imgix-url-builder/dist/node/signURL.cjs.map

JavaScript/TypeScript Imgix URL builders for browsers and Node.js

{"version":3,"file":"signURL.cjs","sources":["../../../src/node/signURL.ts"],"sourcesContent":["import { createHash } from \"crypto\";\n\n/**\n * Signs an Imgix image URL by appending a signature to the URL parameters. This\n * locks the URL and its parameters to the signature to prevent URL tampering.\n *\n * **Important**: This function should only be used in a trusted environment and\n * never in a browser. The `secureURLToken` parameter is a secret and should not\n * be exposed to the public.\n *\n * @example\n *\n * ```ts\n * const url = signURL(\n * \t\"https://example.imgix.net/image.png?width=400\",\n * \t\"example-token\",\n * );\n * // => https://example.imgix.net/image.png?width=400&s=def3e221c3f4c4debda091b8e49420ea\n * ```\n *\n * @param url - Full absolute URL to the Imgix image to sign.\n * @param secureURLToken - The secret Imgix secure URL token used to generate\n *   the signature.\n *\n * @returns `url` with a signature appended via an `s` URL parameter.\n *\n * @see Details on securing Imgix images: https://docs.imgix.com/setup/securing-images\n */\nexport const signURL = (url: string, secureURLToken: string): string => {\n\tconst instance = new URL(url);\n\n\t// If an `s` param is passed explicitly, it will be overridden. It must\n\t// also not be used when generating the signature.\n\tinstance.searchParams.delete(\"s\");\n\n\t// @see https://github.com/imgix/imgix-blueprint#securing-urls\n\tconst signature = createHash(\"md5\")\n\t\t.update(secureURLToken + instance.pathname + instance.search)\n\t\t.digest(\"hex\");\n\n\tinstance.searchParams.append(\"s\", signature);\n\n\treturn instance.toString();\n};\n"],"names":["createHash"],"mappings":";;;AA4Ba,MAAA,UAAU,CAAC,KAAa,mBAAkC;AAChE,QAAA,WAAW,IAAI,IAAI,GAAG;AAInB,WAAA,aAAa,OAAO,GAAG;AAGhC,QAAM,YAAYA,OAAA,WAAW,KAAK,EAChC,OAAO,iBAAiB,SAAS,WAAW,SAAS,MAAM,EAC3D,OAAO,KAAK;AAEL,WAAA,aAAa,OAAO,KAAK,SAAS;AAE3C,SAAO,SAAS;AACjB;;"}