Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

cloudfront-signer

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cloudfront-signer - npm Package Compare versions

Comparing version
2.0.0
 to
3.0.0
+5
-30
index.js

@@ -12,4 +12,2 @@ const crypto = require('crypto');

module.exports = cfSign;
/** CloudFront url signer

@@ -21,2 +19,3 @@

- privateKey: CloudFront certificate as ascii string ( fs.readFileSync(path.resolve('./cloudfront.pem')).toString('ascii') )
- custom: flag to sign with Custom policy (defaults to =url.endsWith('*'))

@@ -26,3 +25,3 @@ returns query string to be appended to a url again (must be the url in argument for a Canned url (default), or anything matching wildcard for a Custom)

*/
function cfSign(url, expires, keypairId, privateKey) { // could do {url, ex..} later, to avoid position errors
module.exports = function cfSign(url, expires, keypairId, privateKey, custom=url.endsWith('*')) { // todo 3 last in an obj

@@ -44,33 +43,9 @@ const time = Math.floor(expires/1000); // to unix

return QS({
return custom ? QS({
'Expires': time,
// 'Policy': normalizeBase64(Buffer.from(policyStr).toString('base64')), // not necessary for canned policy, necessary if using resource wildcards *
'Policy': normalizeBase64(Buffer.from(policyStr).toString('base64')),
'Signature': normalizeBase64(signature),
'Key-Pair-Id': keypairId
});
};
cfSign.canned = cfSign;
cfSign.custom = function cfCustomSign(url, expires, keypairId, privateKey) {
const time = Math.floor(expires/1000); // to unix
const policyStr = JSON.stringify({
'Statement': [{
'Resource': url,
'Condition': {
'DateLessThan': {
'AWS:EpochTime': time
}
}
}]
});
const signature = crypto.createSign('RSA-SHA1').update(policyStr).sign(privateKey, 'base64');
return QS({
}) : QS({
'Expires': time,
'Policy': normalizeBase64(Buffer.from(policyStr).toString('base64')),
'Signature': normalizeBase64(signature),

@@ -77,0 +52,0 @@ 'Key-Pair-Id': keypairId

+5
-3
package.json
{
"name": "cloudfront-signer",
"version": "2.0.0",
"description": "sign urls for AWS CLoudfront",
"version": "3.0.0",
"description": "Sign urls for AWS CloudFront",
"main": "index.js",

@@ -17,3 +17,5 @@ "dependencies": {},

"AWS",
"cloudfront"
"CloudFront",
"Sign",
"URL"
],

@@ -20,0 +22,0 @@ "author": "Cyril Auburtin <cyril.auburtin@gmail.com>",

+11
-2
README.md

@@ -6,7 +6,16 @@ ## CloudFront Signer

```js
// canned:
const cfSign = require('cloudfront-signer');
const url = 'http://xyz.cloudfront.net/test/cool?fun=1';
const signedUrl = url + '&' + cfSign(url, new Date(Date.now()+86400e3), cfKeypairId, cfPrivateKey)
```
```js
// custom (allow wildcards):
const cfSign = require('cloudfront-signer');
var signedUrl = url + '?' + cfSign(url, new Date(Date.now()+86400e3), cfKeypairId, cfPrivateKey)
const qs = cfSign('http://xyz.cloudfront.net/test/*', new Date(Date.now()+86400e3), cfKeypairId, cfPrivateKey)
// valid for 'http://xyz.cloudfront.net/test/test/cool?fun=1&' + qs
```
+1
-1
test/index.js

@@ -45,5 +45,5 @@ const cfUrl = 'https://d123.cloudfront.net';

assert.equal(
cfSign.custom(cfUrl+'/*', d, cfKeypairId, cfPrivateKey),
cfSign(cfUrl+'/*', d, cfKeypairId, cfPrivateKey, true),
'Expires=1495231200&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kMTIzLmNsb3VkZnJvbnQubmV0LyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE0OTUyMzEyMDB9fX1dfQ__&Signature=VSBpF5uZ5ok6BZ7lnGjVSqPLpRcN1fDx2ntLEeXCtUXxvN3uw7Bzf5dzU2JaHenJAz2MbxeTMuZ6zQOWUhPSGz4kFX1CH-jPgwpk~-S1fMrnohZ~mlhL91429jHp5~rNeHcVSYysHIJLlvYsjm3QFsaLtHf7ld2ZmlQIMOBQa0GrQN9MZZabfxU-NAXWXMkdOdEUnv9YktQmjO74dNyJTIc38-bjLX1~NE-rDzwy3Y9~naa98Jbi54nOGl-u6po1Yt0SfOkDpA4~ut5G~oZA-AwEVxSdOL7FSRluckRA7ioyC8BXfPts4LcJSRSEnbduG3oxlyJm8mK4pZAjLdV5sw__&Key-Pair-Id=__cfKeypairId__'
);