-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy paths3.ts
93 lines (81 loc) · 2.51 KB
/
s3.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import { S3Client, HeadObjectCommand } from '@aws-sdk/client-s3';
import { STSClient, AssumeRoleCommand } from '@aws-sdk/client-sts';
import { S3RequestPresigner } from '@aws-sdk/s3-request-presigner';
import { HttpRequest } from '@smithy/protocol-http';
import { parseUrl } from '@smithy/url-parser';
import { formatUrl } from '@aws-sdk/util-format-url';
import { Hash } from '@smithy/hash-node';
const bucketName = process.env.NEXT_PUBLIC_AWS_S3_BUCKET_NAME!;
const region = process.env.AWS_REGION || 'us-west-2';
const RoleArn = process.env.AWS_ASSUME_ROLE_ARN;
const timestamp = Date.now();
async function assumeRole() {
const sts = new STSClient({ region });
const roleParams = {
RoleArn,
RoleSessionName: `veda-ingest-ui-${timestamp}`,
DurationSeconds: 900,
};
const command = new AssumeRoleCommand(roleParams);
console.log({ command });
const response = await sts.send(command);
if (
!response.Credentials ||
!response.Credentials.AccessKeyId ||
!response.Credentials.SecretAccessKey ||
!response.Credentials.SessionToken
) {
throw new Error(
'Failed to assume role: Missing credentials from STS response.'
);
}
return {
accessKeyId: response.Credentials.AccessKeyId,
secretAccessKey: response.Credentials.SecretAccessKey,
sessionToken: response.Credentials.SessionToken,
};
}
async function createS3Client() {
const credentials = await assumeRole();
return new S3Client({
region,
credentials,
});
}
async function createPresigner() {
const credentials = await assumeRole();
return new S3RequestPresigner({
credentials,
region,
sha256: Hash.bind(null, 'sha256'),
});
}
export async function checkFileExists(filename: string): Promise<boolean> {
try {
const s3 = await createS3Client();
await s3.send(new HeadObjectCommand({ Bucket: bucketName, Key: filename }));
return true;
} catch (error: any) {
if (error.name === 'NotFound' || error.$metadata?.httpStatusCode === 403) {
return false;
}
throw new Error('Failed to check file existence');
}
}
export async function generateSignedUrl(
filename: string,
filetype: string
): Promise<string> {
const presigner = await createPresigner();
const url = parseUrl(
`https://${bucketName}.s3.${process.env.AWS_REGION}.amazonaws.com/${filename}`
);
const signedUrlObject = await presigner.presign(
new HttpRequest({
...url,
method: 'PUT',
headers: { 'Content-Type': filetype },
})
);
return formatUrl(signedUrlObject);
}