Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@classuper/aws-cloudfront-sign

Package Overview
Dependencies
Maintainers
2
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@classuper/aws-cloudfront-sign

Utility module for signing AWS CloudFront URLs

latest
Source
npmnpm
Version
2.2.2
Version published
Maintainers
2
Created
Source

AWS CloudFront URL Signature Utility

Build Status npm version

Generating signed URLs for CloudFront links is a little more tricky than for S3. It's because signature generation for S3 URLs is handled a bit differently than CloudFront URLs and this functionality is not currently supported by the aws-sdk library for JavaScript. In case you also need to do this, I've created this simple utility to make things easier.

Usage

Requirements

  • Node.js >=0.10.0
  • Active CloudFront distribution with origin configured

Configuring CloudFront

  • Create a CloudFront distribution

  • Configure your origin with the following settings:

    Origin Domain Name: {your-s3-bucket}
    Restrict Bucket Access: Yes
    Grant Read Permissions on Bucket: Yes, Update Bucket Policy

  • Create CloudFront Key Pair. more info

Installing

npm install aws-cloudfront-sign

Upgrading from 1.x to 2.x

  • expireTime now takes it's value as milliseconds, Date, or moment instead of seconds.

API

getSignedUrl(url, options)

  • @param {String} url - Cloudfront URL to sign
  • @param {Object} options - URL signature options
  • @return {String} signedUrl - Signed CloudFrontUrl

getSignedRTMPUrl(domainName, s3key, options)

  • @param {String} domainName - Domain name of your Cloudfront distribution
  • @param {String} s3key - Path to s3 object
  • @param {Object} options - URL signature options
  • @return {Object} url.rtmpServerPath - RTMP formatted server path
  • @return {Object} url.rtmpStreamName - Signed RTMP formatted stream name

getSignedCookies(url, options)

  • @param {String} url - Cloudfront URL to sign
  • @param {Object} options - URL signature options
  • @return {Object} cookies - Signed AWS cookies

Options

  • expireTime (Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are

    • number - Time in milliseconds (new Date().getTime() + 1800000)
    • moment - Valid momentjs object (moment().add(1, 'day'))
    • Date - Javascript Date object (new Date(2016, 0, 1))

  • ipRange (Optional) - IP address range allowed to make GET requests for your signed URL. This value must be given in standard IPv4 CIDR format (for example, 10.52.176.0/24).

  • keypairId - The access key ID from your Cloudfront keypair

  • privateKeyString || privateKeyPath - The private key from your Cloudfront keypair. It can be provided as either a string or a path to the .pem file. Note: When providing the private key as a string, ensure that the newline character is also included.

    var privateKeyString =
  '-----BEGIN RSA PRIVATE KEY-----\n'
  'MIIJKAIBAAKCAgEAwGPMqEvxPYQIffDimM9t3A7Z4aBFAUvLiITzmHRc4UPwryJp\n'
  'EVi3C0sQQKBHlq2IOwrmqNiAk31/uh4FnrRR1mtQm4x4IID58cFAhKkKI/09+j1h\n'
  'tuf/gLRcOgAXH9o3J5zWjs/y8eWTKtdWv6hWRxuuVwugciNckxwZVV0KewO02wJz\n'
  'jBfDw9B5ghxKP95t7/B2AgRUMj+r47zErFwo3OKW0egDUpV+eoNSBylXPXXYKvsL\n'
  'AlznRi9xNafFGy9tmh70pwlGG5mVHswD/96eUSuLOZ2srcNvd1UVmjtHL7P9/z4B\n'
  'KdODlpb5Vx+54+Fa19vpgXEtHgfAgGW9DjlZMtl4wYTqyGAoa+SLuehjAQsxT8M1\n'
  'BXqfMJwE7D9XHjxkqCvd93UGgP+Yxe6H+HczJeA05dFLzC87qdM45R5c74k=\n'
  '-----END RSA PRIVATE KEY-----'

    Also, here are some examples if prefer to store your private key as a string but within an environment variable.

    # Local env example
CF_PRIVATE_KEY="$(cat your-private-key.pem)"

# Heroku env
heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"

Examples

Creating a signed URL

By default the URL will expire after half an hour.

var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);

Creating a signed RTMP URL

var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedRTMPUrlObj = cf.getSignedRTMPUrl('xxxxxxx.cloudfront.net', '/path/to/s3/object', options);
console.log('RTMP Server Path: ' + signedRTMPUrlObj.rtmpServerPath);
console.log('Signed Stream Name: ' + signedRTMPUrlObj.rtmpStreamName);

Creating signed cookies

var cf = require('aws-cloudfront-sign')
var options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
var signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);

// You can now set cookies in your response header. For example:
for(var cookieId in signedCookies) {
 res.cookie(cookieId, signedCookies[cookieId]);
}

Keywords

aws
CloudFront
signed URL

FAQs

Package last updated on 20 Oct 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

Research

/

Security News

Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.

By Kirill Boychenko  -  Jan 12, 2026