aws-signing-utils
Version:
Utility methods for generating AWS Signature Version 4 URLs. Works fine with react-native!
123 lines (88 loc) • 3.87 kB
JavaScript
'use strict';
Object.defineProperty(exports, "__esModule", {
value: true
});
var _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; };
exports.getSignedUrl = getSignedUrl;
exports.getSignature = getSignature;
var _moment = require('moment');
var _moment2 = _interopRequireDefault(_moment);
var _cryptoJs = require('crypto-js');
var _cryptoJs2 = _interopRequireDefault(_cryptoJs);
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
var utils = {
sign: function sign(key, msg) {
var hash = _cryptoJs2.default.HmacSHA256(msg, key);
return hash.toString(_cryptoJs2.default.enc.Hex);
},
sha256: function sha256(msg) {
var hash = _cryptoJs2.default.SHA256(msg);
return hash.toString(_cryptoJs2.default.enc.Hex);
},
getSignatureKey: function getSignatureKey(key, dateStamp, regionName, serviceName) {
var kDate = _cryptoJs2.default.HmacSHA256(dateStamp, 'AWS4' + key);
var kRegion = _cryptoJs2.default.HmacSHA256(regionName, kDate);
var kService = _cryptoJs2.default.HmacSHA256(serviceName, kRegion);
var kSigning = _cryptoJs2.default.HmacSHA256('aws4_request', kService);
return kSigning;
}
};
function getSignedUrl(options) {
var params = getParams(options);
var protocol = params.protocol,
host = params.host,
canonicalUri = params.canonicalUri;
var signature = signString(params);
var canonicalQuerystring = getCanonicalQueryString(params);
canonicalQuerystring += '&X-Amz-Signature=' + signature;
canonicalQuerystring += '&X-Amz-Security-Token=' + encodeURIComponent(params.sessionKey);
return protocol + '://' + host + canonicalUri + '?' + canonicalQuerystring;
}
function getSignature(options) {
var params = getParams(options);
return signString(params);
}
function getParams(options) {
var time = _moment2.default.utc();
var dateStamp = time.format('YYYYMMDD');
return _extends({}, options, {
dateStamp: dateStamp,
algorithm: 'AWS4-HMAC-SHA256',
amzDate: dateStamp + 'T' + time.format('HHmmss') + 'Z'
});
}
function getCanonicalQueryString(params) {
var accessKey = params.accessKey,
amzDate = params.amzDate;
var credentialScope = getCredentialScope(params);
var canonicalQuerystring = ['X-Amz-Algorithm=AWS4-HMAC-SHA256', 'X-Amz-Credential=' + encodeURIComponent(accessKey + '/' + credentialScope), 'X-Amz-Date=' + amzDate, 'X-Amz-Expires=86400', 'X-Amz-SignedHeaders=host'].join('&');
return canonicalQuerystring;
}
function getCredentialScope(params) {
var dateStamp = params.dateStamp,
region = params.region,
service = params.service;
return dateStamp + '/' + region + '/' + service + '/aws4_request';
}
function getCanonicalRequest(params) {
var canonicalQuerystring = getCanonicalQueryString(params);
var canonicalHeaders = 'host:' + params.host;
var payloadHash = utils.sha256('');
return [params.method, params.canonicalUri, canonicalQuerystring, canonicalHeaders, '\nhost', payloadHash].join('\n');
}
function getStringToSign(params) {
var algorithm = params.algorithm,
amzDate = params.amzDate;
var credentialScope = getCredentialScope(params);
var canonicalRequest = getCanonicalRequest(params);
return [algorithm, amzDate, credentialScope, utils.sha256(canonicalRequest)].join('\n');
}
function signString(params) {
var secretKey = params.secretKey,
dateStamp = params.dateStamp,
region = params.region,
service = params.service;
var stringToSign = getStringToSign(params);
var signingKey = utils.getSignatureKey(secretKey, dateStamp, region, service);
return utils.sign(signingKey, stringToSign);
}