progress towards cloudfront

Author: Anonyfox

src/frontend/assets.ts

@@ -0,0 +1,57 @@
+import { AWS, Resource as AwsResource } from 'cloudformation-declarations'
+import { merge } from 'lodash'
+
+/**
+ * This is the folder where assets are loaded from, implemented on top of
+ * AWS S3. The web path `/assets/*` will be served from the path `/assets/*`
+ * on the S3 bucket.
+ */
+export default class Assets {
+  private appName: string
+  private access: string
+  private accountId: string
+
+  /**
+   * Create a new S3 bucket for a given seagull app, protected by CloudFront.
+   * The CloudFront-internal identifier for the bucket is `'appBucket'`.
+   *
+   * @param appName the actual name of the seagull app
+   * @param accountId the AWS account ID, required for unique naming
+   * @param access id-string for connecting the bucket with CloudFront
+   */
+  constructor(appName: string, accountId: string, access: string) {
+    this.appName = appName
+    this.accountId = accountId
+    this.access = access
+  }
+
+  /**
+   * Returns the CloudFormation Resources for a S3-Bucket with Policy
+   */
+  get resources(): { [name: string]: AwsResource } {
+    return merge({}, this.bucket(), this.policy())
+  }
+
+  // generate CloudFormation Resource Template for a S3 Bucket
+  private bucket(): { [name: string]: AWS.S3.Bucket } {
+    const res: { [name: string]: AWS.S3.Bucket } = {}
+    const Type = 'AWS::S3::Bucket'
+    const BucketName = `${this.appName}-${this.accountId}-assets-bucket`
+    const Properties = { AccessControl: 'Private', BucketName }
+    return { appBucket: { Properties, Type } }
+  }
+
+  // generate CloudFormation Resource Template for a S3 Bucket Policy
+  private policy() {
+    const Type = 'AWS::S3::BucketPolicy'
+    const Ref = 'appBucket'
+    const CanonicalUser = { 'Fn::GetAtt': [this.access, 'S3CanonicalUserId'] }
+    const Principal = { CanonicalUser }
+    const Action = ['s3:GetObject', 's3:GetObjectAcl']
+    const Effect = 'Allow'
+    const Resource = { 'Fn::Join': ['', ['arn:aws:s3:::', { Ref }, '/*']] }
+    const Statement = [{ Action, Effect, Principal, Resource }]
+    const Properties = { Bucket: { Ref }, PolicyDocument: { Statement } }
+    return { [`${Ref}Permission`]: { Properties, Type } }
+  }
+}

src/frontend/cloudfront.ts

@@ -0,0 +1,54 @@
+import { AWS, Resource } from 'cloudformation-declarations'
+import { merge } from 'lodash'
+import Assets from './assets'
+
+/**
+ * The CDN of AWS, takes care of caching and reducing load to your app.
+ * It will split traffic between the app's API routes and static [[Assets]]
+ * located at an S3 bucket.
+ */
+export default class CloudFront {
+  /**
+   * The S3 bucket for storing assets. The bucket will be private and only
+   * accessible through CloudFront and only the folder `/assets/*`.
+   */
+  assets: Assets
+
+  private accessOriginResourceName = 'appDistributionAccessIdentity'
+  private appName: string
+  private accountId: string
+  private domains: string[]
+
+  /**
+   * Create a new CloudFront Configuration Image. This will also contain
+   * the dedicated Assets folder directly linked and with permissions
+   * configured.
+   *
+   * @param appName the name of the target app
+   * @param accountId the ID of the AWS acccount, used as "unique" hash
+   * @param domains a list of domains pointing to your app
+   */
+  constructor(appName: string, accountId: string, domains: string[] = []) {
+    this.appName = appName
+    this.accountId = accountId
+    this.domains = domains
+  }
+
+  /**
+   * Transforms itself into a CloudFormation Resource Template.
+   */
+  get resources(): { [name: string]: Resource } {
+    const { appName, accountId, accessOriginResourceName: name } = this
+    const assets = new Assets(appName, accountId, name)
+    return merge({}, assets, this.accessIdentity)
+  }
+
+  // identity-resource needed for communication between cloudfront and S3
+  private get accessIdentity(): any {
+    const Type = 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
+    const Comment = 'Default Access Identity for your seagull app'
+    const CloudFrontOriginAccessIdentityConfig = { Comment }
+    const Properties = { CloudFrontOriginAccessIdentityConfig }
+    return { [this.accessOriginResourceName]: { Properties, Type } }
+  }
+}

src/index.ts

@@ -1,7 +1,9 @@
 export { default as Account } from './meta/account'
 export { default as Apis } from './backend/apis'
 export { default as App } from './app'
+export { default as Assets } from './frontend/assets'
 export { default as Backend } from './backend/backend'
+export { default as CloudFront } from './frontend/cloudfront'
 export { default as Directory } from './abstract/directory'
 export { default as Folder } from './abstract/folder'
 export { default as Frontend } from './frontend/frontend'

src/services/s3.ts

@@ -0,0 +1,27 @@
+import { Assets } from '@lib'
+import 'chai/register-should'
+import * as fs from 'fs'
+import { skip, slow, suite, test, timeout } from 'mocha-typescript'
+import FunctionalTest from '../../helper/functional_test'
+
+@suite('Assets')
+class Test extends FunctionalTest {
+  @test
+  'can be instantiated'() {
+    const meta = new Assets('demoApp', '1234', 'accessId')
+    meta.should.be.an('object')
+  }
+
+  @test
+  'can transform into resources template object'() {
+    const meta = new Assets('demoApp', '1234', 'accessId')
+    meta.resources.should.be.an('object')
+    const { appBucket, appBucketPermission } = meta.resources
+    appBucket.should.be.an('object')
+    appBucket.Type.should.be.equal('AWS::S3::Bucket')
+    appBucket.Properties.should.be.an('object')
+    appBucketPermission.should.be.an('object')
+    appBucketPermission.Type.should.be.equal('AWS::S3::BucketPolicy')
+    appBucketPermission.Properties.should.be.an('object')
+  }
+}

test/functional/frontend/assets.ts

@@ -0,0 +1,20 @@
+import { CloudFront } from '@lib'
+import 'chai/register-should'
+import * as fs from 'fs'
+import { skip, slow, suite, test, timeout } from 'mocha-typescript'
+import FunctionalTest from '../../helper/functional_test'
+
+@suite('Assets')
+class Test extends FunctionalTest {
+  @test
+  'can be instantiated'() {
+    const cf = new CloudFront('demoApp', '1234', ['example.com'])
+    cf.should.be.an('object')
+  }
+
+  @test
+  'can transform into resources template object'() {
+    const cf = new CloudFront('demoApp', '1234', ['example.com'])
+    cf.resources.should.be.an('object')
+  }
+}