168 lines
6.6 KiB
JavaScript
168 lines
6.6 KiB
JavaScript
"use strict";
|
|
var __defProp = Object.defineProperty;
|
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
var __export = (target, all) => {
|
|
for (var name in all)
|
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
};
|
|
var __copyProps = (to, from, except, desc) => {
|
|
if (from && typeof from === "object" || typeof from === "function") {
|
|
for (let key of __getOwnPropNames(from))
|
|
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
}
|
|
return to;
|
|
};
|
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
|
|
// src/index.ts
|
|
var src_exports = {};
|
|
__export(src_exports, {
|
|
S3RequestPresigner: () => S3RequestPresigner,
|
|
getSignedUrl: () => getSignedUrl
|
|
});
|
|
module.exports = __toCommonJS(src_exports);
|
|
|
|
// src/getSignedUrl.ts
|
|
var import_util_format_url = require("@aws-sdk/util-format-url");
|
|
var import_middleware_endpoint = require("@smithy/middleware-endpoint");
|
|
var import_protocol_http = require("@smithy/protocol-http");
|
|
|
|
// src/presigner.ts
|
|
var import_signature_v4_multi_region = require("@aws-sdk/signature-v4-multi-region");
|
|
|
|
// src/constants.ts
|
|
var UNSIGNED_PAYLOAD = "UNSIGNED-PAYLOAD";
|
|
var SHA256_HEADER = "X-Amz-Content-Sha256";
|
|
|
|
// src/presigner.ts
|
|
var _S3RequestPresigner = class _S3RequestPresigner {
|
|
constructor(options) {
|
|
const resolvedOptions = {
|
|
// Allow `signingName` because we want to support usecase of supply client's resolved config
|
|
// directly. Where service equals signingName.
|
|
service: options.signingName || options.service || "s3",
|
|
uriEscapePath: options.uriEscapePath || false,
|
|
applyChecksum: options.applyChecksum || false,
|
|
...options
|
|
};
|
|
this.signer = new import_signature_v4_multi_region.SignatureV4MultiRegion(resolvedOptions);
|
|
}
|
|
presign(requestToSign, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set(), ...options } = {}) {
|
|
this.prepareRequest(requestToSign, {
|
|
unsignableHeaders,
|
|
unhoistableHeaders
|
|
});
|
|
return this.signer.presign(requestToSign, {
|
|
expiresIn: 900,
|
|
unsignableHeaders,
|
|
unhoistableHeaders,
|
|
...options
|
|
});
|
|
}
|
|
presignWithCredentials(requestToSign, credentials, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set(), ...options } = {}) {
|
|
this.prepareRequest(requestToSign, {
|
|
unsignableHeaders,
|
|
unhoistableHeaders
|
|
});
|
|
return this.signer.presignWithCredentials(requestToSign, credentials, {
|
|
expiresIn: 900,
|
|
unsignableHeaders,
|
|
unhoistableHeaders,
|
|
...options
|
|
});
|
|
}
|
|
prepareRequest(requestToSign, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set() } = {}) {
|
|
unsignableHeaders.add("content-type");
|
|
Object.keys(requestToSign.headers).map((header) => header.toLowerCase()).filter((header) => header.startsWith("x-amz-server-side-encryption")).forEach((header) => {
|
|
unhoistableHeaders.add(header);
|
|
});
|
|
requestToSign.headers[SHA256_HEADER] = UNSIGNED_PAYLOAD;
|
|
const currentHostHeader = requestToSign.headers.host;
|
|
const port = requestToSign.port;
|
|
const expectedHostHeader = `${requestToSign.hostname}${requestToSign.port != null ? ":" + port : ""}`;
|
|
if (!currentHostHeader || currentHostHeader === requestToSign.hostname && requestToSign.port != null) {
|
|
requestToSign.headers.host = expectedHostHeader;
|
|
}
|
|
}
|
|
};
|
|
__name(_S3RequestPresigner, "S3RequestPresigner");
|
|
var S3RequestPresigner = _S3RequestPresigner;
|
|
|
|
// src/getSignedUrl.ts
|
|
var getSignedUrl = /* @__PURE__ */ __name(async (client, command, options = {}) => {
|
|
var _a, _b, _c;
|
|
let s3Presigner;
|
|
let region;
|
|
if (typeof client.config.endpointProvider === "function") {
|
|
const endpointV2 = await (0, import_middleware_endpoint.getEndpointFromInstructions)(
|
|
command.input,
|
|
command.constructor,
|
|
client.config
|
|
);
|
|
const authScheme = (_b = (_a = endpointV2.properties) == null ? void 0 : _a.authSchemes) == null ? void 0 : _b[0];
|
|
if ((authScheme == null ? void 0 : authScheme.name) === "sigv4a") {
|
|
region = (_c = authScheme == null ? void 0 : authScheme.signingRegionSet) == null ? void 0 : _c.join(",");
|
|
} else {
|
|
region = authScheme == null ? void 0 : authScheme.signingRegion;
|
|
}
|
|
s3Presigner = new S3RequestPresigner({
|
|
...client.config,
|
|
signingName: authScheme == null ? void 0 : authScheme.signingName,
|
|
region: async () => region
|
|
});
|
|
} else {
|
|
s3Presigner = new S3RequestPresigner(client.config);
|
|
}
|
|
const presignInterceptMiddleware = /* @__PURE__ */ __name((next, context) => async (args) => {
|
|
const { request } = args;
|
|
if (!import_protocol_http.HttpRequest.isInstance(request)) {
|
|
throw new Error("Request to be presigned is not an valid HTTP request.");
|
|
}
|
|
delete request.headers["amz-sdk-invocation-id"];
|
|
delete request.headers["amz-sdk-request"];
|
|
delete request.headers["x-amz-user-agent"];
|
|
let presigned2;
|
|
const presignerOptions = {
|
|
...options,
|
|
signingRegion: options.signingRegion ?? context["signing_region"] ?? region,
|
|
signingService: options.signingService ?? context["signing_service"]
|
|
};
|
|
if (context.s3ExpressIdentity) {
|
|
presigned2 = await s3Presigner.presignWithCredentials(request, context.s3ExpressIdentity, presignerOptions);
|
|
} else {
|
|
presigned2 = await s3Presigner.presign(request, presignerOptions);
|
|
}
|
|
return {
|
|
// Intercept the middleware stack by returning fake response
|
|
response: {},
|
|
output: {
|
|
$metadata: { httpStatusCode: 200 },
|
|
presigned: presigned2
|
|
}
|
|
};
|
|
}, "presignInterceptMiddleware");
|
|
const middlewareName = "presignInterceptMiddleware";
|
|
const clientStack = client.middlewareStack.clone();
|
|
clientStack.addRelativeTo(presignInterceptMiddleware, {
|
|
name: middlewareName,
|
|
relation: "before",
|
|
toMiddleware: "awsAuthMiddleware",
|
|
override: true
|
|
});
|
|
const handler = command.resolveMiddleware(clientStack, client.config, {});
|
|
const { output } = await handler({ input: command.input });
|
|
const { presigned } = output;
|
|
return (0, import_util_format_url.formatUrl)(presigned);
|
|
}, "getSignedUrl");
|
|
// Annotate the CommonJS export names for ESM import in node:
|
|
|
|
0 && (module.exports = {
|
|
getSignedUrl,
|
|
S3RequestPresigner
|
|
});
|
|
|