refactor(S3Provider): Allow specifying sign timestamp

megahertz · Mar 10, 2025 · bcc2e12 · bcc2e12
1 parent 998db6a
commit bcc2e12
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 26 deletions.
diff --git a/src/S3Provider.js b/src/S3Provider.js
@@ -43,10 +43,14 @@ class S3Provider {
     expires = 60 * 60 * 24 * 7,
     method = 'GET',
     s3Url,
+    timestamp = Date.now(),
   }) {
     const algo = 'AWS4-HMAC-SHA256';
     const url = new URL(this.buildUrl({ s3Url }));
-    const time = new Date().toISOString().slice(0, 19).replace(/\W/g, '') + 'Z';
+    const time = new Date(timestamp)
+      .toISOString()
+      .slice(0, 19)
+      .replace(/\W/g, '') + 'Z';
     const date = time.slice(0, 8);
     const signRegion = this.getSignRegion(s3Url);
     const scope = `${date}/${signRegion}/s3/aws4_request`;

diff --git a/src/__specs__/S3Provider.spec.js b/src/__specs__/S3Provider.spec.js
@@ -1,7 +1,9 @@
 'use strict';
 
 const { describe, expect, it } = require('humile');
+const AmazonAwsProvider = require('../providers/AmazonAwsProvider');
 const S3Provider = require('../S3Provider');
+const S3Url = require('../S3Url');
 
 describe('S3Provider', () => {
   describe('parseUrl', () => {
@@ -46,4 +48,27 @@ describe('S3Provider', () => {
       expect(provider.parseUrl({ url })).toMatchObject(matchedObject);
     }
   });
+
+  describe('buildSignedUrl', () => {
+    it('simple', async () => {
+      const s3Url = new S3Url('https://bucket.s3.amazonaws.com/test/file.zip');
+      const provider = new AmazonAwsProvider();
+      const signedUrl = await provider.buildSignedUrl({
+        accessKeyId: 'test',
+        secretAccessKey: 'test',
+        s3Url,
+        timestamp: 0,
+      });
+      expect(signedUrl).toBe(
+        'https://bucket.s3.us-east-1.amazonaws.com/test/file.zip'
+        + '?X-Amz-Algorithm=AWS4-HMAC-SHA256'
+        + '&X-Amz-Credential=test%2F19700101%2Fus-east-1%2Fs3%2Faws4_request'
+        + '&X-Amz-Date=19700101T000000Z'
+        + '&X-Amz-Expires=604800'
+        + '&X-Amz-SignedHeaders=host'
+        // eslint-disable-next-line max-len
+        + '&X-Amz-Signature=cbefd44bf6ccaec9a70b2eff6bcc17d14039c2d204c5e58545986fcf76cf28be'
+      );
+    });
+  });
 });
diff --git a/src/providers/AmazonAwsProvider.js b/src/providers/AmazonAwsProvider.js
@@ -24,13 +24,7 @@ class AmazonAwsProvider extends S3Provider {
       .join('.');
   }
 
-  async buildSignedUrl({
-    accessKeyId,
-    secretAccessKey,
-    expires,
-    method,
-    s3Url,
-  }) {
+  async buildSignedUrl({ s3Url, ...rest }) {
     const s3UrlCopy = s3Url.clone();
 
     if (!s3UrlCopy.region) {
@@ -41,13 +35,7 @@ class AmazonAwsProvider extends S3Provider {
       s3UrlCopy.setProtocol('https:');
     }
 
-    return super.buildSignedUrl({
-      accessKeyId,
-      secretAccessKey,
-      expires,
-      method,
-      s3Url: s3UrlCopy,
-    });
+    return super.buildSignedUrl({ ...rest, s3Url: s3UrlCopy });
   }
 
   parseBucket(hostname, s3Url) {

diff --git a/src/providers/DigitalOceanSpacesProvider.js b/src/providers/DigitalOceanSpacesProvider.js
@@ -23,18 +23,9 @@ class DigitalOceanSpacesProvider extends S3Provider {
       .join('.');
   }
 
-  async buildSignedUrl({
-    accessKeyId,
-    secretAccessKey,
-    expires,
-    method,
-    s3Url,
-  }) {
+  async buildSignedUrl({ s3Url, ...rest }) {
     const signedUrl = await super.buildSignedUrl({
-      accessKeyId,
-      secretAccessKey,
-      expires,
-      method,
+      ...rest,
       // DO uses the same signature for CDN and normal endpoints
       s3Url: s3Url.clone({ cdn: false }),
     });