ZotNFoundClone/sst.config.ts at master · icssc/ZotNFoundClone · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
/// <reference path="./.sst/platform/config.d.ts" />

export default $config({
  app(input) {
    return {
      name: "zotnfoundclone",
      removal: input?.stage === "production" ? "retain" : "remove",
      protect: ["production"].includes(input?.stage),
      home: "aws",
    };
  },
  async run() {
    const requireEnv = (name: string) => {
      const value = process.env[name];
      if (!value) {
        throw new Error(`Missing required environment variable: ${name}`);
      }
      return value;
    };

    const getFirstEnv = (...names: string[]) => {
      for (const name of names) {
        const value = process.env[name];
        if (value) {
          return value;
        }
      }
      return undefined;
    };

    $transform(aws.lambda.FunctionUrl, (args, opts, name) => {
      // Allow the function to be invoked via the URL, (AWS Lambda URL allowed by default)
      new aws.lambda.Permission(`${name}InvokeUrlPermission`, {
        action: "lambda:InvokeFunctionUrl",
        function: args.functionName,
        principal: "*",
        functionUrlAuthType: args.authorizationType,
        statementId: `${name}InvokeUrlAllow`,
      });
      // Allow the function to be invoked via the API Gateway (AWS API Gateway allowed)
      new aws.lambda.Permission(`${name}InvokePermission`, {
        action: "lambda:InvokeFunction",
        function: args.functionName,
        principal: "*",
        statementId: `${name}InvokeAllow`,
      });
    });

    const envTarget = $app.stage;
    const isProdTarget = envTarget === "production";
    const domain = isProdTarget ? "zotnfound.com" : "clone.zotnfound.com";
    const dbSchema = isProdTarget ? "public" : "dev";
    const dbUser = isProdTarget
      ? (getFirstEnv("AWS_PROD_USER") ?? "zotnfound_prod_user")
      : (getFirstEnv("AWS_STAGING_USER", "AWS_USER") ??
        "zotnfound_staging_user");
    const dbPassword = isProdTarget
      ? getFirstEnv("AWS_PROD_PASSWORD")
      : getFirstEnv("AWS_STAGING_PASSWORD", "AWS_PASSWORD");

    if (!dbPassword) {
      throw new Error(
        `Missing required database password for ${envTarget}. ` +
          `Set ${isProdTarget ? "AWS_PROD_PASSWORD" : "AWS_STAGING_PASSWORD"} in your environment.`
      );
    }

    const icsscClientId = isProdTarget
      ? (getFirstEnv("ICSSC_AUTH_PROD_CLIENT_ID") ?? "zotnfound")
      : (getFirstEnv("ICSSC_AUTH_STAGING_CLIENT_ID") ?? "zotnfound-clone");
    const icsscClientSecret = isProdTarget
      ? getFirstEnv("ICSSC_AUTH_PROD_CLIENT_SECRET", "ICSSC_AUTH_CLIENT_SECRET")
      : getFirstEnv(
          "ICSSC_AUTH_STAGING_CLIENT_SECRET",
          "ICSSC_AUTH_CLIENT_SECRET"
        );

    const sharedDbEnvironment = {
      AWS_USER: dbUser,
      AWS_PASSWORD: dbPassword,
      AWS_HOST: requireEnv("AWS_HOST"),
      AWS_PORT: requireEnv("AWS_PORT"),
      AWS_DB_NAME: requireEnv("AWS_DB_NAME"),
      DB_SCHEMA: dbSchema,
    };

    const bucket = new sst.aws.Bucket("ItemImages", {
      access: "public",
    });
    const topic = new sst.aws.SnsTopic("SearchKeyword");
    const _site = new sst.aws.Nextjs("ZotNFound", {
      link: [bucket, topic],
      domain,
      openNextVersion: "https://pkg.pr.new/@opennextjs/aws@main",
      environment: {
        ...sharedDbEnvironment,
        NODE_ENV: "production",
        APP_STAGE: $app.stage,
        APP_ENV_TARGET: envTarget,
        BETTER_AUTH_URL: `https://${domain}`,
        BETTER_AUTH_SECRET: requireEnv("BETTER_AUTH_SECRET"),
        ICSSC_AUTH_DISCOVERY_URL:
          process.env.ICSSC_AUTH_DISCOVERY_URL ??
          "https://auth.icssc.club/.well-known/openid-configuration",
        ICSSC_AUTH_CLIENT_ID: icsscClientId,
        ICSSC_AUTH_CLIENT_SECRET: icsscClientSecret ?? "",
        NEXT_PUBLIC_APP_EMAIL:
          process.env.NEXT_PUBLIC_APP_EMAIL ?? "zotnfound-admin@zotnfound.com",
        NEXT_PUBLIC_MAPBOX_DARK_URL: requireEnv("NEXT_PUBLIC_MAPBOX_DARK_URL"),
        NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN:
          process.env.NEXT_PUBLIC_MAPBOX_ACCESS_TOKEN ?? "",
        NEXT_PUBLIC_MAPBOX_STYLE_URL:
          process.env.NEXT_PUBLIC_MAPBOX_STYLE_URL ?? "",
        NEXT_PUBLIC_POSTHOG_KEY: process.env.NEXT_PUBLIC_POSTHOG_KEY ?? "",
        NEXT_PUBLIC_POSTHOG_HOST:
          process.env.NEXT_PUBLIC_POSTHOG_HOST ?? "https://us.i.posthog.com",
        POSTHOG_API_KEY: process.env.POSTHOG_API_KEY ?? "",
        POSTHOG_HOST: process.env.POSTHOG_HOST ?? "https://us.i.posthog.com",
        RESEND_API_KEY: process.env.RESEND_API_KEY ?? "",
        SEARCH_KEYWORD_TOPIC_ARN: topic.arn,
      },
      permissions: [
        {
          actions: ["sns:Publish"],
          resources: ["*"],
        },
      ],
    });

    topic.subscribe("SearchKeywordSubscriber", {
      handler: "src/server/keywords.handler",
      environment: {
        ...sharedDbEnvironment,
        NODE_ENV: "production",
      },
      permissions: [
        {
          actions: ["sns:Publish"],
          resources: ["*"],
        },
      ],
    });
  },
});