dynalite - npm Package Compare versions

Comparing version 0.8.0 to 0.9.0

index.js

 var http = require('http'),
     https = require('https'),
     fs = require('fs'),
+    url = require('url'),
     crypto = require('crypto'),
@@ -121,4 +122,2 @@ crc32 = require('buffer-crc32'),
 
-    // DynamoDB doesn't seem to care about the HTTP path, so no checking needed for that
-
     var target = (req.headers['x-amz-target'] || '').split('.')
@@ -129,7 +128,13 @@
 
-    var action = validations.toLowerFirst(target[1])
+    var authHeader = req.headers.authorization
+    var query = url.parse(req.url, true).query
+    var authQuery = 'X-Amz-Algorithm' in query
 
-    var auth = req.headers.authorization
+    if (authHeader && authQuery)
+      return sendData(req, res, {
+        __type: 'com.amazon.coral.service#InvalidSignatureException',
+        message: 'Found both \'X-Amz-Algorithm\' as a query-string param and \'Authorization\' as HTTP header.',
+      }, 400)
 
-    if (!auth || auth.trim().slice(0, 5) != 'AWS4-')
+    if ((!authHeader && !authQuery) || (authHeader && (authHeader.trim().slice(0, 5) != 'AWS4-')))
       return sendData(req, res, {
@@ -140,25 +145,36 @@ __type: 'com.amazon.coral.service#MissingAuthenticationTokenException',
 
-    var authParams = auth.split(' ').slice(1).join('').split(',').reduce(function(obj, x) {
-          var keyVal = x.trim().split('=')
-          obj[keyVal[0]] = keyVal[1]
-          return obj
-        }, {}),
-        date = req.headers['x-amz-date'] || req.headers.date
+    var msg = '', params
 
-    var headers = ['Credential', 'Signature', 'SignedHeaders']
-    var msg = ''
-    // TODO: Go through key-vals first
-    // "'Credential' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 \
-    // Signature=b,    Credential,    SignedHeaders'."
-    headers.forEach(function(header) {
-      if (!authParams[header])
-        // TODO: SignedHeaders *is* allowed to be an empty string at this point
-        msg += 'Authorization header requires \'' + header + '\' parameter. '
-    })
-    if (!date)
-      msg += 'Authorization header requires existence of either a \'X-Amz-Date\' or a \'Date\' header. '
+    if (authHeader) {
+      // TODO: Go through key-vals first
+      // "'Credential' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 \
+      // Signature=b,    Credential,    SignedHeaders'."
+      params = ['Credential', 'Signature', 'SignedHeaders']
+      var authParams = authHeader.split(' ').slice(1).reduce(function(obj, x) {
+        var keyVal = x.trim().split('=')
+        obj[keyVal[0]] = keyVal[1].replace(/,$/, '')
+        return obj
+      }, {})
+      params.forEach(function(param) {
+        if (!authParams[param])
+          // TODO: SignedHeaders *is* allowed to be an empty string at this point
+          msg += 'Authorization header requires \'' + param + '\' parameter. '
+      })
+      if (!req.headers['x-amz-date'] && !req.headers.date)
+        msg += 'Authorization header requires existence of either a \'X-Amz-Date\' or a \'Date\' header. '
+      if (msg) msg += 'Authorization=' + authHeader
+
+    } else {
+      params = ['X-Amz-Algorithm', 'X-Amz-Credential', 'X-Amz-Signature', 'X-Amz-SignedHeaders', 'X-Amz-Date']
+      params.forEach(function(param) {
+        if (!query[param])
+          msg += 'AWS query-string parameters must include \'' + param + '\'. '
+      })
+      if (msg) msg += 'Re-examine the query-string parameters.'
+    }
+
     if (msg) {
       return sendData(req, res, {
         __type: 'com.amazon.coral.service#IncompleteSignatureException',
-        message: msg + 'Authorization=' + auth,
+        message: msg,
       }, 400)
@@ -212,2 +228,3 @@ }
 
+    var action = validations.toLowerFirst(target[1])
     var actionValidation = actionValidations[action]
@@ -214,0 +231,0 @@ try {

package.json

 {
   "name": "dynalite",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "An implementation of Amazon's DynamoDB built on LevelDB",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

137849

increased by0.54%

Lines of code

3359

increased by0.48%

No dependency changes