use cloudfront KV store to handle redirect mechanism instead of dynamo

Author: devksingh4

cloudformation/main.yml

@@ -164,6 +164,7 @@ Resources:
         Variables:
           RunEnvironment: !Ref RunEnvironment
           EntraRoleArn: !GetAtt AppSecurityRoles.Outputs.EntraFunctionRoleArn
+          LinkryKvArn: !GetAtt LinkryRecordsCloudfrontStore.Arn
       VpcConfig:
         Ipv6AllowedForDualStack: !If [ShouldAttachVpc, True, !Ref AWS::NoValue]
         SecurityGroupIds:
@@ -898,7 +899,7 @@ Resources:
         async function handler(event) {
           const request = event.request;
           const path = request.uri.replace(/^\/+/, '');
-          let redirectUrl = "https://acm.illinois.edu";
+          let redirectUrl = "https://acm.illinois.edu/404";
           try {
             const value = await kvs.get(path);
             if (value) {

src/api/functions/cloudfrontKvStore.ts

@@ -0,0 +1,151 @@
+import {
+  CloudFrontKeyValueStoreClient,
+  ConflictException,
+  DeleteKeyCommand,
+  DescribeKeyValueStoreCommand,
+  GetKeyCommand,
+  PutKeyCommand,
+} from "@aws-sdk/client-cloudfront-keyvaluestore";
+import { environmentConfig } from "common/config.js";
+import {
+  DatabaseDeleteError,
+  DatabaseFetchError,
+  DatabaseInsertError,
+} from "common/errors/index.js";
+import { RunEnvironment } from "common/roles.js";
+import "@aws-sdk/signature-v4-crt";
+
+const INITIAL_CONFLICT_WAIT_PERIOD = 150;
+const CONFLICT_NUM_RETRIES = 3;
+
+function sleep(ms: number) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+export const setKey = async ({
+  key,
+  value,
+  arn,
+  kvsClient,
+}: {
+  key: string;
+  value: string;
+  arn: string;
+  kvsClient: CloudFrontKeyValueStoreClient;
+}) => {
+  let numRetries = 0;
+  let currentWaitPeriod = INITIAL_CONFLICT_WAIT_PERIOD;
+  while (numRetries < CONFLICT_NUM_RETRIES) {
+    const command = new DescribeKeyValueStoreCommand({ KvsARN: arn });
+    const response = await kvsClient.send(command);
+    const etag = response.ETag;
+    const putCommand = new PutKeyCommand({
+      IfMatch: etag,
+      Key: key,
+      Value: value,
+      KvsARN: arn,
+    });
+    try {
+      await kvsClient.send(putCommand);
+      return;
+    } catch (e) {
+      if (e instanceof ConflictException) {
+        numRetries++;
+        await sleep(currentWaitPeriod);
+        currentWaitPeriod *= 2;
+        continue;
+      } else {
+        throw e;
+      }
+    }
+  }
+  throw new DatabaseInsertError({
+    message: "Failed to save redirect to Cloudfront KV store.",
+  });
+};
+
+export const deleteKey = async ({
+  key,
+  arn,
+  kvsClient,
+}: {
+  key: string;
+  arn: string;
+  kvsClient: CloudFrontKeyValueStoreClient;
+}) => {
+  let numRetries = 0;
+  let currentWaitPeriod = INITIAL_CONFLICT_WAIT_PERIOD;
+  while (numRetries < CONFLICT_NUM_RETRIES) {
+    const command = new DescribeKeyValueStoreCommand({ KvsARN: arn });
+    const response = await kvsClient.send(command);
+    const etag = response.ETag;
+    const putCommand = new DeleteKeyCommand({
+      IfMatch: etag,
+      Key: key,
+      KvsARN: arn,
+    });
+    try {
+      await kvsClient.send(putCommand);
+      return;
+    } catch (e) {
+      if (e instanceof ConflictException) {
+        numRetries++;
+        await sleep(currentWaitPeriod);
+        currentWaitPeriod *= 2;
+        continue;
+      } else {
+        throw e;
+      }
+    }
+  }
+  throw new DatabaseDeleteError({
+    message: "Failed to save delete to Cloudfront KV store.",
+  });
+};
+
+export const getKey = async ({
+  key,
+  arn,
+  kvsClient,
+}: {
+  key: string;
+  arn: string;
+  kvsClient: CloudFrontKeyValueStoreClient;
+}) => {
+  let numRetries = 0;
+  let currentWaitPeriod = INITIAL_CONFLICT_WAIT_PERIOD;
+  while (numRetries < CONFLICT_NUM_RETRIES) {
+    const getCommand = new GetKeyCommand({
+      Key: key,
+      KvsARN: arn,
+    });
+    try {
+      const response = await kvsClient.send(getCommand);
+      return response.Value;
+    } catch (e) {
+      if (e instanceof ConflictException) {
+        numRetries++;
+        await sleep(currentWaitPeriod);
+        currentWaitPeriod *= 2;
+        continue;
+      } else {
+        throw e;
+      }
+    }
+  }
+  throw new DatabaseFetchError({
+    message: "Failed to retrieve value from Cloudfront KV store.",
+  });
+};
+
+export const getLinkryKvArn = async (runEnvironment: RunEnvironment) => {
+  if (process.env.LinkryKvArn) {
+    return process.env.LinkryKvArn;
+  }
+  if (environmentConfig[runEnvironment].LinkryCloudfrontKvArn) {
+    return environmentConfig[runEnvironment].LinkryCloudfrontKvArn;
+  }
+  throw new DatabaseInsertError({
+    message: "Could not find the Cloudfront Key-Value store ARN",
+  });
+};

src/api/index.ts

@@ -63,8 +63,6 @@ async function init(prettyPrint: boolean = false) {
       const customDomainBaseMappers: Record<string, string> = {
         "ical.acm.illinois.edu": `/api/v1/ical${url}`,
         "ical.aws.qa.acmuiuc.org": `/api/v1/ical${url}`,
-        "go.acm.illinois.edu": `/api/v1/linkry/redir${url}`,
-        "go.aws.qa.acmuiuc.org": `/api/v1/linkry/redir${url}`,
       };
       if (hostname in customDomainBaseMappers) {
         return customDomainBaseMappers[hostname];

src/api/package.json

@@ -15,11 +15,13 @@
     "prettier:write": "prettier --write *.ts **/*.ts"
   },
   "dependencies": {
+    "@aws-sdk/client-cloudfront-keyvaluestore": "^3.787.0",
     "@aws-sdk/client-dynamodb": "^3.624.0",
     "@aws-sdk/client-secrets-manager": "^3.624.0",
     "@aws-sdk/client-ses": "^3.734.0",
     "@aws-sdk/client-sqs": "^3.738.0",
     "@aws-sdk/client-sts": "^3.758.0",
+    "@aws-sdk/signature-v4-crt": "^3.787.0",
     "@aws-sdk/util-dynamodb": "^3.624.0",
     "@azure/msal-node": "^2.16.1",
     "@fastify/auth": "^5.0.1",