@aws-amplify/storage
Version:
Storage category of aws-amplify
85 lines (83 loc) • 4.31 kB
JavaScript
;
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
Object.defineProperty(exports, "__esModule", { value: true });
exports.resolveS3ConfigAndInput = void 0;
const assertValidationError_1 = require("../../../errors/utils/assertValidationError");
const validation_1 = require("../../../errors/types/validation");
const resolvePrefix_1 = require("../../../utils/resolvePrefix");
const constants_1 = require("./constants");
/**
* resolve the common input options for S3 API handlers from Amplify configuration and library options.
*
* @param {AmplifyClassV6} amplify The Amplify instance.
* @param {S3ApiOptions} apiOptions The input options for S3 provider.
* @returns {Promise<ResolvedS3ConfigAndInput>} The resolved common input options for S3 API handlers.
* @throws A `StorageError` with `error.name` from `StorageValidationErrorCode` indicating invalid
* configurations or Amplify library options.
*
* @internal
*/
const resolveS3ConfigAndInput = async (amplify, apiOptions) => {
/**
* IdentityId is always cached in memory so we can safely make calls here. It
* should be stable even for unauthenticated users, regardless of credentials.
*/
const { identityId } = await amplify.Auth.fetchAuthSession();
(0, assertValidationError_1.assertValidationError)(!!identityId, validation_1.StorageValidationErrorCode.NoIdentityId);
/**
* A credentials provider function instead of a static credentials object is
* used because the long-running tasks like multipart upload may span over the
* credentials expiry. Auth.fetchAuthSession() automatically refreshes the
* credentials if they are expired.
*/
const credentialsProvider = async () => {
const { credentials } = await amplify.Auth.fetchAuthSession();
(0, assertValidationError_1.assertValidationError)(!!credentials, validation_1.StorageValidationErrorCode.NoCredentials);
return credentials;
};
const { bucket: defaultBucket, region: defaultRegion, dangerouslyConnectToHttpEndpointForTesting, buckets, } = amplify.getConfig()?.Storage?.S3 ?? {};
const { bucket = defaultBucket, region = defaultRegion } = (apiOptions?.bucket && resolveBucketConfig(apiOptions, buckets)) || {};
(0, assertValidationError_1.assertValidationError)(!!bucket, validation_1.StorageValidationErrorCode.NoBucket);
(0, assertValidationError_1.assertValidationError)(!!region, validation_1.StorageValidationErrorCode.NoRegion);
const { defaultAccessLevel, prefixResolver = resolvePrefix_1.resolvePrefix, isObjectLockEnabled, } = amplify.libraryOptions?.Storage?.S3 ?? {};
const keyPrefix = await prefixResolver({
accessLevel: apiOptions?.accessLevel ?? defaultAccessLevel ?? constants_1.DEFAULT_ACCESS_LEVEL,
// use conditional assign to make tsc happy because StorageOptions is a union type that may not have targetIdentityId
targetIdentityId: apiOptions?.accessLevel === 'protected'
? (apiOptions?.targetIdentityId ?? identityId)
: identityId,
});
return {
s3Config: {
credentials: credentialsProvider,
region,
useAccelerateEndpoint: apiOptions?.useAccelerateEndpoint,
...(dangerouslyConnectToHttpEndpointForTesting
? {
customEndpoint: constants_1.LOCAL_TESTING_S3_ENDPOINT,
forcePathStyle: true,
}
: {}),
},
bucket,
keyPrefix,
identityId,
isObjectLockEnabled,
};
};
exports.resolveS3ConfigAndInput = resolveS3ConfigAndInput;
const resolveBucketConfig = (apiOptions, buckets) => {
if (typeof apiOptions.bucket === 'string') {
const bucketConfig = buckets?.[apiOptions.bucket];
(0, assertValidationError_1.assertValidationError)(!!bucketConfig, validation_1.StorageValidationErrorCode.InvalidStorageBucket);
return { bucket: bucketConfig.bucketName, region: bucketConfig.region };
}
if (typeof apiOptions.bucket === 'object') {
return {
bucket: apiOptions.bucket.bucketName,
region: apiOptions.bucket.region,
};
}
};
//# sourceMappingURL=resolveS3ConfigAndInput.js.map