npm - @vizamodo/aws-sts-core - Versions diffs - 0.3.19 → 0.3.20 - Mend

@vizamodo/aws-sts-core 0.3.19 → 0.3.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/sts/issue.js +11 -4
package/package.json +1 -1

package/dist/sts/issue.js CHANGED Viewed

@@ -142,8 +142,13 @@ export async function issueAwsCredentials(input) {
     // ---- cross-request cache lookup (Cloudflare Cache API) ----
     cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
     const externalCached = await getEdgeCache(cacheKey);
-    if (externalCached) {
-        return externalCached;
+    if (externalCached?.expiration) {
+        const exp = Date.parse(externalCached.expiration);
+        // Ensure cached credentials still have at least 2/3 of session TTL remaining
+        const MIN_REMAINING_MS = Math.floor((sessionTtl * 2) / 3) * 1000;
+        if (Number.isFinite(exp) && exp > Date.now() + MIN_REMAINING_MS) {
+            return externalCached;
+        }
     }
     // ---- isolate-level cache lookup (dedupe concurrent refresh within isolate) ----
     const cachedEntry = stsCredentialCache.get(cacheKey);
@@ -239,9 +244,11 @@ export async function issueAwsCredentials(input) {
             if (result.expiration) {
                 const expiresAt = Date.parse(result.expiration);
                 if (Number.isFinite(expiresAt)) {
-                    // Cache only the last 1/3 of credential lifetime so refresh happens early
                     const remainingSec = Math.floor((expiresAt - Date.now()) / 1000);
-                    const ttlSec = Math.max(0, remainingSec - Math.floor(sessionTtl / 3));
+                    // Cache lifetime policy: only cache for 1/3 of requested session TTL
+                    const desiredTtl = Math.floor(sessionTtl / 3);
+                    // Ensure we never cache longer than the actual credential lifetime
+                    const ttlSec = Math.max(0, Math.min(desiredTtl, remainingSec));
                     setEdgeCache(cacheKey, result, ttlSec).catch(() => { });
                 }
             }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vizamodo/aws-sts-core",
-  "version": "0.3.19",
+  "version": "0.3.20",
   "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
   "type": "module",
   "main": "dist/index.js",