@middy/rds-signer 2.5.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017-2021 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,101 @@
+# Middy rds-signer middleware
+
+<div align="center">
+  <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.png"/>
+</div>
+
+<div align="center">
+  <p><strong>RDS Signer middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
+</div>
+
+<div align="center">
+<p>
+  <a href="http://badge.fury.io/js/%40middy%2Frds-signer">
+    <img src="https://badge.fury.io/js/%40middy%2Frds-signer.svg" alt="npm version" style="max-width:100%;">
+  </a>
+  <a href="https://snyk.io/test/github/middyjs/middy">
+    <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
+  </a>
+  <a href="https://standardjs.com/">
+    <img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style"  style="max-width:100%;">
+  </a>
+  <a href="https://gitter.im/middyjs/Lobby">
+    <img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter"  style="max-width:100%;">
+  </a>
+</p>
+</div>
+
+Fetches RDS credentials to be used when connecting to RDS with IAM roles.
+
+## Install
+
+To install this middleware you can use NPM:
+
+```bash
+npm install --save @middy/rds-signer
+```
+
+
+## Options
+
+- `AwsClient` (object) (default `AWS.RDS.Signer`): AWS.RDS.Signer class constructor (e.g. that has been instrumented with AWS XRay). Must be from `aws-sdk` v2.
+- `awsClientOptions` (object) (optional): Options to pass to AWS.RDS.Signer class constructor.
+- `fetchData` (object) (required): Mapping of internal key name to API request parameters.
+- `disablePrefetch` (boolean) (default `false`): On cold start requests will trigger early if they can. Setting `awsClientAssumeRole` disables prefetch.
+- `cacheKey` (string) (default `rds-signer`): Cache key for the fetched data responses. Must be unique across all middleware.
+- `cacheExpiry` (number) (default `-1`): How long fetch data responses should be cached for. `-1`: cache forever, `0`: never cache, `n`: cache for n ms.
+- `setToEnv` (boolean) (default `false`): Store role tokens to `process.env`. **Storing secrets in `process.env` is considered security bad practice**
+- `setToContext` (boolean) (default `false`): Store role tokens to `request.context`.
+
+NOTES:
+- Lambda is required to have IAM permission for `rds-db:connect` with a resource like `arn:aws:rds-db:#{AWS::Region}:#{AWS::AccountId}:dbuser:${database_resource}/${iam_role}`
+- `setToEnv` and `setToContext` are included for legacy support and should be avoided for performance and security reasons. See main documentation for best practices.
+
+## Sample usage
+
+```javascript
+import middy from '@middy/core'
+import rdsSigner from '@middy/rds-signer'
+
+const handler = middy((event, context) => {
+  const response = {
+    statusCode: 200,
+    headers: {},
+    body: JSON.stringify({ message: 'hello world' })
+  };
+
+  return response
+})
+
+handler
+  .use(rdsSigner({
+    fetchData: {
+      rdsToken: {
+        region: 'ca-central-1',
+        hostname: '***.rds.amazonaws.com',
+        username: 'iam_role',
+        database: 'postgres',
+        port: 5432
+      }
+    }
+  }))
+```
+
+
+## Middy documentation and examples
+
+For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org).
+
+
+## Contributing
+
+Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls).
+
+
+## License
+
+Licensed under [MIT License](LICENSE). Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
+
+<a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
+  <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status"  style="max-width:100%;">
+</a>

package/index.d.ts

@@ -0,0 +1,20 @@
+import { RDS } from 'aws-sdk'
+import { captureAWSClient } from 'aws-xray-sdk'
+import middy from '@middy/core'
+
+interface Options<Signer = RDS.Signer> {
+  AwsClient?: new() => Signer
+  awsClientOptions?: Partial<RDS.Types.ClientConfiguration>
+  awsClientAssumeRole?: string
+  awsClientCapture?: typeof captureAWSClient
+  fetchData?: { [key: string]: string }
+  disablePrefetch?: boolean
+  cacheKey?: string
+  cacheExpiry?: number
+  setToEnv?: boolean
+  setToContext?: boolean
+}
+
+declare function rdsSigner (options?: Options): middy.MiddlewareObj
+
+export default rdsSigner

package/index.js

@@ -0,0 +1,98 @@
+"use strict";
+
+const {
+  canPrefetch,
+  getInternal,
+  processCache,
+  getCache,
+  modifyCache
+} = require('@middy/util');
+
+const {
+  Signer
+} = require('aws-sdk/clients/rds.js'); // v2
+// const { RDS:{Signer} } = require('@aws-sdk/client-rds') // v3
+
+
+const defaults = {
+  AwsClient: Signer,
+  awsClientOptions: {},
+  fetchData: {},
+  // { contextKey: {region, hostname, username, database, port} }
+  disablePrefetch: false,
+  cacheKey: 'rds-signer',
+  cacheExpiry: -1,
+  setToEnv: false,
+  setToContext: false
+};
+
+const rdsSignerMiddleware = (opts = {}) => {
+  const options = { ...defaults,
+    ...opts
+  };
+
+  const fetch = (request, cachedValues = {}) => {
+    const values = {};
+
+    for (const internalKey of Object.keys(options.fetchData)) {
+      if (cachedValues[internalKey]) continue;
+      const client = new options.AwsClient({ ...options.awsClientOptions,
+        ...options.fetchData[internalKey]
+      }); // AWS doesn't support getAuthToken.promise() in aws-sdk v2 :( See https://github.com/aws/aws-sdk-js/issues/3595
+
+      values[internalKey] = new Promise((resolve, reject) => {
+        client.getAuthToken({}, (err, token) => {
+          if (err) {
+            reject(err);
+          } // Catch Missing token, this usually means their is something wrong with the credentials
+
+
+          if (!token.includes('X-Amz-Security-Token=')) {
+            reject(new Error('X-Amz-Security-Token Missing'));
+          }
+
+          resolve(token);
+        });
+      }).catch(e => {
+        var _getCache$value, _getCache;
+
+        const value = (_getCache$value = (_getCache = getCache(options.cacheKey)) === null || _getCache === void 0 ? void 0 : _getCache.value) !== null && _getCache$value !== void 0 ? _getCache$value : {};
+        value[internalKey] = undefined;
+        modifyCache(options.cacheKey, value);
+        throw e;
+      }); // aws-sdk v3
+      // values[internalKey] = createClient(awsClientOptions, request).then(client => client.getAuthToken())
+    }
+
+    return values;
+  };
+
+  let prefetch;
+
+  if (canPrefetch(options)) {
+    prefetch = processCache(options, fetch);
+  }
+
+  const rdsSignerMiddlewareBefore = async request => {
+    var _prefetch;
+
+    const {
+      value
+    } = (_prefetch = prefetch) !== null && _prefetch !== void 0 ? _prefetch : processCache(options, fetch, request);
+    Object.assign(request.internal, value);
+
+    if (options.setToContext || options.setToEnv) {
+      const data = await getInternal(Object.keys(options.fetchData), request);
+      if (options.setToEnv) Object.assign(process.env, data);
+      if (options.setToContext) Object.assign(request.context, data);
+    }
+
+    prefetch = null;
+  };
+
+  return {
+    before: rdsSignerMiddlewareBefore
+  };
+};
+
+module.exports = rdsSignerMiddleware;

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@middy/rds-signer",
+  "version": "2.5.2",
+  "description": "RDS (Relational Database Service) credentials middleware for the middy framework",
+  "type": "commonjs",
+  "engines": {
+    "node": ">=12"
+  },
+  "engineStrict": true,
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "index.js",
+  "types": "index.d.ts",
+  "files": [
+    "index.d.ts"
+  ],
+  "scripts": {
+    "test": "npm run test:unit",
+    "test:unit": "ava"
+  },
+  "license": "MIT",
+  "keywords": [
+    "Lambda",
+    "Middleware",
+    "Serverless",
+    "Framework",
+    "AWS",
+    "AWS Lambda",
+    "Middy",
+    "RDS",
+    "Relational Database Service",
+    "Credentials"
+  ],
+  "author": {
+    "name": "Middy contributors",
+    "url": "https://github.com/middyjs/middy/graphs/contributors"
+  },
+  "repository": {
+    "type": "git",
+    "url": "github:middyjs/middy",
+    "directory": "packages/rds-signer"
+  },
+  "bugs": {
+    "url": "https://github.com/middyjs/middy/issues"
+  },
+  "homepage": "https://github.com/middyjs/middy#readme",
+  "dependencies": {
+    "@middy/util": "^2.5.2"
+  },
+  "devDependencies": {
+    "@middy/core": "^2.5.2",
+    "@types/node": "^16.0.0",
+    "aws-sdk": "^2.939.0",
+    "aws-xray-sdk": "^3.3.3"
+  },
+  "gitHead": "a2bb757a7a13638ae64277f8eecfcf11c1af17d4"
+}