UNPKG

@middy/sts

Version:

STS (Security Token Service) credentials middleware for the middy framework

middy.js.org

middyjs/middy

83 lines (71 loc) 2.32 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts"; import { canPrefetch, catchInvalidSignatureException, createClient, createPrefetchClient, getCache, getInternal, modifyCache, processCache, } from "@middy/util"; const defaults = { AwsClient: STSClient, awsClientOptions: {}, // awsClientAssumeRole: undefined, // Not Applicable, as this is the middleware that defines the roles awsClientCapture: undefined, fetchData: {}, // { contextKey: {RoleArn, RoleSessionName} } disablePrefetch: false, cacheKey: "sts", cacheKeyExpiry: {}, cacheExpiry: -1, setToContext: false, }; const stsMiddleware = (opts = {}) => { const options = { ...defaults, ...opts }; const fetch = (request, cachedValues = {}) => { const values = {}; for (const internalKey of Object.keys(options.fetchData)) { if (cachedValues[internalKey]) continue; const assumeRoleOptions = options.fetchData[internalKey]; // Date cannot be used here to assign default session name, possibility of collision when > 1 role defined assumeRoleOptions.RoleSessionName ??= `middy-sts-session-${Math.ceil(Math.random() * 99999)}`; const command = new AssumeRoleCommand(assumeRoleOptions); values[internalKey] = client .send(command) .catch((e) => catchInvalidSignatureException(e, client, command)) .then((resp) => ({ accessKeyId: resp.Credentials.AccessKeyId, secretAccessKey: resp.Credentials.SecretAccessKey, sessionToken: resp.Credentials.SessionToken, })) .catch((e) => { const value = getCache(options.cacheKey).value ?? {}; value[internalKey] = undefined; modifyCache(options.cacheKey, value); throw e; }); } return values; }; let client; if (canPrefetch(options)) { client = createPrefetchClient(options); processCache(options, fetch); } const stsMiddlewareBefore = async (request) => { if (!client) { client = await createClient(options, request); } const { value } = processCache(options, fetch, request); Object.assign(request.internal, value); if (options.setToContext) { const data = await getInternal(Object.keys(options.fetchData), request); if (options.setToContext) Object.assign(request.context, data); } }; return { before: stsMiddlewareBefore, }; }; export default stsMiddleware;