1 2/*! 3 * Copyright 2010 LearnBoost <dev@learnboost.com> 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19 * Module dependencies. 20 */ 21 22var crypto = require('crypto') 23 , parse = require('url').parse 24 ; 25 26/** 27 * Valid keys. 28 */ 29 30var keys = 31 [ 'acl' 32 , 'location' 33 , 'logging' 34 , 'notification' 35 , 'partNumber' 36 , 'policy' 37 , 'requestPayment' 38 , 'torrent' 39 , 'uploadId' 40 , 'uploads' 41 , 'versionId' 42 , 'versioning' 43 , 'versions' 44 , 'website' 45 ] 46 47/** 48 * Return an "Authorization" header value with the given `options` 49 * in the form of "AWS <key>:<signature>" 50 * 51 * @param {Object} options 52 * @return {String} 53 * @api private 54 */ 55 56function authorization (options) { 57 return 'AWS ' + options.key + ':' + sign(options) 58} 59 60module.exports = authorization 61module.exports.authorization = authorization 62 63/** 64 * Simple HMAC-SHA1 Wrapper 65 * 66 * @param {Object} options 67 * @return {String} 68 * @api private 69 */ 70 71function hmacSha1 (options) { 72 return crypto.createHmac('sha1', options.secret).update(options.message).digest('base64') 73} 74 75module.exports.hmacSha1 = hmacSha1 76 77/** 78 * Create a base64 sha1 HMAC for `options`. 79 * 80 * @param {Object} options 81 * @return {String} 82 * @api private 83 */ 84 85function sign (options) { 86 options.message = stringToSign(options) 87 return hmacSha1(options) 88} 89module.exports.sign = sign 90 91/** 92 * Create a base64 sha1 HMAC for `options`. 93 * 94 * Specifically to be used with S3 presigned URLs 95 * 96 * @param {Object} options 97 * @return {String} 98 * @api private 99 */ 100 101function signQuery (options) { 102 options.message = queryStringToSign(options) 103 return hmacSha1(options) 104} 105module.exports.signQuery= signQuery 106 107/** 108 * Return a string for sign() with the given `options`. 109 * 110 * Spec: 111 * 112 * <verb>\n 113 * <md5>\n 114 * <content-type>\n 115 * <date>\n 116 * [headers\n] 117 * <resource> 118 * 119 * @param {Object} options 120 * @return {String} 121 * @api private 122 */ 123 124function stringToSign (options) { 125 var headers = options.amazonHeaders || '' 126 if (headers) headers += '\n' 127 var r = 128 [ options.verb 129 , options.md5 130 , options.contentType 131 , options.date ? options.date.toUTCString() : '' 132 , headers + options.resource 133 ] 134 return r.join('\n') 135} 136module.exports.stringToSign = stringToSign 137 138/** 139 * Return a string for sign() with the given `options`, but is meant exclusively 140 * for S3 presigned URLs 141 * 142 * Spec: 143 * 144 * <date>\n 145 * <resource> 146 * 147 * @param {Object} options 148 * @return {String} 149 * @api private 150 */ 151 152function queryStringToSign (options){ 153 return 'GET\n\n\n' + options.date + '\n' + options.resource 154} 155module.exports.queryStringToSign = queryStringToSign 156 157/** 158 * Perform the following: 159 * 160 * - ignore non-amazon headers 161 * - lowercase fields 162 * - sort lexicographically 163 * - trim whitespace between ":" 164 * - join with newline 165 * 166 * @param {Object} headers 167 * @return {String} 168 * @api private 169 */ 170 171function canonicalizeHeaders (headers) { 172 var buf = [] 173 , fields = Object.keys(headers) 174 ; 175 for (var i = 0, len = fields.length; i < len; ++i) { 176 var field = fields[i] 177 , val = headers[field] 178 , field = field.toLowerCase() 179 ; 180 if (0 !== field.indexOf('x-amz')) continue 181 buf.push(field + ':' + val) 182 } 183 return buf.sort().join('\n') 184} 185module.exports.canonicalizeHeaders = canonicalizeHeaders 186 187/** 188 * Perform the following: 189 * 190 * - ignore non sub-resources 191 * - sort lexicographically 192 * 193 * @param {String} resource 194 * @return {String} 195 * @api private 196 */ 197 198function canonicalizeResource (resource) { 199 var url = parse(resource, true) 200 , path = url.pathname 201 , buf = [] 202 ; 203 204 Object.keys(url.query).forEach(function(key){ 205 if (!~keys.indexOf(key)) return 206 var val = '' == url.query[key] ? '' : '=' + encodeURIComponent(url.query[key]) 207 buf.push(key + val) 208 }) 209 210 return path + (buf.length ? '?' + buf.sort().join('&') : '') 211} 212module.exports.canonicalizeResource = canonicalizeResource 213