UNPKG

cloudfront-sign

Version:

An Amazon CloudFront URL signer

github.com/leeatkinson/CloudFrontSign

leeatkinson/CloudFrontSign

50 lines (46 loc) 2.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
"use strict"; var crypto = require("crypto"), querystrings = require("querystring"), urls = require("url"); function getTimeStamp(date) { return Math.round((new Date(date)).getTime() / 1000); } function makeUrlFriendly(string) { return string.replace(/\+/g, "-").replace(/=/g, "_").replace(/\//g, "~"); } function isStringOrNumber(o) { var t = typeof o; return (t === "string") || (t === "number"); } function sign(url, resource, dateLessThan, dateGreaterThan, ipAddress, keyPairId, privateKey) { var isCustomPolicy = dateGreaterThan || ipAddress, parsedUrl = urls.parse(url); if (typeof resource == "undefined") resource = url; if (isStringOrNumber(dateLessThan)) dateLessThan = new Date(dateLessThan); else if (dateLessThan instanceof Date) { dateLessThan = new Date(); dateLessThan.setMinutes(dateLessThan.getMinutes() + 5); } if (isStringOrNumber(dateGreaterThan)) dateGreaterThan = new Date(dateGreaterThan); var result = { url: url, resource: resource, dateLessThan: dateLessThan, dateGreaterThan: dateGreaterThan, ipAddress: ipAddress, keyPairId: keyPairId }, dateLessThanTimeStamp = getTimeStamp(dateLessThan), condition = { DateLessThan: { "AWS:EpochTime": dateLessThanTimeStamp } }; if (dateGreaterThan) condition.DateGreaterThan = { "AWS:EpochTime": getTimeStamp(dateGreaterThan) }; if (ipAddress) condition.IpAddress = { "AWS:SourceIp": ipAddress }; result.policy = { Statement: [ { Resource: resource, Condition: condition } ] }; var policyString = JSON.stringify(result.policy), signature = makeUrlFriendly(crypto.createSign("RSA-SHA1").update(policyString).sign(privateKey, "base64")), querystring = { "Key-Pair-Id": keyPairId, Signature: signature }; if (isCustomPolicy) querystring.Policy = makeUrlFriendly(new Buffer(policyString, "utf8").toString("base64")); else querystring.Expires = dateLessThanTimeStamp; result.signedUrl = url + (parsedUrl.path.indexOf("?") > 0 ? "&" : "?") + querystrings.stringify(querystring); return result; } module.exports = sign;