New Upstream Release - node-aws4
Ready changes
Summary
Merged new upstream version: 1.12.0 (was: 1.11.0).
Resulting package
Built on 2023-02-08T02:50 (took 2m6s)
The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:
apt install -t fresh-releases node-aws4
Lintian Result
Diff
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 0000000..b7fdd97
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: mhart
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c4b05fe
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+node_modules
+coverage*
+browser/bundle.js
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..178bf31
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,9 @@
+language: node_js
+node_js:
+ - "0.10"
+ - "0.12"
+ - "4"
+ - "6"
+ - "8"
+ - "10"
+ - "12"
diff --git a/README.md b/README.md
index 7202e45..4e9e66f 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ aws4
A small utility to sign vanilla Node.js http(s) request options using Amazon's
[AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
-If you want to sign and send AWS requests in a modern browser, or an environment like [Cloudflare Workers](https://developers.cloudflare.com/workers/), then check out [aws4fetch](https://github.com/mhart/aws4fetch) – otherwise you can also bundle this library for use [in older browsers](./browser).
+If you want to sign and send AWS requests in a browser, or an environment like [Cloudflare Workers](https://developers.cloudflare.com/workers/), then check out [aws4fetch](https://github.com/mhart/aws4fetch) – otherwise you can also bundle this library for use [in older browsers](./browser).
The only AWS service that *doesn't* support v4 as of 2020-05-22 is
[SimpleDB](https://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/SDB_API.html)
@@ -94,6 +94,34 @@ request(aws4.sign({
...
*/
+// you can also specify extra headers to ignore during signing
+request(aws4.sign({
+ host: '07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com',
+ method: 'PUT',
+ path: '/my-index',
+ body: '{"mappings":{}}',
+ headers: {
+ 'Content-Type': 'application/json',
+ 'X-Amz-Content-Sha256': 'UNSIGNED-PAYLOAD'
+ },
+ extraHeadersToIgnore: {
+ 'content-length': true
+ }
+}))
+
+// and headers to include that would normally be ignored
+request(aws4.sign({
+ service: 'mycustomservice',
+ path: '/whatever',
+ headers: {
+ 'Range': 'bytes=200-1000, 2000-6576, 19000-'
+ },
+ extraHeadersToInclude: {
+ 'range': true
+ }
+}))
+
+
// The raw RequestSigner can be used to generate CodeCommit Git passwords
var signer = new aws4.RequestSigner({
service: 'codecommit',
@@ -128,6 +156,8 @@ populated if they don't already exist:
- `service` (will try to be calculated from `hostname` or `host` if not given)
- `region` (will try to be calculated from `hostname` or `host` or use `'us-east-1'` if not given)
- `signQuery` (to sign the query instead of adding an `Authorization` header, defaults to false)
+- `extraHeadersToIgnore` (an object with lowercase header keys to ignore when signing, eg `{ 'content-length': true }`)
+- `extraHeadersToInclude` (an object with lowercase header keys to include when signing, overriding any ignores)
- `headers['Host']` (will use `hostname` or `host` or be calculated if not given)
- `headers['Content-Type']` (will use `'application/x-www-form-urlencoded; charset=utf-8'`
if not given and there is a `body`)
diff --git a/aws4.js b/aws4.js
index b99b319..b0cfb7c 100644
--- a/aws4.js
+++ b/aws4.js
@@ -72,6 +72,9 @@ function RequestSigner(request, credentials) {
request.hostname = headers.Host || headers.host
this.isCodeCommitGit = this.service === 'codecommit' && request.method === 'GIT'
+
+ this.extraHeadersToIgnore = request.extraHeadersToIgnore || Object.create(null)
+ this.extraHeadersToInclude = request.extraHeadersToInclude || Object.create(null)
}
RequestSigner.prototype.matchHost = function(host) {
@@ -81,7 +84,7 @@ RequestSigner.prototype.matchHost = function(host) {
// ES's hostParts are sometimes the other way round, if the value that is expected
// to be region equals ‘es’ switch them back
// e.g. search-cluster-name-aaaa00aaaa0aaa0aaaaaaa0aaa.us-east-1.es.amazonaws.com
- if (hostParts[1] === 'es')
+ if (hostParts[1] === 'es' || hostParts[1] === 'aoss')
hostParts = hostParts.reverse()
if (hostParts[1] == 's3') {
@@ -305,9 +308,14 @@ RequestSigner.prototype.canonicalHeaders = function() {
}
RequestSigner.prototype.signedHeaders = function() {
+ var extraHeadersToInclude = this.extraHeadersToInclude,
+ extraHeadersToIgnore = this.extraHeadersToIgnore
return Object.keys(this.request.headers)
.map(function(key) { return key.toLowerCase() })
- .filter(function(key) { return HEADERS_TO_IGNORE[key] == null })
+ .filter(function(key) {
+ return extraHeadersToInclude[key] ||
+ (HEADERS_TO_IGNORE[key] == null && !extraHeadersToIgnore[key])
+ })
.sort()
.join(';')
}
diff --git a/debian/changelog b/debian/changelog
index f6b7ab0..9a904a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-aws4 (1.12.0-1) UNRELEASED; urgency=low
+
+ * New upstream release.
+
+ -- Debian Janitor <janitor@jelmer.uk> Wed, 08 Feb 2023 02:48:24 -0000
+
node-aws4 (1.11.0-2) unstable; urgency=medium
* Team upload
diff --git a/package.json b/package.json
index 424598d..534b31d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "aws4",
- "version": "1.11.0",
+ "version": "1.12.0",
"description": "Signs and prepares requests using AWS Signature Version 4",
"author": "Michael Hart <michael.hart.au@gmail.com> (https://github.com/mhart)",
"license": "MIT",
diff --git a/test/fast.js b/test/fast.js
index f4d889b..171c115 100644
--- a/test/fast.js
+++ b/test/fast.js
@@ -367,6 +367,49 @@ describe('aws4', function() {
})
})
+ describe('#sign() with extraHeadersToIgnore', function() {
+ it('should generate signature correctly', function() {
+ var opts = aws4.sign({
+ host: '07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com',
+ method: 'PUT',
+ path: '/my-index',
+ body: '{"mappings":{}}',
+ headers: {
+ Date: date,
+ 'Content-Type': 'application/json',
+ 'X-Amz-Content-Sha256': 'UNSIGNED-PAYLOAD',
+ },
+ extraHeadersToIgnore: {
+ 'content-length': true
+ },
+ })
+ opts.headers.Authorization.should.equal(
+ 'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/aoss/aws4_request, ' +
+ 'SignedHeaders=content-type;date;host;x-amz-content-sha256;x-amz-date, ' +
+ 'Signature=ade8635c05bfa4961bc28be0b0a0fbfd3d64e79feb1862f822ee6a4517417bcd')
+ })
+ })
+
+ describe('#sign() with extraHeadersToInclude', function() {
+ it('should generate signature correctly', function() {
+ var opts = aws4.sign({
+ service: 'someservice',
+ path: '/whatever',
+ headers: {
+ Date: date,
+ 'Range': 'bytes=200-1000, 2000-6576, 19000-',
+ },
+ extraHeadersToInclude: {
+ 'range': true
+ },
+ })
+ opts.headers.Authorization.should.equal(
+ 'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/someservice/aws4_request, ' +
+ 'SignedHeaders=date;host;range;x-amz-date, ' +
+ 'Signature=8f3eba7a5743091daae62d00ce1c911c018d48f72dbdf180b15abe701718317a')
+ })
+ })
+
describe('#signature() with CodeCommit Git access', function() {
it('should generate signature correctly', function() {
var signer = new RequestSigner({
Debdiff
File lists identical (after any substitutions)
No differences were encountered in the control files