Skip to content

Commit

Permalink
Update to version 6.2.6 (#554)
Browse files Browse the repository at this point in the history
  • Loading branch information
simonkrol authored Jun 27, 2024
1 parent 9375a0a commit c6f8c77
Show file tree
Hide file tree
Showing 47 changed files with 1,259 additions and 396 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

# dependencies
**/node_modules
**/modules

# test assets
**/coverage
Expand Down
40 changes: 38 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,44 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [6.2.5] - 2024-01-12
## [6.2.6] - 2024-06-27

### Added
- StackId tag to CloudFrontLoggingBucket and its bucket name as a CfnOutput [#529](https://github.com/aws-solutions/serverless-image-handler/issues/529)
- Test case to verify UTF-8 support in object key [#320](https://github.com/aws-solutions/serverless-image-handler/pull/320)
- Test cases to verify crop functionality [#459](https://github.com/aws-solutions/serverless-image-handler/pull/459)
- VERSION.txt and build script change to auto-update local package versions
- S3:bucket-name tag for defining which source bucket to use in thumbor style requests [#521](https://github.com/aws-solutions/serverless-image-handler/pull/521)
- Ability to override whether an image should be animated [#456](https://github.com/aws-solutions/serverless-image-handler/issues/456)
- Support for 8-bit depth AVIF image type inference [#360](https://github.com/aws-solutions/serverless-image-handler/issues/360)

### Changed
- Decreased permissions allotted to CustomResource Lambda and ImageHandler Lambda
- cdk update to 2.124.0
- aws-solutions-constructs update to 2.51.0
- SourceBucketsParameter to require explicit bucket names
- Demo-ui dependency update
- Demo-ui to be a package and manage script/stylesheet dependencies through NPM
- Modified JPEG SOI marker parsing to only check first 2 bytes [#429]

### Security
- Upgraded follow-redirects to v1.15.6 for vulnerability CVE-2024-28849
- Upgraded braces to v3.0.3 for vulnerability CVE-2024-4068

### Removed
- Unused CopyS3Assets custom resource

### Fixed
- Some error messages indicating incorrect file types
- Solution version and id not being passed to Backend Lambda
- Thumbor-style URL matching being overly permissive


## [6.2.5] - 2024-01-03

### Fixed

- Ensure accurate image metadata when generating Amazon Rekognition compatible images [#374](https://github.com/aws-solutions/serverless-image-handler/issues/374)
- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159
- Exclude demo-ui-config from being deleted upon BucketDeployment update sync when updating to a new version

### Changed
Expand All @@ -20,6 +52,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- typescript update to 5.3.3
- GIF files without multiple pages are now treated as non-animated, allowing all filters to be used on them [#460](https://github.com/aws-solutions/serverless-image-handler/issues/460)

### Security

- Upgraded axios to v1.6.5 for vulnerability CVE-2023-26159

## [6.2.4] - 2023-12-06

### Changed
Expand Down
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ This solution collects anonymous operational metrics to help AWS improve the qua
- [@Fjool](https://github.com/Fjool) for [#489](https://github.com/aws-solutions/serverless-image-handler/pull/489)
- [@fvsnippets](https://github.com/fvsnippets) for [#373](https://github.com/aws-solutions/serverless-image-handler/pull/373), [#380](https://github.com/aws-solutions/serverless-image-handler/pull/380)
- [@ccchapman](https://github.com/ccchapman) for [#490](https://github.com/aws-solutions/serverless-image-handler/pull/490)
- [@bennet-esyoil][https://github.com/bennet-esyoil] for [#521](https://github.com/aws-solutions/serverless-image-handler/pull/521)
- [@vaniyokk][https://github.com/vaniyokk] for [#511](https://github.com/aws-solutions/serverless-image-handler/pull/511)

# License

Expand Down
1 change: 1 addition & 0 deletions VERSION.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
6.2.6
3 changes: 3 additions & 0 deletions deployment/build-s3-dist.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ mkdir -p "$template_dist_dir"
rm -rf "$build_dist_dir"
mkdir -p "$build_dist_dir"

headline "[Init] Ensure package versions are updated"
npm --prefix "$source_dir" run bump-version

headline "[Build] Synthesize cdk template and assets"
cd "$cdk_source_dir"
npm run clean:install
Expand Down
30 changes: 15 additions & 15 deletions deployment/cdk-solution-helper/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion deployment/cdk-solution-helper/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
},
"dependencies": {
"adm-zip": "^0.5.10",
"aws-cdk-lib": "^2.118.0"
"aws-cdk-lib": "^2.124.0"
},
"overrides": {
"semver": "7.5.4"
Expand Down
9 changes: 5 additions & 4 deletions source/constructs/bin/constructs.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,13 @@ if (DIST_OUTPUT_BUCKET && SOLUTION_NAME && VERSION)

const app = new App();
const solutionDisplayName = "Serverless Image Handler";
const description = `(${app.node.tryGetContext("solutionId")}) - ${solutionDisplayName}. Version ${VERSION ?? app.node.tryGetContext("solutionVersion")}`;
const solutionVersion = VERSION ?? app.node.tryGetContext("solutionVersion");
const description = `(${app.node.tryGetContext("solutionId")}) - ${solutionDisplayName}. Version ${solutionVersion}`;
// eslint-disable-next-line no-new
new ServerlessImageHandlerStack(app, "ServerlessImageHandlerStack", {
synthesizer: synthesizer,
description: description,
synthesizer,
description,
solutionId: app.node.tryGetContext("solutionId"),
solutionVersion: app.node.tryGetContext("solutionVersion"),
solutionVersion,
solutionName: app.node.tryGetContext("solutionName"),
});
2 changes: 1 addition & 1 deletion source/constructs/cdk.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"app": "npx ts-node --prefer-ts-exts bin/constructs.ts",
"context": {
"solutionId": "SO0023",
"solutionVersion": "custom-v6.2.5",
"solutionVersion": "custom-v6.2.6",
"solutionName": "serverless-image-handler"
}
}
23 changes: 14 additions & 9 deletions source/constructs/lib/back-end/back-end-construct.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,13 @@ import * as api from "aws-cdk-lib/aws-apigateway";

export interface BackEndProps extends SolutionConstructProps {
readonly solutionVersion: string;
readonly solutionId: string;
readonly solutionName: string;
readonly secretsManagerPolicy: Policy;
readonly logsBucket: IBucket;
readonly uuid: string;
readonly cloudFrontPriceClass: string;
readonly createSourceBucketsResource: (key?: string) => string[];
}

export class BackEnd extends Construct {
Expand Down Expand Up @@ -64,15 +66,16 @@ export class BackEnd extends Construct {
],
}),
new PolicyStatement({
actions: ["s3:GetObject", "s3:PutObject", "s3:ListBucket"],
resources: [
Stack.of(this).formatArn({
service: "s3",
resource: "*",
region: "",
account: "",
}),
],
actions: ["s3:GetObject"],
resources: props.createSourceBucketsResource("/*"),
}),
new PolicyStatement({
actions: ["s3:ListBucket"],
resources: props.createSourceBucketsResource(),
}),
new PolicyStatement({
actions: ["s3:GetObject"],
resources: [`arn:aws:s3:::${props.fallbackImageS3Bucket}/${props.fallbackImageS3KeyBucket}`],
}),
new PolicyStatement({
actions: ["rekognition:DetectFaces", "rekognition:DetectModerationLabels"],
Expand Down Expand Up @@ -106,6 +109,8 @@ export class BackEnd extends Construct {
ENABLE_DEFAULT_FALLBACK_IMAGE: props.enableDefaultFallbackImage,
DEFAULT_FALLBACK_IMAGE_BUCKET: props.fallbackImageS3Bucket,
DEFAULT_FALLBACK_IMAGE_KEY: props.fallbackImageS3KeyBucket,
SOLUTION_VERSION: props.solutionVersion,
SOLUTION_ID: props.solutionId,
},
bundling: {
externalModules: ["sharp"],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ import { Function as LambdaFunction, Runtime } from "aws-cdk-lib/aws-lambda";
import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
import { Bucket, IBucket } from "aws-cdk-lib/aws-s3";
import { BucketDeployment, Source as S3Source } from "aws-cdk-lib/aws-s3-deployment";
import { ArnFormat, Aspects, Aws, CfnCondition, CfnResource, CustomResource, Duration, Lazy, Stack } from "aws-cdk-lib";
import { ArnFormat, Aspects, Aws, CfnCondition, CfnResource, CustomResource, Duration, Fn, Lazy, Stack } from "aws-cdk-lib";
import { Construct } from "constructs";
import { addCfnSuppressRules } from "../../../utils/utils";
import { addCfnCondition, addCfnSuppressRules } from "../../../utils/utils";

import { SolutionConstructProps } from "../../types";
import { CommonResourcesProps, Conditions } from "../common-resources-construct";
Expand Down Expand Up @@ -45,7 +45,6 @@ export interface SetupValidateSecretsManagerProps {
}

export class CustomResourcesConstruct extends Construct {
private readonly solutionVersion: string;
private readonly conditions: Conditions;
private readonly customResourceRole: Role;
private readonly customResourceLambda: LambdaFunction;
Expand All @@ -54,7 +53,6 @@ export class CustomResourcesConstruct extends Construct {
constructor(scope: Construct, id: string, props: CustomResourcesConstructProps) {
super(scope, id);

this.solutionVersion = props.solutionVersion;
this.conditions = props.conditions;

this.customResourceRole = new Role(this, "CustomResourceRole", {
Expand All @@ -75,16 +73,26 @@ export class CustomResourcesConstruct extends Construct {
}),
],
}),
new PolicyStatement({
actions: ['s3:ListBucket'],
resources: this.createSourceBucketsResource()
}),
new PolicyStatement({
actions: [
"s3:GetObject",
],
resources: [
`arn:aws:s3:::${props.fallbackImageS3Bucket}/${props.fallbackImageS3KeyBucket}`,
],
}),
new PolicyStatement({
actions: [
"s3:putBucketAcl",
"s3:putEncryptionConfiguration",
"s3:putBucketPolicy",
"s3:CreateBucket",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:PutBucketOwnershipControls",
"s3:PutBucketTagging"
],
resources: [
Stack.of(this).formatArn({
Expand Down Expand Up @@ -142,6 +150,21 @@ export class CustomResourcesConstruct extends Construct {
this.uuid = customResourceUuid.getAttString("UUID");
}

public setupWebsiteHostingBucketPolicy(websiteHostingBucket: IBucket) {
const websiteHostingBucketPolicy = new Policy(this, "WebsiteHostingBucketPolicy", {
document: new PolicyDocument({
statements: [
new PolicyStatement({
actions: ["s3:GetObject", "s3:PutObject",],
resources: [websiteHostingBucket.bucketArn + "/*"],
}),
],
}),
roles: [this.customResourceRole],
})
addCfnCondition(websiteHostingBucketPolicy, this.conditions.deployUICondition);
};

public setupAnonymousMetric(props: AnonymousMetricCustomResourceProps) {
this.createCustomResource("CustomResourceAnonymousMetric", this.customResourceLambda, {
CustomAction: "sendMetric",
Expand Down Expand Up @@ -181,7 +204,9 @@ export class CustomResourcesConstruct extends Construct {
// Stage static assets for the front-end from the local
/* eslint-disable no-new */
const bucketDeployment = new BucketDeployment(this, "DeployWebsite", {
sources: [S3Source.asset(path.join(__dirname, "../../../../demo-ui"))],
sources: [
S3Source.asset(path.join(__dirname, "../../../../demo-ui"), { exclude: ["node_modules/*"] }),
],
destinationBucket: props.hostingBucket,
exclude: ["demo-ui-config.js"],
});
Expand Down Expand Up @@ -235,6 +260,22 @@ export class CustomResourcesConstruct extends Construct {
return optInRegionAccessLogBucket;
}

public createSourceBucketsResource(resourceName: string = "") {
return Fn.split(
',',
Fn.sub(
`arn:aws:s3:::\${rest}${resourceName}`,

{
rest: Fn.join(
`${resourceName},arn:aws:s3:::`,
Fn.split(",", Fn.join("", Fn.split(" ", Fn.ref('SourceBucketsParameter'))))
),
},
),
)
}

private createCustomResource(
id: string,
customResourceFunction: LambdaFunction,
Expand Down
Loading

0 comments on commit c6f8c77

Please sign in to comment.