@aws-sdk/middleware-signing 3.186.0 → 3.188.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [3.188.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.187.0...v3.188.0) (2022-10-13)
|
|
7
|
+
|
|
8
|
+
**Note:** Version bump only for package @aws-sdk/middleware-signing
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
|
|
6
14
|
# [3.186.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.185.0...v3.186.0) (2022-10-06)
|
|
7
15
|
|
|
8
16
|
**Note:** Version bump only for package @aws-sdk/middleware-signing
|
|
@@ -1,78 +1,76 @@
|
|
|
1
|
-
import { __assign, __awaiter, __generator, __read } from "tslib";
|
|
2
1
|
import { memoize } from "@aws-sdk/property-provider";
|
|
3
2
|
import { SignatureV4 } from "@aws-sdk/signature-v4";
|
|
4
3
|
import { normalizeProvider } from "@aws-sdk/util-middleware";
|
|
5
|
-
|
|
6
|
-
export
|
|
7
|
-
|
|
4
|
+
const CREDENTIAL_EXPIRE_WINDOW = 300000;
|
|
5
|
+
export const resolveAwsAuthConfig = (input) => {
|
|
6
|
+
const normalizedCreds = input.credentials
|
|
8
7
|
? normalizeCredentialProvider(input.credentials)
|
|
9
8
|
: input.credentialDefaultProvider(input);
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
const { signingEscapePath = true, systemClockOffset = input.systemClockOffset || 0, sha256 } = input;
|
|
10
|
+
let signer;
|
|
12
11
|
if (input.signer) {
|
|
13
12
|
signer = normalizeProvider(input.signer);
|
|
14
13
|
}
|
|
15
14
|
else if (input.regionInfoProvider) {
|
|
16
|
-
signer =
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
}); })
|
|
40
|
-
.then(function (_a) {
|
|
41
|
-
var _b = __read(_a, 2), regionInfo = _b[0], region = _b[1];
|
|
42
|
-
var signingRegion = regionInfo.signingRegion, signingService = regionInfo.signingService;
|
|
43
|
-
input.signingRegion = input.signingRegion || signingRegion || region;
|
|
44
|
-
input.signingName = input.signingName || signingService || input.serviceId;
|
|
45
|
-
var params = __assign(__assign({}, input), { credentials: normalizedCreds, region: input.signingRegion, service: input.signingName, sha256: sha256, uriEscapePath: signingEscapePath });
|
|
46
|
-
var SignerCtor = input.signerConstructor || SignatureV4;
|
|
47
|
-
return new SignerCtor(params);
|
|
48
|
-
});
|
|
49
|
-
};
|
|
15
|
+
signer = () => normalizeProvider(input.region)()
|
|
16
|
+
.then(async (region) => [
|
|
17
|
+
(await input.regionInfoProvider(region, {
|
|
18
|
+
useFipsEndpoint: await input.useFipsEndpoint(),
|
|
19
|
+
useDualstackEndpoint: await input.useDualstackEndpoint(),
|
|
20
|
+
})) || {},
|
|
21
|
+
region,
|
|
22
|
+
])
|
|
23
|
+
.then(([regionInfo, region]) => {
|
|
24
|
+
const { signingRegion, signingService } = regionInfo;
|
|
25
|
+
input.signingRegion = input.signingRegion || signingRegion || region;
|
|
26
|
+
input.signingName = input.signingName || signingService || input.serviceId;
|
|
27
|
+
const params = {
|
|
28
|
+
...input,
|
|
29
|
+
credentials: normalizedCreds,
|
|
30
|
+
region: input.signingRegion,
|
|
31
|
+
service: input.signingName,
|
|
32
|
+
sha256,
|
|
33
|
+
uriEscapePath: signingEscapePath,
|
|
34
|
+
};
|
|
35
|
+
const SignerCtor = input.signerConstructor || SignatureV4;
|
|
36
|
+
return new SignerCtor(params);
|
|
37
|
+
});
|
|
50
38
|
}
|
|
51
39
|
else {
|
|
52
|
-
signer =
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
input
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
40
|
+
signer = async (authScheme) => {
|
|
41
|
+
if (!authScheme) {
|
|
42
|
+
throw new Error("Unexpected empty auth scheme config");
|
|
43
|
+
}
|
|
44
|
+
const signingRegion = authScheme.signingScope;
|
|
45
|
+
const signingService = authScheme.signingName;
|
|
46
|
+
input.signingRegion = input.signingRegion || signingRegion;
|
|
47
|
+
input.signingName = input.signingName || signingService || input.serviceId;
|
|
48
|
+
const params = {
|
|
49
|
+
...input,
|
|
50
|
+
credentials: normalizedCreds,
|
|
51
|
+
region: input.signingRegion,
|
|
52
|
+
service: input.signingName,
|
|
53
|
+
sha256,
|
|
54
|
+
uriEscapePath: signingEscapePath,
|
|
55
|
+
};
|
|
56
|
+
const SignerCtor = input.signerConstructor || SignatureV4;
|
|
57
|
+
return new SignerCtor(params);
|
|
58
|
+
};
|
|
67
59
|
}
|
|
68
|
-
return
|
|
60
|
+
return {
|
|
61
|
+
...input,
|
|
62
|
+
systemClockOffset,
|
|
63
|
+
signingEscapePath,
|
|
64
|
+
credentials: normalizedCreds,
|
|
65
|
+
signer,
|
|
66
|
+
};
|
|
69
67
|
};
|
|
70
|
-
export
|
|
71
|
-
|
|
68
|
+
export const resolveSigV4AuthConfig = (input) => {
|
|
69
|
+
const normalizedCreds = input.credentials
|
|
72
70
|
? normalizeCredentialProvider(input.credentials)
|
|
73
71
|
: input.credentialDefaultProvider(input);
|
|
74
|
-
|
|
75
|
-
|
|
72
|
+
const { signingEscapePath = true, systemClockOffset = input.systemClockOffset || 0, sha256 } = input;
|
|
73
|
+
let signer;
|
|
76
74
|
if (input.signer) {
|
|
77
75
|
signer = normalizeProvider(input.signer);
|
|
78
76
|
}
|
|
@@ -81,18 +79,22 @@ export var resolveSigV4AuthConfig = function (input) {
|
|
|
81
79
|
credentials: normalizedCreds,
|
|
82
80
|
region: input.region,
|
|
83
81
|
service: input.signingName,
|
|
84
|
-
sha256
|
|
82
|
+
sha256,
|
|
85
83
|
uriEscapePath: signingEscapePath,
|
|
86
84
|
}));
|
|
87
85
|
}
|
|
88
|
-
return
|
|
86
|
+
return {
|
|
87
|
+
...input,
|
|
88
|
+
systemClockOffset,
|
|
89
|
+
signingEscapePath,
|
|
90
|
+
credentials: normalizedCreds,
|
|
91
|
+
signer,
|
|
92
|
+
};
|
|
89
93
|
};
|
|
90
|
-
|
|
94
|
+
const normalizeCredentialProvider = (credentials) => {
|
|
91
95
|
if (typeof credentials === "function") {
|
|
92
|
-
return memoize(credentials,
|
|
93
|
-
|
|
94
|
-
credentials.expiration.getTime() - Date.now() < CREDENTIAL_EXPIRE_WINDOW;
|
|
95
|
-
}, function (credentials) { return credentials.expiration !== undefined; });
|
|
96
|
+
return memoize(credentials, (credentials) => credentials.expiration !== undefined &&
|
|
97
|
+
credentials.expiration.getTime() - Date.now() < CREDENTIAL_EXPIRE_WINDOW, (credentials) => credentials.expiration !== undefined);
|
|
96
98
|
}
|
|
97
99
|
return normalizeProvider(credentials);
|
|
98
100
|
};
|
package/dist-es/middleware.js
CHANGED
|
@@ -1,63 +1,42 @@
|
|
|
1
|
-
import { __assign, __awaiter, __generator } from "tslib";
|
|
2
1
|
import { HttpRequest, HttpResponse } from "@aws-sdk/protocol-http";
|
|
3
2
|
import { getSkewCorrectedDate } from "./utils/getSkewCorrectedDate";
|
|
4
3
|
import { getUpdatedSystemClockOffset } from "./utils/getUpdatedSystemClockOffset";
|
|
5
|
-
export
|
|
6
|
-
|
|
7
|
-
return
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
case 2: return [4, _d.apply(void 0, [__assign.apply(void 0, _e.concat([(_f.request = _g.sent(), _f)]))]).catch(function (error) {
|
|
30
|
-
var _a;
|
|
31
|
-
var serverTime = (_a = error.ServerTime) !== null && _a !== void 0 ? _a : getDateHeader(error.$response);
|
|
32
|
-
if (serverTime) {
|
|
33
|
-
options.systemClockOffset = getUpdatedSystemClockOffset(serverTime, options.systemClockOffset);
|
|
34
|
-
}
|
|
35
|
-
throw error;
|
|
36
|
-
})];
|
|
37
|
-
case 3:
|
|
38
|
-
output = _g.sent();
|
|
39
|
-
dateHeader = getDateHeader(output.response);
|
|
40
|
-
if (dateHeader) {
|
|
41
|
-
options.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, options.systemClockOffset);
|
|
42
|
-
}
|
|
43
|
-
return [2, output];
|
|
44
|
-
}
|
|
45
|
-
});
|
|
46
|
-
});
|
|
47
|
-
};
|
|
48
|
-
};
|
|
4
|
+
export const awsAuthMiddleware = (options) => (next, context) => async function (args) {
|
|
5
|
+
if (!HttpRequest.isInstance(args.request))
|
|
6
|
+
return next(args);
|
|
7
|
+
const authScheme = (context.endpointV2)?.properties?.authSchemes?.[0];
|
|
8
|
+
const signer = await options.signer(authScheme);
|
|
9
|
+
const output = await next({
|
|
10
|
+
...args,
|
|
11
|
+
request: await signer.sign(args.request, {
|
|
12
|
+
signingDate: getSkewCorrectedDate(options.systemClockOffset),
|
|
13
|
+
signingRegion: context["signing_region"],
|
|
14
|
+
signingService: context["signing_service"],
|
|
15
|
+
}),
|
|
16
|
+
}).catch((error) => {
|
|
17
|
+
const serverTime = error.ServerTime ?? getDateHeader(error.$response);
|
|
18
|
+
if (serverTime) {
|
|
19
|
+
options.systemClockOffset = getUpdatedSystemClockOffset(serverTime, options.systemClockOffset);
|
|
20
|
+
}
|
|
21
|
+
throw error;
|
|
22
|
+
});
|
|
23
|
+
const dateHeader = getDateHeader(output.response);
|
|
24
|
+
if (dateHeader) {
|
|
25
|
+
options.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, options.systemClockOffset);
|
|
26
|
+
}
|
|
27
|
+
return output;
|
|
49
28
|
};
|
|
50
|
-
|
|
51
|
-
export
|
|
29
|
+
const getDateHeader = (response) => HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : undefined;
|
|
30
|
+
export const awsAuthMiddlewareOptions = {
|
|
52
31
|
name: "awsAuthMiddleware",
|
|
53
32
|
tags: ["SIGNATURE", "AWSAUTH"],
|
|
54
33
|
relation: "after",
|
|
55
34
|
toMiddleware: "retryMiddleware",
|
|
56
35
|
override: true,
|
|
57
36
|
};
|
|
58
|
-
export
|
|
59
|
-
applyToStack:
|
|
37
|
+
export const getAwsAuthPlugin = (options) => ({
|
|
38
|
+
applyToStack: (clientStack) => {
|
|
60
39
|
clientStack.addRelativeTo(awsAuthMiddleware(options), awsAuthMiddlewareOptions);
|
|
61
40
|
},
|
|
62
|
-
});
|
|
63
|
-
export
|
|
41
|
+
});
|
|
42
|
+
export const getSigV4AuthPlugin = getAwsAuthPlugin;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export
|
|
1
|
+
export const getSkewCorrectedDate = (systemClockOffset) => new Date(Date.now() + systemClockOffset);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { isClockSkewed } from "./isClockSkewed";
|
|
2
|
-
export
|
|
3
|
-
|
|
2
|
+
export const getUpdatedSystemClockOffset = (clockTime, currentSystemClockOffset) => {
|
|
3
|
+
const clockTimeInMs = Date.parse(clockTime);
|
|
4
4
|
if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) {
|
|
5
5
|
return clockTimeInMs - Date.now();
|
|
6
6
|
}
|
|
@@ -1,4 +1,2 @@
|
|
|
1
1
|
import { getSkewCorrectedDate } from "./getSkewCorrectedDate";
|
|
2
|
-
export
|
|
3
|
-
return Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 300000;
|
|
4
|
-
};
|
|
2
|
+
export const isClockSkewed = (clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 300000;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/middleware-signing",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.188.0",
|
|
4
4
|
"scripts": {
|
|
5
5
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
6
6
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
@@ -20,11 +20,11 @@
|
|
|
20
20
|
},
|
|
21
21
|
"license": "Apache-2.0",
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@aws-sdk/property-provider": "3.
|
|
24
|
-
"@aws-sdk/protocol-http": "3.
|
|
25
|
-
"@aws-sdk/signature-v4": "3.
|
|
26
|
-
"@aws-sdk/types": "3.
|
|
27
|
-
"@aws-sdk/util-middleware": "3.
|
|
23
|
+
"@aws-sdk/property-provider": "3.188.0",
|
|
24
|
+
"@aws-sdk/protocol-http": "3.188.0",
|
|
25
|
+
"@aws-sdk/signature-v4": "3.188.0",
|
|
26
|
+
"@aws-sdk/types": "3.188.0",
|
|
27
|
+
"@aws-sdk/util-middleware": "3.188.0",
|
|
28
28
|
"tslib": "^2.3.1"
|
|
29
29
|
},
|
|
30
30
|
"engines": {
|