File Explorer

/var/runtime/node_modules/@aws-sdk/core/dist-cjs/submodules/httpAuthSchemes
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
0 dirs
1 file
index.js13.2 KB
index.js13.2 KB · 308 lines
1'use strict';2 3var protocols = require('@smithy/core/protocols');4var core = require('@smithy/core');5var config = require('@smithy/core/config');6var client = require('@aws-sdk/core/client');7var signatureV4 = require('@smithy/signature-v4');8 9const getDateHeader = (response) => protocols.HttpResponse.isInstance(response) ? response.headers?.date ?? response.headers?.Date : undefined;10 11const getSkewCorrectedDate = (systemClockOffset) => new Date(Date.now() + systemClockOffset);12 13const isClockSkewed = (clockTime, systemClockOffset) => Math.abs(getSkewCorrectedDate(systemClockOffset).getTime() - clockTime) >= 300000;14 15const getUpdatedSystemClockOffset = (clockTime, currentSystemClockOffset) => {16    const clockTimeInMs = Date.parse(clockTime);17    if (isClockSkewed(clockTimeInMs, currentSystemClockOffset)) {18        return clockTimeInMs - Date.now();19    }20    return currentSystemClockOffset;21};22 23const throwSigningPropertyError = (name, property) => {24    if (!property) {25        throw new Error(`Property \`${name}\` is not resolved for AWS SDK SigV4Auth`);26    }27    return property;28};29const validateSigningProperties = async (signingProperties) => {30    const context = throwSigningPropertyError("context", signingProperties.context);31    const config = throwSigningPropertyError("config", signingProperties.config);32    const authScheme = context.endpointV2?.properties?.authSchemes?.[0];33    const signerFunction = throwSigningPropertyError("signer", config.signer);34    const signer = await signerFunction(authScheme);35    const signingRegion = signingProperties?.signingRegion;36    const signingRegionSet = signingProperties?.signingRegionSet;37    const signingName = signingProperties?.signingName;38    return {39        config,40        signer,41        signingRegion,42        signingRegionSet,43        signingName,44    };45};46class AwsSdkSigV4Signer {47    async sign(httpRequest, identity, signingProperties) {48        if (!protocols.HttpRequest.isInstance(httpRequest)) {49            throw new Error("The request is not an instance of `HttpRequest` and cannot be signed");50        }51        const validatedProps = await validateSigningProperties(signingProperties);52        const { config, signer } = validatedProps;53        let { signingRegion, signingName } = validatedProps;54        const handlerExecutionContext = signingProperties.context;55        if (handlerExecutionContext?.authSchemes?.length ?? 0 > 1) {56            const [first, second] = handlerExecutionContext.authSchemes;57            if (first?.name === "sigv4a" && second?.name === "sigv4") {58                signingRegion = second?.signingRegion ?? signingRegion;59                signingName = second?.signingName ?? signingName;60            }61        }62        const signedRequest = await signer.sign(httpRequest, {63            signingDate: getSkewCorrectedDate(config.systemClockOffset),64            signingRegion: signingRegion,65            signingService: signingName,66        });67        return signedRequest;68    }69    errorHandler(signingProperties) {70        return (error) => {71            const serverTime = error.ServerTime ?? getDateHeader(error.$response);72            if (serverTime) {73                const config = throwSigningPropertyError("config", signingProperties.config);74                const initialSystemClockOffset = config.systemClockOffset;75                config.systemClockOffset = getUpdatedSystemClockOffset(serverTime, config.systemClockOffset);76                const clockSkewCorrected = config.systemClockOffset !== initialSystemClockOffset;77                if (clockSkewCorrected && error.$metadata) {78                    error.$metadata.clockSkewCorrected = true;79                }80            }81            throw error;82        };83    }84    successHandler(httpResponse, signingProperties) {85        const dateHeader = getDateHeader(httpResponse);86        if (dateHeader) {87            const config = throwSigningPropertyError("config", signingProperties.config);88            config.systemClockOffset = getUpdatedSystemClockOffset(dateHeader, config.systemClockOffset);89        }90    }91}92const AWSSDKSigV4Signer = AwsSdkSigV4Signer;93 94class AwsSdkSigV4ASigner extends AwsSdkSigV4Signer {95    async sign(httpRequest, identity, signingProperties) {96        if (!protocols.HttpRequest.isInstance(httpRequest)) {97            throw new Error("The request is not an instance of `HttpRequest` and cannot be signed");98        }99        const { config, signer, signingRegion, signingRegionSet, signingName } = await validateSigningProperties(signingProperties);100        const configResolvedSigningRegionSet = await config.sigv4aSigningRegionSet?.();101        const multiRegionOverride = (configResolvedSigningRegionSet ??102            signingRegionSet ?? [signingRegion]).join(",");103        const signedRequest = await signer.sign(httpRequest, {104            signingDate: getSkewCorrectedDate(config.systemClockOffset),105            signingRegion: multiRegionOverride,106            signingService: signingName,107        });108        return signedRequest;109    }110}111 112const getArrayForCommaSeparatedString = (str) => typeof str === "string" && str.length > 0 ? str.split(",").map((item) => item.trim()) : [];113 114const getBearerTokenEnvKey = (signingName) => `AWS_BEARER_TOKEN_${signingName.replace(/[\s-]/g, "_").toUpperCase()}`;115 116const NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY = "AWS_AUTH_SCHEME_PREFERENCE";117const NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY = "auth_scheme_preference";118const NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = {119    environmentVariableSelector: (env, options) => {120        if (options?.signingName) {121            const bearerTokenKey = getBearerTokenEnvKey(options.signingName);122            if (bearerTokenKey in env)123                return ["httpBearerAuth"];124        }125        if (!(NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY in env))126            return undefined;127        return getArrayForCommaSeparatedString(env[NODE_AUTH_SCHEME_PREFERENCE_ENV_KEY]);128    },129    configFileSelector: (profile) => {130        if (!(NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY in profile))131            return undefined;132        return getArrayForCommaSeparatedString(profile[NODE_AUTH_SCHEME_PREFERENCE_CONFIG_KEY]);133    },134    default: [],135};136 137const resolveAwsSdkSigV4AConfig = (config) => {138    config.sigv4aSigningRegionSet = core.normalizeProvider(config.sigv4aSigningRegionSet);139    return config;140};141const NODE_SIGV4A_CONFIG_OPTIONS = {142    environmentVariableSelector(env) {143        if (env.AWS_SIGV4A_SIGNING_REGION_SET) {144            return env.AWS_SIGV4A_SIGNING_REGION_SET.split(",").map((_) => _.trim());145        }146        throw new config.ProviderError("AWS_SIGV4A_SIGNING_REGION_SET not set in env.", {147            tryNextLink: true,148        });149    },150    configFileSelector(profile) {151        if (profile.sigv4a_signing_region_set) {152            return (profile.sigv4a_signing_region_set ?? "").split(",").map((_) => _.trim());153        }154        throw new config.ProviderError("sigv4a_signing_region_set not set in profile.", {155            tryNextLink: true,156        });157    },158    default: undefined,159};160 161const resolveAwsSdkSigV4Config = (config) => {162    let inputCredentials = config.credentials;163    let isUserSupplied = !!config.credentials;164    let resolvedCredentials = undefined;165    Object.defineProperty(config, "credentials", {166        set(credentials) {167            if (credentials && credentials !== inputCredentials && credentials !== resolvedCredentials) {168                isUserSupplied = true;169            }170            inputCredentials = credentials;171            const memoizedProvider = normalizeCredentialProvider(config, {172                credentials: inputCredentials,173                credentialDefaultProvider: config.credentialDefaultProvider,174            });175            const boundProvider = bindCallerConfig(config, memoizedProvider);176            if (isUserSupplied && !boundProvider.attributed) {177                const isCredentialObject = typeof inputCredentials === "object" && inputCredentials !== null;178                resolvedCredentials = async (options) => {179                    const creds = await boundProvider(options);180                    const attributedCreds = creds;181                    if (isCredentialObject && (!attributedCreds.$source || Object.keys(attributedCreds.$source).length === 0)) {182                        return client.setCredentialFeature(attributedCreds, "CREDENTIALS_CODE", "e");183                    }184                    return attributedCreds;185                };186                resolvedCredentials.memoized = boundProvider.memoized;187                resolvedCredentials.configBound = boundProvider.configBound;188                resolvedCredentials.attributed = true;189            }190            else {191                resolvedCredentials = boundProvider;192            }193        },194        get() {195            return resolvedCredentials;196        },197        enumerable: true,198        configurable: true,199    });200    config.credentials = inputCredentials;201    const { signingEscapePath = true, systemClockOffset = config.systemClockOffset || 0, sha256, } = config;202    let signer;203    if (config.signer) {204        signer = core.normalizeProvider(config.signer);205    }206    else if (config.regionInfoProvider) {207        signer = () => core.normalizeProvider(config.region)()208            .then(async (region) => [209            (await config.regionInfoProvider(region, {210                useFipsEndpoint: await config.useFipsEndpoint(),211                useDualstackEndpoint: await config.useDualstackEndpoint(),212            })) || {},213            region,214        ])215            .then(([regionInfo, region]) => {216            const { signingRegion, signingService } = regionInfo;217            config.signingRegion = config.signingRegion || signingRegion || region;218            config.signingName = config.signingName || signingService || config.serviceId;219            const params = {220                ...config,221                credentials: config.credentials,222                region: config.signingRegion,223                service: config.signingName,224                sha256,225                uriEscapePath: signingEscapePath,226            };227            const SignerCtor = config.signerConstructor || signatureV4.SignatureV4;228            return new SignerCtor(params);229        });230    }231    else {232        signer = async (authScheme) => {233            authScheme = Object.assign({}, {234                name: "sigv4",235                signingName: config.signingName || config.defaultSigningName,236                signingRegion: await core.normalizeProvider(config.region)(),237                properties: {},238            }, authScheme);239            const signingRegion = authScheme.signingRegion;240            const signingService = authScheme.signingName;241            config.signingRegion = config.signingRegion || signingRegion;242            config.signingName = config.signingName || signingService || config.serviceId;243            const params = {244                ...config,245                credentials: config.credentials,246                region: config.signingRegion,247                service: config.signingName,248                sha256,249                uriEscapePath: signingEscapePath,250            };251            const SignerCtor = config.signerConstructor || signatureV4.SignatureV4;252            return new SignerCtor(params);253        };254    }255    const resolvedConfig = Object.assign(config, {256        systemClockOffset,257        signingEscapePath,258        signer,259    });260    return resolvedConfig;261};262const resolveAWSSDKSigV4Config = resolveAwsSdkSigV4Config;263function normalizeCredentialProvider(config, { credentials, credentialDefaultProvider, }) {264    let credentialsProvider;265    if (credentials) {266        if (!credentials?.memoized) {267            credentialsProvider = core.memoizeIdentityProvider(credentials, core.isIdentityExpired, core.doesIdentityRequireRefresh);268        }269        else {270            credentialsProvider = credentials;271        }272    }273    else {274        if (credentialDefaultProvider) {275            credentialsProvider = core.normalizeProvider(credentialDefaultProvider(Object.assign({}, config, {276                parentClientConfig: config,277            })));278        }279        else {280            credentialsProvider = async () => {281                throw new Error("@aws-sdk/core::resolveAwsSdkSigV4Config - `credentials` not provided and no credentialDefaultProvider was configured.");282            };283        }284    }285    credentialsProvider.memoized = true;286    return credentialsProvider;287}288function bindCallerConfig(config, credentialsProvider) {289    if (credentialsProvider.configBound) {290        return credentialsProvider;291    }292    const fn = async (options) => credentialsProvider({ ...options, callerClientConfig: config });293    fn.memoized = credentialsProvider.memoized;294    fn.configBound = true;295    return fn;296}297 298exports.AWSSDKSigV4Signer = AWSSDKSigV4Signer;299exports.AwsSdkSigV4ASigner = AwsSdkSigV4ASigner;300exports.AwsSdkSigV4Signer = AwsSdkSigV4Signer;301exports.NODE_AUTH_SCHEME_PREFERENCE_OPTIONS = NODE_AUTH_SCHEME_PREFERENCE_OPTIONS;302exports.NODE_SIGV4A_CONFIG_OPTIONS = NODE_SIGV4A_CONFIG_OPTIONS;303exports.getBearerTokenEnvKey = getBearerTokenEnvKey;304exports.resolveAWSSDKSigV4Config = resolveAWSSDKSigV4Config;305exports.resolveAwsSdkSigV4AConfig = resolveAwsSdkSigV4AConfig;306exports.resolveAwsSdkSigV4Config = resolveAwsSdkSigV4Config;307exports.validateSigningProperties = validateSigningProperties;308