@lighthouse/common 4.37.0-canary-4 → 4.37.0-canary-6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/helpers/build-fetch-url/index.js +6 -0
  2. package/dist/helpers/fetch-image/index.js +49 -9
  3. package/dist/helpers/get-cloudfront-cookies/index.js +14 -17
  4. package/dist/helpers/get-secret-value/index.js +2 -2
  5. package/lib/helpers/build-fetch-url/index.js +6 -0
  6. package/lib/helpers/build-fetch-url/index.js.map +1 -1
  7. package/lib/helpers/fetch-image/index.js +80 -21
  8. package/lib/helpers/fetch-image/index.js.map +1 -1
  9. package/lib/helpers/get-cloudfront-cookies/index.js +10 -16
  10. package/lib/helpers/get-cloudfront-cookies/index.js.map +1 -1
  11. package/lib/helpers/get-secret-value/index.js +2 -2
  12. package/lib/helpers/get-secret-value/index.js.map +1 -1
  13. package/package.json +2 -3
package/dist/helpers/build-fetch-url/index.js CHANGED
@@ -15,8 +15,14 @@ function buildFetchUrl(url, options) {
15
15
  width,
16
16
  quality
17
17
  } = options;
18
+ console.info('Building fetch URL', {
19
+ url,
20
+ cloudfrontBaseUrl,
21
+ cloudinaryBaseUrl
22
+ });
18
23
 
19
24
  if (cloudfrontBaseUrl) {
25
+ console.info('Using CloudFront base URL', cloudfrontBaseUrl);
20
26
  const transformations = [];
21
27
  let transformationsString = '';
22
28
  if (width) transformations.push(`w_${width.toString()}`);
package/dist/helpers/fetch-image/index.js CHANGED
@@ -49,21 +49,61 @@ function fetchImage(url, options = {}) {
49
49
  ...options
50
50
  };
51
51
  const applicationId = options.applicationId;
52
-
53
- if (url.contains('.cloudfront.net')) {
52
+ const shouldUseCloudfront = url && url.includes('.cloudfront.net');
53
+ const {
54
+ isHeader = false
55
+ } = options;
56
+ return shouldUseCloudfront ? (async () => {
54
57
  fetchOptions.credentials = 'include'; // Ensure cookies are sent with the request
55
58
 
56
- const signedCookies = (0, _getCloudfrontCookies.generateCloudFrontCookies)({
59
+ const signedCookies = await (0, _getCloudfrontCookies.generateCloudFrontCookies)({
57
60
  userId: 'anonymous',
58
61
  applicationId
59
62
  });
60
63
  fetchOptions.headers.Cookie = Object.entries(signedCookies).map(([key, value]) => `${key}=${value}`).join('; ');
61
- }
62
-
63
- const {
64
- isHeader = false
65
- } = options;
66
- return fetch(encodedUrl, fetchOptions).then(response => {
64
+ return fetch(encodedUrl, fetchOptions).then(response => {
65
+ const contentHeader = response.headers.get('content-length');
66
+ const contentType = response.headers.get('content-type'); // NOTE: the response will be ok but we won't be able to render any
67
+ // image meaning pdfmake will error. Raise error here and return early.
68
+
69
+ if (contentHeader === '0') {
70
+ return _bluebird.default.reject(new Error(`Failed to fetch image as no content length: ${encodedUrl}`));
71
+ }
72
+
73
+ if (!response.ok) {
74
+ return _bluebird.default.reject(new Error(`Failed to fetch image: ${encodedUrl}`));
75
+ }
76
+
77
+ const imageType = contentTypes[contentType];
78
+ return response.arrayBuffer().then(buffer => ({
79
+ buffer,
80
+ imageType
81
+ }));
82
+ }).then(({
83
+ buffer,
84
+ imageType
85
+ }) => {
86
+ const base64Flag = `data:image/${imageType};base64,`;
87
+ const imageStr = arrayBufferToBase64(buffer);
88
+ const base64 = `${base64Flag}${imageStr}`;
89
+ const isValid = validateBase64Image(base64);
90
+
91
+ if (!isValid) {
92
+ return _bluebird.default.reject(new Error('InvalidImageError'));
93
+ }
94
+
95
+ return base64;
96
+ }).catch(error => {
97
+ if (isHeader) {
98
+ // NOTE: Replace failed headers with LH logo
99
+ console.error('FetchImageHeaderError', error);
100
+ return fetchImage(_constants.LIGHTHOUSE_LOGO_URL, defaultOptions);
101
+ }
102
+
103
+ console.error(error);
104
+ return _images.imageNotFound;
105
+ });
106
+ })() : fetch(encodedUrl, fetchOptions).then(response => {
67
107
  const contentHeader = response.headers.get('content-length');
68
108
  const contentType = response.headers.get('content-type'); // NOTE: the response will be ok but we won't be able to render any
69
109
  // image meaning pdfmake will error. Raise error here and return early.
package/dist/helpers/get-cloudfront-cookies/index.js CHANGED
@@ -1,19 +1,18 @@
1
1
  "use strict";
2
2
 
3
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
4
+
3
5
  Object.defineProperty(exports, "__esModule", {
4
6
  value: true
5
7
  });
6
8
  exports.generateCloudFrontCookies = generateCloudFrontCookies;
7
9
 
8
- const {
9
- getSignedCookies
10
- } = require('@aws-sdk/cloudfront-signer');
10
+ var _awsSdk = _interopRequireDefault(require("aws-sdk"));
11
+
12
+ var _getSecretValue = require("../get-secret-value");
11
13
 
12
- const {
13
- getSecretValue
14
- } = require('../get-secret-value');
14
+ const getSignedCookies = _awsSdk.default.CloudFront.Signer.getSignedCookies;
15
15
 
16
- const logger = require('../../logger');
17
16
  /**
18
17
  * Generate CloudFront signed cookies for authenticated users
19
18
  * @param {Object} options - Configuration options
@@ -27,15 +26,13 @@ const logger = require('../../logger');
27
26
  * "CloudFront-Policy"?: string
28
27
  * } | null>} Signed cookies object or null if disabled/failed
29
28
  */
30
-
31
-
32
29
  async function generateCloudFrontCookies({
33
30
  userId,
34
31
  applicationId
35
32
  }) {
36
33
  // Early return if CloudFront is not configured
37
34
  if (!process.env.CLOUDFRONT_DOMAIN || !process.env.CLOUDFRONT_KEY_PAIR_ID) {
38
- logger.debug('CloudFront cookie generation skipped - not configured');
35
+ console.debug('CloudFront cookie generation skipped - not configured');
39
36
  return null;
40
37
  }
41
38
 
@@ -44,7 +41,7 @@ async function generateCloudFrontCookies({
44
41
  const privateKey = await getPrivateKey();
45
42
 
46
43
  if (!privateKey) {
47
- logger.warn('CloudFront private key not available');
44
+ console.warn('CloudFront private key not available');
48
45
  return null;
49
46
  } // Set expiration time (14 days from now)
50
47
 
@@ -63,7 +60,7 @@ async function generateCloudFrontCookies({
63
60
  dateLessThan: expiration.getTime() // Use epoch timestamp in milliseconds
64
61
 
65
62
  });
66
- logger.info('CloudFront cookies generated successfully', {
63
+ console.info('CloudFront cookies generated successfully', {
67
64
  userId,
68
65
  applicationId,
69
66
  resourcePath,
@@ -71,7 +68,7 @@ async function generateCloudFrontCookies({
71
68
  });
72
69
  return signedCookies;
73
70
  } catch (error) {
74
- logger.error('Failed to generate CloudFront cookies', {
71
+ console.error('Failed to generate CloudFront cookies', {
75
72
  userId,
76
73
  applicationId,
77
74
  error: {
@@ -95,18 +92,18 @@ async function getPrivateKey() {
95
92
  }
96
93
 
97
94
  if (!process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID) {
98
- logger.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured');
95
+ console.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured');
99
96
  return null;
100
97
  }
101
98
 
102
99
  try {
103
- const privateKey = await getSecretValue(process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID, 'CLOUDFRONT_PRIVATE_KEY');
100
+ const privateKey = await (0, _getSecretValue.getSecretValue)(process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID, 'CLOUDFRONT_PRIVATE_KEY');
104
101
  privateKeyCache = privateKey;
105
102
  cacheExpiry = now + CACHE_TTL;
106
- logger.debug('CloudFront private key retrieved and cached');
103
+ console.debug('CloudFront private key retrieved and cached');
107
104
  return privateKey;
108
105
  } catch (error) {
109
- logger.error('Failed to retrieve CloudFront private key', {
106
+ console.error('Failed to retrieve CloudFront private key', {
110
107
  secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,
111
108
  error: {
112
109
  message: error.message,
package/dist/helpers/get-secret-value/index.js CHANGED
@@ -7,7 +7,7 @@ Object.defineProperty(exports, "__esModule", {
7
7
  });
8
8
  exports.default = getSecretValue;
9
9
 
10
- var _clientSecretsManager = _interopRequireDefault(require("@aws-sdk/client-secrets-manager"));
10
+ var _awsSdk = _interopRequireDefault(require("aws-sdk"));
11
11
 
12
12
  var _lodash = require("lodash");
13
13
 
@@ -17,7 +17,7 @@ function getSecretValue(secretId, secretKey) {
17
17
  } // TODO: update these credentials to specific values for service
18
18
 
19
19
 
20
- const secretsClient = new _clientSecretsManager.default({
20
+ const secretsClient = new _awsSdk.default.SecretsManager({
21
21
  accessKeyId: process.env.AWS_KEY,
22
22
  region: process.env.AWS_SECRET_MANAGER_REGION,
23
23
  secretAccessKey: process.env.AWS_SECRET
package/lib/helpers/build-fetch-url/index.js CHANGED
@@ -7,8 +7,14 @@ export function buildFetchUrl(url, options) {
7
7
  height = options.height,
8
8
  width = options.width,
9
9
  quality = options.quality;
10
+ console.info('Building fetch URL', {
11
+ url: url,
12
+ cloudfrontBaseUrl: cloudfrontBaseUrl,
13
+ cloudinaryBaseUrl: cloudinaryBaseUrl
14
+ });
10
15
 
11
16
  if (cloudfrontBaseUrl) {
17
+ console.info('Using CloudFront base URL', cloudfrontBaseUrl);
12
18
  var _transformations = [];
13
19
  var _transformationsString = '';
14
20
  if (width) _transformations.push("w_".concat(width.toString()));
package/lib/helpers/build-fetch-url/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/helpers/build-fetch-url/index.js"],"names":["buildFetchUrl","url","options","awsS3BaseUrl","cloudfrontBaseUrl","cloudinaryBaseUrl","fit","height","width","quality","transformations","transformationsString","push","toString","fetchUrl","join"],"mappings":"AAAA,OAAO,SAASA,aAAT,CAAuBC,GAAvB,EAA4BC,OAA5B,EAAqC;AAAA,MAExCC,YAFwC,GAStCD,OATsC,CAExCC,YAFwC;AAAA,8BAStCD,OATsC,CAGxCE,iBAHwC;AAAA,MAGxCA,iBAHwC,sCAGpB,EAHoB;AAAA,MAIxCC,iBAJwC,GAStCH,OATsC,CAIxCG,iBAJwC;AAAA,MAKxCC,GALwC,GAStCJ,OATsC,CAKxCI,GALwC;AAAA,MAMxCC,MANwC,GAStCL,OATsC,CAMxCK,MANwC;AAAA,MAOxCC,KAPwC,GAStCN,OATsC,CAOxCM,KAPwC;AAAA,MAQxCC,OARwC,GAStCP,OATsC,CAQxCO,OARwC;;AAW1C,MAAIL,iBAAJ,EAAuB;AACrB,QAAMM,gBAAe,GAAG,EAAxB;AACA,QAAIC,sBAAqB,GAAG,EAA5B;AAEA,QAAIH,KAAJ,EAAWE,gBAAe,CAACE,IAAhB,aAA0BJ,KAAK,CAACK,QAAN,EAA1B;AACX,QAAIN,MAAJ,EAAYG,gBAAe,CAACE,IAAhB,aAA0BL,MAAM,CAACM,QAAP,EAA1B;AACZ,QAAIJ,OAAJ,EAAaC,gBAAe,CAACE,IAAhB,aAA0BH,OAAO,CAACI,QAAR,EAA1B;AACb,QAAIP,GAAJ,EAASI,gBAAe,CAACE,IAAhB,CAAqB,OAArB;;AAET,QAAME,SAAQ,aAAMV,iBAAN,cAA2BO,sBAA3B,SAAmDR,YAAnD,cAAmEF,GAAnE,CAAd;;AACA,WAAOa,SAAP;AACD;;AAED,MAAMJ,eAAe,GAAG,EAAxB;AACA,MAAIC,qBAAqB,GAAG,EAA5B;AAEA,MAAIH,KAAJ,EAAWE,eAAe,CAACE,IAAhB,aAA0BJ,KAAK,CAACK,QAAN,EAA1B;AACX,MAAIN,MAAJ,EAAYG,eAAe,CAACE,IAAhB,aAA0BL,MAAM,CAACM,QAAP,EAA1B;AACZ,MAAIJ,OAAJ,EAAaC,eAAe,CAACE,IAAhB,aAA0BH,OAAO,CAACI,QAAR,EAA1B;AACb,MAAIP,GAAJ,EAASI,eAAe,CAACE,IAAhB,CAAqB,OAArB;AAETD,EAAAA,qBAAqB,aAAMD,eAAe,CAACK,IAAhB,CAAqB,GAArB,CAAN,MAArB;AAEA,MAAMD,QAAQ,aAAMT,iBAAN,cAA2BM,qBAA3B,SAAmDR,YAAnD,cAAmEF,GAAnE,CAAd;AAEA,SAAOa,QAAP;AACD","sourcesContent":["export function buildFetchUrl(url, options) {\n const {\n awsS3BaseUrl,\n cloudfrontBaseUrl = '',\n cloudinaryBaseUrl,\n fit,\n height,\n width,\n quality,\n } = options\n\n if (cloudfrontBaseUrl) {\n const transformations = []\n let transformationsString = ''\n\n if (width) transformations.push(`w_${width.toString()}`)\n if (height) transformations.push(`h_${height.toString()}`)\n if (quality) transformations.push(`q_${quality.toString()}`)\n if (fit) transformations.push('c_fit')\n\n const fetchUrl = `${cloudfrontBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n return fetchUrl\n }\n\n const transformations = []\n let transformationsString = ''\n\n if (width) transformations.push(`w_${width.toString()}`)\n if (height) transformations.push(`h_${height.toString()}`)\n if (quality) transformations.push(`q_${quality.toString()}`)\n if (fit) transformations.push('c_fit')\n\n transformationsString = `${transformations.join(',')}/`\n\n const fetchUrl = `${cloudinaryBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n\n return fetchUrl\n}\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../src/helpers/build-fetch-url/index.js"],"names":["buildFetchUrl","url","options","awsS3BaseUrl","cloudfrontBaseUrl","cloudinaryBaseUrl","fit","height","width","quality","console","info","transformations","transformationsString","push","toString","fetchUrl","join"],"mappings":"AAAA,OAAO,SAASA,aAAT,CAAuBC,GAAvB,EAA4BC,OAA5B,EAAqC;AAAA,MAExCC,YAFwC,GAStCD,OATsC,CAExCC,YAFwC;AAAA,8BAStCD,OATsC,CAGxCE,iBAHwC;AAAA,MAGxCA,iBAHwC,sCAGpB,EAHoB;AAAA,MAIxCC,iBAJwC,GAStCH,OATsC,CAIxCG,iBAJwC;AAAA,MAKxCC,GALwC,GAStCJ,OATsC,CAKxCI,GALwC;AAAA,MAMxCC,MANwC,GAStCL,OATsC,CAMxCK,MANwC;AAAA,MAOxCC,KAPwC,GAStCN,OATsC,CAOxCM,KAPwC;AAAA,MAQxCC,OARwC,GAStCP,OATsC,CAQxCO,OARwC;AAW1CC,EAAAA,OAAO,CAACC,IAAR,CAAa,oBAAb,EAAmC;AACjCV,IAAAA,GAAG,EAAHA,GADiC;AAEjCG,IAAAA,iBAAiB,EAAjBA,iBAFiC;AAGjCC,IAAAA,iBAAiB,EAAjBA;AAHiC,GAAnC;;AAMA,MAAID,iBAAJ,EAAuB;AACrBM,IAAAA,OAAO,CAACC,IAAR,CAAa,2BAAb,EAA0CP,iBAA1C;AACA,QAAMQ,gBAAe,GAAG,EAAxB;AACA,QAAIC,sBAAqB,GAAG,EAA5B;AAEA,QAAIL,KAAJ,EAAWI,gBAAe,CAACE,IAAhB,aAA0BN,KAAK,CAACO,QAAN,EAA1B;AACX,QAAIR,MAAJ,EAAYK,gBAAe,CAACE,IAAhB,aAA0BP,MAAM,CAACQ,QAAP,EAA1B;AACZ,QAAIN,OAAJ,EAAaG,gBAAe,CAACE,IAAhB,aAA0BL,OAAO,CAACM,QAAR,EAA1B;AACb,QAAIT,GAAJ,EAASM,gBAAe,CAACE,IAAhB,CAAqB,OAArB;;AAET,QAAME,SAAQ,aAAMZ,iBAAN,cAA2BS,sBAA3B,SAAmDV,YAAnD,cAAmEF,GAAnE,CAAd;;AACA,WAAOe,SAAP;AACD;;AAED,MAAMJ,eAAe,GAAG,EAAxB;AACA,MAAIC,qBAAqB,GAAG,EAA5B;AAEA,MAAIL,KAAJ,EAAWI,eAAe,CAACE,IAAhB,aAA0BN,KAAK,CAACO,QAAN,EAA1B;AACX,MAAIR,MAAJ,EAAYK,eAAe,CAACE,IAAhB,aAA0BP,MAAM,CAACQ,QAAP,EAA1B;AACZ,MAAIN,OAAJ,EAAaG,eAAe,CAACE,IAAhB,aAA0BL,OAAO,CAACM,QAAR,EAA1B;AACb,MAAIT,GAAJ,EAASM,eAAe,CAACE,IAAhB,CAAqB,OAArB;AAETD,EAAAA,qBAAqB,aAAMD,eAAe,CAACK,IAAhB,CAAqB,GAArB,CAAN,MAArB;AAEA,MAAMD,QAAQ,aAAMX,iBAAN,cAA2BQ,qBAA3B,SAAmDV,YAAnD,cAAmEF,GAAnE,CAAd;AAEA,SAAOe,QAAP;AACD","sourcesContent":["export function buildFetchUrl(url, options) {\n const {\n awsS3BaseUrl,\n cloudfrontBaseUrl = '',\n cloudinaryBaseUrl,\n fit,\n height,\n width,\n quality,\n } = options\n\n console.info('Building fetch URL', {\n url,\n cloudfrontBaseUrl,\n cloudinaryBaseUrl,\n })\n\n if (cloudfrontBaseUrl) {\n console.info('Using CloudFront base URL', cloudfrontBaseUrl)\n const transformations = []\n let transformationsString = ''\n\n if (width) transformations.push(`w_${width.toString()}`)\n if (height) transformations.push(`h_${height.toString()}`)\n if (quality) transformations.push(`q_${quality.toString()}`)\n if (fit) transformations.push('c_fit')\n\n const fetchUrl = `${cloudfrontBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n return fetchUrl\n }\n\n const transformations = []\n let transformationsString = ''\n\n if (width) transformations.push(`w_${width.toString()}`)\n if (height) transformations.push(`h_${height.toString()}`)\n if (quality) transformations.push(`q_${quality.toString()}`)\n if (fit) transformations.push('c_fit')\n\n transformationsString = `${transformations.join(',')}/`\n\n const fetchUrl = `${cloudinaryBaseUrl}/${transformationsString}${awsS3BaseUrl}/${url}`\n\n return fetchUrl\n}\n"],"file":"index.js"}
package/lib/helpers/fetch-image/index.js CHANGED
@@ -1,4 +1,6 @@
1
+ import _regeneratorRuntime from "@babel/runtime/regenerator";
1
2
  import _slicedToArray from "@babel/runtime/helpers/slicedToArray";
3
+ import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
2
4
  import _defineProperty from "@babel/runtime/helpers/defineProperty";
3
5
  import _typeof from "@babel/runtime/helpers/typeof";
4
6
 
@@ -39,26 +41,83 @@ export function fetchImage(url) {
39
41
  var fetchOptions = _objectSpread(_objectSpread({}, defaultOptions), options);
40
42
 
41
43
  var applicationId = options.applicationId;
42
-
43
- if (url.contains('.cloudfront.net')) {
44
- fetchOptions.credentials = 'include'; // Ensure cookies are sent with the request
45
-
46
- var signedCookies = generateCloudFrontCookies({
47
- userId: 'anonymous',
48
- applicationId: applicationId
49
- });
50
- fetchOptions.headers.Cookie = Object.entries(signedCookies).map(function (_ref) {
51
- var _ref2 = _slicedToArray(_ref, 2),
52
- key = _ref2[0],
53
- value = _ref2[1];
54
-
55
- return "".concat(key, "=").concat(value);
56
- }).join('; ');
57
- }
58
-
44
+ var shouldUseCloudfront = url && url.includes('.cloudfront.net');
59
45
  var _options$isHeader = options.isHeader,
60
46
  isHeader = _options$isHeader === void 0 ? false : _options$isHeader;
61
- return fetch(encodedUrl, fetchOptions).then(function (response) {
47
+ return shouldUseCloudfront ? _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee() {
48
+ var signedCookies;
49
+ return _regeneratorRuntime.wrap(function _callee$(_context) {
50
+ while (1) {
51
+ switch (_context.prev = _context.next) {
52
+ case 0:
53
+ fetchOptions.credentials = 'include'; // Ensure cookies are sent with the request
54
+
55
+ _context.next = 3;
56
+ return generateCloudFrontCookies({
57
+ userId: 'anonymous',
58
+ applicationId: applicationId
59
+ });
60
+
61
+ case 3:
62
+ signedCookies = _context.sent;
63
+ fetchOptions.headers.Cookie = Object.entries(signedCookies).map(function (_ref2) {
64
+ var _ref3 = _slicedToArray(_ref2, 2),
65
+ key = _ref3[0],
66
+ value = _ref3[1];
67
+
68
+ return "".concat(key, "=").concat(value);
69
+ }).join('; ');
70
+ return _context.abrupt("return", fetch(encodedUrl, fetchOptions).then(function (response) {
71
+ var contentHeader = response.headers.get('content-length');
72
+ var contentType = response.headers.get('content-type'); // NOTE: the response will be ok but we won't be able to render any
73
+ // image meaning pdfmake will error. Raise error here and return early.
74
+
75
+ if (contentHeader === '0') {
76
+ return Promise.reject(new Error("Failed to fetch image as no content length: ".concat(encodedUrl)));
77
+ }
78
+
79
+ if (!response.ok) {
80
+ return Promise.reject(new Error("Failed to fetch image: ".concat(encodedUrl)));
81
+ }
82
+
83
+ var imageType = contentTypes[contentType];
84
+ return response.arrayBuffer().then(function (buffer) {
85
+ return {
86
+ buffer: buffer,
87
+ imageType: imageType
88
+ };
89
+ });
90
+ }).then(function (_ref4) {
91
+ var buffer = _ref4.buffer,
92
+ imageType = _ref4.imageType;
93
+ var base64Flag = "data:image/".concat(imageType, ";base64,");
94
+ var imageStr = arrayBufferToBase64(buffer);
95
+ var base64 = "".concat(base64Flag).concat(imageStr);
96
+ var isValid = validateBase64Image(base64);
97
+
98
+ if (!isValid) {
99
+ return Promise.reject(new Error('InvalidImageError'));
100
+ }
101
+
102
+ return base64;
103
+ }).catch(function (error) {
104
+ if (isHeader) {
105
+ // NOTE: Replace failed headers with LH logo
106
+ console.error('FetchImageHeaderError', error);
107
+ return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions);
108
+ }
109
+
110
+ console.error(error);
111
+ return imageNotFound;
112
+ }));
113
+
114
+ case 6:
115
+ case "end":
116
+ return _context.stop();
117
+ }
118
+ }
119
+ }, _callee);
120
+ }))() : fetch(encodedUrl, fetchOptions).then(function (response) {
62
121
  var contentHeader = response.headers.get('content-length');
63
122
  var contentType = response.headers.get('content-type'); // NOTE: the response will be ok but we won't be able to render any
64
123
  // image meaning pdfmake will error. Raise error here and return early.
@@ -78,9 +137,9 @@ export function fetchImage(url) {
78
137
  imageType: imageType
79
138
  };
80
139
  });
81
- }).then(function (_ref3) {
82
- var buffer = _ref3.buffer,
83
- imageType = _ref3.imageType;
140
+ }).then(function (_ref5) {
141
+ var buffer = _ref5.buffer,
142
+ imageType = _ref5.imageType;
84
143
  var base64Flag = "data:image/".concat(imageType, ";base64,");
85
144
  var imageStr = arrayBufferToBase64(buffer);
86
145
  var base64 = "".concat(base64Flag).concat(imageStr);
package/lib/helpers/fetch-image/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/helpers/fetch-image/index.js"],"names":["atob","btoa","fetchPonyfill","Promise","LIGHTHOUSE_LOGO_URL","imageNotFound","generateCloudFrontCookies","fetch","self","contentTypes","defaultOptions","cache","fetchImage","url","options","encodedUrl","encodeURI","fetchOptions","applicationId","contains","credentials","signedCookies","userId","headers","Cookie","Object","entries","map","key","value","join","isHeader","then","response","contentHeader","get","contentType","reject","Error","ok","imageType","arrayBuffer","buffer","base64Flag","imageStr","arrayBufferToBase64","base64","isValid","validateBase64Image","catch","error","console","binary","bytes","slice","call","Uint8Array","forEach","b","String","fromCharCode","base64String","isJpeg","startsWith","validateJpegImage","isPng","validatePngImage","base64string","src","imageData","from","replace","c","charCodeAt","imageCorrupted","length","sequence","i"],"mappings":";;;;;;;;AAAA,SAASA,IAAT,EAAeC,IAAf,QAA2B,kBAA3B;AACA,OAAOC,aAAP,MAA0B,gBAA1B;AACA,OAAOC,OAAP,MAAoB,UAApB;AACA,SAASC,mBAAT,QAAoC,iBAApC;AACA,SAASC,aAAT,QAA8B,cAA9B;AACA,SAASC,yBAAT,QAA0C,2BAA1C,C,CACA;AACA;AACA;;AACA,IAAMC,KAAK,GACR,QAAOC,IAAP,yCAAOA,IAAP,OAAgB,QAAhB,IAA4BA,IAAI,CAACD,KAAlC,IAA4CL,aAAa,CAAC;AAAEC,EAAAA,OAAO,EAAPA;AAAF,CAAD,CAAb,CAA2BI,KADzE;AAGA,IAAME,YAAY,GAAG;AACnB,eAAa,KADM;AAEnB,gBAAc;AAFK,CAArB;AAKA,IAAMC,cAAc,GAAG;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACAC,EAAAA,KAAK,EAAE;AARc,CAAvB;AAWA,OAAO,SAASC,UAAT,CAAoBC,GAApB,EAAuC;AAAA,MAAdC,OAAc,uEAAJ,EAAI;AAC5C,MAAMC,UAAU,GAAGC,SAAS,CAACH,GAAD,CAA5B;;AACA,MAAMI,YAAY,mCACbP,cADa,GAEbI,OAFa,CAAlB;;AAKA,MAAMI,aAAa,GAAGJ,OAAO,CAACI,aAA9B;;AAEA,MAAIL,GAAG,CAACM,QAAJ,CAAa,iBAAb,CAAJ,EAAqC;AACnCF,IAAAA,YAAY,CAACG,WAAb,GAA2B,SAA3B,CADmC,CACE;;AAErC,QAAMC,aAAa,GAAGf,yBAAyB,CAAC;AAC9CgB,MAAAA,MAAM,EAAE,WADsC;AAE9CJ,MAAAA,aAAa,EAAbA;AAF8C,KAAD,CAA/C;AAKAD,IAAAA,YAAY,CAACM,OAAb,CAAqBC,MAArB,GAA8BC,MAAM,CAACC,OAAP,CAAeL,aAAf,EAC3BM,GAD2B,CACvB;AAAA;AAAA,UAAEC,GAAF;AAAA,UAAOC,KAAP;;AAAA,uBAAqBD,GAArB,cAA4BC,KAA5B;AAAA,KADuB,EAE3BC,IAF2B,CAEtB,IAFsB,CAA9B;AAGD;;AApB2C,0BAsBfhB,OAtBe,CAsBpCiB,QAtBoC;AAAA,MAsBpCA,QAtBoC,kCAsBzB,KAtByB;AAwB5C,SAAOxB,KAAK,CAACQ,UAAD,EAAaE,YAAb,CAAL,CACJe,IADI,CACC,UAAAC,QAAQ,EAAI;AAChB,QAAMC,aAAa,GAAGD,QAAQ,CAACV,OAAT,CAAiBY,GAAjB,CAAqB,gBAArB,CAAtB;AACA,QAAMC,WAAW,GAAGH,QAAQ,CAACV,OAAT,CAAiBY,GAAjB,CAAqB,cAArB,CAApB,CAFgB,CAIhB;AACA;;AACA,QAAID,aAAa,KAAK,GAAtB,EAA2B;AACzB,aAAO/B,OAAO,CAACkC,MAAR,CACL,IAAIC,KAAJ,uDAAyDvB,UAAzD,EADK,CAAP;AAGD;;AAED,QAAI,CAACkB,QAAQ,CAACM,EAAd,EAAkB;AAChB,aAAOpC,OAAO,CAACkC,MAAR,CAAe,IAAIC,KAAJ,kCAAoCvB,UAApC,EAAf,CAAP;AACD;;AAED,QAAMyB,SAAS,GAAG/B,YAAY,CAAC2B,WAAD,CAA9B;AAEA,WAAOH,QAAQ,CAACQ,WAAT,GAAuBT,IAAvB,CAA4B,UAAAU,MAAM;AAAA,aAAK;AAC5CA,QAAAA,MAAM,EAANA,MAD4C;AAE5CF,QAAAA,SAAS,EAATA;AAF4C,OAAL;AAAA,KAAlC,CAAP;AAID,GAvBI,EAwBJR,IAxBI,CAwBC,iBAA2B;AAAA,QAAxBU,MAAwB,SAAxBA,MAAwB;AAAA,QAAhBF,SAAgB,SAAhBA,SAAgB;AAC/B,QAAMG,UAAU,wBAAiBH,SAAjB,aAAhB;AACA,QAAMI,QAAQ,GAAGC,mBAAmB,CAACH,MAAD,CAApC;AAEA,QAAMI,MAAM,aAAMH,UAAN,SAAmBC,QAAnB,CAAZ;AACA,QAAMG,OAAO,GAAGC,mBAAmB,CAACF,MAAD,CAAnC;;AAEA,QAAI,CAACC,OAAL,EAAc;AACZ,aAAO5C,OAAO,CAACkC,MAAR,CAAe,IAAIC,KAAJ,CAAU,mBAAV,CAAf,CAAP;AACD;;AAED,WAAOQ,MAAP;AACD,GApCI,EAqCJG,KArCI,CAqCE,UAAAC,KAAK,EAAI;AACd,QAAInB,QAAJ,EAAc;AACZ;AACAoB,MAAAA,OAAO,CAACD,KAAR,CAAc,uBAAd,EAAuCA,KAAvC;AACA,aAAOtC,UAAU,CAACR,mBAAD,EAAsBM,cAAtB,CAAjB;AACD;;AAEDyC,IAAAA,OAAO,CAACD,KAAR,CAAcA,KAAd;AACA,WAAO7C,aAAP;AACD,GA9CI,CAAP;AA+CD;;AAED,SAASwC,mBAAT,CAA6BH,MAA7B,EAAqC;AACnC,MAAIU,MAAM,GAAG,EAAb;AACA,MAAMC,KAAK,GAAG,GAAGC,KAAH,CAASC,IAAT,CAAc,IAAIC,UAAJ,CAAed,MAAf,CAAd,CAAd;AAEAW,EAAAA,KAAK,CAACI,OAAN,CAAc,UAAAC,CAAC;AAAA,WAAKN,MAAM,IAAIO,MAAM,CAACC,YAAP,CAAoBF,CAApB,CAAf;AAAA,GAAf;AAEA,SAAOzD,IAAI,CAACmD,MAAD,CAAX;AACD;;AAED,OAAO,SAASJ,mBAAT,CAA6Ba,YAA7B,EAA2C;AAChD,MAAMC,MAAM,GAAGD,YAAY,CAACE,UAAb,CAAwB,yBAAxB,CAAf;AAEA,MAAID,MAAJ,EAAY,OAAOE,iBAAiB,CAACH,YAAD,CAAxB;AAEZ,MAAMI,KAAK,GAAGJ,YAAY,CAACE,UAAb,CAAwB,wBAAxB,CAAd;AAEA,MAAIE,KAAJ,EAAW,OAAOC,gBAAgB,CAACL,YAAD,CAAvB;AAEX,SAAO,KAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASG,iBAAT,CAA2BG,YAA3B,EAAyC;AAC9C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBtE,IAAI,CAACoE,GAAG,CAACG,OAAJ,CAAY,yBAAZ,EAAuC,EAAvC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMC,cAAc,GAClBL,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAApC,IACAN,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAFtC;AAIA,SAAOD,cAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASR,gBAAT,CAA0BC,YAA1B,EAAwC;AAC7C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBtE,IAAI,CAACoE,GAAG,CAACG,OAAJ,CAAY,wBAAZ,EAAsC,EAAtC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMG,QAAQ,GAAG,CAAC,CAAD,EAAI,CAAJ,EAAO,CAAP,EAAU,CAAV,EAAa,EAAb,EAAiB,EAAjB,EAAqB,EAArB,EAAyB,EAAzB,EAA6B,GAA7B,EAAkC,EAAlC,EAAsC,EAAtC,EAA0C,GAA1C,CAAjB,CAN6C,CAMmB;AAEhE;;AACA,OAAK,IAAIC,CAAC,GAAG,EAAb,EAAiBA,CAAC,GAAG,CAArB,EAAwBA,CAAC,EAAzB,EAA6B;AAC3B,QAAIR,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmBE,CAApB,CAAT,KAAoCD,QAAQ,CAAC,KAAKC,CAAN,CAAhD,EAA0D;AACxD,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["import { atob, btoa } from '@lighthouse/abab'\nimport fetchPonyfill from 'fetch-ponyfill'\nimport Promise from 'bluebird'\nimport { LIGHTHOUSE_LOGO_URL } from '../../constants'\nimport { imageNotFound } from '../../images'\nimport { generateCloudFrontCookies } from '../get-cloudfront-cookies'\n// NOTE use the native fetch if it's available in the browser, because the\n// ponyfill (which actually uses the github polyfill) does not support all the\n// same options as native fetch\nconst fetch =\n (typeof self === 'object' && self.fetch) || fetchPonyfill({ Promise }).fetch\n\nconst contentTypes = {\n 'image/png': 'png',\n 'image/jpeg': 'jpeg',\n}\n\nconst defaultOptions = {\n // NOTE The cache: no-cache option is important to avoid an issue with CORS\n // and caching on Chrome. Here's a good explanation of the issue:\n // https://stackoverflow.com/a/37455118\n // In our case, when loading the web version of a form, the signature image is\n // cached without the correct CORS headers. If the pdf is then generated,\n // there's a mismatch between the cached image headers and the CORS headers\n // sent from the fetch request, causing an error\n cache: 'no-cache',\n}\n\nexport function fetchImage(url, options = {}) {\n const encodedUrl = encodeURI(url)\n const fetchOptions = {\n ...defaultOptions,\n ...options,\n }\n\n const applicationId = options.applicationId\n\n if (url.contains('.cloudfront.net')) {\n fetchOptions.credentials = 'include' // Ensure cookies are sent with the request\n\n const signedCookies = generateCloudFrontCookies({\n userId: 'anonymous',\n applicationId,\n })\n\n fetchOptions.headers.Cookie = Object.entries(signedCookies)\n .map(([key, value]) => `${key}=${value}`)\n .join('; ')\n }\n\n const { isHeader = false } = options\n\n return fetch(encodedUrl, fetchOptions)\n .then(response => {\n const contentHeader = response.headers.get('content-length')\n const contentType = response.headers.get('content-type')\n\n // NOTE: the response will be ok but we won't be able to render any\n // image meaning pdfmake will error. Raise error here and return early.\n if (contentHeader === '0') {\n return Promise.reject(\n new Error(`Failed to fetch image as no content length: ${encodedUrl}`)\n )\n }\n\n if (!response.ok) {\n return Promise.reject(new Error(`Failed to fetch image: ${encodedUrl}`))\n }\n\n const imageType = contentTypes[contentType]\n\n return response.arrayBuffer().then(buffer => ({\n buffer,\n imageType,\n }))\n })\n .then(({ buffer, imageType }) => {\n const base64Flag = `data:image/${imageType};base64,`\n const imageStr = arrayBufferToBase64(buffer)\n\n const base64 = `${base64Flag}${imageStr}`\n const isValid = validateBase64Image(base64)\n\n if (!isValid) {\n return Promise.reject(new Error('InvalidImageError'))\n }\n\n return base64\n })\n .catch(error => {\n if (isHeader) {\n // NOTE: Replace failed headers with LH logo\n console.error('FetchImageHeaderError', error)\n return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions)\n }\n\n console.error(error)\n return imageNotFound\n })\n}\n\nfunction arrayBufferToBase64(buffer) {\n let binary = ''\n const bytes = [].slice.call(new Uint8Array(buffer))\n\n bytes.forEach(b => (binary += String.fromCharCode(b)))\n\n return btoa(binary)\n}\n\nexport function validateBase64Image(base64String) {\n const isJpeg = base64String.startsWith('data:image/jpeg;base64,')\n\n if (isJpeg) return validateJpegImage(base64String)\n\n const isPng = base64String.startsWith('data:image/png;base64,')\n\n if (isPng) return validatePngImage(base64String)\n\n return false\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validateJpegImage(base64string) {\n const src = base64string\n const imageData = Uint8Array.from(\n atob(src.replace('data:image/jpeg;base64,', '')),\n c => c.charCodeAt(0)\n )\n const imageCorrupted =\n imageData[imageData.length - 1] === 217 &&\n imageData[imageData.length - 2] === 255\n\n return imageCorrupted\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validatePngImage(base64string) {\n const src = base64string\n const imageData = Uint8Array.from(\n atob(src.replace('data:image/png;base64,', '')),\n c => c.charCodeAt(0)\n )\n const sequence = [0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130] // in hex:\n\n //check last 12 elements of array so they contains needed values\n for (let i = 12; i > 0; i--) {\n if (imageData[imageData.length - i] !== sequence[12 - i]) {\n return false\n }\n }\n\n return true\n}\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../src/helpers/fetch-image/index.js"],"names":["atob","btoa","fetchPonyfill","Promise","LIGHTHOUSE_LOGO_URL","imageNotFound","generateCloudFrontCookies","fetch","self","contentTypes","defaultOptions","cache","fetchImage","url","options","encodedUrl","encodeURI","fetchOptions","applicationId","shouldUseCloudfront","includes","isHeader","credentials","userId","signedCookies","headers","Cookie","Object","entries","map","key","value","join","then","response","contentHeader","get","contentType","reject","Error","ok","imageType","arrayBuffer","buffer","base64Flag","imageStr","arrayBufferToBase64","base64","isValid","validateBase64Image","catch","error","console","binary","bytes","slice","call","Uint8Array","forEach","b","String","fromCharCode","base64String","isJpeg","startsWith","validateJpegImage","isPng","validatePngImage","base64string","src","imageData","from","replace","c","charCodeAt","imageCorrupted","length","sequence","i"],"mappings":";;;;;;;;;;AAAA,SAASA,IAAT,EAAeC,IAAf,QAA2B,kBAA3B;AACA,OAAOC,aAAP,MAA0B,gBAA1B;AACA,OAAOC,OAAP,MAAoB,UAApB;AACA,SAASC,mBAAT,QAAoC,iBAApC;AACA,SAASC,aAAT,QAA8B,cAA9B;AACA,SAASC,yBAAT,QAA0C,2BAA1C,C,CACA;AACA;AACA;;AACA,IAAMC,KAAK,GACR,QAAOC,IAAP,yCAAOA,IAAP,OAAgB,QAAhB,IAA4BA,IAAI,CAACD,KAAlC,IAA4CL,aAAa,CAAC;AAAEC,EAAAA,OAAO,EAAPA;AAAF,CAAD,CAAb,CAA2BI,KADzE;AAGA,IAAME,YAAY,GAAG;AACnB,eAAa,KADM;AAEnB,gBAAc;AAFK,CAArB;AAKA,IAAMC,cAAc,GAAG;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACAC,EAAAA,KAAK,EAAE;AARc,CAAvB;AAWA,OAAO,SAASC,UAAT,CAAoBC,GAApB,EAAuC;AAAA,MAAdC,OAAc,uEAAJ,EAAI;AAC5C,MAAMC,UAAU,GAAGC,SAAS,CAACH,GAAD,CAA5B;;AACA,MAAMI,YAAY,mCACbP,cADa,GAEbI,OAFa,CAAlB;;AAKA,MAAMI,aAAa,GAAGJ,OAAO,CAACI,aAA9B;AAEA,MAAMC,mBAAmB,GAAGN,GAAG,IAAIA,GAAG,CAACO,QAAJ,CAAa,iBAAb,CAAnC;AAT4C,0BAWfN,OAXe,CAWpCO,QAXoC;AAAA,MAWpCA,QAXoC,kCAWzB,KAXyB;AAa5C,SAAOF,mBAAmB,GACxB,yDAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AACCF,YAAAA,YAAY,CAACK,WAAb,GAA2B,SAA3B,CADD,CACsC;;AADtC;AAAA,mBAE6BhB,yBAAyB,CAAC;AACpDiB,cAAAA,MAAM,EAAE,WAD4C;AAEpDL,cAAAA,aAAa,EAAbA;AAFoD,aAAD,CAFtD;;AAAA;AAEOM,YAAAA,aAFP;AAOCP,YAAAA,YAAY,CAACQ,OAAb,CAAqBC,MAArB,GAA8BC,MAAM,CAACC,OAAP,CAAeJ,aAAf,EAC3BK,GAD2B,CACvB;AAAA;AAAA,kBAAEC,GAAF;AAAA,kBAAOC,KAAP;;AAAA,+BAAqBD,GAArB,cAA4BC,KAA5B;AAAA,aADuB,EAE3BC,IAF2B,CAEtB,IAFsB,CAA9B;AAPD,6CAWQzB,KAAK,CAACQ,UAAD,EAAaE,YAAb,CAAL,CACJgB,IADI,CACC,UAAAC,QAAQ,EAAI;AAChB,kBAAMC,aAAa,GAAGD,QAAQ,CAACT,OAAT,CAAiBW,GAAjB,CAAqB,gBAArB,CAAtB;AACA,kBAAMC,WAAW,GAAGH,QAAQ,CAACT,OAAT,CAAiBW,GAAjB,CAAqB,cAArB,CAApB,CAFgB,CAIhB;AACA;;AACA,kBAAID,aAAa,KAAK,GAAtB,EAA2B;AACzB,uBAAOhC,OAAO,CAACmC,MAAR,CACL,IAAIC,KAAJ,uDAAyDxB,UAAzD,EADK,CAAP;AAGD;;AAED,kBAAI,CAACmB,QAAQ,CAACM,EAAd,EAAkB;AAChB,uBAAOrC,OAAO,CAACmC,MAAR,CAAe,IAAIC,KAAJ,kCAAoCxB,UAApC,EAAf,CAAP;AACD;;AAED,kBAAM0B,SAAS,GAAGhC,YAAY,CAAC4B,WAAD,CAA9B;AAEA,qBAAOH,QAAQ,CAACQ,WAAT,GAAuBT,IAAvB,CAA4B,UAAAU,MAAM;AAAA,uBAAK;AAC5CA,kBAAAA,MAAM,EAANA,MAD4C;AAE5CF,kBAAAA,SAAS,EAATA;AAF4C,iBAAL;AAAA,eAAlC,CAAP;AAID,aAvBI,EAwBJR,IAxBI,CAwBC,iBAA2B;AAAA,kBAAxBU,MAAwB,SAAxBA,MAAwB;AAAA,kBAAhBF,SAAgB,SAAhBA,SAAgB;AAC/B,kBAAMG,UAAU,wBAAiBH,SAAjB,aAAhB;AACA,kBAAMI,QAAQ,GAAGC,mBAAmB,CAACH,MAAD,CAApC;AAEA,kBAAMI,MAAM,aAAMH,UAAN,SAAmBC,QAAnB,CAAZ;AACA,kBAAMG,OAAO,GAAGC,mBAAmB,CAACF,MAAD,CAAnC;;AAEA,kBAAI,CAACC,OAAL,EAAc;AACZ,uBAAO7C,OAAO,CAACmC,MAAR,CAAe,IAAIC,KAAJ,CAAU,mBAAV,CAAf,CAAP;AACD;;AAED,qBAAOQ,MAAP;AACD,aApCI,EAqCJG,KArCI,CAqCE,UAAAC,KAAK,EAAI;AACd,kBAAI9B,QAAJ,EAAc;AACZ;AACA+B,gBAAAA,OAAO,CAACD,KAAR,CAAc,uBAAd,EAAuCA,KAAvC;AACA,uBAAOvC,UAAU,CAACR,mBAAD,EAAsBM,cAAtB,CAAjB;AACD;;AAED0C,cAAAA,OAAO,CAACD,KAAR,CAAcA,KAAd;AACA,qBAAO9C,aAAP;AACD,aA9CI,CAXR;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,GAAD,IADwB,GA4DtBE,KAAK,CAACQ,UAAD,EAAaE,YAAb,CAAL,CACDgB,IADC,CACI,UAAAC,QAAQ,EAAI;AAChB,QAAMC,aAAa,GAAGD,QAAQ,CAACT,OAAT,CAAiBW,GAAjB,CAAqB,gBAArB,CAAtB;AACA,QAAMC,WAAW,GAAGH,QAAQ,CAACT,OAAT,CAAiBW,GAAjB,CAAqB,cAArB,CAApB,CAFgB,CAIhB;AACA;;AACA,QAAID,aAAa,KAAK,GAAtB,EAA2B;AACzB,aAAOhC,OAAO,CAACmC,MAAR,CACL,IAAIC,KAAJ,uDAAyDxB,UAAzD,EADK,CAAP;AAGD;;AAED,QAAI,CAACmB,QAAQ,CAACM,EAAd,EAAkB;AAChB,aAAOrC,OAAO,CAACmC,MAAR,CAAe,IAAIC,KAAJ,kCAAoCxB,UAApC,EAAf,CAAP;AACD;;AAED,QAAM0B,SAAS,GAAGhC,YAAY,CAAC4B,WAAD,CAA9B;AAEA,WAAOH,QAAQ,CAACQ,WAAT,GAAuBT,IAAvB,CAA4B,UAAAU,MAAM;AAAA,aAAK;AAC5CA,QAAAA,MAAM,EAANA,MAD4C;AAE5CF,QAAAA,SAAS,EAATA;AAF4C,OAAL;AAAA,KAAlC,CAAP;AAID,GAvBC,EAwBDR,IAxBC,CAwBI,iBAA2B;AAAA,QAAxBU,MAAwB,SAAxBA,MAAwB;AAAA,QAAhBF,SAAgB,SAAhBA,SAAgB;AAC/B,QAAMG,UAAU,wBAAiBH,SAAjB,aAAhB;AACA,QAAMI,QAAQ,GAAGC,mBAAmB,CAACH,MAAD,CAApC;AAEA,QAAMI,MAAM,aAAMH,UAAN,SAAmBC,QAAnB,CAAZ;AACA,QAAMG,OAAO,GAAGC,mBAAmB,CAACF,MAAD,CAAnC;;AAEA,QAAI,CAACC,OAAL,EAAc;AACZ,aAAO7C,OAAO,CAACmC,MAAR,CAAe,IAAIC,KAAJ,CAAU,mBAAV,CAAf,CAAP;AACD;;AAED,WAAOQ,MAAP;AACD,GApCC,EAqCDG,KArCC,CAqCK,UAAAC,KAAK,EAAI;AACd,QAAI9B,QAAJ,EAAc;AACZ;AACA+B,MAAAA,OAAO,CAACD,KAAR,CAAc,uBAAd,EAAuCA,KAAvC;AACA,aAAOvC,UAAU,CAACR,mBAAD,EAAsBM,cAAtB,CAAjB;AACD;;AAED0C,IAAAA,OAAO,CAACD,KAAR,CAAcA,KAAd;AACA,WAAO9C,aAAP;AACD,GA9CC,CA5DJ;AA2GD;;AAED,SAASyC,mBAAT,CAA6BH,MAA7B,EAAqC;AACnC,MAAIU,MAAM,GAAG,EAAb;AACA,MAAMC,KAAK,GAAG,GAAGC,KAAH,CAASC,IAAT,CAAc,IAAIC,UAAJ,CAAed,MAAf,CAAd,CAAd;AAEAW,EAAAA,KAAK,CAACI,OAAN,CAAc,UAAAC,CAAC;AAAA,WAAKN,MAAM,IAAIO,MAAM,CAACC,YAAP,CAAoBF,CAApB,CAAf;AAAA,GAAf;AAEA,SAAO1D,IAAI,CAACoD,MAAD,CAAX;AACD;;AAED,OAAO,SAASJ,mBAAT,CAA6Ba,YAA7B,EAA2C;AAChD,MAAMC,MAAM,GAAGD,YAAY,CAACE,UAAb,CAAwB,yBAAxB,CAAf;AAEA,MAAID,MAAJ,EAAY,OAAOE,iBAAiB,CAACH,YAAD,CAAxB;AAEZ,MAAMI,KAAK,GAAGJ,YAAY,CAACE,UAAb,CAAwB,wBAAxB,CAAd;AAEA,MAAIE,KAAJ,EAAW,OAAOC,gBAAgB,CAACL,YAAD,CAAvB;AAEX,SAAO,KAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASG,iBAAT,CAA2BG,YAA3B,EAAyC;AAC9C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBvE,IAAI,CAACqE,GAAG,CAACG,OAAJ,CAAY,yBAAZ,EAAuC,EAAvC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMC,cAAc,GAClBL,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAApC,IACAN,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmB,CAApB,CAAT,KAAoC,GAFtC;AAIA,SAAOD,cAAP;AACD,C,CAED;AACA;;AACA,OAAO,SAASR,gBAAT,CAA0BC,YAA1B,EAAwC;AAC7C,MAAMC,GAAG,GAAGD,YAAZ;AACA,MAAME,SAAS,GAAGb,UAAU,CAACc,IAAX,CAChBvE,IAAI,CAACqE,GAAG,CAACG,OAAJ,CAAY,wBAAZ,EAAsC,EAAtC,CAAD,CADY,EAEhB,UAAAC,CAAC;AAAA,WAAIA,CAAC,CAACC,UAAF,CAAa,CAAb,CAAJ;AAAA,GAFe,CAAlB;AAIA,MAAMG,QAAQ,GAAG,CAAC,CAAD,EAAI,CAAJ,EAAO,CAAP,EAAU,CAAV,EAAa,EAAb,EAAiB,EAAjB,EAAqB,EAArB,EAAyB,EAAzB,EAA6B,GAA7B,EAAkC,EAAlC,EAAsC,EAAtC,EAA0C,GAA1C,CAAjB,CAN6C,CAMmB;AAEhE;;AACA,OAAK,IAAIC,CAAC,GAAG,EAAb,EAAiBA,CAAC,GAAG,CAArB,EAAwBA,CAAC,EAAzB,EAA6B;AAC3B,QAAIR,SAAS,CAACA,SAAS,CAACM,MAAV,GAAmBE,CAApB,CAAT,KAAoCD,QAAQ,CAAC,KAAKC,CAAN,CAAhD,EAA0D;AACxD,aAAO,KAAP;AACD;AACF;;AAED,SAAO,IAAP;AACD","sourcesContent":["import { atob, btoa } from '@lighthouse/abab'\nimport fetchPonyfill from 'fetch-ponyfill'\nimport Promise from 'bluebird'\nimport { LIGHTHOUSE_LOGO_URL } from '../../constants'\nimport { imageNotFound } from '../../images'\nimport { generateCloudFrontCookies } from '../get-cloudfront-cookies'\n// NOTE use the native fetch if it's available in the browser, because the\n// ponyfill (which actually uses the github polyfill) does not support all the\n// same options as native fetch\nconst fetch =\n (typeof self === 'object' && self.fetch) || fetchPonyfill({ Promise }).fetch\n\nconst contentTypes = {\n 'image/png': 'png',\n 'image/jpeg': 'jpeg',\n}\n\nconst defaultOptions = {\n // NOTE The cache: no-cache option is important to avoid an issue with CORS\n // and caching on Chrome. Here's a good explanation of the issue:\n // https://stackoverflow.com/a/37455118\n // In our case, when loading the web version of a form, the signature image is\n // cached without the correct CORS headers. If the pdf is then generated,\n // there's a mismatch between the cached image headers and the CORS headers\n // sent from the fetch request, causing an error\n cache: 'no-cache',\n}\n\nexport function fetchImage(url, options = {}) {\n const encodedUrl = encodeURI(url)\n const fetchOptions = {\n ...defaultOptions,\n ...options,\n }\n\n const applicationId = options.applicationId\n\n const shouldUseCloudfront = url && url.includes('.cloudfront.net')\n\n const { isHeader = false } = options\n\n return shouldUseCloudfront ?\n (async () => {\n fetchOptions.credentials = 'include' // Ensure cookies are sent with the request\n const signedCookies = await generateCloudFrontCookies({\n userId: 'anonymous',\n applicationId,\n })\n\n fetchOptions.headers.Cookie = Object.entries(signedCookies)\n .map(([key, value]) => `${key}=${value}`)\n .join('; ')\n\n return fetch(encodedUrl, fetchOptions)\n .then(response => {\n const contentHeader = response.headers.get('content-length')\n const contentType = response.headers.get('content-type')\n\n // NOTE: the response will be ok but we won't be able to render any\n // image meaning pdfmake will error. Raise error here and return early.\n if (contentHeader === '0') {\n return Promise.reject(\n new Error(`Failed to fetch image as no content length: ${encodedUrl}`)\n )\n }\n\n if (!response.ok) {\n return Promise.reject(new Error(`Failed to fetch image: ${encodedUrl}`))\n }\n\n const imageType = contentTypes[contentType]\n\n return response.arrayBuffer().then(buffer => ({\n buffer,\n imageType,\n }))\n })\n .then(({ buffer, imageType }) => {\n const base64Flag = `data:image/${imageType};base64,`\n const imageStr = arrayBufferToBase64(buffer)\n\n const base64 = `${base64Flag}${imageStr}`\n const isValid = validateBase64Image(base64)\n\n if (!isValid) {\n return Promise.reject(new Error('InvalidImageError'))\n }\n\n return base64\n })\n .catch(error => {\n if (isHeader) {\n // NOTE: Replace failed headers with LH logo\n console.error('FetchImageHeaderError', error)\n return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions)\n }\n\n console.error(error)\n return imageNotFound\n })\n })()\n : fetch(encodedUrl, fetchOptions)\n .then(response => {\n const contentHeader = response.headers.get('content-length')\n const contentType = response.headers.get('content-type')\n\n // NOTE: the response will be ok but we won't be able to render any\n // image meaning pdfmake will error. Raise error here and return early.\n if (contentHeader === '0') {\n return Promise.reject(\n new Error(`Failed to fetch image as no content length: ${encodedUrl}`)\n )\n }\n\n if (!response.ok) {\n return Promise.reject(new Error(`Failed to fetch image: ${encodedUrl}`))\n }\n\n const imageType = contentTypes[contentType]\n\n return response.arrayBuffer().then(buffer => ({\n buffer,\n imageType,\n }))\n })\n .then(({ buffer, imageType }) => {\n const base64Flag = `data:image/${imageType};base64,`\n const imageStr = arrayBufferToBase64(buffer)\n\n const base64 = `${base64Flag}${imageStr}`\n const isValid = validateBase64Image(base64)\n\n if (!isValid) {\n return Promise.reject(new Error('InvalidImageError'))\n }\n\n return base64\n })\n .catch(error => {\n if (isHeader) {\n // NOTE: Replace failed headers with LH logo\n console.error('FetchImageHeaderError', error)\n return fetchImage(LIGHTHOUSE_LOGO_URL, defaultOptions)\n }\n\n console.error(error)\n return imageNotFound\n })\n}\n\nfunction arrayBufferToBase64(buffer) {\n let binary = ''\n const bytes = [].slice.call(new Uint8Array(buffer))\n\n bytes.forEach(b => (binary += String.fromCharCode(b)))\n\n return btoa(binary)\n}\n\nexport function validateBase64Image(base64String) {\n const isJpeg = base64String.startsWith('data:image/jpeg;base64,')\n\n if (isJpeg) return validateJpegImage(base64String)\n\n const isPng = base64String.startsWith('data:image/png;base64,')\n\n if (isPng) return validatePngImage(base64String)\n\n return false\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validateJpegImage(base64string) {\n const src = base64string\n const imageData = Uint8Array.from(\n atob(src.replace('data:image/jpeg;base64,', '')),\n c => c.charCodeAt(0)\n )\n const imageCorrupted =\n imageData[imageData.length - 1] === 217 &&\n imageData[imageData.length - 2] === 255\n\n return imageCorrupted\n}\n\n// See SO for more info: https://stackoverflow.com/a/41635312\n// Fiddle: https://jsfiddle.net/Lnyxuchw/\nexport function validatePngImage(base64string) {\n const src = base64string\n const imageData = Uint8Array.from(\n atob(src.replace('data:image/png;base64,', '')),\n c => c.charCodeAt(0)\n )\n const sequence = [0, 0, 0, 0, 73, 69, 78, 68, 174, 66, 96, 130] // in hex:\n\n //check last 12 elements of array so they contains needed values\n for (let i = 12; i > 0; i--) {\n if (imageData[imageData.length - i] !== sequence[12 - i]) {\n return false\n }\n }\n\n return true\n}\n"],"file":"index.js"}
package/lib/helpers/get-cloudfront-cookies/index.js CHANGED
@@ -1,13 +1,8 @@
1
1
  import _regeneratorRuntime from "@babel/runtime/regenerator";
2
2
  import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
3
-
4
- var _require = require('@aws-sdk/cloudfront-signer'),
5
- getSignedCookies = _require.getSignedCookies;
6
-
7
- var _require2 = require('../get-secret-value'),
8
- getSecretValue = _require2.getSecretValue;
9
-
10
- var logger = require('../../logger');
3
+ import AWS from 'aws-sdk';
4
+ var getSignedCookies = AWS.CloudFront.Signer.getSignedCookies;
5
+ import { getSecretValue } from '../get-secret-value';
11
6
  /**
12
7
  * Generate CloudFront signed cookies for authenticated users
13
8
  * @param {Object} options - Configuration options
@@ -22,7 +17,6 @@ var logger = require('../../logger');
22
17
  * } | null>} Signed cookies object or null if disabled/failed
23
18
  */
24
19
 
25
-
26
20
  export function generateCloudFrontCookies(_x) {
27
21
  return _generateCloudFrontCookies.apply(this, arguments);
28
22
  }
@@ -41,7 +35,7 @@ function _generateCloudFrontCookies() {
41
35
  break;
42
36
  }
43
37
 
44
- logger.debug('CloudFront cookie generation skipped - not configured');
38
+ console.debug('CloudFront cookie generation skipped - not configured');
45
39
  return _context.abrupt("return", null);
46
40
 
47
41
  case 4:
@@ -57,7 +51,7 @@ function _generateCloudFrontCookies() {
57
51
  break;
58
52
  }
59
53
 
60
- logger.warn('CloudFront private key not available');
54
+ console.warn('CloudFront private key not available');
61
55
  return _context.abrupt("return", null);
62
56
 
63
57
  case 11:
@@ -76,7 +70,7 @@ function _generateCloudFrontCookies() {
76
70
  dateLessThan: expiration.getTime() // Use epoch timestamp in milliseconds
77
71
 
78
72
  });
79
- logger.info('CloudFront cookies generated successfully', {
73
+ console.info('CloudFront cookies generated successfully', {
80
74
  userId: userId,
81
75
  applicationId: applicationId,
82
76
  resourcePath: resourcePath,
@@ -87,7 +81,7 @@ function _generateCloudFrontCookies() {
87
81
  case 21:
88
82
  _context.prev = 21;
89
83
  _context.t0 = _context["catch"](4);
90
- logger.error('Failed to generate CloudFront cookies', {
84
+ console.error('Failed to generate CloudFront cookies', {
91
85
  userId: userId,
92
86
  applicationId: applicationId,
93
87
  error: {
@@ -137,7 +131,7 @@ function _getPrivateKey() {
137
131
  break;
138
132
  }
139
133
 
140
- logger.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured');
134
+ console.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured');
141
135
  return _context2.abrupt("return", null);
142
136
 
143
137
  case 6:
@@ -149,13 +143,13 @@ function _getPrivateKey() {
149
143
  privateKey = _context2.sent;
150
144
  privateKeyCache = privateKey;
151
145
  cacheExpiry = now + CACHE_TTL;
152
- logger.debug('CloudFront private key retrieved and cached');
146
+ console.debug('CloudFront private key retrieved and cached');
153
147
  return _context2.abrupt("return", privateKey);
154
148
 
155
149
  case 16:
156
150
  _context2.prev = 16;
157
151
  _context2.t0 = _context2["catch"](6);
158
- logger.error('Failed to retrieve CloudFront private key', {
152
+ console.error('Failed to retrieve CloudFront private key', {
159
153
  secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,
160
154
  error: {
161
155
  message: _context2.t0.message,
package/lib/helpers/get-cloudfront-cookies/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/helpers/get-cloudfront-cookies/index.js"],"names":["require","getSignedCookies","getSecretValue","logger","generateCloudFrontCookies","userId","applicationId","process","env","CLOUDFRONT_DOMAIN","CLOUDFRONT_KEY_PAIR_ID","debug","getPrivateKey","privateKey","warn","expiration","Date","setTime","getTime","distributionDomain","resourcePath","urlPattern","signedCookies","url","keyPairId","dateLessThan","info","toISOString","error","message","code","privateKeyCache","cacheExpiry","CACHE_TTL","now","CLOUDFRONT_PRIVATE_KEY_SECRET_ID","secretId"],"mappings":";;;eAA6BA,OAAO,CAAC,4BAAD,C;IAA5BC,gB,YAAAA,gB;;gBACmBD,OAAO,CAAC,qBAAD,C;IAA1BE,c,aAAAA,c;;AACR,IAAMC,MAAM,GAAGH,OAAO,CAAC,cAAD,CAAtB;AAEA;;;;;;;;;;;;;;;AAcA,gBAAsBI,yBAAtB;AAAA;AAAA;;;wFAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAA2CC,YAAAA,MAA3C,QAA2CA,MAA3C,EAAmDC,aAAnD,QAAmDA,aAAnD;;AAAA,kBAED,CAACC,OAAO,CAACC,GAAR,CAAYC,iBAAb,IAAkC,CAACF,OAAO,CAACC,GAAR,CAAYE,sBAF9C;AAAA;AAAA;AAAA;;AAGHP,YAAAA,MAAM,CAACQ,KAAP,CAAa,uDAAb;AAHG,6CAII,IAJJ;;AAAA;AAAA;AAAA;AAAA,mBASsBC,aAAa,EATnC;;AAAA;AASGC,YAAAA,UATH;;AAAA,gBAUEA,UAVF;AAAA;AAAA;AAAA;;AAWDV,YAAAA,MAAM,CAACW,IAAP,CAAY,sCAAZ;AAXC,6CAYM,IAZN;;AAAA;AAeH;AACMC,YAAAA,UAhBH,GAgBgB,IAAIC,IAAJ,EAhBhB;AAiBHD,YAAAA,UAAU,CAACE,OAAX,CAAmBF,UAAU,CAACG,OAAX,KAAuB,KAAK,EAAL,GAAU,EAAV,GAAe,EAAf,GAAoB,IAA9D,EAjBG,CAmBH;;AACMC,YAAAA,kBApBH,qBAoBmCZ,OAAO,CAACC,GAAR,CAAYC,iBApB/C;AAqBGW,YAAAA,YArBH,GAqBkBd,aAAa,aAAMA,aAAN,UAA0B,GArBzD;AAsBGe,YAAAA,UAtBH,aAsBmBF,kBAtBnB,cAsByCC,YAtBzC,GAwBH;;AACME,YAAAA,aAzBH,GAyBmBrB,gBAAgB,CAAC;AACrCsB,cAAAA,GAAG,EAAEF,UADgC;AAErCG,cAAAA,SAAS,EAAEjB,OAAO,CAACC,GAAR,CAAYE,sBAFc;AAGrCG,cAAAA,UAAU,EAAEA,UAHyB;AAIrCY,cAAAA,YAAY,EAAEV,UAAU,CAACG,OAAX,EAJuB,CAID;;AAJC,aAAD,CAzBnC;AAgCHf,YAAAA,MAAM,CAACuB,IAAP,CAAY,2CAAZ,EAAyD;AACvDrB,cAAAA,MAAM,EAANA,MADuD;AAEvDC,cAAAA,aAAa,EAAbA,aAFuD;AAGvDc,cAAAA,YAAY,EAAZA,YAHuD;AAIvDL,cAAAA,UAAU,EAAEA,UAAU,CAACY,WAAX;AAJ2C,aAAzD;AAhCG,6CAuCIL,aAvCJ;;AAAA;AAAA;AAAA;AAyCHnB,YAAAA,MAAM,CAACyB,KAAP,CAAa,uCAAb,EAAsD;AACpDvB,cAAAA,MAAM,EAANA,MADoD;AAEpDC,cAAAA,aAAa,EAAbA,aAFoD;AAGpDsB,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,YAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,YAAMA;AAFP;AAH6C,aAAtD;AAzCG,6CAiDI,IAjDJ;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G;;;;AAqDP,IAAIC,eAAe,GAAG,IAAtB;AACA,IAAIC,WAAW,GAAG,IAAlB;AACA,IAAMC,SAAS,GAAG,IAAI,EAAJ,GAAS,IAA3B,C,CAAgC;;SAEjBrB,a;;;;;4EAAf;AAAA;AAAA;AAAA;AAAA;AAAA;AACQsB,YAAAA,GADR,GACclB,IAAI,CAACkB,GAAL,EADd;;AAAA,kBAGMH,eAAe,IAAIC,WAAnB,IAAkCE,GAAG,GAAGF,WAH9C;AAAA;AAAA;AAAA;;AAAA,8CAIWD,eAJX;;AAAA;AAAA,gBAOOxB,OAAO,CAACC,GAAR,CAAY2B,gCAPnB;AAAA;AAAA;AAAA;;AAQIhC,YAAAA,MAAM,CAACW,IAAP,CAAY,iDAAZ;AARJ,8CASW,IATX;;AAAA;AAAA;AAAA;AAAA,mBAa6BZ,cAAc,CACrCK,OAAO,CAACC,GAAR,CAAY2B,gCADyB,EAErC,wBAFqC,CAb3C;;AAAA;AAaUtB,YAAAA,UAbV;AAkBIkB,YAAAA,eAAe,GAAGlB,UAAlB;AACAmB,YAAAA,WAAW,GAAGE,GAAG,GAAGD,SAApB;AAEA9B,YAAAA,MAAM,CAACQ,KAAP,CAAa,6CAAb;AArBJ,8CAsBWE,UAtBX;;AAAA;AAAA;AAAA;AAwBIV,YAAAA,MAAM,CAACyB,KAAP,CAAa,2CAAb,EAA0D;AACxDQ,cAAAA,QAAQ,EAAE7B,OAAO,CAACC,GAAR,CAAY2B,gCADkC;AAExDP,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,aAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,aAAMA;AAFP;AAFiD,aAA1D;AAxBJ,8CA+BW,IA/BX;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G","sourcesContent":["const { getSignedCookies } = require('@aws-sdk/cloudfront-signer')\nconst { getSecretValue } = require('../get-secret-value')\nconst logger = require('../../logger')\n\n/**\n * Generate CloudFront signed cookies for authenticated users\n * @param {Object} options - Configuration options\n * @param {string} options.userId - User ID for logging purposes\n * @param {string} options.applicationId - Application ID for resource scoping\n * Return Type: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-cloudfront-signer/Interface/CloudfrontSignedCookiesOutput/\n * @returns {Promise<{\n * \"CloudFront-Key-Pair-Id\": string,\n * \"CloudFront-Signature\": string,\n * \"CloudFront-Expires\"?: number,\n * \"CloudFront-Policy\"?: string\n * } | null>} Signed cookies object or null if disabled/failed\n */\n\nexport async function generateCloudFrontCookies({ userId, applicationId }) {\n // Early return if CloudFront is not configured\n if (!process.env.CLOUDFRONT_DOMAIN || !process.env.CLOUDFRONT_KEY_PAIR_ID) {\n logger.debug('CloudFront cookie generation skipped - not configured')\n return null\n }\n\n try {\n // Get private key from AWS Secrets Manager\n const privateKey = await getPrivateKey()\n if (!privateKey) {\n logger.warn('CloudFront private key not available')\n return null\n }\n\n // Set expiration time (14 days from now)\n const expiration = new Date()\n expiration.setTime(expiration.getTime() + 14 * 24 * 60 * 60 * 1000)\n\n // Generate resource URL pattern for wildcard access\n const distributionDomain = `https://${process.env.CLOUDFRONT_DOMAIN}`\n const resourcePath = applicationId ? `${applicationId}/*` : '*'\n const urlPattern = `${distributionDomain}/${resourcePath}`\n\n // Generate signed cookies\n const signedCookies = getSignedCookies({\n url: urlPattern,\n keyPairId: process.env.CLOUDFRONT_KEY_PAIR_ID,\n privateKey: privateKey,\n dateLessThan: expiration.getTime(), // Use epoch timestamp in milliseconds\n })\n\n logger.info('CloudFront cookies generated successfully', {\n userId,\n applicationId,\n resourcePath,\n expiration: expiration.toISOString(),\n })\n\n return signedCookies\n } catch (error) {\n logger.error('Failed to generate CloudFront cookies', {\n userId,\n applicationId,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n\nlet privateKeyCache = null\nlet cacheExpiry = null\nconst CACHE_TTL = 5 * 60 * 1000 // 5 minutes\n\nasync function getPrivateKey() {\n const now = Date.now()\n\n if (privateKeyCache && cacheExpiry && now < cacheExpiry) {\n return privateKeyCache\n }\n\n if (!process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID) {\n logger.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured')\n return null\n }\n\n try {\n const privateKey = await getSecretValue(\n process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n 'CLOUDFRONT_PRIVATE_KEY'\n )\n\n privateKeyCache = privateKey\n cacheExpiry = now + CACHE_TTL\n\n logger.debug('CloudFront private key retrieved and cached')\n return privateKey\n } catch (error) {\n logger.error('Failed to retrieve CloudFront private key', {\n secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../src/helpers/get-cloudfront-cookies/index.js"],"names":["AWS","getSignedCookies","CloudFront","Signer","getSecretValue","generateCloudFrontCookies","userId","applicationId","process","env","CLOUDFRONT_DOMAIN","CLOUDFRONT_KEY_PAIR_ID","console","debug","getPrivateKey","privateKey","warn","expiration","Date","setTime","getTime","distributionDomain","resourcePath","urlPattern","signedCookies","url","keyPairId","dateLessThan","info","toISOString","error","message","code","privateKeyCache","cacheExpiry","CACHE_TTL","now","CLOUDFRONT_PRIVATE_KEY_SECRET_ID","secretId"],"mappings":";;AAAA,OAAOA,GAAP,MAAgB,SAAhB;AACA,IAAMC,gBAAgB,GAAGD,GAAG,CAACE,UAAJ,CAAeC,MAAf,CAAsBF,gBAA/C;AACA,SAASG,cAAT,QAA+B,qBAA/B;AAEA;;;;;;;;;;;;;;AAcA,gBAAsBC,yBAAtB;AAAA;AAAA;;;wFAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAA2CC,YAAAA,MAA3C,QAA2CA,MAA3C,EAAmDC,aAAnD,QAAmDA,aAAnD;;AAAA,kBAED,CAACC,OAAO,CAACC,GAAR,CAAYC,iBAAb,IAAkC,CAACF,OAAO,CAACC,GAAR,CAAYE,sBAF9C;AAAA;AAAA;AAAA;;AAGHC,YAAAA,OAAO,CAACC,KAAR,CAAc,uDAAd;AAHG,6CAII,IAJJ;;AAAA;AAAA;AAAA;AAAA,mBASsBC,aAAa,EATnC;;AAAA;AASGC,YAAAA,UATH;;AAAA,gBAUEA,UAVF;AAAA;AAAA;AAAA;;AAWDH,YAAAA,OAAO,CAACI,IAAR,CAAa,sCAAb;AAXC,6CAYM,IAZN;;AAAA;AAeH;AACMC,YAAAA,UAhBH,GAgBgB,IAAIC,IAAJ,EAhBhB;AAiBHD,YAAAA,UAAU,CAACE,OAAX,CAAmBF,UAAU,CAACG,OAAX,KAAuB,KAAK,EAAL,GAAU,EAAV,GAAe,EAAf,GAAoB,IAA9D,EAjBG,CAmBH;;AACMC,YAAAA,kBApBH,qBAoBmCb,OAAO,CAACC,GAAR,CAAYC,iBApB/C;AAqBGY,YAAAA,YArBH,GAqBkBf,aAAa,aAAMA,aAAN,UAA0B,GArBzD;AAsBGgB,YAAAA,UAtBH,aAsBmBF,kBAtBnB,cAsByCC,YAtBzC,GAwBH;;AACME,YAAAA,aAzBH,GAyBmBvB,gBAAgB,CAAC;AACrCwB,cAAAA,GAAG,EAAEF,UADgC;AAErCG,cAAAA,SAAS,EAAElB,OAAO,CAACC,GAAR,CAAYE,sBAFc;AAGrCI,cAAAA,UAAU,EAAEA,UAHyB;AAIrCY,cAAAA,YAAY,EAAEV,UAAU,CAACG,OAAX,EAJuB,CAID;;AAJC,aAAD,CAzBnC;AAgCHR,YAAAA,OAAO,CAACgB,IAAR,CAAa,2CAAb,EAA0D;AACxDtB,cAAAA,MAAM,EAANA,MADwD;AAExDC,cAAAA,aAAa,EAAbA,aAFwD;AAGxDe,cAAAA,YAAY,EAAZA,YAHwD;AAIxDL,cAAAA,UAAU,EAAEA,UAAU,CAACY,WAAX;AAJ4C,aAA1D;AAhCG,6CAuCIL,aAvCJ;;AAAA;AAAA;AAAA;AAyCHZ,YAAAA,OAAO,CAACkB,KAAR,CAAc,uCAAd,EAAuD;AACrDxB,cAAAA,MAAM,EAANA,MADqD;AAErDC,cAAAA,aAAa,EAAbA,aAFqD;AAGrDuB,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,YAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,YAAMA;AAFP;AAH8C,aAAvD;AAzCG,6CAiDI,IAjDJ;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G;;;;AAqDP,IAAIC,eAAe,GAAG,IAAtB;AACA,IAAIC,WAAW,GAAG,IAAlB;AACA,IAAMC,SAAS,GAAG,IAAI,EAAJ,GAAS,IAA3B,C,CAAgC;;SAEjBrB,a;;;;;4EAAf;AAAA;AAAA;AAAA;AAAA;AAAA;AACQsB,YAAAA,GADR,GACclB,IAAI,CAACkB,GAAL,EADd;;AAAA,kBAGMH,eAAe,IAAIC,WAAnB,IAAkCE,GAAG,GAAGF,WAH9C;AAAA;AAAA;AAAA;;AAAA,8CAIWD,eAJX;;AAAA;AAAA,gBAOOzB,OAAO,CAACC,GAAR,CAAY4B,gCAPnB;AAAA;AAAA;AAAA;;AAQIzB,YAAAA,OAAO,CAACI,IAAR,CAAa,iDAAb;AARJ,8CASW,IATX;;AAAA;AAAA;AAAA;AAAA,mBAa6BZ,cAAc,CACrCI,OAAO,CAACC,GAAR,CAAY4B,gCADyB,EAErC,wBAFqC,CAb3C;;AAAA;AAaUtB,YAAAA,UAbV;AAkBIkB,YAAAA,eAAe,GAAGlB,UAAlB;AACAmB,YAAAA,WAAW,GAAGE,GAAG,GAAGD,SAApB;AAEAvB,YAAAA,OAAO,CAACC,KAAR,CAAc,6CAAd;AArBJ,8CAsBWE,UAtBX;;AAAA;AAAA;AAAA;AAwBIH,YAAAA,OAAO,CAACkB,KAAR,CAAc,2CAAd,EAA2D;AACzDQ,cAAAA,QAAQ,EAAE9B,OAAO,CAACC,GAAR,CAAY4B,gCADmC;AAEzDP,cAAAA,KAAK,EAAE;AACLC,gBAAAA,OAAO,EAAE,aAAMA,OADV;AAELC,gBAAAA,IAAI,EAAE,aAAMA;AAFP;AAFkD,aAA3D;AAxBJ,8CA+BW,IA/BX;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,G","sourcesContent":["import AWS from 'aws-sdk'\nconst getSignedCookies = AWS.CloudFront.Signer.getSignedCookies\nimport { getSecretValue } from '../get-secret-value'\n\n/**\n * Generate CloudFront signed cookies for authenticated users\n * @param {Object} options - Configuration options\n * @param {string} options.userId - User ID for logging purposes\n * @param {string} options.applicationId - Application ID for resource scoping\n * Return Type: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-cloudfront-signer/Interface/CloudfrontSignedCookiesOutput/\n * @returns {Promise<{\n * \"CloudFront-Key-Pair-Id\": string,\n * \"CloudFront-Signature\": string,\n * \"CloudFront-Expires\"?: number,\n * \"CloudFront-Policy\"?: string\n * } | null>} Signed cookies object or null if disabled/failed\n */\n\nexport async function generateCloudFrontCookies({ userId, applicationId }) {\n // Early return if CloudFront is not configured\n if (!process.env.CLOUDFRONT_DOMAIN || !process.env.CLOUDFRONT_KEY_PAIR_ID) {\n console.debug('CloudFront cookie generation skipped - not configured')\n return null\n }\n\n try {\n // Get private key from AWS Secrets Manager\n const privateKey = await getPrivateKey()\n if (!privateKey) {\n console.warn('CloudFront private key not available')\n return null\n }\n\n // Set expiration time (14 days from now)\n const expiration = new Date()\n expiration.setTime(expiration.getTime() + 14 * 24 * 60 * 60 * 1000)\n\n // Generate resource URL pattern for wildcard access\n const distributionDomain = `https://${process.env.CLOUDFRONT_DOMAIN}`\n const resourcePath = applicationId ? `${applicationId}/*` : '*'\n const urlPattern = `${distributionDomain}/${resourcePath}`\n\n // Generate signed cookies\n const signedCookies = getSignedCookies({\n url: urlPattern,\n keyPairId: process.env.CLOUDFRONT_KEY_PAIR_ID,\n privateKey: privateKey,\n dateLessThan: expiration.getTime(), // Use epoch timestamp in milliseconds\n })\n\n console.info('CloudFront cookies generated successfully', {\n userId,\n applicationId,\n resourcePath,\n expiration: expiration.toISOString(),\n })\n\n return signedCookies\n } catch (error) {\n console.error('Failed to generate CloudFront cookies', {\n userId,\n applicationId,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n\nlet privateKeyCache = null\nlet cacheExpiry = null\nconst CACHE_TTL = 5 * 60 * 1000 // 5 minutes\n\nasync function getPrivateKey() {\n const now = Date.now()\n\n if (privateKeyCache && cacheExpiry && now < cacheExpiry) {\n return privateKeyCache\n }\n\n if (!process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID) {\n console.warn('CLOUDFRONT_PRIVATE_KEY_SECRET_ID not configured')\n return null\n }\n\n try {\n const privateKey = await getSecretValue(\n process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n 'CLOUDFRONT_PRIVATE_KEY'\n )\n\n privateKeyCache = privateKey\n cacheExpiry = now + CACHE_TTL\n\n console.debug('CloudFront private key retrieved and cached')\n return privateKey\n } catch (error) {\n console.error('Failed to retrieve CloudFront private key', {\n secretId: process.env.CLOUDFRONT_PRIVATE_KEY_SECRET_ID,\n error: {\n message: error.message,\n code: error.code,\n },\n })\n return null\n }\n}\n"],"file":"index.js"}
package/lib/helpers/get-secret-value/index.js CHANGED
@@ -1,4 +1,4 @@
1
- import SecretsManager from '@aws-sdk/client-secrets-manager';
1
+ import AWS from 'aws-sdk';
2
2
  import { attempt, isError } from 'lodash';
3
3
  export default function getSecretValue(secretId, secretKey) {
4
4
  if (!secretId) {
@@ -6,7 +6,7 @@ export default function getSecretValue(secretId, secretKey) {
6
6
  } // TODO: update these credentials to specific values for service
7
7
 
8
8
 
9
- var secretsClient = new SecretsManager({
9
+ var secretsClient = new AWS.SecretsManager({
10
10
  accessKeyId: process.env.AWS_KEY,
11
11
  region: process.env.AWS_SECRET_MANAGER_REGION,
12
12
  secretAccessKey: process.env.AWS_SECRET
package/lib/helpers/get-secret-value/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/helpers/get-secret-value/index.js"],"names":["SecretsManager","attempt","isError","getSecretValue","secretId","secretKey","Promise","reject","Error","secretsClient","accessKeyId","process","env","AWS_KEY","region","AWS_SECRET_MANAGER_REGION","secretAccessKey","AWS_SECRET","SecretId","promise","then","payload","secret","parseSecretString","secretValue","catch","err","code","message","secretString","SecretString","parsed","JSON","parse"],"mappings":"AAAA,OAAOA,cAAP,MAA2B,iCAA3B;AACA,SAASC,OAAT,EAAkBC,OAAlB,QAAiC,QAAjC;AAEA,eAAe,SAASC,cAAT,CAAwBC,QAAxB,EAAkCC,SAAlC,EAA6C;AAC1D,MAAI,CAACD,QAAL,EAAe;AACb,WAAOE,OAAO,CAACC,MAAR,CACL,IAAIC,KAAJ,4CAA8CJ,QAA9C,EADK,CAAP;AAGD,GALyD,CAO1D;;;AACA,MAAMK,aAAa,GAAG,IAAIT,cAAJ,CAAmB;AACvCU,IAAAA,WAAW,EAAEC,OAAO,CAACC,GAAR,CAAYC,OADc;AAEvCC,IAAAA,MAAM,EAAEH,OAAO,CAACC,GAAR,CAAYG,yBAFmB;AAGvCC,IAAAA,eAAe,EAAEL,OAAO,CAACC,GAAR,CAAYK;AAHU,GAAnB,CAAtB;AAMA,SAAOR,aAAa,CACjBN,cADI,CACW;AAAEe,IAAAA,QAAQ,EAAEd;AAAZ,GADX,EAEJe,OAFI,GAGJC,IAHI,CAGC,UAAAC,OAAO,EAAI;AACf,QAAMC,MAAM,GAAGC,iBAAiB,CAACF,OAAD,CAAhC,CADe,CAGf;;AACA,QAAI,CAAChB,SAAL,EAAgB,OAAOiB,MAAP;AAEhB,QAAME,WAAW,GAAGF,MAAM,CAACjB,SAAD,CAA1B;;AAEA,QAAI,CAACmB,WAAL,EAAkB;AAChB,YAAM,IAAIhB,KAAJ,CAAU,iCAAV,CAAN;AACD;;AAED,WAAOgB,WAAP;AACD,GAhBI,EAiBJC,KAjBI,CAiBE,UAAAC,GAAG,EAAI;AACZ,UAAM,IAAIlB,KAAJ,gCAAkCkB,GAAG,CAACC,IAAtC,eAA+CD,GAAG,CAACE,OAAnD,EAAN;AACD,GAnBI,CAAP;AAoBD;;AAED,SAASL,iBAAT,CAA2BF,OAA3B,EAAoC;AAClC,MAAMQ,YAAY,GAAGR,OAAO,CAACS,YAAR,IAAwB,EAA7C;AAEA,MAAMC,MAAM,GAAG9B,OAAO,CAAC+B,IAAI,CAACC,KAAN,EAAaJ,YAAb,CAAtB;AAEA,SAAO3B,OAAO,CAAC6B,MAAD,CAAP,GAAkB,EAAlB,GAAuBA,MAA9B;AACD","sourcesContent":["import SecretsManager from '@aws-sdk/client-secrets-manager'\nimport { attempt, isError } from 'lodash'\n\nexport default function getSecretValue(secretId, secretKey) {\n if (!secretId) {\n return Promise.reject(\n new Error(`Missing required param: secretId:${secretId}`)\n )\n }\n\n // TODO: update these credentials to specific values for service\n const secretsClient = new SecretsManager({\n accessKeyId: process.env.AWS_KEY,\n region: process.env.AWS_SECRET_MANAGER_REGION,\n secretAccessKey: process.env.AWS_SECRET,\n })\n\n return secretsClient\n .getSecretValue({ SecretId: secretId })\n .promise()\n .then(payload => {\n const secret = parseSecretString(payload)\n\n // Return early if secretKey isn't defined (we want the full set of key/values)\n if (!secretKey) return secret\n\n const secretValue = secret[secretKey]\n\n if (!secretValue) {\n throw new Error('Secret value could not be found')\n }\n\n return secretValue\n })\n .catch(err => {\n throw new Error(`AWSSecretFetchError: ${err.code}, ${err.message}`)\n })\n}\n\nfunction parseSecretString(payload) {\n const secretString = payload.SecretString || ''\n\n const parsed = attempt(JSON.parse, secretString)\n\n return isError(parsed) ? {} : parsed\n}\n"],"file":"index.js"}
1
+ {"version":3,"sources":["../../../src/helpers/get-secret-value/index.js"],"names":["AWS","attempt","isError","getSecretValue","secretId","secretKey","Promise","reject","Error","secretsClient","SecretsManager","accessKeyId","process","env","AWS_KEY","region","AWS_SECRET_MANAGER_REGION","secretAccessKey","AWS_SECRET","SecretId","promise","then","payload","secret","parseSecretString","secretValue","catch","err","code","message","secretString","SecretString","parsed","JSON","parse"],"mappings":"AAAA,OAAOA,GAAP,MAAgB,SAAhB;AACA,SAASC,OAAT,EAAkBC,OAAlB,QAAiC,QAAjC;AAEA,eAAe,SAASC,cAAT,CAAwBC,QAAxB,EAAkCC,SAAlC,EAA6C;AAC1D,MAAI,CAACD,QAAL,EAAe;AACb,WAAOE,OAAO,CAACC,MAAR,CACL,IAAIC,KAAJ,4CAA8CJ,QAA9C,EADK,CAAP;AAGD,GALyD,CAO1D;;;AACA,MAAMK,aAAa,GAAG,IAAIT,GAAG,CAACU,cAAR,CAAuB;AAC3CC,IAAAA,WAAW,EAAEC,OAAO,CAACC,GAAR,CAAYC,OADkB;AAE3CC,IAAAA,MAAM,EAAEH,OAAO,CAACC,GAAR,CAAYG,yBAFuB;AAG3CC,IAAAA,eAAe,EAAEL,OAAO,CAACC,GAAR,CAAYK;AAHc,GAAvB,CAAtB;AAMA,SAAOT,aAAa,CACjBN,cADI,CACW;AAAEgB,IAAAA,QAAQ,EAAEf;AAAZ,GADX,EAEJgB,OAFI,GAGJC,IAHI,CAGC,UAAAC,OAAO,EAAI;AACf,QAAMC,MAAM,GAAGC,iBAAiB,CAACF,OAAD,CAAhC,CADe,CAGf;;AACA,QAAI,CAACjB,SAAL,EAAgB,OAAOkB,MAAP;AAEhB,QAAME,WAAW,GAAGF,MAAM,CAAClB,SAAD,CAA1B;;AAEA,QAAI,CAACoB,WAAL,EAAkB;AAChB,YAAM,IAAIjB,KAAJ,CAAU,iCAAV,CAAN;AACD;;AAED,WAAOiB,WAAP;AACD,GAhBI,EAiBJC,KAjBI,CAiBE,UAAAC,GAAG,EAAI;AACZ,UAAM,IAAInB,KAAJ,gCAAkCmB,GAAG,CAACC,IAAtC,eAA+CD,GAAG,CAACE,OAAnD,EAAN;AACD,GAnBI,CAAP;AAoBD;;AAED,SAASL,iBAAT,CAA2BF,OAA3B,EAAoC;AAClC,MAAMQ,YAAY,GAAGR,OAAO,CAACS,YAAR,IAAwB,EAA7C;AAEA,MAAMC,MAAM,GAAG/B,OAAO,CAACgC,IAAI,CAACC,KAAN,EAAaJ,YAAb,CAAtB;AAEA,SAAO5B,OAAO,CAAC8B,MAAD,CAAP,GAAkB,EAAlB,GAAuBA,MAA9B;AACD","sourcesContent":["import AWS from 'aws-sdk'\nimport { attempt, isError } from 'lodash'\n\nexport default function getSecretValue(secretId, secretKey) {\n if (!secretId) {\n return Promise.reject(\n new Error(`Missing required param: secretId:${secretId}`)\n )\n }\n\n // TODO: update these credentials to specific values for service\n const secretsClient = new AWS.SecretsManager({\n accessKeyId: process.env.AWS_KEY,\n region: process.env.AWS_SECRET_MANAGER_REGION,\n secretAccessKey: process.env.AWS_SECRET,\n })\n\n return secretsClient\n .getSecretValue({ SecretId: secretId })\n .promise()\n .then(payload => {\n const secret = parseSecretString(payload)\n\n // Return early if secretKey isn't defined (we want the full set of key/values)\n if (!secretKey) return secret\n\n const secretValue = secret[secretKey]\n\n if (!secretValue) {\n throw new Error('Secret value could not be found')\n }\n\n return secretValue\n })\n .catch(err => {\n throw new Error(`AWSSecretFetchError: ${err.code}, ${err.message}`)\n })\n}\n\nfunction parseSecretString(payload) {\n const secretString = payload.SecretString || ''\n\n const parsed = attempt(JSON.parse, secretString)\n\n return isError(parsed) ? {} : parsed\n}\n"],"file":"index.js"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lighthouse/common",
3
- "version": "4.37.0-canary-4",
3
+ "version": "4.37.0-canary-6",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "module": "lib/index.js",
@@ -38,9 +38,8 @@
38
38
  },
39
39
  "homepage": "https://github.com/Lighthouse-io/common#readme",
40
40
  "dependencies": {
41
- "@aws-sdk/client-secrets-manager": "^3.307.0",
42
- "@aws-sdk/cloudfront-signer": "^3.307.0",
43
41
  "@lighthouse/abab": "^0.0.6",
42
+ "aws-sdk": "2.1361.0",
44
43
  "bluebird": "^3.7.2",
45
44
  "fetch-ponyfill": "^6.1.0",
46
45
  "lodash": "^4.17.15",