{"version":3,"file":"Signer.mjs","sources":["../../../src/Signer/Signer.ts"],"sourcesContent":["// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n// SPDX-License-Identifier: Apache-2.0\nimport { TOKEN_QUERY_PARAM, presignUrl, signRequest, } from '../clients/middleware/signing/signer/signatureV4';\nimport { AmplifyUrl } from '../utils/amplifyUrl';\nimport { DateUtils } from './DateUtils';\nconst IOT_SERVICE_NAME = 'iotdevicegateway';\n// Best practice regex to parse the service and region from an AWS endpoint\nconst AWS_ENDPOINT_REGEX = /([^.]+)\\.(?:([^.]*)\\.)?amazonaws\\.com(.cn)?$/;\n/**\n * This class is intended to be deprecated and replaced by `signRequest` and `presignUrl` functions from\n * `clients/middleware/signing/signer/signatureV4`.\n *\n * TODO: refactor the logics here into `signRequest` and `presignUrl` functions and remove this class.\n *\n * @internal\n * @deprecated\n */\nexport class Signer {\n /**\n * Sign a HTTP request, add 'Authorization' header to request param\n * @method sign\n * @memberof Signer\n * @static\n *\n * @param {object} request - HTTP request object\n \n request: {\n method: GET | POST | PUT ...\n url: ...,\n headers: {\n header1: ...\n },\n data: data\n }\n \n * @param {object} access_info - AWS access credential info\n \n access_info: {\n access_key: ...,\n secret_key: ...,\n session_token: ...\n }\n \n * @param {object} [service_info] - AWS service type and region, optional,\n * if not provided then parse out from url\n \n service_info: {\n service: ...,\n region: ...\n }\n \n *\n * @returns {object} Signed HTTP request\n */\n static sign(request, accessInfo, serviceInfo) {\n request.headers = request.headers || {};\n if (request.body && !request.data) {\n throw new Error('The attribute \"body\" was found on the request object. Please use the attribute \"data\" instead.');\n }\n const requestToSign = {\n ...request,\n body: request.data,\n url: new AmplifyUrl(request.url),\n };\n const options = getOptions(requestToSign, accessInfo, serviceInfo);\n const signedRequest = signRequest(requestToSign, options);\n // Prior to using `signRequest`, Signer accepted urls as strings and outputted urls as string. Coerce the property\n // back to a string so as not to disrupt consumers of Signer.\n signedRequest.url = signedRequest.url.toString();\n // HTTP headers should be case insensitive but, to maintain parity with the previous Signer implementation and\n // limit the impact of this implementation swap, replace lowercased headers with title cased ones.\n signedRequest.headers.Authorization = signedRequest.headers.authorization;\n signedRequest.headers['X-Amz-Security-Token'] =\n signedRequest.headers['x-amz-security-token'];\n delete signedRequest.headers.authorization;\n delete signedRequest.headers['x-amz-security-token'];\n return signedRequest;\n }\n static signUrl(urlOrRequest, accessInfo, serviceInfo, expiration) {\n const urlToSign = typeof urlOrRequest === 'object' ? urlOrRequest.url : urlOrRequest;\n const method = typeof urlOrRequest === 'object' ? urlOrRequest.method : 'GET';\n const body = typeof urlOrRequest === 'object' ? urlOrRequest.body : undefined;\n const presignable = {\n body,\n method,\n url: new AmplifyUrl(urlToSign),\n };\n const options = getOptions(presignable, accessInfo, serviceInfo, expiration);\n const signedUrl = presignUrl(presignable, options);\n if (accessInfo.session_token &&\n !sessionTokenRequiredInSigning(options.signingService)) {\n signedUrl.searchParams.append(TOKEN_QUERY_PARAM, accessInfo.session_token);\n }\n return signedUrl.toString();\n }\n}\nconst getOptions = (request, accessInfo, serviceInfo, expiration) => {\n const { access_key, secret_key, session_token } = accessInfo ?? {};\n const { region: urlRegion, service: urlService } = parseServiceInfo(request.url);\n const { region = urlRegion, service = urlService } = serviceInfo ?? {};\n const credentials = {\n accessKeyId: access_key,\n secretAccessKey: secret_key,\n ...(sessionTokenRequiredInSigning(service)\n ? { sessionToken: session_token }\n : {}),\n };\n return {\n credentials,\n signingDate: DateUtils.getDateWithClockOffset(),\n signingRegion: region,\n signingService: service,\n ...(expiration && { expiration }),\n };\n};\nconst parseServiceInfo = (url) => {\n const { host } = url;\n const matched = host.match(AWS_ENDPOINT_REGEX) ?? [];\n let parsed = matched.slice(1, 3);\n if (parsed[1] === 'es') {\n // Elastic Search\n parsed = parsed.reverse();\n }\n return {\n service: parsed[0],\n region: parsed[1],\n };\n};\n// IoT service does not allow the session token in the canonical request\n// https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html\nconst sessionTokenRequiredInSigning = (service) => service !== IOT_SERVICE_NAME;\n"],"names":[],"mappings":";;;;;;;;AAAA;AACA;AAIA,MAAM,gBAAgB,GAAG,kBAAkB;AAC3C;AACA,MAAM,kBAAkB,GAAG,8CAA8C;AACzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAM,MAAM,CAAC;AACpB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,OAAO,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE;AAClD,QAAQ,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE;AAC/C,QAAQ,IAAI,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;AAC3C,YAAY,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC;AAC7H,QAAQ;AACR,QAAQ,MAAM,aAAa,GAAG;AAC9B,YAAY,GAAG,OAAO;AACtB,YAAY,IAAI,EAAE,OAAO,CAAC,IAAI;AAC9B,YAAY,GAAG,EAAE,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC;AAC5C,SAAS;AACT,QAAQ,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,EAAE,UAAU,EAAE,WAAW,CAAC;AAC1E,QAAQ,MAAM,aAAa,GAAG,WAAW,CAAC,aAAa,EAAE,OAAO,CAAC;AACjE;AACA;AACA,QAAQ,aAAa,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE;AACxD;AACA;AACA,QAAQ,aAAa,CAAC,OAAO,CAAC,aAAa,GAAG,aAAa,CAAC,OAAO,CAAC,aAAa;AACjF,QAAQ,aAAa,CAAC,OAAO,CAAC,sBAAsB,CAAC;AACrD,YAAY,aAAa,CAAC,OAAO,CAAC,sBAAsB,CAAC;AACzD,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC,aAAa;AAClD,QAAQ,OAAO,aAAa,CAAC,OAAO,CAAC,sBAAsB,CAAC;AAC5D,QAAQ,OAAO,aAAa;AAC5B,IAAI;AACJ,IAAI,OAAO,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE;AACtE,QAAQ,MAAM,SAAS,GAAG,OAAO,YAAY,KAAK,QAAQ,GAAG,YAAY,CAAC,GAAG,GAAG,YAAY;AAC5F,QAAQ,MAAM,MAAM,GAAG,OAAO,YAAY,KAAK,QAAQ,GAAG,YAAY,CAAC,MAAM,GAAG,KAAK;AACrF,QAAQ,MAAM,IAAI,GAAG,OAAO,YAAY,KAAK,QAAQ,GAAG,YAAY,CAAC,IAAI,GAAG,SAAS;AACrF,QAAQ,MAAM,WAAW,GAAG;AAC5B,YAAY,IAAI;AAChB,YAAY,MAAM;AAClB,YAAY,GAAG,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC;AAC1C,SAAS;AACT,QAAQ,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,CAAC;AACpF,QAAQ,MAAM,SAAS,GAAG,UAAU,CAAC,WAAW,EAAE,OAAO,CAAC;AAC1D,QAAQ,IAAI,UAAU,CAAC,aAAa;AACpC,YAAY,CAAC,6BAA6B,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;AACpE,YAAY,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,iBAAiB,EAAE,UAAU,CAAC,aAAa,CAAC;AACtF,QAAQ;AACR,QAAQ,OAAO,SAAS,CAAC,QAAQ,EAAE;AACnC,IAAI;AACJ;AACA,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,KAAK;AACrE,IAAI,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,UAAU,IAAI,EAAE;AACtE,IAAI,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC;AACpF,IAAI,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,OAAO,GAAG,UAAU,EAAE,GAAG,WAAW,IAAI,EAAE;AAC1E,IAAI,MAAM,WAAW,GAAG;AACxB,QAAQ,WAAW,EAAE,UAAU;AAC/B,QAAQ,eAAe,EAAE,UAAU;AACnC,QAAQ,IAAI,6BAA6B,CAAC,OAAO;AACjD,cAAc,EAAE,YAAY,EAAE,aAAa;AAC3C,cAAc,EAAE,CAAC;AACjB,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,WAAW;AACnB,QAAQ,WAAW,EAAE,SAAS,CAAC,sBAAsB,EAAE;AACvD,QAAQ,aAAa,EAAE,MAAM;AAC7B,QAAQ,cAAc,EAAE,OAAO;AAC/B,QAAQ,IAAI,UAAU,IAAI,EAAE,UAAU,EAAE,CAAC;AACzC,KAAK;AACL,CAAC;AACD,MAAM,gBAAgB,GAAG,CAAC,GAAG,KAAK;AAClC,IAAI,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG;AACxB,IAAI,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,EAAE;AACxD,IAAI,IAAI,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;AACpC,IAAI,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE;AAC5B;AACA,QAAQ,MAAM,GAAG,MAAM,CAAC,OAAO,EAAE;AACjC,IAAI;AACJ,IAAI,OAAO;AACX,QAAQ,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAC1B,QAAQ,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AACzB,KAAK;AACL,CAAC;AACD;AACA;AACA,MAAM,6BAA6B,GAAG,CAAC,OAAO,KAAK,OAAO,KAAK,gBAAgB;;;;"}