Initial

resources/app/node_modules/@aws-sdk/s3-request-presigner/dist-es/constants.js

@@ -0,0 +1,9 @@
+export const UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
+export const SHA256_HEADER = "X-Amz-Content-Sha256";
+export const ALGORITHM_QUERY_PARAM = "X-Amz-Algorithm";
+export const CREDENTIAL_QUERY_PARAM = "X-Amz-Credential";
+export const AMZ_DATE_QUERY_PARAM = "X-Amz-Date";
+export const SIGNED_HEADERS_QUERY_PARAM = "X-Amz-SignedHeaders";
+export const EXPIRES_QUERY_PARAM = "X-Amz-Expires";
+export const HOST_HEADER = "host";
+export const ALGORITHM_IDENTIFIER = "AWS4-HMAC-SHA256";

resources/app/node_modules/@aws-sdk/s3-request-presigner/dist-es/getSignedUrl.js

@@ -0,0 +1,66 @@
+import { formatUrl } from "@aws-sdk/util-format-url";
+import { getEndpointFromInstructions } from "@smithy/middleware-endpoint";
+import { HttpRequest } from "@smithy/protocol-http";
+import { S3RequestPresigner } from "./presigner";
+export const getSignedUrl = async (client, command, options = {}) => {
+    let s3Presigner;
+    let region;
+    if (typeof client.config.endpointProvider === "function") {
+        const endpointV2 = await getEndpointFromInstructions(command.input, command.constructor, client.config);
+        const authScheme = endpointV2.properties?.authSchemes?.[0];
+        if (authScheme?.name === "sigv4a") {
+            region = authScheme?.signingRegionSet?.join(",");
+        }
+        else {
+            region = authScheme?.signingRegion;
+        }
+        s3Presigner = new S3RequestPresigner({
+            ...client.config,
+            signingName: authScheme?.signingName,
+            region: async () => region,
+        });
+    }
+    else {
+        s3Presigner = new S3RequestPresigner(client.config);
+    }
+    const presignInterceptMiddleware = (next, context) => async (args) => {
+        const { request } = args;
+        if (!HttpRequest.isInstance(request)) {
+            throw new Error("Request to be presigned is not an valid HTTP request.");
+        }
+        delete request.headers["amz-sdk-invocation-id"];
+        delete request.headers["amz-sdk-request"];
+        delete request.headers["x-amz-user-agent"];
+        let presigned;
+        const presignerOptions = {
+            ...options,
+            signingRegion: options.signingRegion ?? context["signing_region"] ?? region,
+            signingService: options.signingService ?? context["signing_service"],
+        };
+        if (context.s3ExpressIdentity) {
+            presigned = await s3Presigner.presignWithCredentials(request, context.s3ExpressIdentity, presignerOptions);
+        }
+        else {
+            presigned = await s3Presigner.presign(request, presignerOptions);
+        }
+        return {
+            response: {},
+            output: {
+                $metadata: { httpStatusCode: 200 },
+                presigned,
+            },
+        };
+    };
+    const middlewareName = "presignInterceptMiddleware";
+    const clientStack = client.middlewareStack.clone();
+    clientStack.addRelativeTo(presignInterceptMiddleware, {
+        name: middlewareName,
+        relation: "before",
+        toMiddleware: "awsAuthMiddleware",
+        override: true,
+    });
+    const handler = command.resolveMiddleware(clientStack, client.config, {});
+    const { output } = await handler({ input: command.input });
+    const { presigned } = output;
+    return formatUrl(presigned);
+};

resources/app/node_modules/@aws-sdk/s3-request-presigner/dist-es/index.js

@@ -0,0 +1,2 @@
+export * from "./getSignedUrl";
+export * from "./presigner";

resources/app/node_modules/@aws-sdk/s3-request-presigner/dist-es/presigner.js

@@ -0,0 +1,53 @@
+import { SignatureV4MultiRegion } from "@aws-sdk/signature-v4-multi-region";
+import { SHA256_HEADER, UNSIGNED_PAYLOAD } from "./constants";
+export class S3RequestPresigner {
+    constructor(options) {
+        const resolvedOptions = {
+            service: options.signingName || options.service || "s3",
+            uriEscapePath: options.uriEscapePath || false,
+            applyChecksum: options.applyChecksum || false,
+            ...options,
+        };
+        this.signer = new SignatureV4MultiRegion(resolvedOptions);
+    }
+    presign(requestToSign, { unsignableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
+        this.prepareRequest(requestToSign, {
+            unsignableHeaders,
+            unhoistableHeaders,
+        });
+        return this.signer.presign(requestToSign, {
+            expiresIn: 900,
+            unsignableHeaders,
+            unhoistableHeaders,
+            ...options,
+        });
+    }
+    presignWithCredentials(requestToSign, credentials, { unsignableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
+        this.prepareRequest(requestToSign, {
+            unsignableHeaders,
+            unhoistableHeaders,
+        });
+        return this.signer.presignWithCredentials(requestToSign, credentials, {
+            expiresIn: 900,
+            unsignableHeaders,
+            unhoistableHeaders,
+            ...options,
+        });
+    }
+    prepareRequest(requestToSign, { unsignableHeaders = new Set(), unhoistableHeaders = new Set() } = {}) {
+        unsignableHeaders.add("content-type");
+        Object.keys(requestToSign.headers)
+            .map((header) => header.toLowerCase())
+            .filter((header) => header.startsWith("x-amz-server-side-encryption"))
+            .forEach((header) => {
+            unhoistableHeaders.add(header);
+        });
+        requestToSign.headers[SHA256_HEADER] = UNSIGNED_PAYLOAD;
+        const currentHostHeader = requestToSign.headers.host;
+        const port = requestToSign.port;
+        const expectedHostHeader = `${requestToSign.hostname}${requestToSign.port != null ? ":" + port : ""}`;
+        if (!currentHostHeader || (currentHostHeader === requestToSign.hostname && requestToSign.port != null)) {
+            requestToSign.headers.host = expectedHostHeader;
+        }
+    }
+}