Seed poc

packages/backend-auth/src/factory.ts

@@ -18,6 +18,7 @@ import {
   ResourceAccessAcceptor,
   ResourceAccessAcceptorFactory,
   ResourceProvider,
+  Seedable,
 } from '@aws-amplify/plugin-types';
 import { translateToAuthConstructLoginWith } from './translate_auth_props.js';
 import { authAccessBuilder as _authAccessBuilder } from './access_builder.js';
@@ -31,7 +32,8 @@ import { UserPoolAccessPolicyFactory } from './userpool_access_policy_factory.js
 import { Tags } from 'aws-cdk-lib';
 
 export type BackendAuth = ResourceProvider<AuthResources> &
-  ResourceAccessAcceptorFactory<AuthRoleName | string>;
+  ResourceAccessAcceptorFactory<AuthRoleName | string> &
+  Seedable<'auth'>;
 
 export type AmplifyAuthProps = Expand<
   Omit<AuthProps, 'outputStorageStrategy' | 'loginWith'> & {
@@ -169,6 +171,7 @@ class AmplifyAuthGenerator implements ConstructContainerEntryGenerator {
     );
 
     const authConstructMixin: BackendAuth = {
+      seedableAs: 'auth',
       ...authConstruct,
       /**
        * Returns a resourceAccessAcceptor for the given role

packages/backend-data/src/factory.ts

@@ -8,6 +8,7 @@ import {
   ConstructFactoryGetInstanceProps,
   GenerateContainerEntryProps,
   ResourceProvider,
+  SchemaSeedable,
 } from '@aws-amplify/plugin-types';
 import {
   AmplifyData,
@@ -17,7 +18,7 @@ import {
 } from '@aws-amplify/data-construct';
 import { GraphqlOutput } from '@aws-amplify/backend-output-schemas';
 import * as path from 'path';
-import { AmplifyDataError, DataProps } from './types.js';
+import { AmplifyDataError, DataProps, DataSchemaInput } from './types.js';
 import {
   combineCDKSchemas,
   convertSchemaToCDK,
@@ -51,7 +52,9 @@ import {
  *
  * Exported for testing purpose only & should NOT be exported out of the package.
  */
-export class DataFactory implements ConstructFactory<AmplifyData> {
+export class DataFactory<T extends DataSchemaInput = DataSchemaInput>
+  implements ConstructFactory<AmplifyData & SchemaSeedable<'data', T>>
+{
   // publicly accessible for testing purpose only.
   static factoryCount = 0;
 
@@ -77,7 +80,9 @@ export class DataFactory implements ConstructFactory<AmplifyData> {
   /**
    * Gets an instance of the Data construct
    */
-  getInstance = (props: ConstructFactoryGetInstanceProps): AmplifyData => {
+  getInstance = (
+    props: ConstructFactoryGetInstanceProps
+  ): AmplifyData & SchemaSeedable<'data', T> => {
     const {
       constructContainer,
       outputStorageStrategy,
@@ -106,7 +111,8 @@ export class DataFactory implements ConstructFactory<AmplifyData> {
         outputStorageStrategy
       );
     }
-    return constructContainer.getOrCompute(this.generator) as AmplifyData;
+    return constructContainer.getOrCompute(this.generator) as AmplifyData &
+      SchemaSeedable<'data', T>;
   };
 }
 
@@ -320,5 +326,7 @@ class ReplaceTableUponGsiUpdateOverrideAspect implements IAspect {
 /**
  * Creates a factory that implements ConstructFactory<AmplifyGraphqlApi>
  */
-export const defineData = (props: DataProps): ConstructFactory<AmplifyData> =>
+export const defineData = <T extends DataSchemaInput = DataSchemaInput>(
+  props: DataProps<T>
+): ConstructFactory<AmplifyData & SchemaSeedable<'data', T>> =>
   new DataFactory(props, new Error().stack);

packages/backend-data/src/types.ts

@@ -119,11 +119,11 @@ export type DataSchema = string | DerivedModelSchema;
 /**
  * Exposed props for Data which are configurable by the end user.
  */
-export type DataProps = {
+export type DataProps<TSchema extends DataSchemaInput = DataSchemaInput> = {
   /**
    * Graphql Schema as a string to be passed into the CDK construct.
    */
-  schema: DataSchemaInput;
+  schema: TSchema;
 
   /**
    * Optional name for the generated Api.

packages/backend-seed/.npmignore

@@ -0,0 +1,14 @@
+# Be very careful editing this file. It is crafted to work around [this issue](https://github.com/npm/npm/issues/4479)
+
+# First ignore everything
+**/*
+
+# Then add back in transpiled js and ts declaration files
+!lib/**/*.js
+!lib/**/*.d.ts
+
+# Then ignore test js and ts declaration files
+*.test.js
+*.test.d.ts
+
+# This leaves us with including only js and ts declaration files of functional code

packages/backend-seed/API.md

@@ -0,0 +1,28 @@
+## API Report File for "@aws-amplify/backend-seed"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+
+import { V6Client } from '@aws-amplify/api-graphql';
+
+// @public (undocumented)
+export type AuthClient = {
+    createUser: (username: string, password: string) => Promise<AuthUser>;
+};
+
+// @public (undocumented)
+export type AuthUser = {
+    username: string;
+    password: string;
+};
+
+// @public (undocumented)
+export const defineSeed: <SchemaType extends Record<any, any>>(seedFunction: SeedFunction<SchemaType>) => void;
+
+// @public (undocumented)
+export type SeedFunction<SchemaType extends Record<any, any>> = (dataClient: V6Client<SchemaType>, authClient: AuthClient) => Promise<void>;
+
+// (No @packageDocumentation comment for this package)
+
+```

packages/backend-seed/README.md

@@ -0,0 +1,3 @@
+# Description
+
+Replace with a description of this package

packages/backend-seed/api-extractor.json

@@ -0,0 +1,3 @@
+{
+  "extends": "../../api-extractor.base.json"
+}

packages/backend-seed/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@aws-amplify/backend-seed",
+  "version": "0.1.0",
+  "type": "module",
+  "publishConfig": {
+    "access": "public"
+  },
+  "exports": {
+    ".": {
+      "types": "./lib/index.d.ts",
+      "import": "./lib/index.js",
+      "require": "./lib/index.js"
+    }
+  },
+  "types": "lib/index.d.ts",
+  "scripts": {
+    "update:api": "api-extractor run --local"
+  },
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@aws-amplify/client-config": "^1.0.3",
+    "@aws-amplify/platform-core": "^1.0.1",
+    "@aws-sdk/client-cognito-identity-provider": "^3.465.0",
+    "aws-amplify": "^6.2.0",
+    "semver": "^7.5.4"
+  },
+  "peerDependencies": {
+    "@aws-amplify/api-graphql": "^4.1.0",
+    "@aws-amplify/data-schema": "^1.0.0"
+  }
+}

packages/backend-seed/src/async_lock.ts

@@ -0,0 +1,64 @@
+/**
+ * Example usage:
+ * const myLock = new AsyncLock();
+ *
+ * async function asyncFunction() {
+ *     await myLock.acquire();
+ *     try {
+ *         // Code that requires exclusive access to a shared resource
+ *         console.log('Accessing shared resource...');
+ *         await someAsyncOperation();
+ *     } finally {
+ *         myLock.release();
+ *     }
+ * }
+ *
+ * asyncFunction();
+ */
+// TODO this is a copy for the POC purposes.
+export class AsyncLock {
+  private isLocked: boolean;
+  private readonly queue: Array<(value?: never) => void>;
+
+  /**
+   * Creates async lock.
+   */
+  constructor(private readonly defaultTimeoutMs?: number) {
+    this.isLocked = false;
+    this.queue = [];
+  }
+
+  acquire = async (timeoutMs?: number): Promise<void> => {
+    const lockPromise = new Promise<void>((resolve) => {
+      if (!this.isLocked) {
+        this.isLocked = true;
+        resolve();
+      } else {
+        this.queue.push(resolve);
+      }
+    });
+    timeoutMs = timeoutMs ?? this.defaultTimeoutMs;
+    if (timeoutMs) {
+      const timeoutPromise = new Promise<void>((resolve, reject) =>
+        setTimeout(
+          () =>
+            reject(
+              new Error(`Unable to acquire async lock in ${timeoutMs}ms.`)
+            ),
+          timeoutMs
+        )
+      );
+      return Promise.race<void>([lockPromise, timeoutPromise]);
+    }
+    return lockPromise;
+  };
+
+  release = (): void => {
+    const resolve = this.queue.shift();
+    if (resolve) {
+      resolve();
+    } else {
+      this.isLocked = false;
+    }
+  };
+}

packages/backend-seed/src/auth_client.ts

@@ -0,0 +1,98 @@
+import { AsyncLock } from './async_lock.js';
+import { AuthClient, AuthUser } from './types.js';
+import {
+  AdminCreateUserCommand,
+  CognitoIdentityProviderClient,
+} from '@aws-sdk/client-cognito-identity-provider';
+import { randomUUID } from 'node:crypto';
+import { ClientConfigVersionTemplateType } from '@aws-amplify/client-config';
+import * as auth from 'aws-amplify/auth';
+import assert from 'assert';
+import { SemVer } from 'semver';
+import crypto from 'node:crypto';
+
+// TODO: this is a work around
+// it seems like as of amplify v6 , some of the code only runs in the browser ...
+// see https://github.com/aws-amplify/amplify-js/issues/12751
+if (process.versions.node) {
+  // node >= 20 now exposes crypto by default. This workaround is not needed: https://github.com/nodejs/node/pull/42083
+  if (new SemVer(process.versions.node).major < 20) {
+    // @ts-expect-error altering typing for global to make compiler happy is not worth the effort assuming this is temporary workaround
+    globalThis.crypto = crypto;
+  }
+}
+
+export class DefaultAuthClient implements AuthClient {
+  /**
+   * Asynchronous lock is used to assure that all calls to Amplify JS library are
+   * made in single transaction. This is because that library maintains global state,
+   * for example auth session.
+   */
+    // TODO setting timeout makes node process delay exit until that promise resolves, it should be handled somehow.
+  private readonly lock: AsyncLock = new AsyncLock();
+
+  private readonly userPoolId: string;
+  private readonly userPoolClientId: string;
+  private readonly identityPoolId: string;
+  private readonly allowGuestAccess: boolean | undefined;
+
+  /**
+   * Creates Amplify Auth client.
+   */
+  constructor(
+    private readonly cognitoIdentityProviderClient: CognitoIdentityProviderClient,
+    authConfig: NonNullable<ClientConfigVersionTemplateType<'1'>['auth']>
+  ) {
+    if (!authConfig.identity_pool_id) {
+      throw new Error('Client config must have identity pool id.');
+    }
+    this.userPoolId = authConfig.user_pool_id;
+    this.userPoolClientId = authConfig.user_pool_client_id;
+    this.identityPoolId = authConfig.identity_pool_id;
+    this.allowGuestAccess = authConfig.unauthenticated_identities_enabled;
+  }
+
+  createUser = async (
+    username: string,
+    password: string
+  ): Promise<AuthUser> => {
+    await this.lock.acquire();
+    try {
+      console.log(`creating ${username}, ${password}`);
+      const temporaryPassword = `Test1@Temp${randomUUID().toString()}`;
+      await this.cognitoIdentityProviderClient.send(
+        new AdminCreateUserCommand({
+          Username: username,
+          TemporaryPassword: temporaryPassword,
+          UserPoolId: this.userPoolId,
+          MessageAction: 'SUPPRESS',
+        })
+      );
+
+      // in case there's already signed user in the session.
+      await auth.signOut();
+
+      const signInResult = await auth.signIn({
+        username,
+        password: temporaryPassword,
+      });
+
+      assert.strictEqual(
+        signInResult.nextStep.signInStep,
+        'CONFIRM_SIGN_IN_WITH_NEW_PASSWORD_REQUIRED'
+      );
+
+      await auth.confirmSignIn({
+        challengeResponse: password,
+      });
+
+      return {
+        username,
+        password,
+      };
+    } finally {
+      console.log(`user ${username} created`);
+      this.lock.release();
+    }
+  };
+}