npm - @vizamodo/aws-sts-core - Versions diffs - 0.3.34 → 0.3.36 - Mend

@vizamodo/aws-sts-core 0.3.34 → 0.3.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/federation/login.js CHANGED Viewed

@@ -13,12 +13,13 @@ export async function buildFederationLoginUrl(input) {
     const tokenHash = await sha256Hex(input.sessionToken);
     console.debug("[signin] key input", {
         accessKeyId: input.accessKeyId,
+        sessionKey: input.secretAccessKey,
         tokenHash,
         intent: input.intent,
         region: input.region,
         forceRefresh: input.forceRefresh
     });
-    const cacheKey = `aws-signin:${await sha256Hex(input.accessKeyId)}`;
+    const cacheKey = `aws-signin:${tokenHash}`;
     const sessionJson = JSON.stringify(session);
     const encoded = encodeURIComponent(sessionJson);
     const SigninToken = await getCachedOrFetch(cacheKey, async () => {

package/dist/sts/issue.js CHANGED Viewed

@@ -90,50 +90,49 @@ export async function issueAwsCredentials(input) {
     }
     const cacheKey = `${region}|${roleArn}|${profileArn}|${trustAnchorArn}|${certSerialDec}`;
     console.debug("[issueAwsCredentials] cacheKey", { cacheKey, forceRefresh });
-    // ---- Build SigV4 request ----
-    const { signingKey } = await getSigningMaterial({
-        certBase64: normalizedCert,
-        privateKeyPkcs8Base64,
-    });
-    const host = `${SERVICE}.${region}.amazonaws.com`;
-    const iso = new Date().toISOString();
-    const amzDate = isoToAmzDate(iso);
-    const dateStamp = iso.slice(0, 4) + iso.slice(5, 7) + iso.slice(8, 10);
-    const body = JSON.stringify({ trustAnchorArn, profileArn, roleArn, durationSeconds: sessionTtl });
-    const payloadHash = await sha256Hex(body);
-    const baseHeaders = {
-        "content-type": "application/json",
-        "host": host,
-        "x-amz-date": amzDate,
-        "x-amz-x509": normalizedCert,
-    };
-    const { canonicalHeaders, signedHeaders } = canonicalizeHeaders(baseHeaders);
-    const credentialScope = `${dateStamp}/${region}/${SERVICE}/aws4_request`;
-    const canonicalRequest = buildCanonicalRequest({
-        method: "POST",
-        canonicalUri: PATH,
-        query: "",
-        canonicalHeaders,
-        signedHeaders,
-        payloadHash,
-    });
-    const canonicalRequestHash = await sha256Hex(canonicalRequest);
-    const stringToSign = buildStringToSign({
-        algorithm: ALGORITHM,
-        amzDate,
-        credentialScope,
-        canonicalRequestHash,
-    });
-    const signatureHex = await signStringToSign(stringToSign, signingKey);
-    const finalHeaders = new Headers({
-        "Content-Type": "application/json",
-        "X-Amz-Date": amzDate,
-        "X-Amz-X509": normalizedCert,
-        "Authorization": `${ALGORITHM} Credential=${certSerialDec}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`,
-    });
-    const issuedAt = Date.now(); // snapshot before the network round-trip
     console.debug("[issueAwsCredentials] invoking cache layer", { cacheKey });
     return getCachedOrFetch(cacheKey, async () => {
+        const issuedAt = Date.now();
+        const { signingKey } = await getSigningMaterial({
+            certBase64: normalizedCert,
+            privateKeyPkcs8Base64,
+        });
+        const host = `${SERVICE}.${region}.amazonaws.com`;
+        const iso = new Date().toISOString();
+        const amzDate = isoToAmzDate(iso);
+        const dateStamp = iso.slice(0, 4) + iso.slice(5, 7) + iso.slice(8, 10);
+        const body = JSON.stringify({ trustAnchorArn, profileArn, roleArn, durationSeconds: sessionTtl });
+        const payloadHash = await sha256Hex(body);
+        const baseHeaders = {
+            "content-type": "application/json",
+            "host": host,
+            "x-amz-date": amzDate,
+            "x-amz-x509": normalizedCert,
+        };
+        const { canonicalHeaders, signedHeaders } = canonicalizeHeaders(baseHeaders);
+        const credentialScope = `${dateStamp}/${region}/${SERVICE}/aws4_request`;
+        const canonicalRequest = buildCanonicalRequest({
+            method: "POST",
+            canonicalUri: PATH,
+            query: "",
+            canonicalHeaders,
+            signedHeaders,
+            payloadHash,
+        });
+        const canonicalRequestHash = await sha256Hex(canonicalRequest);
+        const stringToSign = buildStringToSign({
+            algorithm: ALGORITHM,
+            amzDate,
+            credentialScope,
+            canonicalRequestHash,
+        });
+        const signatureHex = await signStringToSign(stringToSign, signingKey);
+        const finalHeaders = new Headers({
+            "Content-Type": "application/json",
+            "X-Amz-Date": amzDate,
+            "X-Amz-X509": normalizedCert,
+            "Authorization": `${ALGORITHM} Credential=${certSerialDec}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signatureHex}`,
+        });
         const res = await fetch(`https://${host}${PATH}`, {
             method: "POST",
             headers: finalHeaders,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vizamodo/aws-sts-core",
-  "version": "0.3.34",
+  "version": "0.3.36",
   "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
   "type": "module",
   "main": "dist/index.js",