@vizamodo/aws-sts-core 0.3.32 → 0.3.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/federation/login.js +8 -0
- package/dist/sts/issue.js +13 -0
- package/package.json +1 -1
package/dist/federation/login.js
CHANGED
|
@@ -10,6 +10,14 @@ export async function buildFederationLoginUrl(input) {
|
|
|
10
10
|
if (!Number.isFinite(expiresAtMs) || expiresAtMs <= Date.now()) {
|
|
11
11
|
throw new Error("[federation] invalid or expired credentials");
|
|
12
12
|
}
|
|
13
|
+
const tokenHash = await sha256Hex(input.sessionToken);
|
|
14
|
+
console.debug("[signin] key input", {
|
|
15
|
+
accessKeyId: input.accessKeyId,
|
|
16
|
+
tokenHash,
|
|
17
|
+
intent: input.intent,
|
|
18
|
+
region: input.region,
|
|
19
|
+
forceRefresh: input.forceRefresh
|
|
20
|
+
});
|
|
13
21
|
const cacheKey = `aws-signin:${await sha256Hex(input.accessKeyId)}`;
|
|
14
22
|
const sessionJson = JSON.stringify(session);
|
|
15
23
|
const encoded = encodeURIComponent(sessionJson);
|
package/dist/sts/issue.js
CHANGED
|
@@ -89,6 +89,7 @@ export async function issueAwsCredentials(input) {
|
|
|
89
89
|
cachedCertSerialSource = normalizedCert;
|
|
90
90
|
}
|
|
91
91
|
const cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
|
|
92
|
+
console.debug("[issueAwsCredentials] cacheKey", { cacheKey, forceRefresh });
|
|
92
93
|
// ---- Build SigV4 request ----
|
|
93
94
|
const { signingKey } = await getSigningMaterial({
|
|
94
95
|
certBase64: normalizedCert,
|
|
@@ -131,6 +132,7 @@ export async function issueAwsCredentials(input) {
|
|
|
131
132
|
"Authorization": `${ALGORITHM} Credential=${certSerialDec}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`,
|
|
132
133
|
});
|
|
133
134
|
const issuedAt = Date.now(); // snapshot before the network round-trip
|
|
135
|
+
console.debug("[issueAwsCredentials] invoking cache layer", { cacheKey });
|
|
134
136
|
return getCachedOrFetch(cacheKey, async () => {
|
|
135
137
|
const res = await fetch(`https://${host}${PATH}`, {
|
|
136
138
|
method: "POST",
|
|
@@ -147,6 +149,10 @@ export async function issueAwsCredentials(input) {
|
|
|
147
149
|
console.warn("[issueAwsCredentials] malformed AWS credential response");
|
|
148
150
|
throw new InternalError("aws_malformed_credentials");
|
|
149
151
|
}
|
|
152
|
+
console.debug("[issueAwsCredentials] fetched new credentials", {
|
|
153
|
+
accessKeyId: creds.accessKeyId,
|
|
154
|
+
expiration: creds.expiration
|
|
155
|
+
});
|
|
150
156
|
const value = {
|
|
151
157
|
accessKeyId: creds.accessKeyId,
|
|
152
158
|
secretAccessKey: creds.secretAccessKey,
|
|
@@ -159,8 +165,15 @@ export async function issueAwsCredentials(input) {
|
|
|
159
165
|
if (Number.isFinite(expiresAtMs) && credLifetimeSec > 0) {
|
|
160
166
|
const edgeCacheTtlSec = Math.floor(credLifetimeSec / 3);
|
|
161
167
|
const edgeCacheExpiry = new Date(issuedAt + edgeCacheTtlSec * 1000).toISOString();
|
|
168
|
+
console.debug("[issueAwsCredentials] computed TTL", {
|
|
169
|
+
credLifetimeSec,
|
|
170
|
+
edgeCacheTtlSec
|
|
171
|
+
});
|
|
162
172
|
return wrapResult(value, edgeCacheExpiry);
|
|
163
173
|
}
|
|
174
|
+
console.debug("[issueAwsCredentials] fallback return (no TTL)", {
|
|
175
|
+
accessKeyId: value.accessKeyId
|
|
176
|
+
});
|
|
164
177
|
return value;
|
|
165
178
|
}, {
|
|
166
179
|
ttlSec: 60,
|