npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-cloudfront-sign

v3.0.2

Published

Utility module for signing AWS CloudFront URLs

Downloads

159,624

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jasonsimsjasonsims

Keywords

awsCloudFrontsigned URL

Readme

AWS CloudFront URL Signature Utility

Build Status npm version

NOTE

The AWS SDK for JavaScript has added support for generating signed URLs and Cookies. Please see Class: AWS.CloudFront.Signer

Generating signed URLs for CloudFront links is a little more tricky than for S3. It's because signature generation for S3 URLs is handled a bit differently than CloudFront URLs and this functionality is not currently supported by the aws-sdk library for JavaScript. In case you also need to do this, I've created this simple utility to make things easier.

Usage

Requirements

  • Node.js >=18
  • Active CloudFront distribution with origin configured

Configuring CloudFront

  1. Create a CloudFront distribution

  2. Configure your origin with the following settings:

    Origin Domain Name: {your-s3-bucket} Restrict Bucket Access: Yes Grant Read Permissions on Bucket: Yes, Update Bucket Policy

  3. Create CloudFront Key Pair. more info

Installing

npm install aws-cloudfront-sign

TypeScript

import { SignatureOptions } from 'aws-cloudfront-sign/types'

Upgrading from 2.x to 3.x

  • There shouldn't be any breaking changes when coming to 3.x. RTMP URLs were deprecated by Amazon but that will affect all versions.
  • Support for ES Modules was added
  • Support for TypeScript was added

Upgrading from 1.x to 2.x

  • expireTime now takes it's value as milliseconds, Date, or moment instead of seconds.

API

getSignedUrl(url, options)

  • @param {String} url - Cloudfront URL to sign
  • @param {Object} options - URL signature options
  • @return {String} signedUrl - Signed CloudFrontUrl

getSignedCookies(url, options)

  • @param {String} url - Cloudfront URL to sign
  • @param {Object} options - URL signature options
  • @return {Object} cookies - Signed AWS cookies

~~getSignedRTMPUrl(domainName, s3key, options)~~

⛔️ Deprecated: RTMP Support Discontinuing on December 31, 2020

  • ~~@param {String} domainName - Domain name of your Cloudfront distribution~~
  • ~~@param {String} s3key - Path to s3 object~~
  • ~~@param {Object} options - URL signature options~~
  • ~~@return {Object} url.rtmpServerPath - RTMP formatted server path~~
  • ~~@return {Object} url.rtmpStreamName - Signed RTMP formatted stream name~~

Options

  • expireTime (Optional - Default: 1800 sec == 30 min) - The time when the URL should expire. Accepted values are

    • number - Time in milliseconds (new Date().getTime() + 1800000)
    • moment - Valid momentjs object (moment().add(1, 'day'))
    • Date - Javascript Date object (new Date(2016, 0, 1))

  • ipRange (Optional) - IP address range allowed to make GET requests for your signed URL. This value must be given in standard IPv4 CIDR format (for example, 10.52.176.0/24).

  • keypairId - The access key ID from your Cloudfront keypair

  • privateKeyString || privateKeyPath - The private key from your Cloudfront keypair. It can be provided as either a string or a path to the .pem file. Note: When providing the private key as a string, ensure that the newline character is also included.

    const privateKeyString =
  '-----BEGIN RSA PRIVATE KEY-----\n'
  'MIIJKAIBAAKCAgEAwGPMqEvxPYQIffDimM9t3A7Z4aBFAUvLiITzmHRc4UPwryJp\n'
  'EVi3C0sQQKBHlq2IOwrmqNiAk31/uh4FnrRR1mtQm4x4IID58cFAhKkKI/09+j1h\n'
  'tuf/gLRcOgAXH9o3J5zWjs/y8eWTKtdWv6hWRxuuVwugciNckxwZVV0KewO02wJz\n'
  'jBfDw9B5ghxKP95t7/B2AgRUMj+r47zErFwo3OKW0egDUpV+eoNSBylXPXXYKvsL\n'
  'AlznRi9xNafFGy9tmh70pwlGG5mVHswD/96eUSuLOZ2srcNvd1UVmjtHL7P9/z4B\n'
  'KdODlpb5Vx+54+Fa19vpgXEtHgfAgGW9DjlZMtl4wYTqyGAoa+SLuehjAQsxT8M1\n'
  'BXqfMJwE7D9XHjxkqCvd93UGgP+Yxe6H+HczJeA05dFLzC87qdM45R5c74k=\n'
  '-----END RSA PRIVATE KEY-----'

    Also, here are some examples if prefer to store your private key as a string but within an environment variable.

    # Local env example
CF_PRIVATE_KEY="$(cat your-private-key.pem)"

# Heroku env
heroku config:set CF_PRIVATE_KEY="$(cat your-private-key.pem)"

Examples

Creating a signed URL

By default the URL will expire after half an hour.

// ESM: import { getSignedUrl } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedUrl = cf.getSignedUrl('http://xxxxxxx.cloudfront.net/path/to/s3/object', options);
console.log('Signed URL: ' + signedUrl);

Creating signed cookies

// ESM: import { getSignedCookies } from 'aws-cloudfront-sign'
const cf = require('aws-cloudfront-sign')
const options = {keypairId: 'APKAJM2FEVTI7BNPCY4A', privateKeyPath: '/foo/bar'}
const signedCookies = cf.getSignedCookies('http://xxxxxxx.cloudfront.net/*', options);

// You can now set cookies in your response header. For example:
for(var cookieId in signedCookies) {
 res.cookie(cookieId, signedCookies[cookieId]);
}