s3broker 0.0.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +85 -0
  2. package/package.json +8 -4
  3. package/src/index.ts +3 -11
package/README.md ADDED
@@ -0,0 +1,85 @@
1
+ # S3Broker
2
+
3
+ [![npm version](https://img.shields.io/npm/v/s3broker.svg)](https://www.npmjs.com/package/s3broker)
4
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
5
+
6
+ A Cloudflare Workers library for building S3 proxies with guardrails.
7
+
8
+ ## Overview
9
+
10
+ S3Broker is a TypeScript library for building proxies and guardrails for S3-compatible storage. It sits between your S3 clients and your S3-compatible storage, providing dual-key authentication and policy-based guardrails:
11
+
12
+ ```
13
+ ========== ============ ============
14
+ ||Client|| -- Key A --> ||S3Broker|| -- Key B --> ||Upstream||
15
+ ========== ============ ============
16
+ ```
17
+
18
+ **Key Features:**
19
+
20
+ - **Two-Key Authentication**: Clients authenticate with Key A; S3Broker re-signs requests with Key B for the upstream
21
+ - **Guardrails Framework**: Configurable policies to protect your data (e.g., prevent deletion of recently created objects)
22
+ - **Full S3 Compatibility**: Works with any S3 client (AWS SDK, s3cmd, rclone, etc.)
23
+ - **Cloudflare Workers**: Built for Cloudflare Workers runtime
24
+
25
+ ## Installation
26
+
27
+ ```bash
28
+ npm install s3broker
29
+ ```
30
+
31
+ ## Quick Start
32
+
33
+ ```typescript
34
+ import { handle } from 's3broker';
35
+
36
+ export default {
37
+ async fetch(request, env, ctx) {
38
+ return handle(request, {
39
+ s3Endpoint: env.S3_ENDPOINT,
40
+ clientAccessKeyId: env.CLIENT_ACCESS_KEY_ID,
41
+ clientSecretAccessKey: env.CLIENT_SECRET_ACCESS_KEY,
42
+ upstreamAccessKeyId: env.UPSTREAM_ACCESS_KEY_ID,
43
+ upstreamSecretAccessKey: env.UPSTREAM_SECRET_ACCESS_KEY,
44
+ });
45
+ },
46
+ };
47
+ ```
48
+
49
+ ## With Custom Guardrails
50
+
51
+ ```typescript
52
+ import { handle } from 's3broker';
53
+
54
+ export default {
55
+ async fetch(request, env, ctx) {
56
+ return handle(request, {
57
+ s3Endpoint: env.S3_ENDPOINT,
58
+ clientAccessKeyId: env.CLIENT_ACCESS_KEY_ID,
59
+ clientSecretAccessKey: env.CLIENT_SECRET_ACCESS_KEY,
60
+ upstreamAccessKeyId: env.UPSTREAM_ACCESS_KEY_ID,
61
+ upstreamSecretAccessKey: env.UPSTREAM_SECRET_ACCESS_KEY,
62
+ guardrailConfig: {
63
+ noDeleteOld: [
64
+ {
65
+ pattern: '/protected/.*',
66
+ config: { noDeleteBeforeSeconds: 3600 }, // Files older than 1h in /protected/ could not be deleted
67
+ },
68
+ ],
69
+ },
70
+ });
71
+ },
72
+ };
73
+ ```
74
+
75
+ ## Limitations
76
+
77
+ - **`STREAMING-AWS4-HMAC-SHA256-PAYLOAD`** payload signing method is not supported.
78
+
79
+ ## Documentation
80
+
81
+ For full documentation, see the [GitHub repository](https://github.com/tsunrise/s3broker).
82
+
83
+ ## License
84
+
85
+ MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "s3broker",
3
- "version": "0.0.1",
3
+ "version": "0.4.2",
4
4
  "description": "S3 proxy library with SigV4 verification and configurable guardrails policies",
5
5
  "main": "src/index.ts",
6
6
  "types": "src/index.ts",
@@ -21,8 +21,12 @@
21
21
  "zod": "^4.2.1"
22
22
  },
23
23
  "devDependencies": {
24
- "@cloudflare/workers-types": "^4.20241230.0",
25
- "typescript": "^5.5.2"
24
+ "typescript": "^5.5.2",
25
+ "@cloudflare/workers-types": "^4.1.1"
26
26
  },
27
- "author": "Tom Shen"
27
+ "author": "Tom Shen",
28
+ "repository": {
29
+ "type": "git",
30
+ "url": "https://github.com/tsunrise/s3broker"
31
+ }
28
32
  }
package/src/index.ts CHANGED
@@ -1,14 +1,11 @@
1
1
  /**
2
- * S3Broker - S3 Proxy Library with SigV4 Verification and Guardrails
2
+ * S3Broker - S3 Proxy Library for Cloudflare Workers
3
3
  *
4
4
  * ========== =========== ============
5
5
  * ||Client|| -- Key A --> ||S3Broker|| -- Key B --> ||Upstream||
6
6
  * ========== =========== ============
7
7
  *
8
- * S3Broker is a library for building secure S3-compatible proxies. It can be used in:
9
- * - Cloudflare Workers
10
- * - Any other serverless platforms (Vercel, Netlify, etc.)
11
- * - Any JavaScript/TypeScript runtime with fetch API support
8
+ * S3Broker is a Cloudflare Workers library for building secure S3-compatible proxies.
12
9
  *
13
10
  * Features:
14
11
  * 1. Verifies incoming requests signed with Key A (client credentials)
@@ -97,7 +94,6 @@ export const defaultGuardrailConfig: GuardrailConfig = {
97
94
  * Handle an incoming S3 request with signature verification, guardrails, and proxying.
98
95
  *
99
96
  * @param request - The incoming HTTP request (must be a valid S3 API request)
100
- * @param _ctx - Execution context (unused, reserved for future use)
101
97
  * @param options - S3Broker configuration options including credentials and guardrails
102
98
  * @returns Response from the upstream S3 service, or an error response if validation fails
103
99
  *
@@ -114,11 +110,7 @@ export const defaultGuardrailConfig: GuardrailConfig = {
114
110
  * });
115
111
  * ```
116
112
  */
117
- export async function handle(
118
- request: Request<unknown, IncomingRequestCfProperties>,
119
- _ctx: ExecutionContext,
120
- options: S3BrokerOptions,
121
- ): Promise<Response> {
113
+ export async function handle(request: Request<unknown, IncomingRequestCfProperties>, options: S3BrokerOptions): Promise<Response> {
122
114
  const currentTimestamp = Date.now();
123
115
 
124
116
  // Verify the incoming request signature (Client Key)