Create CloudFront Function and Origin Request Policy

inc/admin/namespace.php

@@ -2,10 +2,14 @@
 
 namespace HM\ACM\Admin;
 
+use function HM\ACM\get_cloudfront_function_arn;
+use function HM\ACM\get_cloudfront_origin_request_policy_id;
 use function HM\ACM\get_suggested_domains;
 use function HM\ACM\has_certificate;
 use function HM\ACM\create_certificate;
 use Exception;
+use function HM\ACM\has_cloudfront_function;
+use function HM\ACM\has_cloudfront_origin_request_policy;
 use function HM\ACM\has_verified_certificate;
 use function HM\ACM\get_certificate;
 use function HM\ACM\refresh_certificate;
@@ -127,6 +131,14 @@ function admin_page() {
 			<h4><?php printf( esc_html__( 'HTTPS Certificate: %1$s (%2$s)', 'hm-acm' ), implode( ', ', $certificate['SubjectAlternativeNames'] ),  $certificate['Status'] ) ?></h4>
 			<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'hm-acm-action', 'unlink-certificate' ), 'hm-acm-unlink-certificate' ) ) ?>" class="button button-secondary"><?php esc_html_e( 'Unlink', 'hm-acm' ) ?></a>
 		<?php endif ?>
+		<?php if ( has_cloudfront_function() ) : ?>
+			<h4><?php printf( esc_html__( 'CDN Function: %s', 'hm-acm' ), get_cloudfront_function_arn() ) ?></h4>
+		<?php endif ?>
+
+		<?php if ( has_cloudfront_origin_request_policy() ) : ?>
+			<h4><?php printf( esc_html__( 'CDN Request Policy: %s', 'hm-acm' ), get_cloudfront_origin_request_policy_id() ) ?></h4>
+		<?php endif ?>
+
 		<?php if ( has_cloudfront_distribution() ) : ?>
 			<?php
 			$distribution = get_cloudfront_distribution();

inc/cli/class-acm.php

@@ -15,9 +15,11 @@
 use function HM\ACM\create_cloudfront_distribution;
 use function HM\ACM\get_suggested_domains;
 use function HM\ACM\has_certificate;
+use function HM\ACM\has_cloudfront_distribution;
 use function HM\ACM\has_verified_certificate;
 use function HM\ACM\refresh_certificate;
 use function HM\ACM\unlink_certificate;
+use function HM\ACM\unlink_cloudfront_distribution;
 
 /**
  * Class for registering ACM specific WP-CLI commands.
@@ -90,7 +92,7 @@ private function validate_inputs( array $args, array $assoc_args ): void {
 			WP_CLI::error( 'An action is required.' );
 		}
 
-		if ( ! in_array( $this->action, [ 'create-cert', 'verify-cert', 'delete-cert', 'create-cloudfront' ], true ) ) {
+		if ( ! in_array( $this->action, [ 'create-cert', 'verify-cert', 'delete-cert', 'create-cloudfront', 'delete-cloudfront' ], true ) ) {
 			WP_CLI::error( 'Invalid action provided.' );
 		}
 
@@ -146,6 +148,9 @@ private function validate_inputs( array $args, array $assoc_args ): void {
 	 * [--exclude=<site-id>]
 	 * : Comma separated list of IDs of the sites to exclude from the action. Useful if you want the command to run network wide but exclude for example main site.
 	 *
+	 * [--rate=<rate>]
+	 * : How many sites to process at a time before sleeping for 1 second. Default is 5.
+	 *
 	 * [--network]
 	 * : Whether to perform the action on all sites on the network.
 	 *
@@ -184,9 +189,11 @@ public function acm( array $args, array $assoc_args ) {
 					break;
 				}
 
+				$rate = $assoc_args['rate'] ? intval( $assoc_args['rate'] ) : 5; // How many sites to process at a time before sleeping for 1 second.
+
 				for ( $i = 0; $i < count( $query->sites ); $i++ ) {
-					if ( $i % 5 === 0 ) {
-						// Sleep for 1 second every 5 sites to avoid rate limiting.
+					if ( $i % $rate === 0 ) {
+						// Sleep for 1 second every X sites to avoid rate limiting.
 						sleep( 1 );
 					}
 
@@ -216,6 +223,9 @@ public function acm( array $args, array $assoc_args ) {
 							case 'create-cloudfront':
 								$result = $this->create_cloudfront( $site_id );
 								break;
+							case 'delete-cloudfront':
+								$result = $this->delete_cloudfront( $site_id );
+								break;
 							default:
 								break;
 						}
@@ -384,13 +394,46 @@ private function delete_cert( int $site_id ): bool {
 		return true;
 	}
 
+	/**
+	 * Delete CloudFront distribution for a site.
+	 *
+	 * @param int $site_id The ID of the site.
+	 * @return boolean
+	 */
+	private function delete_cloudfront( int $site_id ): bool {
+		if ( ! has_cloudfront_distribution() ) {
+			if ( $this->verbose ) {
+				WP_CLI::warning( sprintf( 'Site %d does not have a CloudFront distribution so nothing to delete.', $site_id ) );
+			}
+			return false;
+		}
+
+		unlink_cloudfront_distribution(); // This just removes the option in WP and allows for another CloudFront distribution to be created and linked.
+
+		return true;
+	}
+
 	/**
 	 * Create CloudFront distribution for a site.
 	 *
 	 * @param int $site_id The ID of the site.
 	 * @return boolean
 	 */
 	private function create_cloudfront( int $site_id ): bool {
+		if ( has_cloudfront_distribution() ) {
+			if ( $this->verbose ) {
+				WP_CLI::success( sprintf( 'Site %d already has a CloudFront distribution.', $site_id ) );
+			}
+			return true;
+		}
+
+		if ( ! has_certificate() ) {
+			if ( $this->verbose ) {
+				WP_CLI::warning( sprintf( 'Site %d does not have an SSL certificate so CloudFront distribution cannot be created.', $site_id ) );
+			}
+			return false;
+		}
+
 		if ( ! has_verified_certificate() ) {
 			if ( $this->verbose ) {
 				WP_CLI::warning( sprintf( 'Site %d does not have a verified ACM SSL certificate so CloudFront distribution cannot be created.', $site_id ) );

inc/cloudfront-function.js

@@ -0,0 +1,14 @@
+function handler(event) {
+    var request = event.request;
+    var headers = request.headers;
+
+    // Check if the Host header exists
+    if (headers.host) {
+        // Copy the Host header value to the new x-original-host header (lowercase)
+        headers['x-original-host'] = {
+            value: headers.host.value
+        };
+    }
+
+    return request;
+}