From 9ff446eb656759c793cd7bb9d65270d309bebcef Mon Sep 17 00:00:00 2001
From: Kazuki Matsuda <mats.kazuki@gmail.com>
Date: Fri, 17 Nov 2023 17:21:00 +0900
Subject: [PATCH] feat: support edge-functions

---
 containers/kong/Dockerfile           | 13 ++++----
 containers/kong/kong-template.yml    | 45 +++++++++++++++++++++-------
 src/supabase-stack.ts                | 10 +++++--
 test/__snapshots__/main.test.ts.snap | 14 +++++++--
 4 files changed, 59 insertions(+), 23 deletions(-)

diff --git a/containers/kong/Dockerfile b/containers/kong/Dockerfile
index 199ad32..f3947be 100644
--- a/containers/kong/Dockerfile
+++ b/containers/kong/Dockerfile
@@ -1,7 +1,7 @@
-FROM --platform=linux/amd64 public.ecr.aws/docker/library/kong:3.0 AS build
+FROM --platform=linux/amd64 public.ecr.aws/docker/library/kong:3.1.1-alpine AS build
 
 ARG TARGETPLATFORM
-ENV ENVSUBST_VERSION=v1.2.0
+ENV ENVSUBST_VERSION=v1.4.2
 
 USER root
 
@@ -14,13 +14,12 @@ RUN case ${TARGETPLATFORM} in \
    && curl -L https://github.com/a8m/envsubst/releases/download/${ENVSUBST_VERSION}/envsubst-${ENVSUBST_ARCH} -o /tmp/envsubst \
    && chmod +x /tmp/envsubst
 
-RUN sed -i 1a"envsubst -i /home/kong/kong-template.yml -o /home/kong/kong.yml" /docker-entrypoint.sh
-
-FROM public.ecr.aws/docker/library/kong:3.0
+FROM public.ecr.aws/docker/library/kong:3.1.1-alpine
 
 COPY --from=build /tmp/envsubst /usr/local/bin/envsubst
-COPY --from=build /docker-entrypoint.sh /docker-entrypoint.sh
-COPY ./kong-template.yml /home/kong/kong-template.yml
+COPY ./kong-template.yml /home/kong/tmp.yml
 
 ENV KONG_DATABASE=off \
     KONG_DECLARATIVE_CONFIG=/home/kong/kong.yml
+
+ENTRYPOINT ["bash", "-c", "envsubst -i ~/tmp.yml -o ~/kong.yml && /docker-entrypoint.sh kong docker-start"]
diff --git a/containers/kong/kong-template.yml b/containers/kong/kong-template.yml
index 824b658..e1e458d 100644
--- a/containers/kong/kong-template.yml
+++ b/containers/kong/kong-template.yml
@@ -1,4 +1,5 @@
-_format_version: "1.1"
+_format_version: "2.1"
+_transform: true
 
 ###
 ### OpenTelemetry
@@ -13,12 +14,13 @@ plugins:
 ### Consumers / Users
 ###
 consumers:
+  - username: DASHBOARD
   - username: anon
     keyauth_credentials:
-      - key: ${ANON_KEY}
+      - key: $SUPABASE_ANON_KEY
   - username: service_role
     keyauth_credentials:
-      - key: ${SERVICE_KEY}
+      - key: $SUPABASE_SERVICE_KEY
 
 ###
 ### Access Control List
@@ -33,6 +35,7 @@ acls:
 ### API Routes
 ###
 services:
+
   ## Open Auth routes
   - name: auth-v1-open
     url: ${SUPABASE_AUTH_URL:=http://auth:9999/}verify
@@ -64,7 +67,7 @@ services:
 
   ## Secure Auth routes
   - name: auth-v1
-    _comment: "GoTrue: /auth/v1/* -> http://auth:9999/*"
+    _comment: 'GoTrue: /auth/v1/* -> http://auth:9999/*'
     url: ${SUPABASE_AUTH_URL:=http://auth:9999/}
     routes:
       - name: auth-v1-all
@@ -85,7 +88,7 @@ services:
 
   ## Secure REST routes
   - name: rest-v1
-    _comment: "PostgREST: /rest/v1/* -> http://rest:3000/*"
+    _comment: 'PostgREST: /rest/v1/* -> http://rest:3000/*'
     url: ${SUPABASE_REST_URL:=http://rest:3000/}
     routes:
       - name: rest-v1-all
@@ -106,7 +109,7 @@ services:
 
   ## Secure GraphQL routes
   - name: graphql-v1
-    _comment: "PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql"
+    _comment: 'PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql'
     url: ${SUPABASE_GRAPHQL_URL:=http://rest:3000/rpc/graphql}
     routes:
       - name: graphql-v1-all
@@ -132,7 +135,7 @@ services:
 
   ## Secure Realtime routes
   - name: realtime-v1
-    _comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*"
+    _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*'
     url: ${SUPABASE_REALTIME_URL:=http://realtime:4000/socket/}
     routes:
       - name: realtime-v1-all
@@ -153,7 +156,7 @@ services:
 
   ## Storage routes: the storage server manages its own auth
   - name: storage-v1
-    _comment: "Storage: /storage/v1/* -> http://storage:5000/*"
+    _comment: 'Storage: /storage/v1/* -> http://storage:5000/*'
     url: ${SUPABASE_STORAGE_URL:=http://storage:5000/}
     routes:
       - name: storage-v1-all
@@ -163,9 +166,31 @@ services:
     plugins:
       - name: cors
 
+  ## Edge Functions routes
+  - name: functions-v1
+    _comment: 'Edge Functions: /functions/v1/* -> http://functions:9000/*'
+    url: ${SUPABASE_FUNCTIONS_URL:=http://functions:9000/}
+    routes:
+      - name: functions-v1-all
+        strip_path: true
+        paths:
+          - /functions/v1/
+    plugins:
+      - name: cors
+
+  ## Analytics routes
+  - name: analytics-v1
+    _comment: 'Analytics: /analytics/v1/* -> http://logflare:4000/*'
+    url: ${SUPABASE_ANALYTICS_URL:=http://analytics:4000/}
+    routes:
+      - name: analytics-v1-all
+        strip_path: true
+        paths:
+          - /analytics/v1/
+
   ## Secure Database routes
   - name: meta
-    _comment: "pg-meta: /pg/* -> http://pg-meta:8080/*"
+    _comment: 'pg-meta: /pg/* -> http://pg-meta:8080/*'
     url: ${SUPABASE_META_HOST:=http://meta:8080/}
     routes:
       - name: meta-all
@@ -180,4 +205,4 @@ services:
         config:
           hide_groups_header: true
           allow:
-            - admin
\ No newline at end of file
+            - admin
diff --git a/src/supabase-stack.ts b/src/supabase-stack.ts
index 795b5b5..c13a4dc 100644
--- a/src/supabase-stack.ts
+++ b/src/supabase-stack.ts
@@ -295,15 +295,19 @@ export class SupabaseStack extends FargateStack {
         },
         environment: {
           KONG_DNS_ORDER: 'LAST,A,CNAME',
-          KONG_PLUGINS: 'request-transformer,cors,key-auth,acl,opentelemetry',
+          KONG_PLUGINS: 'request-transformer,cors,key-auth,acl,basic-auth,opentelemetry',
+          KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: '160k',
+          KONG_NGINX_PROXY_PROXY_BUFFERS: '64 160k',
+          // for HealthCheck
           KONG_STATUS_LISTEN: '0.0.0.0:8100',
+          // for OpenTelemetry
           //KONG_OPENTELEMETRY_ENABLED: 'true',
           //KONG_OPENTELEMETRY_TRACING: 'all',
           //KONG_OPENTELEMETRY_TRACING_SAMPLING_RATE: '1.0',
         },
         secrets: {
-          ANON_KEY: ecs.Secret.fromSsmParameter(anonKey.ssmParameter),
-          SERVICE_KEY: ecs.Secret.fromSsmParameter(serviceRoleKey.ssmParameter),
+          SUPABASE_ANON_KEY: ecs.Secret.fromSsmParameter(anonKey.ssmParameter),
+          SUPABASE_SERVICE_KEY: ecs.Secret.fromSsmParameter(serviceRoleKey.ssmParameter),
         },
       },
       highAvailability,
diff --git a/test/__snapshots__/main.test.ts.snap b/test/__snapshots__/main.test.ts.snap
index feeaeb9..c9ad2be 100644
--- a/test/__snapshots__/main.test.ts.snap
+++ b/test/__snapshots__/main.test.ts.snap
@@ -5634,7 +5634,15 @@ Object {
               },
               Object {
                 "Name": "KONG_PLUGINS",
-                "Value": "request-transformer,cors,key-auth,acl,opentelemetry",
+                "Value": "request-transformer,cors,key-auth,acl,basic-auth,opentelemetry",
+              },
+              Object {
+                "Name": "KONG_NGINX_PROXY_PROXY_BUFFER_SIZE",
+                "Value": "160k",
+              },
+              Object {
+                "Name": "KONG_NGINX_PROXY_PROXY_BUFFERS",
+                "Value": "64 160k",
               },
               Object {
                 "Name": "KONG_STATUS_LISTEN",
@@ -5695,7 +5703,7 @@ Object {
             ],
             "Secrets": Array [
               Object {
-                "Name": "ANON_KEY",
+                "Name": "SUPABASE_ANON_KEY",
                 "ValueFrom": Object {
                   "Fn::Join": Array [
                     "",
@@ -5721,7 +5729,7 @@ Object {
                 },
               },
               Object {
-                "Name": "SERVICE_KEY",
+                "Name": "SUPABASE_SERVICE_KEY",
                 "ValueFrom": Object {
                   "Fn::Join": Array [
                     "",