UNPKG

@aws-amplify/core/lib/Signer.js

Version:

5.9 kBJavaScriptView Raw

1"use strict";
2// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3// SPDX-License-Identifier: Apache-2.0
4var __assign = (this && this.__assign) || function () {
  __assign = Object.assign || function(t) {
      for (var s, i = 1, n = arguments.length; i < n; i++) {
          s = arguments[i];
          for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
              t[p] = s[p];
      }
      return t;
  };
  return __assign.apply(this, arguments);
14};
15Object.defineProperty(exports, "__esModule", { value: true });
16exports.Signer = void 0;
17var Util_1 = require("./Util");
18var signatureV4_1 = require("./clients/middleware/signing/signer/signatureV4");
19var IOT_SERVICE_NAME = 'iotdevicegateway';
20// Best practice regex to parse the service and region from an AWS endpoint
21var AWS_ENDPOINT_REGEX = /([^\.]+)\.(?:([^\.]*)\.)?amazonaws\.com(.cn)?$/;
22var Signer = /** @class */ (function () {
  function Signer() {
  }
  /**
  * Sign a HTTP request, add 'Authorization' header to request param
  * @method sign
  * @memberof Signer
  * @static
  *
  * @param {object} request - HTTP request object
  <pre>
  request: {
      method: GET | POST | PUT ...
      url: ...,
      headers: {
          header1: ...
      },
      data: data
  }
  </pre>
  * @param {object} access_info - AWS access credential info
  <pre>
  access_info: {
      access_key: ...,
      secret_key: ...,
      session_token: ...
  }
  </pre>
  * @param {object} [service_info] - AWS service type and region, optional,
  *                                  if not provided then parse out from url
  <pre>
  service_info: {
      service: ...,
      region: ...
  }
  </pre>
  *
  * @returns {object} Signed HTTP request
  */
  Signer.sign = function (request, accessInfo, serviceInfo) {
      request.headers = request.headers || {};
      if (request.body && !request.data) {
          throw new Error('The attribute "body" was found on the request object. Please use the attribute "data" instead.');
      }
      var requestToSign = __assign(__assign({}, request), { body: request.data, url: new URL(request.url) });
      var options = getOptions(requestToSign, accessInfo, serviceInfo);
      var signedRequest = (0, signatureV4_1.signRequest)(requestToSign, options);
      // Prior to using `signRequest`, Signer accepted urls as strings and outputted urls as string. Coerce the property
      // back to a string so as not to disrupt consumers of Signer.
      signedRequest.url = signedRequest.url.toString();
      // HTTP headers should be case insensitive but, to maintain parity with the previous Signer implementation and
      // limit the impact of this implementation swap, replace lowercased headers with title cased ones.
      signedRequest.headers.Authorization = signedRequest.headers.authorization;
      signedRequest.headers['X-Amz-Security-Token'] =
          signedRequest.headers['x-amz-security-token'];
      delete signedRequest.headers.authorization;
      delete signedRequest.headers['x-amz-security-token'];
      return signedRequest;
  };
  Signer.signUrl = function (urlOrRequest, accessInfo, serviceInfo, expiration) {
      var urlToSign = typeof urlOrRequest === 'object' ? urlOrRequest.url : urlOrRequest;
      var method = typeof urlOrRequest === 'object' ? urlOrRequest.method : 'GET';
      var body = typeof urlOrRequest === 'object' ? urlOrRequest.body : undefined;
      var presignable = {
          body: body,
          method: method,
          url: new URL(urlToSign),
      };
      var options = getOptions(presignable, accessInfo, serviceInfo, expiration);
      var signedUrl = (0, signatureV4_1.presignUrl)(presignable, options);
      if (accessInfo.session_token &&
          !sessionTokenRequiredInSigning(options.signingService)) {
          signedUrl.searchParams.append(signatureV4_1.TOKEN_QUERY_PARAM, accessInfo.session_token);
      }
      return signedUrl.toString();
  };
  return Signer;
99}());
100exports.Signer = Signer;
101var getOptions = function (request, accessInfo, serviceInfo, expiration) {
  var _a = accessInfo !== null && accessInfo !== void 0 ? accessInfo : {}, access_key = _a.access_key, secret_key = _a.secret_key, session_token = _a.session_token;
  var _b = parseServiceInfo(request.url), urlRegion = _b.region, urlService = _b.service;
  var _c = serviceInfo !== null && serviceInfo !== void 0 ? serviceInfo : {}, _d = _c.region, region = _d === void 0 ? urlRegion : _d, _e = _c.service, service = _e === void 0 ? urlService : _e;
  var credentials = __assign({ accessKeyId: access_key, secretAccessKey: secret_key }, (sessionTokenRequiredInSigning(service)
      ? { sessionToken: session_token }
      : {}));
  return __assign({ credentials: credentials, signingDate: Util_1.DateUtils.getDateWithClockOffset(), signingRegion: region, signingService: service }, (expiration && { expiration: expiration }));
109};
110// TODO: V6 investigate whether add to custom clients' general signer implementation.
111var parseServiceInfo = function (url) {
  var _a;
  var host = url.host;
  var matched = (_a = host.match(AWS_ENDPOINT_REGEX)) !== null && _a !== void 0 ? _a : [];
  var parsed = matched.slice(1, 3);
  if (parsed[1] === 'es') {
      // Elastic Search
      parsed = parsed.reverse();
  }
  return {
      service: parsed[0],
      region: parsed[1],
  };
124};
125// IoT service does not allow the session token in the canonical request
126// https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
127// TODO: V6 investigate whether add to custom clients' general signer implementation.
128var sessionTokenRequiredInSigning = function (service) {
  return service !== IOT_SERVICE_NAME;
130};

1	`"use strict";`
2	`// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.`
3	`// SPDX-License-Identifier: Apache-2.0`
4	`var __assign = (this && this.__assign) \|\| function () {`
5	`__assign = Object.assign \|\| function(t) {`
6	`for (var s, i = 1, n = arguments.length; i < n; i++) {`
7	`s = arguments[i];`
8	`for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))`
9	`t[p] = s[p];`
10	`}`
11	`return t;`
12	`};`
13	`return __assign.apply(this, arguments);`
14	`};`
15	`Object.defineProperty(exports, "__esModule", { value: true });`
16	`exports.Signer = void 0;`
17	`var Util_1 = require("./Util");`
18	`var signatureV4_1 = require("./clients/middleware/signing/signer/signatureV4");`
19	`var IOT_SERVICE_NAME = 'iotdevicegateway';`
20	`// Best practice regex to parse the service and region from an AWS endpoint`
21	`var AWS_ENDPOINT_REGEX = /([^\.]+)\.(?:([^\.]*)\.)?amazonaws\.com(.cn)?$/;`
22	`var Signer = /** @class */ (function () {`
23	`function Signer() {`
24	`}`
25	`/**`
26	`* Sign a HTTP request, add 'Authorization' header to request param`
27	`* @method sign`
28	`* @memberof Signer`
29	`* @static`
30	`*`
31	`* @param {object} request - HTTP request object`
32	`<pre>`
33	`request: {`
34	`method: GET \| POST \| PUT ...`
35	`url: ...,`
36	`headers: {`
37	`header1: ...`
38	`},`
39	`data: data`
40	`}`
41	`</pre>`
42	`* @param {object} access_info - AWS access credential info`
43	`<pre>`
44	`access_info: {`
45	`access_key: ...,`
46	`secret_key: ...,`
47	`session_token: ...`
48	`}`
49	`</pre>`
50	`* @param {object} [service_info] - AWS service type and region, optional,`
51	`* if not provided then parse out from url`
52	`<pre>`
53	`service_info: {`
54	`service: ...,`
55	`region: ...`
56	`}`
57	`</pre>`
58	`*`
59	`* @returns {object} Signed HTTP request`
60	`*/`
61	`Signer.sign = function (request, accessInfo, serviceInfo) {`
62	`request.headers = request.headers \|\| {};`
63	`if (request.body && !request.data) {`
64	`throw new Error('The attribute "body" was found on the request object. Please use the attribute "data" instead.');`
65	`}`
66	`var requestToSign = __assign(__assign({}, request), { body: request.data, url: new URL(request.url) });`
67	`var options = getOptions(requestToSign, accessInfo, serviceInfo);`
68	`var signedRequest = (0, signatureV4_1.signRequest)(requestToSign, options);`
69	// Prior to using `signRequest`, Signer accepted urls as strings and outputted urls as string. Coerce the property
70	`// back to a string so as not to disrupt consumers of Signer.`
71	`signedRequest.url = signedRequest.url.toString();`
72	`// HTTP headers should be case insensitive but, to maintain parity with the previous Signer implementation and`
73	`// limit the impact of this implementation swap, replace lowercased headers with title cased ones.`
74	`signedRequest.headers.Authorization = signedRequest.headers.authorization;`
75	`signedRequest.headers['X-Amz-Security-Token'] =`
76	`signedRequest.headers['x-amz-security-token'];`
77	`delete signedRequest.headers.authorization;`
78	`delete signedRequest.headers['x-amz-security-token'];`
79	`return signedRequest;`
80	`};`
81	`Signer.signUrl = function (urlOrRequest, accessInfo, serviceInfo, expiration) {`
82	`var urlToSign = typeof urlOrRequest === 'object' ? urlOrRequest.url : urlOrRequest;`
83	`var method = typeof urlOrRequest === 'object' ? urlOrRequest.method : 'GET';`
84	`var body = typeof urlOrRequest === 'object' ? urlOrRequest.body : undefined;`
85	`var presignable = {`
86	`body: body,`
87	`method: method,`
88	`url: new URL(urlToSign),`
89	`};`
90	`var options = getOptions(presignable, accessInfo, serviceInfo, expiration);`
91	`var signedUrl = (0, signatureV4_1.presignUrl)(presignable, options);`
92	`if (accessInfo.session_token &&`
93	`!sessionTokenRequiredInSigning(options.signingService)) {`
94	`signedUrl.searchParams.append(signatureV4_1.TOKEN_QUERY_PARAM, accessInfo.session_token);`
95	`}`
96	`return signedUrl.toString();`
97	`};`
98	`return Signer;`
99	`}());`
100	`exports.Signer = Signer;`
101	`var getOptions = function (request, accessInfo, serviceInfo, expiration) {`
102	`var _a = accessInfo !== null && accessInfo !== void 0 ? accessInfo : {}, access_key = _a.access_key, secret_key = _a.secret_key, session_token = _a.session_token;`
103	`var _b = parseServiceInfo(request.url), urlRegion = _b.region, urlService = _b.service;`
104	`var _c = serviceInfo !== null && serviceInfo !== void 0 ? serviceInfo : {}, _d = _c.region, region = _d === void 0 ? urlRegion : _d, _e = _c.service, service = _e === void 0 ? urlService : _e;`
105	`var credentials = __assign({ accessKeyId: access_key, secretAccessKey: secret_key }, (sessionTokenRequiredInSigning(service)`
106	`? { sessionToken: session_token }`
107	`: {}));`
108	`return __assign({ credentials: credentials, signingDate: Util_1.DateUtils.getDateWithClockOffset(), signingRegion: region, signingService: service }, (expiration && { expiration: expiration }));`
109	`};`
110	`// TODO: V6 investigate whether add to custom clients' general signer implementation.`
111	`var parseServiceInfo = function (url) {`
112	`var _a;`
113	`var host = url.host;`
114	`var matched = (_a = host.match(AWS_ENDPOINT_REGEX)) !== null && _a !== void 0 ? _a : [];`
115	`var parsed = matched.slice(1, 3);`
116	`if (parsed[1] === 'es') {`
117	`// Elastic Search`
118	`parsed = parsed.reverse();`
119	`}`
120	`return {`
121	`service: parsed[0],`
122	`region: parsed[1],`
123	`};`
124	`};`
125	`// IoT service does not allow the session token in the canonical request`
126	`// https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html`
127	`// TODO: V6 investigate whether add to custom clients' general signer implementation.`
128	`var sessionTokenRequiredInSigning = function (service) {`
129	`return service !== IOT_SERVICE_NAME;`
130	`};`