root
/
s3.js
mirror of https://github.com/therootcompany/s3.js
2
0
Fork 0
Code Issues Releases Wiki Activity

feat: throw if keys aren't valid-ish

This commit is contained in:
AJ ONeal 2022-01-06 16:25:05 -07:00
parent ef7e4bb97f
commit 0d388cca6f
No known key found for this signature in database
GPG Key ID: C1D1AA22378CC345
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
s3.js
View File

@ -2,10 +2,24 @@
var aws4 = require('aws4'); var aws4 = require('aws4');
var request = require('@root/request'); var request = require('@root/request');
var env = process.env;
var S3; var S3;
function assertCredentials(accessKeyId, secretAccessKey) {
// https://docs.aws.amazon.com/IAM/latest/APIReference/API_AccessKey.html
// https://awsteele.com/blog/2020/09/26/aws-access-key-format.html
if ('A' !== String(accessKeyId)[0] || String(accessKeyId).length < 16) {
throw new Error(
`[s3.js] invalid or missing accessKeyId=AWS_ACCESS_KEY_ID: ${accessKeyId}`
);
}
if ('string' !== typeof secretAccessKey || secretAccessKey.length < 16) {
throw new Error(
`[s3.js] invalid or missing secretAccessKey=AWS_SECRET_ACCESS_KEY: ${secretAccessKey}`
);
}
}
function toAwsBucketHost(host, bucket, region) { function toAwsBucketHost(host, bucket, region) {
if (host) { if (host) {
return [host]; return [host];
@ -41,6 +55,8 @@ module.exports = S3 = {
}, },
_sign _sign
) { ) {
assertCredentials(accessKeyId, secretAccessKey);
// TODO support minio // TODO support minio
/* /*
var awsHost = config.awsHost; var awsHost = config.awsHost;
@ -63,12 +79,14 @@ module.exports = S3 = {
endpoint = endpoint || env.AWS_ENDPOINT; endpoint = endpoint || env.AWS_ENDPOINT;
} }
*/ */
prefix = prefix || ''; prefix = prefix || '';
if (prefix) { if (prefix) {
// whatever => whatever/ // whatever => whatever/
// whatever/ => whatever/ // whatever/ => whatever/
prefix = prefix.replace(/\/?$/, '/'); prefix = prefix.replace(/\/?$/, '/');
} }
var [host, defaultHost] = toAwsBucketHost(host, bucket, region); var [host, defaultHost] = toAwsBucketHost(host, bucket, region);
var signed = aws4.sign( var signed = aws4.sign(
{ {
@ -119,10 +137,13 @@ module.exports = S3 = {
}, },
_sign _sign
) { ) {
assertCredentials(accessKeyId, secretAccessKey);
prefix = prefix || ''; prefix = prefix || '';
if (prefix) { if (prefix) {
prefix = prefix.replace(/\/?$/, '/'); prefix = prefix.replace(/\/?$/, '/');
} }
var [host, defaultHost] = toAwsBucketHost(host, bucket, region); var [host, defaultHost] = toAwsBucketHost(host, bucket, region);
var signed = aws4.sign( var signed = aws4.sign(
{ {
@ -184,10 +205,13 @@ module.exports = S3 = {
}, },
_sign _sign
) { ) {
assertCredentials(accessKeyId, secretAccessKey);
prefix = prefix || ''; prefix = prefix || '';
if (prefix) { if (prefix) {
prefix = prefix.replace(/\/?$/, '/'); prefix = prefix.replace(/\/?$/, '/');
} }
var [host, defaultHost] = toAwsBucketHost(host, bucket, region); var [host, defaultHost] = toAwsBucketHost(host, bucket, region);
var signed = aws4.sign( var signed = aws4.sign(
{ {
@ -238,10 +262,13 @@ module.exports = S3 = {
}, },
_sign _sign
) { ) {
assertCredentials(accessKeyId, secretAccessKey);
prefix = prefix || ''; prefix = prefix || '';
if (prefix) { if (prefix) {
prefix = prefix.replace(/\/?$/, '/'); prefix = prefix.replace(/\/?$/, '/');
} }
var [host, defaultHost] = toAwsBucketHost(host, bucket, region); var [host, defaultHost] = toAwsBucketHost(host, bucket, region);
var signed = aws4.sign( var signed = aws4.sign(
{ {
@ -293,7 +320,7 @@ module.exports = S3 = {
case 'DELETE': case 'DELETE':
return S3.del(opts, 'sign'); return S3.del(opts, 'sign');
default: default:
throw new Error("Unknown method '" + method + "'"); throw new Error(`Unknown method '${method}'`);
} }
} }
}; };