cfsign
v1.0.4
Published
CloudFront authentication via signed URLs or cookies
Downloads
949
Maintainers
Readme
cfsign
A Typescript/Javascript lib for working with CloudFront signatures in NodeJs.
Getting started
Install cfsign
from npm.
Instantiate a signer with your key configuration:
import { Signer } from "cfsign";
const signer = new Signer({
id: "APKAXXXXXXXXXXXXXXXX",
privateKeyPem: "-----BEGIN RSA PRIVATE KEY-----\nXXXX..."
});
As per AWS documentation,
cfsign
supports short-ish URLs, signed using a "canned" policy. In this
case a URL and an expiration date will do:
const expiration = new Date(new Date().getTime() + 10*60*1000);
const signedUrl = signer.signUrl(`https://xyz.cloudfront.net/example/path`, expiration);
To sign a more complex policy, just build one and then get the resulting cookies or query parameters.
const policy = {
Statement: [{
Condition: {
DateGreaterThan: { "AWS:EpochTime": 0 },
DateLessThan: { "AWS:EpochTime": 1 },
IpAddress: { "AWS:SourceIp": "1.1.1.0/24" }
},
Resource: "http://test.com/folder/*"
}]
};
const signature = sut.sign(policy);
const cookies = signature.toCookies();
const signedUrl = signature.addToUrl("http://test.com/folder/file");
In typescript the Policy
type will help you to write a correct policy.
Extra utils
If you prefer to set the key via a single line string, rather than a PEM,
there's pemFormat()
:
import { pemFormat } from "cfsign/lib/keyUtils";
const signer = new Signer({
id: "APKAXXXXXXXXXXXXXXXX",
privateKeyPem: pemFormat("XXXX")
});
Refer to typedocs or tests for further details and examples.