UNPKG

@aws-amplify/core

Version:

Core category of aws-amplify

aws-amplify.github.io

aws-amplify/amplify-js

92 lines (82 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 import { Credentials, HttpRequest, HttpResponse, MiddlewareHandler, } from '../../types'; import { MiddlewareContext } from '../../types/core'; import { signRequest } from './signer/signatureV4'; import { getSkewCorrectedDate } from './utils/getSkewCorrectedDate'; import { getUpdatedSystemClockOffset } from './utils/getUpdatedSystemClockOffset'; /** * Options type for the async callback function returning aws credentials. This * function is used by SigV4 signer to resolve the aws credentials */ export interface CredentialsProviderOptions { forceRefresh?: boolean; } /** * Configuration of the signing middleware */ export interface SigningOptions { credentials: | Credentials | ((options?: CredentialsProviderOptions) => Promise<Credentials>); region: string; service: string; /** * Whether to uri encode the path as part of canonical uri. It's used for S3 only where the pathname * is already uri encoded, and the signing process is not expected to uri encode it again. * * @default true */ uriEscapePath?: boolean; } /** * Middleware that SigV4 signs request with AWS credentials, and correct system clock offset. * This middleware is expected to be placed after retry middleware. */ export const signingMiddlewareFactory = ({ credentials, region, service, uriEscapePath = true, }: SigningOptions) => { let currentSystemClockOffset: number; return ( next: MiddlewareHandler<HttpRequest, HttpResponse>, context: MiddlewareContext, ) => async function signingMiddleware(request: HttpRequest) { currentSystemClockOffset = currentSystemClockOffset ?? 0; const signRequestOptions = { credentials: typeof credentials === 'function' ? await credentials({ forceRefresh: !!context?.isCredentialsExpired, }) : credentials, signingDate: getSkewCorrectedDate(currentSystemClockOffset), signingRegion: region, signingService: service, uriEscapePath, }; const signedRequest = await signRequest(request, signRequestOptions); const response = await next(signedRequest); // Update system clock offset if response contains date header, regardless of the status code. // non-2xx response will still be returned from next handler instead of thrown, because it's // only thrown by the retry middleware. const dateString = getDateHeader(response); if (dateString) { currentSystemClockOffset = getUpdatedSystemClockOffset( Date.parse(dateString), currentSystemClockOffset, ); } return response; }; }; const getDateHeader = ({ headers }: any = {}): string | undefined => headers?.date ?? headers?.Date ?? headers?.['x-amz-date'];