Merge branch 'main' of github.com:acm-uiuc/core into siglead-management

Tarash Agarwal · Tarash Agarwal · commit 23361949fee9 · 2025-06-07T14:12:08.000-05:00
diff --git a/cloudformation/main.yml b/cloudformation/main.yml
@@ -678,6 +678,7 @@ Resources:
     Type: AWS::CloudFront::Distribution
     Properties:
       DistributionConfig:
+        HttpVersion: 'http2and3'
         Origins:
           - Id: S3WebsiteOrigin
             DomainName: !GetAtt AppFrontendS3Bucket.RegionalDomainName
@@ -699,6 +700,7 @@ Resources:
             - UiDomainName
 
         DefaultCacheBehavior:
+          Compress: true
           TargetOriginId: S3WebsiteOrigin
           ViewerProtocolPolicy: redirect-to-https
           AllowedMethods:
@@ -732,6 +734,7 @@ Resources:
               - HEAD
             CachePolicyId: !Ref CloudfrontCachePolicy
             OriginRequestPolicyId: 216adef6-5c7f-47e4-b989-5492eafa07d3
+            Compress: true
           - PathPattern: "/api/v1/organizations"
             TargetOriginId: ApiGatewayOrigin
             ViewerProtocolPolicy: redirect-to-https
@@ -748,6 +751,7 @@ Resources:
               - HEAD
             CachePolicyId: "658327ea-f89d-4fab-a63d-7e88639e58f6"
             OriginRequestPolicyId: 216adef6-5c7f-47e4-b989-5492eafa07d3
+            Compress: true
           - PathPattern: "/api/documentation*"
             TargetOriginId: ApiGatewayOrigin
             ViewerProtocolPolicy: redirect-to-https
@@ -764,6 +768,7 @@ Resources:
               - HEAD
             CachePolicyId: "658327ea-f89d-4fab-a63d-7e88639e58f6"
             OriginRequestPolicyId: 216adef6-5c7f-47e4-b989-5492eafa07d3
+            Compress: true
           - PathPattern: "/api/*"
             TargetOriginId: ApiGatewayOrigin
             ViewerProtocolPolicy: redirect-to-https
@@ -778,16 +783,16 @@ Resources:
             CachedMethods:
               - GET
               - HEAD
-            CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad # caching disabled
+            CachePolicyId: !Ref CloudfrontNoCachePolicy # caching disabled
             OriginRequestPolicyId: 216adef6-5c7f-47e4-b989-5492eafa07d3
+            Compress: true
         ViewerCertificate:
           AcmCertificateArn: !FindInMap
             - ApiGwConfig
             - !Ref RunEnvironment
             - EnvCertificateArn
           MinimumProtocolVersion: TLSv1.2_2021
           SslSupportMethod: sni-only
-        HttpVersion: http2
         PriceClass: PriceClass_100
 
   AppFrontendS3BucketPolicy:
@@ -803,6 +808,25 @@ Resources:
             Action: s3:GetObject
             Resource: !Sub "${AppFrontendS3Bucket.Arn}/*"
 
+  CloudfrontNoCachePolicy:
+    Type: AWS::CloudFront::CachePolicy
+    Properties:
+      CachePolicyConfig:
+        Comment: Cache policy with caching disabled and Gzip/Brotli enabled
+        DefaultTTL: 0
+        MaxTTL: 1
+        MinTTL: 0
+        Name: NoCache-GzipBrotli-Enabled
+        ParametersInCacheKeyAndForwardedToOrigin:
+          CookiesConfig:
+            CookieBehavior: none
+          EnableAcceptEncodingBrotli: true
+          EnableAcceptEncodingGzip: true
+          HeadersConfig:
+            HeaderBehavior: none
+          QueryStringsConfig:
+            QueryStringBehavior: none
+
   CloudfrontCachePolicy:
     Type: AWS::CloudFront::CachePolicy
     Properties:
@@ -860,6 +884,7 @@ Resources:
     Type: AWS::CloudFront::Distribution
     Properties:
       DistributionConfig:
+        HttpVersion: 'http2and3'
         Origins:
           - Id: ApiGatewayOrigin
             DomainName: !Sub "${AppApiGateway}.execute-api.${AWS::Region}.amazonaws.com"
@@ -878,6 +903,7 @@ Resources:
                 - !Ref RunEnvironment
                 - EnvDomainName
         DefaultCacheBehavior:
+          Compress: true
           TargetOriginId: ApiGatewayOrigin
           ViewerProtocolPolicy: redirect-to-https
           AllowedMethods:
@@ -904,7 +930,6 @@ Resources:
             - EnvCertificateArn
           MinimumProtocolVersion: TLSv1.2_2021
           SslSupportMethod: sni-only
-        HttpVersion: http2
         PriceClass: PriceClass_100
 
   LinkryRecordsCloudfrontStore:
@@ -962,6 +987,7 @@ Resources:
     Type: AWS::CloudFront::Distribution
     Properties:
       DistributionConfig:
+        HttpVersion: 'http2and3'
         Enabled: true
         DefaultCacheBehavior:
           ViewerProtocolPolicy: redirect-to-https
@@ -993,7 +1019,6 @@ Resources:
             - EnvCertificateArn
           MinimumProtocolVersion: TLSv1.2_2021
           SslSupportMethod: sni-only
-        HttpVersion: http2
         PriceClass: PriceClass_100
 
   LinkryDomainProxy:
diff --git a/src/common/types/apiKey.ts b/src/common/types/apiKey.ts
@@ -36,7 +36,7 @@ if (policySchemas.length === 0) {
   })
 }
 
-const policyUnion = policySchemas.length > 0
+export const policyUnion = policySchemas.length > 0
   ? z.discriminatedUnion("name", policySchemas as [typeof policySchemas[0], ...typeof policySchemas])
   : z.never();
 
diff --git a/src/ui/pages/apiKeys/ManageKeysTable.tsx b/src/ui/pages/apiKeys/ManageKeysTable.tsx
@@ -1,11 +1,13 @@
 import {
+  Alert,
   Badge,
   Button,
   Center,
   Checkbox,
   Code,
   CopyButton,
   Group,
+  JsonInput,
   List,
   Modal,
   MultiSelect,
@@ -18,6 +20,7 @@ import { DateTimePicker } from "@mantine/dates";
 import {
   IconAlertCircle,
   IconEye,
+  IconHandStop,
   IconPlus,
   IconTrash,
 } from "@tabler/icons-react";
@@ -26,13 +29,15 @@ import {
   apiKeyAllowedRoles,
   ApiKeyMaskedEntry,
   ApiKeyPostBody,
+  policyUnion,
 } from "@common/types/apiKey";
 import { useAuth } from "@ui/components/AuthContext";
 import { notifications } from "@mantine/notifications";
 import pluralize from "pluralize";
 import dayjs from "dayjs";
 import { AppRoles } from "@common/roles";
 import { BlurredTextDisplay } from "../../components/BlurredTextDisplay";
+import { z } from "zod";
 
 const HumanFriendlyDate = ({ date }: { date: number }) => {
   return (
@@ -131,8 +136,8 @@ export const OrgApiKeyTable: React.FC<OrgApiKeyTableProps> = ({
       await fetchKeys();
     } catch (e) {
       notifications.show({
-        title: "Create failed",
-        message: "Unable to create API key.",
+        title: "Unable to create API key.",
+        message: "Please try again or contact support.",
         color: "red",
       });
     }
@@ -188,6 +193,7 @@ export const OrgApiKeyTable: React.FC<OrgApiKeyTableProps> = ({
   const [roles, setRoles] = useState<AppRoles[]>([]);
   const [description, setDescription] = useState("");
   const [expiresAt, setExpiresAt] = useState<Date | null>(null);
+  const [policyDocument, setPolicyDocument] = useState("");
 
   return (
     <>
@@ -309,17 +315,62 @@ export const OrgApiKeyTable: React.FC<OrgApiKeyTableProps> = ({
           clearable
           mt="md"
         />
+        <JsonInput
+          label="Policy Document (optional)"
+          description={
+            <Alert
+              icon={<IconHandStop />}
+              title="Advanced Feature"
+              color="orange"
+            >
+              Errors in this field will prevent your API key from working!
+              Please consult the API documentation for instructions.
+            </Alert>
+          }
+          value={policyDocument}
+          onChange={setPolicyDocument}
+          placeholder={`[
+            {
+              "name": "EventsHostRestrictionPolicy",
+              "params": {
+                "host": [
+                  "ACM"
+                ]
+              }
+            }
+          ]`}
+          validationError="Invalid JSON"
+          formatOnBlur
+          autosize
+          minRows={6}
+        />
         <Group justify="flex-end" mt="lg">
           <Button
-            onClick={() =>
-              handleCreate({
-                roles,
-                description,
-                expiresAt: expiresAt
-                  ? Math.floor(expiresAt.getTime() / 1000)
-                  : undefined,
-              })
-            }
+            onClick={() => {
+              let parsedPolicyDocument = undefined;
+              try {
+                if (policyDocument && policyDocument.trim() !== "") {
+                  parsedPolicyDocument = z
+                    .array(policyUnion)
+                    .parse(JSON.parse(policyDocument));
+                }
+                handleCreate({
+                  roles,
+                  description,
+                  expiresAt: expiresAt
+                    ? Math.floor(expiresAt.getTime() / 1000)
+                    : undefined,
+                  restrictions: parsedPolicyDocument,
+                });
+              } catch (e) {
+                console.error(e);
+                notifications.show({
+                  title: "Invalid policy document!",
+                  message: "Please correct the policy document and try again.",
+                  color: "red",
+                });
+              }
+            }}
             disabled={roles.length === 0 || description.trim() === ""}
           >
             Create

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ if (policySchemas.length === 0) {`
`36`	`36`	`})`
`37`	`37`	`}`
`38`	`38`
`39`		`-const policyUnion = policySchemas.length > 0`
	`39`	`+export const policyUnion = policySchemas.length > 0`
`40`	`40`	`? z.discriminatedUnion("name", policySchemas as [typeof policySchemas[0], ...typeof policySchemas])`
`41`	`41`	`: z.never();`
`42`	`42`