File Explorer

/var/runtime/node_modules/@aws-sdk/cloudfront-signer/dist-cjs
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
1 file
index.js8.8 KB
index.js8.8 KB · 309 lines
1"use strict";2var __defProp = Object.defineProperty;3var __getOwnPropDesc = Object.getOwnPropertyDescriptor;4var __getOwnPropNames = Object.getOwnPropertyNames;5var __hasOwnProp = Object.prototype.hasOwnProperty;6var __name = (target, value) => __defProp(target, "name", { value, configurable: true });7var __export = (target, all) => {8  for (var name in all)9    __defProp(target, name, { get: all[name], enumerable: true });10};11var __copyProps = (to, from, except, desc) => {12  if (from && typeof from === "object" || typeof from === "function") {13    for (let key of __getOwnPropNames(from))14      if (!__hasOwnProp.call(to, key) && key !== except)15        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });16  }17  return to;18};19var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);20 21// src/index.ts22var index_exports = {};23__export(index_exports, {24  getSignedCookies: () => getSignedCookies,25  getSignedUrl: () => getSignedUrl26});27module.exports = __toCommonJS(index_exports);28 29// src/sign.ts30var import_crypto = require("crypto");31function getSignedUrl({32  dateLessThan,33  dateGreaterThan,34  url,35  keyPairId,36  privateKey,37  ipAddress,38  policy,39  passphrase40}) {41  const cloudfrontSignBuilder = new CloudfrontSignBuilder({42    keyPairId,43    privateKey,44    passphrase45  });46  if (!url && !policy) {47    throw new Error("@aws-sdk/cloudfront-signer: Please provide 'url' or 'policy'.");48  }49  if (policy) {50    cloudfrontSignBuilder.setCustomPolicy(policy);51  } else {52    cloudfrontSignBuilder.setPolicyParameters({53      url,54      dateLessThan,55      dateGreaterThan,56      ipAddress57    });58  }59  let baseUrl;60  if (url) {61    baseUrl = url;62  } else if (policy) {63    const resources = getPolicyResources(policy);64    if (!resources[0]) {65      throw new Error(66        "@aws-sdk/cloudfront-signer: No URL provided and unable to determine URL from first policy statement resource."67      );68    }69    baseUrl = resources[0].replace("*://", "https://");70  }71  const startFlag = baseUrl.includes("?") ? "&" : "?";72  const params = Object.entries(cloudfrontSignBuilder.createCloudfrontAttribute()).filter(([, value]) => value !== void 0).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");73  const urlString = baseUrl + startFlag + params;74  return getResource(urlString);75}76__name(getSignedUrl, "getSignedUrl");77function getSignedCookies({78  ipAddress,79  url,80  privateKey,81  keyPairId,82  dateLessThan,83  dateGreaterThan,84  policy,85  passphrase86}) {87  const cloudfrontSignBuilder = new CloudfrontSignBuilder({88    keyPairId,89    privateKey,90    passphrase91  });92  if (policy) {93    cloudfrontSignBuilder.setCustomPolicy(policy);94  } else {95    cloudfrontSignBuilder.setPolicyParameters({96      url,97      dateLessThan,98      dateGreaterThan,99      ipAddress100    });101  }102  const cloudfrontCookieAttributes = cloudfrontSignBuilder.createCloudfrontAttribute();103  const cookies = {104    "CloudFront-Key-Pair-Id": cloudfrontCookieAttributes["Key-Pair-Id"],105    "CloudFront-Signature": cloudfrontCookieAttributes["Signature"]106  };107  if (cloudfrontCookieAttributes["Expires"]) {108    cookies["CloudFront-Expires"] = cloudfrontCookieAttributes["Expires"];109  }110  if (cloudfrontCookieAttributes["Policy"]) {111    cookies["CloudFront-Policy"] = cloudfrontCookieAttributes["Policy"];112  }113  return cookies;114}115__name(getSignedCookies, "getSignedCookies");116function getPolicyResources(policy) {117  const parsedPolicy = typeof policy === "string" ? JSON.parse(policy) : policy;118  return (parsedPolicy?.Statement ?? []).map((s) => s.Resource);119}120__name(getPolicyResources, "getPolicyResources");121function getResource(urlString) {122  const protocol = urlString.slice(0, urlString.indexOf("//"));123  switch (protocol) {124    case "http:":125    case "https:":126    case "ws:":127    case "wss:":128      return urlString;129    case "rtmp:":130      const url = new URL(urlString);131      const origin = `${protocol}//${url.hostname}`;132      return urlString.substring(origin.length).replace(/(?::\d+)?\//, "");133    default:134      throw new Error("Invalid URI scheme. Scheme must be one of http, https, or rtmp");135  }136}137__name(getResource, "getResource");138var CloudfrontSignBuilder = class {139  static {140    __name(this, "CloudfrontSignBuilder");141  }142  keyPairId;143  privateKey;144  passphrase;145  policy;146  customPolicy = false;147  dateLessThan;148  constructor({ privateKey, keyPairId, passphrase }) {149    this.keyPairId = keyPairId;150    this.privateKey = privateKey;151    this.policy = "";152    this.passphrase = passphrase;153  }154  buildPolicy(args) {155    const policy = {156      Statement: [157        {158          Resource: args.resource,159          Condition: {160            DateLessThan: {161              "AWS:EpochTime": args.dateLessThan162            }163          }164        }165      ]166    };167    if (args.dateGreaterThan) {168      policy.Statement[0].Condition["DateGreaterThan"] = {169        "AWS:EpochTime": args.dateGreaterThan170      };171    }172    if (args.ipAddress) {173      const cidr = this.parseCIDR(args.ipAddress);174      policy.Statement[0].Condition["IpAddress"] = {175        "AWS:SourceIp": cidr176      };177    }178    return policy;179  }180  normalizeBase64(str) {181    const replacements = {182      "+": "-",183      "=": "_",184      "/": "~"185    };186    return str.replace(/[+=/]/g, function(match) {187      return replacements[match];188    });189  }190  encodeToBase64(str) {191    return this.normalizeBase64(Buffer.from(str).toString("base64"));192  }193  validateIP(ipStr) {194    const octets = ipStr.split(".");195    if (octets.length !== 4) {196      throw new Error(`IP does not contain four octets.`);197    }198    const isValid = octets.every((octet) => {199      const num = Number(octet);200      return Number.isInteger(num) && num >= 0 && num <= 255;201    });202    if (!isValid) {203      throw new Error("invalid IP octets");204    }205  }206  validateMask(maskStr) {207    const mask = Number(maskStr);208    const isValid = Number.isInteger(mask) && mask >= 0 && mask <= 32;209    if (!isValid) {210      throw new Error("invalid mask");211    }212  }213  parseCIDR(cidrStr) {214    try {215      const cidrParts = cidrStr.split("/");216      if (cidrParts.some((part) => part.length === 0)) {217        throw new Error("missing ip or mask part of CIDR");218      }219      this.validateIP(cidrParts[0]);220      let mask = "32";221      if (cidrParts.length === 2) {222        this.validateMask(cidrParts[1]);223        mask = cidrParts[1];224      }225      return `${cidrParts[0]}/${mask}`;226    } catch (error) {227      const errMessage = `IP address "${cidrStr}" is invalid`;228      if (error instanceof Error) {229        throw new Error(`${errMessage} due to ${error.message}.`);230      } else {231        throw new Error(`${errMessage}.`);232      }233    }234  }235  epochTime(date) {236    return Math.round(date.getTime() / 1e3);237  }238  parseDate(date) {239    if (!date) {240      return void 0;241    }242    const parsedDate = new Date(date);243    return isNaN(parsedDate.getTime()) ? void 0 : this.epochTime(parsedDate);244  }245  parseDateWindow(expiration, start) {246    const dateLessThan = this.parseDate(expiration);247    if (!dateLessThan) {248      throw new Error("dateLessThan is invalid. Ensure the date value is compatible with the Date constructor.");249    }250    return {251      dateLessThan,252      dateGreaterThan: this.parseDate(start)253    };254  }255  signData(data, privateKey, passphrase) {256    const sign = (0, import_crypto.createSign)("RSA-SHA1");257    sign.update(data);258    return sign.sign({ key: privateKey, passphrase }, "base64");259  }260  signPolicy(policy, privateKey, passphrase) {261    return this.normalizeBase64(this.signData(policy, privateKey, passphrase));262  }263  setCustomPolicy(policy) {264    this.customPolicy = true;265    this.policy = policy;266  }267  setPolicyParameters({268    url,269    dateLessThan,270    dateGreaterThan,271    ipAddress272  }) {273    if (!url || !dateLessThan) {274      return false;275    }276    const resource = getResource(url);277    const parsedDates = this.parseDateWindow(dateLessThan, dateGreaterThan);278    this.dateLessThan = parsedDates.dateLessThan;279    this.customPolicy = Boolean(parsedDates.dateGreaterThan) || Boolean(ipAddress);280    this.policy = JSON.stringify(281      this.buildPolicy({282        resource,283        ipAddress,284        dateLessThan: parsedDates.dateLessThan,285        dateGreaterThan: parsedDates.dateGreaterThan286      })287    );288  }289  createCloudfrontAttribute() {290    if (!Boolean(this.policy)) {291      throw new Error("Invalid policy");292    }293    const signature = this.signPolicy(this.policy, this.privateKey, this.passphrase);294    return {295      Expires: this.customPolicy ? void 0 : this.dateLessThan,296      Policy: this.customPolicy ? this.encodeToBase64(this.policy) : void 0,297      "Key-Pair-Id": this.keyPairId,298      Signature: signature299    };300  }301};302// Annotate the CommonJS export names for ESM import in node:303 3040 && (module.exports = {305  getSignedUrl,306  getSignedCookies307});308 309