster } from "./cluster";
import { postgres } from "./postgres";
export const authService = new sst.aws.Service("Auth", {
cluster,
cpu: $app.stage === "production" ? "1 vCPU" : undefined,
memory: $app.stage === "production" ? "2 GB" : undefined,
command: ["bun", "run", "./src/auth/index.ts"],
link: [
bus,
postgres,
secret.PolarSecret,
secret.GithubClientID,
secret.DiscordClientID,
secret.GithubClientSecret,
secret.DiscordClientSecret,
],
image: {
dockerfile: "packages/functions/Containerfile",
},
environment: {
NO_COLOR: "1",
STORAGE: "/tmp/persist.json"
},
loadBalancer: {
rules: [
export const auth = new sst.aws.Auth("Auth", {
authorizer: {
vpc,
link: [
bus,
postgres,
secret.PolarSecret,
secret.GithubClientID,
secret.DiscordClientID,
secret.GithubClientSecret,
secret.DiscordClientSecret,
],
permissions: [
{
listen: "80/http",
forward: "3002/http",
actions: ["ses:SendEmail"],
resources: ["*"],
},
],
},
permissions: [
{
actions: ["ses:SendEmail"],
resources: ["*"],
},
],
dev: {
command: "bun dev:auth",
directory: "packages/functions",
url: "http://localhost:3002",
},
scaling:
$app.stage === "production"
? {
min: 2,
max: 10,
}
: undefined,
//For temporarily persisting the persist.json
transform: {
taskDefinition: (args) => {
const volumes = $output(args.volumes).apply(v => {
const next = [...v, {
name: "shared-tmp",
dockerVolumeConfiguration: {
scope: "shared",
driver: "local"
}
}];
return next;
})
// "containerDefinitions" is a JSON string, parse first
let containers = $jsonParse(args.containerDefinitions);
containers = containers.apply((containerDefinitions) => {
containerDefinitions[0].mountPoints = [
...(containerDefinitions[0].mountPoints ?? []),
{
sourceVolume: "shared-tmp",
containerPath: "/tmp"
}
]
return containerDefinitions;
});
args.volumes = volumes
args.containerDefinitions = $jsonStringify(containers);
}
}
});
export const auth = !$dev ? new sst.aws.Router("AuthRoute", {
routes: {
// I think auth.url should work all the same
"/*": authService.nodes.loadBalancer.dnsName,
handler: "packages/functions/src/auth/index.handler",
},
domain: {
name: "auth." + domain,
dns: sst.cloudflare.dns(),
},
}) : authService
forceUpgrade: "v2",
});