UNPKG

@aws/bedrock-token-generator

Version:

A lightweight library for generating short-term bearer tokens for AWS Bedrock API authentication

github.com/aws/aws-bedrock-token-generator-js

aws/aws-bedrock-token-generator-js

64 lines 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
"use strict"; /** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 */ Object.defineProperty(exports, "__esModule", { value: true }); exports.validateTokenExpiryInput = exports.createToken = void 0; const signature_v4_1 = require("@smithy/signature-v4"); const hash_node_1 = require("@smithy/hash-node"); const protocol_http_1 = require("@smithy/protocol-http"); const util_format_url_1 = require("@aws-sdk/util-format-url"); const MAX_TOKEN_EXPIRES_IN_SECONDS = 43200; // 12 hours in seconds const DEFAULT_TOKEN_EXPIRES_IN_SECONDS = 43200; // 12 hour in seconds const SERVICE_NAME = "bedrock"; const DEFAULT_HOST = "bedrock.amazonaws.com"; const AUTH_PREFIX = "bedrock-api-key-"; const TOKEN_VERSION = "&Version=1"; const PROTOCOL = "https"; const PROTOCOL_PREFIX = `${PROTOCOL}://`; const ACTION = "CallWithBearerToken"; /** * @internal */ const createToken = async (config) => { const expiresInSeconds = config.expiresInSeconds || DEFAULT_TOKEN_EXPIRES_IN_SECONDS; const signer = new signature_v4_1.SignatureV4({ service: SERVICE_NAME, region: config.region, credentials: config.credentials, sha256: hash_node_1.Hash.bind(null, "sha256"), }); const request = new protocol_http_1.HttpRequest({ method: "POST", protocol: PROTOCOL, hostname: DEFAULT_HOST, headers: { host: DEFAULT_HOST, }, path: "/", query: { Action: ACTION, }, }); const presigned = await signer.presign(request, { expiresIn: expiresInSeconds, }); // Remove the protocol prefix and add version const presignedUrl = `${(0, util_format_url_1.formatUrl)(presigned).replace(PROTOCOL_PREFIX, "")}${TOKEN_VERSION}`; // Base64 encode the URI const encodedString = Buffer.from(presignedUrl, "utf-8").toString("base64"); return `${AUTH_PREFIX}${encodedString}`; }; exports.createToken = createToken; /** * @internal */ const validateTokenExpiryInput = (expiresInSeconds) => { if (expiresInSeconds !== undefined && (expiresInSeconds > MAX_TOKEN_EXPIRES_IN_SECONDS || expiresInSeconds <= 0)) { throw new Error(`ExpiresInSeconds must be in the range (0, ${MAX_TOKEN_EXPIRES_IN_SECONDS}] seconds.`); } }; exports.validateTokenExpiryInput = validateTokenExpiryInput; //# sourceMappingURL=token.js.map