@fgiova/aws-signature
Version:
[](https://www.npmjs.com/package/@fgiova/aws-signature)  [ • 3.96 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateKey = generateKey;
exports.signRequest = signRequest;
const crypto = __importStar(require("node:crypto"));
const constants_1 = require("./aws/constants");
const createCanonicalRequest_1 = require("./aws/createCanonicalRequest");
const getCanonicalHeaders_1 = require("./aws/getCanonicalHeaders");
const getPayloadHash_1 = require("./aws/getPayloadHash");
const utils_1 = require("./aws/utils");
function generateKey({ credentials, service, date = new Date(), }) {
const { shortDate } = (0, utils_1.formatDate)(date);
let key = `AWS4${credentials.secretAccessKey}`;
for (const signable of [
shortDate,
credentials.region,
service,
constants_1.KEY_TYPE_IDENTIFIER,
]) {
key = crypto.createHmac("sha256", key).update(signable).digest();
}
return key;
}
function getSignatureSubject(longDate, scope, canonicalRequest) {
return `${constants_1.ALGORITHM_IDENTIFIER}
${longDate}
${scope}
${crypto.createHash("sha256").update((0, utils_1.toUint8Array)(canonicalRequest)).digest("hex")}`;
}
function authSignature(key, longDate, scope, canonicalRequest) {
const subject = getSignatureSubject(longDate, scope, canonicalRequest);
return crypto.createHmac("sha256", key).update(subject).digest("hex");
}
function createScope(shortDate, service, region) {
return `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`;
}
function signRequest({ request, service, key, credentials, date = new Date(), }) {
const { shortDate, longDate } = (0, utils_1.formatDate)(date);
/* c8 ignore next 3 */
if (!request.headers) {
request.headers = {};
}
request.headers[constants_1.AMZ_DATE_HEADER] = longDate;
request.headers[constants_1.SHA256_HEADER] = (0, getPayloadHash_1.getPayloadHash)(request);
const scope = createScope(shortDate, service, credentials.region);
const canonicalHeaders = (0, getCanonicalHeaders_1.getCanonicalHeaders)(request);
const canonicalRequest = (0, createCanonicalRequest_1.createCanonicalRequest)(request, canonicalHeaders, service.toLowerCase() === "s3");
const signature = authSignature(key, longDate, scope, canonicalRequest);
// biome-ignore lint/complexity/useLiteralKeys: leave as is
request.headers["Authorization"] =
`${constants_1.ALGORITHM_IDENTIFIER} Credential=${credentials.accessKeyId}/${scope}, SignedHeaders=${(0, getCanonicalHeaders_1.getCanonicalHeaderList)(canonicalHeaders)}, Signature=${signature}`;
return request;
}