UNPKG

@fgiova/aws-signature

Version:

[![NPM version](https://img.shields.io/npm/v/@fgiova/aws-signature.svg?style=flat)](https://www.npmjs.com/package/@fgiova/aws-signature) ![CI workflow](https://github.com/fgiova/aws-signature/actions/workflows/node.js.yml/badge.svg) [![TypeScript](https:/

github.com/fgiova/aws-signature

fgiova/aws-signature

97 lines (96 loc) • 4.37 kB

JavaScript

"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); Object.defineProperty(exports, "__esModule", { value: true }); exports.generateKey = generateKey; exports.signRequest = signRequest; const crypto = __importStar(require("node:crypto")); const env_schema_1 = require("env-schema"); const typebox_1 = require("@sinclair/typebox"); const constants_1 = require("./aws/constants"); const utils_1 = require("./aws/utils"); const createCanonicalRequest_1 = require("./aws/createCanonicalRequest"); const getCanonicalHeaders_1 = require("./aws/getCanonicalHeaders"); const getPayloadHash_1 = require("./aws/getPayloadHash"); const ConfigSchema = typebox_1.Type.Object({ AWS_ACCESS_KEY_ID: typebox_1.Type.String(), AWS_SECRET_ACCESS_KEY: typebox_1.Type.String(), AWS_REGION: typebox_1.Type.String({ default: "" }), }); const config = (0, env_schema_1.envSchema)({ schema: ConfigSchema }); function generateKey({ secret = config.AWS_SECRET_ACCESS_KEY, region = config.AWS_REGION, service, date = new Date() }) { const { shortDate } = (0, utils_1.formatDate)(date); let key = `AWS4${secret}`; for (const signable of [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]) { key = crypto .createHmac("sha256", key) .update(signable) .digest(); } return key; } function getSignatureSubject(longDate, scope, canonicalRequest) { return `${constants_1.ALGORITHM_IDENTIFIER} ${longDate} ${scope} ${crypto.createHash("sha256").update((0, utils_1.toUint8Array)(canonicalRequest)).digest("hex")}`; } function authSignature(key, longDate, scope, canonicalRequest) { const subject = getSignatureSubject(longDate, scope, canonicalRequest); return crypto .createHmac("sha256", key) .update(subject) .digest("hex"); } function createScope(shortDate, service, region) { return `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`; } function signRequest({ request, service, region = config.AWS_REGION, key, date = new Date() }) { const { shortDate, longDate } = (0, utils_1.formatDate)(date); /* c8 ignore next 3 */ if (!request.headers) { request.headers = {}; } request.headers[constants_1.AMZ_DATE_HEADER] = longDate; request.headers[constants_1.SHA256_HEADER] = (0, getPayloadHash_1.getPayloadHash)(request); const scope = createScope(shortDate, service, region); const canonicalHeaders = (0, getCanonicalHeaders_1.getCanonicalHeaders)(request); const canonicalRequest = (0, createCanonicalRequest_1.createCanonicalRequest)(request, canonicalHeaders, service.toLowerCase() === "s3"); const signature = authSignature(key, longDate, scope, canonicalRequest); // eslint-disable-next-line @typescript-eslint/dot-notation request.headers["Authorization"] = `${constants_1.ALGORITHM_IDENTIFIER} Credential=${config.AWS_ACCESS_KEY_ID}/${scope}, SignedHeaders=${(0, getCanonicalHeaders_1.getCanonicalHeaderList)(canonicalHeaders)}, Signature=${signature}`; return request; }