fix: remove aws-sdk dependency

2025-06-06 21:01:45 +04:00
parent f32dad934b
commit 258256c722
5 changed files with 1648 additions and 427 deletions
--- a/src/custom/util.ts
+++ b/src/custom/util.ts
@@ -1,6 +1,11 @@
 import axios from "axios";
 import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
-import AWS from "aws-sdk";
+
+import { Sha256 } from "@aws-crypto/sha256-js";
+import { fromNodeProviderChain } from "@aws-sdk/credential-providers";
+import { HttpRequest } from "@aws-sdk/protocol-http";
+import { SignatureV4 } from "@aws-sdk/signature-v4";
+
 import { InfisicalSDKError } from "./errors";
 import { Secret } from "../api/types";

@@ -44,22 +49,11 @@ export const getAwsRegion = async () => {
 };

 export const performAwsIamLogin = async (region: string) => {
-	AWS.config.update({
-		region
-	});
+	const credentials = await fromNodeProviderChain()();

-	await new Promise<{ sessionToken?: string; accessKeyId: string; secretAccessKey: string }>((resolve, reject) => {
-		AWS.config.getCredentials((err, res) => {
-			if (err) {
-				throw err;
-			} else {
-				if (!res) {
-					throw new InfisicalSDKError("Credentials not found");
-				}
-				return resolve(res);
-			}
-		});
-	});
+	if (!credentials.accessKeyId || !credentials.secretAccessKey) {
+		throw new InfisicalSDKError("Credentials not found");
+	}

 	const iamRequestURL = `https://sts.${region}.amazonaws.com/`;
 	const iamRequestBody = "Action=GetCallerIdentity&Version=2011-06-15";
@@ -68,23 +62,40 @@ export const performAwsIamLogin = async (region: string) => {
 		Host: `sts.${region}.amazonaws.com`
 	};

-	const request = new AWS.HttpRequest(new AWS.Endpoint(iamRequestURL), region);
-	request.method = "POST";
-	request.headers = iamRequestHeaders;
+	const request = new HttpRequest({
+		protocol: "https:",
+		hostname: `sts.${region}.amazonaws.com`,
+		path: "/",
+		method: "POST",
+		headers: {
+			...iamRequestHeaders,
+			"Content-Length": String(Buffer.byteLength(iamRequestBody))
+		},
+		body: iamRequestBody
+	});

-	// @ts-expect-error -- .util is not typed
-	request.headers["X-Amz-Date"] = AWS.util.date.iso8601(new Date()).replace(/[:-]|\.\d{3}/g, "");
-	request.body = iamRequestBody;
-	request.headers["Content-Length"] = String(Buffer.byteLength(iamRequestBody));
+	const signer = new SignatureV4({
+		credentials,
+		region,
+		service: "sts",
+		sha256: Sha256
+	});

-	// @ts-expect-error -- .Signers is not typed
-	const signer = new AWS.Signers.V4(request, "sts");
-	signer.addAuthorization(AWS.config.credentials, new Date());
+	const signedRequest = await signer.sign(request);
+
+	const headers: Record<string, string> = {};
+	Object.entries(signedRequest.headers).forEach(([key, value]) => {
+		if (typeof value === "string") {
+			// Normalize Authorization header to proper case
+			const normalizedKey = key.toLowerCase() === "authorization" ? "Authorization" : key;
+			headers[normalizedKey] = value;
+		}
+	});

 	return {
 		iamHttpRequestMethod: "POST",
 		iamRequestUrl: iamRequestURL,
 		iamRequestBody: iamRequestBody,
-		iamRequestHeaders: iamRequestHeaders
-	} as const;
+		iamRequestHeaders: headers
+	};
 };