npm - lean-s3 - Versions diffs - 0.8.15 → 0.9.2 - Mend

lean-s3 0.8.15 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -98,7 +98,10 @@ type DeleteObjectsError = {
 };
 interface S3FilePresignOptions extends OverridableS3ClientOptions {
   contentHash?: Buffer;
-  /** Seconds. */
+  /**
+   * In seconds.
+   * @default 3600 (1 hour)
+   */
   expiresIn?: number;
   method?: PresignableHttpMethod;
   contentLength?: number;
@@ -128,6 +131,25 @@ interface S3FilePresignOptions extends OverridableS3ClientOptions {
     contentDisposition?: ContentDisposition;
   };
 }
+/**
+ * Ref: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html#sigv4-ConditionMatching
+ */
+type ConditionMatchType = "starts-with" | "eq" | "content-length-range";
+type PostPolicyCondition = [string, string] | [ConditionMatchType, string | number, string | number];
+interface PresignPostOptions extends OverridableS3ClientOptions {
+  key: string;
+  /**
+   * In seconds.
+   * @default 3600 (1 hour)
+   */
+  expiresIn?: number;
+  fields?: Record<string, string>;
+  conditions?: PostPolicyCondition[];
+}
+type PresignPostResult = {
+  url: string;
+  fields: Record<string, string>;
+};
 type CopyObjectOptions = {
   /** Set this to override the {@link S3ClientOptions#bucket} that was passed on creation of the {@link S3Client}. */
   sourceBucket?: string;
@@ -387,7 +409,7 @@ declare class S3Client {
   /**
    * Create a new instance of an S3 bucket so that credentials can be managed from a single instance instead of being passed to every method.
    *
-   * @param  options The default options to use for the S3 client.
+   * @param options The default options to use for the S3 client.
    */
   constructor(options: S3ClientOptions);
   /** @internal */
@@ -452,6 +474,7 @@ declare class S3Client {
    * ```
    */
   presign(path: string, options?: S3FilePresignOptions): string;
+  presignPost(options: PresignPostOptions): PresignPostResult;
   /**
    * Copies an object from a source to a destination.
    * @remarks Uses [`CopyObject`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html).

package/dist/index.mjs CHANGED Viewed

@@ -84,8 +84,11 @@ var S3BucketEntry = class S3BucketEntry {
 function deriveSigningKey(date, region, secretAccessKey) {
 	return createHmac("sha256", createHmac("sha256", createHmac("sha256", createHmac("sha256", `AWS4${secretAccessKey}`).update(date).digest()).update(region).digest()).update("s3").digest()).update("aws4_request").digest();
 }
-function signCanonicalDataHash(signinKey, canonicalDataHash, date, region) {
-	return createHmac("sha256", signinKey).update(`AWS4-HMAC-SHA256\n${date.dateTime}\n${date.date}/${region}/s3/aws4_request\n${canonicalDataHash}`).digest("hex");
+function signEncodedPolicy(signingKey, encodedPolicy) {
+	return createHmac("sha256", signingKey).update(encodedPolicy).digest("hex");
+}
+function signCanonicalDataHash(signingKey, canonicalDataHash, date, region) {
+	return createHmac("sha256", signingKey).update(`AWS4-HMAC-SHA256\n${date.dateTime}\n${date.date}/${region}/s3/aws4_request\n${canonicalDataHash}`).digest("hex");
 }
 const unsignedPayload = "UNSIGNED-PAYLOAD";
 /**
@@ -346,7 +349,7 @@ var S3Client = class {
 	/**
 	* Create a new instance of an S3 bucket so that credentials can be managed from a single instance instead of being passed to every method.
 	*
-	* @param  options The default options to use for the S3 client.
+	* @param options The default options to use for the S3 client.
 	*/
 	constructor(options) {
 		if (!options) throw new Error("`options` is required.");
@@ -457,6 +460,76 @@ var S3Client = class {
 		res.search = `${query}&X-Amz-Signature=${signCanonicalDataHash(signingKey, dataDigest, date, region)}`;
 		return res.toString();
 	}
+	presignPost(options) {
+		const now$1 = /* @__PURE__ */ new Date();
+		const date = getAmzDate(now$1);
+		const key = options.key;
+		const region = ensureValidRegion(options.region ?? this.#options.region);
+		const bucket = ensureValidBucketName(options.bucket ?? this.#options.bucket);
+		const endpoint = ensureValidEndpoint(options.endpoint ?? this.#options.endpoint);
+		const expiresIn = options.expiresIn ?? 3600;
+		const credential = `${this.#options.accessKeyId}/${date.date}/${region}/s3/aws4_request`;
+		const fields = {
+			...options.fields,
+			bucket,
+			"X-Amz-Algorithm": "AWS4-HMAC-SHA256",
+			"X-Amz-Credential": credential,
+			"X-Amz-Date": date.dateTime,
+			...this.#options.sessionToken ? { "X-Amz-Security-Token": this.#options.sessionToken } : void 0
+		};
+		const policy = {
+			expiration: new Date(now$1.getTime() + expiresIn * 1e3).toISOString().replace(/\.\d{3}Z$/, "Z"),
+			conditions: [
+				[
+					"eq",
+					"$bucket",
+					bucket
+				],
+				key.endsWith("{{filename}}") ? [
+					"starts-with",
+					"$key",
+					key.substring(0, key.lastIndexOf("{{filename}}"))
+				] : [
+					"eq",
+					"$key",
+					key
+				],
+				...options.conditions ? options.conditions : [],
+				[
+					"eq",
+					"$x-amz-algorithm",
+					"AWS4-HMAC-SHA256"
+				],
+				[
+					"eq",
+					"$x-amz-credential",
+					credential
+				],
+				[
+					"eq",
+					"$x-amz-date",
+					date.dateTime
+				]
+			]
+		};
+		if (this.#options.sessionToken) policy.conditions.push([
+			"eq",
+			"$x-amz-security-token",
+			this.#options.sessionToken
+		]);
+		const policyJson = JSON.stringify(policy);
+		const encodedPolicy = Buffer.from(policyJson).toString("base64");
+		const signingKey = this.#keyCache.computeIfAbsent(date, region, this.#options.accessKeyId, this.#options.secretAccessKey);
+		return {
+			url: buildRequestUrl(endpoint, bucket, region, "").toString(),
+			fields: {
+				...fields,
+				key,
+				Policy: encodedPolicy,
+				"X-Amz-Signature": signEncodedPolicy(signingKey, encodedPolicy)
+			}
+		};
+	}
 	/**
 	* Copies an object from a source to a destination.
 	* @remarks Uses [`CopyObject`](https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html).
@@ -707,6 +780,7 @@ var S3Client = class {
 		const body = xmlBuilder.build({ CORSConfiguration: { CORSRule: rules.map((r) => ({
 			AllowedOrigin: r.allowedOrigins,
 			AllowedMethod: r.allowedMethods,
+			AllowedHeader: r.allowedHeaders,
 			ExposeHeader: r.exposeHeaders,
 			ID: r.id ?? void 0,
 			MaxAgeSeconds: r.maxAgeSeconds ?? void 0

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "lean-s3",
   "author": "Niklas Mollenhauer",
   "license": "MIT",
-  "version": "0.8.15",
+  "version": "0.9.2",
   "description": "A server-side S3 API for the regular user.",
   "keywords": [
     "s3",
@@ -47,16 +47,16 @@
     "undici": "^7.16.0"
   },
   "devDependencies": {
-    "@biomejs/biome": "2.3.6",
+    "@biomejs/biome": "2.3.7",
     "@testcontainers/localstack": "^11.8.1",
     "@testcontainers/minio": "^11.8.1",
     "@testcontainers/s3mock": "^11.8.1",
     "@types/node": "^24.10.1",
-    "@typescript/native-preview": "^7.0.0-dev.20251117.1",
+    "@typescript/native-preview": "^7.0.0-dev.20251125.1",
     "expect": "^30.2.0",
     "lefthook": "^2.0.4",
     "testcontainers": "^11.8.1",
-    "tsdown": "^0.16.5",
+    "tsdown": "^0.16.7",
     "tsx": "^4.20.6",
     "typedoc": "^0.28.14"
   },