New Upstream Release - node-aws4

Ready changes

Summary

Merged new upstream version: 1.12.0 (was: 1.11.0).

Resulting package

Built on 2023-02-08T02:50 (took 2m6s)

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-releases node-aws4

Lintian Result

Diff

diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 0000000..b7fdd97
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: mhart
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c4b05fe
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+node_modules
+coverage*
+browser/bundle.js
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..178bf31
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,9 @@
+language: node_js
+node_js:
+  - "0.10"
+  - "0.12"
+  - "4"
+  - "6"
+  - "8"
+  - "10"
+  - "12"
diff --git a/README.md b/README.md
index 7202e45..4e9e66f 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ aws4
 A small utility to sign vanilla Node.js http(s) request options using Amazon's
 [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
 
-If you want to sign and send AWS requests in a modern browser, or an environment like [Cloudflare Workers](https://developers.cloudflare.com/workers/), then check out [aws4fetch](https://github.com/mhart/aws4fetch) – otherwise you can also bundle this library for use [in older browsers](./browser).
+If you want to sign and send AWS requests in a browser, or an environment like [Cloudflare Workers](https://developers.cloudflare.com/workers/), then check out [aws4fetch](https://github.com/mhart/aws4fetch) – otherwise you can also bundle this library for use [in older browsers](./browser).
 
 The only AWS service that *doesn't* support v4 as of 2020-05-22 is
 [SimpleDB](https://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/SDB_API.html)
@@ -94,6 +94,34 @@ request(aws4.sign({
 ...
 */
 
+// you can also specify extra headers to ignore during signing
+request(aws4.sign({
+  host: '07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com',
+  method: 'PUT',
+  path: '/my-index',
+  body: '{"mappings":{}}',
+  headers: {
+    'Content-Type': 'application/json',
+    'X-Amz-Content-Sha256': 'UNSIGNED-PAYLOAD'
+  },
+  extraHeadersToIgnore: {
+    'content-length': true
+  }
+}))
+
+// and headers to include that would normally be ignored
+request(aws4.sign({
+  service: 'mycustomservice',
+  path: '/whatever',
+  headers: {
+    'Range': 'bytes=200-1000, 2000-6576, 19000-'
+  },
+  extraHeadersToInclude: {
+    'range': true
+  }
+}))
+
+
 // The raw RequestSigner can be used to generate CodeCommit Git passwords
 var signer = new aws4.RequestSigner({
   service: 'codecommit',
@@ -128,6 +156,8 @@ populated if they don't already exist:
 - `service` (will try to be calculated from `hostname` or `host` if not given)
 - `region` (will try to be calculated from `hostname` or `host` or use `'us-east-1'` if not given)
 - `signQuery` (to sign the query instead of adding an `Authorization` header, defaults to false)
+- `extraHeadersToIgnore` (an object with lowercase header keys to ignore when signing, eg `{ 'content-length': true }`)
+- `extraHeadersToInclude` (an object with lowercase header keys to include when signing, overriding any ignores)
 - `headers['Host']` (will use `hostname` or `host` or be calculated if not given)
 - `headers['Content-Type']` (will use `'application/x-www-form-urlencoded; charset=utf-8'`
   if not given and there is a `body`)
diff --git a/aws4.js b/aws4.js
index b99b319..b0cfb7c 100644
--- a/aws4.js
+++ b/aws4.js
@@ -72,6 +72,9 @@ function RequestSigner(request, credentials) {
     request.hostname = headers.Host || headers.host
 
   this.isCodeCommitGit = this.service === 'codecommit' && request.method === 'GIT'
+
+  this.extraHeadersToIgnore = request.extraHeadersToIgnore || Object.create(null)
+  this.extraHeadersToInclude = request.extraHeadersToInclude || Object.create(null)
 }
 
 RequestSigner.prototype.matchHost = function(host) {
@@ -81,7 +84,7 @@ RequestSigner.prototype.matchHost = function(host) {
   // ES's hostParts are sometimes the other way round, if the value that is expected
   // to be region equals ‘es’ switch them back
   // e.g. search-cluster-name-aaaa00aaaa0aaa0aaaaaaa0aaa.us-east-1.es.amazonaws.com
-  if (hostParts[1] === 'es')
+  if (hostParts[1] === 'es' || hostParts[1] === 'aoss')
     hostParts = hostParts.reverse()
 
   if (hostParts[1] == 's3') {
@@ -305,9 +308,14 @@ RequestSigner.prototype.canonicalHeaders = function() {
 }
 
 RequestSigner.prototype.signedHeaders = function() {
+  var extraHeadersToInclude = this.extraHeadersToInclude,
+      extraHeadersToIgnore = this.extraHeadersToIgnore
   return Object.keys(this.request.headers)
     .map(function(key) { return key.toLowerCase() })
-    .filter(function(key) { return HEADERS_TO_IGNORE[key] == null })
+    .filter(function(key) {
+      return extraHeadersToInclude[key] ||
+        (HEADERS_TO_IGNORE[key] == null && !extraHeadersToIgnore[key])
+    })
     .sort()
     .join(';')
 }
diff --git a/debian/changelog b/debian/changelog
index f6b7ab0..9a904a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+node-aws4 (1.12.0-1) UNRELEASED; urgency=low
+
+  * New upstream release.
+
+ -- Debian Janitor <janitor@jelmer.uk>  Wed, 08 Feb 2023 02:48:24 -0000
+
 node-aws4 (1.11.0-2) unstable; urgency=medium
 
   * Team upload
diff --git a/package.json b/package.json
index 424598d..534b31d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "aws4",
-  "version": "1.11.0",
+  "version": "1.12.0",
   "description": "Signs and prepares requests using AWS Signature Version 4",
   "author": "Michael Hart <michael.hart.au@gmail.com> (https://github.com/mhart)",
   "license": "MIT",
diff --git a/test/fast.js b/test/fast.js
index f4d889b..171c115 100644
--- a/test/fast.js
+++ b/test/fast.js
@@ -367,6 +367,49 @@ describe('aws4', function() {
     })
   })
 
+  describe('#sign() with extraHeadersToIgnore', function() {
+    it('should generate signature correctly', function() {
+      var opts = aws4.sign({
+        host: '07tjusf2h91cunochc.us-east-1.aoss.amazonaws.com',
+        method: 'PUT',
+        path: '/my-index',
+        body: '{"mappings":{}}',
+        headers: {
+          Date: date,
+          'Content-Type': 'application/json',
+          'X-Amz-Content-Sha256': 'UNSIGNED-PAYLOAD',
+        },
+        extraHeadersToIgnore: {
+          'content-length': true
+        },
+      })
+      opts.headers.Authorization.should.equal(
+        'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/aoss/aws4_request, ' +
+        'SignedHeaders=content-type;date;host;x-amz-content-sha256;x-amz-date, ' +
+        'Signature=ade8635c05bfa4961bc28be0b0a0fbfd3d64e79feb1862f822ee6a4517417bcd')
+    })
+  })
+
+  describe('#sign() with extraHeadersToInclude', function() {
+    it('should generate signature correctly', function() {
+      var opts = aws4.sign({
+        service: 'someservice',
+        path: '/whatever',
+        headers: {
+          Date: date,
+          'Range': 'bytes=200-1000, 2000-6576, 19000-',
+        },
+        extraHeadersToInclude: {
+          'range': true
+        },
+      })
+      opts.headers.Authorization.should.equal(
+        'AWS4-HMAC-SHA256 Credential=ABCDEF/20121226/us-east-1/someservice/aws4_request, ' +
+        'SignedHeaders=date;host;range;x-amz-date, ' +
+        'Signature=8f3eba7a5743091daae62d00ce1c911c018d48f72dbdf180b15abe701718317a')
+    })
+  })
+
   describe('#signature() with CodeCommit Git access', function() {
     it('should generate signature correctly', function() {
       var signer = new RequestSigner({

Debdiff

File lists identical (after any substitutions)

No differences were encountered in the control files

More details

Full run details