@culturehq/client - npm Package Compare versions

Comparing version 14.0.0 to 14.1.0

CHANGELOG.md

@@ -9,2 +9,8 @@ # Changelog
 
+## [14.1.0] - 2023-09-05
+
+### Added
+
+- Upload files to s3 bucket using the SDK because of the signature that AWS is asking
+
 ## [14.0.0] - 2023-09-05
@@ -11,0 +17,0 @@

dist/config.js

@@ -11,3 +11,5 @@ "use strict";
   signerURL: "https://fyzqa1okfe.execute-api.us-west-2.amazonaws.com/production/signature",
-  uploadBucket: "https://culturehq-direct-uploads.s3-us-west-2.amazonaws.com"
+  uploadBucket: "https://culturehq-direct-uploads.s3-us-west-2.amazonaws.com",
+  AWSAccessKey: undefined,
+  AWSSecretAccessKey: undefined
 };
@@ -14,0 +16,0 @@

dist/signUpload.js

@@ -8,8 +8,4 @@ "use strict";
 
-var _awsSdk = _interopRequireDefault(require("aws-sdk"));
+var _clientS = require("@aws-sdk/client-s3");
 
-var _fs = _interopRequireDefault(require("fs"));
-
-var _path = _interopRequireDefault(require("path"));
-
 var _config = _interopRequireDefault(require("./config"));
@@ -40,2 +36,4 @@
 var signUpload = function signUpload(file, onProgress) {
+  var folderPath = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : undefined;
+
   if (_config["default"].uploadBucket !== "https://culturehq-direct-uploads-eu.s3-eu-west-2.amazonaws.com") {
@@ -82,36 +80,26 @@ return new Promise(function (resolve, reject) {
 
-  _awsSdk["default"].config.loadFromPath("./aws-config.json");
+  var s3Client = new _clientS.S3Client({
+    region: "eu-west-2",
+    credentials: {
+      accessKeyId: _config["default"].AWSAccessKey,
+      secretAccessKey: _config["default"].AWSSecretAccessKey
+    }
+  }); // Construct the S3 object key
 
-  var s3 = new _awsSdk["default"].S3({
-    apiVersion: "2006-03-01"
-  }); // call S3 to retrieve upload file to specified bucket
+  var objectKey = folderPath ? "".concat(folderPath, "/").concat(file.name) : file.name; // Create a PutObjectCommand to upload the file to S3
 
   var uploadParams = {
-    Bucket: _config["default"].uploadBucket,
-    Key: "",
-    Body: ""
-  }; // Configure the file stream and obtain the upload parameters
-
-  var fileStream = _fs["default"].createReadStream(file);
-
-  fileStream.on("error", function (err) {
-    // eslint-disable-next-line no-console
-    console.log("File Error", err);
-  });
-  uploadParams.Body = fileStream;
-  uploadParams.Key = _path["default"].basename(file); // call S3 to retrieve upload file to specified bucket
-
+    Bucket: _config["default"].bucketName,
+    Key: objectKey,
+    Body: file
+  };
   return new Promise(function (resolve, reject) {
-    return s3.upload(uploadParams, function (err, data) {
-      if (err) {
-        // eslint-disable-next-line no-console
-        console.log("Error", err);
-        reject(err);
-      }
-
-      if (data) {
-        // eslint-disable-next-line no-console
-        console.log("Upload Success", data.Location);
-        resolve("".concat(_config["default"].uploadBucket, "/").concat(data.Location));
-      }
+    s3Client.send(new _clientS.PutObjectCommand(uploadParams)).then(function (response) {
+      // eslint-disable-next-line no-console
+      console.error("File uploaded", response);
+      resolve(response);
+    })["catch"](function (error) {
+      // eslint-disable-next-line no-console
+      console.error("File upload error:", error);
+      reject(error);
     });
@@ -118,0 +106,0 @@ });

package.json

 {
   "name": "@culturehq/client",
-  "version": "14.0.0",
+  "version": "14.1.0",
   "description": "A JavaScript client that wraps the CultureHQ API",
@@ -23,4 +23,4 @@ "main": "dist/client.js",
   "dependencies": {
-    "@rails/actioncable": "^7.0.0",
-    "aws-sdk": "^2.1451.0"
+    "@aws-sdk/client-s3": "^3.405.0",
+    "@rails/actioncable": "^7.0.0"
   },
@@ -27,0 +27,0 @@ "devDependencies": {

src/config.js

@@ -5,3 +5,5 @@ const config = {
   signerURL: "https://fyzqa1okfe.execute-api.us-west-2.amazonaws.com/production/signature",
-  uploadBucket: "https://culturehq-direct-uploads.s3-us-west-2.amazonaws.com"
+  uploadBucket: "https://culturehq-direct-uploads.s3-us-west-2.amazonaws.com",
+  AWSAccessKey: undefined,
+  AWSSecretAccessKey: undefined
 };
@@ -8,0 +10,0 @@

src/signUpload.js

@@ -1,4 +0,3 @@
-import AWS from "aws-sdk";
-import fs from "fs";
-import path from "path";
+import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
+
 import config from "./config";
@@ -24,3 +23,3 @@ import formData from "./formData";
 /* eslint-disable no-promise-executor-return */
-const signUpload = (file, onProgress) => {
+const signUpload = (file, onProgress, folderPath = undefined) => {
   if (config.uploadBucket !== "https://culturehq-direct-uploads-eu.s3-eu-west-2.amazonaws.com") {
@@ -67,32 +66,34 @@ return new Promise((resolve, reject) => (
 
-  AWS.config.loadFromPath("./aws-config.json");
-  const s3 = new AWS.S3({ apiVersion: "2006-03-01" });
-  // call S3 to retrieve upload file to specified bucket
-  const uploadParams = { Bucket: config.uploadBucket, Key: "", Body: "" };
-
-  // Configure the file stream and obtain the upload parameters
-  const fileStream = fs.createReadStream(file);
-  fileStream.on("error", err => {
-    // eslint-disable-next-line no-console
-    console.log("File Error", err);
+  const s3Client = new S3Client({
+    region: "eu-west-2",
+    credentials: {
+      accessKeyId: config.AWSAccessKey,
+      secretAccessKey: config.AWSSecretAccessKey
+    }
   });
-  uploadParams.Body = fileStream;
-  uploadParams.Key = path.basename(file);
 
-  // call S3 to retrieve upload file to specified bucket
-  return new Promise((resolve, reject) => (
-    s3.upload(uploadParams, (err, data) => {
-      if (err) {
+  // Construct the S3 object key
+  const objectKey = folderPath ? `${folderPath}/${file.name}` : file.name;
+
+  // Create a PutObjectCommand to upload the file to S3
+  const uploadParams = {
+    Bucket: config.bucketName,
+    Key: objectKey,
+    Body: file
+  };
+
+  return new Promise((resolve, reject) => {
+    s3Client.send(new PutObjectCommand(uploadParams))
+      .then(response => {
         // eslint-disable-next-line no-console
-        console.log("Error", err);
-        reject(err);
-      } if (data) {
+        console.error("File uploaded", response);
+        resolve(response);
+      }).catch(error => {
         // eslint-disable-next-line no-console
-        console.log("Upload Success", data.Location);
-        resolve(`${config.uploadBucket}/${data.Location}`);
-      }
-    })
-  ));
+        console.error("File upload error:", error);
+        reject(error);
+      });
+  });
 };
 
 export default signUpload;

Fixed alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

182715

decreased by-0.08%

Lines of code

2560

decreased by-0.16%

Dependency changes

• + Added@aws-sdk/client-s3@^3.405.0

• + Added@aws-crypto/crc32@5.2.0(transitive)

• + Added@aws-crypto/crc32c@5.2.0(transitive)

• + Added@aws-crypto/sha256-browser@5.2.0(transitive)

• + Added@aws-crypto/sha256-js@5.2.0(transitive)

• + Added@aws-crypto/supports-web-crypto@5.2.0(transitive)

• + Added@aws-crypto/util@5.2.0(transitive)

• + Added@aws-sdk/client-s3@3.740.0(transitive)

• + Added@aws-sdk/client-sso@3.734.0(transitive)

• + Added@aws-sdk/core@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-env@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-http@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-ini@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-node@3.738.0(transitive)

• + Added@aws-sdk/credential-provider-process@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-sso@3.734.0(transitive)

• + Added@aws-sdk/credential-provider-web-identity@3.734.0(transitive)

• + Added@aws-sdk/middleware-bucket-endpoint@3.734.0(transitive)

• + Added@aws-sdk/middleware-expect-continue@3.734.0(transitive)

• + Added@aws-sdk/middleware-flexible-checksums@3.735.0(transitive)

• + Added@aws-sdk/middleware-host-header@3.734.0(transitive)

• + Added@aws-sdk/middleware-location-constraint@3.734.0(transitive)

• + Added@aws-sdk/middleware-logger@3.734.0(transitive)

• + Added@aws-sdk/middleware-recursion-detection@3.734.0(transitive)

• + Added@aws-sdk/middleware-sdk-s3@3.740.0(transitive)

• + Added@aws-sdk/middleware-ssec@3.734.0(transitive)

• + Added@aws-sdk/middleware-user-agent@3.734.0(transitive)

• + Added@aws-sdk/nested-clients@3.734.0(transitive)

• + Added@aws-sdk/region-config-resolver@3.734.0(transitive)

• + Added@aws-sdk/signature-v4-multi-region@3.740.0(transitive)

• + Added@aws-sdk/token-providers@3.734.0(transitive)

• + Added@aws-sdk/types@3.734.0(transitive)

• + Added@aws-sdk/util-arn-parser@3.723.0(transitive)

• + Added@aws-sdk/util-endpoints@3.734.0(transitive)

• + Added@aws-sdk/util-locate-window@3.723.0(transitive)

• + Added@aws-sdk/util-user-agent-browser@3.734.0(transitive)

• + Added@aws-sdk/util-user-agent-node@3.734.0(transitive)

• + Added@aws-sdk/xml-builder@3.734.0(transitive)

• + Added@smithy/abort-controller@4.0.1(transitive)

• + Added@smithy/chunked-blob-reader@5.0.0(transitive)

• + Added@smithy/chunked-blob-reader-native@4.0.0(transitive)

• + Added@smithy/config-resolver@4.0.1(transitive)

• + Added@smithy/core@3.1.2(transitive)

• + Added@smithy/credential-provider-imds@4.0.1(transitive)

• + Added@smithy/eventstream-codec@4.0.1(transitive)

• + Added@smithy/eventstream-serde-browser@4.0.1(transitive)

• + Added@smithy/eventstream-serde-config-resolver@4.0.1(transitive)

• + Added@smithy/eventstream-serde-node@4.0.1(transitive)

• + Added@smithy/eventstream-serde-universal@4.0.1(transitive)

• + Added@smithy/fetch-http-handler@5.0.1(transitive)

• + Added@smithy/hash-blob-browser@4.0.1(transitive)

• + Added@smithy/hash-node@4.0.1(transitive)

• + Added@smithy/hash-stream-node@4.0.1(transitive)

• + Added@smithy/invalid-dependency@4.0.1(transitive)

• + Added@smithy/is-array-buffer@2.2.04.0.0(transitive)

• + Added@smithy/md5-js@4.0.1(transitive)

• + Added@smithy/middleware-content-length@4.0.1(transitive)

• + Added@smithy/middleware-endpoint@4.0.3(transitive)

• + Added@smithy/middleware-retry@4.0.4(transitive)

• + Added@smithy/middleware-serde@4.0.2(transitive)

• + Added@smithy/middleware-stack@4.0.1(transitive)

• + Added@smithy/node-config-provider@4.0.1(transitive)

• + Added@smithy/node-http-handler@4.0.2(transitive)

• + Added@smithy/property-provider@4.0.1(transitive)

• + Added@smithy/protocol-http@5.0.1(transitive)

• + Added@smithy/querystring-builder@4.0.1(transitive)

• + Added@smithy/querystring-parser@4.0.1(transitive)

• + Added@smithy/service-error-classification@4.0.1(transitive)

• + Added@smithy/shared-ini-file-loader@4.0.1(transitive)

• + Added@smithy/signature-v4@5.0.1(transitive)

• + Added@smithy/smithy-client@4.1.3(transitive)

• + Added@smithy/types@4.1.0(transitive)

• + Added@smithy/url-parser@4.0.1(transitive)

• + Added@smithy/util-base64@4.0.0(transitive)

• + Added@smithy/util-body-length-browser@4.0.0(transitive)

• + Added@smithy/util-body-length-node@4.0.0(transitive)

• + Added@smithy/util-buffer-from@2.2.04.0.0(transitive)

• + Added@smithy/util-config-provider@4.0.0(transitive)

• + Added@smithy/util-defaults-mode-browser@4.0.4(transitive)

• + Added@smithy/util-defaults-mode-node@4.0.4(transitive)

• + Added@smithy/util-endpoints@3.0.1(transitive)

• + Added@smithy/util-hex-encoding@4.0.0(transitive)

• + Added@smithy/util-middleware@4.0.1(transitive)

• + Added@smithy/util-retry@4.0.1(transitive)

• + Added@smithy/util-stream@4.0.2(transitive)

• + Added@smithy/util-uri-escape@4.0.0(transitive)

• + Added@smithy/util-utf8@2.3.04.0.0(transitive)

• + Added@smithy/util-waiter@4.0.2(transitive)

• + Addedbowser@2.11.0(transitive)

• + Addedfast-xml-parser@4.4.1(transitive)

• + Addedstrnum@1.0.5(transitive)

• + Addedtslib@2.8.1(transitive)

• + Addeduuid@9.0.1(transitive)

• - Removedaws-sdk@^2.1451.0

• - Removedavailable-typed-arrays@1.0.7(transitive)

• - Removedaws-sdk@2.1692.0(transitive)

• - Removedbase64-js@1.5.1(transitive)

• - Removedbuffer@4.9.2(transitive)

• - Removedcall-bind@1.0.8(transitive)

• - Removedcall-bind-apply-helpers@1.0.1(transitive)

• - Removedcall-bound@1.0.3(transitive)

• - Removeddefine-data-property@1.1.4(transitive)

• - Removeddunder-proto@1.0.1(transitive)

• - Removedes-define-property@1.0.1(transitive)

• - Removedes-errors@1.3.0(transitive)

• - Removedes-object-atoms@1.1.1(transitive)

• - Removedevents@1.1.1(transitive)

• - Removedfor-each@0.3.4(transitive)

• - Removedfunction-bind@1.1.2(transitive)

• - Removedget-intrinsic@1.2.7(transitive)

• - Removedget-proto@1.0.1(transitive)

• - Removedgopd@1.2.0(transitive)

• - Removedhas-property-descriptors@1.0.2(transitive)

• - Removedhas-symbols@1.1.0(transitive)

• - Removedhas-tostringtag@1.0.2(transitive)

• - Removedhasown@2.0.2(transitive)

• - Removedieee754@1.1.13(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedis-arguments@1.2.0(transitive)

• - Removedis-callable@1.2.7(transitive)

• - Removedis-generator-function@1.1.0(transitive)

• - Removedis-regex@1.2.1(transitive)

• - Removedis-typed-array@1.1.15(transitive)

• - Removedisarray@1.0.0(transitive)

• - Removedjmespath@0.16.0(transitive)

• - Removedmath-intrinsics@1.1.0(transitive)

• - Removedpossible-typed-array-names@1.0.0(transitive)

• - Removedpunycode@1.3.2(transitive)

• - Removedquerystring@0.2.0(transitive)

• - Removedsafe-regex-test@1.1.0(transitive)

• - Removedsax@1.2.1(transitive)

• - Removedset-function-length@1.2.2(transitive)

• - Removedurl@0.10.3(transitive)

• - Removedutil@0.12.5(transitive)

• - Removeduuid@8.0.0(transitive)

• - Removedwhich-typed-array@1.1.18(transitive)

• - Removedxml2js@0.6.2(transitive)

• - Removedxmlbuilder@11.0.1(transitive)