npm - @aws-sdk/s3-request-presigner - Versions diffs - 3.658.1 → 3.663.0 - Mend

@aws-sdk/s3-request-presigner 3.658.1 → 3.663.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +23 -41
package/dist-cjs/index.js +24 -6
package/dist-es/presigner.js +8 -4
package/dist-types/presigner.d.ts +2 -2
package/dist-types/ts3.4/presigner.d.ts +2 -0
package/package.json +10 -10

package/README.md CHANGED Viewed

@@ -10,18 +10,6 @@ generate signed url for S3.
 You can generated presigned url from S3 client and command. Here's the example:
-JavaScript Example:
-```javascript
-const { getSignedUrl } = require("@aws-sdk/s3-request-presigner");
-const { S3Client, GetObjectCommand } = require("@aws-sdk/client-s3");
-const client = new S3Client(clientParams);
-const command = new GetObjectCommand(getObjectParams);
-const url = await getSignedUrl(client, command, { expiresIn: 3600 });
-```
-ES6 Example
 ```javascript
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
 import { S3Client, GetObjectCommand } from "@aws-sdk/client-s3";
@@ -34,32 +22,11 @@ You can get signed URL for other S3 operations too, like `PutObjectCommand`.
 `expiresIn` config from the examples above is optional. If not set, it's default
 at `900`.
-If your request contains server-side encryption(`SSE*`) configurations, because
-of S3 limitation, you need to send corresponding headers along with the
-presigned url. For more information, please go to [S3 SSE reference](https://docs.aws.amazon.com/AmazonS3/latest/dev/KMSUsingRESTAPI.html)
 If you already have a request, you can pre-sign the request following the
 section bellow.
 ### Get Presigned URL from an Existing Request
-JavaScript Example:
-```javascript
-const { S3RequestPresigner } = require("@aws-sdk/s3-request-presigner");
-const { Sha256 } = require("@aws-crypto/sha256-browser");
-const { Hash } = require("@smithy/hash-node");
-const signer = new S3RequestPresigner({
-  region: regionProvider,
-  credentials: credentialsProvider,
-  sha256: Hash.bind(null, "sha256"), // In Node.js
-  //sha256: Sha256 // In browsers
-});
-const presigned = await signer.presign(request);
-```
-ES6 Example:
 ```javascript
 import { S3RequestPresigner } from "@aws-sdk/s3-request-presigner";
 import { Sha256 } from "@aws-crypto/sha256-browser";
@@ -84,13 +51,6 @@ const signer = new S3RequestPresigner({
 });
 ```
-If your request contains server-side encryption(`x-amz-server-side-encryption*`)
-headers, because of S3 limitation, you need to send these headers along
-with the presigned url. That is to say, the url only from calling `formatUrl()`
-to `presigned` is not sufficient to make a request. You need to send the
-server-side encryption headers along with the url. These headers remain in the
-`presigned.headers`
 ### Get Presigned URL with headers that cannot be signed
 By using the `getSignedUrl` with a `S3Client` you are able to sign your
@@ -140,4 +100,26 @@ const presigned = getSignedUrl(s3Client, command, {
 });
 ```
-For more information, please go to [S3 SSE reference](https://docs.aws.amazon.com/AmazonS3/latest/dev/KMSUsingRESTAPI.html)
+### PutObject with use of `hoistableHeaders`
+`hoistableHeaders` overrides the default behavior of not hoisting
+any headers that begin with `x-amz-*`.
+```js
+// example: Server Side Encryption headers
+import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
+import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
+const params = {
+  Key: "...",
+  Bucket: "...",
+  ServerSideEncryption: "aws:kms",
+  SSEKMSKeyId: "arn:aws:kms:us-west-2:0000:key/abcd-1234-abcd",
+};
+const s3Client = new S3Client();
+const command = new PutObjectCommand(params);
+const preSignedUrl = await getSignedUrl(s3Client, command, {
+  hoistableHeaders: new Set(["x-amz-server-side-encryption", "x-amz-server-side-encryption-aws-kms-key-id"]),
+});
+```

package/dist-cjs/index.js CHANGED Viewed

@@ -51,10 +51,16 @@ var _S3RequestPresigner = class _S3RequestPresigner {
     };
     this.signer = new import_signature_v4_multi_region.SignatureV4MultiRegion(resolvedOptions);
   }
-  presign(requestToSign, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set(), ...options } = {}) {
+  presign(requestToSign, {
+    unsignableHeaders = /* @__PURE__ */ new Set(),
+    hoistableHeaders = /* @__PURE__ */ new Set(),
+    unhoistableHeaders = /* @__PURE__ */ new Set(),
+    ...options
+  } = {}) {
     this.prepareRequest(requestToSign, {
       unsignableHeaders,
-      unhoistableHeaders
+      unhoistableHeaders,
+      hoistableHeaders
     });
     return this.signer.presign(requestToSign, {
       expiresIn: 900,
@@ -63,10 +69,16 @@ var _S3RequestPresigner = class _S3RequestPresigner {
       ...options
     });
   }
-  presignWithCredentials(requestToSign, credentials, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set(), ...options } = {}) {
+  presignWithCredentials(requestToSign, credentials, {
+    unsignableHeaders = /* @__PURE__ */ new Set(),
+    hoistableHeaders = /* @__PURE__ */ new Set(),
+    unhoistableHeaders = /* @__PURE__ */ new Set(),
+    ...options
+  } = {}) {
     this.prepareRequest(requestToSign, {
       unsignableHeaders,
-      unhoistableHeaders
+      unhoistableHeaders,
+      hoistableHeaders
     });
     return this.signer.presignWithCredentials(requestToSign, credentials, {
       expiresIn: 900,
@@ -75,10 +87,16 @@ var _S3RequestPresigner = class _S3RequestPresigner {
       ...options
     });
   }
-  prepareRequest(requestToSign, { unsignableHeaders = /* @__PURE__ */ new Set(), unhoistableHeaders = /* @__PURE__ */ new Set() } = {}) {
+  prepareRequest(requestToSign, {
+    unsignableHeaders = /* @__PURE__ */ new Set(),
+    unhoistableHeaders = /* @__PURE__ */ new Set(),
+    hoistableHeaders = /* @__PURE__ */ new Set()
+  } = {}) {
     unsignableHeaders.add("content-type");
     Object.keys(requestToSign.headers).map((header) => header.toLowerCase()).filter((header) => header.startsWith("x-amz-server-side-encryption")).forEach((header) => {
-      unhoistableHeaders.add(header);
+      if (!hoistableHeaders.has(header)) {
+        unhoistableHeaders.add(header);
+      }
     });
     requestToSign.headers[SHA256_HEADER] = UNSIGNED_PAYLOAD;
     const currentHostHeader = requestToSign.headers.host;

package/dist-es/presigner.js CHANGED Viewed

@@ -10,10 +10,11 @@ export class S3RequestPresigner {
         };
         this.signer = new SignatureV4MultiRegion(resolvedOptions);
     }
-    presign(requestToSign, { unsignableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
+    presign(requestToSign, { unsignableHeaders = new Set(), hoistableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
         this.prepareRequest(requestToSign, {
             unsignableHeaders,
             unhoistableHeaders,
+            hoistableHeaders,
         });
         return this.signer.presign(requestToSign, {
             expiresIn: 900,
@@ -22,10 +23,11 @@ export class S3RequestPresigner {
             ...options,
         });
     }
-    presignWithCredentials(requestToSign, credentials, { unsignableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
+    presignWithCredentials(requestToSign, credentials, { unsignableHeaders = new Set(), hoistableHeaders = new Set(), unhoistableHeaders = new Set(), ...options } = {}) {
         this.prepareRequest(requestToSign, {
             unsignableHeaders,
             unhoistableHeaders,
+            hoistableHeaders,
         });
         return this.signer.presignWithCredentials(requestToSign, credentials, {
             expiresIn: 900,
@@ -34,13 +36,15 @@ export class S3RequestPresigner {
             ...options,
         });
     }
-    prepareRequest(requestToSign, { unsignableHeaders = new Set(), unhoistableHeaders = new Set() } = {}) {
+    prepareRequest(requestToSign, { unsignableHeaders = new Set(), unhoistableHeaders = new Set(), hoistableHeaders = new Set(), } = {}) {
         unsignableHeaders.add("content-type");
         Object.keys(requestToSign.headers)
             .map((header) => header.toLowerCase())
             .filter((header) => header.startsWith("x-amz-server-side-encryption"))
             .forEach((header) => {
-            unhoistableHeaders.add(header);
+            if (!hoistableHeaders.has(header)) {
+                unhoistableHeaders.add(header);
+            }
         });
         requestToSign.headers[SHA256_HEADER] = UNSIGNED_PAYLOAD;
         const currentHostHeader = requestToSign.headers.host;

package/dist-types/presigner.d.ts CHANGED Viewed

@@ -8,8 +8,8 @@ export type S3RequestPresignerOptions = PartialBy<SignatureV4MultiRegionInit, "s
 export declare class S3RequestPresigner implements RequestPresigner {
     private readonly signer;
     constructor(options: S3RequestPresignerOptions);
-    presign(requestToSign: IHttpRequest, { unsignableHeaders, unhoistableHeaders, ...options }?: RequestPresigningArguments): Promise<IHttpRequest>;
-    presignWithCredentials(requestToSign: IHttpRequest, credentials: AwsCredentialIdentity, { unsignableHeaders, unhoistableHeaders, ...options }?: RequestPresigningArguments): Promise<IHttpRequest>;
+    presign(requestToSign: IHttpRequest, { unsignableHeaders, hoistableHeaders, unhoistableHeaders, ...options }?: RequestPresigningArguments): Promise<IHttpRequest>;
+    presignWithCredentials(requestToSign: IHttpRequest, credentials: AwsCredentialIdentity, { unsignableHeaders, hoistableHeaders, unhoistableHeaders, ...options }?: RequestPresigningArguments): Promise<IHttpRequest>;
     private prepareRequest;
 }
 export {};

package/dist-types/ts3.4/presigner.d.ts CHANGED Viewed

@@ -20,6 +20,7 @@ export declare class S3RequestPresigner implements RequestPresigner {
     requestToSign: IHttpRequest,
     {
       unsignableHeaders,
+      hoistableHeaders,
       unhoistableHeaders,
       ...options
     }?: RequestPresigningArguments
@@ -29,6 +30,7 @@ export declare class S3RequestPresigner implements RequestPresigner {
     credentials: AwsCredentialIdentity,
     {
       unsignableHeaders,
+      hoistableHeaders,
       unhoistableHeaders,
       ...options
     }?: RequestPresigningArguments

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/s3-request-presigner",
-  "version": "3.658.1",
+  "version": "3.663.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline s3-request-presigner",
@@ -21,18 +21,18 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/signature-v4-multi-region": "3.658.1",
-    "@aws-sdk/types": "3.654.0",
-    "@aws-sdk/util-format-url": "3.654.0",
-    "@smithy/middleware-endpoint": "^3.1.3",
-    "@smithy/protocol-http": "^4.1.3",
-    "@smithy/smithy-client": "^3.3.5",
-    "@smithy/types": "^3.4.2",
+    "@aws-sdk/signature-v4-multi-region": "3.662.0",
+    "@aws-sdk/types": "3.662.0",
+    "@aws-sdk/util-format-url": "3.662.0",
+    "@smithy/middleware-endpoint": "^3.1.4",
+    "@smithy/protocol-http": "^4.1.4",
+    "@smithy/smithy-client": "^3.3.6",
+    "@smithy/types": "^3.5.0",
     "tslib": "^2.6.2"
   },
   "devDependencies": {
-    "@aws-sdk/client-s3": "3.658.1",
-    "@smithy/hash-node": "^3.0.6",
+    "@aws-sdk/client-s3": "3.663.0",
+    "@smithy/hash-node": "^3.0.7",
     "@tsconfig/recommended": "1.0.1",
     "@types/node": "^16.18.96",
     "concurrently": "7.0.0",