@aws-sdk/cloudfront-signer 3.485.0 → 3.496.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +22 -0
  2. package/dist-cjs/index.js +279 -4
  3. package/dist-cjs/sign.js +1 -223
  4. package/package.json +3 -3
package/CHANGELOG.md CHANGED
@@ -3,6 +3,28 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ # [3.496.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.495.0...v3.496.0) (2024-01-19)
7
+
8
+
9
+ ### Bug Fixes
10
+
11
+ * get full list of exports for esm compat in dist-cjs ([#5694](https://github.com/aws/aws-sdk-js-v3/issues/5694)) ([5d26da6](https://github.com/aws/aws-sdk-js-v3/commit/5d26da6d07b593ae286ca674fb3cbff7c833cbb0))
12
+
13
+
14
+
15
+
16
+
17
+ # [3.495.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.494.0...v3.495.0) (2024-01-18)
18
+
19
+
20
+ ### Features
21
+
22
+ * use bundled dist-cjs build ([#5687](https://github.com/aws/aws-sdk-js-v3/issues/5687)) ([5f79e22](https://github.com/aws/aws-sdk-js-v3/commit/5f79e225e32f0b2ed5b432ae4e4108663eb0acfb))
23
+
24
+
25
+
26
+
27
+
6
28
  # [3.485.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.484.0...v3.485.0) (2024-01-03)
7
29
 
8
30
 
package/dist-cjs/index.js CHANGED
@@ -1,4 +1,279 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- const tslib_1 = require("tslib");
4
- tslib_1.__exportStar(require("./sign"), exports);
1
+ var __defProp = Object.defineProperty;
2
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
3
+ var __getOwnPropNames = Object.getOwnPropertyNames;
4
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
5
+ var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/index.ts
21
+ var src_exports = {};
22
+ __export(src_exports, {
23
+ getSignedCookies: () => getSignedCookies,
24
+ getSignedUrl: () => getSignedUrl
25
+ });
26
+ module.exports = __toCommonJS(src_exports);
27
+
28
+ // src/sign.ts
29
+ var import_crypto = require("crypto");
30
+ function getSignedUrl({
31
+ dateLessThan,
32
+ dateGreaterThan,
33
+ url,
34
+ keyPairId,
35
+ privateKey,
36
+ ipAddress,
37
+ policy,
38
+ passphrase
39
+ }) {
40
+ const cloudfrontSignBuilder = new CloudfrontSignBuilder({
41
+ keyPairId,
42
+ privateKey,
43
+ passphrase
44
+ });
45
+ if (policy) {
46
+ cloudfrontSignBuilder.setCustomPolicy(policy);
47
+ } else {
48
+ cloudfrontSignBuilder.setPolicyParameters({
49
+ url,
50
+ dateLessThan,
51
+ dateGreaterThan,
52
+ ipAddress
53
+ });
54
+ }
55
+ const newURL = new URL(url);
56
+ newURL.search = Array.from(newURL.searchParams.entries()).concat(Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute())).filter(([key, value]) => value !== void 0).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");
57
+ return getResource(newURL);
58
+ }
59
+ __name(getSignedUrl, "getSignedUrl");
60
+ function getSignedCookies({
61
+ ipAddress,
62
+ url,
63
+ privateKey,
64
+ keyPairId,
65
+ dateLessThan,
66
+ dateGreaterThan,
67
+ policy,
68
+ passphrase
69
+ }) {
70
+ const cloudfrontSignBuilder = new CloudfrontSignBuilder({
71
+ keyPairId,
72
+ privateKey,
73
+ passphrase
74
+ });
75
+ if (policy) {
76
+ cloudfrontSignBuilder.setCustomPolicy(policy);
77
+ } else {
78
+ cloudfrontSignBuilder.setPolicyParameters({
79
+ url,
80
+ dateLessThan,
81
+ dateGreaterThan,
82
+ ipAddress
83
+ });
84
+ }
85
+ const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
86
+ const cookies = {
87
+ "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
88
+ "CloudFront-Signature": cloudfrontCookieAttributes["Signature"]
89
+ };
90
+ if (cloudfrontCookieAttributes["Expires"]) {
91
+ cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
92
+ }
93
+ if (cloudfrontCookieAttributes["Policy"]) {
94
+ cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
95
+ }
96
+ return cookies;
97
+ }
98
+ __name(getSignedCookies, "getSignedCookies");
99
+ function getResource(url) {
100
+ switch (url.protocol) {
101
+ case "http:":
102
+ case "https:":
103
+ return url.toString();
104
+ case "rtmp:":
105
+ return url.pathname.replace(/^\//, "") + url.search + url.hash;
106
+ default:
107
+ throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
108
+ }
109
+ }
110
+ __name(getResource, "getResource");
111
+ var _CloudfrontSignBuilder = class _CloudfrontSignBuilder {
112
+ constructor({
113
+ privateKey,
114
+ keyPairId,
115
+ passphrase
116
+ }) {
117
+ this.customPolicy = false;
118
+ this.keyPairId = keyPairId;
119
+ this.privateKey = privateKey;
120
+ this.policy = "";
121
+ this.passphrase = passphrase;
122
+ }
123
+ buildPolicy(args) {
124
+ const policy = {
125
+ Statement: [
126
+ {
127
+ Resource: args.resource,
128
+ Condition: {
129
+ DateLessThan: {
130
+ "AWS:EpochTime": args.dateLessThan
131
+ }
132
+ }
133
+ }
134
+ ]
135
+ };
136
+ if (args.dateGreaterThan) {
137
+ policy.Statement[0].Condition["DateGreaterThan"] = {
138
+ "AWS:EpochTime": args.dateGreaterThan
139
+ };
140
+ }
141
+ if (args.ipAddress) {
142
+ const cidr = this.parseCIDR(args.ipAddress);
143
+ policy.Statement[0].Condition["IpAddress"] = {
144
+ "AWS:SourceIp": cidr
145
+ };
146
+ }
147
+ return policy;
148
+ }
149
+ normalizeBase64(str) {
150
+ const replacements = {
151
+ "+": "-",
152
+ "=": "_",
153
+ "/": "~"
154
+ };
155
+ return str.replace(/[+=/]/g, function(match) {
156
+ return replacements[match];
157
+ });
158
+ }
159
+ encodeToBase64(str) {
160
+ return this.normalizeBase64(Buffer.from(str).toString("base64"));
161
+ }
162
+ validateIP(ipStr) {
163
+ const octets = ipStr.split(".");
164
+ if (octets.length !== 4) {
165
+ throw new Error(`IP does not contain four octets.`);
166
+ }
167
+ const isValid = octets.every((octet) => {
168
+ const num = Number(octet);
169
+ return Number.isInteger(num) && num >= 0 && num <= 255;
170
+ });
171
+ if (!isValid) {
172
+ throw new Error("invalid IP octets");
173
+ }
174
+ }
175
+ validateMask(maskStr) {
176
+ const mask = Number(maskStr);
177
+ const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
178
+ if (!isValid) {
179
+ throw new Error("invalid mask");
180
+ }
181
+ }
182
+ parseCIDR(cidrStr) {
183
+ try {
184
+ const cidrParts = cidrStr.split("/");
185
+ if (cidrParts.some((part) => part.length === 0)) {
186
+ throw new Error("missing ip or mask part of CIDR");
187
+ }
188
+ this.validateIP(cidrParts[0]);
189
+ let mask = "32";
190
+ if (cidrParts.length === 2) {
191
+ this.validateMask(cidrParts[1]);
192
+ mask = cidrParts[1];
193
+ }
194
+ return `${cidrParts[0]}/${mask}`;
195
+ } catch (error) {
196
+ const errMessage = `IP address "${cidrStr}" is invalid`;
197
+ if (error instanceof Error) {
198
+ throw new Error(`${errMessage} due to ${error.message}.`);
199
+ } else {
200
+ throw new Error(`${errMessage}.`);
201
+ }
202
+ }
203
+ }
204
+ epochTime(date) {
205
+ return Math.round(date.getTime() / 1e3);
206
+ }
207
+ parseDate(date) {
208
+ if (!date) {
209
+ return void 0;
210
+ }
211
+ const parsedDate = Date.parse(date);
212
+ return isNaN(parsedDate) ? void 0 : this.epochTime(new Date(parsedDate));
213
+ }
214
+ parseDateWindow(expiration, start) {
215
+ const dateLessThan = this.parseDate(expiration);
216
+ if (!dateLessThan) {
217
+ throw new Error("dateLessThan is invalid. Ensure the date string is compatible with the Date constructor.");
218
+ }
219
+ return {
220
+ dateLessThan,
221
+ dateGreaterThan: this.parseDate(start)
222
+ };
223
+ }
224
+ signData(data, privateKey, passphrase) {
225
+ const sign = (0, import_crypto.createSign)("RSA-SHA1");
226
+ sign.update(data);
227
+ return sign.sign({ key: privateKey, passphrase }, "base64");
228
+ }
229
+ signPolicy(policy, privateKey, passphrase) {
230
+ return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
231
+ }
232
+ setCustomPolicy(policy) {
233
+ this.customPolicy = true;
234
+ this.policy = policy;
235
+ }
236
+ setPolicyParameters({
237
+ url,
238
+ dateLessThan,
239
+ dateGreaterThan,
240
+ ipAddress
241
+ }) {
242
+ if (!url || !dateLessThan) {
243
+ return false;
244
+ }
245
+ const resource = getResource(new URL(url));
246
+ const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
247
+ this.dateLessThan = parsedDates.dateLessThan;
248
+ this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
249
+ this.policy = JSON.stringify(
250
+ this.buildPolicy({
251
+ resource,
252
+ ipAddress,
253
+ dateLessThan: parsedDates.dateLessThan,
254
+ dateGreaterThan: parsedDates.dateGreaterThan
255
+ })
256
+ );
257
+ }
258
+ createCloudfrontAttribute() {
259
+ if (!Boolean(this.policy)) {
260
+ throw new Error("Invalid policy");
261
+ }
262
+ const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
263
+ return {
264
+ Expires: this.customPolicy ? void 0 : this.dateLessThan,
265
+ Policy: this.customPolicy ? this.encodeToBase64(this.policy) : void 0,
266
+ "Key-Pair-Id": this.keyPairId,
267
+ Signature: signature
268
+ };
269
+ }
270
+ };
271
+ __name(_CloudfrontSignBuilder, "CloudfrontSignBuilder");
272
+ var CloudfrontSignBuilder = _CloudfrontSignBuilder;
273
+ // Annotate the CommonJS export names for ESM import in node:
274
+
275
+ 0 && (module.exports = {
276
+ getSignedCookies,
277
+ getSignedUrl
278
+ });
279
+
package/dist-cjs/sign.js CHANGED
@@ -1,223 +1 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.getSignedCookies = exports.getSignedUrl = void 0;
4
- const crypto_1 = require("crypto");
5
- function getSignedUrl({ dateLessThan, dateGreaterThan, url, keyPairId, privateKey, ipAddress, policy, passphrase, }) {
6
- const cloudfrontSignBuilder = new CloudfrontSignBuilder({
7
- keyPairId,
8
- privateKey,
9
- passphrase,
10
- });
11
- if (policy) {
12
- cloudfrontSignBuilder.setCustomPolicy(policy);
13
- }
14
- else {
15
- cloudfrontSignBuilder.setPolicyParameters({
16
- url,
17
- dateLessThan,
18
- dateGreaterThan,
19
- ipAddress,
20
- });
21
- }
22
- const newURL = new URL(url);
23
- newURL.search = Array.from(newURL.searchParams.entries())
24
- .concat(Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute()))
25
- .filter(([key, value]) => value !== undefined)
26
- .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
27
- .join("&");
28
- return getResource(newURL);
29
- }
30
- exports.getSignedUrl = getSignedUrl;
31
- function getSignedCookies({ ipAddress, url, privateKey, keyPairId, dateLessThan, dateGreaterThan, policy, passphrase, }) {
32
- const cloudfrontSignBuilder = new CloudfrontSignBuilder({
33
- keyPairId,
34
- privateKey,
35
- passphrase,
36
- });
37
- if (policy) {
38
- cloudfrontSignBuilder.setCustomPolicy(policy);
39
- }
40
- else {
41
- cloudfrontSignBuilder.setPolicyParameters({
42
- url,
43
- dateLessThan,
44
- dateGreaterThan,
45
- ipAddress,
46
- });
47
- }
48
- const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
49
- const cookies = {
50
- "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
51
- "CloudFront-Signature": cloudfrontCookieAttributes["Signature"],
52
- };
53
- if (cloudfrontCookieAttributes["Expires"]) {
54
- cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
55
- }
56
- if (cloudfrontCookieAttributes["Policy"]) {
57
- cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
58
- }
59
- return cookies;
60
- }
61
- exports.getSignedCookies = getSignedCookies;
62
- function getResource(url) {
63
- switch (url.protocol) {
64
- case "http:":
65
- case "https:":
66
- return url.toString();
67
- case "rtmp:":
68
- return url.pathname.replace(/^\//, "") + url.search + url.hash;
69
- default:
70
- throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
71
- }
72
- }
73
- class CloudfrontSignBuilder {
74
- constructor({ privateKey, keyPairId, passphrase, }) {
75
- this.customPolicy = false;
76
- this.keyPairId = keyPairId;
77
- this.privateKey = privateKey;
78
- this.policy = "";
79
- this.passphrase = passphrase;
80
- }
81
- buildPolicy(args) {
82
- const policy = {
83
- Statement: [
84
- {
85
- Resource: args.resource,
86
- Condition: {
87
- DateLessThan: {
88
- "AWS:EpochTime": args.dateLessThan,
89
- },
90
- },
91
- },
92
- ],
93
- };
94
- if (args.dateGreaterThan) {
95
- policy.Statement[0].Condition["DateGreaterThan"] = {
96
- "AWS:EpochTime": args.dateGreaterThan,
97
- };
98
- }
99
- if (args.ipAddress) {
100
- const cidr = this.parseCIDR(args.ipAddress);
101
- policy.Statement[0].Condition["IpAddress"] = {
102
- "AWS:SourceIp": cidr,
103
- };
104
- }
105
- return policy;
106
- }
107
- normalizeBase64(str) {
108
- const replacements = {
109
- "+": "-",
110
- "=": "_",
111
- "/": "~",
112
- };
113
- return str.replace(/[+=/]/g, function (match) {
114
- return replacements[match];
115
- });
116
- }
117
- encodeToBase64(str) {
118
- return this.normalizeBase64(Buffer.from(str).toString("base64"));
119
- }
120
- validateIP(ipStr) {
121
- const octets = ipStr.split(".");
122
- if (octets.length !== 4) {
123
- throw new Error(`IP does not contain four octets.`);
124
- }
125
- const isValid = octets.every((octet) => {
126
- const num = Number(octet);
127
- return Number.isInteger(num) && num >= 0 && num <= 255;
128
- });
129
- if (!isValid) {
130
- throw new Error("invalid IP octets");
131
- }
132
- }
133
- validateMask(maskStr) {
134
- const mask = Number(maskStr);
135
- const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
136
- if (!isValid) {
137
- throw new Error("invalid mask");
138
- }
139
- }
140
- parseCIDR(cidrStr) {
141
- try {
142
- const cidrParts = cidrStr.split("/");
143
- if (cidrParts.some((part) => part.length === 0)) {
144
- throw new Error("missing ip or mask part of CIDR");
145
- }
146
- this.validateIP(cidrParts[0]);
147
- let mask = "32";
148
- if (cidrParts.length === 2) {
149
- this.validateMask(cidrParts[1]);
150
- mask = cidrParts[1];
151
- }
152
- return `${cidrParts[0]}/${mask}`;
153
- }
154
- catch (error) {
155
- const errMessage = `IP address "${cidrStr}" is invalid`;
156
- if (error instanceof Error) {
157
- throw new Error(`${errMessage} due to ${error.message}.`);
158
- }
159
- else {
160
- throw new Error(`${errMessage}.`);
161
- }
162
- }
163
- }
164
- epochTime(date) {
165
- return Math.round(date.getTime() / 1000);
166
- }
167
- parseDate(date) {
168
- if (!date) {
169
- return undefined;
170
- }
171
- const parsedDate = Date.parse(date);
172
- return isNaN(parsedDate) ? undefined : this.epochTime(new Date(parsedDate));
173
- }
174
- parseDateWindow(expiration, start) {
175
- const dateLessThan = this.parseDate(expiration);
176
- if (!dateLessThan) {
177
- throw new Error("dateLessThan is invalid. Ensure the date string is compatible with the Date constructor.");
178
- }
179
- return {
180
- dateLessThan,
181
- dateGreaterThan: this.parseDate(start),
182
- };
183
- }
184
- signData(data, privateKey, passphrase) {
185
- const sign = (0, crypto_1.createSign)("RSA-SHA1");
186
- sign.update(data);
187
- return sign.sign({ key: privateKey, passphrase }, "base64");
188
- }
189
- signPolicy(policy, privateKey, passphrase) {
190
- return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
191
- }
192
- setCustomPolicy(policy) {
193
- this.customPolicy = true;
194
- this.policy = policy;
195
- }
196
- setPolicyParameters({ url, dateLessThan, dateGreaterThan, ipAddress, }) {
197
- if (!url || !dateLessThan) {
198
- return false;
199
- }
200
- const resource = getResource(new URL(url));
201
- const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
202
- this.dateLessThan = parsedDates.dateLessThan;
203
- this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
204
- this.policy = JSON.stringify(this.buildPolicy({
205
- resource,
206
- ipAddress,
207
- dateLessThan: parsedDates.dateLessThan,
208
- dateGreaterThan: parsedDates.dateGreaterThan,
209
- }));
210
- }
211
- createCloudfrontAttribute() {
212
- if (!Boolean(this.policy)) {
213
- throw new Error("Invalid policy");
214
- }
215
- const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
216
- return {
217
- Expires: this.customPolicy ? undefined : this.dateLessThan,
218
- Policy: this.customPolicy ? this.encodeToBase64(this.policy) : undefined,
219
- "Key-Pair-Id": this.keyPairId,
220
- Signature: signature,
221
- };
222
- }
223
- }
1
+ module.exports = require("./index.js");
package/package.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "name": "@aws-sdk/cloudfront-signer",
3
- "version": "3.485.0",
3
+ "version": "3.496.0",
4
4
  "scripts": {
5
5
  "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
6
- "build:cjs": "tsc -p tsconfig.cjs.json",
6
+ "build:cjs": "node ../../scripts/compilation/inline cloudfront-signer",
7
7
  "build:es": "tsc -p tsconfig.es.json",
8
8
  "build:include:deps": "lerna run --scope $npm_package_name --include-dependencies build",
9
9
  "build:types": "tsc -p tsconfig.types.json",
@@ -21,7 +21,7 @@
21
21
  },
22
22
  "license": "Apache-2.0",
23
23
  "dependencies": {
24
- "@smithy/url-parser": "^2.0.16",
24
+ "@smithy/url-parser": "^2.1.1",
25
25
  "tslib": "^2.5.0"
26
26
  },
27
27
  "devDependencies": {