1 | /// <reference types="node" />
|
2 |
|
3 | import { OutgoingHttpHeaders, RequestOptions } from "http";
|
4 |
|
5 | export interface Request extends RequestOptions {
|
6 | /** Defaults to {@link RequestSigner.createHost}() if possible. */
|
7 | host?: string;
|
8 | /** Equivalent to {@link host} */
|
9 | hostname?: string;
|
10 | /** Defaults to `"GET"`, or `"POST"` if there is a {@link body}. */
|
11 | method?: string;
|
12 | /** Defaults to `/`. */
|
13 | path?: string;
|
14 | /** Defaults to `""`. */
|
15 | body?: string | Buffer;
|
16 | /** Defaults to {@link RequestSigner.matchHost}()[0], or `""`. */
|
17 | service?: string;
|
18 | /** Defaults to {@link RequestSigner.matchHost}()[1], or `"us-east-1"`. */
|
19 | region?: string;
|
20 | /** To sign the query instead of adding an Authorization header, defaults to false. */
|
21 | signQuery?: boolean;
|
22 | /**
|
23 | * Some headers have a default value:
|
24 | * - `Host`: Defaults to {@link hostname}, {@link host}, or
|
25 | * {@link RequestSigner.createHost}()
|
26 | * - `Content-Type`: defaults to
|
27 | * `"application/x-www-form-urlencoded; charset=utf-8"`
|
28 | * if there is a {@link body}
|
29 | * - `Date`: used to calculate the signature date if given, defaults to
|
30 | * `new Date()`
|
31 | */
|
32 | headers?: OutgoingHttpHeaders;
|
33 | /** If true, signing the Request won’t mutate the headers. */
|
34 | doNotModifyHeaders?: boolean;
|
35 | /** If true, {@link path} won’t be encoded in the signature. */
|
36 | doNotEncodePath?: boolean;
|
37 | }
|
38 |
|
39 | export interface Credentials {
|
40 | /** Equivalent to the env vars `AWS_ACCESS_KEY_ID` and `AWS_ACCESS_KEY`. */
|
41 | accessKeyId?: string;
|
42 | /** Equivalent to the env vars `AWS_SECRET_ACCESS_KEY` and `AWS_SECRET_KEY`. */
|
43 | secretAccessKey?: string;
|
44 | /** Equivalent to the env var `AWS_SESSION_TOKEN`. */
|
45 | sessionToken?: string;
|
46 | }
|
47 |
|
48 | export class RequestSigner {
|
49 | constructor(requestOptions: string | Request, credentials?: Credentials);
|
50 |
|
51 | request: Request;
|
52 | credentials: Credentials;
|
53 | service: string;
|
54 | region: string;
|
55 |
|
56 | /**
|
57 | * `true` if {`"codecommit"` and { request}.method
service} is |
58 | * is `"GIT"`.
|
59 | */
|
60 | isCodeCommitGit: boolean;
|
61 |
|
62 | /**
|
63 | * Set by:
|
64 | * - {@link prepareRequest}
|
65 | * - {@link sign}
|
66 | * - {@link canonicalString}
|
67 | * - {@link parsePath}
|
68 | */
|
69 | parsedPath?: {
|
70 | path: string;
|
71 | query: Record<string, string | string[]>;
|
72 | };
|
73 |
|
74 | /**
|
75 | * Used as a cache by {@link getDateTime} and {@link getDate}.
|
76 | * Setting it will shortcut those functions.
|
77 | *
|
78 | * Set by:
|
79 | * - {@link prepareRequest}
|
80 | * - {@link getDateTime}
|
81 | * - {@link sign}
|
82 | */
|
83 | datetime?: string;
|
84 |
|
85 | /**
|
86 | * Extract the service code and region code from a Host name.
|
87 | * @returns two element string tuple with values [service, region].
|
88 | */
|
89 | matchHost(host: string): [string, string];
|
90 |
|
91 | /**
|
92 | * https://docs.aws.amazon.com/general/latest/gr/rande.html
|
93 | */
|
94 | isSingleRegion(): boolean;
|
95 |
|
96 | /**
|
97 | * Compute the Host name from the {@link service} and the {@link region}.
|
98 | */
|
99 | createHost(): string;
|
100 |
|
101 | /**
|
102 | * Generate the Authorization header value.
|
103 | */
|
104 | authHeader(): string;
|
105 |
|
106 | /**
|
107 | * Generate a string representation of {@link request}.headers:
|
108 | * - one header per line, formatted as `<key>:<value>`
|
109 | * - lines are sorted.
|
110 | * - `<key>` is in lowercase and is trimmed.
|
111 | * - `<value>` is trimmed, and contiguous whitespaces are reduced to a
|
112 | * single space character ` `.
|
113 | *
|
114 | * These headers are filtered out:
|
115 | * - `authorization`
|
116 | * - `connection`
|
117 | * - `x-amzn-trace-id`
|
118 | * - `user-agent`
|
119 | * - `expect`
|
120 | * - `presigned-expires`
|
121 | * - `range`
|
122 | */
|
123 | canonicalHeaders(): string;
|
124 |
|
125 | /**
|
126 | * Generates a list of the header names of {@link request}.headers separated
|
127 | * by `;`.
|
128 | *
|
129 | * These headers are filtered out:
|
130 | * - `authorization`
|
131 | * - `connection`
|
132 | * - `x-amzn-trace-id`
|
133 | * - `user-agent`
|
134 | * - `expect`
|
135 | * - `presigned-expires`
|
136 | * - `range`
|
137 | */
|
138 | signedHeaders(): string;
|
139 |
|
140 | /**
|
141 | * Generate the “credential scope” part of the signature.
|
142 | */
|
143 | credentialString(): string;
|
144 |
|
145 | /**
|
146 | * Extract credentials from the environment, if found.
|
147 | */
|
148 | defaultCredentials(): Credentials;
|
149 |
|
150 | /**
|
151 | * Parse {@link request}.path and store the results in {@link parsedPath}.
|
152 | */
|
153 | parsePath(): void;
|
154 |
|
155 | /**
|
156 | * **Will throw if {@link parsedPath} is undefined!**
|
157 | *
|
158 | * Rebuild the path from {@link parsedPath}.
|
159 | */
|
160 | formatPath(): string;
|
161 |
|
162 | /**
|
163 | * Sign the Request. The Request is returned for convenience.
|
164 | */
|
165 | sign(): Request;
|
166 |
|
167 | /**
|
168 | * Calls {@link parsePath}.
|
169 | * Prepare the Request by setting the required headers,
|
170 | * or query parameters if {@link request}.signQuery is true.
|
171 | */
|
172 | prepareRequest(): void;
|
173 |
|
174 | /**
|
175 | * If {@link datetime} is set, it is returned without further processing.
|
176 | *
|
177 | * Else, parse the `Date` header from {@link request}.headers,
|
178 | * or get the current date, and format it as (ISO 8601):
|
179 | * ```
|
180 | * YYYYMMDDThhmmssZ
|
181 | * ```
|
182 | * If {@link isCodeCommitGit} is `true`, then the trailing `Z` is removed.
|
183 | *
|
184 | * The result is stored to {@link datetime} before being returned.
|
185 | */
|
186 | getDateTime(): string;
|
187 |
|
188 | /**
|
189 | * If {@link datetime} is set, its first 8 characters are returned.
|
190 | *
|
191 | * Else, call {@link getDateTime} and return the first 8 characters.
|
192 | */
|
193 | getDate(): string;
|
194 |
|
195 | /**
|
196 | * Generate a string representation of the Request.
|
197 | * https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
|
198 | */
|
199 | canonicalString(): string;
|
200 |
|
201 | /**
|
202 | * Compute the Request HMAC signature.
|
203 | */
|
204 | signature(): string;
|
205 |
|
206 | /**
|
207 | * Generate the raw data to be signed.
|
208 | * https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
|
209 | */
|
210 | stringToSign(): string;
|
211 | }
|
212 |
|
213 | /**
|
214 | * Calculates and populates any necessary AWS headers and/or request options on
|
215 | * `requestOptions`. Returns `requestOptions` as a convenience for chaining.
|
216 | */
|
217 | export function sign(requestOptions: string | Request, credentials?: Credentials): Request;
|