Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
'headersToSign'
]),
url = urlEncoder.toNodeUrl(request.url.toString(true)),
self = this;
if (!(params.accessToken && params.clientToken && params.clientSecret)) {
return done(); // Nothing to do if required parameters are not present.
}
request.removeHeader(AUTHORIZATION, {ignoreCase: true});
// Extract host from provided baseURL.
// @note: Here, instead of directly passing params.baseURL in urlEncoder.toNodeUrl() we first parse it using
// sdk.Url() and add protocol because urlEncoder.toNodeUrl() method doesn't work properly with URLs
// without protocol
params.baseURL = params.baseURL && urlEncoder.toNodeUrl(new sdk.Url(params.baseURL).toString(true)).host;
params.nonce = params.nonce || uuid();
params.timestamp = params.timestamp || getTimestamp();
params.url = url;
params.method = request.method;
// ensure that headers are case-insensitive as specified in the documentation
params.headers = request.getHeaders({enabled: true, ignoreCase: true});
if (typeof params.headersToSign === STRING) {
params.headersToSign = params.headersToSign.split(',');
}
else if (!_.isArray(params.headersToSign)) {
params.headersToSign = [];
}
// only calculate body hash for POST requests according to specification
sign: function (auth, request, done) {
var params = auth.get([
'consumerKey',
'consumerSecret',
'token',
'tokenSecret',
'signatureMethod',
'timestamp',
'nonce',
'version',
'realm',
'addParamsToHeader',
'addEmptyParamsToSign'
]),
url = urlEncoder.toNodeUrl(request.url.toString(true)),
signatureParams,
header;
if (!params.consumerKey || !params.consumerSecret) {
return done(); // Nothing to do if required parameters are not present.
}
// Remove existing headers and params (if any)
request.removeHeader('Authorization');
request.removeQueryParams(_.values(OAUTH1_PARAMS));
request.body && request.body.urlencoded && request.body.urlencoded.remove(function (param) {
return _.includes(_.values(OAUTH1_PARAMS), param.key);
});
// Generate a new nonce and timestamp
params.nonce = params.nonce || oAuth1.nonce(11).toString();
sign: function (auth, request, done) {
var signedData,
params = auth.get([
'accessKey',
'secretKey',
'sessionToken',
'service',
'region'
]),
url = urlEncoder.toNodeUrl(request.url.toString(true)),
self = this;
// Clean up the request (if needed)
request.removeHeader('Authorization', {ignoreCase: true});
request.removeHeader('X-Amz-Date', {ignoreCase: true});
request.removeHeader('X-Amz-Security-Token', {ignoreCase: true});
// Removed the code which was adding content-type header if it is not there in the request. Because
// aws4 does not require content-type header. It is only mandatory to include content-type header in signature
// calculation if it is there in the request.
// Refer: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html#canonical-request
// aws4 module can't calculate body hash for body with ReadStream.
// So we calculate it our self and set 'X-Amz-Content-Sha256' header which will be used by aws4 module
// to calculate the signature.
computeBodyHash(request.body, 'sha256', 'hex', function (bodyHash) {
getRequestOptions: function (request, defaultOpts, protocolProfileBehavior) {
var options = {},
networkOptions = defaultOpts.network || {},
self = this,
bodyParams,
url = request.url && urlEncoder.toNodeUrl(request.url.toString(true)),
isSSL = _.startsWith(url.protocol, HTTPS),
isTunnelingProxy = request.proxy && (request.proxy.tunnel || isSSL),
reqOption,
portNumber,
behaviorName,
port = url && url.port,
hostname = url && url.hostname && url.hostname.toLowerCase(),
proxyHostname = request.proxy && request.proxy.host;
!defaultOpts && (defaultOpts = {});
!protocolProfileBehavior && (protocolProfileBehavior = {});
// resolve all *.localhost to localhost itself
// RFC: 6761 section 6.3 (https://tools.ietf.org/html/rfc6761#section-6.3)
if (getTLD(hostname) === LOCALHOST) {
// @note setting hostname to localhost ensures that we override lookup function
sign: function (auth, request, done) {
var params = auth.get([
'accessToken',
'clientToken',
'clientSecret',
'baseURL',
'nonce',
'timestamp',
'headersToSign'
]),
url = urlEncoder.toNodeUrl(request.url.toString(true)),
self = this;
if (!(params.accessToken && params.clientToken && params.clientSecret)) {
return done(); // Nothing to do if required parameters are not present.
}
request.removeHeader(AUTHORIZATION, {ignoreCase: true});
// Extract host from provided baseURL.
// @note: Here, instead of directly passing params.baseURL in urlEncoder.toNodeUrl() we first parse it using
// sdk.Url() and add protocol because urlEncoder.toNodeUrl() method doesn't work properly with URLs
// without protocol
params.baseURL = params.baseURL && urlEncoder.toNodeUrl(new sdk.Url(params.baseURL).toString(true)).host;
params.nonce = params.nonce || uuid();
params.timestamp = params.timestamp || getTimestamp();
params.url = url;
signRequest = function (bodyHash) {
// force toString to add a protocol to the URL.
var url = urlEncoder.toNodeUrl(request.url.toString(true)),
result = self.computeHeader({
credentials: {
id: params.authId,
key: params.authKey,
algorithm: params.algorithm
},
nonce: params.nonce,
timestamp: params.timestamp,
ext: params.extraData,
app: params.app,
dlg: params.delegation,
user: params.user,
url: url.href,
method: request.method,
hash: bodyHash
sign: function (auth, request, done) {
var header,
params = auth.get(AUTH_PARAMETERS),
url = urlEncoder.toNodeUrl(request.url.toString(true));
if (!params.username || !params.realm) {
return done(); // Nothing to do if required parameters are not present.
}
request.removeHeader(AUTHORIZATION, {ignoreCase: true});
params.method = request.method;
params.uri = url.path;
params.body = request.body && request.body.toString();
try {
header = this.computeHeader(params);
}
catch (e) { return done(e); }