Merge pull request #40 from rehanvdm/feature/release-v1.1.1

feat: release v1.1.1

Author: rehanvdm

README.md

@@ -68,7 +68,8 @@ export class App extends cdk.Stack {
       /* Optional, if not specified uses default CloudFront and Cognito domains */
       domain: {
         name: 'demo.serverless-website-analytics.com',
-        certificate: wildCardCertUsEast1,
+        /* The certificate must be in us-east-1 */
+        usEast1Certificate: wildCardCertUsEast1,
         /* Optional, if not specified then no DNS records will be created. You will have to create the DNS records yourself. */
         hostedZone: route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
           hostedZoneId: 'Z00387321EPPVXNC20CIS',
@@ -117,6 +118,19 @@ For a full list of options see the [API.md](https://github.com/rehanvdm/serverle
 
 You can see an example implementation of the demo site [here](https://github.com/rehanvdm/serverless-website-analytics-test)
 
+#### Certificate Requirements
+When specifying a domain, the certificate must be in `us-east-1` but your stack can be in ANY region. This is because
+CloudFront requires the certificate to be in `us-east-1`.
+
+You have one of two choices:
+  - Create the certificate in `us-east-1` manually (Click Ops) and import it from the Cert ARN as in the [demo example](https://github.com/rehanvdm/serverless-website-analytics-test/blob/main/lib/app.ts#L16).
+  - Create a `us-east-1` stack that your main stack (that contains this construct) depends. This main stack can be in any region.
+    Create the Certificate in the `us-east-1` stack and export the cert ARN. Then import the cert ARN in your main stack.
+    Ensure that you have the [crossRegionReferences](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.Stack.html#crossregionreferences) flag set
+    on both stacks so that the CDK can export and import the Cert ARN via SSM. This is necessary because CloudFormation
+    can not export and import values across regions. Alternatively you can DIY it, here is a blog from [AWS](https://aws.amazon.com/blogs/infrastructure-and-automation/read-parameters-across-aws-regions-with-aws-cloudformation-custom-resources/)
+    and a quick example from [SO](https://stackoverflow.com/questions/59774627/cloudformation-cross-region-reference).
+
 ### Client side setup
 
 There are **two ways to use the client**:

docs/API.md

@@ -68,7 +68,8 @@ export class App extends cdk.Stack {
       /* Optional, if not specified uses default CloudFront and Cognito domains */
       domain: {
         name: 'demo.serverless-website-analytics.com',
-        certificate: wildCardCertUsEast1,
+        /* The certificate must be in us-east-1 */
+        usEast1Certificate: wildCardCertUsEast1,
         /* Optional, if not specified then no DNS records will be created. You will have to create the DNS records yourself. */
         hostedZone: route53.HostedZone.fromHostedZoneAttributes(this, 'HostedZone', {
           hostedZoneId: 'Z00387321EPPVXNC20CIS',
@@ -117,6 +118,19 @@ For a full list of options see the [API.md](https://github.com/rehanvdm/serverle
 
 You can see an example implementation of the demo site [here](https://github.com/rehanvdm/serverless-website-analytics-test)
 
+#### Certificate Requirements
+When specifying a domain, the certificate must be in `us-east-1` but your stack can be in ANY region. This is because
+CloudFront requires the certificate to be in `us-east-1`.
+
+You have one of two choices:
+  - Create the certificate in `us-east-1` manually (Click Ops) and import it from the Cert ARN as in the [demo example](https://github.com/rehanvdm/serverless-website-analytics-test/blob/main/lib/app.ts#L16).
+  - Create a `us-east-1` stack that your main stack (that contains this construct) depends. This main stack can be in any region.
+    Create the Certificate in the `us-east-1` stack and export the cert ARN. Then import the cert ARN in your main stack.
+    Ensure that you have the [crossRegionReferences](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.Stack.html#crossregionreferences) flag set
+    on both stacks so that the CDK can export and import the Cert ARN via SSM. This is necessary because CloudFormation
+    can not export and import values across regions. Alternatively you can DIY it, here is a blog from [AWS](https://aws.amazon.com/blogs/infrastructure-and-automation/read-parameters-across-aws-regions-with-aws-cloudformation-custom-resources/)
+    and a quick example from [SO](https://stackoverflow.com/questions/59774627/cloudformation-cross-region-reference).
+
 ### Client side setup
 
 There are **two ways to use the client**:
@@ -553,37 +567,40 @@ const domain: Domain = { ... }
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#serverless-website-analytics.Domain.property.certificate">certificate</a></code> | <code>aws-cdk-lib.aws_certificatemanager.ICertificate</code> | The certificate to use for the domain. |
 | <code><a href="#serverless-website-analytics.Domain.property.name">name</a></code> | <code>string</code> | Name of the domain to use for the site, example: `serverless-website-analytics.com`. |
+| <code><a href="#serverless-website-analytics.Domain.property.certificate">certificate</a></code> | <code>aws-cdk-lib.aws_certificatemanager.ICertificate</code> | The certificate to use for the domain. |
 | <code><a href="#serverless-website-analytics.Domain.property.hostedZone">hostedZone</a></code> | <code>aws-cdk-lib.aws_route53.IHostedZone</code> | Optional, if not specified then no DNS records will be created. |
 | <code><a href="#serverless-website-analytics.Domain.property.trackOwnDomain">trackOwnDomain</a></code> | <code>boolean</code> | Optional, if specified, it adds tracking to the dashboard. |
+| <code><a href="#serverless-website-analytics.Domain.property.usEast1Certificate">usEast1Certificate</a></code> | <code>aws-cdk-lib.aws_certificatemanager.ICertificate</code> | The certificate to use for the domain. |
 
 ---
 
-##### `certificate`<sup>Required</sup> <a name="certificate" id="serverless-website-analytics.Domain.property.certificate"></a>
+##### `name`<sup>Required</sup> <a name="name" id="serverless-website-analytics.Domain.property.name"></a>
 
 ```typescript
-public readonly certificate: ICertificate;
+public readonly name: string;
 ```
 
-- *Type:* aws-cdk-lib.aws_certificatemanager.ICertificate
-
-The certificate to use for the domain.
+- *Type:* string
 
-This certificate must be in the `us-east-1` region. It must be for the
-domain specified in `domain.name` and {auth.cognito.loginSubDomain}.{domain.name}`
+Name of the domain to use for the site, example: `serverless-website-analytics.com`.
 
 ---
 
-##### `name`<sup>Required</sup> <a name="name" id="serverless-website-analytics.Domain.property.name"></a>
+##### ~~`certificate`~~<sup>Optional</sup> <a name="certificate" id="serverless-website-analytics.Domain.property.certificate"></a>
+
+- *Deprecated:* Use `usEast1Certificate` instead.
 
 ```typescript
-public readonly name: string;
+public readonly certificate: ICertificate;
 ```
 
-- *Type:* string
+- *Type:* aws-cdk-lib.aws_certificatemanager.ICertificate
 
-Name of the domain to use for the site, example: `serverless-website-analytics.com`.
+The certificate to use for the domain.
+
+This certificate must be in the `us-east-1` region. It must be for the
+domain specified in `domain.name` and {auth.cognito.loginSubDomain}.{domain.name}`
 
 ---
 
@@ -619,6 +636,23 @@ the serverless-website-analytics dashboard page.
 
 ---
 
+##### `usEast1Certificate`<sup>Optional</sup> <a name="usEast1Certificate" id="serverless-website-analytics.Domain.property.usEast1Certificate"></a>
+
+```typescript
+public readonly usEast1Certificate: ICertificate;
+```
+
+- *Type:* aws-cdk-lib.aws_certificatemanager.ICertificate
+
+The certificate to use for the domain.
+
+This certificate must be in the `us-east-1` region. It must be for the
+domain specified in `domain.name` and {auth.cognito.loginSubDomain}.{domain.name}`
+
+Required when specifying Domain.
+
+---
+
 ### Observability <a name="Observability" id="serverless-website-analytics.Observability"></a>
 
 #### Initializer <a name="Initializer" id="serverless-website-analytics.Observability.Initializer"></a>

src/frontend.ts

@@ -72,7 +72,7 @@ export function frontend(
     ? {}
     : {
         domainNames: [props.domain.name],
-        certificate: props.domain.certificate,
+        certificate: props.domain.usEast1Certificate,
       };
 
   const defaultBucketOrigin = new origins.HttpOrigin(frontendBucket.bucketWebsiteDomainName, {
@@ -207,7 +207,7 @@ export function frontend(
       const cognitoDomain = authProps.userPool!.addDomain('custom-domain', {
         customDomain: {
           domainName: `${props.auth.cognito.loginSubDomain}.${props.domain.name}`,
-          certificate: props.domain.certificate,
+          certificate: props.domain.usEast1Certificate!,
         },
       });
       new cdk.CfnOutput(scope, name('CognitoHostedUrl'), {

src/index.ts

@@ -1,4 +1,3 @@
-import { Arn, ArnFormat } from 'aws-cdk-lib';
 import * as cert from 'aws-cdk-lib/aws-certificatemanager';
 import * as route53 from 'aws-cdk-lib/aws-route53';
 import * as sns from 'aws-cdk-lib/aws-sns';
@@ -82,8 +81,17 @@ export interface Domain {
   /**
    * The certificate to use for the domain. This certificate must be in the `us-east-1` region. It must be for the
    * domain specified in `domain.name` and {auth.cognito.loginSubDomain}.{domain.name}`
+   * @deprecated Use `usEast1Certificate` instead.
    */
-  readonly certificate: cert.ICertificate;
+  readonly certificate?: cert.ICertificate;
+
+  /**
+   * The certificate to use for the domain. This certificate must be in the `us-east-1` region. It must be for the
+   * domain specified in `domain.name` and {auth.cognito.loginSubDomain}.{domain.name}`
+   *
+   * Required when specifying Domain.
+   */
+  readonly usEast1Certificate?: cert.ICertificate;
 
   /**
    * Optional, if not specified then no DNS records will be created. You will have to create the DNS records yourself.
@@ -222,12 +230,7 @@ export class Swa extends Construct {
       return id + '-' + resourceId;
     }
 
-    if (props.domain?.certificate) {
-      const certRegion = Arn.split(props.domain.certificate.certificateArn, ArnFormat.COLON_RESOURCE_NAME).region;
-      if (certRegion !== 'us-east-1') {
-        throw new Error(`Certificate must be in us-east-1, not in ${certRegion}, this is a requirement for CloudFront`);
-      }
-    }
+    /* Other pre-CloudFormation checks here */
 
     if (props.firehoseBufferInterval && (props.firehoseBufferInterval < 60 || props.firehoseBufferInterval > 900)) {
       throw new Error('`firehoseBufferInterval` must be between 60 and 900 seconds');
@@ -238,6 +241,23 @@ export class Swa extends Construct {
       props.allowedOrigins.push(`https://${props.domain.name}`);
     }
 
+    /* Remapping `domain.certificate` to `domain.usEast1Certificate` */
+    if (props.domain) {
+      if (!props.domain?.usEast1Certificate && !props.domain?.certificate)
+        throw new Error('`domain.usEast1Certificate` must be specified');
+
+      if (props.domain?.certificate) {
+        props = {
+          ...props,
+          domain: {
+            ...props.domain,
+            usEast1Certificate: props.domain.certificate,
+            certificate: undefined,
+          },
+        };
+      }
+    }
+
     const authProps = auth(scope, name, props);
     const backendAnalyticsProps = backendAnalytics(scope, name, props);
     const backendProps = backend(scope, name, props, authProps, backendAnalyticsProps);

src/src/backend/layer-geolite2/GeoLite2-City.mmdb

@@ -8,12 +8,21 @@ export const getSystemStore = defineStore('counter', () => {
 
   const frontendEnvironmentQueried = ref(false);
   const frontendEnvironment: Ref<FrontendEnvironment> = ref({});
-  const cognitoLoginUrlWithRedirect = computed(
-    () =>
+  const cognitoLoginUrlWithRedirect = computed(() => {
+    const urlSplitByQuery = window.location.href.split('?');
+
+    let ret =
       frontendEnvironment.value.cognitoLoginUrl +
       '&redirect_uri=' +
-      encodeURIComponent(window.location.href) +
-      'login_callback'
-  );
+      encodeURIComponent(urlSplitByQuery[0]) +
+      'login_callback';
+
+    if (urlSplitByQuery.length > 1) {
+      // Have to double encode because Cognito decodes when sending this back and we need it preserved
+      ret += '&state=' + encodeURIComponent(encodeURIComponent(urlSplitByQuery[1]));
+    }
+
+    return ret;
+  });
   return { apiJwtToken, frontendEnvironmentQueried, frontendEnvironment, cognitoLoginUrlWithRedirect };
 });

src/src/frontend/src/stores/system.ts

@@ -10,11 +10,22 @@ import router from '@frontend/src/router';
 
 onMounted(() => {
   const idToken = new URLSearchParams(window.location.hash).get('#id_token');
+  let state = new URLSearchParams(window.location.href).get('state');
+  let queryObject: Record<string, string> | undefined = undefined;
+  if(state)
+  {
+      state = decodeURIComponent(state);
+      queryObject = state.split("&").reduce((acc: Record<string, string>, pair) => {
+          const [key, value] = pair.split("=");
+          acc[key] = value;
+          return acc;
+      }, {});
+  }
   if(idToken)
   {
     const systemStore = getSystemStore();
     systemStore.$patch({apiJwtToken: idToken});
-    router.push({name: 'page_stats'});
+    router.push({name: 'page_stats', query: queryObject});
   }
 
 });

src/src/frontend/src/views/login_callback.vue

@@ -234,9 +234,9 @@ const showClearFilters = computed(() => {
     filter.value.utm_content;
 });
 
-watch([sites, dateFilter, filter], () => {
+watch([selectedSitesConfirmed, dateFilter, filter], () => {
   router.push({ query: {
-    sites: encodeURIComponent(selectedSites.value.join(',')),
+    sites: encodeURIComponent(selectedSitesConfirmed.value.join(',')),
     date: encodeURIComponent(dateFilter.value.map(d => d.toISOString()).join(',')),
     filter: Object.values(filter.value).filter(v => v).length ? encodeURIComponent(JSON.stringify(filter!.value)) : undefined,
     }

src/src/frontend/src/views/page_stats/index.vue

@@ -90,8 +90,8 @@ describe('Auth', () => {
           },
         },
       });
-      const assert = Template.fromStack(stack);
-    } catch (e) {
+      Template.fromStack(stack);
+    } catch (e: any) {
       expect(e.message).toBe('Specify only `basicAuth` or `cognito` for `auth` but not both');
     }
   });