@aws-sdk/cloudfront-signer 3.468.0 → 3.495.0

package/CHANGELOG.md

@@ -3,6 +3,28 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.495.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.494.0...v3.495.0) (2024-01-18)
+
+
+### Features
+
+* use bundled dist-cjs build ([#5687](https://github.com/aws/aws-sdk-js-v3/issues/5687)) ([5f79e22](https://github.com/aws/aws-sdk-js-v3/commit/5f79e225e32f0b2ed5b432ae4e4108663eb0acfb))
+
+
+
+
+
+# [3.485.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.484.0...v3.485.0) (2024-01-03)
+
+
+### Features
+
+* **credential-providers:** add credentialScope field ([#5606](https://github.com/aws/aws-sdk-js-v3/issues/5606)) ([04c1459](https://github.com/aws/aws-sdk-js-v3/commit/04c14592898ac63ed87d47f2a53320ccaa991083))
+
+
+
+
+
 # [3.468.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.467.0...v3.468.0) (2023-12-06)
 
 **Note:** Version bump only for package @aws-sdk/cloudfront-signer

package/dist-cjs/index.js

@@ -1,4 +1,277 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const tslib_1 = require("tslib");
-tslib_1.__exportStar(require("./sign"), exports);
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  getSignedCookies: () => getSignedCookies,
+  getSignedUrl: () => getSignedUrl
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/sign.ts
+var import_crypto = require("crypto");
+function getSignedUrl({
+  dateLessThan,
+  dateGreaterThan,
+  url,
+  keyPairId,
+  privateKey,
+  ipAddress,
+  policy,
+  passphrase
+}) {
+  const cloudfrontSignBuilder = new CloudfrontSignBuilder({
+    keyPairId,
+    privateKey,
+    passphrase
+  });
+  if (policy) {
+    cloudfrontSignBuilder.setCustomPolicy(policy);
+  } else {
+    cloudfrontSignBuilder.setPolicyParameters({
+      url,
+      dateLessThan,
+      dateGreaterThan,
+      ipAddress
+    });
+  }
+  const newURL = new URL(url);
+  newURL.search = Array.from(newURL.searchParams.entries()).concat(Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute())).filter(([key, value]) => value !== void 0).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");
+  return getResource(newURL);
+}
+__name(getSignedUrl, "getSignedUrl");
+function getSignedCookies({
+  ipAddress,
+  url,
+  privateKey,
+  keyPairId,
+  dateLessThan,
+  dateGreaterThan,
+  policy,
+  passphrase
+}) {
+  const cloudfrontSignBuilder = new CloudfrontSignBuilder({
+    keyPairId,
+    privateKey,
+    passphrase
+  });
+  if (policy) {
+    cloudfrontSignBuilder.setCustomPolicy(policy);
+  } else {
+    cloudfrontSignBuilder.setPolicyParameters({
+      url,
+      dateLessThan,
+      dateGreaterThan,
+      ipAddress
+    });
+  }
+  const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
+  const cookies = {
+    "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
+    "CloudFront-Signature": cloudfrontCookieAttributes["Signature"]
+  };
+  if (cloudfrontCookieAttributes["Expires"]) {
+    cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
+  }
+  if (cloudfrontCookieAttributes["Policy"]) {
+    cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
+  }
+  return cookies;
+}
+__name(getSignedCookies, "getSignedCookies");
+function getResource(url) {
+  switch (url.protocol) {
+    case "http:":
+    case "https:":
+      return url.toString();
+    case "rtmp:":
+      return url.pathname.replace(/^\//, "") + url.search + url.hash;
+    default:
+      throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
+  }
+}
+__name(getResource, "getResource");
+var _CloudfrontSignBuilder = class _CloudfrontSignBuilder {
+  constructor({
+    privateKey,
+    keyPairId,
+    passphrase
+  }) {
+    this.customPolicy = false;
+    this.keyPairId = keyPairId;
+    this.privateKey = privateKey;
+    this.policy = "";
+    this.passphrase = passphrase;
+  }
+  buildPolicy(args) {
+    const policy = {
+      Statement: [
+        {
+          Resource: args.resource,
+          Condition: {
+            DateLessThan: {
+              "AWS:EpochTime": args.dateLessThan
+            }
+          }
+        }
+      ]
+    };
+    if (args.dateGreaterThan) {
+      policy.Statement[0].Condition["DateGreaterThan"] = {
+        "AWS:EpochTime": args.dateGreaterThan
+      };
+    }
+    if (args.ipAddress) {
+      const cidr = this.parseCIDR(args.ipAddress);
+      policy.Statement[0].Condition["IpAddress"] = {
+        "AWS:SourceIp": cidr
+      };
+    }
+    return policy;
+  }
+  normalizeBase64(str) {
+    const replacements = {
+      "+": "-",
+      "=": "_",
+      "/": "~"
+    };
+    return str.replace(/[+=/]/g, function(match) {
+      return replacements[match];
+    });
+  }
+  encodeToBase64(str) {
+    return this.normalizeBase64(Buffer.from(str).toString("base64"));
+  }
+  validateIP(ipStr) {
+    const octets = ipStr.split(".");
+    if (octets.length !== 4) {
+      throw new Error(`IP does not contain four octets.`);
+    }
+    const isValid = octets.every((octet) => {
+      const num = Number(octet);
+      return Number.isInteger(num) && num >= 0 && num <= 255;
+    });
+    if (!isValid) {
+      throw new Error("invalid IP octets");
+    }
+  }
+  validateMask(maskStr) {
+    const mask = Number(maskStr);
+    const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
+    if (!isValid) {
+      throw new Error("invalid mask");
+    }
+  }
+  parseCIDR(cidrStr) {
+    try {
+      const cidrParts = cidrStr.split("/");
+      if (cidrParts.some((part) => part.length === 0)) {
+        throw new Error("missing ip or mask part of CIDR");
+      }
+      this.validateIP(cidrParts[0]);
+      let mask = "32";
+      if (cidrParts.length === 2) {
+        this.validateMask(cidrParts[1]);
+        mask = cidrParts[1];
+      }
+      return `${cidrParts[0]}/${mask}`;
+    } catch (error) {
+      const errMessage = `IP address "${cidrStr}" is invalid`;
+      if (error instanceof Error) {
+        throw new Error(`${errMessage} due to ${error.message}.`);
+      } else {
+        throw new Error(`${errMessage}.`);
+      }
+    }
+  }
+  epochTime(date) {
+    return Math.round(date.getTime() / 1e3);
+  }
+  parseDate(date) {
+    if (!date) {
+      return void 0;
+    }
+    const parsedDate = Date.parse(date);
+    return isNaN(parsedDate) ? void 0 : this.epochTime(new Date(parsedDate));
+  }
+  parseDateWindow(expiration, start) {
+    const dateLessThan = this.parseDate(expiration);
+    if (!dateLessThan) {
+      throw new Error("dateLessThan is invalid. Ensure the date string is compatible with the Date constructor.");
+    }
+    return {
+      dateLessThan,
+      dateGreaterThan: this.parseDate(start)
+    };
+  }
+  signData(data, privateKey, passphrase) {
+    const sign = (0, import_crypto.createSign)("RSA-SHA1");
+    sign.update(data);
+    return sign.sign({ key: privateKey, passphrase }, "base64");
+  }
+  signPolicy(policy, privateKey, passphrase) {
+    return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
+  }
+  setCustomPolicy(policy) {
+    this.customPolicy = true;
+    this.policy = policy;
+  }
+  setPolicyParameters({
+    url,
+    dateLessThan,
+    dateGreaterThan,
+    ipAddress
+  }) {
+    if (!url || !dateLessThan) {
+      return false;
+    }
+    const resource = getResource(new URL(url));
+    const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
+    this.dateLessThan = parsedDates.dateLessThan;
+    this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
+    this.policy = JSON.stringify(
+      this.buildPolicy({
+        resource,
+        ipAddress,
+        dateLessThan: parsedDates.dateLessThan,
+        dateGreaterThan: parsedDates.dateGreaterThan
+      })
+    );
+  }
+  createCloudfrontAttribute() {
+    if (!Boolean(this.policy)) {
+      throw new Error("Invalid policy");
+    }
+    const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
+    return {
+      Expires: this.customPolicy ? void 0 : this.dateLessThan,
+      Policy: this.customPolicy ? this.encodeToBase64(this.policy) : void 0,
+      "Key-Pair-Id": this.keyPairId,
+      Signature: signature
+    };
+  }
+};
+__name(_CloudfrontSignBuilder, "CloudfrontSignBuilder");
+var CloudfrontSignBuilder = _CloudfrontSignBuilder;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getSignedCookies,
+  getSignedUrl
+});

package/dist-cjs/sign.js

@@ -1,223 +1 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getSignedCookies = exports.getSignedUrl = void 0;
-const crypto_1 = require("crypto");
-function getSignedUrl({ dateLessThan, dateGreaterThan, url, keyPairId, privateKey, ipAddress, policy, passphrase, }) {
-    const cloudfrontSignBuilder = new CloudfrontSignBuilder({
-        keyPairId,
-        privateKey,
-        passphrase,
-    });
-    if (policy) {
-        cloudfrontSignBuilder.setCustomPolicy(policy);
-    }
-    else {
-        cloudfrontSignBuilder.setPolicyParameters({
-            url,
-            dateLessThan,
-            dateGreaterThan,
-            ipAddress,
-        });
-    }
-    const newURL = new URL(url);
-    newURL.search = Array.from(newURL.searchParams.entries())
-        .concat(Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute()))
-        .filter(([key, value]) => value !== undefined)
-        .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
-        .join("&");
-    return getResource(newURL);
-}
-exports.getSignedUrl = getSignedUrl;
-function getSignedCookies({ ipAddress, url, privateKey, keyPairId, dateLessThan, dateGreaterThan, policy, passphrase, }) {
-    const cloudfrontSignBuilder = new CloudfrontSignBuilder({
-        keyPairId,
-        privateKey,
-        passphrase,
-    });
-    if (policy) {
-        cloudfrontSignBuilder.setCustomPolicy(policy);
-    }
-    else {
-        cloudfrontSignBuilder.setPolicyParameters({
-            url,
-            dateLessThan,
-            dateGreaterThan,
-            ipAddress,
-        });
-    }
-    const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
-    const cookies = {
-        "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
-        "CloudFront-Signature": cloudfrontCookieAttributes["Signature"],
-    };
-    if (cloudfrontCookieAttributes["Expires"]) {
-        cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
-    }
-    if (cloudfrontCookieAttributes["Policy"]) {
-        cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
-    }
-    return cookies;
-}
-exports.getSignedCookies = getSignedCookies;
-function getResource(url) {
-    switch (url.protocol) {
-        case "http:":
-        case "https:":
-            return url.toString();
-        case "rtmp:":
-            return url.pathname.replace(/^\//, "") + url.search + url.hash;
-        default:
-            throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
-    }
-}
-class CloudfrontSignBuilder {
-    constructor({ privateKey, keyPairId, passphrase, }) {
-        this.customPolicy = false;
-        this.keyPairId = keyPairId;
-        this.privateKey = privateKey;
-        this.policy = "";
-        this.passphrase = passphrase;
-    }
-    buildPolicy(args) {
-        const policy = {
-            Statement: [
-                {
-                    Resource: args.resource,
-                    Condition: {
-                        DateLessThan: {
-                            "AWS:EpochTime": args.dateLessThan,
-                        },
-                    },
-                },
-            ],
-        };
-        if (args.dateGreaterThan) {
-            policy.Statement[0].Condition["DateGreaterThan"] = {
-                "AWS:EpochTime": args.dateGreaterThan,
-            };
-        }
-        if (args.ipAddress) {
-            const cidr = this.parseCIDR(args.ipAddress);
-            policy.Statement[0].Condition["IpAddress"] = {
-                "AWS:SourceIp": cidr,
-            };
-        }
-        return policy;
-    }
-    normalizeBase64(str) {
-        const replacements = {
-            "+": "-",
-            "=": "_",
-            "/": "~",
-        };
-        return str.replace(/[+=/]/g, function (match) {
-            return replacements[match];
-        });
-    }
-    encodeToBase64(str) {
-        return this.normalizeBase64(Buffer.from(str).toString("base64"));
-    }
-    validateIP(ipStr) {
-        const octets = ipStr.split(".");
-        if (octets.length !== 4) {
-            throw new Error(`IP does not contain four octets.`);
-        }
-        const isValid = octets.every((octet) => {
-            const num = Number(octet);
-            return Number.isInteger(num) && num >= 0 && num <= 255;
-        });
-        if (!isValid) {
-            throw new Error("invalid IP octets");
-        }
-    }
-    validateMask(maskStr) {
-        const mask = Number(maskStr);
-        const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
-        if (!isValid) {
-            throw new Error("invalid mask");
-        }
-    }
-    parseCIDR(cidrStr) {
-        try {
-            const cidrParts = cidrStr.split("/");
-            if (cidrParts.some((part) => part.length === 0)) {
-                throw new Error("missing ip or mask part of CIDR");
-            }
-            this.validateIP(cidrParts[0]);
-            let mask = "32";
-            if (cidrParts.length === 2) {
-                this.validateMask(cidrParts[1]);
-                mask = cidrParts[1];
-            }
-            return `${cidrParts[0]}/${mask}`;
-        }
-        catch (error) {
-            const errMessage = `IP address "${cidrStr}" is invalid`;
-            if (error instanceof Error) {
-                throw new Error(`${errMessage} due to ${error.message}.`);
-            }
-            else {
-                throw new Error(`${errMessage}.`);
-            }
-        }
-    }
-    epochTime(date) {
-        return Math.round(date.getTime() / 1000);
-    }
-    parseDate(date) {
-        if (!date) {
-            return undefined;
-        }
-        const parsedDate = Date.parse(date);
-        return isNaN(parsedDate) ? undefined : this.epochTime(new Date(parsedDate));
-    }
-    parseDateWindow(expiration, start) {
-        const dateLessThan = this.parseDate(expiration);
-        if (!dateLessThan) {
-            throw new Error("dateLessThan is invalid. Ensure the date string is compatible with the Date constructor.");
-        }
-        return {
-            dateLessThan,
-            dateGreaterThan: this.parseDate(start),
-        };
-    }
-    signData(data, privateKey, passphrase) {
-        const sign = (0, crypto_1.createSign)("RSA-SHA1");
-        sign.update(data);
-        return sign.sign({ key: privateKey, passphrase }, "base64");
-    }
-    signPolicy(policy, privateKey, passphrase) {
-        return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
-    }
-    setCustomPolicy(policy) {
-        this.customPolicy = true;
-        this.policy = policy;
-    }
-    setPolicyParameters({ url, dateLessThan, dateGreaterThan, ipAddress, }) {
-        if (!url || !dateLessThan) {
-            return false;
-        }
-        const resource = getResource(new URL(url));
-        const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
-        this.dateLessThan = parsedDates.dateLessThan;
-        this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
-        this.policy = JSON.stringify(this.buildPolicy({
-            resource,
-            ipAddress,
-            dateLessThan: parsedDates.dateLessThan,
-            dateGreaterThan: parsedDates.dateGreaterThan,
-        }));
-    }
-    createCloudfrontAttribute() {
-        if (!Boolean(this.policy)) {
-            throw new Error("Invalid policy");
-        }
-        const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
-        return {
-            Expires: this.customPolicy ? undefined : this.dateLessThan,
-            Policy: this.customPolicy ? this.encodeToBase64(this.policy) : undefined,
-            "Key-Pair-Id": this.keyPairId,
-            Signature: signature,
-        };
-    }
-}
+module.exports = require("./index.js");

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@aws-sdk/cloudfront-signer",
-  "version": "3.468.0",
+  "version": "3.495.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
-    "build:cjs": "tsc -p tsconfig.cjs.json",
+    "build:cjs": "node ../../scripts/compilation/inline cloudfront-signer",
     "build:es": "tsc -p tsconfig.es.json",
     "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
     "build:types": "tsc -p tsconfig.types.json",
@@ -21,7 +21,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@smithy/url-parser": "^2.0.15",
+    "@smithy/url-parser": "^2.1.0",
     "tslib": "^2.5.0"
   },
   "devDependencies": {