Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(s3-presigned-post): ensure unique conditions in policy #5184

Merged
merged 2 commits into from
Sep 6, 2023
Merged

fix(s3-presigned-post): ensure unique conditions in policy #5184

merged 2 commits into from
Sep 6, 2023

Conversation

RanVaknin
Copy link
Contributor

Issue

#5153

Description

Creating a set and stringifiying results to get unique condition values before adding them to presigned policy.

Testing

driver code:

import { S3Client } from "@aws-sdk/client-s3"; 
import {createPresignedPost} from '@aws-sdk/s3-presigned-post'

const Conditions = [{ acl: "public-read" }, { bucket: "foo" }, ["starts-with", "$key", "user/eric/"]];
const client = new S3Client({region: 'us-east-1'})

const Bucket = "foo";
const Key = `user/eric/\${filename}`; 

const Fields = {
  acl: "public-read",
};

async function run() {
  const { fields } = await createPresignedPost(client, {
    Bucket,
    Key,
    Conditions,
    Fields,
    Expires: 600,
  });

  console.log(JSON.stringify(fields, undefined, 2));
}

run().catch(e => console.error(e));

Policy generated before change 
{
  "expiration": "2023-09-05T22:30:15Z",
  "conditions": [
    {
      "acl": "public-read"
    },
    {
      "bucket": "foo"
    },
    [
      "starts-with",
      "$key",
      "user/eric/"
    ],
    {
      "acl": "public-read"
    },
    {
      "bucket": "foo"
    },
    {
      "X-Amz-Algorithm": "AWS4-HMAC-SHA256"
    },
    {
      "X-Amz-Credential": "REDACTED/20230905/us-east-1/s3/aws4_request"
    },
    {
      "X-Amz-Date": "20230905T222015Z"
    },
    [
      "starts-with",
      "$key",
      "user/eric/"
    ]
  ]
}
Policy generated after change 
{
  "expiration": "2023-09-06T16:58:21Z",
  "conditions": [
    {
      "acl": "public-read"
    },
    {
      "bucket": "foo"
    },
    [
      "starts-with",
      "$key",
      "user/eric/"
    ],
    {
      "X-Amz-Algorithm": "AWS4-HMAC-SHA256"
    },
    {
      "X-Amz-Credential": "REDACTED/20230906/us-east-1/s3/aws4_request"
    },
    {
      "X-Amz-Date": "20230906T164821Z"
    }
  ]
}
Test coverage 
$ lerna run build --scope @aws-sdk/s3-presigned-post --include-dependencies

lerna success run Ran npm script 'build' in 32 packages in 87.1s:
lerna success - @aws-sdk/s3-presigned-post
lerna success - @aws-sdk/client-s3
lerna success - @aws-sdk/types
lerna success - @aws-sdk/util-format-url
lerna success - @aws-sdk/client-sts
lerna success - @aws-sdk/credential-provider-node
lerna success - @aws-sdk/middleware-bucket-endpoint
lerna success - @aws-sdk/middleware-expect-continue
lerna success - @aws-sdk/middleware-flexible-checksums
lerna success - @aws-sdk/middleware-host-header
lerna success - @aws-sdk/middleware-location-constraint
lerna success - @aws-sdk/middleware-logger
lerna success - @aws-sdk/middleware-recursion-detection
lerna success - @aws-sdk/middleware-sdk-s3
lerna success - @aws-sdk/middleware-signing
lerna success - @aws-sdk/middleware-ssec
lerna success - @aws-sdk/middleware-user-agent
lerna success - @aws-sdk/signature-v4-multi-region
lerna success - @aws-sdk/util-endpoints
lerna success - @aws-sdk/util-user-agent-browser
lerna success - @aws-sdk/util-user-agent-node
lerna success - @aws-sdk/xml-builder
lerna success - @aws-sdk/middleware-sdk-sts
lerna success - @aws-sdk/credential-provider-env
lerna success - @aws-sdk/credential-provider-ini
lerna success - @aws-sdk/credential-provider-process
lerna success - @aws-sdk/credential-provider-sso
lerna success - @aws-sdk/credential-provider-web-identity
lerna success - @aws-sdk/util-arn-parser
lerna success - @aws-sdk/signature-v4-crt
lerna success - @aws-sdk/client-sso
lerna success - @aws-sdk/token-providers

@RanVaknin RanVaknin requested a review from a team as a code owner September 6, 2023 16:58
@kuhe kuhe merged commit 3f8b581 into aws:main Sep 6, 2023
1 of 2 checks passed
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kuhe kuhe kuhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RanVaknin @kuhe