@vizamodo/aws-sts-core 0.4.31 → 0.4.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/sts/issue.js +1 -31
- package/package.json +1 -1
package/dist/sts/issue.js
CHANGED
|
@@ -32,9 +32,6 @@ export function resetIsolateCache() {
|
|
|
32
32
|
cachedCertBase64 = null;
|
|
33
33
|
cachedPrivateKeyBase64 = null;
|
|
34
34
|
}
|
|
35
|
-
// ---- certificate serial cache (DER walk is CPU-bound, cert rarely rotates) ----
|
|
36
|
-
let cachedCertSerialDec = null;
|
|
37
|
-
let cachedCertSerialSource = null;
|
|
38
35
|
// ---------------------------------------------------------------------------
|
|
39
36
|
// Signing material
|
|
40
37
|
// ---------------------------------------------------------------------------
|
|
@@ -158,33 +155,6 @@ export async function issueAwsCredentials(input) {
|
|
|
158
155
|
}
|
|
159
156
|
if (!res.ok) {
|
|
160
157
|
const status = res.status;
|
|
161
|
-
// Safe internal hard reset trigger:
|
|
162
|
-
// Only reset isolate cache on explicit forceRefresh AND first failure
|
|
163
|
-
if (forceRefresh && status === 403) {
|
|
164
|
-
console.warn("[aws-rejected][hard-reset-trigger]", { status, region });
|
|
165
|
-
resetIsolateCache();
|
|
166
|
-
const { headers: retryHeaders, body: retryBody, host: retryHost } = await buildSignedHeaders();
|
|
167
|
-
const retryRes = await fetch(`https://${retryHost}${PATH}`, {
|
|
168
|
-
method: "POST",
|
|
169
|
-
headers: retryHeaders,
|
|
170
|
-
body: retryBody,
|
|
171
|
-
});
|
|
172
|
-
if (!retryRes.ok) {
|
|
173
|
-
console.warn("[aws-rejected][after-hard-reset]", { status: retryRes.status, region });
|
|
174
|
-
throw new InternalError("aws_rejected");
|
|
175
|
-
}
|
|
176
|
-
const retryJson = await retryRes.json();
|
|
177
|
-
const retryCreds = retryJson?.credentialSet?.[0]?.credentials;
|
|
178
|
-
if (!retryCreds?.accessKeyId || !retryCreds?.secretAccessKey || !retryCreds?.sessionToken) {
|
|
179
|
-
throw new InternalError("aws_malformed_credentials");
|
|
180
|
-
}
|
|
181
|
-
return {
|
|
182
|
-
accessKeyId: retryCreds.accessKeyId,
|
|
183
|
-
secretAccessKey: retryCreds.secretAccessKey,
|
|
184
|
-
sessionToken: retryCreds.sessionToken,
|
|
185
|
-
expiration: retryCreds.expiration,
|
|
186
|
-
};
|
|
187
|
-
}
|
|
188
158
|
console.warn("[aws-rejected]", { status, region, profile });
|
|
189
159
|
throw new InternalError("aws_rejected");
|
|
190
160
|
}
|
|
@@ -211,7 +181,7 @@ export async function issueAwsCredentials(input) {
|
|
|
211
181
|
return value;
|
|
212
182
|
}, {
|
|
213
183
|
ttlSec: 60,
|
|
214
|
-
forceRefresh
|
|
184
|
+
forceRefresh
|
|
215
185
|
});
|
|
216
186
|
}
|
|
217
187
|
// ---------------------------------------------------------------------------
|