@vizamodo/aws-sts-core 0.3.19 → 0.3.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/runtime/cache.d.ts +5 -0
- package/dist/runtime/cache.js +20 -0
- package/dist/sts/issue.js +11 -4
- package/package.json +3 -3
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { getEdgeCache, setEdgeCache } from "./edge-cache";
|
|
2
|
+
const memory = new Map();
|
|
3
|
+
export async function getCachedOrFetch(key, fetcher, options) {
|
|
4
|
+
// L1: memory
|
|
5
|
+
if (memory.has(key)) {
|
|
6
|
+
return memory.get(key);
|
|
7
|
+
}
|
|
8
|
+
// L2: edge cache
|
|
9
|
+
const edge = await getEdgeCache(key);
|
|
10
|
+
if (edge) {
|
|
11
|
+
memory.set(key, edge);
|
|
12
|
+
return edge;
|
|
13
|
+
}
|
|
14
|
+
// L3: fetch
|
|
15
|
+
const value = await fetcher();
|
|
16
|
+
// write back
|
|
17
|
+
memory.set(key, value);
|
|
18
|
+
await setEdgeCache(key, value, options?.ttlSec ?? 3000);
|
|
19
|
+
return value;
|
|
20
|
+
}
|
package/dist/sts/issue.js
CHANGED
|
@@ -142,8 +142,13 @@ export async function issueAwsCredentials(input) {
|
|
|
142
142
|
// ---- cross-request cache lookup (Cloudflare Cache API) ----
|
|
143
143
|
cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
|
|
144
144
|
const externalCached = await getEdgeCache(cacheKey);
|
|
145
|
-
if (externalCached) {
|
|
146
|
-
|
|
145
|
+
if (externalCached?.expiration) {
|
|
146
|
+
const exp = Date.parse(externalCached.expiration);
|
|
147
|
+
// Ensure cached credentials still have at least 2/3 of session TTL remaining
|
|
148
|
+
const MIN_REMAINING_MS = Math.floor((sessionTtl * 2) / 3) * 1000;
|
|
149
|
+
if (Number.isFinite(exp) && exp > Date.now() + MIN_REMAINING_MS) {
|
|
150
|
+
return externalCached;
|
|
151
|
+
}
|
|
147
152
|
}
|
|
148
153
|
// ---- isolate-level cache lookup (dedupe concurrent refresh within isolate) ----
|
|
149
154
|
const cachedEntry = stsCredentialCache.get(cacheKey);
|
|
@@ -239,9 +244,11 @@ export async function issueAwsCredentials(input) {
|
|
|
239
244
|
if (result.expiration) {
|
|
240
245
|
const expiresAt = Date.parse(result.expiration);
|
|
241
246
|
if (Number.isFinite(expiresAt)) {
|
|
242
|
-
// Cache only the last 1/3 of credential lifetime so refresh happens early
|
|
243
247
|
const remainingSec = Math.floor((expiresAt - Date.now()) / 1000);
|
|
244
|
-
|
|
248
|
+
// Cache lifetime policy: only cache for 1/3 of requested session TTL
|
|
249
|
+
const desiredTtl = Math.floor(sessionTtl / 3);
|
|
250
|
+
// Ensure we never cache longer than the actual credential lifetime
|
|
251
|
+
const ttlSec = Math.max(0, Math.min(desiredTtl, remainingSec));
|
|
245
252
|
setEdgeCache(cacheKey, result, ttlSec).catch(() => { });
|
|
246
253
|
}
|
|
247
254
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vizamodo/aws-sts-core",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.21",
|
|
4
4
|
"description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -23,8 +23,8 @@
|
|
|
23
23
|
"devDependencies": {
|
|
24
24
|
"@aws-crypto/sha256-js": "^5.2.0",
|
|
25
25
|
"@aws-sdk/signature-v4": "^3.374.0",
|
|
26
|
-
"@vitest/coverage-v8": "^4.0
|
|
26
|
+
"@vitest/coverage-v8": "^4.1.0",
|
|
27
27
|
"typescript": "^5.9.3",
|
|
28
|
-
"vitest": "^4.0
|
|
28
|
+
"vitest": "^4.1.0"
|
|
29
29
|
}
|
|
30
30
|
}
|