fix: Korjaa ilmoitustaulusyötteen tunnistautuminen (#283)

finnishtransportagency · Jun 22, 2022 · 9c92143 · 9c92143
1 parent b5fb35c
commit 9c92143
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/deployment/lib/hassu-frontend.ts b/deployment/lib/hassu-frontend.ts
@@ -13,7 +13,7 @@ import {
   OriginRequestPolicy,
   OriginSslPolicy,
   PriceClass,
-  ViewerProtocolPolicy
+  ViewerProtocolPolicy,
 } from "@aws-cdk/aws-cloudfront";
 import { Config } from "./config";
 import { HttpOrigin } from "@aws-cdk/aws-cloudfront-origins/lib/http-origin";
@@ -28,7 +28,7 @@ import {
   PolicyDocument,
   PolicyStatement,
   Role,
-  ServicePrincipal
+  ServicePrincipal,
 } from "@aws-cdk/aws-iam";
 import * as fs from "fs";
 import { EdgeFunction } from "@aws-cdk/aws-cloudfront/lib/experimental";
@@ -152,6 +152,7 @@ export class HassuFrontendStack extends cdk.Stack {
       invalidationPaths: ["/*"],
     });
     this.configureNextJSAWSPermissions(nextJSLambdaEdge);
+    HassuFrontendStack.configureNextJSRequestHeaders(nextJSLambdaEdge);
 
     const distribution: cloudfront.Distribution = nextJSLambdaEdge.distribution;
     new cdk.CfnOutput(this, "CloudfrontPrivateDNSName", {
@@ -176,6 +177,16 @@ export class HassuFrontendStack extends cdk.Stack {
     this.props.internalBucket.grantReadWrite(nextJSLambdaEdge.edgeLambdaRole);
   }
 
+  private static configureNextJSRequestHeaders(nextJSLambdaEdge: NextJSLambdaEdge) {
+    // Enable forwarding the headers to the nextjs API lambda to get the authorization header
+    const additionalBehaviors = (nextJSLambdaEdge.distribution as any).additionalBehaviors;
+    for (const additionalBehavior of additionalBehaviors) {
+      if (additionalBehavior.props.pathPattern == "api/*") {
+        additionalBehavior.props.originRequestPolicy = OriginRequestPolicy.ALL_VIEWER;
+      }
+    }
+  }
+
   private createFrontendRequestFunction(
     env: string,
     basicAuthenticationUsername: string,

diff --git a/package.json b/package.json
@@ -228,6 +228,8 @@
     "log:dynamodb-stream-handler": "aws logs tail --follow --since 1h /aws/lambda/hassu-dynamodb-stream-handler-$ENVIRONMENT",
     "log:dynamodb-stream-handler:dev": "aws logs tail --follow --since 1h /aws/lambda/hassu-dynamodb-stream-handler-dev",
     "log:email": "aws logs tail --follow --since 1h /aws/lambda/hassu-email-$ENVIRONMENT",
+    "log:frontend:nextjsapi": "cross-env AWS_REGION=eu-central-1 aws logs tail --follow --since 1h /aws/lambda/us-east-1.NextJsApp-${ENVIRONMENT}ApiV2",
+    "log:frontend:nextjsapi:dev": "cross-env AWS_REGION=eu-central-1 aws logs tail --follow --since 1h /aws/lambda/us-east-1.NextJsApp-devApiV2",
     "sonar": "node -r dotenv/config ./deployment/bin/sonar.js dotenv_config_path=.env.local",
     "opensearch:getmapping": "cross-env DOTENV_CONFIG_PATH=.env.test ts-node --project=backend/tsconfig.json -r dotenv/config ./deployment/bin/opensearch.ts getmapping projekti backend/src/projektiSearch/projekti-mapping.json",
     "opensearch:getsettings": "cross-env DOTENV_CONFIG_PATH=.env.test ts-node --project=backend/tsconfig.json -r dotenv/config ./deployment/bin/opensearch.ts getsettings projekti backend/src/projektiSearch/projekti-settings.json",