@smithy/signature-v4 4.1.3 → 4.2.0

package/dist-cjs/index.js

@@ -136,22 +136,20 @@ var import_util_uri_escape = require("@smithy/util-uri-escape");
 var getCanonicalQuery = /* @__PURE__ */ __name(({ query = {} }) => {
   const keys = [];
   const serialized = {};
-  for (const key of Object.keys(query).sort()) {
+  for (const key of Object.keys(query)) {
     if (key.toLowerCase() === SIGNATURE_HEADER) {
       continue;
     }
-    keys.push(key);
+    const encodedKey = (0, import_util_uri_escape.escapeUri)(key);
+    keys.push(encodedKey);
     const value = query[key];
     if (typeof value === "string") {
-      serialized[key] = `${(0, import_util_uri_escape.escapeUri)(key)}=${(0, import_util_uri_escape.escapeUri)(value)}`;
+      serialized[encodedKey] = `${encodedKey}=${(0, import_util_uri_escape.escapeUri)(value)}`;
     } else if (Array.isArray(value)) {
-      serialized[key] = value.slice(0).reduce(
-        (encoded, value2) => encoded.concat([`${(0, import_util_uri_escape.escapeUri)(key)}=${(0, import_util_uri_escape.escapeUri)(value2)}`]),
-        []
-      ).sort().join("&");
+      serialized[encodedKey] = value.slice(0).reduce((encoded, value2) => encoded.concat([`${encodedKey}=${(0, import_util_uri_escape.escapeUri)(value2)}`]), []).sort().join("&");
     }
   }
-  return keys.map((key) => serialized[key]).filter((serialized2) => serialized2).join("&");
+  return keys.sort().map((key) => serialized[key]).filter((serialized2) => serialized2).join("&");
 }, "getCanonicalQuery");
 
 // src/getPayloadHash.ts
@@ -310,11 +308,11 @@ var hasHeader = /* @__PURE__ */ __name((soughtHeader, headers) => {
 // src/moveHeadersToQuery.ts
 var import_protocol_http = require("@smithy/protocol-http");
 var moveHeadersToQuery = /* @__PURE__ */ __name((request, options = {}) => {
-  var _a;
+  var _a, _b;
   const { headers, query = {} } = import_protocol_http.HttpRequest.clone(request);
   for (const name of Object.keys(headers)) {
     const lname = name.toLowerCase();
-    if (lname.slice(0, 6) === "x-amz-" && !((_a = options.unhoistableHeaders) == null ? void 0 : _a.has(lname))) {
+    if (lname.slice(0, 6) === "x-amz-" && !((_a = options.unhoistableHeaders) == null ? void 0 : _a.has(lname)) || ((_b = options.hoistableHeaders) == null ? void 0 : _b.has(lname))) {
       query[name] = headers[name];
       delete headers[name];
     }
@@ -378,6 +376,7 @@ var _SignatureV4 = class _SignatureV4 {
       unsignableHeaders,
       unhoistableHeaders,
       signableHeaders,
+      hoistableHeaders,
       signingRegion,
       signingService
     } = options;
@@ -391,7 +390,7 @@ var _SignatureV4 = class _SignatureV4 {
       );
     }
     const scope = createScope(shortDate, region, signingService ?? this.service);
-    const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
+    const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders, hoistableHeaders });
     if (credentials.sessionToken) {
       request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
     }

package/dist-es/SignatureV4.js

@@ -23,7 +23,7 @@ export class SignatureV4 {
         this.credentialProvider = normalizeProvider(credentials);
     }
     async presign(originalRequest, options = {}) {
-        const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, signingRegion, signingService, } = options;
+        const { signingDate = new Date(), expiresIn = 3600, unsignableHeaders, unhoistableHeaders, signableHeaders, hoistableHeaders, signingRegion, signingService, } = options;
         const credentials = await this.credentialProvider();
         this.validateResolvedCredentials(credentials);
         const region = signingRegion ?? (await this.regionProvider());
@@ -32,7 +32,7 @@ export class SignatureV4 {
             return Promise.reject("Signature version 4 presigned URLs" + " must have an expiration date less than one week in" + " the future");
         }
         const scope = createScope(shortDate, region, signingService ?? this.service);
-        const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
+        const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders, hoistableHeaders });
         if (credentials.sessionToken) {
             request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
         }

package/dist-es/getCanonicalQuery.js

@@ -3,24 +3,26 @@ import { SIGNATURE_HEADER } from "./constants";
 export const getCanonicalQuery = ({ query = {} }) => {
     const keys = [];
     const serialized = {};
-    for (const key of Object.keys(query).sort()) {
+    for (const key of Object.keys(query)) {
         if (key.toLowerCase() === SIGNATURE_HEADER) {
             continue;
         }
-        keys.push(key);
+        const encodedKey = escapeUri(key);
+        keys.push(encodedKey);
         const value = query[key];
         if (typeof value === "string") {
-            serialized[key] = `${escapeUri(key)}=${escapeUri(value)}`;
+            serialized[encodedKey] = `${encodedKey}=${escapeUri(value)}`;
         }
         else if (Array.isArray(value)) {
-            serialized[key] = value
+            serialized[encodedKey] = value
                 .slice(0)
-                .reduce((encoded, value) => encoded.concat([`${escapeUri(key)}=${escapeUri(value)}`]), [])
+                .reduce((encoded, value) => encoded.concat([`${encodedKey}=${escapeUri(value)}`]), [])
                 .sort()
                 .join("&");
         }
     }
     return keys
+        .sort()
         .map((key) => serialized[key])
         .filter((serialized) => serialized)
         .join("&");

package/dist-es/moveHeadersToQuery.js

@@ -3,7 +3,8 @@ export const moveHeadersToQuery = (request, options = {}) => {
     const { headers, query = {} } = HttpRequest.clone(request);
     for (const name of Object.keys(headers)) {
         const lname = name.toLowerCase();
-        if (lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname)) {
+        if ((lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname)) ||
+            options.hoistableHeaders?.has(lname)) {
             query[name] = headers[name];
             delete headers[name];
         }

package/dist-types/moveHeadersToQuery.d.ts

@@ -4,6 +4,7 @@ import type { HttpRequest as IHttpRequest, QueryParameterBag } from "@smithy/typ
  */
 export declare const moveHeadersToQuery: (request: IHttpRequest, options?: {
     unhoistableHeaders?: Set<string>;
+    hoistableHeaders?: Set<string>;
 }) => IHttpRequest & {
     query: QueryParameterBag;
 };

package/dist-types/ts3.4/moveHeadersToQuery.d.ts

@@ -4,6 +4,7 @@ import { HttpRequest as IHttpRequest, QueryParameterBag } from "@smithy/types";
  */
 export declare const moveHeadersToQuery: (request: IHttpRequest, options?: {
     unhoistableHeaders?: Set<string>;
+    hoistableHeaders?: Set<string>;
 }) => IHttpRequest & {
     query: QueryParameterBag;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/signature-v4",
-  "version": "4.1.3",
+  "version": "4.2.0",
   "description": "A standalone implementation of the AWS Signature V4 request signing algorithm",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -25,10 +25,10 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@smithy/is-array-buffer": "^3.0.0",
-    "@smithy/protocol-http": "^4.1.3",
-    "@smithy/types": "^3.4.2",
+    "@smithy/protocol-http": "^4.1.4",
+    "@smithy/types": "^3.5.0",
     "@smithy/util-hex-encoding": "^3.0.0",
-    "@smithy/util-middleware": "^3.0.6",
+    "@smithy/util-middleware": "^3.0.7",
     "@smithy/util-uri-escape": "^3.0.0",
     "@smithy/util-utf8": "^3.0.0",
     "tslib": "^2.6.2"