@aws-sdk/cloudfront-signer 3.901.0 → 3.910.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist-cjs/index.js +229 -285
  2. package/package.json +2 -2
package/dist-cjs/index.js CHANGED
@@ -1,308 +1,252 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
7
- var __export = (target, all) => {
8
- for (var name in all)
9
- __defProp(target, name, { get: all[name], enumerable: true });
10
- };
11
- var __copyProps = (to, from, except, desc) => {
12
- if (from && typeof from === "object" || typeof from === "function") {
13
- for (let key of __getOwnPropNames(from))
14
- if (!__hasOwnProp.call(to, key) && key !== except)
15
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
16
- }
17
- return to;
18
- };
19
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
1
+ 'use strict';
20
2
 
21
- // src/index.ts
22
- var index_exports = {};
23
- __export(index_exports, {
24
- getSignedCookies: () => getSignedCookies,
25
- getSignedUrl: () => getSignedUrl
26
- });
27
- module.exports = __toCommonJS(index_exports);
3
+ var crypto = require('crypto');
28
4
 
29
- // src/sign.ts
30
- var import_crypto = require("crypto");
31
- function getSignedUrl({
32
- dateLessThan,
33
- dateGreaterThan,
34
- url,
35
- keyPairId,
36
- privateKey,
37
- ipAddress,
38
- policy,
39
- passphrase
40
- }) {
41
- const cloudfrontSignBuilder = new CloudfrontSignBuilder({
42
- keyPairId,
43
- privateKey,
44
- passphrase
45
- });
46
- if (!url && !policy) {
47
- throw new Error("@aws-sdk/cloudfront-signer: Please provide 'url' or 'policy'.");
48
- }
49
- if (policy) {
50
- cloudfrontSignBuilder.setCustomPolicy(policy);
51
- } else {
52
- cloudfrontSignBuilder.setPolicyParameters({
53
- url,
54
- dateLessThan,
55
- dateGreaterThan,
56
- ipAddress
5
+ function getSignedUrl({ dateLessThan, dateGreaterThan, url, keyPairId, privateKey, ipAddress, policy, passphrase, }) {
6
+ const cloudfrontSignBuilder = new CloudfrontSignBuilder({
7
+ keyPairId,
8
+ privateKey,
9
+ passphrase,
57
10
  });
58
- }
59
- let baseUrl;
60
- if (url) {
61
- baseUrl = url;
62
- } else if (policy) {
63
- const resources = getPolicyResources(policy);
64
- if (!resources[0]) {
65
- throw new Error(
66
- "@aws-sdk/cloudfront-signer: No URL provided and unable to determine URL from first policy statement resource."
67
- );
11
+ if (!url && !policy) {
12
+ throw new Error("@aws-sdk/cloudfront-signer: Please provide 'url' or 'policy'.");
68
13
  }
69
- baseUrl = resources[0].replace("*://", "https://");
70
- }
71
- const startFlag = baseUrl.includes("?") ? "&" : "?";
72
- const params = Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute()).filter(([, value]) => value !== void 0).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");
73
- const urlString = baseUrl + startFlag + params;
74
- return getResource(urlString);
14
+ if (policy) {
15
+ cloudfrontSignBuilder.setCustomPolicy(policy);
16
+ }
17
+ else {
18
+ cloudfrontSignBuilder.setPolicyParameters({
19
+ url,
20
+ dateLessThan,
21
+ dateGreaterThan,
22
+ ipAddress,
23
+ });
24
+ }
25
+ let baseUrl;
26
+ if (url) {
27
+ baseUrl = url;
28
+ }
29
+ else if (policy) {
30
+ const resources = getPolicyResources(policy);
31
+ if (!resources[0]) {
32
+ throw new Error("@aws-sdk/cloudfront-signer: No URL provided and unable to determine URL from first policy statement resource.");
33
+ }
34
+ baseUrl = resources[0].replace("*://", "https://");
35
+ }
36
+ const startFlag = baseUrl.includes("?") ? "&" : "?";
37
+ const params = Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute())
38
+ .filter(([, value]) => value !== undefined)
39
+ .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
40
+ .join("&");
41
+ const urlString = baseUrl + startFlag + params;
42
+ return getResource(urlString);
75
43
  }
76
- __name(getSignedUrl, "getSignedUrl");
77
- function getSignedCookies({
78
- ipAddress,
79
- url,
80
- privateKey,
81
- keyPairId,
82
- dateLessThan,
83
- dateGreaterThan,
84
- policy,
85
- passphrase
86
- }) {
87
- const cloudfrontSignBuilder = new CloudfrontSignBuilder({
88
- keyPairId,
89
- privateKey,
90
- passphrase
91
- });
92
- if (policy) {
93
- cloudfrontSignBuilder.setCustomPolicy(policy);
94
- } else {
95
- cloudfrontSignBuilder.setPolicyParameters({
96
- url,
97
- dateLessThan,
98
- dateGreaterThan,
99
- ipAddress
44
+ function getSignedCookies({ ipAddress, url, privateKey, keyPairId, dateLessThan, dateGreaterThan, policy, passphrase, }) {
45
+ const cloudfrontSignBuilder = new CloudfrontSignBuilder({
46
+ keyPairId,
47
+ privateKey,
48
+ passphrase,
100
49
  });
101
- }
102
- const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
103
- const cookies = {
104
- "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
105
- "CloudFront-Signature": cloudfrontCookieAttributes["Signature"]
106
- };
107
- if (cloudfrontCookieAttributes["Expires"]) {
108
- cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
109
- }
110
- if (cloudfrontCookieAttributes["Policy"]) {
111
- cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
112
- }
113
- return cookies;
50
+ if (policy) {
51
+ cloudfrontSignBuilder.setCustomPolicy(policy);
52
+ }
53
+ else {
54
+ cloudfrontSignBuilder.setPolicyParameters({
55
+ url,
56
+ dateLessThan,
57
+ dateGreaterThan,
58
+ ipAddress,
59
+ });
60
+ }
61
+ const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();
62
+ const cookies = {
63
+ "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],
64
+ "CloudFront-Signature": cloudfrontCookieAttributes["Signature"],
65
+ };
66
+ if (cloudfrontCookieAttributes["Expires"]) {
67
+ cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];
68
+ }
69
+ if (cloudfrontCookieAttributes["Policy"]) {
70
+ cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];
71
+ }
72
+ return cookies;
114
73
  }
115
- __name(getSignedCookies, "getSignedCookies");
116
74
  function getPolicyResources(policy) {
117
- const parsedPolicy = typeof policy === "string" ? JSON.parse(policy) : policy;
118
- return (parsedPolicy?.Statement ?? []).map((s) => s.Resource);
75
+ const parsedPolicy = typeof policy === "string" ? JSON.parse(policy) : policy;
76
+ return (parsedPolicy?.Statement ?? []).map((s) => s.Resource);
119
77
  }
120
- __name(getPolicyResources, "getPolicyResources");
121
78
  function getResource(urlString) {
122
- const protocol = urlString.slice(0, urlString.indexOf("//"));
123
- switch (protocol) {
124
- case "http:":
125
- case "https:":
126
- case "ws:":
127
- case "wss:":
128
- return urlString;
129
- case "rtmp:":
130
- const url = new URL(urlString);
131
- const origin = `${protocol}//${url.hostname}`;
132
- return urlString.substring(origin.length).replace(/(?::\d+)?\//, "");
133
- default:
134
- throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
135
- }
79
+ const protocol = urlString.slice(0, urlString.indexOf("//"));
80
+ switch (protocol) {
81
+ case "http:":
82
+ case "https:":
83
+ case "ws:":
84
+ case "wss:":
85
+ return urlString;
86
+ case "rtmp:":
87
+ const url = new URL(urlString);
88
+ const origin = `${protocol}//${url.hostname}`;
89
+ return urlString.substring(origin.length).replace(/(?::\d+)?\//, "");
90
+ default:
91
+ throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");
92
+ }
136
93
  }
137
- __name(getResource, "getResource");
138
- var CloudfrontSignBuilder = class {
139
- static {
140
- __name(this, "CloudfrontSignBuilder");
141
- }
142
- keyPairId;
143
- privateKey;
144
- passphrase;
145
- policy;
146
- customPolicy = false;
147
- dateLessThan;
148
- constructor({ privateKey, keyPairId, passphrase }) {
149
- this.keyPairId = keyPairId;
150
- this.privateKey = privateKey;
151
- this.policy = "";
152
- this.passphrase = passphrase;
153
- }
154
- buildPolicy(args) {
155
- const policy = {
156
- Statement: [
157
- {
158
- Resource: args.resource,
159
- Condition: {
160
- DateLessThan: {
161
- "AWS:EpochTime": args.dateLessThan
162
- }
163
- }
94
+ class CloudfrontSignBuilder {
95
+ keyPairId;
96
+ privateKey;
97
+ passphrase;
98
+ policy;
99
+ customPolicy = false;
100
+ dateLessThan;
101
+ constructor({ privateKey, keyPairId, passphrase }) {
102
+ this.keyPairId = keyPairId;
103
+ this.privateKey = privateKey;
104
+ this.policy = "";
105
+ this.passphrase = passphrase;
106
+ }
107
+ buildPolicy(args) {
108
+ const policy = {
109
+ Statement: [
110
+ {
111
+ Resource: args.resource,
112
+ Condition: {
113
+ DateLessThan: {
114
+ "AWS:EpochTime": args.dateLessThan,
115
+ },
116
+ },
117
+ },
118
+ ],
119
+ };
120
+ if (args.dateGreaterThan) {
121
+ policy.Statement[0].Condition["DateGreaterThan"] = {
122
+ "AWS:EpochTime": args.dateGreaterThan,
123
+ };
164
124
  }
165
- ]
166
- };
167
- if (args.dateGreaterThan) {
168
- policy.Statement[0].Condition["DateGreaterThan"] = {
169
- "AWS:EpochTime": args.dateGreaterThan
170
- };
125
+ if (args.ipAddress) {
126
+ const cidr = this.parseCIDR(args.ipAddress);
127
+ policy.Statement[0].Condition["IpAddress"] = {
128
+ "AWS:SourceIp": cidr,
129
+ };
130
+ }
131
+ return policy;
171
132
  }
172
- if (args.ipAddress) {
173
- const cidr = this.parseCIDR(args.ipAddress);
174
- policy.Statement[0].Condition["IpAddress"] = {
175
- "AWS:SourceIp": cidr
176
- };
133
+ normalizeBase64(str) {
134
+ const replacements = {
135
+ "+": "-",
136
+ "=": "_",
137
+ "/": "~",
138
+ };
139
+ return str.replace(/[+=/]/g, function (match) {
140
+ return replacements[match];
141
+ });
177
142
  }
178
- return policy;
179
- }
180
- normalizeBase64(str) {
181
- const replacements = {
182
- "+": "-",
183
- "=": "_",
184
- "/": "~"
185
- };
186
- return str.replace(/[+=/]/g, function(match) {
187
- return replacements[match];
188
- });
189
- }
190
- encodeToBase64(str) {
191
- return this.normalizeBase64(Buffer.from(str).toString("base64"));
192
- }
193
- validateIP(ipStr) {
194
- const octets = ipStr.split(".");
195
- if (octets.length !== 4) {
196
- throw new Error(`IP does not contain four octets.`);
143
+ encodeToBase64(str) {
144
+ return this.normalizeBase64(Buffer.from(str).toString("base64"));
197
145
  }
198
- const isValid = octets.every((octet) => {
199
- const num = Number(octet);
200
- return Number.isInteger(num) && num >= 0 && num <= 255;
201
- });
202
- if (!isValid) {
203
- throw new Error("invalid IP octets");
146
+ validateIP(ipStr) {
147
+ const octets = ipStr.split(".");
148
+ if (octets.length !== 4) {
149
+ throw new Error(`IP does not contain four octets.`);
150
+ }
151
+ const isValid = octets.every((octet) => {
152
+ const num = Number(octet);
153
+ return Number.isInteger(num) && num >= 0 && num <= 255;
154
+ });
155
+ if (!isValid) {
156
+ throw new Error("invalid IP octets");
157
+ }
204
158
  }
205
- }
206
- validateMask(maskStr) {
207
- const mask = Number(maskStr);
208
- const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
209
- if (!isValid) {
210
- throw new Error("invalid mask");
159
+ validateMask(maskStr) {
160
+ const mask = Number(maskStr);
161
+ const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;
162
+ if (!isValid) {
163
+ throw new Error("invalid mask");
164
+ }
211
165
  }
212
- }
213
- parseCIDR(cidrStr) {
214
- try {
215
- const cidrParts = cidrStr.split("/");
216
- if (cidrParts.some((part) => part.length === 0)) {
217
- throw new Error("missing ip or mask part of CIDR");
218
- }
219
- this.validateIP(cidrParts[0]);
220
- let mask = "32";
221
- if (cidrParts.length === 2) {
222
- this.validateMask(cidrParts[1]);
223
- mask = cidrParts[1];
224
- }
225
- return `${cidrParts[0]}/${mask}`;
226
- } catch (error) {
227
- const errMessage = `IP address "${cidrStr}" is invalid`;
228
- if (error instanceof Error) {
229
- throw new Error(`${errMessage} due to ${error.message}.`);
230
- } else {
231
- throw new Error(`${errMessage}.`);
232
- }
166
+ parseCIDR(cidrStr) {
167
+ try {
168
+ const cidrParts = cidrStr.split("/");
169
+ if (cidrParts.some((part) => part.length === 0)) {
170
+ throw new Error("missing ip or mask part of CIDR");
171
+ }
172
+ this.validateIP(cidrParts[0]);
173
+ let mask = "32";
174
+ if (cidrParts.length === 2) {
175
+ this.validateMask(cidrParts[1]);
176
+ mask = cidrParts[1];
177
+ }
178
+ return `${cidrParts[0]}/${mask}`;
179
+ }
180
+ catch (error) {
181
+ const errMessage = `IP address "${cidrStr}" is invalid`;
182
+ if (error instanceof Error) {
183
+ throw new Error(`${errMessage} due to ${error.message}.`);
184
+ }
185
+ else {
186
+ throw new Error(`${errMessage}.`);
187
+ }
188
+ }
233
189
  }
234
- }
235
- epochTime(date) {
236
- return Math.round(date.getTime() / 1e3);
237
- }
238
- parseDate(date) {
239
- if (!date) {
240
- return void 0;
190
+ epochTime(date) {
191
+ return Math.round(date.getTime() / 1000);
241
192
  }
242
- const parsedDate = new Date(date);
243
- return isNaN(parsedDate.getTime()) ? void 0 : this.epochTime(parsedDate);
244
- }
245
- parseDateWindow(expiration, start) {
246
- const dateLessThan = this.parseDate(expiration);
247
- if (!dateLessThan) {
248
- throw new Error("dateLessThan is invalid. Ensure the date value is compatible with the Date constructor.");
193
+ parseDate(date) {
194
+ if (!date) {
195
+ return undefined;
196
+ }
197
+ const parsedDate = new Date(date);
198
+ return isNaN(parsedDate.getTime()) ? undefined : this.epochTime(parsedDate);
249
199
  }
250
- return {
251
- dateLessThan,
252
- dateGreaterThan: this.parseDate(start)
253
- };
254
- }
255
- signData(data, privateKey, passphrase) {
256
- const sign = (0, import_crypto.createSign)("RSA-SHA1");
257
- sign.update(data);
258
- return sign.sign({ key: privateKey, passphrase }, "base64");
259
- }
260
- signPolicy(policy, privateKey, passphrase) {
261
- return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
262
- }
263
- setCustomPolicy(policy) {
264
- this.customPolicy = true;
265
- this.policy = policy;
266
- }
267
- setPolicyParameters({
268
- url,
269
- dateLessThan,
270
- dateGreaterThan,
271
- ipAddress
272
- }) {
273
- if (!url || !dateLessThan) {
274
- return false;
200
+ parseDateWindow(expiration, start) {
201
+ const dateLessThan = this.parseDate(expiration);
202
+ if (!dateLessThan) {
203
+ throw new Error("dateLessThan is invalid. Ensure the date value is compatible with the Date constructor.");
204
+ }
205
+ return {
206
+ dateLessThan,
207
+ dateGreaterThan: this.parseDate(start),
208
+ };
275
209
  }
276
- const resource = getResource(url);
277
- const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
278
- this.dateLessThan = parsedDates.dateLessThan;
279
- this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
280
- this.policy = JSON.stringify(
281
- this.buildPolicy({
282
- resource,
283
- ipAddress,
284
- dateLessThan: parsedDates.dateLessThan,
285
- dateGreaterThan: parsedDates.dateGreaterThan
286
- })
287
- );
288
- }
289
- createCloudfrontAttribute() {
290
- if (!Boolean(this.policy)) {
291
- throw new Error("Invalid policy");
210
+ signData(data, privateKey, passphrase) {
211
+ const sign = crypto.createSign("RSA-SHA1");
212
+ sign.update(data);
213
+ return sign.sign({ key: privateKey, passphrase }, "base64");
292
214
  }
293
- const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
294
- return {
295
- Expires: this.customPolicy ? void 0 : this.dateLessThan,
296
- Policy: this.customPolicy ? this.encodeToBase64(this.policy) : void 0,
297
- "Key-Pair-Id": this.keyPairId,
298
- Signature: signature
299
- };
300
- }
301
- };
302
- // Annotate the CommonJS export names for ESM import in node:
303
-
304
- 0 && (module.exports = {
305
- getSignedUrl,
306
- getSignedCookies
307
- });
215
+ signPolicy(policy, privateKey, passphrase) {
216
+ return this.normalizeBase64(this.signData(policy, privateKey, passphrase));
217
+ }
218
+ setCustomPolicy(policy) {
219
+ this.customPolicy = true;
220
+ this.policy = policy;
221
+ }
222
+ setPolicyParameters({ url, dateLessThan, dateGreaterThan, ipAddress, }) {
223
+ if (!url || !dateLessThan) {
224
+ return false;
225
+ }
226
+ const resource = getResource(url);
227
+ const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);
228
+ this.dateLessThan = parsedDates.dateLessThan;
229
+ this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);
230
+ this.policy = JSON.stringify(this.buildPolicy({
231
+ resource,
232
+ ipAddress,
233
+ dateLessThan: parsedDates.dateLessThan,
234
+ dateGreaterThan: parsedDates.dateGreaterThan,
235
+ }));
236
+ }
237
+ createCloudfrontAttribute() {
238
+ if (!Boolean(this.policy)) {
239
+ throw new Error("Invalid policy");
240
+ }
241
+ const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);
242
+ return {
243
+ Expires: this.customPolicy ? undefined : this.dateLessThan,
244
+ Policy: this.customPolicy ? this.encodeToBase64(this.policy) : undefined,
245
+ "Key-Pair-Id": this.keyPairId,
246
+ Signature: signature,
247
+ };
248
+ }
249
+ }
308
250
 
251
+ exports.getSignedCookies = getSignedCookies;
252
+ exports.getSignedUrl = getSignedUrl;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-sdk/cloudfront-signer",
3
- "version": "3.901.0",
3
+ "version": "3.910.0",
4
4
  "scripts": {
5
5
  "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
6
6
  "build:cjs": "node ../../scripts/compilation/inline cloudfront-signer",
@@ -23,7 +23,7 @@
23
23
  },
24
24
  "license": "Apache-2.0",
25
25
  "dependencies": {
26
- "@smithy/url-parser": "^4.2.0",
26
+ "@smithy/url-parser": "^4.2.2",
27
27
  "tslib": "^2.6.2"
28
28
  },
29
29
  "files": [