OK-365 NextJS lambda deployment

cdk/lib/sovellus-stack.ts

@@ -332,9 +332,49 @@ export class SovellusStack extends cdk.Stack {
       autoDeleteObjects: true
     });
 
+    const swaggerKeyPrefix = 'swagger';
     const staticS3Deployment = new s3deploy.BucketDeployment(this, 'DeployWebsite', {
       sources: [s3deploy.Source.asset('../static')],
       destinationBucket: staticBucket,
+      destinationKeyPrefix: swaggerKeyPrefix,
+    });
+
+    /**
+     * Raportointikäyttöliittymä
+     */
+    const lambdaAdapterLayer = lambda.LayerVersion.fromLayerVersionArn(
+        this,
+        'LambdaAdapterLayerX86',
+        `arn:aws:lambda:${this.region}:753240598075:layer:LambdaAdapterLayerX86:19`
+    );
+
+    const raportointiKayttoliittymaFunction = new lambda.Function(this, 'NextCdkFunction', {
+      functionName: `${props.environmentName}-viestinvalityspalvelu-raportointikayttoliittyma`,
+      runtime: lambda.Runtime.NODEJS_18_X,
+      handler: 'run.sh',
+      memorySize: 1024,
+      timeout: Duration.seconds(60),
+      code: lambda.Code.fromAsset(path.join(
+          __dirname,
+          '../../viestinvalitys-raportointi/.next/', 'standalone')
+      ),
+      architecture: lambda.Architecture.X86_64,
+      environment: {
+        'AWS_LAMBDA_EXEC_WRAPPER': '/opt/bootstrap',
+        'RUST_LOG': 'info',
+        'PORT': '8080',
+      },
+      layers: [lambdaAdapterLayer],
+    });
+
+    const raportointiKayttoliittymaFunctionUrl = raportointiKayttoliittymaFunction.addFunctionUrl({
+      authType: FunctionUrlAuthType.NONE,
+    });
+
+    const nextJsS3Deployment = new s3deploy.BucketDeployment(this, 'NextJsStaticDeployment', {
+      sources: [s3deploy.Source.asset('../viestinvalitys-raportointi/.next/static')],
+      destinationBucket: staticBucket,
+      destinationKeyPrefix: 'static/_next/static'
     });
 
     const cloudfrontOAI = new cloudfront.OriginAccessIdentity(
@@ -422,16 +462,44 @@ export class SovellusStack extends cdk.Stack {
             eventType: cloudfront.FunctionEventType.VIEWER_REQUEST,
           }],
         },
-        '/raportointi/*': {
+        '/raportointi/login': {
           origin: new cloudfront_origins.HttpOrigin(Fn.select(2, Fn.split('/', raportointiFunctionUrl.url)), {}),
           cachePolicy: noCachePolicy,
           viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
           allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
           originRequestPolicy,
         },
+        '/raportointi/login/*': {
+          origin: new cloudfront_origins.HttpOrigin(Fn.select(2, Fn.split('/', raportointiFunctionUrl.url)), {}),
+          cachePolicy: noCachePolicy,
+          viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+          originRequestPolicy,
+        },
+        '/raportointi': {
+          origin: new cloudfront_origins.HttpOrigin(Fn.select(2, Fn.split('/', raportointiKayttoliittymaFunctionUrl.url)), {}),
+          cachePolicy: noCachePolicy,
+          viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+          originRequestPolicy,
+        },
+        '/raportointi/v1/*': {
+          origin: new cloudfront_origins.HttpOrigin(Fn.select(2, Fn.split('/', raportointiFunctionUrl.url)), {}),
+          cachePolicy: noCachePolicy,
+          viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+          originRequestPolicy,
+        },
+        '/raportointi/*': {
+          origin: new cloudfront_origins.HttpOrigin(Fn.select(2, Fn.split('/', raportointiKayttoliittymaFunctionUrl.url)), {}),
+          cachePolicy: noCachePolicy,
+          viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+          allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL,
+          originRequestPolicy,
+        },
         '/static/*': {
           origin: new cloudfront_origins.S3Origin(staticBucket, {
-            originAccessIdentity: cloudfrontOAI
+            originAccessIdentity: cloudfrontOAI,
           }),
           cachePolicy: noCachePolicy,
           viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,

lambdat/raportointi/src/main/scala/fi/oph/viestinvalitys/raportointi/configuration/SecurityConfiguration.scala

@@ -40,7 +40,7 @@ class SecurityConfiguration {
   @Bean
   def serviceProperties(@Value("${cas-service.service}") service: String, @Value("${cas-service.sendRenew}") sendRenew: Boolean): ServiceProperties = {
     val serviceProperties = new ServiceProperties()
-    serviceProperties.setService(service + RaportointiAPIConstants.RAPORTOINTI_API_PREFIX + "/j_spring_cas_security_check")
+    serviceProperties.setService(service + RaportointiAPIConstants.RAPORTOINTI_API_PREFIX + "/login/j_spring_cas_security_check")
     serviceProperties.setSendRenew(sendRenew)
     serviceProperties.setAuthenticateAllArtifacts(true)
     serviceProperties
@@ -74,7 +74,7 @@ class SecurityConfiguration {
   def casAuthenticationFilter(authenticationManager: AuthenticationManager, serviceProperties: ServiceProperties): CasAuthenticationFilter = {
     val casAuthenticationFilter = new OpintopolkuCasAuthenticationFilter(serviceProperties)
     casAuthenticationFilter.setAuthenticationManager(authenticationManager)
-    casAuthenticationFilter.setFilterProcessesUrl(RaportointiAPIConstants.RAPORTOINTI_API_PREFIX + "/j_spring_cas_security_check")
+    casAuthenticationFilter.setFilterProcessesUrl(RaportointiAPIConstants.RAPORTOINTI_API_PREFIX + "/login/j_spring_cas_security_check")
     casAuthenticationFilter
   }
 

lambdat/raportointi/src/main/scala/fi/oph/viestinvalitys/raportointi/resource/LoginResource.scala

@@ -18,6 +18,13 @@ class LoginResource {
 
   @GetMapping(path = Array(RaportointiAPIConstants.LOGIN_PATH))
   def redirect(response: HttpServletResponse): Unit = {
-    response.sendRedirect("localhost:3000")
+    response.sendRedirect("/raportointi")
   }
+
+  // CloudFront ohjaa tämä polun nodelle, joten tätä uudelleenohjausta käytetään vain lokaalisti
+  @GetMapping(path = Array("raportointi"))
+  def redirectToNodeLocally(response: HttpServletResponse): Unit = {
+    response.sendRedirect("http://localhost:3000")
+  }
+
 }

lambdat/vastaanotto/src/main/scala/fi/oph/viestinvalitys/vastaanotto/configuration/SecurityConfiguration.scala

@@ -43,7 +43,7 @@ class SecurityConfiguration {
   @Bean
   def serviceProperties(@Value("${cas-service.service}") service: String, @Value("${cas-service.sendRenew}") sendRenew: Boolean): ServiceProperties = {
     val serviceProperties = new ServiceProperties()
-    serviceProperties.setService(service + LahetysAPIConstants.LAHETYS_API_PREFIX + "/j_spring_cas_security_check")
+    serviceProperties.setService(service + LahetysAPIConstants.LAHETYS_API_PREFIX + "/login/j_spring_cas_security_check")
     serviceProperties.setSendRenew(sendRenew)
     serviceProperties.setAuthenticateAllArtifacts(true)
     serviceProperties
@@ -77,7 +77,7 @@ class SecurityConfiguration {
   def casAuthenticationFilter(authenticationManager: AuthenticationManager, serviceProperties: ServiceProperties): CasAuthenticationFilter = {
     val casAuthenticationFilter = new OpintopolkuCasAuthenticationFilter(serviceProperties)
     casAuthenticationFilter.setAuthenticationManager(authenticationManager)
-    casAuthenticationFilter.setFilterProcessesUrl(LahetysAPIConstants.LAHETYS_API_PREFIX + "/j_spring_cas_security_check")
+    casAuthenticationFilter.setFilterProcessesUrl(LahetysAPIConstants.LAHETYS_API_PREFIX + "/login/j_spring_cas_security_check")
     casAuthenticationFilter
   }
 

viestinvalitys-raportointi/.env.template

@@ -3,4 +3,4 @@
 VIESTINTAPALVELU_URL=http://localhost:8080/
 LOGIN_URL=http://localhost:8080/login
 # matchattava viestintäpalvelun asettaman raportointisession cookien nimeen
-COOKIE_NAME=JSESSIONID 
+COOKIE_NAME=JSESSIONID

viestinvalitys-raportointi/next.config.js

@@ -1,4 +1,10 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {}
 
-module.exports = nextConfig
+//module.exports = nextConfig
+
+module.exports = {
+  output: 'standalone',
+  basePath: '/raportointi',
+  assetPrefix: '/static',
+}

viestinvalitys-raportointi/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "scripts": {
     "dev": "NODE_TLS_REJECT_UNAUTHORIZED=0 next dev",
-    "build": "next build",
+    "build": "next build; cp run.sh .next/standalone",
     "start": "next start",
     "lint": "next lint",
     "test": "vitest"

viestinvalitys-raportointi/run.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export PORT=8080
+export VIESTINTAPALVELU_URL=https://viestinvalitys.hahtuvaopintopolku.fi
+export LOGIN_URL=https://viestinvalitys.hahtuvaopintopolku.fi/raportointi/login
+export COOKIE_NAME=JSESSIONID
+
+node server.js