signer.sign now takes Request

Author: lucacasonato

README.md

@@ -18,17 +18,15 @@ The below example will generate signed headers based on the region and credentia
 import { AWSSignerV4 } from "https://deno.land/x/aws_sign_v4@0.1.0/mod.ts";
 
 const signer = new AWSSignerV4();
-const url = "https://test-bucket.s3.amazonaws.com/test";
-const method = "PUT";
-const body = new TextEncoder().encode("Hello World!")
-const headers = { "content-length": body.length };
-const signedHeaders = signer.sign("s3", url, method, headers, body);
-
-const response = await fetch(url, {
-   headers: signedHeaders,
-   method,
-   body: payload,
+const body = new TextEncoder().encode("Hello World!");
+const request = new Request("https://test-bucket.s3.amazonaws.com/test", {
+  method: "PUT",
+  headers: { "content-length": body.length.toString() },
+  body,
 });
+const req = await signer.sign("s3", request);
+
+const response = await fetch(req);
 ```
 
 You can also explicitly specify credentials and a region when constructing a new `AWSSignerV4`:

mod.ts

@@ -2,6 +2,7 @@ import { sha256Hex } from "./deps.ts";
 import { toAmz, toDateStamp } from "./src/date.ts";
 import { getSignatureKey, signAwsV4 } from "./src/signing.ts";
 import type { Credentials, RequestHeaders } from "./src/types.ts";
+import { equal } from "https://deno.land/std@0.68.0/testing/asserts.ts";
 export type { Credentials, RequestHeaders };
 
 /**
@@ -15,17 +16,14 @@ export type { Credentials, RequestHeaders };
  * 
  * ```ts 
  * const signer = new AWSSignerV4();
- * const url = "https://test-bucket.s3.amazonaws.com/test";
- * const method = "PUT";
  * const body = new TextEncoder().encode("Hello World!")
- * const headers = { "content-length": body.length };
- * const signedHeaders = signer.sign("s3", url, method, headers, body);
- * 
- * const response = await fetch(url, {
- *   headers: signedHeaders,
- *   method,
- *   body: payload,
+ * const request = new Request("https://test-bucket.s3.amazonaws.com/test", {
+ *   method: "PUT",
+ *   headers: { "content-length": body.length.toString() },
+ *   body,
  * });
+ * const req = await signer.sign("s3", request);
+ * const response = await fetch(req);
  * ```
  */
 export class AWSSignerV4 {
@@ -44,6 +42,7 @@ export class AWSSignerV4 {
     this.region = region || this.#getDefaultRegion();
     this.credentials = credentials || this.#getDefaultCredentials();
   }
+
   /**
    * Use this to create the signed headers required to
    * make a call to an AWS API.
@@ -55,42 +54,42 @@ export class AWSSignerV4 {
    * @param body The body for PUT/POST methods.
    * @returns {RequestHeaders} - the signed request headers
    */
-  public sign = (
+  public async sign(
     service: string,
-    url: string,
-    method: string = "GET",
-    headers: RequestHeaders,
-    body?: Uint8Array | string,
-  ): RequestHeaders => {
+    request: Request,
+  ): Promise<Request> {
     const date = new Date();
     const amzdate = toAmz(date);
     const datestamp = toDateStamp(date);
 
-    const urlObj = new URL(url);
+    const urlObj = new URL(request.url);
     const { host, pathname, searchParams } = urlObj;
     const canonicalQuerystring = searchParams.toString();
 
-    headers["x-amz-date"] = amzdate;
+    const headers = new Headers(request.headers);
+
+    headers.set("x-amz-date", amzdate);
     if (this.credentials.sessionToken) {
-      headers["x-amz-security-token"] = this.credentials.sessionToken;
+      headers.set("x-amz-security-token", this.credentials.sessionToken);
     }
-
-    headers["host"] = host;
+    headers.set("host", host);
 
     let canonicalHeaders = "";
     let signedHeaders = "";
-    for (const key of Object.keys(headers).sort()) {
-      canonicalHeaders += `${key.toLowerCase()}:${headers[key]}\n`;
+    for (const key of [...headers.keys()].sort()) {
+      canonicalHeaders += `${key.toLowerCase()}:${headers.get(key)}\n`;
       signedHeaders += `${key.toLowerCase()};`;
     }
     signedHeaders = signedHeaders.substring(0, signedHeaders.length - 1);
-    const payload = body ?? "";
-    const payloadHash = sha256Hex(payload);
+    const body = request.body
+      ? new Uint8Array(await request.arrayBuffer())
+      : new Uint8Array();
+    const payloadHash = sha256Hex(body);
 
     const { awsAccessKeyId, awsSecretKey } = this.credentials;
 
     const canonicalRequest =
-      `${method}\n${pathname}\n${canonicalQuerystring}\n${canonicalHeaders}\n${signedHeaders}\n${payloadHash}`;
+      `${request.method}\n${pathname}\n${canonicalQuerystring}\n${canonicalHeaders}\n${signedHeaders}\n${payloadHash}`;
     const canonicalRequestDigest = sha256Hex(canonicalRequest);
 
     const algorithm = "AWS4-HMAC-SHA256";
@@ -111,10 +110,27 @@ export class AWSSignerV4 {
     const authHeader =
       `${algorithm} Credential=${awsAccessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
 
-    headers.Authorization = authHeader;
-
-    return headers;
-  };
+    headers.set("Authorization", authHeader);
+
+    const req = new Request(
+      request.url,
+      {
+        headers,
+        method: request.method,
+        body,
+        cache: request.cache,
+        credentials: request.credentials,
+        integrity: request.integrity,
+        keepalive: request.keepalive,
+        mode: request.mode,
+        redirect: request.redirect,
+        referrer: request.referrer,
+        referrerPolicy: request.referrerPolicy,
+        signal: request.signal,
+      },
+    );
+    return req;
+  }
 
   #getDefaultCredentials = (): Credentials => {
     const AWS_ACCESS_KEY_ID = Deno.env.get("AWS_ACCESS_KEY_ID");

mod_test.ts

@@ -1,60 +1,85 @@
 import { AWSSignerV4 } from "./mod.ts";
 import {
   assertEquals,
-  assert,
   assertStringContains,
 } from "https://deno.land/std@0.68.0/testing/asserts.ts";
 
-Deno.test("construct from env vars", () => {
+Deno.test("construct from env vars", async () => {
   Deno.env.set("AWS_ACCESS_KEY_ID", "examplekey");
   Deno.env.set("AWS_SECRET_ACCESS_KEY", "secretkey");
   Deno.env.set("AWS_SESSION_TOKEN", "sessiontoken");
   Deno.env.set("AWS_REGION", "us-east-1");
 
   const signer = new AWSSignerV4();
-  const headers = signer.sign(
+  const req = await signer.sign(
     "dynamodb",
-    "https://test.dynamodb.us-east-1.amazonaws.com",
-    "GET",
-    { "x-hello": "world" },
-    "A dynamodb request!",
+    new Request(
+      "https://test.dynamodb.us-east-1.amazonaws.com",
+      {
+        method: "GET",
+        headers: { "x-hello": "world" },
+        body: "A dynamodb request!",
+      },
+    ),
   );
   const now = new Date();
   const today = `${now.getFullYear()}${
     (now.getMonth() + 1).toString().padStart(2, "0")
   }${now.getDate().toString().padStart(2, "0")}`;
-  assertStringContains(headers["x-amz-date"], `${today}T`);
-  assertEquals(headers["x-amz-security-token"], "sessiontoken");
-  assertEquals(headers["x-hello"], "world");
-  assertEquals(headers["host"], "test.dynamodb.us-east-1.amazonaws.com");
+  assertStringContains(req.headers.get("x-amz-date")!, `${today}T`);
+  assertEquals(req.headers.get("x-amz-security-token"), "sessiontoken");
+  assertEquals(req.headers.get("x-hello"), "world");
+  assertEquals(
+    req.headers.get("host"),
+    "test.dynamodb.us-east-1.amazonaws.com",
+  );
   assertStringContains(
-    headers["Authorization"],
+    req.headers.get("Authorization")!,
     `AWS4-HMAC-SHA256 Credential=examplekey/${today}/us-east-1/dynamodb/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token;x-hello, Signature=`,
   );
 });
 
-Deno.test("construct manually", () => {
+Deno.test("construct manually", async () => {
   const signer = new AWSSignerV4("us-east-2", {
     awsAccessKeyId: "example_key",
     awsSecretKey: "secret_key",
     sessionToken: "session_token",
   });
-  const headers = signer.sign(
+  const req = await signer.sign(
     "dynamodb",
-    "https://test.dynamodb.us-east-1.amazonaws.com",
-    "GET",
-    { "x-hello": "world" },
-    "A dynamodb request!",
+    new Request(
+      "https://test.dynamodb.us-east-1.amazonaws.com",
+      {
+        method: "GET",
+        headers: { "x-hello": "world" },
+        body: "A dynamodb request!",
+      },
+    ),
   );
   const now = new Date();
   const today = `${now.getFullYear()}${
     (now.getMonth() + 1).toString().padStart(2, "0")
   }${now.getDate().toString().padStart(2, "0")}`;
-  assertStringContains(headers["x-amz-date"], `${today}T`);
-  assertEquals(headers["x-amz-security-token"], "session_token");
-  assertEquals(headers["x-hello"], "world");
+  assertStringContains(req.headers.get("x-amz-date")!, `${today}T`);
+  assertEquals(req.headers.get("x-amz-security-token"), "session_token");
+  assertEquals(req.headers.get("x-hello"), "world");
+  assertEquals(
+    req.headers.get("host"),
+    "test.dynamodb.us-east-1.amazonaws.com",
+  );
   assertStringContains(
-    headers["Authorization"],
+    req.headers.get("Authorization")!,
     `AWS4-HMAC-SHA256 Credential=example_key/${today}/us-east-2/dynamodb/aws4_request, SignedHeaders=host;x-amz-date;x-amz-security-token;x-hello, Signature=`,
   );
 });
+
+Deno.test("example", async () => {
+  const signer = new AWSSignerV4();
+  const body = new TextEncoder().encode("Hello World!");
+  const request = new Request("https://test-bucket.s3.amazonaws.com/test", {
+    method: "PUT",
+    headers: { "content-length": body.length.toString() },
+    body,
+  });
+  const req = await signer.sign("s3", request);
+});

src/types.ts

@@ -6,4 +6,6 @@ export interface Credentials {
 
 export type Method = "GET" | "PUT" | "POST" | "DELETE";
 
-export type RequestHeaders = { [header: string]: string };
+export interface RequestHeaders {
+  [header: string]: string;
+}