| 1 | /// <reference types="node" />
|
| 2 |
|
| 3 | import { OutgoingHttpHeaders, RequestOptions } from "http";
|
| 4 |
|
| 5 | export interface Request extends RequestOptions {
|
| 6 | /** Defaults to {@link RequestSigner.createHost}() if possible. */
|
| 7 | host?: string;
|
| 8 | /** Equivalent to {@link host} */
|
| 9 | hostname?: string;
|
| 10 | /** Defaults to `"GET"`, or `"POST"` if there is a {@link body}. */
|
| 11 | method?: string;
|
| 12 | /** Defaults to `/`. */
|
| 13 | path?: string;
|
| 14 | /** Defaults to `""`. */
|
| 15 | body?: string | Buffer;
|
| 16 | /** Defaults to {@link RequestSigner.matchHost}()[0], or `""`. */
|
| 17 | service?: string;
|
| 18 | /** Defaults to {@link RequestSigner.matchHost}()[1], or `"us-east-1"`. */
|
| 19 | region?: string;
|
| 20 | /** To sign the query instead of adding an Authorization header, defaults to false. */
|
| 21 | signQuery?: boolean;
|
| 22 | /**
|
| 23 | * Some headers have a default value:
|
| 24 | * - `Host`: Defaults to {@link hostname}, {@link host}, or
|
| 25 | * {@link RequestSigner.createHost}()
|
| 26 | * - `Content-Type`: defaults to
|
| 27 | * `"application/x-www-form-urlencoded; charset=utf-8"`
|
| 28 | * if there is a {@link body}
|
| 29 | * - `Date`: used to calculate the signature date if given, defaults to
|
| 30 | * `new Date()`
|
| 31 | */
|
| 32 | headers?: OutgoingHttpHeaders;
|
| 33 | /** If true, signing the Request won’t mutate the headers. */
|
| 34 | doNotModifyHeaders?: boolean;
|
| 35 | /** If true, {@link path} won’t be encoded in the signature. */
|
| 36 | doNotEncodePath?: boolean;
|
| 37 | }
|
| 38 |
|
| 39 | export interface Credentials {
|
| 40 | /** Equivalent to the env vars `AWS_ACCESS_KEY_ID` and `AWS_ACCESS_KEY`. */
|
| 41 | accessKeyId?: string;
|
| 42 | /** Equivalent to the env vars `AWS_SECRET_ACCESS_KEY` and `AWS_SECRET_KEY`. */
|
| 43 | secretAccessKey?: string;
|
| 44 | /** Equivalent to the env var `AWS_SESSION_TOKEN`. */
|
| 45 | sessionToken?: string;
|
| 46 | }
|
| 47 |
|
| 48 | export class RequestSigner {
|
| 49 | constructor(requestOptions: string | Request, credentials?: Credentials);
|
| 50 |
|
| 51 | request: Request;
|
| 52 | credentials: Credentials;
|
| 53 | service: string;
|
| 54 | region: string;
|
| 55 |
|
| 56 | /**
|
| 57 | * `true` if { service} is `"codecommit"` and { request}.method
|
| 58 | * is `"GIT"`.
|
| 59 | */
|
| 60 | isCodeCommitGit: boolean;
|
| 61 |
|
| 62 | /**
|
| 63 | * Set by:
|
| 64 | * - {@link prepareRequest}
|
| 65 | * - {@link sign}
|
| 66 | * - {@link canonicalString}
|
| 67 | * - {@link parsePath}
|
| 68 | */
|
| 69 | parsedPath?: {
|
| 70 | path: string;
|
| 71 | query: Record<string, string | string[]>;
|
| 72 | };
|
| 73 |
|
| 74 | /**
|
| 75 | * Used as a cache by {@link getDateTime} and {@link getDate}.
|
| 76 | * Setting it will shortcut those functions.
|
| 77 | *
|
| 78 | * Set by:
|
| 79 | * - {@link prepareRequest}
|
| 80 | * - {@link getDateTime}
|
| 81 | * - {@link sign}
|
| 82 | */
|
| 83 | datetime?: string;
|
| 84 |
|
| 85 | /**
|
| 86 | * Extract the service code and region code from a Host name.
|
| 87 | * @returns two element string tuple with values [service, region].
|
| 88 | */
|
| 89 | matchHost(host: string): [string, string];
|
| 90 |
|
| 91 | /**
|
| 92 | * https://docs.aws.amazon.com/general/latest/gr/rande.html
|
| 93 | */
|
| 94 | isSingleRegion(): boolean;
|
| 95 |
|
| 96 | /**
|
| 97 | * Compute the Host name from the {@link service} and the {@link region}.
|
| 98 | */
|
| 99 | createHost(): string;
|
| 100 |
|
| 101 | /**
|
| 102 | * Generate the Authorization header value.
|
| 103 | */
|
| 104 | authHeader(): string;
|
| 105 |
|
| 106 | /**
|
| 107 | * Generate a string representation of {@link request}.headers:
|
| 108 | * - one header per line, formatted as `<key>:<value>`
|
| 109 | * - lines are sorted.
|
| 110 | * - `<key>` is in lowercase and is trimmed.
|
| 111 | * - `<value>` is trimmed, and contiguous whitespaces are reduced to a
|
| 112 | * single space character ` `.
|
| 113 | *
|
| 114 | * These headers are filtered out:
|
| 115 | * - `authorization`
|
| 116 | * - `connection`
|
| 117 | * - `x-amzn-trace-id`
|
| 118 | * - `user-agent`
|
| 119 | * - `expect`
|
| 120 | * - `presigned-expires`
|
| 121 | * - `range`
|
| 122 | */
|
| 123 | canonicalHeaders(): string;
|
| 124 |
|
| 125 | /**
|
| 126 | * Generates a list of the header names of {@link request}.headers separated
|
| 127 | * by `;`.
|
| 128 | *
|
| 129 | * These headers are filtered out:
|
| 130 | * - `authorization`
|
| 131 | * - `connection`
|
| 132 | * - `x-amzn-trace-id`
|
| 133 | * - `user-agent`
|
| 134 | * - `expect`
|
| 135 | * - `presigned-expires`
|
| 136 | * - `range`
|
| 137 | */
|
| 138 | signedHeaders(): string;
|
| 139 |
|
| 140 | /**
|
| 141 | * Generate the “credential scope” part of the signature.
|
| 142 | */
|
| 143 | credentialString(): string;
|
| 144 |
|
| 145 | /**
|
| 146 | * Extract credentials from the environment, if found.
|
| 147 | */
|
| 148 | defaultCredentials(): Credentials;
|
| 149 |
|
| 150 | /**
|
| 151 | * Parse {@link request}.path and store the results in {@link parsedPath}.
|
| 152 | */
|
| 153 | parsePath(): void;
|
| 154 |
|
| 155 | /**
|
| 156 | * **Will throw if {@link parsedPath} is undefined!**
|
| 157 | *
|
| 158 | * Rebuild the path from {@link parsedPath}.
|
| 159 | */
|
| 160 | formatPath(): string;
|
| 161 |
|
| 162 | /**
|
| 163 | * Sign the Request. The Request is returned for convenience.
|
| 164 | */
|
| 165 | sign(): Request;
|
| 166 |
|
| 167 | /**
|
| 168 | * Calls {@link parsePath}.
|
| 169 | * Prepare the Request by setting the required headers,
|
| 170 | * or query parameters if {@link request}.signQuery is true.
|
| 171 | */
|
| 172 | prepareRequest(): void;
|
| 173 |
|
| 174 | /**
|
| 175 | * If {@link datetime} is set, it is returned without further processing.
|
| 176 | *
|
| 177 | * Else, parse the `Date` header from {@link request}.headers,
|
| 178 | * or get the current date, and format it as (ISO 8601):
|
| 179 | * ```
|
| 180 | * YYYYMMDDThhmmssZ
|
| 181 | * ```
|
| 182 | * If {@link isCodeCommitGit} is `true`, then the trailing `Z` is removed.
|
| 183 | *
|
| 184 | * The result is stored to {@link datetime} before being returned.
|
| 185 | */
|
| 186 | getDateTime(): string;
|
| 187 |
|
| 188 | /**
|
| 189 | * If {@link datetime} is set, its first 8 characters are returned.
|
| 190 | *
|
| 191 | * Else, call {@link getDateTime} and return the first 8 characters.
|
| 192 | */
|
| 193 | getDate(): string;
|
| 194 |
|
| 195 | /**
|
| 196 | * Generate a string representation of the Request.
|
| 197 | * https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
|
| 198 | */
|
| 199 | canonicalString(): string;
|
| 200 |
|
| 201 | /**
|
| 202 | * Compute the Request HMAC signature.
|
| 203 | */
|
| 204 | signature(): string;
|
| 205 |
|
| 206 | /**
|
| 207 | * Generate the raw data to be signed.
|
| 208 | * https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
|
| 209 | */
|
| 210 | stringToSign(): string;
|
| 211 | }
|
| 212 |
|
| 213 | /**
|
| 214 | * Calculates and populates any necessary AWS headers and/or request options on
|
| 215 | * `requestOptions`. Returns `requestOptions` as a convenience for chaining.
|
| 216 | */
|
| 217 | export function sign(requestOptions: string | Request, credentials?: Credentials): Request;
|