Using the aws s3 sdk #10

steffenmllr · 2014-11-30T21:19:13Z

Hey there, first off thanks for the module!
Let's say I want to authenticate certain requests against the official s3 upload client.

This should work right? I always get an valid false ...

var app = require('express')();
var Hmmac = require('hmmac');
var AWS = require('aws-sdk');

var accessKeyId = 's3box';
var secretAccessKey = 's3box';

var hmmac = new Hmmac({
    scheme: Hmmac.schemes.load('aws4'),
    acceptableDateSkew: false,
    debug: 1,
    schemeConfig: {
        region: 's3box',
        service: 's3'
    },
    credentialProvider: function(key, callback) {
        if(key !== accessKeyId) {
            return callback(null)
        } else {
            callback({ key: accessKeyId, secret: secretAccessKey});
        }
    }
});

app.use(function (req, res, next) {
    hmmac.validate(req, function(valid) {
        console.log('This should be valid', valid);
    });
});


var server = app.listen(3000, function () {
    AWS.config.update({
        "accessKeyId": accessKeyId,
        "secretAccessKey": secretAccessKey,
        "region": "s3box",
        "endpoint": "127.0.0.1:3000",
        "maxRetries": 0,
        "s3ForcePathStyle": true,
        "sslEnabled": false,
        "signatureVersion": "v4"
    });

    var s3bucket = new AWS.S3({params: {Bucket: 'fooobar'}});
    s3bucket.createBucket(function(err) {
        console.log(err);
    });

});

The text was updated successfully, but these errors were encountered:

cmawhorter · 2015-01-13T22:07:17Z

Holy crap, so sorry for the late response. Somehow missed the notification, otherwise I would've gotten to you sooner.

Looking at it right now, but it seems to be falling down on the date header for some reason. Setting debug: 2 enables more verbose logging.

Should have more details shortly.

cmawhorter · 2015-01-13T23:42:41Z

Tracked it down:

hmmac's aws4 needs to more strictly follow http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html

The problem is hmmac's aws4 expects the date to be in the Date header. Period. However, aws4 says that it could be in x-amz-date header or even in the querystring for GET -- and this is how node aws-sdk sends the date.

Also, if both Date and X-Amz-Date exist, they should match identically or the request is invalid.

Should have a commit shortly, but here's a working copy of your script that includes a workaround: https://gist.github.com/cmawhorter/659b7aeec4ce590e3497

* use spdx license to avoid npm warning * closes cmawhorter#10 * add test for cmawhorter#11 * document cmawhorter#11 * bump version * update travis badge for current branch * closes cmawhorter#16 * wip * fixes cmawhorter#18 * node version support and ci * closes cmawhorter#15 * req to credProvider cmawhorter#13 * closes cmawhorter#13 * bump version * 0.2.3 * do not ship * npm dbl bump * outdated about * Updated to ensure utf8 always * Added tests for non-ascii * Updated to support inputEncoding * Modified to support passing in encoding * Updated version * Added CHANGELOG * Added reference to PR * Update CHANGELOG.md

cmawhorter added bug enhancement and removed bug labels Jan 13, 2015

cmawhorter added a commit that referenced this issue Jan 14, 2015

#6 and #10

aa5a97c

cmawhorter added this to the 0.2.1 milestone Jan 14, 2015

cmawhorter closed this as completed in 5961fed Jun 21, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Using the aws s3 sdk #10

Using the aws s3 sdk #10

steffenmllr commented Nov 30, 2014

cmawhorter commented Jan 13, 2015

cmawhorter commented Jan 13, 2015

Using the aws s3 sdk #10

Using the aws s3 sdk #10

Comments

steffenmllr commented Nov 30, 2014

cmawhorter commented Jan 13, 2015

cmawhorter commented Jan 13, 2015