Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
lhl
/
jhladmin
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: d2d1562225
Ramos Etiquetas
jhladmin
/
node_modules
/
ali-oss
/
lib
/
sts.js

sts.js 4.0 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. 

  2. const debug = require('debug')('ali-oss:sts');
    3. 

  3. const crypto = require('crypto');
    4. 

  4. const querystring = require('querystring');
    5. 

  5. const copy = require('copy-to');
    6. 

  6. const AgentKeepalive = require('agentkeepalive');
    7. 

  7. const is = require('is-type-of');
    8. 

  8. const ms = require('humanize-ms');
    9. 

  9. const urllib = require('urllib');
    10. 

  10. 

  11. const globalHttpAgent = new AgentKeepalive();
    12. 

  12. 

  13. 

  14. function STS(options) {
    15. 

  15.   if (!(this instanceof STS)) {
    16. 

  16.     return new STS(options);
    17. 

  17.   }
    18. 

  18. 

  19.   if (!options
    20. 

  20.     || !options.accessKeyId
    21. 

  21.     || !options.accessKeySecret) {
    22. 

  22.     throw new Error('require accessKeyId, accessKeySecret');
    23. 

  23.   }
    24. 

  24. 

  25.   this.options = {
    26. 

  26.     endpoint: options.endpoint || 'https://sts.aliyuncs.com',
    27. 

  27.     format: 'JSON',
    28. 

  28.     apiVersion: '2015-04-01',
    29. 

  29.     sigMethod: 'HMAC-SHA1',
    30. 

  30.     sigVersion: '1.0',
    31. 

  31.     timeout: '60s'
    32. 

  32.   };
    33. 

  33.   copy(options).to(this.options);
    34. 

  34. 

  35.   // support custom agent and urllib client
    36. 

  36.   if (this.options.urllib) {
    37. 

  37.     this.urllib = this.options.urllib;
    38. 

  38.   } else {
    39. 

  39.     this.urllib = urllib;
    40. 

  40.     this.agent = this.options.agent || globalHttpAgent;
    41. 

  41.   }
    42. 

  42. }
    43. 

  43. 

  44. module.exports = STS;
    45. 

  45. 

  46. const proto = STS.prototype;
    47. 

  47. 

  48. /**
    49. 

  49.  * STS opertaions
    50. 

  50.  */
    51. 

  51. 

  52. proto.assumeRole = async function assumeRole(role, policy, expiration, session, options) {
    53. 

  53.   const opts = this.options;
    54. 

  54.   const params = {
    55. 

  55.     Action: 'AssumeRole',
    56. 

  56.     RoleArn: role,
    57. 

  57.     RoleSessionName: session || 'app',
    58. 

  58.     DurationSeconds: expiration || 3600,
    59. 

  59. 

  60.     Format: opts.format,
    61. 

  61.     Version: opts.apiVersion,
    62. 

  62.     AccessKeyId: opts.accessKeyId,
    63. 

  63.     SignatureMethod: opts.sigMethod,
    64. 

  64.     SignatureVersion: opts.sigVersion,
    65. 

  65.     SignatureNonce: Math.random(),
    66. 

  66.     Timestamp: new Date().toISOString()
    67. 

  67.   };
    68. 

  68. 

  69.   if (policy) {
    70. 

  70.     let policyStr;
    71. 

  71.     if (is.string(policy)) {
    72. 

  72.       try {
    73. 

  73.         policyStr = JSON.stringify(JSON.parse(policy));
    74. 

  74.       } catch (err) {
    75. 

  75.         throw new Error(`Policy string is not a valid JSON: ${err.message}`);
    76. 

  76.       }
    77. 

  77.     } else {
    78. 

  78.       policyStr = JSON.stringify(policy);
    79. 

  79.     }
    80. 

  80.     params.Policy = policyStr;
    81. 

  81.   }
    82. 

  82. 

  83.   const signature = this._getSignature('POST', params, opts.accessKeySecret);
    84. 

  84.   params.Signature = signature;
    85. 

  85. 

  86.   const reqUrl = opts.endpoint;
    87. 

  87.   const reqParams = {
    88. 

  88.     agent: this.agent,
    89. 

  89.     timeout: ms((options && options.timeout) || opts.timeout),
    90. 

  90.     method: 'POST',
    91. 

  91.     content: querystring.stringify(params),
    92. 

  92.     headers: {
    93. 

  93.       'Content-Type': 'application/x-www-form-urlencoded'
    94. 

  94.     },
    95. 

  95.     ctx: options && options.ctx
    96. 

  96.   };
    97. 

  97. 

  98.   const result = await this.urllib.request(reqUrl, reqParams);
    99. 

  99.   debug(
    100. 

  100.     'response %s %s, got %s, headers: %j',
    101. 

  101.     reqParams.method, reqUrl, result.status, result.headers
    102. 

  102.   );
    103. 

  103. 

  104.   if (Math.floor(result.status / 100) !== 2) {
    105. 

  105.     const err = await this._requestError(result);
    106. 

  106.     err.params = reqParams;
    107. 

  107.     throw err;
    108. 

  108.   }
    109. 

  109.   result.data = JSON.parse(result.data);
    110. 

  110. 

  111.   return {
    112. 

  112.     res: result.res,
    113. 

  113.     credentials: result.data.Credentials
    114. 

  114.   };
    115. 

  115. };
    116. 

  116. 

  117. proto._requestError = async function _requestError(result) {
    118. 

  118.   const err = new Error();
    119. 

  119.   err.status = result.status;
    120. 

  120. 

  121.   try {
    122. 

  122.     const resp = await JSON.parse(result.data) || {};
    123. 

  123.     err.code = resp.Code;
    124. 

  124.     err.message = `${resp.Code}: ${resp.Message}`;
    125. 

  125.     err.requestId = resp.RequestId;
    126. 

  126.   } catch (e) {
    127. 

  127.     err.message = `UnknownError: ${String(result.data)}`;
    128. 

  128.   }
    129. 

  129. 

  130.   return err;
    131. 

  131. };
    132. 

  132. 

  133. proto._getSignature = function _getSignature(method, params, key) {
    134. 

  134.   const that = this;
    135. 

  135.   const canoQuery = Object.keys(params).sort().map(k => `${that._escape(k)}=${that._escape(params[k])}`).join('&');
    136. 

  136. 

  137.   const stringToSign =
    138. 

  138.       `${method.toUpperCase()
    139. 

  139.       }&${this._escape('/')
    140. 

  140.       }&${this._escape(canoQuery)}`;
    141. 

  141. 

  142.   debug('string to sign: %s', stringToSign);
    143. 

  143. 

  144.   let signature = crypto.createHmac('sha1', `${key}&`);
    145. 

  145.   signature = signature.update(stringToSign).digest('base64');
    146. 

  146. 

  147.   debug('signature: %s', signature);
    148. 

  148. 

  149.   return signature;
    150. 

  150. };
    151. 

  151. 

  152. /**
    153. 

  153.  * Since `encodeURIComponent` doesn't encode '*', which causes
    154. 

  154.  * 'SignatureDoesNotMatch'. We need do it ourselves.
    155. 

  155.  */
    156. 

  156. proto._escape = function _escape(str) {
    157. 

  157.   return encodeURIComponent(str)
    158. 

  158.     .replace(/!/g, '%21')
    159. 

  159.     .replace(/'/g, '%27')
    160. 

  160.     .replace(/\(/g, '%28')
    161. 

  161.     .replace(/\)/g, '%29')
    162. 

  162.     .replace(/\*/g, '%2A');
    163. 

  163. };
    164.