@atproto/aws 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/dist/bunny.d.ts +11 -0
- package/dist/cloudfront.d.ts +1 -3
- package/dist/index.d.ts +3 -0
- package/dist/index.js +139 -63
- package/dist/index.js.map +3 -3
- package/dist/types.d.ts +3 -0
- package/dist/util.d.ts +6 -0
- package/package.json +11 -4
- package/src/bunny.ts +36 -0
- package/src/cloudfront.ts +1 -6
- package/src/index.ts +3 -0
- package/src/types.ts +5 -0
- package/src/util.ts +14 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# @atproto/aws
|
|
2
2
|
|
|
3
|
+
## 0.1.3
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Updated dependencies []:
|
|
8
|
+
- @atproto/repo@0.3.3
|
|
9
|
+
- @atproto/common@0.3.2
|
|
10
|
+
|
|
11
|
+
## 0.1.2
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- Updated dependencies []:
|
|
16
|
+
- @atproto/repo@0.3.2
|
|
17
|
+
|
|
3
18
|
## 0.1.1
|
|
4
19
|
|
|
5
20
|
### Patch Changes
|
package/dist/bunny.d.ts
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { ImageInvalidator } from './types';
|
|
2
|
+
export declare type BunnyConfig = {
|
|
3
|
+
accessKey: string;
|
|
4
|
+
urlPrefix: string;
|
|
5
|
+
};
|
|
6
|
+
export declare class BunnyInvalidator implements ImageInvalidator {
|
|
7
|
+
cfg: BunnyConfig;
|
|
8
|
+
constructor(cfg: BunnyConfig);
|
|
9
|
+
invalidate(_subject: string, paths: string[]): Promise<void>;
|
|
10
|
+
}
|
|
11
|
+
export default BunnyInvalidator;
|
package/dist/cloudfront.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import * as aws from '@aws-sdk/client-cloudfront';
|
|
2
|
+
import { ImageInvalidator } from './types';
|
|
2
3
|
export declare type CloudfrontConfig = {
|
|
3
4
|
distributionId: string;
|
|
4
5
|
pathPrefix?: string;
|
|
@@ -11,6 +12,3 @@ export declare class CloudfrontInvalidator implements ImageInvalidator {
|
|
|
11
12
|
invalidate(subject: string, paths: string[]): Promise<void>;
|
|
12
13
|
}
|
|
13
14
|
export default CloudfrontInvalidator;
|
|
14
|
-
interface ImageInvalidator {
|
|
15
|
-
invalidate(subject: string, paths: string[]): Promise<void>;
|
|
16
|
-
}
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -618,13 +618,13 @@ var require_s3 = __commonJS({
|
|
|
618
618
|
var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
|
|
619
619
|
exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
|
|
620
620
|
var isArnBucketName = (bucketName) => {
|
|
621
|
-
const [arn, partition,
|
|
621
|
+
const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
|
|
622
622
|
const isArn = arn === "arn" && bucketName.split(":").length >= 6;
|
|
623
|
-
const isValidArn = [arn, partition,
|
|
623
|
+
const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
|
|
624
624
|
if (isArn && !isValidArn) {
|
|
625
625
|
throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
|
|
626
626
|
}
|
|
627
|
-
return arn === "arn" && !!partition && !!
|
|
627
|
+
return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
|
|
628
628
|
};
|
|
629
629
|
exports.isArnBucketName = isArnBucketName;
|
|
630
630
|
}
|
|
@@ -12118,11 +12118,11 @@ var require_credentialDerivation = __commonJS({
|
|
|
12118
12118
|
var constants_1 = require_constants4();
|
|
12119
12119
|
var signingKeyCache = {};
|
|
12120
12120
|
var cacheQueue = [];
|
|
12121
|
-
var createScope = (shortDate, region,
|
|
12121
|
+
var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
|
|
12122
12122
|
exports.createScope = createScope;
|
|
12123
|
-
var getSigningKey = async (sha256Constructor, credentials, shortDate, region,
|
|
12123
|
+
var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
|
|
12124
12124
|
const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
|
|
12125
|
-
const cacheKey = `${shortDate}:${region}:${
|
|
12125
|
+
const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
|
|
12126
12126
|
if (cacheKey in signingKeyCache) {
|
|
12127
12127
|
return signingKeyCache[cacheKey];
|
|
12128
12128
|
}
|
|
@@ -12131,7 +12131,7 @@ var require_credentialDerivation = __commonJS({
|
|
|
12131
12131
|
delete signingKeyCache[cacheQueue.shift()];
|
|
12132
12132
|
}
|
|
12133
12133
|
let key = `AWS4${credentials.secretAccessKey}`;
|
|
12134
|
-
for (const signable of [shortDate, region,
|
|
12134
|
+
for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
|
|
12135
12135
|
key = await hmac2(sha256Constructor, key, signable);
|
|
12136
12136
|
}
|
|
12137
12137
|
return signingKeyCache[cacheKey] = key;
|
|
@@ -12433,8 +12433,8 @@ var require_SignatureV4 = __commonJS({
|
|
|
12433
12433
|
var prepareRequest_1 = require_prepareRequest();
|
|
12434
12434
|
var utilDate_1 = require_utilDate();
|
|
12435
12435
|
var SignatureV4 = class {
|
|
12436
|
-
constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
|
|
12437
|
-
this.service =
|
|
12436
|
+
constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
|
|
12437
|
+
this.service = service2;
|
|
12438
12438
|
this.sha256 = sha2564;
|
|
12439
12439
|
this.uriEscapePath = uriEscapePath;
|
|
12440
12440
|
this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
|
|
@@ -12565,8 +12565,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
|
|
|
12565
12565
|
hash2.update(stringToSign);
|
|
12566
12566
|
return (0, util_hex_encoding_1.toHex)(await hash2.digest());
|
|
12567
12567
|
}
|
|
12568
|
-
getSigningKey(credentials, region, shortDate,
|
|
12569
|
-
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region,
|
|
12568
|
+
getSigningKey(credentials, region, shortDate, service2) {
|
|
12569
|
+
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
|
|
12570
12570
|
}
|
|
12571
12571
|
validateResolvedCredentials(credentials) {
|
|
12572
12572
|
if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
|
|
@@ -19305,12 +19305,12 @@ var require_parseArn = __commonJS({
|
|
|
19305
19305
|
const segments = value.split(":");
|
|
19306
19306
|
if (segments.length < 6)
|
|
19307
19307
|
return null;
|
|
19308
|
-
const [arn, partition,
|
|
19309
|
-
if (arn !== "arn" || partition === "" ||
|
|
19308
|
+
const [arn, partition, service2, region, accountId, ...resourceId] = segments;
|
|
19309
|
+
if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
|
|
19310
19310
|
return null;
|
|
19311
19311
|
return {
|
|
19312
19312
|
partition,
|
|
19313
|
-
service,
|
|
19313
|
+
service: service2,
|
|
19314
19314
|
region,
|
|
19315
19315
|
accountId,
|
|
19316
19316
|
resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
|
|
@@ -33760,13 +33760,13 @@ var require_s32 = __commonJS({
|
|
|
33760
33760
|
var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
|
|
33761
33761
|
exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
|
|
33762
33762
|
var isArnBucketName = (bucketName) => {
|
|
33763
|
-
const [arn, partition,
|
|
33763
|
+
const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
|
|
33764
33764
|
const isArn = arn === "arn" && bucketName.split(":").length >= 6;
|
|
33765
|
-
const isValidArn = [arn, partition,
|
|
33765
|
+
const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
|
|
33766
33766
|
if (isArn && !isValidArn) {
|
|
33767
33767
|
throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
|
|
33768
33768
|
}
|
|
33769
|
-
return arn === "arn" && !!partition && !!
|
|
33769
|
+
return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
|
|
33770
33770
|
};
|
|
33771
33771
|
exports.isArnBucketName = isArnBucketName;
|
|
33772
33772
|
}
|
|
@@ -47437,10 +47437,10 @@ var require_dist_cjs57 = __commonJS({
|
|
|
47437
47437
|
const segments = arn.split(":");
|
|
47438
47438
|
if (segments.length < 6 || segments[0] !== "arn")
|
|
47439
47439
|
throw new Error("Malformed ARN");
|
|
47440
|
-
const [, partition,
|
|
47440
|
+
const [, partition, service2, region, accountId, ...resource] = segments;
|
|
47441
47441
|
return {
|
|
47442
47442
|
partition,
|
|
47443
|
-
service,
|
|
47443
|
+
service: service2,
|
|
47444
47444
|
region,
|
|
47445
47445
|
accountId,
|
|
47446
47446
|
resource: resource.join(":")
|
|
@@ -47448,11 +47448,11 @@ var require_dist_cjs57 = __commonJS({
|
|
|
47448
47448
|
};
|
|
47449
47449
|
exports.parse = parse;
|
|
47450
47450
|
var build = (arnObject) => {
|
|
47451
|
-
const { partition = "aws", service, region, accountId, resource } = arnObject;
|
|
47452
|
-
if ([
|
|
47451
|
+
const { partition = "aws", service: service2, region, accountId, resource } = arnObject;
|
|
47452
|
+
if ([service2, region, accountId, resource].some((segment) => typeof segment !== "string")) {
|
|
47453
47453
|
throw new Error("Input ARN object is invalid");
|
|
47454
47454
|
}
|
|
47455
|
-
return `arn:${partition}:${
|
|
47455
|
+
return `arn:${partition}:${service2}:${region}:${accountId}:${resource}`;
|
|
47456
47456
|
};
|
|
47457
47457
|
exports.build = build;
|
|
47458
47458
|
}
|
|
@@ -47597,20 +47597,20 @@ var require_bucketHostnameUtils = __commonJS({
|
|
|
47597
47597
|
}
|
|
47598
47598
|
};
|
|
47599
47599
|
exports.validateArnEndpointOptions = validateArnEndpointOptions;
|
|
47600
|
-
var validateService = (
|
|
47601
|
-
if (
|
|
47600
|
+
var validateService = (service2) => {
|
|
47601
|
+
if (service2 !== "s3" && service2 !== "s3-outposts" && service2 !== "s3-object-lambda") {
|
|
47602
47602
|
throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component");
|
|
47603
47603
|
}
|
|
47604
47604
|
};
|
|
47605
47605
|
exports.validateService = validateService;
|
|
47606
|
-
var validateS3Service = (
|
|
47607
|
-
if (
|
|
47606
|
+
var validateS3Service = (service2) => {
|
|
47607
|
+
if (service2 !== "s3") {
|
|
47608
47608
|
throw new Error("Expect 's3' in Accesspoint ARN service component");
|
|
47609
47609
|
}
|
|
47610
47610
|
};
|
|
47611
47611
|
exports.validateS3Service = validateS3Service;
|
|
47612
|
-
var validateOutpostService = (
|
|
47613
|
-
if (
|
|
47612
|
+
var validateOutpostService = (service2) => {
|
|
47613
|
+
if (service2 !== "s3-outposts") {
|
|
47614
47614
|
throw new Error("Expect 's3-posts' in Outpost ARN service component");
|
|
47615
47615
|
}
|
|
47616
47616
|
};
|
|
@@ -47742,12 +47742,12 @@ var require_bucketHostname = __commonJS({
|
|
|
47742
47742
|
const hostnameSuffix = isCustomEndpoint ? baseHostname : (0, bucketHostnameUtils_1.getSuffixForArnEndpoint)(baseHostname)[1];
|
|
47743
47743
|
const { pathStyleEndpoint, accelerateEndpoint = false, fipsEndpoint = false, tlsCompatible = true, bucketName, clientPartition = "aws" } = options;
|
|
47744
47744
|
(0, bucketHostnameUtils_1.validateArnEndpointOptions)({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible });
|
|
47745
|
-
const { service, partition, accountId, region, resource } = bucketName;
|
|
47746
|
-
(0, bucketHostnameUtils_1.validateService)(
|
|
47745
|
+
const { service: service2, partition, accountId, region, resource } = bucketName;
|
|
47746
|
+
(0, bucketHostnameUtils_1.validateService)(service2);
|
|
47747
47747
|
(0, bucketHostnameUtils_1.validatePartition)(partition, { clientPartition });
|
|
47748
47748
|
(0, bucketHostnameUtils_1.validateAccountId)(accountId);
|
|
47749
47749
|
const { accesspointName, outpostId } = (0, bucketHostnameUtils_1.getArnResources)(resource);
|
|
47750
|
-
if (
|
|
47750
|
+
if (service2 === "s3-object-lambda") {
|
|
47751
47751
|
return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix });
|
|
47752
47752
|
}
|
|
47753
47753
|
if (region === "") {
|
|
@@ -47759,7 +47759,7 @@ var require_bucketHostname = __commonJS({
|
|
|
47759
47759
|
return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix });
|
|
47760
47760
|
};
|
|
47761
47761
|
var getEndpointFromObjectLambdaArn = ({ dualstackEndpoint = false, fipsEndpoint = false, tlsCompatible = true, useArnRegion, clientRegion, clientSigningRegion = clientRegion, accesspointName, bucketName, hostnameSuffix }) => {
|
|
47762
|
-
const { accountId, region, service } = bucketName;
|
|
47762
|
+
const { accountId, region, service: service2 } = bucketName;
|
|
47763
47763
|
(0, bucketHostnameUtils_1.validateRegionalClient)(clientRegion);
|
|
47764
47764
|
(0, bucketHostnameUtils_1.validateRegion)(region, {
|
|
47765
47765
|
useArnRegion,
|
|
@@ -47775,9 +47775,9 @@ var require_bucketHostname = __commonJS({
|
|
|
47775
47775
|
const signingRegion = useArnRegion ? region : clientSigningRegion;
|
|
47776
47776
|
return {
|
|
47777
47777
|
bucketEndpoint: true,
|
|
47778
|
-
hostname: `${DNSHostLabel}.${
|
|
47778
|
+
hostname: `${DNSHostLabel}.${service2}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`,
|
|
47779
47779
|
signingRegion,
|
|
47780
|
-
signingService:
|
|
47780
|
+
signingService: service2
|
|
47781
47781
|
};
|
|
47782
47782
|
};
|
|
47783
47783
|
var getEndpointFromMRAPArn = ({ disableMultiregionAccessPoints, dualstackEndpoint = false, isCustomEndpoint, mrapAlias, hostnameSuffix }) => {
|
|
@@ -56676,11 +56676,11 @@ var require_credentialDerivation2 = __commonJS({
|
|
|
56676
56676
|
var constants_1 = require_constants13();
|
|
56677
56677
|
var signingKeyCache = {};
|
|
56678
56678
|
var cacheQueue = [];
|
|
56679
|
-
var createScope = (shortDate, region,
|
|
56679
|
+
var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
|
|
56680
56680
|
exports.createScope = createScope;
|
|
56681
|
-
var getSigningKey = async (sha256Constructor, credentials, shortDate, region,
|
|
56681
|
+
var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
|
|
56682
56682
|
const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
|
|
56683
|
-
const cacheKey = `${shortDate}:${region}:${
|
|
56683
|
+
const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
|
|
56684
56684
|
if (cacheKey in signingKeyCache) {
|
|
56685
56685
|
return signingKeyCache[cacheKey];
|
|
56686
56686
|
}
|
|
@@ -56689,7 +56689,7 @@ var require_credentialDerivation2 = __commonJS({
|
|
|
56689
56689
|
delete signingKeyCache[cacheQueue.shift()];
|
|
56690
56690
|
}
|
|
56691
56691
|
let key = `AWS4${credentials.secretAccessKey}`;
|
|
56692
|
-
for (const signable of [shortDate, region,
|
|
56692
|
+
for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
|
|
56693
56693
|
key = await hmac2(sha256Constructor, key, signable);
|
|
56694
56694
|
}
|
|
56695
56695
|
return signingKeyCache[cacheKey] = key;
|
|
@@ -56980,8 +56980,8 @@ var require_SignatureV42 = __commonJS({
|
|
|
56980
56980
|
var prepareRequest_1 = require_prepareRequest2();
|
|
56981
56981
|
var utilDate_1 = require_utilDate2();
|
|
56982
56982
|
var SignatureV4 = class {
|
|
56983
|
-
constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
|
|
56984
|
-
this.service =
|
|
56983
|
+
constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
|
|
56984
|
+
this.service = service2;
|
|
56985
56985
|
this.sha256 = sha2564;
|
|
56986
56986
|
this.uriEscapePath = uriEscapePath;
|
|
56987
56987
|
this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
|
|
@@ -57112,8 +57112,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
|
|
|
57112
57112
|
hash2.update(stringToSign);
|
|
57113
57113
|
return (0, util_hex_encoding_1.toHex)(await hash2.digest());
|
|
57114
57114
|
}
|
|
57115
|
-
getSigningKey(credentials, region, shortDate,
|
|
57116
|
-
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region,
|
|
57115
|
+
getSigningKey(credentials, region, shortDate, service2) {
|
|
57116
|
+
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
|
|
57117
57117
|
}
|
|
57118
57118
|
validateResolvedCredentials(credentials) {
|
|
57119
57119
|
if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
|
|
@@ -62482,12 +62482,12 @@ var require_parseArn2 = __commonJS({
|
|
|
62482
62482
|
const segments = value.split(":");
|
|
62483
62483
|
if (segments.length < 6)
|
|
62484
62484
|
return null;
|
|
62485
|
-
const [arn, partition,
|
|
62486
|
-
if (arn !== "arn" || partition === "" ||
|
|
62485
|
+
const [arn, partition, service2, region, accountId, ...resourceId] = segments;
|
|
62486
|
+
if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
|
|
62487
62487
|
return null;
|
|
62488
62488
|
return {
|
|
62489
62489
|
partition,
|
|
62490
|
-
service,
|
|
62490
|
+
service: service2,
|
|
62491
62491
|
region,
|
|
62492
62492
|
accountId,
|
|
62493
62493
|
resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
|
|
@@ -81004,13 +81004,13 @@ var require_s33 = __commonJS({
|
|
|
81004
81004
|
var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
|
|
81005
81005
|
exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
|
|
81006
81006
|
var isArnBucketName = (bucketName) => {
|
|
81007
|
-
const [arn, partition,
|
|
81007
|
+
const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
|
|
81008
81008
|
const isArn = arn === "arn" && bucketName.split(":").length >= 6;
|
|
81009
|
-
const isValidArn = [arn, partition,
|
|
81009
|
+
const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
|
|
81010
81010
|
if (isArn && !isValidArn) {
|
|
81011
81011
|
throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
|
|
81012
81012
|
}
|
|
81013
|
-
return arn === "arn" && !!partition && !!
|
|
81013
|
+
return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
|
|
81014
81014
|
};
|
|
81015
81015
|
exports.isArnBucketName = isArnBucketName;
|
|
81016
81016
|
}
|
|
@@ -96694,13 +96694,13 @@ var require_s34 = __commonJS({
|
|
|
96694
96694
|
var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
|
|
96695
96695
|
exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
|
|
96696
96696
|
var isArnBucketName = (bucketName) => {
|
|
96697
|
-
const [arn, partition,
|
|
96697
|
+
const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
|
|
96698
96698
|
const isArn = arn === "arn" && bucketName.split(":").length >= 6;
|
|
96699
|
-
const isValidArn = [arn, partition,
|
|
96699
|
+
const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
|
|
96700
96700
|
if (isArn && !isValidArn) {
|
|
96701
96701
|
throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
|
|
96702
96702
|
}
|
|
96703
|
-
return arn === "arn" && !!partition && !!
|
|
96703
|
+
return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
|
|
96704
96704
|
};
|
|
96705
96705
|
exports.isArnBucketName = isArnBucketName;
|
|
96706
96706
|
}
|
|
@@ -98356,11 +98356,11 @@ var require_credentialDerivation3 = __commonJS({
|
|
|
98356
98356
|
var constants_1 = require_constants21();
|
|
98357
98357
|
var signingKeyCache = {};
|
|
98358
98358
|
var cacheQueue = [];
|
|
98359
|
-
var createScope = (shortDate, region,
|
|
98359
|
+
var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
|
|
98360
98360
|
exports.createScope = createScope;
|
|
98361
|
-
var getSigningKey = async (sha256Constructor, credentials, shortDate, region,
|
|
98361
|
+
var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
|
|
98362
98362
|
const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
|
|
98363
|
-
const cacheKey = `${shortDate}:${region}:${
|
|
98363
|
+
const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
|
|
98364
98364
|
if (cacheKey in signingKeyCache) {
|
|
98365
98365
|
return signingKeyCache[cacheKey];
|
|
98366
98366
|
}
|
|
@@ -98369,7 +98369,7 @@ var require_credentialDerivation3 = __commonJS({
|
|
|
98369
98369
|
delete signingKeyCache[cacheQueue.shift()];
|
|
98370
98370
|
}
|
|
98371
98371
|
let key = `AWS4${credentials.secretAccessKey}`;
|
|
98372
|
-
for (const signable of [shortDate, region,
|
|
98372
|
+
for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
|
|
98373
98373
|
key = await hmac2(sha256Constructor, key, signable);
|
|
98374
98374
|
}
|
|
98375
98375
|
return signingKeyCache[cacheKey] = key;
|
|
@@ -98627,8 +98627,8 @@ var require_SignatureV43 = __commonJS({
|
|
|
98627
98627
|
var prepareRequest_1 = require_prepareRequest3();
|
|
98628
98628
|
var utilDate_1 = require_utilDate3();
|
|
98629
98629
|
var SignatureV4 = class {
|
|
98630
|
-
constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
|
|
98631
|
-
this.service =
|
|
98630
|
+
constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
|
|
98631
|
+
this.service = service2;
|
|
98632
98632
|
this.sha256 = sha2564;
|
|
98633
98633
|
this.uriEscapePath = uriEscapePath;
|
|
98634
98634
|
this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
|
|
@@ -98759,8 +98759,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
|
|
|
98759
98759
|
hash2.update((0, util_utf8_1.toUint8Array)(stringToSign));
|
|
98760
98760
|
return (0, util_hex_encoding_1.toHex)(await hash2.digest());
|
|
98761
98761
|
}
|
|
98762
|
-
getSigningKey(credentials, region, shortDate,
|
|
98763
|
-
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region,
|
|
98762
|
+
getSigningKey(credentials, region, shortDate, service2) {
|
|
98763
|
+
return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
|
|
98764
98764
|
}
|
|
98765
98765
|
validateResolvedCredentials(credentials) {
|
|
98766
98766
|
if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
|
|
@@ -105253,12 +105253,12 @@ var require_parseArn3 = __commonJS({
|
|
|
105253
105253
|
const segments = value.split(":");
|
|
105254
105254
|
if (segments.length < 6)
|
|
105255
105255
|
return null;
|
|
105256
|
-
const [arn, partition,
|
|
105257
|
-
if (arn !== "arn" || partition === "" ||
|
|
105256
|
+
const [arn, partition, service2, region, accountId, ...resourceId] = segments;
|
|
105257
|
+
if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
|
|
105258
105258
|
return null;
|
|
105259
105259
|
return {
|
|
105260
105260
|
partition,
|
|
105261
|
-
service,
|
|
105261
|
+
service: service2,
|
|
105262
105262
|
region,
|
|
105263
105263
|
accountId,
|
|
105264
105264
|
resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
|
|
@@ -135549,8 +135549,10 @@ var require_dist_cjs167 = __commonJS({
|
|
|
135549
135549
|
// src/index.ts
|
|
135550
135550
|
var src_exports4 = {};
|
|
135551
135551
|
__export(src_exports4, {
|
|
135552
|
+
BunnyInvalidator: () => BunnyInvalidator,
|
|
135552
135553
|
CloudfrontInvalidator: () => CloudfrontInvalidator,
|
|
135553
135554
|
KmsKeypair: () => KmsKeypair,
|
|
135555
|
+
MultiImageInvalidator: () => MultiImageInvalidator,
|
|
135554
135556
|
S3BlobStore: () => S3BlobStore
|
|
135555
135557
|
});
|
|
135556
135558
|
module.exports = __toCommonJS(src_exports4);
|
|
@@ -142345,6 +142347,21 @@ var ensureValidNsid = (nsid2) => {
|
|
|
142345
142347
|
var InvalidNsidError = class extends Error {
|
|
142346
142348
|
};
|
|
142347
142349
|
|
|
142350
|
+
// ../common-web/src/async.ts
|
|
142351
|
+
var handleAllSettledErrors = (results) => {
|
|
142352
|
+
const errors = results.filter(isRejected).map((res) => res.reason);
|
|
142353
|
+
if (errors.length === 0) {
|
|
142354
|
+
return;
|
|
142355
|
+
}
|
|
142356
|
+
if (errors.length === 1) {
|
|
142357
|
+
throw errors[0];
|
|
142358
|
+
}
|
|
142359
|
+
throw new AggregateError(errors, "Multiple errors: " + errors.map((err) => err?.message).join("\n"));
|
|
142360
|
+
};
|
|
142361
|
+
var isRejected = (result) => {
|
|
142362
|
+
return result.status === "rejected";
|
|
142363
|
+
};
|
|
142364
|
+
|
|
142348
142365
|
// ../common-web/src/types.ts
|
|
142349
142366
|
var cidSchema = z.any().refine((obj) => CID.asCID(obj) !== null, {
|
|
142350
142367
|
message: "Not a CID"
|
|
@@ -142389,6 +142406,25 @@ var DAY = HOUR * 24;
|
|
|
142389
142406
|
// ../common-web/src/strings.ts
|
|
142390
142407
|
var import_graphemer = __toESM(require_lib4());
|
|
142391
142408
|
|
|
142409
|
+
// ../common-web/src/did-doc.ts
|
|
142410
|
+
var verificationMethod = z.object({
|
|
142411
|
+
id: z.string(),
|
|
142412
|
+
type: z.string(),
|
|
142413
|
+
controller: z.string(),
|
|
142414
|
+
publicKeyMultibase: z.string().optional()
|
|
142415
|
+
});
|
|
142416
|
+
var service = z.object({
|
|
142417
|
+
id: z.string(),
|
|
142418
|
+
type: z.string(),
|
|
142419
|
+
serviceEndpoint: z.union([z.string(), z.record(z.unknown())])
|
|
142420
|
+
});
|
|
142421
|
+
var didDocument = z.object({
|
|
142422
|
+
id: z.string(),
|
|
142423
|
+
alsoKnownAs: z.array(z.string()).optional(),
|
|
142424
|
+
verificationMethod: z.array(verificationMethod).optional(),
|
|
142425
|
+
service: z.array(service).optional()
|
|
142426
|
+
});
|
|
142427
|
+
|
|
142392
142428
|
// ../lexicon/src/validators/formats.ts
|
|
142393
142429
|
var import_iso_datestring_validator = __toESM(require_dist2());
|
|
142394
142430
|
|
|
@@ -142535,7 +142571,7 @@ var lexObject = z.object({
|
|
|
142535
142571
|
description: z.string().optional(),
|
|
142536
142572
|
required: z.string().array().optional(),
|
|
142537
142573
|
nullable: z.string().array().optional(),
|
|
142538
|
-
properties: z.record(z.union([lexRefVariant, lexIpldType, lexArray, lexBlob, lexPrimitive]))
|
|
142574
|
+
properties: z.record(z.union([lexRefVariant, lexIpldType, lexArray, lexBlob, lexPrimitive]))
|
|
142539
142575
|
}).strict().superRefine(requiredPropertiesRefinement);
|
|
142540
142576
|
var lexXrpcParameters = z.object({
|
|
142541
142577
|
type: z.literal("params"),
|
|
@@ -142660,6 +142696,9 @@ var lexiconDoc = z.object({
|
|
|
142660
142696
|
});
|
|
142661
142697
|
var discriminatedObject = z.object({ $type: z.string() });
|
|
142662
142698
|
|
|
142699
|
+
// ../common/src/dates.ts
|
|
142700
|
+
var import_iso_datestring_validator2 = __toESM(require_dist2());
|
|
142701
|
+
|
|
142663
142702
|
// ../../node_modules/.pnpm/cborg@1.10.2/node_modules/cborg/esm/lib/is.js
|
|
142664
142703
|
var typeofs = [
|
|
142665
142704
|
"string",
|
|
@@ -146446,10 +146485,47 @@ var CloudfrontInvalidator = class {
|
|
|
146446
146485
|
});
|
|
146447
146486
|
}
|
|
146448
146487
|
};
|
|
146488
|
+
|
|
146489
|
+
// src/bunny.ts
|
|
146490
|
+
var API_PURGE_URL = "https://api.bunny.net/purge";
|
|
146491
|
+
var BunnyInvalidator = class {
|
|
146492
|
+
constructor(cfg) {
|
|
146493
|
+
this.cfg = cfg;
|
|
146494
|
+
}
|
|
146495
|
+
async invalidate(_subject, paths) {
|
|
146496
|
+
const results = await Promise.allSettled(paths.map(async (path) => purgeUrl({
|
|
146497
|
+
url: this.cfg.urlPrefix + path,
|
|
146498
|
+
accessKey: this.cfg.accessKey
|
|
146499
|
+
})));
|
|
146500
|
+
handleAllSettledErrors(results);
|
|
146501
|
+
}
|
|
146502
|
+
};
|
|
146503
|
+
async function purgeUrl(opts) {
|
|
146504
|
+
const search = new URLSearchParams();
|
|
146505
|
+
search.set("async", "true");
|
|
146506
|
+
search.set("url", opts.url);
|
|
146507
|
+
await fetch(API_PURGE_URL + "?" + search.toString(), {
|
|
146508
|
+
method: "post",
|
|
146509
|
+
headers: { AccessKey: opts.accessKey }
|
|
146510
|
+
});
|
|
146511
|
+
}
|
|
146512
|
+
|
|
146513
|
+
// src/util.ts
|
|
146514
|
+
var MultiImageInvalidator = class {
|
|
146515
|
+
constructor(invalidators) {
|
|
146516
|
+
this.invalidators = invalidators;
|
|
146517
|
+
}
|
|
146518
|
+
async invalidate(subject, paths) {
|
|
146519
|
+
const results = await Promise.allSettled(this.invalidators.map((invalidator) => invalidator.invalidate(subject, paths)));
|
|
146520
|
+
handleAllSettledErrors(results);
|
|
146521
|
+
}
|
|
146522
|
+
};
|
|
146449
146523
|
// Annotate the CommonJS export names for ESM import in node:
|
|
146450
146524
|
0 && (module.exports = {
|
|
146525
|
+
BunnyInvalidator,
|
|
146451
146526
|
CloudfrontInvalidator,
|
|
146452
146527
|
KmsKeypair,
|
|
146528
|
+
MultiImageInvalidator,
|
|
146453
146529
|
S3BlobStore
|
|
146454
146530
|
});
|
|
146455
146531
|
/*! *****************************************************************************
|