alpcentaur
/
permapp
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
4.4 MiB
Tree: 33e8597893
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '33e8597893'
${ noResults }
permapp/node_modules/aws4/README.md

183 lines
6.3 KiB
Raw Normal View History

Server Client Communication added
4 years ago
 
  1. aws4
  2. ----
  3. 

  4. [![Build Status](https://api.travis-ci.org/mhart/aws4.png?branch=master)](https://travis-ci.org/github/mhart/aws4)
  5. 

  6. A small utility to sign vanilla Node.js http(s) request options using Amazon's
  7. [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
  8. 

  9. If you want to sign and send AWS requests in a modern browser, or an environment like [Cloudflare Workers](https://developers.cloudflare.com/workers/), then check out [aws4fetch](https://github.com/mhart/aws4fetch) – otherwise you can also bundle this library for use [in older browsers](./browser).
  10. 

  11. The only AWS service that *doesn't* support v4 as of 2020-05-22 is
  12. [SimpleDB](https://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/SDB_API.html)
  13. (it only supports [AWS Signature Version 2](https://github.com/mhart/aws2)).
  14. 

  15. It also provides defaults for a number of core AWS headers and
  16. request parameters, making it very easy to query AWS services, or
  17. build out a fully-featured AWS library.
  18. 

  19. Example
  20. -------
  21. 

  22. ```javascript
  23. var https = require('https')
  24. var aws4  = require('aws4')
  25. 

  26. // to illustrate usage, we'll create a utility function to request and pipe to stdout
  27. function request(opts) { https.request(opts, function(res) { res.pipe(process.stdout) }).end(opts.body || '') }
  28. 

  29. // aws4 will sign an options object as you'd pass to http.request, with an AWS service and region
  30. var opts = { host: 'my-bucket.s3.us-west-1.amazonaws.com', path: '/my-object', service: 's3', region: 'us-west-1' }
  31. 

  32. // aws4.sign() will sign and modify these options, ready to pass to http.request
  33. aws4.sign(opts, { accessKeyId: '', secretAccessKey: '' })
  34. 

  35. // or it can get credentials from process.env.AWS_ACCESS_KEY_ID, etc
  36. aws4.sign(opts)
  37. 

  38. // for most AWS services, aws4 can figure out the service and region if you pass a host
  39. opts = { host: 'my-bucket.s3.us-west-1.amazonaws.com', path: '/my-object' }
  40. 

  41. // usually it will add/modify request headers, but you can also sign the query:
  42. opts = { host: 'my-bucket.s3.amazonaws.com', path: '/?X-Amz-Expires=12345', signQuery: true }
  43. 

  44. // and for services with simple hosts, aws4 can infer the host from service and region:
  45. opts = { service: 'sqs', region: 'us-east-1', path: '/?Action=ListQueues' }
  46. 

  47. // and if you're using us-east-1, it's the default:
  48. opts = { service: 'sqs', path: '/?Action=ListQueues' }
  49. 

  50. aws4.sign(opts)
  51. console.log(opts)
  52. /*
  53. {
  54.   host: 'sqs.us-east-1.amazonaws.com',
  55.   path: '/?Action=ListQueues',
  56.   headers: {
  57.     Host: 'sqs.us-east-1.amazonaws.com',
  58.     'X-Amz-Date': '20121226T061030Z',
  59.     Authorization: 'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/sqs/aws4_request, ...'
  60.   }
  61. }
  62. */
  63. 

  64. // we can now use this to query AWS
  65. request(opts)
  66. /*
  67. <?xml version="1.0"?>
  68. <ListQueuesResponse xmlns="https://queue.amazonaws.com/doc/2012-11-05/">
  69. ...
  70. */
  71. 

  72. // aws4 can infer the HTTP method if a body is passed in
  73. // method will be POST and Content-Type: 'application/x-www-form-urlencoded; charset=utf-8'
  74. request(aws4.sign({ service: 'iam', body: 'Action=ListGroups&Version=2010-05-08' }))
  75. /*
  76. <ListGroupsResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  77. ...
  78. */
  79. 

  80. // you can specify any custom option or header as per usual
  81. request(aws4.sign({
  82.   service: 'dynamodb',
  83.   region: 'ap-southeast-2',
  84.   method: 'POST',
  85.   path: '/',
  86.   headers: {
  87.     'Content-Type': 'application/x-amz-json-1.0',
  88.     'X-Amz-Target': 'DynamoDB_20120810.ListTables'
  89.   },
  90.   body: '{}'
  91. }))
  92. /*
  93. {"TableNames":[]}
  94. ...
  95. */
  96. 

  97. // The raw RequestSigner can be used to generate CodeCommit Git passwords
  98. var signer = new aws4.RequestSigner({
  99.   service: 'codecommit',
  100.   host: 'git-codecommit.us-east-1.amazonaws.com',
  101.   method: 'GIT',
  102.   path: '/v1/repos/MyAwesomeRepo',
  103. })
  104. var password = signer.getDateTime() + 'Z' + signer.signature()
  105. 

  106. // see example.js for examples with other services
  107. ```
  108. 

  109. API
  110. ---
  111. 

  112. ### aws4.sign(requestOptions, [credentials])

  113. 

  114. Calculates and populates any necessary AWS headers and/or request
  115. options on `requestOptions`. Returns `requestOptions` as a convenience for chaining.
  116. 

  117. `requestOptions` is an object holding the same options that the Node.js
  118. [http.request](https://nodejs.org/docs/latest/api/http.html#http_http_request_options_callback)
  119. function takes.
  120. 

  121. The following properties of `requestOptions` are used in the signing or
  122. populated if they don't already exist:
  123. 

  124. - `hostname` or `host` (will try to be determined from `service` and `region` if not given)
  125. - `method` (will use `'GET'` if not given or `'POST'` if there is a `body`)
  126. - `path` (will use `'/'` if not given)
  127. - `body` (will use `''` if not given)
  128. - `service` (will try to be calculated from `hostname` or `host` if not given)
  129. - `region` (will try to be calculated from `hostname` or `host` or use `'us-east-1'` if not given)
  130. - `signQuery` (to sign the query instead of adding an `Authorization` header, defaults to false)
  131. - `headers['Host']` (will use `hostname` or `host` or be calculated if not given)
  132. - `headers['Content-Type']` (will use `'application/x-www-form-urlencoded; charset=utf-8'`
  133.   if not given and there is a `body`)
  134. - `headers['Date']` (used to calculate the signature date if given, otherwise `new Date` is used)
  135. 

  136. Your AWS credentials (which can be found in your
  137. [AWS console](https://portal.aws.amazon.com/gp/aws/securityCredentials))
  138. can be specified in one of two ways:
  139. 

  140. - As the second argument, like this:
  141. 

  142. ```javascript
  143. aws4.sign(requestOptions, {
  144.   secretAccessKey: "<your-secret-access-key>",
  145.   accessKeyId: "<your-access-key-id>",
  146.   sessionToken: "<your-session-token>"
  147. })
  148. ```
  149. 

  150. - From `process.env`, such as this:
  151. 

  152. ```
  153. export AWS_ACCESS_KEY_ID="<your-access-key-id>"
  154. export AWS_SECRET_ACCESS_KEY="<your-secret-access-key>"
  155. export AWS_SESSION_TOKEN="<your-session-token>"
  156. ```
  157. 

  158. (will also use `AWS_ACCESS_KEY` and `AWS_SECRET_KEY` if available)
  159. 

  160. The `sessionToken` property and `AWS_SESSION_TOKEN` environment variable are optional for signing
  161. with [IAM STS temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html).
  162. 

  163. Installation
  164. ------------
  165. 

  166. With [npm](https://www.npmjs.com/) do:
  167. 

  168. ```
  169. npm install aws4
  170. ```
  171. 

  172. Can also be used [in the browser](./browser).
  173. 

  174. Thanks
  175. ------
  176. 

  177. Thanks to [@jed](https://github.com/jed) for his
  178. [dynamo-client](https://github.com/jed/dynamo-client) lib where I first
  179. committed and subsequently extracted this code.
  180. 

  181. Also thanks to the
  182. [official Node.js AWS SDK](https://github.com/aws/aws-sdk-js) for giving
  183. me a start on implementing the v4 signature.