@vizamodo/aws-sts-core 0.4.32 → 0.4.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/sts/issue.js +1 -50
  2. package/package.json +1 -1
package/dist/sts/issue.js CHANGED
@@ -26,19 +26,12 @@ let signingKeyPromise = null;
26
26
  let cachedSigningKey = null;
27
27
  let cachedCertBase64 = null;
28
28
  let cachedPrivateKeyBase64 = null;
29
- // ---- single-flight hard refresh guard + cooldown ----
30
- let hardRefreshPromise = null;
31
- let lastHardRefreshAt = 0;
32
- const HARD_REFRESH_COOLDOWN_MS = 2000;
33
29
  export function resetIsolateCache() {
34
30
  signingKeyPromise = null;
35
31
  cachedSigningKey = null;
36
32
  cachedCertBase64 = null;
37
33
  cachedPrivateKeyBase64 = null;
38
34
  }
39
- // ---- certificate serial cache (DER walk is CPU-bound, cert rarely rotates) ----
40
- let cachedCertSerialDec = null;
41
- let cachedCertSerialSource = null;
42
35
  // ---------------------------------------------------------------------------
43
36
  // Signing material
44
37
  // ---------------------------------------------------------------------------
@@ -162,48 +155,6 @@ export async function issueAwsCredentials(input) {
162
155
  }
163
156
  if (!res.ok) {
164
157
  const status = res.status;
165
- // Safe internal hard reset trigger:
166
- // Only reset isolate cache on explicit forceRefresh AND first failure
167
- if (forceRefresh && status === 403) {
168
- const now = Date.now();
169
- // Cooldown guard to avoid rapid consecutive hard resets
170
- if (now - lastHardRefreshAt < HARD_REFRESH_COOLDOWN_MS) {
171
- console.warn("[aws-rejected][cooldown-skip-hard-reset]", { status, region });
172
- throw new InternalError("aws_rejected");
173
- }
174
- // Single-flight: only one request performs hard refresh
175
- if (!hardRefreshPromise) {
176
- hardRefreshPromise = (async () => {
177
- console.warn("[aws-rejected][hard-reset-trigger]", { status, region });
178
- lastHardRefreshAt = Date.now();
179
- resetIsolateCache();
180
- const { headers: retryHeaders, body: retryBody, host: retryHost } = await buildSignedHeaders();
181
- const retryRes = await fetch(`https://${retryHost}${PATH}`, {
182
- method: "POST",
183
- headers: retryHeaders,
184
- body: retryBody,
185
- });
186
- if (!retryRes.ok) {
187
- console.warn("[aws-rejected][after-hard-reset]", { status: retryRes.status, region });
188
- throw new InternalError("aws_rejected");
189
- }
190
- const retryJson = await retryRes.json();
191
- const retryCreds = retryJson?.credentialSet?.[0]?.credentials;
192
- if (!retryCreds?.accessKeyId || !retryCreds?.secretAccessKey || !retryCreds?.sessionToken) {
193
- throw new InternalError("aws_malformed_credentials");
194
- }
195
- return {
196
- accessKeyId: retryCreds.accessKeyId,
197
- secretAccessKey: retryCreds.secretAccessKey,
198
- sessionToken: retryCreds.sessionToken,
199
- expiration: retryCreds.expiration,
200
- };
201
- })().finally(() => {
202
- hardRefreshPromise = null;
203
- });
204
- }
205
- return await hardRefreshPromise;
206
- }
207
158
  console.warn("[aws-rejected]", { status, region, profile });
208
159
  throw new InternalError("aws_rejected");
209
160
  }
@@ -230,7 +181,7 @@ export async function issueAwsCredentials(input) {
230
181
  return value;
231
182
  }, {
232
183
  ttlSec: 60,
233
- forceRefresh: !!forceRefresh
184
+ forceRefresh
234
185
  });
235
186
  }
236
187
  // ---------------------------------------------------------------------------
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vizamodo/aws-sts-core",
3
- "version": "0.4.32",
3
+ "version": "0.4.33",
4
4
  "description": "Pure AWS STS + SigV4 (X509 Roles Anywhere) core logic",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",