-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsst.config.ts
138 lines (120 loc) · 3.53 KB
/
sst.config.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
/// <reference path='./.sst/platform/config.d.ts' />
import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
export default $config({
app(input) {
return {
name: 'starter',
removal: input?.stage === 'production' ? 'retain' : 'remove',
home: 'aws',
providers: {
aws: {
// profile: 'starter', // AWS CLI profile to use
},
},
};
},
async run() {
// Fetch the AWS account ID dynamically
const stsClient = new STSClient({});
const identity = await stsClient.send(new GetCallerIdentityCommand({}));
const accountId = identity.Account;
// Fetch the region dynamically
const region = aws.getRegionOutput().name;
// Cognito User Pool
const userPool = new sst.aws.CognitoUserPool('AuthUserPool', {
usernames: ['email'],
mfa: 'on', // Enable MFA
softwareToken: true, // Use software-based MFA
});
// Cognito App Client
const authClient = userPool.addClient('AuthClient', {
transform: {
client: {
explicitAuthFlows: ['USER_PASSWORD_AUTH'],
callbackUrls: ['http://localhost:4200/auth'],
logoutUrls: ['http://localhost:4200/logout'],
},
},
});
// Cognito Identity Pool
const identityPool = new sst.aws.CognitoIdentityPool('MyIdentityPool', {
userPools: [
{
userPool: userPool.id,
client: authClient.id,
},
],
});
// API Gateway
const api = new sst.aws.ApiGatewayV2('StarterAuthAPI');
api.route('POST /mfa/signup', {
handler: 'functions/mfa/signup.handler',
link: [authClient, userPool],
});
api.route('POST /mfa/email-verification', {
handler: 'functions/mfa/verifyEmail.handler',
link: [authClient],
});
api.route('POST /mfa/auth', {
handler: 'functions/mfa/auth.handler',
link: [authClient],
});
api.route('POST /mfa/setup', {
handler: 'functions/mfa/setup.handler',
link: [authClient],
});
api.route('POST /mfa/register', {
handler: 'functions/mfa/register.handler',
link: [authClient],
});
api.route('POST /mfa/verify', {
handler: 'functions/mfa/verify.handler',
link: [authClient],
});
api.route('POST /mfa/validate', {
handler: 'functions/mfa/validate.handler',
link: [authClient],
});
api.route('POST /mfa/refresh', {
handler: 'functions/mfa/refresh.handler',
link: [authClient],
});
// JWT Authorizer for API Gateway
const jwtAuthorizer = api.addAuthorizer({
name: 'JWTAuthorizer',
jwt: {
issuer: $interpolate`https://cognito-idp.${region}.amazonaws.com/${userPool.id}`,
audiences: [authClient.id],
},
});
// API Route
api.route('GET /', 'route.handler', {
auth: {
jwt: {
authorizer: jwtAuthorizer.id,
},
},
});
// Static Site for the frontend
new sst.aws.StaticSite('StarterFrontend', {
dev: {
command: 'npm run start', // Dev command for local development
},
build: {
output: 'dist/browser', // Build output folder
command: 'ng build --output-path dist', // Build command
},
environment: {
NG_APP_API_URL: api.url,
NG_APP_COGNITO_USERPOOL_ID: userPool.id,
NG_APP_COGNITO_CLIENT_ID: authClient.id,
NG_APP_AWS_REGION: region,
},
});
return {
UserPool: userPool.id,
AuthClient: authClient.id,
IdentityPool: identityPool.id,
};
},
});