Feat Automatic cdn invalidation (#665)

* basic implementation

* install and biome fix

* cloudfront implementation

* review fix

* fix & comment

* update to use initialPath when needed

* fix build

* fix linting

* changeset

* review fix

Author: conico974

.changeset/thin-feet-love.md

@@ -0,0 +1,5 @@
+---
+"@opennextjs/aws": minor
+---
+
+Add an override to automatically invalidate the CDN (not enabled by default)

packages/open-next/package.json

@@ -34,6 +34,7 @@
     "README.md"
   ],
   "dependencies": {
+    "@aws-sdk/client-cloudfront": "3.398.0",
     "@aws-sdk/client-dynamodb": "^3.398.0",
     "@aws-sdk/client-lambda": "^3.398.0",
     "@aws-sdk/client-s3": "^3.398.0",

packages/open-next/src/adapters/cache.ts

@@ -433,6 +433,32 @@ export default class Cache {
 
         // Update all keys with the given tag with revalidatedAt set to now
         await globalThis.tagCache.writeTags(toInsert);
+
+        // We can now invalidate all paths in the CDN
+        // This only applies to `revalidateTag`, not to `res.revalidate()`
+        const uniquePaths = Array.from(
+          new Set(
+            toInsert
+              // We need to filter fetch cache key as they are not in the CDN
+              .filter((t) => t.tag.startsWith("_N_T_/"))
+              .map((t) => `/${t.path}`),
+          ),
+        );
+        if (uniquePaths.length > 0) {
+          await globalThis.cdnInvalidationHandler.invalidatePaths(
+            uniquePaths.map((path) => ({
+              initialPath: path,
+              rawPath: path,
+              resolvedRoutes: [
+                {
+                  route: path,
+                  // TODO: ideally here we should check if it's an app router page or route
+                  type: "app",
+                },
+              ],
+            })),
+          );
+        }
       }
     } catch (e) {
       error("Failed to revalidate tag", e);

packages/open-next/src/core/createMainHandler.ts

@@ -4,6 +4,7 @@ import { debug } from "../adapters/logger";
 import { generateUniqueId } from "../adapters/util";
 import { openNextHandler } from "./requestHandler";
 import {
+  resolveCdnInvalidation,
   resolveConverter,
   resolveIncrementalCache,
   resolveProxyRequest,
@@ -38,6 +39,10 @@ export async function createMainHandler() {
     thisFunction.override?.proxyExternalRequest,
   );
 
+  globalThis.cdnInvalidationHandler = await resolveCdnInvalidation(
+    thisFunction.override?.cdnInvalidation,
+  );
+
   globalThis.lastModified = {};
 
   // From the config, we create the converter

packages/open-next/src/core/requestHandler.ts

@@ -118,7 +118,14 @@ export async function openNextHandler(
         // response is used only in the streaming case
         if (responseStreaming) {
           const response = createServerResponse(
-            internalEvent,
+            {
+              internalEvent,
+              isExternalRewrite: false,
+              isISR: false,
+              resolvedRoutes: [],
+              origin: false,
+              initialPath: internalEvent.rawPath,
+            },
             headers,
             responseStreaming,
           );
@@ -162,7 +169,7 @@ export async function openNextHandler(
 
       const req = new IncomingMessage(reqProps);
       const res = createServerResponse(
-        preprocessedEvent,
+        routingResult,
         overwrittenResponseHeaders,
         responseStreaming,
       );

packages/open-next/src/core/resolve.ts

@@ -141,3 +141,16 @@ export async function resolveProxyRequest(
   const m_1 = await import("../overrides/proxyExternalRequest/node.js");
   return m_1.default;
 }
+
+/**
+ * @__PURE__
+ */
+export async function resolveCdnInvalidation(
+  cdnInvalidation: OverrideOptions["cdnInvalidation"],
+) {
+  if (typeof cdnInvalidation === "function") {
+    return cdnInvalidation();
+  }
+  const m_1 = await import("../overrides/cdnInvalidation/dummy.js");
+  return m_1.default;
+}

packages/open-next/src/core/routing/util.ts

@@ -10,6 +10,7 @@ import type { MiddlewareManifest } from "types/next-types";
 import type {
   InternalEvent,
   InternalResult,
+  RoutingResult,
   StreamCreator,
 } from "types/open-next.js";
 
@@ -403,10 +404,11 @@ export function fixISRHeaders(headers: OutgoingHttpHeaders) {
  * @__PURE__
  */
 export function createServerResponse(
-  internalEvent: InternalEvent,
+  routingResult: RoutingResult,
   headers: Record<string, string | string[] | undefined>,
   responseStream?: StreamCreator,
 ) {
+  const internalEvent = routingResult.internalEvent;
   return new OpenNextNodeResponse(
     (_headers) => {
       fixCacheHeaderForHtmlPages(internalEvent, _headers);
@@ -420,8 +422,30 @@ export function createServerResponse(
         internalEvent.rawPath,
         _headers,
       );
+      await invalidateCDNOnRequest(routingResult, _headers);
     },
     responseStream,
     headers,
   );
 }
+
+// This function is used only for `res.revalidate()`
+export async function invalidateCDNOnRequest(
+  params: RoutingResult,
+  headers: OutgoingHttpHeaders,
+) {
+  const { internalEvent, initialPath, resolvedRoutes } = params;
+  const isIsrRevalidation = internalEvent.headers["x-isr"] === "1";
+  if (
+    !isIsrRevalidation &&
+    headers[CommonHeaders.NEXT_CACHE] === "REVALIDATED"
+  ) {
+    await globalThis.cdnInvalidationHandler.invalidatePaths([
+      {
+        initialPath,
+        rawPath: internalEvent.rawPath,
+        resolvedRoutes,
+      },
+    ]);
+  }
+}

packages/open-next/src/overrides/cdnInvalidation/cloudfront.ts

@@ -0,0 +1,37 @@
+import {
+  CloudFrontClient,
+  CreateInvalidationCommand,
+} from "@aws-sdk/client-cloudfront";
+import type { CDNInvalidationHandler } from "types/overrides";
+
+const cloudfront = new CloudFrontClient({});
+export default {
+  name: "cloudfront",
+  invalidatePaths: async (paths) => {
+    const constructedPaths = paths.flatMap(
+      ({ initialPath, resolvedRoutes }) => {
+        const isAppRouter = resolvedRoutes.some(
+          (route) => route.type === "app",
+        );
+        // revalidateTag doesn't have any leading slash, remove it just to be sure
+        const path = initialPath.replace(/^\//, "");
+        return isAppRouter
+          ? [`/${path}`, `/${path}?_rsc=*`]
+          : [
+              `/${path}`,
+              `/_next/data/${process.env.NEXT_BUILD_ID}${path === "/" ? "/index" : `/${path}`}.json*`,
+            ];
+      },
+    );
+    await cloudfront.send(
+      new CreateInvalidationCommand({
+        DistributionId: process.env.CLOUDFRONT_DISTRIBUTION_ID!,
+        InvalidationBatch: {
+          // Do we need to limit the number of paths? Or batch them into multiple commands?
+          Paths: { Quantity: constructedPaths.length, Items: constructedPaths },
+          CallerReference: `${Date.now()}`,
+        },
+      }),
+    );
+  },
+} satisfies CDNInvalidationHandler;

packages/open-next/src/overrides/cdnInvalidation/dummy.ts

@@ -0,0 +1,8 @@
+import type { CDNInvalidationHandler } from "types/overrides";
+
+export default {
+  name: "dummy",
+  invalidatePaths: (_) => {
+    return Promise.resolve();
+  },
+} satisfies CDNInvalidationHandler;

packages/open-next/src/plugins/resolve.ts

@@ -28,6 +28,7 @@ export interface IPluginSettings {
       | IncludedOriginResolver;
     warmer?: LazyLoadedOverride<Warmer> | IncludedWarmer;
     proxyExternalRequest?: OverrideOptions["proxyExternalRequest"];
+    cdnInvalidation?: OverrideOptions["cdnInvalidation"];
   };
   fnName?: string;
 }
@@ -53,6 +54,7 @@ const nameToFolder = {
   originResolver: "originResolver",
   warmer: "warmer",
   proxyExternalRequest: "proxyExternalRequest",
+  cdnInvalidation: "cdnInvalidation",
 };
 
 const defaultOverrides = {
@@ -65,6 +67,7 @@ const defaultOverrides = {
   originResolver: "pattern-env",
   warmer: "aws-lambda",
   proxyExternalRequest: "node",
+  cdnInvalidation: "dummy",
 };
 
 /**