aws-sigv4-sign
Version:
SignatureV4 sign function implemented with the official AWS SDK
103 lines (99 loc) • 3.03 kB
JavaScript
// src/sign-request.ts
import { Sha256 } from "@aws-crypto/sha256-js";
import { HttpRequest } from "@smithy/protocol-http";
import { SignatureV4 } from "@smithy/signature-v4";
// src/credential-provider.ts
function isBrowser() {
return typeof window !== "undefined" && typeof document !== "undefined";
}
async function getDefaultCredentialProvider() {
if (isBrowser())
throw new Error(
"AWS credentials provider is not available in browser environments. You must provide credentials explicitly when calling signRequest in a browser."
);
try {
const { defaultProvider } = await import("@aws-sdk/credential-provider-node");
return defaultProvider();
} catch (error) {
throw new Error("AWS credentials provider could not be loaded. You must provide credentials explicitly.");
}
}
// src/parse-request.ts
var copyHeaders = (headers) => {
const headersMap = /* @__PURE__ */ new Map();
headers.forEach((value, key) => headersMap.set(key.toLowerCase(), value));
return Object.fromEntries(headersMap.entries());
};
var parseRequest = async (input, init) => {
let request;
if (typeof input === "string" || input instanceof URL) {
const url2 = input instanceof URL ? input.href : input;
request = new Request(url2, init);
} else {
request = new Request(input.clone(), init);
}
const method = request.method.toUpperCase();
const url = new URL(request.url);
const headers = copyHeaders(request.headers);
const buffer = await request.arrayBuffer();
const body = buffer.byteLength > 0 ? buffer : void 0;
return {
method,
headers,
url,
body
};
};
// src/sign-request.ts
async function signRequest(...args) {
let input;
let init;
let options;
if (args.length === 2) {
input = args[0];
options = args[1];
} else {
input = args[0];
init = args[1];
options = args[2];
}
const { url, method, headers, body } = await parseRequest(input, init);
headers["host"] = url.host;
const service = options.service;
const region = options.region || "us-east-1";
const credentials = options.credentials || await getDefaultCredentialProvider();
const httpRequest = new HttpRequest({
method,
body,
headers,
hostname: url.hostname,
path: url.pathname,
protocol: url.protocol,
port: url.port ? Number(url.port) : void 0,
username: url.username,
password: url.password,
fragment: url.hash,
// Query paramaters accept multiple values per key
query: Array.from(url.searchParams.entries()).reduce((acc, [key, value]) => {
if (Array.isArray(acc[key])) {
acc[key].push(value);
} else {
acc[key] = [value];
}
return acc;
}, {})
});
const signer = new SignatureV4({
credentials,
service,
region,
sha256: Sha256
});
const { headers: signedHeaders } = await signer.sign(httpRequest);
return new Request(input, { ...init, headers: signedHeaders });
}
export {
getDefaultCredentialProvider,
parseRequest,
signRequest
};