fix: dev snaps rework lambdas (#24)

* fix: lambda and functions
Consensys · Oct 10, 2022 · 93cc72b · 93cc72b
1 parent 294dd0e
commit 93cc72b
Show file tree

Hide file tree

Showing 12 changed files with 96 additions and 152 deletions.
diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
@@ -54,4 +54,6 @@ jobs:
           REACT_APP_SNAP_VERSION=${VERSION}-dev-${HASH}-${DATE} yarn workspace wallet-ui build 
 
       - name: Deploy to Dev
-        run: aws s3 sync ./packages/wallet-ui/build s3://app-dev.starknet-snap.consensys-solutions.net/starknet
+        run: | 
+          aws s3 sync ./packages/wallet-ui/build s3://app-dev.starknet-snap.consensys-solutions.net/starknet
+          aws s3 sync ./packages/wallet-ui/build s3://dev.snaps.consensys.net/starknet
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -47,7 +47,8 @@ jobs:
           yarn workspace @consensys/starknet-snap build
           
           yarn workspace @consensys/starknet-snap publish --tag staging --access public
-          aws s3 sync ./packages/wallet-ui/build s3://app-staging.starknet-snap.consensys-solutions.net
+          aws s3 sync ./packages/wallet-ui/build s3://app-staging.starknet-snap.consensys-solutions.net/starknet
+          aws s3 sync ./packages/wallet-ui/build s3://staging.snaps.consensys.net/starknet
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         if: github.ref_name == 'staging'
@@ -64,4 +65,4 @@ jobs:
           aws s3 sync ./packages/wallet-ui/build s3://app.starknet-snap.consensys-solutions.net
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        if: github.ref_name == 'production'
+        if: github.ref_name == 'production'
diff --git a/terraform/live/functions/headers.js b/terraform/live/functions/headers.js
@@ -0,0 +1,8 @@
+function handler(event) {
+    var response = event.response;
+    var headers = response.headers;
+
+    headers['x-frame-options'] = {value: 'SAMEORIGIN'}; 
+
+    return response;
+}
diff --git a/terraform/live/lambdas/headers.js b/terraform/live/lambdas/headers.js
diff --git a/terraform/live/main.tf b/terraform/live/main.tf
@@ -10,9 +10,22 @@ locals {
   prod_domain_name    = "app.${local.hosted_zone_name}"
 
   # snaps 
-  snaps_hosted_zone_name = "snaps.consensys.net"
-  snaps_hosted_zone_id   = aws_route53_zone.snaps.zone_id
-  dev_snaps_domain_name  = "dev.${local.snaps_hosted_zone_name}"
+  snaps_hosted_zone_name    = "snaps.consensys.net"
+  snaps_hosted_zone_id      = aws_route53_zone.snaps.zone_id
+  dev_snaps_domain_name     = "dev.${local.snaps_hosted_zone_name}"
+  staging_snaps_domain_name = "staging${local.snaps_hosted_zone_name}"
+
+  #cloudfront functions
+  cloudfront_functions = {
+    redirect = {
+      arn        = aws_cloudfront_function.starknet_redirect.arn
+      event_type = "viewer-request"
+    }
+    headers = {
+      arn        = aws_cloudfront_function.starknet_add_header.arn
+      event_type = "viewer-response"
+    }
+  }
 }
 
 resource "aws_route53_zone" "main" {
@@ -71,40 +84,44 @@ resource "aws_cloudfront_function" "starknet_redirect" {
   code    = file("${path.module}/functions/redirect.js")
 }
 
-module "security_header_lambda" {
-  source = "../modules/lambda-at-edge"
-
-  bucket_name            = "security_headers_starknet_lambda"
-  lambda_name            = "security_headers"
-  lambda_description     = "lambda adding security headers"
-  lambda_code_source_dir = "${path.root}/lambdas"
-  tags                   = module.tags.common
+resource "aws_cloudfront_function" "starknet_add_header" {
+  name    = "starknet-snap-add-header"
+  runtime = "cloudfront-js-1.0"
+  comment = "starknet-snap-add-header"
+  publish = true
+  code    = file("${path.module}/functions/headers.js")
 }
 
+
 #############
 ## Dev
 #############
 
 module "s3_dev" {
   source = "../modules/aws-s3-website"
 
-  bucket_name         = local.dev_domain_name
-  domain_name         = local.dev_domain_name
-  certificate_arn     = module.cert.acm_certificate_arn
-  hosted_zone_id      = local.hosted_zone_id
-  lambda_function_arn = [module.security_header_lambda.function_arn]
-  tags                = module.tags.common
+  bucket_name     = local.dev_domain_name
+  domain_name     = local.dev_domain_name
+  certificate_arn = module.cert.acm_certificate_arn
+  cloudfront_functions = {
+    headers = {
+      arn        = aws_cloudfront_function.starknet_add_header.arn
+      event_type = "viewer-response"
+    }
+  }
+  hosted_zone_id = local.hosted_zone_id
+  tags           = module.tags.common
 }
 
 module "s3_snaps_page_dev" {
   source = "../modules/aws-s3-website"
 
-  bucket_name             = local.dev_snaps_domain_name
-  domain_name             = local.dev_snaps_domain_name
-  certificate_arn         = module.snaps_cert.acm_certificate_arn
-  hosted_zone_id          = local.hosted_zone_id
-  cloudfront_function_arn = [aws_cloudfront_function.starknet_redirect.arn]
-  tags                    = module.tags.common
+  bucket_name          = local.dev_snaps_domain_name
+  domain_name          = local.dev_snaps_domain_name
+  certificate_arn      = module.snaps_cert.acm_certificate_arn
+  hosted_zone_id       = local.snaps_hosted_zone_id
+  cloudfront_functions = local.cloudfront_functions
+  tags                 = module.tags.common
 }
 
 #############
@@ -114,26 +131,48 @@ module "s3_snaps_page_dev" {
 module "s3_staging" {
   source = "../modules/aws-s3-website"
 
-  bucket_name         = local.staging_domain_name
-  domain_name         = local.staging_domain_name
-  certificate_arn     = module.cert.acm_certificate_arn
-  hosted_zone_id      = local.hosted_zone_id
-  lambda_function_arn = [module.security_header_lambda.function_arn]
-  tags                = module.tags.common
+  bucket_name     = local.staging_domain_name
+  domain_name     = local.staging_domain_name
+  certificate_arn = module.cert.acm_certificate_arn
+  hosted_zone_id  = local.hosted_zone_id
+  cloudfront_functions = {
+    headers = {
+      arn        = aws_cloudfront_function.starknet_add_header.arn
+      event_type = "viewer-response"
+    }
+  }
+  tags = module.tags.common
 }
 
+#module "s3_snaps_page_staging" {
+#  source = "../modules/aws-s3-website"
+#
+#  bucket_name             = local.staging_snaps_domain_name
+#  domain_name             = local.staging_snaps_domain_name
+#  certificate_arn         = module.snaps_cert.acm_certificate_arn
+#  hosted_zone_id          = local.snaps_hosted_zone_id
+#  cloudfront_function_arn = [aws_cloudfront_function.starknet_redirect.arn]
+#  tags                    = module.tags.common
+#}
+
+
 #############
 ## Prod
 #############
 
 module "s3_prod" {
   source = "../modules/aws-s3-website"
 
-  bucket_name         = local.prod_domain_name
-  domain_name         = local.prod_domain_name
-  certificate_arn     = module.cert.acm_certificate_arn
-  hosted_zone_id      = local.hosted_zone_id
-  lambda_function_arn = [module.security_header_lambda.function_arn]
-  tags                = module.tags.common
+  bucket_name     = local.prod_domain_name
+  domain_name     = local.prod_domain_name
+  certificate_arn = module.cert.acm_certificate_arn
+  hosted_zone_id  = local.hosted_zone_id
+  cloudfront_functions = {
+    headers = {
+      arn        = aws_cloudfront_function.starknet_add_header.arn
+      event_type = "viewer-response"
+    }
+  }
+  tags = module.tags.common
 }
 
diff --git a/terraform/live/setup.tf b/terraform/live/setup.tf
@@ -12,6 +12,7 @@ terraform {
   }
 }
 
+
 #############
 ## Setup provider
 #############

diff --git a/terraform/modules/aws-s3-website/main.tf b/terraform/modules/aws-s3-website/main.tf
@@ -110,10 +110,11 @@ resource "aws_cloudfront_distribution" "dist" {
     }
 
     dynamic "function_association" {
-      for_each = try(var.cloudfront_function_arn, null)
+      for_each = try(var.cloudfront_functions, null)
+      iterator = function_association
       content {
-        event_type   = "viewer-request"
-        function_arn = function_association.value
+        event_type   = function_association.value.event_type
+        function_arn = function_association.value.arn
       }
     }
   }

diff --git a/terraform/modules/aws-s3-website/variables.tf b/terraform/modules/aws-s3-website/variables.tf
@@ -37,10 +37,10 @@ variable "certificate_arn" {
   default     = ""
 }
 
-variable "cloudfront_function_arn" {
+variable "cloudfront_functions" {
   description = "Function arn"
-  type        = list(string)
-  default     = []
+  type        = any #map(map(string))
+  default     = {}
 }
 
 variable "lambda_function_arn" {

diff --git a/terraform/modules/lambda-at-edge/README.md b/terraform/modules/lambda-at-edge/README.md
diff --git a/terraform/modules/lambda-at-edge/main.tf b/terraform/modules/lambda-at-edge/main.tf
diff --git a/terraform/modules/lambda-at-edge/output.tf b/terraform/modules/lambda-at-edge/output.tf
diff --git a/terraform/modules/lambda-at-edge/variables.tf b/terraform/modules/lambda-at-edge/variables.tf
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,6 +12,7 @@ terraform { @@
       }
     }
     #############
     ## Setup provider
     #############
@@ Expand Down @@