@haneullabs/signers 0.1.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +121 -74
- package/README.md +11 -8
- package/dist/aws/aws-client.d.mts +48 -0
- package/dist/aws/aws-client.d.mts.map +1 -0
- package/dist/aws/aws-client.mjs +46 -0
- package/dist/aws/aws-client.mjs.map +1 -0
- package/dist/aws/aws-kms-signer.d.mts +63 -0
- package/dist/aws/aws-kms-signer.d.mts.map +1 -0
- package/dist/aws/aws-kms-signer.mjs +78 -0
- package/dist/aws/aws-kms-signer.mjs.map +1 -0
- package/dist/aws/aws4fetch.d.mts +62 -0
- package/dist/aws/aws4fetch.d.mts.map +1 -0
- package/dist/aws/aws4fetch.mjs +313 -0
- package/dist/aws/aws4fetch.mjs.map +1 -0
- package/dist/aws/index.d.mts +3 -0
- package/dist/aws/index.mjs +3 -0
- package/dist/gcp/gcp-kms-client.d.mts +71 -0
- package/dist/gcp/gcp-kms-client.d.mts.map +1 -0
- package/dist/gcp/gcp-kms-client.mjs +104 -0
- package/dist/gcp/gcp-kms-client.mjs.map +1 -0
- package/dist/gcp/index.d.mts +2 -0
- package/dist/gcp/index.mjs +3 -0
- package/dist/ledger/index.d.mts +74 -0
- package/dist/ledger/index.d.mts.map +1 -0
- package/dist/ledger/index.mjs +110 -0
- package/dist/ledger/index.mjs.map +1 -0
- package/dist/ledger/objects.d.mts +10 -0
- package/dist/ledger/objects.d.mts.map +1 -0
- package/dist/ledger/objects.mjs +16 -0
- package/dist/ledger/objects.mjs.map +1 -0
- package/dist/utils/utils.mjs +71 -0
- package/dist/utils/utils.mjs.map +1 -0
- package/dist/webcrypto/index.d.mts +32 -0
- package/dist/webcrypto/index.d.mts.map +1 -0
- package/dist/webcrypto/index.mjs +70 -0
- package/dist/webcrypto/index.mjs.map +1 -0
- package/package.json +35 -29
- package/src/aws/aws-kms-signer.ts +0 -9
- package/src/gcp/gcp-kms-client.ts +0 -9
- package/src/ledger/index.ts +8 -9
- package/src/ledger/objects.ts +10 -34
- package/src/utils/utils.ts +18 -10
- package/src/webcrypto/index.ts +6 -3
- package/aws/package.json +0 -6
- package/dist/cjs/aws/aws-client.d.ts +0 -43
- package/dist/cjs/aws/aws-client.js +0 -79
- package/dist/cjs/aws/aws-client.js.map +0 -7
- package/dist/cjs/aws/aws-kms-signer.d.ts +0 -61
- package/dist/cjs/aws/aws-kms-signer.js +0 -114
- package/dist/cjs/aws/aws-kms-signer.js.map +0 -7
- package/dist/cjs/aws/aws4fetch.d.ts +0 -125
- package/dist/cjs/aws/aws4fetch.js +0 -382
- package/dist/cjs/aws/aws4fetch.js.map +0 -7
- package/dist/cjs/aws/index.d.ts +0 -5
- package/dist/cjs/aws/index.js +0 -25
- package/dist/cjs/aws/index.js.map +0 -7
- package/dist/cjs/gcp/gcp-kms-client.d.ts +0 -68
- package/dist/cjs/gcp/gcp-kms-client.js +0 -147
- package/dist/cjs/gcp/gcp-kms-client.js.map +0 -7
- package/dist/cjs/gcp/index.d.ts +0 -4
- package/dist/cjs/gcp/index.js +0 -25
- package/dist/cjs/gcp/index.js.map +0 -7
- package/dist/cjs/ledger/bcs.d.ts +0 -14
- package/dist/cjs/ledger/bcs.js +0 -85
- package/dist/cjs/ledger/bcs.js.map +0 -7
- package/dist/cjs/ledger/index.d.ts +0 -66
- package/dist/cjs/ledger/index.js +0 -158
- package/dist/cjs/ledger/index.js.map +0 -7
- package/dist/cjs/ledger/objects.d.ts +0 -5
- package/dist/cjs/ledger/objects.js +0 -60
- package/dist/cjs/ledger/objects.js.map +0 -7
- package/dist/cjs/package.json +0 -5
- package/dist/cjs/utils/utils.d.ts +0 -18
- package/dist/cjs/utils/utils.js +0 -85
- package/dist/cjs/utils/utils.js.map +0 -7
- package/dist/cjs/webcrypto/index.d.ts +0 -26
- package/dist/cjs/webcrypto/index.js +0 -112
- package/dist/cjs/webcrypto/index.js.map +0 -7
- package/dist/esm/aws/aws-client.d.ts +0 -43
- package/dist/esm/aws/aws-client.js +0 -59
- package/dist/esm/aws/aws-client.js.map +0 -7
- package/dist/esm/aws/aws-kms-signer.d.ts +0 -61
- package/dist/esm/aws/aws-kms-signer.js +0 -94
- package/dist/esm/aws/aws-kms-signer.js.map +0 -7
- package/dist/esm/aws/aws4fetch.d.ts +0 -125
- package/dist/esm/aws/aws4fetch.js +0 -362
- package/dist/esm/aws/aws4fetch.js.map +0 -7
- package/dist/esm/aws/index.d.ts +0 -5
- package/dist/esm/aws/index.js +0 -5
- package/dist/esm/aws/index.js.map +0 -7
- package/dist/esm/gcp/gcp-kms-client.d.ts +0 -68
- package/dist/esm/gcp/gcp-kms-client.js +0 -127
- package/dist/esm/gcp/gcp-kms-client.js.map +0 -7
- package/dist/esm/gcp/index.d.ts +0 -4
- package/dist/esm/gcp/index.js +0 -5
- package/dist/esm/gcp/index.js.map +0 -7
- package/dist/esm/ledger/bcs.d.ts +0 -14
- package/dist/esm/ledger/bcs.js +0 -70
- package/dist/esm/ledger/bcs.js.map +0 -7
- package/dist/esm/ledger/index.d.ts +0 -66
- package/dist/esm/ledger/index.js +0 -138
- package/dist/esm/ledger/index.js.map +0 -7
- package/dist/esm/ledger/objects.d.ts +0 -5
- package/dist/esm/ledger/objects.js +0 -40
- package/dist/esm/ledger/objects.js.map +0 -7
- package/dist/esm/package.json +0 -5
- package/dist/esm/utils/utils.d.ts +0 -18
- package/dist/esm/utils/utils.js +0 -65
- package/dist/esm/utils/utils.js.map +0 -7
- package/dist/esm/webcrypto/index.d.ts +0 -26
- package/dist/esm/webcrypto/index.js +0 -92
- package/dist/esm/webcrypto/index.js.map +0 -7
- package/dist/tsconfig.esm.tsbuildinfo +0 -1
- package/dist/tsconfig.tsbuildinfo +0 -1
- package/gcp/package.json +0 -6
- package/ledger/package.json +0 -6
- package/src/ledger/bcs.ts +0 -87
- package/webcrypto/package.json +0 -6
|
@@ -1,114 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __typeError = (msg) => {
|
|
7
|
-
throw TypeError(msg);
|
|
8
|
-
};
|
|
9
|
-
var __export = (target, all) => {
|
|
10
|
-
for (var name in all)
|
|
11
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
12
|
-
};
|
|
13
|
-
var __copyProps = (to, from, except, desc) => {
|
|
14
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
15
|
-
for (let key of __getOwnPropNames(from))
|
|
16
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
17
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
18
|
-
}
|
|
19
|
-
return to;
|
|
20
|
-
};
|
|
21
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
22
|
-
var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
|
|
23
|
-
var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
|
|
24
|
-
var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
|
|
25
|
-
var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
|
|
26
|
-
var aws_kms_signer_exports = {};
|
|
27
|
-
__export(aws_kms_signer_exports, {
|
|
28
|
-
AwsKmsSigner: () => AwsKmsSigner
|
|
29
|
-
});
|
|
30
|
-
module.exports = __toCommonJS(aws_kms_signer_exports);
|
|
31
|
-
var import_cryptography = require("@haneullabs/haneul/cryptography");
|
|
32
|
-
var import_utils = require("@haneullabs/haneul/utils");
|
|
33
|
-
var import_utils2 = require("../utils/utils.js");
|
|
34
|
-
var import_aws_client = require("./aws-client.js");
|
|
35
|
-
var _publicKey, _client, _kmsKeyId;
|
|
36
|
-
const _AwsKmsSigner = class _AwsKmsSigner extends import_cryptography.Signer {
|
|
37
|
-
/**
|
|
38
|
-
* Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.
|
|
39
|
-
* For example:
|
|
40
|
-
* ```
|
|
41
|
-
* const signer = await AwsKmsSigner.fromKeyId(keyId, options);
|
|
42
|
-
* ```
|
|
43
|
-
* @throws Will throw an error if required AWS credentials or region are not provided.
|
|
44
|
-
*/
|
|
45
|
-
constructor({ kmsKeyId, client, publicKey }) {
|
|
46
|
-
super();
|
|
47
|
-
__privateAdd(this, _publicKey);
|
|
48
|
-
/** AWS KMS client instance */
|
|
49
|
-
__privateAdd(this, _client);
|
|
50
|
-
/** AWS KMS Key ID used for signing */
|
|
51
|
-
__privateAdd(this, _kmsKeyId);
|
|
52
|
-
if (!kmsKeyId) throw new Error("KMS Key ID is required");
|
|
53
|
-
__privateSet(this, _client, client);
|
|
54
|
-
__privateSet(this, _kmsKeyId, kmsKeyId);
|
|
55
|
-
__privateSet(this, _publicKey, publicKey);
|
|
56
|
-
}
|
|
57
|
-
/**
|
|
58
|
-
* Retrieves the key scheme used by this signer.
|
|
59
|
-
* @returns AWS supports only Secp256k1 and Secp256r1 schemes.
|
|
60
|
-
*/
|
|
61
|
-
getKeyScheme() {
|
|
62
|
-
return import_cryptography.SIGNATURE_FLAG_TO_SCHEME[__privateGet(this, _publicKey).flag()];
|
|
63
|
-
}
|
|
64
|
-
/**
|
|
65
|
-
* Retrieves the public key associated with this signer.
|
|
66
|
-
* @returns The Secp256k1PublicKey instance.
|
|
67
|
-
* @throws Will throw an error if the public key has not been initialized.
|
|
68
|
-
*/
|
|
69
|
-
getPublicKey() {
|
|
70
|
-
return __privateGet(this, _publicKey);
|
|
71
|
-
}
|
|
72
|
-
/**
|
|
73
|
-
* Signs the given data using AWS KMS.
|
|
74
|
-
* @param bytes - The data to be signed as a Uint8Array.
|
|
75
|
-
* @returns A promise that resolves to the signature as a Uint8Array.
|
|
76
|
-
* @throws Will throw an error if the public key is not initialized or if signing fails.
|
|
77
|
-
*/
|
|
78
|
-
async sign(bytes) {
|
|
79
|
-
const signResponse = await __privateGet(this, _client).runCommand("Sign", {
|
|
80
|
-
KeyId: __privateGet(this, _kmsKeyId),
|
|
81
|
-
Message: (0, import_utils.toBase64)(bytes),
|
|
82
|
-
MessageType: "RAW",
|
|
83
|
-
SigningAlgorithm: "ECDSA_SHA_256"
|
|
84
|
-
});
|
|
85
|
-
return (0, import_utils2.getConcatenatedSignature)((0, import_utils.fromBase64)(signResponse.Signature), this.getKeyScheme());
|
|
86
|
-
}
|
|
87
|
-
/**
|
|
88
|
-
* Synchronous signing is not supported by AWS KMS.
|
|
89
|
-
* @throws Always throws an error indicating synchronous signing is unsupported.
|
|
90
|
-
* @deprecated use `sign` instead
|
|
91
|
-
*/
|
|
92
|
-
signData() {
|
|
93
|
-
throw new Error("KMS Signer does not support sync signing");
|
|
94
|
-
}
|
|
95
|
-
/**
|
|
96
|
-
* Prepares the signer by fetching and setting the public key from AWS KMS.
|
|
97
|
-
* It is recommended to initialize an `AwsKmsSigner` instance using this function.
|
|
98
|
-
* @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).
|
|
99
|
-
*/
|
|
100
|
-
static async fromKeyId(keyId, options) {
|
|
101
|
-
const client = new import_aws_client.AwsKmsClient(options);
|
|
102
|
-
const pubKey = await client.getPublicKey(keyId);
|
|
103
|
-
return new _AwsKmsSigner({
|
|
104
|
-
kmsKeyId: keyId,
|
|
105
|
-
client,
|
|
106
|
-
publicKey: pubKey
|
|
107
|
-
});
|
|
108
|
-
}
|
|
109
|
-
};
|
|
110
|
-
_publicKey = new WeakMap();
|
|
111
|
-
_client = new WeakMap();
|
|
112
|
-
_kmsKeyId = new WeakMap();
|
|
113
|
-
let AwsKmsSigner = _AwsKmsSigner;
|
|
114
|
-
//# sourceMappingURL=aws-kms-signer.js.map
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"version": 3,
|
|
3
|
-
"sources": ["../../../src/aws/aws-kms-signer.ts"],
|
|
4
|
-
"sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { PublicKey, SignatureFlag } from '@haneullabs/haneul/cryptography';\nimport { SIGNATURE_FLAG_TO_SCHEME, Signer } from '@haneullabs/haneul/cryptography';\nimport { fromBase64, toBase64 } from '@haneullabs/haneul/utils';\n\nimport { getConcatenatedSignature } from '../utils/utils.js';\nimport type { AwsClientOptions } from './aws-client.js';\nimport { AwsKmsClient } from './aws-client.js';\n\n/**\n * Configuration options for initializing the AwsKmsSigner.\n */\nexport interface AwsKmsSignerOptions {\n\t/** AWS KMS Key ID used for signing */\n\tkmsKeyId: string;\n\t/** Options for setting up the AWS KMS client */\n\tclient: AwsKmsClient;\n\t/** Public key */\n\tpublicKey: PublicKey;\n}\n\n/**\n * Aws KMS Signer integrates AWS Key Management Service (KMS) with the Haneul blockchain\n * to provide signing capabilities using AWS-managed cryptographic keys.\n */\nexport class AwsKmsSigner extends Signer {\n\t#publicKey: PublicKey;\n\t/** AWS KMS client instance */\n\t#client: AwsKmsClient;\n\t/** AWS KMS Key ID used for signing */\n\t#kmsKeyId: string;\n\n\t/**\n\t * Creates an instance of AwsKmsSigner. It's expected to call the static `fromKeyId` method to create an instance.\n\t * For example:\n\t * ```\n\t * const signer = await AwsKmsSigner.fromKeyId(keyId, options);\n\t * ```\n\t * @throws Will throw an error if required AWS credentials or region are not provided.\n\t */\n\tconstructor({ kmsKeyId, client, publicKey }: AwsKmsSignerOptions) {\n\t\tsuper();\n\t\tif (!kmsKeyId) throw new Error('KMS Key ID is required');\n\n\t\tthis.#client = client;\n\t\tthis.#kmsKeyId = kmsKeyId;\n\t\tthis.#publicKey = publicKey;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t * @returns AWS supports only Secp256k1 and Secp256r1 schemes.\n\t */\n\tgetKeyScheme() {\n\t\treturn SIGNATURE_FLAG_TO_SCHEME[this.#publicKey.flag() as SignatureFlag];\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Secp256k1PublicKey instance.\n\t * @throws Will throw an error if the public key has not been initialized.\n\t */\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the given data using AWS KMS.\n\t * @param bytes - The data to be signed as a Uint8Array.\n\t * @returns A promise that resolves to the signature as a Uint8Array.\n\t * @throws Will throw an error if the public key is not initialized or if signing fails.\n\t */\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst signResponse = await this.#client.runCommand('Sign', {\n\t\t\tKeyId: this.#kmsKeyId,\n\t\t\tMessage: toBase64(bytes),\n\t\t\tMessageType: 'RAW',\n\t\t\tSigningAlgorithm: 'ECDSA_SHA_256',\n\t\t});\n\n\t\t// Concatenate the signature components into a compact form\n\t\treturn getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());\n\t}\n\n\t/**\n\t * Synchronous signing is not supported by AWS KMS.\n\t * @throws Always throws an error indicating synchronous signing is unsupported.\n\t * @deprecated use `sign` instead\n\t */\n\tsignData(): never {\n\t\tthrow new Error('KMS Signer does not support sync signing');\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from AWS KMS.\n\t * It is recommended to initialize an `AwsKmsSigner` instance using this function.\n\t * @returns A promise that resolves once a `AwsKmsSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromKeyId(keyId: string, options: AwsClientOptions) {\n\t\tconst client = new AwsKmsClient(options);\n\n\t\tconst pubKey = await client.getPublicKey(keyId);\n\n\t\treturn new AwsKmsSigner({\n\t\t\tkmsKeyId: keyId,\n\t\t\tclient,\n\t\t\tpublicKey: pubKey,\n\t\t});\n\t}\n}\n"],
|
|
5
|
-
"mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,0BAAiD;AACjD,mBAAqC;AAErC,IAAAA,gBAAyC;AAEzC,wBAA6B;AAR7B;AA0BO,MAAM,gBAAN,MAAM,sBAAqB,2BAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAexC,YAAY,EAAE,UAAU,QAAQ,UAAU,GAAwB;AACjE,UAAM;AAfP;AAEA;AAAA;AAEA;AAAA;AAYC,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,wBAAwB;AAEvD,uBAAK,SAAU;AACf,uBAAK,WAAY;AACjB,uBAAK,YAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAe;AACd,WAAO,6CAAyB,mBAAK,YAAW,KAAK,CAAkB;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,KAAK,OAAqD;AAC/D,UAAM,eAAe,MAAM,mBAAK,SAAQ,WAAW,QAAQ;AAAA,MAC1D,OAAO,mBAAK;AAAA,MACZ,aAAS,uBAAS,KAAK;AAAA,MACvB,aAAa;AAAA,MACb,kBAAkB;AAAA,IACnB,CAAC;AAGD,eAAO,4CAAyB,yBAAW,aAAa,SAAS,GAAG,KAAK,aAAa,CAAC;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAkB;AACjB,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,UAAU,OAAe,SAA2B;AAChE,UAAM,SAAS,IAAI,+BAAa,OAAO;AAEvC,UAAM,SAAS,MAAM,OAAO,aAAa,KAAK;AAE9C,WAAO,IAAI,cAAa;AAAA,MACvB,UAAU;AAAA,MACV;AAAA,MACA,WAAW;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AAnFC;AAEA;AAEA;AALM,IAAM,eAAN;",
|
|
6
|
-
"names": ["import_utils"]
|
|
7
|
-
}
|
|
@@ -1,125 +0,0 @@
|
|
|
1
|
-
type AwsRequestInit = RequestInit & {
|
|
2
|
-
aws?: {
|
|
3
|
-
accessKeyId?: string;
|
|
4
|
-
secretAccessKey?: string;
|
|
5
|
-
sessionToken?: string;
|
|
6
|
-
service?: string;
|
|
7
|
-
region?: string;
|
|
8
|
-
cache?: Map<string, ArrayBuffer>;
|
|
9
|
-
datetime?: string;
|
|
10
|
-
signQuery?: boolean;
|
|
11
|
-
appendSessionToken?: boolean;
|
|
12
|
-
allHeaders?: boolean;
|
|
13
|
-
singleEncode?: boolean;
|
|
14
|
-
};
|
|
15
|
-
};
|
|
16
|
-
export declare class AwsClient {
|
|
17
|
-
accessKeyId: string;
|
|
18
|
-
secretAccessKey: string;
|
|
19
|
-
sessionToken: string | undefined;
|
|
20
|
-
service: string | undefined;
|
|
21
|
-
region: string | undefined;
|
|
22
|
-
cache: Map<any, any>;
|
|
23
|
-
retries: number;
|
|
24
|
-
initRetryMs: number;
|
|
25
|
-
/**
|
|
26
|
-
* @param {} options
|
|
27
|
-
*/
|
|
28
|
-
constructor({ accessKeyId, secretAccessKey, sessionToken, service, region, cache, retries, initRetryMs, }: {
|
|
29
|
-
accessKeyId: string;
|
|
30
|
-
secretAccessKey: string;
|
|
31
|
-
sessionToken?: string;
|
|
32
|
-
service?: string;
|
|
33
|
-
region?: string;
|
|
34
|
-
cache?: Map<string, ArrayBuffer>;
|
|
35
|
-
retries?: number;
|
|
36
|
-
initRetryMs?: number;
|
|
37
|
-
});
|
|
38
|
-
sign(input: Request | {
|
|
39
|
-
toString: () => string;
|
|
40
|
-
}, init: AwsRequestInit): Promise<Request>;
|
|
41
|
-
/**
|
|
42
|
-
* @param {Request | { toString: () => string }} input
|
|
43
|
-
* @param {?AwsRequestInit} [init]
|
|
44
|
-
* @returns {Promise<Response>}
|
|
45
|
-
*/
|
|
46
|
-
fetch(input: Request | {
|
|
47
|
-
toString: () => string;
|
|
48
|
-
}, init: AwsRequestInit): Promise<Response>;
|
|
49
|
-
}
|
|
50
|
-
export declare class AwsV4Signer {
|
|
51
|
-
method: any;
|
|
52
|
-
url: URL;
|
|
53
|
-
headers: Headers;
|
|
54
|
-
body: any;
|
|
55
|
-
accessKeyId: any;
|
|
56
|
-
secretAccessKey: any;
|
|
57
|
-
sessionToken: any;
|
|
58
|
-
service: any;
|
|
59
|
-
region: any;
|
|
60
|
-
cache: any;
|
|
61
|
-
datetime: any;
|
|
62
|
-
signQuery: any;
|
|
63
|
-
appendSessionToken: any;
|
|
64
|
-
signableHeaders: any[];
|
|
65
|
-
signedHeaders: any;
|
|
66
|
-
canonicalHeaders: any;
|
|
67
|
-
credentialString: string;
|
|
68
|
-
encodedPath: string;
|
|
69
|
-
encodedSearch: string;
|
|
70
|
-
/**
|
|
71
|
-
* @param {} options
|
|
72
|
-
*/
|
|
73
|
-
constructor({ method, url, headers, body, accessKeyId, secretAccessKey, sessionToken, service, region, cache, datetime, signQuery, appendSessionToken, allHeaders, singleEncode, }: {
|
|
74
|
-
method?: string;
|
|
75
|
-
url: string;
|
|
76
|
-
headers?: HeadersInit;
|
|
77
|
-
body?: BodyInit | null;
|
|
78
|
-
accessKeyId: string;
|
|
79
|
-
secretAccessKey: string;
|
|
80
|
-
sessionToken?: string;
|
|
81
|
-
service?: string;
|
|
82
|
-
region?: string;
|
|
83
|
-
cache?: Map<string, ArrayBuffer>;
|
|
84
|
-
datetime?: string;
|
|
85
|
-
signQuery?: boolean;
|
|
86
|
-
appendSessionToken?: boolean;
|
|
87
|
-
allHeaders?: boolean;
|
|
88
|
-
singleEncode?: boolean;
|
|
89
|
-
});
|
|
90
|
-
/**
|
|
91
|
-
* @returns {Promise<{
|
|
92
|
-
* method: string
|
|
93
|
-
* url: URL
|
|
94
|
-
* headers: Headers
|
|
95
|
-
* body?: BodyInit | null
|
|
96
|
-
* }>}
|
|
97
|
-
*/
|
|
98
|
-
sign(): Promise<{
|
|
99
|
-
method: any;
|
|
100
|
-
url: URL;
|
|
101
|
-
headers: Headers;
|
|
102
|
-
body: any;
|
|
103
|
-
}>;
|
|
104
|
-
/**
|
|
105
|
-
* @returns {Promise<string>}
|
|
106
|
-
*/
|
|
107
|
-
authHeader(): Promise<string>;
|
|
108
|
-
/**
|
|
109
|
-
* @returns {Promise<string>}
|
|
110
|
-
*/
|
|
111
|
-
signature(): Promise<string>;
|
|
112
|
-
/**
|
|
113
|
-
* @returns {Promise<string>}
|
|
114
|
-
*/
|
|
115
|
-
stringToSign(): Promise<string>;
|
|
116
|
-
/**
|
|
117
|
-
* @returns {Promise<string>}
|
|
118
|
-
*/
|
|
119
|
-
canonicalString(): Promise<string>;
|
|
120
|
-
/**
|
|
121
|
-
* @returns {Promise<string>}
|
|
122
|
-
*/
|
|
123
|
-
hexBodyHash(): Promise<string>;
|
|
124
|
-
}
|
|
125
|
-
export {};
|
|
@@ -1,382 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __export = (target, all) => {
|
|
7
|
-
for (var name in all)
|
|
8
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
-
};
|
|
10
|
-
var __copyProps = (to, from, except, desc) => {
|
|
11
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
-
for (let key of __getOwnPropNames(from))
|
|
13
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
-
}
|
|
16
|
-
return to;
|
|
17
|
-
};
|
|
18
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
var aws4fetch_exports = {};
|
|
20
|
-
__export(aws4fetch_exports, {
|
|
21
|
-
AwsClient: () => AwsClient,
|
|
22
|
-
AwsV4Signer: () => AwsV4Signer
|
|
23
|
-
});
|
|
24
|
-
module.exports = __toCommonJS(aws4fetch_exports);
|
|
25
|
-
/**
|
|
26
|
-
* Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies
|
|
27
|
-
* @license MIT <https://opensource.org/licenses/MIT>
|
|
28
|
-
* @copyright Michael Hart 2024
|
|
29
|
-
*/
|
|
30
|
-
const encoder = new TextEncoder();
|
|
31
|
-
const HOST_SERVICES = {
|
|
32
|
-
appstream2: "appstream",
|
|
33
|
-
cloudhsmv2: "cloudhsm",
|
|
34
|
-
email: "ses",
|
|
35
|
-
marketplace: "aws-marketplace",
|
|
36
|
-
mobile: "AWSMobileHubService",
|
|
37
|
-
pinpoint: "mobiletargeting",
|
|
38
|
-
queue: "sqs",
|
|
39
|
-
"git-codecommit": "codecommit",
|
|
40
|
-
"mturk-requester-sandbox": "mturk-requester",
|
|
41
|
-
"personalize-runtime": "personalize"
|
|
42
|
-
};
|
|
43
|
-
const UNSIGNABLE_HEADERS = /* @__PURE__ */ new Set([
|
|
44
|
-
"authorization",
|
|
45
|
-
"content-type",
|
|
46
|
-
"content-length",
|
|
47
|
-
"user-agent",
|
|
48
|
-
"presigned-expires",
|
|
49
|
-
"expect",
|
|
50
|
-
"x-amzn-trace-id",
|
|
51
|
-
"range",
|
|
52
|
-
"connection"
|
|
53
|
-
]);
|
|
54
|
-
class AwsClient {
|
|
55
|
-
/**
|
|
56
|
-
* @param {} options
|
|
57
|
-
*/
|
|
58
|
-
constructor({
|
|
59
|
-
accessKeyId,
|
|
60
|
-
secretAccessKey,
|
|
61
|
-
sessionToken,
|
|
62
|
-
service,
|
|
63
|
-
region,
|
|
64
|
-
cache,
|
|
65
|
-
retries,
|
|
66
|
-
initRetryMs
|
|
67
|
-
}) {
|
|
68
|
-
if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
|
|
69
|
-
if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
|
|
70
|
-
this.accessKeyId = accessKeyId;
|
|
71
|
-
this.secretAccessKey = secretAccessKey;
|
|
72
|
-
this.sessionToken = sessionToken;
|
|
73
|
-
this.service = service;
|
|
74
|
-
this.region = region;
|
|
75
|
-
this.cache = cache || /* @__PURE__ */ new Map();
|
|
76
|
-
this.retries = retries != null ? retries : 10;
|
|
77
|
-
this.initRetryMs = initRetryMs || 50;
|
|
78
|
-
}
|
|
79
|
-
async sign(input, init) {
|
|
80
|
-
if (input instanceof Request) {
|
|
81
|
-
const { method, url, headers, body } = input;
|
|
82
|
-
init = Object.assign({ method, url, headers }, init);
|
|
83
|
-
if (init.body == null && headers.has("Content-Type")) {
|
|
84
|
-
init.body = body != null && headers.has("X-Amz-Content-Sha256") ? body : await input.clone().arrayBuffer();
|
|
85
|
-
}
|
|
86
|
-
input = url;
|
|
87
|
-
}
|
|
88
|
-
const signer = new AwsV4Signer(
|
|
89
|
-
Object.assign({ url: input.toString() }, init, this, init && init.aws)
|
|
90
|
-
);
|
|
91
|
-
const signed = Object.assign({}, init, await signer.sign());
|
|
92
|
-
delete signed.aws;
|
|
93
|
-
try {
|
|
94
|
-
return new Request(signed.url.toString(), signed);
|
|
95
|
-
} catch (e) {
|
|
96
|
-
if (e instanceof TypeError) {
|
|
97
|
-
return new Request(signed.url.toString(), Object.assign({ duplex: "half" }, signed));
|
|
98
|
-
}
|
|
99
|
-
throw e;
|
|
100
|
-
}
|
|
101
|
-
}
|
|
102
|
-
/**
|
|
103
|
-
* @param {Request | { toString: () => string }} input
|
|
104
|
-
* @param {?AwsRequestInit} [init]
|
|
105
|
-
* @returns {Promise<Response>}
|
|
106
|
-
*/
|
|
107
|
-
async fetch(input, init) {
|
|
108
|
-
for (let i = 0; i <= this.retries; i++) {
|
|
109
|
-
const fetched = fetch(await this.sign(input, init));
|
|
110
|
-
if (i === this.retries) {
|
|
111
|
-
return fetched;
|
|
112
|
-
}
|
|
113
|
-
const res = await fetched;
|
|
114
|
-
if (res.status < 500 && res.status !== 429) {
|
|
115
|
-
return res;
|
|
116
|
-
}
|
|
117
|
-
await new Promise(
|
|
118
|
-
(resolve) => setTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i))
|
|
119
|
-
);
|
|
120
|
-
}
|
|
121
|
-
throw new Error("An unknown error occurred, ensure retries is not negative");
|
|
122
|
-
}
|
|
123
|
-
}
|
|
124
|
-
class AwsV4Signer {
|
|
125
|
-
/**
|
|
126
|
-
* @param {} options
|
|
127
|
-
*/
|
|
128
|
-
constructor({
|
|
129
|
-
method,
|
|
130
|
-
url,
|
|
131
|
-
headers,
|
|
132
|
-
body,
|
|
133
|
-
accessKeyId,
|
|
134
|
-
secretAccessKey,
|
|
135
|
-
sessionToken,
|
|
136
|
-
service,
|
|
137
|
-
region,
|
|
138
|
-
cache,
|
|
139
|
-
datetime,
|
|
140
|
-
signQuery,
|
|
141
|
-
appendSessionToken,
|
|
142
|
-
allHeaders,
|
|
143
|
-
singleEncode
|
|
144
|
-
}) {
|
|
145
|
-
if (url == null) throw new TypeError("url is a required option");
|
|
146
|
-
if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
|
|
147
|
-
if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
|
|
148
|
-
this.method = method || (body ? "POST" : "GET");
|
|
149
|
-
this.url = new URL(url);
|
|
150
|
-
this.headers = new Headers(headers || {});
|
|
151
|
-
this.body = body;
|
|
152
|
-
this.accessKeyId = accessKeyId;
|
|
153
|
-
this.secretAccessKey = secretAccessKey;
|
|
154
|
-
this.sessionToken = sessionToken;
|
|
155
|
-
let guessedService, guessedRegion;
|
|
156
|
-
if (!service || !region) {
|
|
157
|
-
[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);
|
|
158
|
-
}
|
|
159
|
-
this.service = service || guessedService || "";
|
|
160
|
-
this.region = region || guessedRegion || "us-east-1";
|
|
161
|
-
this.cache = cache || /* @__PURE__ */ new Map();
|
|
162
|
-
this.datetime = datetime || (/* @__PURE__ */ new Date()).toISOString().replace(/[:-]|\.\d{3}/g, "");
|
|
163
|
-
this.signQuery = signQuery;
|
|
164
|
-
this.appendSessionToken = appendSessionToken || this.service === "iotdevicegateway";
|
|
165
|
-
this.headers.delete("Host");
|
|
166
|
-
if (this.service === "s3" && !this.signQuery && !this.headers.has("X-Amz-Content-Sha256")) {
|
|
167
|
-
this.headers.set("X-Amz-Content-Sha256", "UNSIGNED-PAYLOAD");
|
|
168
|
-
}
|
|
169
|
-
const params = this.signQuery ? this.url.searchParams : this.headers;
|
|
170
|
-
params.set("X-Amz-Date", this.datetime);
|
|
171
|
-
if (this.sessionToken && !this.appendSessionToken) {
|
|
172
|
-
params.set("X-Amz-Security-Token", this.sessionToken);
|
|
173
|
-
}
|
|
174
|
-
this.signableHeaders = ["host", ...this.headers.keys()].filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header)).sort();
|
|
175
|
-
this.signedHeaders = this.signableHeaders.join(";");
|
|
176
|
-
this.canonicalHeaders = this.signableHeaders.map(
|
|
177
|
-
(header) => header + ":" + (header === "host" ? this.url.host : (this.headers.get(header) || "").replace(/\s+/g, " "))
|
|
178
|
-
).join("\n");
|
|
179
|
-
this.credentialString = [
|
|
180
|
-
this.datetime.slice(0, 8),
|
|
181
|
-
this.region,
|
|
182
|
-
this.service,
|
|
183
|
-
"aws4_request"
|
|
184
|
-
].join("/");
|
|
185
|
-
if (this.signQuery) {
|
|
186
|
-
if (this.service === "s3" && !params.has("X-Amz-Expires")) {
|
|
187
|
-
params.set("X-Amz-Expires", "86400");
|
|
188
|
-
}
|
|
189
|
-
params.set("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
|
|
190
|
-
params.set("X-Amz-Credential", this.accessKeyId + "/" + this.credentialString);
|
|
191
|
-
params.set("X-Amz-SignedHeaders", this.signedHeaders);
|
|
192
|
-
}
|
|
193
|
-
if (this.service === "s3") {
|
|
194
|
-
try {
|
|
195
|
-
this.encodedPath = decodeURIComponent(this.url.pathname.replace(/\+/g, " "));
|
|
196
|
-
} catch {
|
|
197
|
-
this.encodedPath = this.url.pathname;
|
|
198
|
-
}
|
|
199
|
-
} else {
|
|
200
|
-
this.encodedPath = this.url.pathname.replace(/\/+/g, "/");
|
|
201
|
-
}
|
|
202
|
-
if (!singleEncode) {
|
|
203
|
-
this.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, "/");
|
|
204
|
-
}
|
|
205
|
-
this.encodedPath = encodeRfc3986(this.encodedPath);
|
|
206
|
-
const seenKeys = /* @__PURE__ */ new Set();
|
|
207
|
-
this.encodedSearch = [...this.url.searchParams].filter(([k]) => {
|
|
208
|
-
if (!k) return false;
|
|
209
|
-
if (this.service === "s3") {
|
|
210
|
-
if (seenKeys.has(k)) return false;
|
|
211
|
-
seenKeys.add(k);
|
|
212
|
-
}
|
|
213
|
-
return true;
|
|
214
|
-
}).map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p)))).sort(([k1, v1], [k2, v2]) => k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0).map((pair) => pair.join("=")).join("&");
|
|
215
|
-
}
|
|
216
|
-
/**
|
|
217
|
-
* @returns {Promise<{
|
|
218
|
-
* method: string
|
|
219
|
-
* url: URL
|
|
220
|
-
* headers: Headers
|
|
221
|
-
* body?: BodyInit | null
|
|
222
|
-
* }>}
|
|
223
|
-
*/
|
|
224
|
-
async sign() {
|
|
225
|
-
if (this.signQuery) {
|
|
226
|
-
this.url.searchParams.set("X-Amz-Signature", await this.signature());
|
|
227
|
-
if (this.sessionToken && this.appendSessionToken) {
|
|
228
|
-
this.url.searchParams.set("X-Amz-Security-Token", this.sessionToken);
|
|
229
|
-
}
|
|
230
|
-
} else {
|
|
231
|
-
this.headers.set("Authorization", await this.authHeader());
|
|
232
|
-
}
|
|
233
|
-
return {
|
|
234
|
-
method: this.method,
|
|
235
|
-
url: this.url,
|
|
236
|
-
headers: this.headers,
|
|
237
|
-
body: this.body
|
|
238
|
-
};
|
|
239
|
-
}
|
|
240
|
-
/**
|
|
241
|
-
* @returns {Promise<string>}
|
|
242
|
-
*/
|
|
243
|
-
async authHeader() {
|
|
244
|
-
return [
|
|
245
|
-
"AWS4-HMAC-SHA256 Credential=" + this.accessKeyId + "/" + this.credentialString,
|
|
246
|
-
"SignedHeaders=" + this.signedHeaders,
|
|
247
|
-
"Signature=" + await this.signature()
|
|
248
|
-
].join(", ");
|
|
249
|
-
}
|
|
250
|
-
/**
|
|
251
|
-
* @returns {Promise<string>}
|
|
252
|
-
*/
|
|
253
|
-
async signature() {
|
|
254
|
-
const date = this.datetime.slice(0, 8);
|
|
255
|
-
const cacheKey = [this.secretAccessKey, date, this.region, this.service].join();
|
|
256
|
-
let kCredentials = this.cache.get(cacheKey);
|
|
257
|
-
if (!kCredentials) {
|
|
258
|
-
const kDate = await hmac("AWS4" + this.secretAccessKey, date);
|
|
259
|
-
const kRegion = await hmac(kDate, this.region);
|
|
260
|
-
const kService = await hmac(kRegion, this.service);
|
|
261
|
-
kCredentials = await hmac(kService, "aws4_request");
|
|
262
|
-
this.cache.set(cacheKey, kCredentials);
|
|
263
|
-
}
|
|
264
|
-
return buf2hex(await hmac(kCredentials, await this.stringToSign()));
|
|
265
|
-
}
|
|
266
|
-
/**
|
|
267
|
-
* @returns {Promise<string>}
|
|
268
|
-
*/
|
|
269
|
-
async stringToSign() {
|
|
270
|
-
return [
|
|
271
|
-
"AWS4-HMAC-SHA256",
|
|
272
|
-
this.datetime,
|
|
273
|
-
this.credentialString,
|
|
274
|
-
buf2hex(await hash(await this.canonicalString()))
|
|
275
|
-
].join("\n");
|
|
276
|
-
}
|
|
277
|
-
/**
|
|
278
|
-
* @returns {Promise<string>}
|
|
279
|
-
*/
|
|
280
|
-
async canonicalString() {
|
|
281
|
-
return [
|
|
282
|
-
this.method.toUpperCase(),
|
|
283
|
-
this.encodedPath,
|
|
284
|
-
this.encodedSearch,
|
|
285
|
-
this.canonicalHeaders + "\n",
|
|
286
|
-
this.signedHeaders,
|
|
287
|
-
await this.hexBodyHash()
|
|
288
|
-
].join("\n");
|
|
289
|
-
}
|
|
290
|
-
/**
|
|
291
|
-
* @returns {Promise<string>}
|
|
292
|
-
*/
|
|
293
|
-
async hexBodyHash() {
|
|
294
|
-
let hashHeader = this.headers.get("X-Amz-Content-Sha256") || (this.service === "s3" && this.signQuery ? "UNSIGNED-PAYLOAD" : null);
|
|
295
|
-
if (hashHeader == null) {
|
|
296
|
-
if (this.body && typeof this.body !== "string" && !("byteLength" in this.body)) {
|
|
297
|
-
throw new Error(
|
|
298
|
-
"body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header"
|
|
299
|
-
);
|
|
300
|
-
}
|
|
301
|
-
hashHeader = buf2hex(await hash(this.body || ""));
|
|
302
|
-
}
|
|
303
|
-
return hashHeader;
|
|
304
|
-
}
|
|
305
|
-
}
|
|
306
|
-
async function hmac(key, string) {
|
|
307
|
-
const cryptoKey = await crypto.subtle.importKey(
|
|
308
|
-
"raw",
|
|
309
|
-
typeof key === "string" ? encoder.encode(key) : key,
|
|
310
|
-
{ name: "HMAC", hash: { name: "SHA-256" } },
|
|
311
|
-
false,
|
|
312
|
-
["sign"]
|
|
313
|
-
);
|
|
314
|
-
return crypto.subtle.sign("HMAC", cryptoKey, encoder.encode(string));
|
|
315
|
-
}
|
|
316
|
-
async function hash(content) {
|
|
317
|
-
return crypto.subtle.digest(
|
|
318
|
-
"SHA-256",
|
|
319
|
-
typeof content === "string" ? encoder.encode(content) : content
|
|
320
|
-
);
|
|
321
|
-
}
|
|
322
|
-
const HEX_CHARS = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];
|
|
323
|
-
function buf2hex(arrayBuffer) {
|
|
324
|
-
const buffer = new Uint8Array(arrayBuffer);
|
|
325
|
-
let out = "";
|
|
326
|
-
for (let idx = 0; idx < buffer.length; idx++) {
|
|
327
|
-
const n = buffer[idx];
|
|
328
|
-
out += HEX_CHARS[n >>> 4 & 15];
|
|
329
|
-
out += HEX_CHARS[n & 15];
|
|
330
|
-
}
|
|
331
|
-
return out;
|
|
332
|
-
}
|
|
333
|
-
function encodeRfc3986(urlEncodedStr) {
|
|
334
|
-
return urlEncodedStr.replace(/[!'()*]/g, (c) => "%" + c.charCodeAt(0).toString(16).toUpperCase());
|
|
335
|
-
}
|
|
336
|
-
function guessServiceRegion(url, headers) {
|
|
337
|
-
const { hostname, pathname } = url;
|
|
338
|
-
if (hostname.endsWith(".on.aws")) {
|
|
339
|
-
const match2 = hostname.match(/^[^.]{1,63}\.lambda-url\.([^.]{1,63})\.on\.aws$/);
|
|
340
|
-
return match2 != null ? ["lambda", match2[1] || ""] : ["", ""];
|
|
341
|
-
}
|
|
342
|
-
if (hostname.endsWith(".r2.cloudflarestorage.com")) {
|
|
343
|
-
return ["s3", "auto"];
|
|
344
|
-
}
|
|
345
|
-
if (hostname.endsWith(".backblazeb2.com")) {
|
|
346
|
-
const match2 = hostname.match(/^(?:[^.]{1,63}\.)?s3\.([^.]{1,63})\.backblazeb2\.com$/);
|
|
347
|
-
return match2 != null ? ["s3", match2[1] || ""] : ["", ""];
|
|
348
|
-
}
|
|
349
|
-
const match = hostname.replace("dualstack.", "").match(/([^.]{1,63})\.(?:([^.]{0,63})\.)?amazonaws\.com(?:\.cn)?$/);
|
|
350
|
-
let service = match && match[1] || "";
|
|
351
|
-
let region = match && match[2];
|
|
352
|
-
if (region === "us-gov") {
|
|
353
|
-
region = "us-gov-west-1";
|
|
354
|
-
} else if (region === "s3" || region === "s3-accelerate") {
|
|
355
|
-
region = "us-east-1";
|
|
356
|
-
service = "s3";
|
|
357
|
-
} else if (service === "iot") {
|
|
358
|
-
if (hostname.startsWith("iot.")) {
|
|
359
|
-
service = "execute-api";
|
|
360
|
-
} else if (hostname.startsWith("data.jobs.iot.")) {
|
|
361
|
-
service = "iot-jobs-data";
|
|
362
|
-
} else {
|
|
363
|
-
service = pathname === "/mqtt" ? "iotdevicegateway" : "iotdata";
|
|
364
|
-
}
|
|
365
|
-
} else if (service === "autoscaling") {
|
|
366
|
-
const targetPrefix = (headers.get("X-Amz-Target") || "").split(".")[0];
|
|
367
|
-
if (targetPrefix === "AnyScaleFrontendService") {
|
|
368
|
-
service = "application-autoscaling";
|
|
369
|
-
} else if (targetPrefix === "AnyScaleScalingPlannerFrontendService") {
|
|
370
|
-
service = "autoscaling-plans";
|
|
371
|
-
}
|
|
372
|
-
} else if (region == null && service.startsWith("s3-")) {
|
|
373
|
-
region = service.slice(3).replace(/^fips-|^external-1/, "");
|
|
374
|
-
service = "s3";
|
|
375
|
-
} else if (service.endsWith("-fips")) {
|
|
376
|
-
service = service.slice(0, -5);
|
|
377
|
-
} else if (region && /-\d$/.test(service) && !/-\d$/.test(region)) {
|
|
378
|
-
[service, region] = [region, service];
|
|
379
|
-
}
|
|
380
|
-
return [HOST_SERVICES[service] || service, region || ""];
|
|
381
|
-
}
|
|
382
|
-
//# sourceMappingURL=aws4fetch.js.map
|