feat(cdk): add HTTP API

Author: coderbyheart

cdk/resources/CustomDevicesAPI.ts

@@ -12,7 +12,8 @@ import { STACK_NAME } from '../stacks/stackConfig.js'
 import type { PublicDevices } from './PublicDevices.js'
 
 export class CustomDevicesAPI extends Construct {
-	public readonly createCredentialsURL: Lambda.FunctionUrl
+	public readonly createCredentials: Lambda.IFunction
+
 	constructor(
 		parent: Construct,
 		{
@@ -50,7 +51,7 @@ export class CustomDevicesAPI extends Construct {
 			...new LambdaLogGroup(this, 'openSSLFnLogs'),
 		})
 
-		const createCredentials = new Lambda.Function(this, 'createCredentialsFn', {
+		this.createCredentials = new Lambda.Function(this, 'createCredentialsFn', {
 			handler: lambdaSources.createCredentials.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -69,10 +70,7 @@ export class CustomDevicesAPI extends Construct {
 			...new LambdaLogGroup(this, 'createCredentialsFnLogs'),
 			initialPolicy: [SettingsPermissions(Stack.of(this))],
 		})
-		this.createCredentialsURL = createCredentials.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
-		openSSLFn.grantInvoke(createCredentials)
-		publicDevices.publicDevicesTable.grantReadData(createCredentials)
+		openSSLFn.grantInvoke(this.createCredentials)
+		publicDevices.publicDevicesTable.grantReadData(this.createCredentials)
 	}
 }

cdk/resources/DevicesAPI.ts

@@ -5,7 +5,8 @@ import { LambdaLogGroup } from '@bifravst/aws-cdk-lambda-helpers/cdk'
 import type { BackendLambdas } from '../BackendLambdas.js'
 
 export class DevicesAPI extends Construct {
-	public readonly devicesURL: Lambda.FunctionUrl
+	public readonly devicesFn: Lambda.IFunction
+
 	constructor(
 		parent: Construct,
 		{
@@ -20,7 +21,7 @@ export class DevicesAPI extends Construct {
 	) {
 		super(parent, 'devicesAPI')
 
-		const devicesFn = new Lambda.Function(this, 'devicesFn', {
+		this.devicesFn = new Lambda.Function(this, 'devicesFn', {
 			handler: lambdaSources.devicesData.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -45,9 +46,6 @@ export class DevicesAPI extends Construct {
 				}),
 			],
 		})
-		publicDevices.publicDevicesTable.grantReadData(devicesFn)
-		this.devicesURL = devicesFn.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
+		publicDevices.publicDevicesTable.grantReadData(this.devicesFn)
 	}
 }

cdk/resources/LwM2MObjectsHistory.ts

@@ -18,8 +18,9 @@ import type { BackendLambdas } from '../BackendLambdas.js'
  * Store history of LwM2M objects
  */
 export class LwM2MObjectsHistory extends Construct {
+	public readonly historyFn: Lambda.IFunction
+
 	public readonly table: Timestream.CfnTable
-	public readonly historyURL: Lambda.FunctionUrl
 	public constructor(
 		parent: Construct,
 		{
@@ -131,7 +132,7 @@ export class LwM2MObjectsHistory extends Construct {
 			sourceArn: rule.attrArn,
 		})
 
-		const historyFn = new Lambda.Function(this, 'historyFn', {
+		this.historyFn = new Lambda.Function(this, 'historyFn', {
 			handler: lambdaSources.queryHistory.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -166,8 +167,5 @@ export class LwM2MObjectsHistory extends Construct {
 				}),
 			],
 		})
-		this.historyURL = historyFn.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
 	}
 }

cdk/resources/ShareAPI.ts

@@ -10,9 +10,9 @@ import { LambdaLogGroup } from '@bifravst/aws-cdk-lambda-helpers/cdk'
 import type { BackendLambdas } from '../BackendLambdas.js'
 
 export class ShareAPI extends Construct {
-	public readonly shareURL: Lambda.FunctionUrl
-	public readonly confirmOwnershipURL: Lambda.FunctionUrl
-	public readonly sharingStatusURL: Lambda.FunctionUrl
+	public readonly shareFn: Lambda.IFunction
+	public readonly confirmOwnershipFn: Lambda.IFunction
+	public readonly sharingStatusFn: Lambda.IFunction
 	constructor(
 		parent: Construct,
 		{
@@ -32,7 +32,7 @@ export class ShareAPI extends Construct {
 
 		const domain = this.node.getContext('domain')
 
-		const shareFn = new Lambda.Function(this, 'shareFn', {
+		this.shareFn = new Lambda.Function(this, 'shareFn', {
 			handler: lambdaSources.shareDevice.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -65,12 +65,9 @@ export class ShareAPI extends Construct {
 				}),
 			],
 		})
-		publicDevices.publicDevicesTable.grantWriteData(shareFn)
-		this.shareURL = shareFn.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
+		publicDevices.publicDevicesTable.grantWriteData(this.shareFn)
 
-		const confirmOwnershipFn = new Lambda.Function(this, 'confirmOwnershipFn', {
+		this.confirmOwnershipFn = new Lambda.Function(this, 'confirmOwnershipFn', {
 			handler: lambdaSources.confirmOwnership.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -87,12 +84,9 @@ export class ShareAPI extends Construct {
 			},
 			...new LambdaLogGroup(this, 'confirmOwnershipFnLogs'),
 		})
-		publicDevices.publicDevicesTable.grantReadWriteData(confirmOwnershipFn)
-		this.confirmOwnershipURL = confirmOwnershipFn.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
+		publicDevices.publicDevicesTable.grantReadWriteData(this.confirmOwnershipFn)
 
-		const sharingStatusFn = new Lambda.Function(this, 'sharingStatusFn', {
+		this.sharingStatusFn = new Lambda.Function(this, 'sharingStatusFn', {
 			handler: lambdaSources.sharingStatus.handler,
 			architecture: Lambda.Architecture.ARM_64,
 			runtime: Lambda.Runtime.NODEJS_20_X,
@@ -108,9 +102,6 @@ export class ShareAPI extends Construct {
 			},
 			...new LambdaLogGroup(this, 'sharingStatusFnLogs'),
 		})
-		publicDevices.publicDevicesTable.grantReadData(sharingStatusFn)
-		this.sharingStatusURL = sharingStatusFn.addFunctionUrl({
-			authType: Lambda.FunctionUrlAuthType.NONE,
-		})
+		publicDevices.publicDevicesTable.grantReadData(this.sharingStatusFn)
 	}
 }

cdk/resources/api/API.ts

@@ -0,0 +1,65 @@
+import { Construct } from 'constructs'
+import {
+	aws_apigatewayv2 as HttpApi,
+	aws_lambda as Lambda,
+	Stack,
+} from 'aws-cdk-lib'
+import { ApiRoute } from './ApiRoute.js'
+
+export class API extends Construct {
+	public readonly api: HttpApi.CfnApi
+	public readonly stage: HttpApi.CfnStage
+	public readonly deployment: HttpApi.CfnDeployment
+	public readonly URL: string
+
+	constructor(parent: Construct) {
+		super(parent, 'api')
+
+		this.api = new HttpApi.CfnApi(this, 'api', {
+			name: 'hello.nrfcloud.com/map API',
+			protocolType: 'HTTP',
+		})
+
+		this.stage = new HttpApi.CfnStage(this, 'stage', {
+			apiId: this.api.ref,
+			stageName: '2024-04-12',
+			autoDeploy: true,
+		})
+
+		this.deployment = new HttpApi.CfnDeployment(this, 'deployment', {
+			apiId: this.api.ref,
+			stageName: this.stage.stageName,
+		})
+		this.deployment.node.addDependency(this.stage)
+		this.URL = `https://${this.api.ref}.execute-api.${Stack.of(this).region}.amazonaws.com/${this.stage.stageName}/`
+	}
+
+	public addRoute(methodAndRoute: string, fn: Lambda.IFunction): void {
+		const [method, resource] = methodAndRoute.split(' ', 2)
+		if (!isMethod(method)) throw new Error(`${method} is not a HTTP method.`)
+		if (resource === undefined) throw new Error(`Must provide a route`)
+		if (!resource.startsWith('/'))
+			throw new Error(`Route ${resource} must start with a slash!`)
+		const id = resource.replaceAll(/[^a-z0-9]/gi, '_')
+		const { route } = new ApiRoute(this, `${method}-${id}-Route`, {
+			api: this.api,
+			stage: this.stage,
+			function: fn,
+			method,
+			resource,
+		})
+		this.deployment.node.addDependency(route)
+		// Add OPTIONS route for CORS
+		const { route: CORS } = new ApiRoute(this, `OPTIONS-${id}-Route`, {
+			api: this.api,
+			stage: this.stage,
+			function: fn,
+			method: 'OPTIONS' as Lambda.HttpMethod,
+			resource,
+		})
+		this.deployment.node.addDependency(CORS)
+	}
+}
+
+const isMethod = (method?: string): method is Lambda.HttpMethod =>
+	['GET', 'PUT', 'HEAD', 'POST', 'DELETE', 'PATCH'].includes(method ?? '')

cdk/resources/api/ApiRoute.ts

@@ -0,0 +1,56 @@
+import {
+	aws_apigatewayv2 as HttpApi,
+	aws_iam as IAM,
+	aws_lambda as Lambda,
+	Stack,
+} from 'aws-cdk-lib'
+import { Construct } from 'constructs'
+
+export const integrationUri = (parent: Stack, f: Lambda.IFunction): string =>
+	`arn:aws:apigateway:${parent.region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${parent.region}:${parent.account}:function:${f.functionName}/invocations`
+
+export class ApiRoute extends Construct {
+	public readonly route: HttpApi.CfnRoute
+	constructor(
+		parent: Construct,
+		id: string,
+		{
+			function: fn,
+			api,
+			stage,
+			method,
+			resource,
+		}: {
+			function: Lambda.IFunction
+			api: HttpApi.CfnApi
+			stage: HttpApi.CfnStage
+			method: Lambda.HttpMethod
+			resource: string
+		},
+	) {
+		super(parent, id)
+
+		const integration = new HttpApi.CfnIntegration(this, 'Integration', {
+			apiId: api.ref,
+			integrationType: 'AWS_PROXY',
+			integrationUri: integrationUri(Stack.of(parent), fn),
+			integrationMethod: 'POST',
+			payloadFormatVersion: '2.0',
+		})
+
+		this.route = new HttpApi.CfnRoute(this, `Route`, {
+			apiId: api.ref,
+			routeKey: `${method} ${resource}`,
+			target: `integrations/${integration.ref}`,
+			authorizationType: 'NONE',
+		})
+
+		fn.addPermission(
+			`invokeByHttpApi-${method}-${resource.slice(1).replaceAll('/', '_')}`,
+			{
+				principal: new IAM.ServicePrincipal('apigateway.amazonaws.com'),
+				sourceArn: `arn:aws:execute-api:${Stack.of(parent).region}:${Stack.of(parent).account}:${api.ref}/${stage.stageName}/${method}${resource}`,
+			},
+		)
+	}
+}

cdk/stacks/BackendStack.ts

@@ -20,6 +20,7 @@ import { SenMLMessages } from '../resources/SenMLMessage.js'
 import { ContainerRepositoryId } from '../../aws/ecr.js'
 import { repositoryName } from '@bifravst/aws-cdk-ecr-helpers/repository'
 import { ContinuousDeployment } from '@bifravst/ci'
+import { API } from '../resources/api/API.js'
 
 /**
  * Provides resources for the backend serving data to hello.nrfcloud.com/map
@@ -76,22 +77,29 @@ export class BackendStack extends Stack {
 			lambdaSources,
 		})
 
+		const api = new API(this)
+
 		const shareAPI = new ShareAPI(this, {
 			baseLayer,
 			lambdaSources,
 			publicDevices,
 		})
+		api.addRoute('POST /share', shareAPI.shareFn)
+		api.addRoute('POST /share/confirm', shareAPI.confirmOwnershipFn)
+		api.addRoute('GET /device/{id}', shareAPI.sharingStatusFn)
 
 		const devicesAPI = new DevicesAPI(this, {
 			baseLayer,
 			lambdaSources,
 			publicDevices,
 		})
+		api.addRoute('GET /devices', devicesAPI.devicesFn)
 
 		const lwm2mObjectHistory = new LwM2MObjectsHistory(this, {
 			baseLayer,
 			lambdaSources,
 		})
+		api.addRoute('GET /history', lwm2mObjectHistory.historyFn)
 
 		const customDevicesAPI = new CustomDevicesAPI(this, {
 			baseLayer,
@@ -110,41 +118,18 @@ export class BackendStack extends Stack {
 			publicDevices,
 		})
 
+		api.addRoute('PUT /credentials', customDevicesAPI.createCredentials)
+
 		const cd = new ContinuousDeployment(this, {
 			repository,
 			gitHubOICDProviderArn,
 		})
 
 		// Outputs
-		new CfnOutput(this, 'shareAPIURL', {
-			exportName: `${this.stackName}:shareAPI`,
-			description: 'API endpoint for sharing devices',
-			value: shareAPI.shareURL.url,
-		})
-		new CfnOutput(this, 'confirmOwnershipAPIURL', {
-			exportName: `${this.stackName}:confirmOwnershipAPI`,
-			description: 'API endpoint for confirming ownership',
-			value: shareAPI.confirmOwnershipURL.url,
-		})
-		new CfnOutput(this, 'sharingStatusAPIURL', {
-			exportName: `${this.stackName}:sharingStatusAPI`,
-			description: 'API endpoint for checking the sharing status of a device',
-			value: shareAPI.sharingStatusURL.url,
-		})
-		new CfnOutput(this, 'devicesAPIURL', {
-			exportName: `${this.stackName}:devicesAPI`,
-			description: 'API endpoint for retrieving public device information',
-			value: devicesAPI.devicesURL.url,
-		})
-		new CfnOutput(this, 'queryHistoryAPIURL', {
-			exportName: `${this.stackName}:queryHistoryAPI`,
-			description: 'API endpoint for querying device history',
-			value: lwm2mObjectHistory.historyURL.url,
-		})
-		new CfnOutput(this, 'createCredentialsAPIURL', {
-			exportName: `${this.stackName}:createCredentialsAPIURL`,
-			description: 'API endpoint for creating credentials for custom devices',
-			value: customDevicesAPI.createCredentialsURL.url,
+		new CfnOutput(this, 'APIURL', {
+			exportName: `${this.stackName}:APIURL`,
+			description: 'API endpoint',
+			value: api.URL,
 		})
 		new CfnOutput(this, 'publicDevicesTableName', {
 			exportName: `${this.stackName}:publicDevicesTableName`,
@@ -160,12 +145,7 @@ export class BackendStack extends Stack {
 }
 
 export type StackOutputs = {
-	shareAPIURL: string // e.g. 'https://iiet67bnlmbtuhiblik4wcy4ni0oujot.lambda-url.eu-west-1.on.aws/'
-	confirmOwnershipAPIURL: string // e.g. 'https://aqt7qs3nzyo4uh2v74quysvmxe0ubeth.lambda-url.eu-west-1.on.aws/'
-	sharingStatusAPIURL: string // e.g. 'https://aqt7qs3nzyo4uh2v74quysvmxe0ubeth.lambda-url.eu-west-1.on.aws/'
-	devicesAPIURL: string // e.g. 'https://a2udxgawcxd5tbmmfagi726jsm0obxov.lambda-url.eu-west-1.on.aws/'
-	queryHistoryAPIURL: string
-	createCredentialsAPIURL: string
+	APIURL: string // e.g. 'https://iiet67bnlmbtuhiblik4wcy4ni0oujot.execute-api.eu-west-1.amazonaws.com/2024-04-12/'
 	publicDevicesTableName: string
 	/**
 	 * Role ARN to use in the deploy GitHub Actions Workflow

feature-runner/run-features.ts

@@ -13,6 +13,7 @@ import { IoTDataPlaneClient } from '@aws-sdk/client-iot-data-plane'
 import { fromEnv } from '@nordicsemiconductor/from-env'
 import { mock as httpApiMock } from '@bifravst/http-api-mock/mock'
 import { DynamoDBClient } from '@aws-sdk/client-dynamodb'
+import { slashless } from '@hello.nrfcloud.com/nrfcloud-api-helpers/api'
 
 /**
  * This file configures the BDD Feature runner
@@ -96,10 +97,7 @@ runner
 	)
 
 const res = await runner.run({
-	shareDeviceAPI: new URL(backendConfig.shareAPIURL),
-	confirmOwnershipAPI: new URL(backendConfig.confirmOwnershipAPIURL),
-	sharingStatusAPI: new URL(backendConfig.sharingStatusAPIURL),
-	devicesAPI: new URL(backendConfig.devicesAPIURL),
+	API: slashless(new URL(backendConfig.APIURL)),
 	describeOOBDeviceAPI: new URL(
 		`${mockApiEndpoint}${describeOOBDeviceAPIBasePath}`,
 	),