Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Typescript improvements #2299

Open
wants to merge 4 commits into
base: development/8.2
Choose a base branch
from
Open

Typescript improvements #2299

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
17a2561
Improve models types
williamlardier Feb 21, 2025
8eff1f7
Improve AuthV2 and AuthV4 types
williamlardier Feb 24, 2025
af5e4e3
Improve typing post review
williamlardier Mar 5, 2025
9925cc3
Improve logger types after rebase
williamlardier Mar 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 25 additions & 25 deletions lib/auth/Vault.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,24 +62,38 @@ export function vaultSignatureCb(
accountQuota: info.accountQuota || {},
});
}
export type AuthV2RequestParams = {
version: 2;
log: RequestLogger;
data: {
accessKey: string;
algo: string;
authType: 'query' | 'header' | 'REST-HEADER' | 'REST-QUERY-STRING';
securityToken: string;
signatureAge?: number;
signatureFromRequest: string;
signatureVersion: string;
stringToSign: string;
};
};

export type AuthV4RequestParams = {
version: 4;
log: RequestLogger;
data: {
accessKey: string;
signatureFromRequest: string;
algo?: string;
authType?: 'query' | 'header' | 'REST-HEADER' | 'REST-QUERY-STRING';
credentialScope?: string;
region: string;
stringToSign: string;
scopeDate: string;
authType: 'query' | 'header';
signatureVersion: string;
securityToken?: string;
service?: string;
signatureVersion?: string;
signatureAge?: number;
timestamp: number;
credentialScope: string;
securityToken: string;
algo: string;
log: RequestLogger;
signatureFromRequest: string;
stringToSign: string;
timestamp?: string;
};
};

Expand Down Expand Up @@ -125,22 +139,8 @@ export default class Vault {
* @param callback - callback with either error or user info
*/
authenticateV2Request(
params: {
version: 2;
log: RequestLogger;
data: {
securityToken: string;
accessKey: string;
signatureFromRequest: string;
stringToSign: string;
algo: string;
authType: 'query' | 'header';
signatureVersion: string;
signatureAge?: number;
log: RequestLogger;
};
},
requestContexts: any[],
params: AuthV2RequestParams,
requestContexts: any[] | null,
callback: (err: Error | null, data?: any) => void
) {
params.log.debug('authenticating V2 request');
Expand Down
26 changes: 13 additions & 13 deletions lib/auth/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import * as crypto from 'crypto';
import { Logger } from 'werelogs';
import errors from '../errors';
import { RequestLogger } from 'werelogs';
import errors, { ArsenalError } from '../errors';
import * as queryString from 'querystring';
import AuthInfo from './AuthInfo';
import * as v2 from './v2/authV2';
Expand All @@ -15,10 +15,13 @@ import baseBackend from './backends/base';
import chainBackend from './backends/ChainBackend';
import validateAuthConfig from './backends/in_memory/validateAuthConfig';
import AuthLoader from './backends/in_memory/AuthLoader';
import Vault from './Vault';
import Vault, { AuthV2RequestParams, AuthV4RequestParams } from './Vault';

export type AuthResult<T> = { err: ArsenalError } | { err: null, params: T };

let vault: Vault | null = null;
const auth = {};

const checkFunctions = {
v2: {
headers: v2.header.check,
Expand Down Expand Up @@ -58,10 +61,10 @@ function setAuthHandler(handler: Vault) {
*/
function extractParams(
request: any,
log: Logger,
log: RequestLogger,
awsService: string,
data: { [key: string]: string }
) {
): AuthResult<AuthV2RequestParams | AuthV4RequestParams | AuthInfo> {
log.trace('entered', { method: 'Arsenal.auth.server.extractParams' });
const authHeader = request.headers.authorization;
let version: 'v2' |'v4' | null = null;
Expand Down Expand Up @@ -118,21 +121,22 @@ function extractParams(
*/
function doAuth(
request: any,
log: Logger,
log: RequestLogger,
cb: (err: Error | null, data?: any) => void,
awsService: string,
requestContexts: any[] | null
requestContexts: any[] | null,
) {
const res = extractParams(request, log, awsService, request.query);
if (res.err) {
return cb(res.err);
} else if (res.params instanceof AuthInfo) {
}
if (res.params instanceof AuthInfo) {
return cb(null, res.params);
}
if (requestContexts) {
requestContexts.forEach(requestContext => {
const { params } = res;
if ('data' in params) {
if ('data' in params!) {
const { data } = params;
requestContext.setAuthType(data.authType);
requestContext.setSignatureVersion(data.signatureVersion);
Expand All @@ -145,15 +149,11 @@ function doAuth(
}

// Corner cases managed, we're left with normal auth
// TODO What's happening here?
// @ts-ignore
res.params.log = log;
if (res.params.version === 2) {
// @ts-ignore
return vault!.authenticateV2Request(res.params, requestContexts, cb);
}
if (res.params.version === 4) {
// @ts-ignore
return vault!.authenticateV4Request(res.params, requestContexts, cb);
}

Expand Down
4 changes: 2 additions & 2 deletions lib/auth/v2/checkRequestExpiry.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import errors from '../../errors';

const epochTime = new Date('1970-01-01').getTime();

export default function checkRequestExpiry(timestamp: number, log: Logger) {
export default function checkRequestExpiry(timestamp: number, log: RequestLogger) {
// If timestamp is before epochTime, the request is invalid and return
// errors.AccessDenied
if (timestamp < epochTime) {
Expand Down
6 changes: 3 additions & 3 deletions lib/auth/v2/constructStringToSign.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import utf8 from 'utf8';
import getCanonicalizedAmzHeaders from './getCanonicalizedAmzHeaders';
import getCanonicalizedResource from './getCanonicalizedResource';

export default function constructStringToSign(
request: any,
data: { [key: string]: string },
log: Logger,
clientType?: any
log: RequestLogger,
clientType?: any,
) {
/*
Build signature per AWS requirements:
Expand Down
11 changes: 9 additions & 2 deletions lib/auth/v2/headerAuthCheck.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import errors from '../../errors';
import * as constants from '../../constants';
import constructStringToSign from './constructStringToSign';
import checkRequestExpiry from './checkRequestExpiry';
import algoCheck from './algoCheck';
import { AuthV2RequestParams } from '../Vault';
import { AuthResult } from '../auth';

export function check(request: any, log: Logger, data: { [key: string]: string }) {
export function check(
request: any,
log: RequestLogger,
data: { [key: string]: string },
): AuthResult<AuthV2RequestParams> {
log.trace('running header auth check');
const headers = request.headers;

Expand Down Expand Up @@ -71,6 +77,7 @@ export function check(request: any, log: Logger, data: { [key: string]: string }
err: null,
params: {
version: 2,
log,
data: {
accessKey,
signatureFromRequest,
Expand Down
11 changes: 9 additions & 2 deletions lib/auth/v2/queryAuthCheck.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,20 @@
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import errors from '../../errors';
import * as constants from '../../constants';
import algoCheck from './algoCheck';
import constructStringToSign from './constructStringToSign';
import { AuthV2RequestParams } from '../Vault';
import { AuthResult } from '../auth';

export const PRE_SIGN_URL_EXPIRY = process.env.PRE_SIGN_URL_EXPIRY ?
Number.parseInt(process.env.PRE_SIGN_URL_EXPIRY, 10) :
constants.defaultPreSignedURLExpiry * 1000;

export function check(request: any, log: Logger, data: { [key: string]: string }) {
export function check(
request: any,
log: RequestLogger,
data: { [key: string]: string },
): AuthResult<AuthV2RequestParams> {
log.trace('running query auth check');
if (request.method === 'POST') {
log.debug('query string auth not supported for post requests');
Expand Down Expand Up @@ -71,6 +77,7 @@ export function check(request: any, log: Logger, data: { [key: string]: string }
err: null,
params: {
version: 2,
log,
data: {
accessKey,
signatureFromRequest,
Expand Down
14 changes: 3 additions & 11 deletions lib/auth/v4/constructStringToSign.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import * as crypto from 'crypto';
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import createCanonicalRequest from './createCanonicalRequest';

/**
Expand All @@ -14,10 +14,10 @@ export default function constructStringToSign(params: {
credentialScope: string;
timestamp: string;
query: { [key: string]: string };
log?: Logger;
log?: RequestLogger;
proxyPath?: string;
awsService: string;
}): string | Error {
}): string {
const {
request,
signedHeaders,
Expand All @@ -40,14 +40,6 @@ export default function constructStringToSign(params: {
service: params.awsService,
});

// TODO Why that line?
// @ts-ignore
if (canonicalReqResult instanceof Error) {
if (log) {
log.error('error creating canonicalRequest');
}
return canonicalReqResult;
}
if (log) {
log.debug('constructed canonicalRequest', { canonicalReqResult });
}
Expand Down
19 changes: 9 additions & 10 deletions lib/auth/v4/headerAuthCheck.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { Logger } from 'werelogs';
import errors from '../../../lib/errors';
import { RequestLogger } from 'werelogs';
import errors, { ArsenalError } from '../../../lib/errors';
import * as constants from '../../constants';
import constructStringToSign from './constructStringToSign';
import {
Expand All @@ -12,6 +12,8 @@ import {
validateCredentials,
areSignedHeadersComplete,
} from './validateInputs';
import { AuthV4RequestParams } from '../Vault';
import { AuthResult } from '../auth';

/**
* V4 header auth check
Expand All @@ -23,10 +25,10 @@ import {
*/
export function check(
request: any,
log: Logger,
log: RequestLogger,
data: { [key: string]: string },
awsService: string
) {
): AuthResult<AuthV4RequestParams> {
log.trace('running header auth check');

const token = request.headers['x-amz-security-token'];
Expand Down Expand Up @@ -101,7 +103,7 @@ export function check(

const validationResult = validateCredentials(credentialsArr, timestamp,
log);
if (validationResult instanceof Error) {
if (validationResult instanceof ArsenalError) {
log.debug('credentials in improper format', { credentialsArr,
timestamp, validationResult });
return { err: validationResult };
Expand All @@ -110,7 +112,7 @@ export function check(
const scopeDate = credentialsArr[1];
const region = credentialsArr[2];
const service = credentialsArr[3];
const accessKey = credentialsArr.shift();
const accessKey = credentialsArr.shift()!;
const credentialScope = credentialsArr.join('/');

// In AWS Signature Version 4, the signing key is valid for up to seven days
Expand Down Expand Up @@ -155,15 +157,12 @@ export function check(
proxyPath,
});
log.trace('constructed stringToSign', { stringToSign });
if (stringToSign instanceof Error) {
return { err: stringToSign };
}


return {
err: null,
params: {
version: 4,
log,
data: {
accessKey,
signatureFromRequest,
Expand Down
18 changes: 11 additions & 7 deletions lib/auth/v4/queryAuthCheck.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,24 @@
import { Logger } from 'werelogs';
import { RequestLogger } from 'werelogs';
import * as constants from '../../constants';
import errors from '../../errors';
import errors, { ArsenalError } from '../../errors';
import constructStringToSign from './constructStringToSign';
import { checkTimeSkew, convertAmzTimeToMs } from './timeUtils';
import { validateCredentials, extractQueryParams } from './validateInputs';
import { areSignedHeadersComplete } from './validateInputs';
import { AuthV4RequestParams } from '../Vault';
import { AuthResult } from '../auth';

/**
* V4 query auth check
* @param request - HTTP request object
* @param log - logging object
* @param data - Contain authentification params (GET or POST data)
*/
export function check(request: any, log: Logger, data: { [key: string]: string }) {
export function check(
request: any,
log: RequestLogger,
data: { [key: string]: string },
): AuthResult<AuthV4RequestParams> {
const authParams = extractQueryParams(data, log);

if (Object.keys(authParams).length !== 5) {
Expand Down Expand Up @@ -40,7 +46,7 @@ export function check(request: any, log: Logger, data: { [key: string]: string }

const validationResult = validateCredentials(credential, timestamp,
log);
if (validationResult instanceof Error) {
if (validationResult instanceof ArsenalError) {
log.debug('credentials in improper format', { credential,
timestamp, validationResult });
return { err: validationResult };
Expand Down Expand Up @@ -94,14 +100,12 @@ export function check(request: any, log: Logger, data: { [key: string]: string }
awsService: service,
proxyPath,
});
if (stringToSign instanceof Error) {
return { err: stringToSign };
}
log.trace('constructed stringToSign', { stringToSign });
return {
err: null,
params: {
version: 4,
log,
data: {
accessKey,
signatureFromRequest,
Expand Down
Loading
Loading