Initial

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/checkUrl.js

@@ -0,0 +1,42 @@
+import { CredentialsProviderError } from "@smithy/property-provider";
+const LOOPBACK_CIDR_IPv4 = "127.0.0.0/8";
+const LOOPBACK_CIDR_IPv6 = "::1/128";
+const ECS_CONTAINER_HOST = "169.254.170.2";
+const EKS_CONTAINER_HOST_IPv4 = "169.254.170.23";
+const EKS_CONTAINER_HOST_IPv6 = "[fd00:ec2::23]";
+export const checkUrl = (url) => {
+    if (url.protocol === "https:") {
+        return;
+    }
+    if (url.hostname === ECS_CONTAINER_HOST ||
+        url.hostname === EKS_CONTAINER_HOST_IPv4 ||
+        url.hostname === EKS_CONTAINER_HOST_IPv6) {
+        return;
+    }
+    if (url.hostname.includes("[")) {
+        if (url.hostname === "[::1]" || url.hostname === "[0000:0000:0000:0000:0000:0000:0000:0001]") {
+            return;
+        }
+    }
+    else {
+        if (url.hostname === "localhost") {
+            return;
+        }
+        const ipComponents = url.hostname.split(".");
+        const inRange = (component) => {
+            const num = parseInt(component, 10);
+            return 0 <= num && num <= 255;
+        };
+        if (ipComponents[0] === "127" &&
+            inRange(ipComponents[1]) &&
+            inRange(ipComponents[2]) &&
+            inRange(ipComponents[3]) &&
+            ipComponents.length === 4) {
+            return;
+        }
+    }
+    throw new CredentialsProviderError(`URL not accepted. It must either be HTTPS or match one of the following:
+  - loopback CIDR 127.0.0.0/8 or [::1/128]
+  - ECS container host 169.254.170.2
+  - EKS container host 169.254.170.23 or [fd00:ec2::23]`);
+};

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.browser.js

@@ -0,0 +1,27 @@
+import { FetchHttpHandler } from "@smithy/fetch-http-handler";
+import { CredentialsProviderError } from "@smithy/property-provider";
+import { checkUrl } from "./checkUrl";
+import { createGetRequest, getCredentials } from "./requestHelpers";
+import { retryWrapper } from "./retry-wrapper";
+export const fromHttp = (options) => {
+    options.logger?.debug("@aws-sdk/credential-provider-http", "fromHttp");
+    let host;
+    const full = options.credentialsFullUri;
+    if (full) {
+        host = full;
+    }
+    else {
+        throw new CredentialsProviderError("No HTTP credential provider host provided.");
+    }
+    const url = new URL(host);
+    checkUrl(url);
+    const requestHandler = new FetchHttpHandler();
+    return retryWrapper(async () => {
+        const request = createGetRequest(url);
+        if (options.authorizationToken) {
+            request.headers.Authorization = options.authorizationToken;
+        }
+        const result = await requestHandler.handle(request);
+        return getCredentials(result.response);
+    }, options.maxRetries ?? 3, options.timeout ?? 1000);
+};

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttp.js

@@ -0,0 +1,59 @@
+import { NodeHttpHandler } from "@smithy/node-http-handler";
+import { CredentialsProviderError } from "@smithy/property-provider";
+import fs from "fs/promises";
+import { checkUrl } from "./checkUrl";
+import { createGetRequest, getCredentials } from "./requestHelpers";
+import { retryWrapper } from "./retry-wrapper";
+const AWS_CONTAINER_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
+const DEFAULT_LINK_LOCAL_HOST = "http://169.254.170.2";
+const AWS_CONTAINER_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
+const AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE = "AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE";
+const AWS_CONTAINER_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
+export const fromHttp = (options) => {
+    options.logger?.debug("@aws-sdk/credential-provider-http", "fromHttp");
+    let host;
+    const relative = options.awsContainerCredentialsRelativeUri ?? process.env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI];
+    const full = options.awsContainerCredentialsFullUri ?? process.env[AWS_CONTAINER_CREDENTIALS_FULL_URI];
+    const token = options.awsContainerAuthorizationToken ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN];
+    const tokenFile = options.awsContainerAuthorizationTokenFile ?? process.env[AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE];
+    if (relative && full) {
+        console.warn("AWS SDK HTTP credentials provider:", "you have set both awsContainerCredentialsRelativeUri and awsContainerCredentialsFullUri.");
+        console.warn("awsContainerCredentialsFullUri will take precedence.");
+    }
+    if (token && tokenFile) {
+        console.warn("AWS SDK HTTP credentials provider:", "you have set both awsContainerAuthorizationToken and awsContainerAuthorizationTokenFile.");
+        console.warn("awsContainerAuthorizationToken will take precedence.");
+    }
+    if (full) {
+        host = full;
+    }
+    else if (relative) {
+        host = `${DEFAULT_LINK_LOCAL_HOST}${relative}`;
+    }
+    else {
+        throw new CredentialsProviderError(`No HTTP credential provider host provided.
+Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`);
+    }
+    const url = new URL(host);
+    checkUrl(url);
+    const requestHandler = new NodeHttpHandler({
+        requestTimeout: options.timeout ?? 1000,
+        connectionTimeout: options.timeout ?? 1000,
+    });
+    return retryWrapper(async () => {
+        const request = createGetRequest(url);
+        if (token) {
+            request.headers.Authorization = token;
+        }
+        else if (tokenFile) {
+            request.headers.Authorization = (await fs.readFile(tokenFile)).toString();
+        }
+        try {
+            const result = await requestHandler.handle(request);
+            return getCredentials(result.response);
+        }
+        catch (e) {
+            throw new CredentialsProviderError(String(e));
+        }
+    }, options.maxRetries ?? 3, options.timeout ?? 1000);
+};

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/fromHttpTypes.js

@@ -0,0 +1 @@
+export {};

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/requestHelpers.js

@@ -0,0 +1,53 @@
+import { CredentialsProviderError } from "@smithy/property-provider";
+import { HttpRequest } from "@smithy/protocol-http";
+import { parseRfc3339DateTime } from "@smithy/smithy-client";
+import { sdkStreamMixin } from "@smithy/util-stream";
+export function createGetRequest(url) {
+    return new HttpRequest({
+        protocol: url.protocol,
+        hostname: url.hostname,
+        port: Number(url.port),
+        path: url.pathname,
+        query: Array.from(url.searchParams.entries()).reduce((acc, [k, v]) => {
+            acc[k] = v;
+            return acc;
+        }, {}),
+        fragment: url.hash,
+    });
+}
+export async function getCredentials(response) {
+    const contentType = response?.headers["content-type"] ?? response?.headers["Content-Type"] ?? "";
+    if (!contentType.includes("json")) {
+        console.warn("HTTP credential provider response header content-type was not application/json. Observed: " + contentType + ".");
+    }
+    const stream = sdkStreamMixin(response.body);
+    const str = await stream.transformToString();
+    if (response.statusCode === 200) {
+        const parsed = JSON.parse(str);
+        if (typeof parsed.AccessKeyId !== "string" ||
+            typeof parsed.SecretAccessKey !== "string" ||
+            typeof parsed.Token !== "string" ||
+            typeof parsed.Expiration !== "string") {
+            throw new CredentialsProviderError("HTTP credential provider response not of the required format, an object matching: " +
+                "{ AccessKeyId: string, SecretAccessKey: string, Token: string, Expiration: string(rfc3339) }");
+        }
+        return {
+            accessKeyId: parsed.AccessKeyId,
+            secretAccessKey: parsed.SecretAccessKey,
+            sessionToken: parsed.Token,
+            expiration: parseRfc3339DateTime(parsed.Expiration),
+        };
+    }
+    if (response.statusCode >= 400 && response.statusCode < 500) {
+        let parsedBody = {};
+        try {
+            parsedBody = JSON.parse(str);
+        }
+        catch (e) { }
+        throw Object.assign(new CredentialsProviderError(`Server responded with status: ${response.statusCode}`), {
+            Code: parsedBody.Code,
+            Message: parsedBody.Message,
+        });
+    }
+    throw new CredentialsProviderError(`Server responded with status: ${response.statusCode}`);
+}

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/fromHttp/retry-wrapper.js

@@ -0,0 +1,13 @@
+export const retryWrapper = (toRetry, maxRetries, delayMs) => {
+    return async () => {
+        for (let i = 0; i < maxRetries; ++i) {
+            try {
+                return await toRetry();
+            }
+            catch (e) {
+                await new Promise((resolve) => setTimeout(resolve, delayMs));
+            }
+        }
+        return await toRetry();
+    };
+};

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/index.browser.js

@@ -0,0 +1 @@
+export { fromHttp } from "./fromHttp/fromHttp.browser";

resources/app/node_modules/@aws-sdk/credential-provider-http/dist-es/index.js

@@ -0,0 +1 @@
+export { fromHttp } from "./fromHttp/fromHttp";