From 15e05124f9eb4a9fbf9437f14179188d7d4b11e1 Mon Sep 17 00:00:00 2001 From: Trivikram Kamat <16024985+trivikr@users.noreply.github.com> Date: Mon, 21 Feb 2022 11:15:40 -0800 Subject: [PATCH] feat(middleware-flexible-checksums): add flexibleChecksumMiddleware (#3340) Co-authored-by: AllanZhengYP --- .../middleware-flexible-checksums/.gitignore | 8 + .../CHANGELOG.md | 4 + .../middleware-flexible-checksums/LICENSE | 201 ++++++++++++++++++ .../middleware-flexible-checksums/README.md | 7 + .../jest.config.js | 5 + .../package.json | 54 +++++ .../src/configuration.ts | 33 +++ .../src/constants.ts | 18 ++ .../src/flexibleChecksumsMiddleware.spec.ts | 145 +++++++++++++ .../src/flexibleChecksumsMiddleware.ts | 69 ++++++ .../src/getChecksum.spec.ts | 41 ++++ .../src/getChecksum.ts | 18 ++ .../getChecksumAlgorithmForRequest.spec.ts | 50 +++++ .../src/getChecksumAlgorithmForRequest.ts | 42 ++++ ...etChecksumAlgorithmListForResponse.spec.ts | 17 ++ .../getChecksumAlgorithmListForResponse.ts | 19 ++ .../src/getChecksumLocationName.spec.ts | 14 ++ .../src/getChecksumLocationName.ts | 7 + .../src/getFlexibleChecksumsPlugin.ts | 49 +++++ .../src/hasHeader.spec.ts | 28 +++ .../src/hasHeader.ts | 15 ++ .../src/index.ts | 3 + .../src/isStreaming.spec.ts | 59 +++++ .../src/isStreaming.ts | 7 + .../selectChecksumAlgorithmFunction.spec.ts | 23 ++ .../src/selectChecksumAlgorithmFunction.ts | 21 ++ .../src/stringHasher.spec.ts | 36 ++++ .../src/stringHasher.ts | 10 + .../src/types.ts | 22 ++ .../src/validateChecksumFromResponse.spec.ts | 127 +++++++++++ .../src/validateChecksumFromResponse.ts | 49 +++++ .../tsconfig.cjs.json | 9 + .../tsconfig.es.json | 10 + .../tsconfig.types.json | 9 + yarn.lock | 9 + 35 files changed, 1238 insertions(+) create mode 100644 packages/middleware-flexible-checksums/.gitignore create mode 100644 packages/middleware-flexible-checksums/CHANGELOG.md create mode 100644 packages/middleware-flexible-checksums/LICENSE create mode 100644 packages/middleware-flexible-checksums/README.md create mode 100644 packages/middleware-flexible-checksums/jest.config.js create mode 100644 packages/middleware-flexible-checksums/package.json create mode 100644 packages/middleware-flexible-checksums/src/configuration.ts create mode 100644 packages/middleware-flexible-checksums/src/constants.ts create mode 100644 packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksum.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksum.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumLocationName.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/getChecksumLocationName.ts create mode 100644 packages/middleware-flexible-checksums/src/getFlexibleChecksumsPlugin.ts create mode 100644 packages/middleware-flexible-checksums/src/hasHeader.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/hasHeader.ts create mode 100644 packages/middleware-flexible-checksums/src/index.ts create mode 100644 packages/middleware-flexible-checksums/src/isStreaming.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/isStreaming.ts create mode 100644 packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.ts create mode 100644 packages/middleware-flexible-checksums/src/stringHasher.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/stringHasher.ts create mode 100644 packages/middleware-flexible-checksums/src/types.ts create mode 100644 packages/middleware-flexible-checksums/src/validateChecksumFromResponse.spec.ts create mode 100644 packages/middleware-flexible-checksums/src/validateChecksumFromResponse.ts create mode 100644 packages/middleware-flexible-checksums/tsconfig.cjs.json create mode 100644 packages/middleware-flexible-checksums/tsconfig.es.json create mode 100644 packages/middleware-flexible-checksums/tsconfig.types.json diff --git a/packages/middleware-flexible-checksums/.gitignore b/packages/middleware-flexible-checksums/.gitignore new file mode 100644 index 0000000000000..3d1714c9806ef --- /dev/null +++ b/packages/middleware-flexible-checksums/.gitignore @@ -0,0 +1,8 @@ +/node_modules/ +/build/ +/coverage/ +/docs/ +*.tsbuildinfo +*.tgz +*.log +package-lock.json diff --git a/packages/middleware-flexible-checksums/CHANGELOG.md b/packages/middleware-flexible-checksums/CHANGELOG.md new file mode 100644 index 0000000000000..e9fb6ecf59301 --- /dev/null +++ b/packages/middleware-flexible-checksums/CHANGELOG.md @@ -0,0 +1,4 @@ +# Change Log + +All notable changes to this project will be documented in this file. +See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. \ No newline at end of file diff --git a/packages/middleware-flexible-checksums/LICENSE b/packages/middleware-flexible-checksums/LICENSE new file mode 100644 index 0000000000000..8efcd8d5c5b76 --- /dev/null +++ b/packages/middleware-flexible-checksums/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/middleware-flexible-checksums/README.md b/packages/middleware-flexible-checksums/README.md new file mode 100644 index 0000000000000..ac7b4d35207e3 --- /dev/null +++ b/packages/middleware-flexible-checksums/README.md @@ -0,0 +1,7 @@ +# @aws-sdk/middleware-flexible-checksums + +[![NPM version](https://img.shields.io/npm/v/@aws-sdk/middleware-flexible-checksums/latest.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-flexible-checksums) +[![NPM downloads](https://img.shields.io/npm/dm/@aws-sdk/middleware-flexible-checksums.svg)](https://www.npmjs.com/package/@aws-sdk/middleware-flexible-checksums) + +This package provides AWS SDK for JavaScript middleware that applies a checksum +of the request body as a header. diff --git a/packages/middleware-flexible-checksums/jest.config.js b/packages/middleware-flexible-checksums/jest.config.js new file mode 100644 index 0000000000000..a8d1c2e499123 --- /dev/null +++ b/packages/middleware-flexible-checksums/jest.config.js @@ -0,0 +1,5 @@ +const base = require("../../jest.config.base.js"); + +module.exports = { + ...base, +}; diff --git a/packages/middleware-flexible-checksums/package.json b/packages/middleware-flexible-checksums/package.json new file mode 100644 index 0000000000000..92442bd9f1c97 --- /dev/null +++ b/packages/middleware-flexible-checksums/package.json @@ -0,0 +1,54 @@ +{ + "name": "@aws-sdk/middleware-flexible-checksums", + "version": "3.0.0", + "scripts": { + "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'", + "build:cjs": "tsc -p tsconfig.cjs.json", + "build:es": "tsc -p tsconfig.es.json", + "build:types": "tsc -p tsconfig.types.json", + "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4", + "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo", + "test": "jest --coverage" + }, + "main": "./dist-cjs/index.js", + "module": "./dist-es/index.js", + "types": "./dist-types/index.d.ts", + "author": { + "name": "AWS SDK for JavaScript Team", + "url": "https://aws.amazon.com/javascript/" + }, + "license": "Apache-2.0", + "dependencies": { + "@aws-crypto/crc32": "2.0.0", + "@aws-crypto/crc32c": "2.0.0", + "@aws-sdk/is-array-buffer": "*", + "@aws-sdk/protocol-http": "*", + "@aws-sdk/types": "*", + "tslib": "^2.3.0" + }, + "devDependencies": { + "concurrently": "7.0.0", + "downlevel-dts": "0.7.0", + "rimraf": "3.0.2", + "typescript": "~4.3.5" + }, + "engines": { + "node": ">= 12.0.0" + }, + "typesVersions": { + "<4.0": { + "dist-types/*": [ + "dist-types/ts3.4/*" + ] + } + }, + "files": [ + "dist-*" + ], + "homepage": "/~https://github.com/aws/aws-sdk-js-v3/tree/main/packages/middleware-flexible-checksums", + "repository": { + "type": "git", + "url": "/~https://github.com/aws/aws-sdk-js-v3.git", + "directory": "packages/middleware-flexible-checksums" + } +} diff --git a/packages/middleware-flexible-checksums/src/configuration.ts b/packages/middleware-flexible-checksums/src/configuration.ts new file mode 100644 index 0000000000000..be3e7a41aeb95 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/configuration.ts @@ -0,0 +1,33 @@ +import { Encoder, HashConstructor, StreamHasher } from "@aws-sdk/types"; + +export interface PreviouslyResolved { + /** + * The function that will be used to convert binary data to a base64-encoded string. + * @internal + */ + base64Encoder: Encoder; + + /** + * A constructor for a class implementing the {@link Hash} interface that computes MD5 hashes. + * @internal + */ + md5: HashConstructor; + + /** + * A constructor for a class implementing the {@link Hash} interface that computes SHA1 hashes. + * @internal + */ + sha1: HashConstructor; + + /** + * A constructor for a class implementing the {@link Hash} interface that computes SHA256 hashes. + * @internal + */ + sha256: HashConstructor; + + /** + * A function that, given a hash constructor and a stream, calculates the hash of the streamed value. + * @internal + */ + streamHasher: StreamHasher; +} diff --git a/packages/middleware-flexible-checksums/src/constants.ts b/packages/middleware-flexible-checksums/src/constants.ts new file mode 100644 index 0000000000000..583d52be9adf1 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/constants.ts @@ -0,0 +1,18 @@ +/** + * Checksum Algorithms supported by the SDK. + */ +export enum ChecksumAlgorithm { + MD5 = "MD5", + CRC32 = "CRC32", + CRC32C = "CRC32C", + SHA1 = "SHA1", + SHA256 = "SHA256", +} + +/** + * Location when the checksum is stored in the request body. + */ +export enum ChecksumLocation { + HEADER = "header", + TRAILER = "trailer", +} diff --git a/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.spec.ts b/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.spec.ts new file mode 100644 index 0000000000000..144d78d10f403 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.spec.ts @@ -0,0 +1,145 @@ +import { HttpRequest } from "@aws-sdk/protocol-http"; +import { BuildHandlerArguments } from "@aws-sdk/types"; + +import { PreviouslyResolved } from "./configuration"; +import { ChecksumAlgorithm } from "./constants"; +import { flexibleChecksumsMiddleware } from "./flexibleChecksumsMiddleware"; +import { getChecksum } from "./getChecksum"; +import { getChecksumAlgorithmForRequest } from "./getChecksumAlgorithmForRequest"; +import { getChecksumLocationName } from "./getChecksumLocationName"; +import { FlexibleChecksumsMiddlewareConfig } from "./getFlexibleChecksumsPlugin"; +import { hasHeader } from "./hasHeader"; +import { selectChecksumAlgorithmFunction } from "./selectChecksumAlgorithmFunction"; +import { validateChecksumFromResponse } from "./validateChecksumFromResponse"; + +jest.mock("@aws-sdk/protocol-http"); +jest.mock("./getChecksumAlgorithmForRequest"); +jest.mock("./getChecksumLocationName"); +jest.mock("./selectChecksumAlgorithmFunction"); +jest.mock("./getChecksum"); +jest.mock("./hasHeader"); +jest.mock("./validateChecksumFromResponse"); + +describe(flexibleChecksumsMiddleware.name, () => { + const mockNext = jest.fn(); + + const mockChecksum = "mockChecksum"; + const mockChecksumAlgorithmFunction = jest.fn(); + const mockChecksumLocationName = "mock-checksum-location-name"; + + const mockInput = {}; + const mockConfig = {} as PreviouslyResolved; + const mockMiddlewareConfig = { input: mockInput } as FlexibleChecksumsMiddlewareConfig; + + const mockBody = {}; + const mockHeaders = {}; + const mockRequest = { body: mockBody, headers: mockHeaders }; + const mockArgs = { request: mockRequest } as BuildHandlerArguments; + const mockResult = { response: {} }; + + beforeEach(() => { + mockNext.mockResolvedValueOnce(mockResult); + const { isInstance } = HttpRequest; + (isInstance as unknown as jest.Mock).mockReturnValue(true); + (getChecksumAlgorithmForRequest as jest.Mock).mockReturnValue(ChecksumAlgorithm.MD5); + (getChecksumLocationName as jest.Mock).mockReturnValue(mockChecksumLocationName); + (selectChecksumAlgorithmFunction as jest.Mock).mockReturnValue(mockChecksumAlgorithmFunction); + (getChecksum as jest.Mock).mockReturnValue(mockChecksum); + (hasHeader as jest.Mock).mockReturnValue(false); + }); + + afterEach(() => { + expect(mockNext).toHaveBeenCalledTimes(1); + jest.clearAllMocks(); + }); + + describe("skips checksum computation", () => { + it("if not an instance of HttpRequest", async () => { + const { isInstance } = HttpRequest; + (isInstance as unknown as jest.Mock).mockReturnValue(false); + const handler = flexibleChecksumsMiddleware(mockConfig, mockMiddlewareConfig)(mockNext, {}); + await handler(mockArgs); + expect(getChecksumAlgorithmForRequest).not.toHaveBeenCalled(); + }); + + describe("request checksum", () => { + afterEach(() => { + expect(getChecksumAlgorithmForRequest).toHaveBeenCalledTimes(1); + expect(selectChecksumAlgorithmFunction).not.toHaveBeenCalled(); + expect(getChecksum).not.toHaveBeenCalled(); + }); + + it("if checksumAlgorithm is not defined", async () => { + (getChecksumAlgorithmForRequest as jest.Mock).mockReturnValue(undefined); + const handler = flexibleChecksumsMiddleware(mockConfig, mockMiddlewareConfig)(mockNext, {}); + await handler(mockArgs); + expect(getChecksumLocationName).not.toHaveBeenCalled(); + expect(mockNext).toHaveBeenCalledWith(mockArgs); + }); + + it("if header is already present", async () => { + const handler = flexibleChecksumsMiddleware(mockConfig, mockMiddlewareConfig)(mockNext, {}); + const mockHeadersWithChecksumHeader = { ...mockHeaders, [mockChecksumLocationName]: "mockHeaderValue" }; + const mockArgsWithChecksumHeader = { + ...mockArgs, + request: { ...mockRequest, headers: mockHeadersWithChecksumHeader }, + }; + (hasHeader as jest.Mock).mockReturnValue(true); + await handler(mockArgsWithChecksumHeader); + expect(getChecksumLocationName).toHaveBeenCalledTimes(1); + expect(hasHeader).toHaveBeenCalledTimes(1); + expect(mockNext).toHaveBeenCalledWith(mockArgsWithChecksumHeader); + expect(hasHeader).toHaveBeenCalledWith(mockChecksumLocationName, mockHeadersWithChecksumHeader); + }); + }); + + describe("response validation", () => { + it("if requestValidationModeMember is not defined", async () => { + const handler = flexibleChecksumsMiddleware(mockConfig, mockMiddlewareConfig)(mockNext, {}); + await handler(mockArgs); + expect(validateChecksumFromResponse).not.toHaveBeenCalled(); + }); + + it("if requestValidationModeMember is not set to 'ENABLED' in input", async () => { + const mockRequestValidationModeMember = "mockRequestValidationModeMember"; + const handler = flexibleChecksumsMiddleware(mockConfig, { + ...mockMiddlewareConfig, + requestValidationModeMember: mockRequestValidationModeMember, + })(mockNext, {}); + await handler(mockArgs); + expect(validateChecksumFromResponse).not.toHaveBeenCalled(); + }); + }); + }); + + it("adds checksum in the request header", async () => { + const handler = flexibleChecksumsMiddleware(mockConfig, mockMiddlewareConfig)(mockNext, {}); + await handler(mockArgs); + expect(getChecksumLocationName).toHaveBeenCalledTimes(1); + expect(hasHeader).toHaveBeenCalledTimes(1); + expect(mockNext).toHaveBeenCalledWith({ + ...mockArgs, + request: { + ...mockRequest, + headers: { ...mockHeaders, [mockChecksumLocationName]: mockChecksum }, + }, + }); + expect(hasHeader).toHaveBeenCalledWith(mockChecksumLocationName, mockHeaders); + expect(selectChecksumAlgorithmFunction).toHaveBeenCalledTimes(1); + expect(getChecksum).toHaveBeenCalledTimes(1); + }); + + it("validates checksum from the response header", async () => { + const mockRequestValidationModeMember = "mockRequestValidationModeMember"; + const mockInput = { [mockRequestValidationModeMember]: "ENABLED" }; + + const handler = flexibleChecksumsMiddleware(mockConfig, { + ...mockMiddlewareConfig, + input: mockInput, + requestValidationModeMember: mockRequestValidationModeMember, + })(mockNext, {}); + + await handler(mockArgs); + expect(validateChecksumFromResponse).toHaveBeenCalledTimes(1); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.ts b/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.ts new file mode 100644 index 0000000000000..cf3618d3a4e0b --- /dev/null +++ b/packages/middleware-flexible-checksums/src/flexibleChecksumsMiddleware.ts @@ -0,0 +1,69 @@ +import { HttpRequest, HttpResponse } from "@aws-sdk/protocol-http"; +import { + BuildHandler, + BuildHandlerArguments, + BuildHandlerOutput, + BuildMiddleware, + MetadataBearer, +} from "@aws-sdk/types"; + +import { PreviouslyResolved } from "./configuration"; +import { getChecksum } from "./getChecksum"; +import { getChecksumAlgorithmForRequest } from "./getChecksumAlgorithmForRequest"; +import { getChecksumLocationName } from "./getChecksumLocationName"; +import { FlexibleChecksumsMiddlewareConfig } from "./getFlexibleChecksumsPlugin"; +import { hasHeader } from "./hasHeader"; +import { selectChecksumAlgorithmFunction } from "./selectChecksumAlgorithmFunction"; +import { validateChecksumFromResponse } from "./validateChecksumFromResponse"; + +export const flexibleChecksumsMiddleware = + (config: PreviouslyResolved, middlewareConfig: FlexibleChecksumsMiddlewareConfig): BuildMiddleware => + (next: BuildHandler): BuildHandler => + async (args: BuildHandlerArguments): Promise> => { + if (!HttpRequest.isInstance(args.request)) { + return next(args); + } + + const { request } = args; + const { body: requestBody, headers } = request; + const { streamHasher, base64Encoder } = config; + const { input, requestChecksumRequired, requestAlgorithmMember } = middlewareConfig; + + const checksumAlgorithm = getChecksumAlgorithmForRequest(input, { + requestChecksumRequired, + requestAlgorithmMember, + }); + let updatedHeaders = headers; + + if (checksumAlgorithm) { + const checksumLocationName = getChecksumLocationName(checksumAlgorithm); + // ToDo: Update trailer instead if it is Unsigned-payload. + if (!hasHeader(checksumLocationName, headers)) { + const checksumAlgorithmFn = selectChecksumAlgorithmFunction(checksumAlgorithm, config); + const checksum = await getChecksum(requestBody, { streamHasher, checksumAlgorithmFn, base64Encoder }); + updatedHeaders = { + ...headers, + [checksumLocationName]: checksum, + }; + } + } + + const result = await next({ + ...args, + request: { + ...request, + headers: updatedHeaders, + }, + }); + + const { requestValidationModeMember, responseAlgorithms } = middlewareConfig; + // @ts-ignore Element implicitly has an 'any' type for input[requestValidationModeMember] + if (requestValidationModeMember && input[requestValidationModeMember] === "ENABLED") { + validateChecksumFromResponse(result.response as HttpResponse, { + config, + responseAlgorithms, + }); + } + + return result; + }; diff --git a/packages/middleware-flexible-checksums/src/getChecksum.spec.ts b/packages/middleware-flexible-checksums/src/getChecksum.spec.ts new file mode 100644 index 0000000000000..d1a2a54d95943 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksum.spec.ts @@ -0,0 +1,41 @@ +import { getChecksum } from "./getChecksum"; +import { isStreaming } from "./isStreaming"; +import { stringHasher } from "./stringHasher"; + +jest.mock("./isStreaming"); +jest.mock("./stringHasher"); + +describe(getChecksum.name, () => { + const mockOptions = { + streamHasher: jest.fn(), + checksumAlgorithmFn: jest.fn(), + base64Encoder: jest.fn(), + }; + + const mockBody = "mockBody"; + const mockOutput = "mockOutput"; + + beforeEach(() => { + mockOptions.base64Encoder.mockResolvedValueOnce(mockOutput); + }); + + afterEach(() => { + jest.clearAllMocks(); + }); + + it("gets checksum from streamHasher if body is streaming", async () => { + (isStreaming as jest.Mock).mockReturnValue(true); + const checksum = await getChecksum(mockBody, mockOptions); + expect(checksum).toEqual(mockOutput); + expect(stringHasher).not.toHaveBeenCalled(); + expect(mockOptions.streamHasher).toHaveBeenCalledTimes(1); + }); + + it("gets checksum from stringHasher if body is not streaming", async () => { + (isStreaming as jest.Mock).mockReturnValue(false); + const checksum = await getChecksum(mockBody, mockOptions); + expect(checksum).toEqual(mockOutput); + expect(stringHasher).toHaveBeenCalledTimes(1); + expect(mockOptions.streamHasher).not.toHaveBeenCalled(); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/getChecksum.ts b/packages/middleware-flexible-checksums/src/getChecksum.ts new file mode 100644 index 0000000000000..365c4bc150979 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksum.ts @@ -0,0 +1,18 @@ +import { Encoder, HashConstructor, StreamHasher } from "@aws-sdk/types"; + +import { isStreaming } from "./isStreaming"; +import { stringHasher } from "./stringHasher"; + +export interface GetChecksumDigestOptions { + streamHasher: StreamHasher; + checksumAlgorithmFn: HashConstructor; + base64Encoder: Encoder; +} + +export const getChecksum = async ( + body: unknown, + { streamHasher, checksumAlgorithmFn, base64Encoder }: GetChecksumDigestOptions +) => { + const digest = isStreaming(body) ? streamHasher(checksumAlgorithmFn, body) : stringHasher(checksumAlgorithmFn, body); + return base64Encoder(await digest); +}; diff --git a/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.spec.ts b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.spec.ts new file mode 100644 index 0000000000000..eb175cd906dc7 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.spec.ts @@ -0,0 +1,50 @@ +import { ChecksumAlgorithm } from "./constants"; +import { getChecksumAlgorithmForRequest } from "./getChecksumAlgorithmForRequest"; +import { CLIENT_SUPPORTED_ALGORITHMS } from "./types"; + +describe(getChecksumAlgorithmForRequest.name, () => { + const mockRequestAlgorithmMember = "mockRequestAlgorithmMember"; + + describe("when requestAlgorithmMember is not provided", () => { + it("returns MD5 if requestChecksumRequired is set", () => { + expect(getChecksumAlgorithmForRequest({}, { requestChecksumRequired: true })).toEqual(ChecksumAlgorithm.MD5); + }); + + it("returns undefined if requestChecksumRequired is not set", () => { + expect(getChecksumAlgorithmForRequest({}, { requestChecksumRequired: false })).toBeUndefined(); + }); + }); + + describe("when requestAlgorithmMember is not set in input", () => { + const mockOptions = { requestAlgorithmMember: mockRequestAlgorithmMember }; + it("returns MD5 if requestChecksumRequired is set", () => { + expect(getChecksumAlgorithmForRequest({}, { ...mockOptions, requestChecksumRequired: true })).toEqual( + ChecksumAlgorithm.MD5 + ); + }); + + it("returns undefined if requestChecksumRequired is not set", () => { + expect(getChecksumAlgorithmForRequest({}, { ...mockOptions, requestChecksumRequired: false })).toBeUndefined(); + }); + }); + + it("throws error if input[requestAlgorithmMember] if not supported by client", () => { + const unsupportedAlgo = "unsupportedAlgo"; + const mockInput = { [mockRequestAlgorithmMember]: unsupportedAlgo }; + const mockOptions = { requestChecksumRequired: true, requestAlgorithmMember: mockRequestAlgorithmMember }; + expect(() => { + getChecksumAlgorithmForRequest(mockInput, mockOptions); + }).toThrowError( + `The checksum algorithm "${unsupportedAlgo}" is not supported by the client.` + + ` Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` + ); + }); + + describe("returns input[requestAlgorithmMember] if supported by client", () => { + it.each(CLIENT_SUPPORTED_ALGORITHMS)("Supported algorithm: %s", (supportedAlgorithm) => { + const mockInput = { [mockRequestAlgorithmMember]: supportedAlgorithm }; + const mockOptions = { requestChecksumRequired: true, requestAlgorithmMember: mockRequestAlgorithmMember }; + expect(getChecksumAlgorithmForRequest(mockInput, mockOptions)).toEqual(supportedAlgorithm); + }); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.ts b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.ts new file mode 100644 index 0000000000000..d0bb57ca2038f --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmForRequest.ts @@ -0,0 +1,42 @@ +import { ChecksumAlgorithm } from "./constants"; +import { CLIENT_SUPPORTED_ALGORITHMS } from "./types"; + +export interface GetChecksumAlgorithmForRequestOptions { + /** + * Indicates an operation requires a checksum in its HTTP request. + */ + requestChecksumRequired: boolean; + + /** + * Defines a top-level operation input member that is used to configure request checksum behavior. + */ + requestAlgorithmMember?: string; +} + +/** + * Returns the checksum algorithm to use for the request, along with + * the priority array of location to use to populate checksum and names + * to be used as a key at the location. + */ +export const getChecksumAlgorithmForRequest = ( + input: any, + { requestChecksumRequired, requestAlgorithmMember }: GetChecksumAlgorithmForRequestOptions +): ChecksumAlgorithm | undefined => { + // Either the Operation input member that is used to configure request checksum behavior is not set, or + // the value for input member to configure flexible checksum is not set. + if (!requestAlgorithmMember || !input[requestAlgorithmMember]) { + // Select MD5 only if request checksum is required. + return requestChecksumRequired ? ChecksumAlgorithm.MD5 : undefined; + } + + const checksumAlgorithm = input[requestAlgorithmMember]; + // Validate that at least one algorithm from customer preference is supported by the SDK. + if (!CLIENT_SUPPORTED_ALGORITHMS.includes(checksumAlgorithm)) { + throw new Error( + `The checksum algorithm "${checksumAlgorithm}" is not supported by the client.` + + ` Select one of ${CLIENT_SUPPORTED_ALGORITHMS}.` + ); + } + + return checksumAlgorithm as ChecksumAlgorithm; +}; diff --git a/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.spec.ts b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.spec.ts new file mode 100644 index 0000000000000..a78dff0bf3c3d --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.spec.ts @@ -0,0 +1,17 @@ +import { getChecksumAlgorithmListForResponse } from "./getChecksumAlgorithmListForResponse"; +import { PRIORITY_ORDER_ALGORITHMS } from "./types"; + +describe(getChecksumAlgorithmListForResponse.name, () => { + it("returns empty if responseAlgorithms is empty", () => { + expect(getChecksumAlgorithmListForResponse([])).toEqual([]); + }); + + it("returns empty if contents of responseAlgorithms is not in priority order", () => { + expect(getChecksumAlgorithmListForResponse(["UNKNOWNALGO"])).toEqual([]); + }); + + it("returns list as per priority order", () => { + const responseAlgorithms = [...PRIORITY_ORDER_ALGORITHMS]; + expect(getChecksumAlgorithmListForResponse(responseAlgorithms.reverse())).toEqual(PRIORITY_ORDER_ALGORITHMS); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.ts b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.ts new file mode 100644 index 0000000000000..6674a7ec2d446 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumAlgorithmListForResponse.ts @@ -0,0 +1,19 @@ +import { ChecksumAlgorithm } from "./constants"; +import { CLIENT_SUPPORTED_ALGORITHMS, PRIORITY_ORDER_ALGORITHMS } from "./types"; + +/** + * Returns the priority array of algorithm to use to verify checksum and names + * to be used as a key in the response header. + */ +export const getChecksumAlgorithmListForResponse = (responseAlgorithms: string[] = []): ChecksumAlgorithm[] => { + const validChecksumAlgorithms: ChecksumAlgorithm[] = []; + + for (const algorithm of PRIORITY_ORDER_ALGORITHMS) { + if (!responseAlgorithms.includes(algorithm) || !CLIENT_SUPPORTED_ALGORITHMS.includes(algorithm)) { + continue; + } + validChecksumAlgorithms.push(algorithm as ChecksumAlgorithm); + } + + return validChecksumAlgorithms; +}; diff --git a/packages/middleware-flexible-checksums/src/getChecksumLocationName.spec.ts b/packages/middleware-flexible-checksums/src/getChecksumLocationName.spec.ts new file mode 100644 index 0000000000000..cbd04755c5265 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumLocationName.spec.ts @@ -0,0 +1,14 @@ +import { ChecksumAlgorithm } from "./constants"; +import { getChecksumLocationName } from "./getChecksumLocationName"; + +describe(getChecksumLocationName.name, () => { + it.each([ + ["content-md5", ChecksumAlgorithm.MD5], + ["x-amz-checksum-crc32", ChecksumAlgorithm.CRC32], + ["x-amz-checksum-crc32c", ChecksumAlgorithm.CRC32C], + ["x-amz-checksum-sha1", ChecksumAlgorithm.SHA1], + ["x-amz-checksum-sha256", ChecksumAlgorithm.SHA256], + ])("returns %s for %s", (output, input) => { + expect(getChecksumLocationName(input)).toEqual(output); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/getChecksumLocationName.ts b/packages/middleware-flexible-checksums/src/getChecksumLocationName.ts new file mode 100644 index 0000000000000..0feaa22769167 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getChecksumLocationName.ts @@ -0,0 +1,7 @@ +import { ChecksumAlgorithm } from "./constants"; + +/** + * Returns location (header/trailer) name to use to populate checksum in. + */ +export const getChecksumLocationName = (algorithm: ChecksumAlgorithm): string => + algorithm === ChecksumAlgorithm.MD5 ? "content-md5" : `x-amz-checksum-${algorithm.toLowerCase()}`; diff --git a/packages/middleware-flexible-checksums/src/getFlexibleChecksumsPlugin.ts b/packages/middleware-flexible-checksums/src/getFlexibleChecksumsPlugin.ts new file mode 100644 index 0000000000000..b4303b8f68441 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/getFlexibleChecksumsPlugin.ts @@ -0,0 +1,49 @@ +import { BuildHandlerOptions, Pluggable } from "@aws-sdk/types"; + +import { PreviouslyResolved } from "./configuration"; +import { flexibleChecksumsMiddleware } from "./flexibleChecksumsMiddleware"; + +export const flexibleChecksumsMiddlewareOptions: BuildHandlerOptions = { + name: "flexibleChecksumsMiddleware", + step: "build", + tags: ["BODY_CHECKSUM"], + override: true, +}; + +export interface FlexibleChecksumsMiddlewareConfig { + /** + * The input object for the operation. + */ + input: Object; + + /** + * Indicates an operation requires a checksum in its HTTP request. + */ + requestChecksumRequired: boolean; + + /** + * Defines a top-level operation input member that is used to configure request checksum behavior. + */ + requestAlgorithmMember?: string; + + /** + * Defines a top-level operation input member used to opt-in to best-effort validation + * of a checksum returned in the HTTP response of the operation. + */ + requestValidationModeMember?: string; + + /** + * Defines the checksum algorithms clients SHOULD look for when validating checksums + * returned in the HTTP response. + */ + responseAlgorithms?: string[]; +} + +export const getFlexibleChecksumsPlugin = ( + config: PreviouslyResolved, + middlewareConfig: FlexibleChecksumsMiddlewareConfig +): Pluggable => ({ + applyToStack: (clientStack) => { + clientStack.add(flexibleChecksumsMiddleware(config, middlewareConfig), flexibleChecksumsMiddlewareOptions); + }, +}); diff --git a/packages/middleware-flexible-checksums/src/hasHeader.spec.ts b/packages/middleware-flexible-checksums/src/hasHeader.spec.ts new file mode 100644 index 0000000000000..c8c9ea858c25b --- /dev/null +++ b/packages/middleware-flexible-checksums/src/hasHeader.spec.ts @@ -0,0 +1,28 @@ +import { HeaderBag } from "@aws-sdk/types"; + +import { hasHeader } from "./hasHeader"; + +describe(hasHeader.name, () => { + const mockHeaders: HeaderBag = { + "header-key-1": "header-value-1", + "HEADER-KEY-2": "header-value-2", + }; + + describe("contains header", () => { + it("when header to search is exact", () => { + expect(hasHeader("header-key-1", mockHeaders)).toBe(true); + }); + + it("when header to search is in different case", () => { + expect(hasHeader("HEADER-KEY-1", mockHeaders)).toBe(true); + }); + + it("when header in headers is in different case", () => { + expect(hasHeader("header-key-2", mockHeaders)).toBe(true); + }); + }); + + it("doesn't contain header", () => { + expect(hasHeader("header-key-3", mockHeaders)).toBe(false); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/hasHeader.ts b/packages/middleware-flexible-checksums/src/hasHeader.ts new file mode 100644 index 0000000000000..14c6028380860 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/hasHeader.ts @@ -0,0 +1,15 @@ +import { HeaderBag } from "@aws-sdk/types"; + +/** + * Returns true if header is present in headers. + * Comparisons are case-insensitive. + */ +export const hasHeader = (header: string, headers: HeaderBag): boolean => { + const soughtHeader = header.toLowerCase(); + for (const headerName of Object.keys(headers)) { + if (soughtHeader === headerName.toLowerCase()) { + return true; + } + } + return false; +}; diff --git a/packages/middleware-flexible-checksums/src/index.ts b/packages/middleware-flexible-checksums/src/index.ts new file mode 100644 index 0000000000000..26a8b50c93b20 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/index.ts @@ -0,0 +1,3 @@ +export * from "./constants"; +export * from "./flexibleChecksumsMiddleware"; +export * from "./getFlexibleChecksumsPlugin"; diff --git a/packages/middleware-flexible-checksums/src/isStreaming.spec.ts b/packages/middleware-flexible-checksums/src/isStreaming.spec.ts new file mode 100644 index 0000000000000..dd1f820d61ca6 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/isStreaming.spec.ts @@ -0,0 +1,59 @@ +import { isArrayBuffer } from "@aws-sdk/is-array-buffer"; + +import { isStreaming } from "./isStreaming"; + +jest.mock("@aws-sdk/is-array-buffer"); + +describe(isStreaming.name, () => { + beforeEach(() => { + (isArrayBuffer as unknown as jest.Mock).mockReturnValue(true); + }); + + afterEach(() => { + jest.clearAllMocks(); + }); + + it("returns true when body is a stream", () => { + (isArrayBuffer as unknown as jest.Mock).mockReturnValue(false); + // Mocking {} as a stream + const mockStream = {}; + expect(isStreaming(mockStream)).toBe(true); + expect(isArrayBuffer).toHaveBeenCalledTimes(1); + expect(isArrayBuffer).toHaveBeenCalledWith(mockStream); + }); + + describe("returns false when body is", () => { + it.each([undefined, "str"])("special case: %s", (val) => { + expect(isStreaming(val)).toBe(false); + expect(isArrayBuffer).not.toHaveBeenCalled(); + }); + + it.each([null, true, 1])("primitive data type: %s", (val) => { + expect(isStreaming(val)).toBe(false); + expect(isArrayBuffer).toHaveBeenCalledTimes(1); + expect(isArrayBuffer).toHaveBeenCalledWith(val); + }); + + const buffer = new ArrayBuffer(4); + const arr = [...Array(4).keys()]; + const addPointOne = (num: number) => num + 0.1; + it.each([ + Buffer.from(buffer), + new DataView(buffer), + new Int8Array(arr), + new Uint8Array(arr), + new Uint8ClampedArray(arr), + new Int16Array(arr), + new Uint16Array(arr), + new Int32Array(arr), + new Uint32Array(arr), + new Float32Array(arr.map(addPointOne)), + new Float64Array(arr.map(addPointOne)), + new BigInt64Array(arr.map(BigInt)), + new BigUint64Array(arr.map(BigInt)), + ])("ArrayBuffer View: %s", (arrayBufferView) => { + expect(isStreaming(arrayBufferView)).toBe(false); + expect(isArrayBuffer).not.toHaveBeenCalled(); + }); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/isStreaming.ts b/packages/middleware-flexible-checksums/src/isStreaming.ts new file mode 100644 index 0000000000000..357a7242ebe69 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/isStreaming.ts @@ -0,0 +1,7 @@ +import { isArrayBuffer } from "@aws-sdk/is-array-buffer"; + +/** + * Returns true if the given value is a streaming response. + */ +export const isStreaming = (body: unknown) => + body !== undefined && typeof body !== "string" && !ArrayBuffer.isView(body) && !isArrayBuffer(body); diff --git a/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.spec.ts b/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.spec.ts new file mode 100644 index 0000000000000..f26a572423035 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.spec.ts @@ -0,0 +1,23 @@ +import { AwsCrc32 } from "@aws-crypto/crc32"; +import { AwsCrc32c } from "@aws-crypto/crc32c"; + +import { ChecksumAlgorithm } from "./constants"; +import { selectChecksumAlgorithmFunction } from "./selectChecksumAlgorithmFunction"; + +describe(selectChecksumAlgorithmFunction.name, () => { + const mockConfig = { + md5: jest.fn(), + sha1: jest.fn(), + sha256: jest.fn(), + }; + + it.each([ + [ChecksumAlgorithm.MD5, mockConfig.md5], + [ChecksumAlgorithm.CRC32, AwsCrc32], + [ChecksumAlgorithm.CRC32C, AwsCrc32c], + [ChecksumAlgorithm.SHA1, mockConfig.sha1], + [ChecksumAlgorithm.SHA256, mockConfig.sha256], + ])("testing %s", (checksumAlgorithm, output) => { + expect(selectChecksumAlgorithmFunction(checksumAlgorithm, mockConfig as any)).toEqual(output); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.ts b/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.ts new file mode 100644 index 0000000000000..e5239b4b67069 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/selectChecksumAlgorithmFunction.ts @@ -0,0 +1,21 @@ +import { AwsCrc32 } from "@aws-crypto/crc32"; +import { AwsCrc32c } from "@aws-crypto/crc32c"; +import { HashConstructor } from "@aws-sdk/types"; + +import { PreviouslyResolved } from "./configuration"; +import { ChecksumAlgorithm } from "./constants"; + +/** + * Returns the function that will compute the checksum for the given {@link ChecksumAlgorithm}. + */ +export const selectChecksumAlgorithmFunction = ( + checksumAlgorithm: ChecksumAlgorithm, + config: PreviouslyResolved +): HashConstructor => + ({ + [ChecksumAlgorithm.MD5]: config.md5, + [ChecksumAlgorithm.CRC32]: AwsCrc32, + [ChecksumAlgorithm.CRC32C]: AwsCrc32c, + [ChecksumAlgorithm.SHA1]: config.sha1, + [ChecksumAlgorithm.SHA256]: config.sha256, + }[checksumAlgorithm]); diff --git a/packages/middleware-flexible-checksums/src/stringHasher.spec.ts b/packages/middleware-flexible-checksums/src/stringHasher.spec.ts new file mode 100644 index 0000000000000..4f735b875aeaa --- /dev/null +++ b/packages/middleware-flexible-checksums/src/stringHasher.spec.ts @@ -0,0 +1,36 @@ +import { stringHasher } from "./stringHasher"; + +describe(stringHasher.name, () => { + const mockHash = new Uint8Array(Buffer.from("mockHash")); + const mockUpdate = jest.fn(); + const mockDigest = jest.fn(); + const mockChecksumAlgorithmFn = jest.fn().mockImplementation(() => ({ + update: mockUpdate, + digest: mockDigest, + })); + + beforeEach(() => { + mockDigest.mockResolvedValueOnce(mockHash); + }); + + afterEach(() => { + expect(mockChecksumAlgorithmFn).toHaveBeenCalledTimes(1); + expect(mockUpdate).toHaveBeenCalledTimes(1); + expect(mockDigest).toHaveBeenCalledTimes(1); + jest.clearAllMocks(); + }); + + it("calculates hash of the provided string", async () => { + const mockBody = "mockBody"; + const digest = await stringHasher(mockChecksumAlgorithmFn, mockBody); + expect(digest).toEqual(mockHash); + expect(mockUpdate).toHaveBeenCalledWith(mockBody); + }); + + it("calculates hash of empty string if undefined", async () => { + const mockBody = undefined; + const digest = await stringHasher(mockChecksumAlgorithmFn, mockBody); + expect(digest).toEqual(mockHash); + expect(mockUpdate).toHaveBeenCalledWith(""); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/stringHasher.ts b/packages/middleware-flexible-checksums/src/stringHasher.ts new file mode 100644 index 0000000000000..84211f7f7a77c --- /dev/null +++ b/packages/middleware-flexible-checksums/src/stringHasher.ts @@ -0,0 +1,10 @@ +import { HashConstructor } from "@aws-sdk/types"; + +/** + * A function that, given a hash constructor and a string, calculates the hash of the string. + */ +export const stringHasher = (checksumAlgorithmFn: HashConstructor, body: any) => { + const hash = new checksumAlgorithmFn(); + hash.update(body || ""); + return hash.digest(); +}; diff --git a/packages/middleware-flexible-checksums/src/types.ts b/packages/middleware-flexible-checksums/src/types.ts new file mode 100644 index 0000000000000..0b768a74e57db --- /dev/null +++ b/packages/middleware-flexible-checksums/src/types.ts @@ -0,0 +1,22 @@ +import { ChecksumAlgorithm } from "./constants"; + +/** + * List of algorithms supported by client. + */ +export const CLIENT_SUPPORTED_ALGORITHMS = [ + ChecksumAlgorithm.CRC32, + ChecksumAlgorithm.CRC32C, + ChecksumAlgorithm.SHA1, + ChecksumAlgorithm.SHA256, +]; + +/** + * Priority order for validating checksum algorithm. A faster algorithm has higher priority. + * ToDo: update the priority order based on profiling of JavaScript implementations. + */ +export const PRIORITY_ORDER_ALGORITHMS = [ + ChecksumAlgorithm.CRC32, + ChecksumAlgorithm.CRC32C, + ChecksumAlgorithm.SHA1, + ChecksumAlgorithm.SHA256, +]; diff --git a/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.spec.ts b/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.spec.ts new file mode 100644 index 0000000000000..cce1f40974178 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.spec.ts @@ -0,0 +1,127 @@ +import { HttpResponse } from "@aws-sdk/protocol-http"; + +import { PreviouslyResolved } from "./configuration"; +import { ChecksumAlgorithm } from "./constants"; +import { getChecksum } from "./getChecksum"; +import { getChecksumAlgorithmListForResponse } from "./getChecksumAlgorithmListForResponse"; +import { getChecksumLocationName } from "./getChecksumLocationName"; +import { selectChecksumAlgorithmFunction } from "./selectChecksumAlgorithmFunction"; +import { validateChecksumFromResponse } from "./validateChecksumFromResponse"; + +jest.mock("./getChecksum"); +jest.mock("./getChecksumLocationName"); +jest.mock("./getChecksumAlgorithmListForResponse"); +jest.mock("./selectChecksumAlgorithmFunction"); + +describe(validateChecksumFromResponse.name, () => { + const mockConfig = { + streamHasher: jest.fn(), + base64Encoder: jest.fn(), + } as unknown as PreviouslyResolved; + + const mockBody = {}; + const mockHeaders = {}; + const mockResponse = { + body: mockBody, + headers: mockHeaders, + } as HttpResponse; + + const mockChecksum = "mockChecksum"; + const mockResponseAlgorithms = [ChecksumAlgorithm.CRC32, ChecksumAlgorithm.CRC32C]; + const mockChecksumAlgorithmFn = jest.fn(); + + const getMockResponseWithHeader = (headerKey: string, headerValue: string) => ({ + ...mockResponse, + headers: { + ...mockHeaders, + [headerKey]: headerValue, + }, + }); + + beforeEach(() => { + (getChecksumLocationName as jest.Mock).mockImplementation((algorithm) => algorithm); + (getChecksumAlgorithmListForResponse as jest.Mock).mockImplementation((responseAlgorithms) => responseAlgorithms); + (selectChecksumAlgorithmFunction as jest.Mock).mockReturnValue(mockChecksumAlgorithmFn); + (getChecksum as jest.Mock).mockResolvedValue(mockChecksum); + }); + + afterEach(() => { + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledTimes(1); + jest.clearAllMocks(); + }); + + it("skip validation if response algorithms is empty", async () => { + const emptyAlgorithmsList = []; + await validateChecksumFromResponse(mockResponse, { config: mockConfig, responseAlgorithms: emptyAlgorithmsList }); + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledWith(emptyAlgorithmsList); + expect(getChecksumLocationName).not.toHaveBeenCalled(); + }); + + it("skip validation if updated algorithm list from response is empty", async () => { + (getChecksumAlgorithmListForResponse as jest.Mock).mockImplementation(() => []); + await validateChecksumFromResponse(mockResponse, { + config: mockConfig, + responseAlgorithms: mockResponseAlgorithms, + }); + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledWith(mockResponseAlgorithms); + expect(getChecksumLocationName).not.toHaveBeenCalled(); + }); + + it("skip validation if checksum is not present in header", async () => { + await validateChecksumFromResponse(mockResponse, { + config: mockConfig, + responseAlgorithms: mockResponseAlgorithms, + }); + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledWith(mockResponseAlgorithms); + expect(getChecksumLocationName).toHaveBeenCalledTimes(mockResponseAlgorithms.length); + expect(selectChecksumAlgorithmFunction).not.toHaveBeenCalled(); + expect(getChecksum).not.toHaveBeenCalled(); + }); + + describe("successful validation for accurate checksum value", () => { + afterEach(() => { + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledWith(mockResponseAlgorithms); + expect(selectChecksumAlgorithmFunction).toHaveBeenCalledTimes(1); + expect(getChecksum).toHaveBeenCalledTimes(1); + }); + + it("when checksum is populated for first algorithm", async () => { + const responseWithChecksum = getMockResponseWithHeader(mockResponseAlgorithms[0], mockChecksum); + await validateChecksumFromResponse(responseWithChecksum, { + config: mockConfig, + responseAlgorithms: mockResponseAlgorithms, + }); + expect(getChecksumLocationName).toHaveBeenCalledTimes(1); + }); + + it("when checksum is populated for second algorithm", async () => { + const responseWithChecksum = getMockResponseWithHeader(mockResponseAlgorithms[1], mockChecksum); + await validateChecksumFromResponse(responseWithChecksum, { + config: mockConfig, + responseAlgorithms: mockResponseAlgorithms, + }); + expect(getChecksumLocationName).toHaveBeenCalledTimes(2); + }); + }); + + it("throw error if checksum value is not accurate", async () => { + const incorrectChecksum = "incorrectChecksum"; + const responseWithChecksum = getMockResponseWithHeader(mockResponseAlgorithms[0], incorrectChecksum); + try { + await validateChecksumFromResponse(responseWithChecksum, { + config: mockConfig, + responseAlgorithms: mockResponseAlgorithms, + }); + fail("should throw checksum mismatch error"); + } catch (error) { + expect(error.message).toMatch( + `Checksum mismatch: expected "${mockChecksum}" but received "${incorrectChecksum}"` + + ` in response header "${mockResponseAlgorithms[0]}".` + ); + } + expect(getChecksumAlgorithmListForResponse).toHaveBeenCalledWith(mockResponseAlgorithms); + expect(selectChecksumAlgorithmFunction).toHaveBeenCalledTimes(1); + expect(getChecksumLocationName).toHaveBeenCalledTimes(1); + expect(getChecksum).toHaveBeenCalledTimes(1); + }); +}); diff --git a/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.ts b/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.ts new file mode 100644 index 0000000000000..c4060b2f7c6d1 --- /dev/null +++ b/packages/middleware-flexible-checksums/src/validateChecksumFromResponse.ts @@ -0,0 +1,49 @@ +import { HttpResponse } from "@aws-sdk/protocol-http"; +import { HashConstructor } from "@aws-sdk/types"; + +import { PreviouslyResolved } from "./configuration"; +import { ChecksumAlgorithm } from "./constants"; +import { getChecksum } from "./getChecksum"; +import { getChecksumAlgorithmListForResponse } from "./getChecksumAlgorithmListForResponse"; +import { getChecksumLocationName } from "./getChecksumLocationName"; +import { selectChecksumAlgorithmFunction } from "./selectChecksumAlgorithmFunction"; + +export interface ValidateChecksumFromResponseOptions { + config: PreviouslyResolved; + + /** + * Defines the checksum algorithms clients SHOULD look for when validating checksums + * returned in the HTTP response. + */ + responseAlgorithms?: string[]; +} + +export const validateChecksumFromResponse = async ( + response: HttpResponse, + { config, responseAlgorithms }: ValidateChecksumFromResponseOptions +) => { + // Verify checksum in response header. + const checksumAlgorithms = getChecksumAlgorithmListForResponse(responseAlgorithms); + const { body: responseBody, headers: responseHeaders } = response; + for (const algorithm of checksumAlgorithms) { + const responseHeader = getChecksumLocationName(algorithm); + const checksumFromResponse = responseHeaders[responseHeader]; + if (checksumFromResponse) { + const checksumAlgorithmFn: HashConstructor = selectChecksumAlgorithmFunction( + algorithm as ChecksumAlgorithm, + config + ); + const { streamHasher, base64Encoder } = config; + const checksum = await getChecksum(responseBody, { streamHasher, checksumAlgorithmFn, base64Encoder }); + + if (checksum === checksumFromResponse) { + // The checksum for response payload is valid. + break; + } + throw new Error( + `Checksum mismatch: expected "${checksum}" but received "${checksumFromResponse}"` + + ` in response header "${responseHeader}".` + ); + } + } +}; diff --git a/packages/middleware-flexible-checksums/tsconfig.cjs.json b/packages/middleware-flexible-checksums/tsconfig.cjs.json new file mode 100644 index 0000000000000..96198be81644a --- /dev/null +++ b/packages/middleware-flexible-checksums/tsconfig.cjs.json @@ -0,0 +1,9 @@ +{ + "compilerOptions": { + "baseUrl": ".", + "outDir": "dist-cjs", + "rootDir": "src" + }, + "extends": "../../tsconfig.cjs.json", + "include": ["src/"] +} diff --git a/packages/middleware-flexible-checksums/tsconfig.es.json b/packages/middleware-flexible-checksums/tsconfig.es.json new file mode 100644 index 0000000000000..749d494cbc378 --- /dev/null +++ b/packages/middleware-flexible-checksums/tsconfig.es.json @@ -0,0 +1,10 @@ +{ + "compilerOptions": { + "baseUrl": ".", + "lib": ["es5", "es2015.promise", "es2015.collection", "es2015.iterable", "es2015.symbol.wellknown"], + "outDir": "dist-es", + "rootDir": "src" + }, + "extends": "../../tsconfig.es.json", + "include": ["src/"] +} diff --git a/packages/middleware-flexible-checksums/tsconfig.types.json b/packages/middleware-flexible-checksums/tsconfig.types.json new file mode 100644 index 0000000000000..6cdf9f52ea065 --- /dev/null +++ b/packages/middleware-flexible-checksums/tsconfig.types.json @@ -0,0 +1,9 @@ +{ + "compilerOptions": { + "baseUrl": ".", + "declarationDir": "dist-types", + "rootDir": "src" + }, + "extends": "../../tsconfig.types.json", + "include": ["src/"] +} diff --git a/yarn.lock b/yarn.lock index 28dc5d66f4bc1..b302759378782 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11,6 +11,15 @@ "@aws-sdk/types" "^3.1.0" tslib "^1.11.1" +"@aws-crypto/crc32c@2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/crc32c/-/crc32c-2.0.0.tgz#4235336ef78f169f6a05248906703b9b78da676e" + integrity sha512-vF0eMdMHx3O3MoOXUfBZry8Y4ZDtcuskjjKgJz8YfIDjLStxTZrYXk+kZqtl6A0uCmmiN/Eb/JbC/CndTV1MHg== + dependencies: + "@aws-crypto/util" "^2.0.0" + "@aws-sdk/types" "^3.1.0" + tslib "^1.11.1" + "@aws-crypto/ie11-detection@^2.0.0": version "2.0.0" resolved "https://registry.yarnpkg.com/@aws-crypto/ie11-detection/-/ie11-detection-2.0.0.tgz#bb6c2facf8f03457e949dcf0921477397ffa4c6e"