From 16de3e38e8f5efa57aa4a27d9a9e621087830e1d Mon Sep 17 00:00:00 2001
From: Daniel Hougaard <daniel@infisical.com>
Date: Tue, 24 Sep 2024 00:00:45 +0400
Subject: [PATCH] old

---
 package-lock.json  | 28 ++++++++++++----------------
 package.json       |  2 +-
 src/custom/util.ts | 45 +++++++++++++++++++++++----------------------
 3 files changed, 36 insertions(+), 39 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 20a79f2..e033cc8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "0.0.0",
       "license": "ISC",
       "dependencies": {
-        "aws-sdk": "^2.1691.0",
+        "aws-sdk": "^2.1311.0",
         "aws4": "^1.13.2",
         "axios": "^1.7.5",
         "typescript": "^5.5.4",
@@ -1168,10 +1168,9 @@
       }
     },
     "node_modules/aws-sdk": {
-      "version": "2.1691.0",
-      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1691.0.tgz",
-      "integrity": "sha512-/F2YC+DlsY3UBM2Bdnh5RLHOPNibS/+IcjUuhP8XuctyrN+MlL+fWDAiela32LTDk7hMy4rx8MTgvbJ+0blO5g==",
-      "hasInstallScript": true,
+      "version": "2.1311.0",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1311.0.tgz",
+      "integrity": "sha512-X3cFNsfs3HUfz6LKiLqvDTO4EsqO5DnNssh9SOoxhwmoMyJ2et3dEmigO6TaA44BjVNdLW98+sXJVPTGvINY1Q==",
       "license": "Apache-2.0",
       "dependencies": {
         "buffer": "4.9.2",
@@ -1183,7 +1182,7 @@
         "url": "0.10.3",
         "util": "^0.12.4",
         "uuid": "8.0.0",
-        "xml2js": "0.6.2"
+        "xml2js": "0.4.19"
       },
       "engines": {
         "node": ">= 10.0.0"
@@ -3914,22 +3913,19 @@
       "license": "ISC"
     },
     "node_modules/xml2js": {
-      "version": "0.6.2",
-      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.6.2.tgz",
-      "integrity": "sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA==",
+      "version": "0.4.19",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",
+      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==",
       "license": "MIT",
       "dependencies": {
         "sax": ">=0.6.0",
-        "xmlbuilder": "~11.0.0"
-      },
-      "engines": {
-        "node": ">=4.0.0"
+        "xmlbuilder": "~9.0.1"
       }
     },
     "node_modules/xmlbuilder": {
-      "version": "11.0.1",
-      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz",
-      "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==",
+      "version": "9.0.7",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz",
+      "integrity": "sha512-7YXTQc3P2l9+0rjaUbLwMKRhtmwg1M1eDf6nag7urC7pIPYLD9W/jmzQ4ptRSUbodw5S0jfoGTflLemQibSpeQ==",
       "license": "MIT",
       "engines": {
         "node": ">=4.0"
diff --git a/package.json b/package.json
index 64614ab..6c487e7 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "tsup": "^8.2.4"
   },
   "dependencies": {
-    "aws-sdk": "^2.1691.0",
+    "aws-sdk": "^2.1311.0",
     "aws4": "^1.13.2",
     "axios": "^1.7.5",
     "typescript": "^5.5.4",
diff --git a/src/custom/util.ts b/src/custom/util.ts
index e6a1725..808445a 100644
--- a/src/custom/util.ts
+++ b/src/custom/util.ts
@@ -1,7 +1,7 @@
 import axios from "axios";
 import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
 import AWS from "aws-sdk";
-import aws4 from "aws4";
+
 export const getAwsRegion = async () => {
 	const region = process.env.AWS_REGION; // Typically found in lambda runtime environment
 	if (region) {
@@ -51,29 +51,30 @@ export const performAwsIamLogin = async (baseUrl: string, identityId: string, re
 		});
 	});
 
-	console.log("creds", creds);
-
-	const signOpts = aws4.sign(
-		{
-			service: "sts",
-			path: `/?${body}`,
-			region,
-			host: `sts.${region}.amazonaws.com`
-		},
-		{
-			accessKeyId: creds.accessKeyId,
-			secretAccessKey: creds.secretAccessKey,
-			sessionToken: creds.sessionToken
-		}
-	);
-
-	const headers = {
-		...signOpts.headers
+	const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
+	const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
+	const iamRequestHeaders = {
+		"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
+		Host: `sts.${region}.amazonaws.com`
 	};
+
+	const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region);
+	request.method = "POST";
+	request.headers = iamRequestHeaders;
+
+	// @ts-expect-error -- .util is not typed
+	request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, "");
+	request.body = iamRequestBody;
+	request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody));
+
+	// @ts-expect-error -- .Signers is not typed
+	const signer = new AWS.Signers.V4(request, "sts");
+	signer.addAuthorization(AWS.config.credentials, new Date());
+
 	return {
 		iamHttpRequestMethod: "POST",
-		iamRequestUrl: signOpts.host,
-		iamRequestBody: body,
-		iamRequestHeaders: headers
+		iamRequestUrl: Buffer.from(iamRequestURL).toString("base64"),
+		iamRequestBody: Buffer.from(iamRequestBody).toString("base64"),
+		iamRequestHeaders: Buffer.from(JSON.stringify(iamRequestHeaders)).toString("base64")
 	} as const;
 };