@lighthouse/common 4.37.0-canary-2 → 4.37.0-canary-4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/helpers/get-cloudfront-cookies/index.js +1 -1
- package/dist/helpers/get-secret-value/index.js +5 -7
- package/lib/helpers/get-cloudfront-cookies/index.js +1 -1
- package/lib/helpers/get-cloudfront-cookies/index.js.map +1 -1
- package/lib/helpers/get-secret-value/index.js +5 -6
- package/lib/helpers/get-secret-value/index.js.map +1 -1
- package/package.json +3 -2
|
@@ -7,19 +7,17 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
7
7
|
});
|
|
8
8
|
exports.default = getSecretValue;
|
|
9
9
|
|
|
10
|
-
var
|
|
11
|
-
|
|
12
|
-
var _awsSdk = _interopRequireDefault(require("aws-sdk"));
|
|
10
|
+
var _clientSecretsManager = _interopRequireDefault(require("@aws-sdk/client-secrets-manager"));
|
|
13
11
|
|
|
14
12
|
var _lodash = require("lodash");
|
|
15
13
|
|
|
16
14
|
function getSecretValue(secretId, secretKey) {
|
|
17
15
|
if (!secretId) {
|
|
18
|
-
return Promise.reject(new
|
|
16
|
+
return Promise.reject(new Error(`Missing required param: secretId:${secretId}`));
|
|
19
17
|
} // TODO: update these credentials to specific values for service
|
|
20
18
|
|
|
21
19
|
|
|
22
|
-
const secretsClient = new
|
|
20
|
+
const secretsClient = new _clientSecretsManager.default({
|
|
23
21
|
accessKeyId: process.env.AWS_KEY,
|
|
24
22
|
region: process.env.AWS_SECRET_MANAGER_REGION,
|
|
25
23
|
secretAccessKey: process.env.AWS_SECRET
|
|
@@ -33,12 +31,12 @@ function getSecretValue(secretId, secretKey) {
|
|
|
33
31
|
const secretValue = secret[secretKey];
|
|
34
32
|
|
|
35
33
|
if (!secretValue) {
|
|
36
|
-
throw new
|
|
34
|
+
throw new Error('Secret value could not be found');
|
|
37
35
|
}
|
|
38
36
|
|
|
39
37
|
return secretValue;
|
|
40
38
|
}).catch(err => {
|
|
41
|
-
throw new
|
|
39
|
+
throw new Error(`AWSSecretFetchError: ${err.code}, ${err.message}`);
|
|
42
40
|
});
|
|
43
41
|
}
|
|
44
42
|
|
|
@@ -4,7 +4,7 @@ import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
|
4
4
|
var _require = require('@aws-sdk/cloudfront-signer'),
|
|
5
5
|
getSignedCookies = _require.getSignedCookies;
|
|
6
6
|
|
|
7
|
-
var _require2 = require('
|
|
7
|
+
var _require2 = require('../get-secret-value'),
|
|
8
8
|
getSecretValue = _require2.getSecretValue;
|
|
9
9
|
|
|
10
10
|
var logger = require('../../logger');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/helpers/get-cloudfront-cookies/index.js"],"names":["require","getSignedCookies","getSecretValue","logger","generateCloudFrontCookies","userId","applicationId","process","env","CLOUDFRONT_DOMAIN","CLOUDFRONT_KEY_PAIR_ID","debug","getPrivateKey","privateKey","warn","expiration","Date","setTime","getTime","distributionDomain","resourcePath","urlPattern","signedCookies","url","keyPairId","dateLessThan","info","toISOString","error","message","code","privateKeyCache","cacheExpiry","CACHE_TTL","now","CLOUDFRONT_PRIVATE_KEY_SECRET_ID","secretId"],"mappings":";;;eAA6BA,OAAO,CAAC,4BAAD,C;IAA5BC,gB,YAAAA,gB;;gBACmBD,OAAO,CAAC,
|
|
1
|
+
{"version":3,"sources":["../../../src/helpers/get-cloudfront-cookies/index.js"],"names":["require","getSignedCookies","getSecretValue","logger","generateCloudFrontCookies","userId","applicationId","process","env","CLOUDFRONT_DOMAIN","CLOUDFRONT_KEY_PAIR_ID","debug","getPrivateKey","privateKey","warn","expiration","Date","setTime","getTime","distributionDomain","resourcePath","urlPattern","signedCookies","url","keyPairId","dateLessThan","info","toISOString","error","message","code","privateKeyCache","cacheExpiry","CACHE_TTL","now","CLOUDFRONT_PRIVATE_KEY_SECRET_ID","secretId"],"mappings":";;;eAA6BA,OAAO,CAAC,4BAAD,C;IAA5BC,gB,YAAAA,gB;;gBACmBD,OAAO,CAAC,qBAAD,C;IAA1BE,c,aAAAA,c;;AACR,IAAMC,MAAM,GAAGH,OAAO,CAAC,cAAD,CAAtB;AAEA;;;;;;;;;;;;;;;AAcA,gBAAsBI,yBAAtB;AAAA;AAAA;;;wFAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAA2CC,YAAAA,MAA3C,QAA2CA,MAA3C,EAAmDC,aAAnD,QAAmDA,aAAnD;;AAAA,kBAED,CAACC,OAAO,CAACC,GAAR,CAAYC,iBAAb,IAAkC,CAACF,OAAO,CAACC,GAAR,CAAYE,sBAF9C;AAAA;AAAA;AAAA;;AAGHP,YAAAA,MAAM,CAACQ,KAAP,CAAa,uDAAb;AAHG,6CAII,IAJJ;;AAAA;AAAA;AAAA;AAAA,mBASsBC,aAAa,EATnC;;AAAA;AASGC,YAAAA,UATH;;AAAA,gBAUEA,UAVF;AAAA;AAAA;AAAA;;AAWDV,YAAAA,MAAM,CAACW,IAAP,CAAY,sCAAZ;AAXC,6CAYM,IAZN;;AAAA;AAeH;AACMC,YAAAA,UAhBH,GAgBgB,IAAIC,IAAJ,EAhBhB;AAiBHD,YAAAA,UAAU,CAACE,OAAX,CAAmBF,UAAU,CAACG,OAAX,KAAuB,KAAK,EAAL,GAAU,EAAV,GAAe,EAAf,GAAoB,IAA9D,EAjBG,CAmBH;;AACMC,YAAAA,kBApBH,qBAoBmCZ,OAAO,CAACC,GAAR,CAAYC,iBApB/C;AAqBGW,YAAAA,YArBH,GAqBkBd,aAAa,aAAMA,aAAN,UAA0B,GArBzD;AAsBGe,YAAAA,UAtBH,aAsBmBF,kBAtBnB,cAsByCC,YAtBzC,GAwBH;;AACME,YAAAA,aAzBH,GAyBmBrB,gBAAgB,CAAC;AACrCsB,cAAAA,GAAG,EAAEF,UADgC;AAErCG,cAAAA,SAAS,EAAEjB,OAAO,CAACC,GAAR,CAAYE,sBAFc;AAGrCG,cAAAA,UAAU,EAAEA,UAHyB;AAIrCY,cAAAA,YAAY,EAAEV,UAAU,CAACG,OAAX,EAJuB,CAID;;AAJC,aAAD,CAzBnC;AAgCHf,YAAAA,MAAM,CAACuB,IAAP,CAAY,2CAAZ,EAAyD;AACvDrB,cAAAA,MAAM,EAANA,MADuD;AAEvDC,cAAAA,aAAa,EAAbA,aAFuD;AAGvDc,cAAAA,YAAY,EAAZA,YAHuD;AAIvDL,cAAAA,UAAU,EAAEA,UAAU,CAACY,WAAX;AAJ2C,aAAzD;AAhCG,6CAuCIL,aAvCJ;;AAAA;AAAA;AAAA;AAyCHnB,YAAAA,MAAM,CAACyB,KAAP,CAAa,uCAAb,EAAsD;AACpDvB,cAAAA,MAAM,EAANA,MADoD;AAEpDC,cAAAA,aAAa,EAAbA,aAFoD;AAGpDsB,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,YAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,YAAMA;AAFP;AAH6C,aAAtD;AAzCG,6CAiDI,IAjDJ;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G;;;;AAqDP,IAAIC,eAAe,GAAG,IAAtB;AACA,IAAIC,WAAW,GAAG,IAAlB;AACA,IAAMC,SAAS,GAAG,IAAI,EAAJ,GAAS,IAA3B,C,CAAgC;;SAEjBrB,a;;;;;4EAAf;AAAA;AAAA;AAAA;AAAA;AAAA;AACQsB,YAAAA,GADR,GACclB,IAAI,CAACkB,GAAL,EADd;;AAAA,kBAGMH,eAAe,IAAIC,WAAnB,IAAkCE,GAAG,GAAGF,WAH9C;AAAA;AAAA;AAAA;;AAAA,8CAIWD,eAJX;;AAAA;AAAA,gBAOOxB,OAAO,CAACC,GAAR,CAAY2B,gCAPnB;AAAA;AAAA;AAAA;;AAQIhC,YAAAA,MAAM,CAACW,IAAP,CAAY,iDAAZ;AARJ,8CASW,IATX;;AAAA;AAAA;AAAA;AAAA,mBAa6BZ,cAAc,CACrCK,OAAO,CAACC,GAAR,CAAY2B,gCADyB,EAErC,wBAFqC,CAb3C;;AAAA;AAaUtB,YAAAA,UAbV;AAkBIkB,YAAAA,eAAe,GAAGlB,UAAlB;AACAmB,YAAAA,WAAW,GAAGE,GAAG,GAAGD,SAApB;AAEA9B,YAAAA,MAAM,CAACQ,KAAP,CAAa,6CAAb;AArBJ,8CAsBWE,UAtBX;;AAAA;AAAA;AAAA;AAwBIV,YAAAA,MAAM,CAACyB,KAAP,CAAa,2CAAb,EAA0D;AACxDQ,cAAAA,QAAQ,EAAE7B,OAAO,CAACC,GAAR,CAAY2B,gCADkC;AAExDP,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,aAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,aAAMA;AAFP;AAFiD,aAA1D;AAxBJ,8CA+BW,IA/BX;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G","sourcesContent":["const { getSignedCookies } = require('@aws-sdk/cloudfront-signer')\nconst { getSecretValue } = require('../get-secret-value')\nconst logger = require('../../logger')\n\n/**\n * Generate CloudFront signed cookies for authenticated users\n * @param {Object} options - Configuration options\n * @param {string} options.userId - User ID for logging purposes\n * @param {string} options.applicationId - Application ID for resource scoping\n * Return Type: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-cloudfront-signer/Interface/CloudfrontSignedCookiesOutput/\n * @returns {Promise<{\n * \"CloudFront-Key-Pair-Id\": string,\n * \"CloudFront-Signature\": string,\n * \"CloudFront-Expires\"?: number,\n * \"CloudFront-Policy\"?: string\n * } | null>} Signed cookies object or null if disabled/failed\n */\n\nexport async function generateCloudFrontCookies({ userId, applicationId }) {\n // Early return if CloudFront is not configured\n if (!process.env.CLOUDFRONT_DOMAIN || !process.env.CLOUDFRONT_KEY_PAIR_ID) {\n logger.debug('CloudFront cookie generation skipped - not configured')\n return null\n }\n\n try {\n // Get private key from AWS Secrets Manager\n const privateKey = await getPrivateKey()\n if (!privateKey) {\n logger.warn('CloudFront private key not available')\n return null\n }\n\n // Set expiration time (14 days from now)\n const expiration = new Date()\n expiration.setTime(expiration.getTime() + 14 * 24 * 60 * 60 * 1000)\n\n // Generate resource URL pattern for wildcard access\n const distributionDomain = `https://${process.env.CLOUDFRONT_DOMAIN}`\n const resourcePath = applicationId ? `${applicationId}/*` : '*'\n const urlPattern = `${distributionDomain}/${resourcePath}`\n\n // Generate signed cookies\n const signedCookies = getSignedCookies({\n url: urlPattern,\n keyPairId: process.env.CLOUDFRONT_KEY_PAIR_ID,\n privateKey: privateKey,\n dateLessThan: expiration.getTime(), // Use epoch timestamp in milliseconds\n })\n\n logger.info('CloudFront cookies generated successfully', {\n userId,\n applicationId,\n resourcePath,\n expiration: expiration.toISOString(),\n })\n\n return signedCookies\n } catch (error) {\n logger.error('Failed to generate CloudFront cookies', {\n userId,\n applicationId,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n\nlet privateKeyCache = null\nlet cacheExpiry = null\nconst CACHE_TTL = 5 * 60 * 1000 // 5 minutes\n\nasync function getPrivateKey() {\n const now = Date.now()\n\n if (privateKeyCache && cacheExpiry && now < cacheExpiry) {\n return privateKeyCache\n }\n\n if (!process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID) {\n logger.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured')\n return null\n }\n\n try {\n const privateKey = await getSecretValue(\n process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n 'CLOUDFRONT_PRIVATE_KEY'\n )\n\n privateKeyCache = privateKey\n cacheExpiry = now + CACHE_TTL\n\n logger.debug('CloudFront private key retrieved and cached')\n return privateKey\n } catch (error) {\n logger.error('Failed to retrieve CloudFront private key', {\n secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n"],"file":"index.js"}
|
|
@@ -1,13 +1,12 @@
|
|
|
1
|
-
import
|
|
2
|
-
import AWS from 'aws-sdk';
|
|
1
|
+
import SecretsManager from '@aws-sdk/client-secrets-manager';
|
|
3
2
|
import { attempt, isError } from 'lodash';
|
|
4
3
|
export default function getSecretValue(secretId, secretKey) {
|
|
5
4
|
if (!secretId) {
|
|
6
|
-
return Promise.reject(new
|
|
5
|
+
return Promise.reject(new Error("Missing required param: secretId:".concat(secretId)));
|
|
7
6
|
} // TODO: update these credentials to specific values for service
|
|
8
7
|
|
|
9
8
|
|
|
10
|
-
var secretsClient = new
|
|
9
|
+
var secretsClient = new SecretsManager({
|
|
11
10
|
accessKeyId: process.env.AWS_KEY,
|
|
12
11
|
region: process.env.AWS_SECRET_MANAGER_REGION,
|
|
13
12
|
secretAccessKey: process.env.AWS_SECRET
|
|
@@ -21,12 +20,12 @@ export default function getSecretValue(secretId, secretKey) {
|
|
|
21
20
|
var secretValue = secret[secretKey];
|
|
22
21
|
|
|
23
22
|
if (!secretValue) {
|
|
24
|
-
throw new
|
|
23
|
+
throw new Error('Secret value could not be found');
|
|
25
24
|
}
|
|
26
25
|
|
|
27
26
|
return secretValue;
|
|
28
27
|
}).catch(function (err) {
|
|
29
|
-
throw new
|
|
28
|
+
throw new Error("AWSSecretFetchError: ".concat(err.code, ", ").concat(err.message));
|
|
30
29
|
});
|
|
31
30
|
}
|
|
32
31
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/helpers/get-secret-value/index.js"],"names":["
|
|
1
|
+
{"version":3,"sources":["../../../src/helpers/get-secret-value/index.js"],"names":["SecretsManager","attempt","isError","getSecretValue","secretId","secretKey","Promise","reject","Error","secretsClient","accessKeyId","process","env","AWS_KEY","region","AWS_SECRET_MANAGER_REGION","secretAccessKey","AWS_SECRET","SecretId","promise","then","payload","secret","parseSecretString","secretValue","catch","err","code","message","secretString","SecretString","parsed","JSON","parse"],"mappings":"AAAA,OAAOA,cAAP,MAA2B,iCAA3B;AACA,SAASC,OAAT,EAAkBC,OAAlB,QAAiC,QAAjC;AAEA,eAAe,SAASC,cAAT,CAAwBC,QAAxB,EAAkCC,SAAlC,EAA6C;AAC1D,MAAI,CAACD,QAAL,EAAe;AACb,WAAOE,OAAO,CAACC,MAAR,CACL,IAAIC,KAAJ,4CAA8CJ,QAA9C,EADK,CAAP;AAGD,GALyD,CAO1D;;;AACA,MAAMK,aAAa,GAAG,IAAIT,cAAJ,CAAmB;AACvCU,IAAAA,WAAW,EAAEC,OAAO,CAACC,GAAR,CAAYC,OADc;AAEvCC,IAAAA,MAAM,EAAEH,OAAO,CAACC,GAAR,CAAYG,yBAFmB;AAGvCC,IAAAA,eAAe,EAAEL,OAAO,CAACC,GAAR,CAAYK;AAHU,GAAnB,CAAtB;AAMA,SAAOR,aAAa,CACjBN,cADI,CACW;AAAEe,IAAAA,QAAQ,EAAEd;AAAZ,GADX,EAEJe,OAFI,GAGJC,IAHI,CAGC,UAAAC,OAAO,EAAI;AACf,QAAMC,MAAM,GAAGC,iBAAiB,CAACF,OAAD,CAAhC,CADe,CAGf;;AACA,QAAI,CAAChB,SAAL,EAAgB,OAAOiB,MAAP;AAEhB,QAAME,WAAW,GAAGF,MAAM,CAACjB,SAAD,CAA1B;;AAEA,QAAI,CAACmB,WAAL,EAAkB;AAChB,YAAM,IAAIhB,KAAJ,CAAU,iCAAV,CAAN;AACD;;AAED,WAAOgB,WAAP;AACD,GAhBI,EAiBJC,KAjBI,CAiBE,UAAAC,GAAG,EAAI;AACZ,UAAM,IAAIlB,KAAJ,gCAAkCkB,GAAG,CAACC,IAAtC,eAA+CD,GAAG,CAACE,OAAnD,EAAN;AACD,GAnBI,CAAP;AAoBD;;AAED,SAASL,iBAAT,CAA2BF,OAA3B,EAAoC;AAClC,MAAMQ,YAAY,GAAGR,OAAO,CAACS,YAAR,IAAwB,EAA7C;AAEA,MAAMC,MAAM,GAAG9B,OAAO,CAAC+B,IAAI,CAACC,KAAN,EAAaJ,YAAb,CAAtB;AAEA,SAAO3B,OAAO,CAAC6B,MAAD,CAAP,GAAkB,EAAlB,GAAuBA,MAA9B;AACD","sourcesContent":["import SecretsManager from '@aws-sdk/client-secrets-manager'\nimport { attempt, isError } from 'lodash'\n\nexport default function getSecretValue(secretId, secretKey) {\n if (!secretId) {\n return Promise.reject(\n new Error(`Missing required param: secretId:${secretId}`)\n )\n }\n\n // TODO: update these credentials to specific values for service\n const secretsClient = new SecretsManager({\n accessKeyId: process.env.AWS_KEY,\n region: process.env.AWS_SECRET_MANAGER_REGION,\n secretAccessKey: process.env.AWS_SECRET,\n })\n\n return secretsClient\n .getSecretValue({ SecretId: secretId })\n .promise()\n .then(payload => {\n const secret = parseSecretString(payload)\n\n // Return early if secretKey isn't defined (we want the full set of key/values)\n if (!secretKey) return secret\n\n const secretValue = secret[secretKey]\n\n if (!secretValue) {\n throw new Error('Secret value could not be found')\n }\n\n return secretValue\n })\n .catch(err => {\n throw new Error(`AWSSecretFetchError: ${err.code}, ${err.message}`)\n })\n}\n\nfunction parseSecretString(payload) {\n const secretString = payload.SecretString || ''\n\n const parsed = attempt(JSON.parse, secretString)\n\n return isError(parsed) ? {} : parsed\n}\n"],"file":"index.js"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lighthouse/common",
|
|
3
|
-
"version": "4.37.0-canary-
|
|
3
|
+
"version": "4.37.0-canary-4",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "lib/index.js",
|
|
@@ -38,7 +38,8 @@
|
|
|
38
38
|
},
|
|
39
39
|
"homepage": "https://github.com/Lighthouse-io/common#readme",
|
|
40
40
|
"dependencies": {
|
|
41
|
-
"@aws-sdk/
|
|
41
|
+
"@aws-sdk/client-secrets-manager": "^3.307.0",
|
|
42
|
+
"@aws-sdk/cloudfront-signer": "^3.307.0",
|
|
42
43
|
"@lighthouse/abab": "^0.0.6",
|
|
43
44
|
"bluebird": "^3.7.2",
|
|
44
45
|
"fetch-ponyfill": "^6.1.0",
|