@anthropic-ai/bedrock-sdk/core/auth.js

The official TypeScript library for the Anthropic Bedrock API

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getAuthHeaders = void 0;
const assert_1 = __importDefault(require("assert"));
const signature_v4_1 = require("@smithy/signature-v4");
const credential_providers_1 = require("@aws-sdk/credential-providers");
const protocol_http_1 = require("@smithy/protocol-http");
const sha256_js_1 = require("@aws-crypto/sha256-js");
const getAuthHeaders = async (req, props) => {
    (0, assert_1.default)(req.method, 'Expected request method property to be set');
    const providerChain = (0, credential_providers_1.fromNodeProviderChain)();
    const credentials = await withTempEnv(() => {
        // Temporarily set the appropriate environment variables if we've been
        // explicitly given credentials so that the credentials provider can
        // resolve them.
        //
        // Note: the environment provider is only not run first if the `AWS_PROFILE`
        // environment variable is set.
        // https://github.com/aws/aws-sdk-js-v3/blob/44a18a34b2c93feccdfcd162928d13e6dbdcaf30/packages/credential-provider-node/src/defaultProvider.ts#L49
        if (props.awsAccessKey) {
            process.env['AWS_ACCESS_KEY_ID'] = props.awsAccessKey;
        }
        if (props.awsSecretKey) {
            process.env['AWS_SECRET_ACCESS_KEY'] = props.awsSecretKey;
        }
        if (props.awsSessionToken) {
            process.env['AWS_SESSION_TOKEN'] = props.awsSessionToken;
        }
    }, () => providerChain());
    const signer = new signature_v4_1.SignatureV4({
        service: 'bedrock',
        region: props.regionName,
        credentials,
        sha256: sha256_js_1.Sha256,
    });
    const url = new URL(props.url);
    const headers = !req.headers ? {}
        : Symbol.iterator in req.headers ?
            Object.fromEntries(Array.from(req.headers).map((header) => [...header]))
            : { ...req.headers };
    // The connection header may be stripped by a proxy somewhere, so the receiver
    // of this message may not see this header, so we remove it from the set of headers
    // that are signed.
    delete headers['connection'];
    headers['host'] = url.hostname;
    const request = new protocol_http_1.HttpRequest({
        method: req.method.toUpperCase(),
        protocol: url.protocol,
        path: url.pathname,
        headers,
        body: req.body,
    });
    const signed = await signer.sign(request);
    return signed.headers;
};
exports.getAuthHeaders = getAuthHeaders;
const withTempEnv = async (updateEnv, fn) => {
    const previousEnv = { ...process.env };
    try {
        updateEnv();
        return await fn();
    }
    finally {
        process.env = previousEnv;
    }
};
//# sourceMappingURL=auth.js.map