天网安防>> sigaws>> 返回
项目作者: handnot2

项目描述 :
An Elixir library to sign and verify HTTP requests using AWS Signature V4
高级语言: Elixir
项目地址: git://github.com/handnot2/sigaws.git
创建时间: 2017-04-07T06:20:06Z
项目社区:https://github.com/handnot2/sigaws
开源协议:MIT License
下载


Sigaws

An Elixir library to sign and verify HTTP requests using AWS Signature V4.

Inline docs

Installation

This package can be installed by adding sigaws to your list of dependencies
in mix.exs:

  1. def deps do
  2.   [{:sigaws, "~> 0.7"}]
  3. end

Documentation

Examples

Signature to be passed as request headers

  1. url = "https://ec2.amazonaws.com/Action=DescribeRegions&Version=2013-10-15"
  3. {:ok, %{} = sig_data, _} =
  4.   Sigaws.sign_req(url, region: "us-east-1", service: "ec2",
  5.     access_key: System.get_env("AWS_ACCESS_KEY_ID"),
  6.     secret:     System.get_env("AWS_SECRET_ACCESS_KEY"))
  8. {:ok, resp} = HTTPoison.get(url, sig_data)

You can pass in request headers to be included in the signature. Make sure to merge the
signature with the headers before sending the request.

The same example is shown here making use of the temporary credentials obtained using
AWS STS Secure Token Service. Assuming the temporary credentials and the session
token are made available in environment variables:

  1. url = "https://ec2.amazonaws.com/Action=DescribeRegions&Version=2013-10-15"
  2. headers = %{"X-Amz-Secure-Token" => System.get_env("AWS_SESSION_TOKEN")}
  4. {:ok, %{} = sig_data, _} =
  5.   Sigaws.sign_req(url, region: "us-east-1", service: "ec2", headers: headers,
  6.     access_key: System.get_env("AWS_ACCESS_KEY_ID"),
  7.     secret:     System.get_env("AWS_SECRET_ACCESS_KEY"))
  9. {:ok, resp} = HTTPoison.get(url, Map.merge(headers, sig_data))

Make sure to merge sig_data with other headers before calling HTTPoison.
If not done, the HTTP request will fail with signature verification error.

Signature to be passed in query string (“presigned” URL)

  1. url = "https://iam.amazonaws.com/Action=CreateUser&UserName=NewUser&Version=2010-05-08"
  3. {:ok, %{} = sig_data, _} =
  4.   Sigaws.sign_req(url, region: "us-east-1", service: "iam", body: :unsigned,
  5.     access_key: System.get_env("AWS_ACCESS_KEY_ID"),
  6.     secret: System.get_env("AWS_SECRET_ACCESS_KEY"))
  8. presigned_url = Sigaws.Util.add_params_to_url(url, sig_data)
  10. {:ok, resp} = HTTPoison.get(presigned_url)

When creating pre-signed URL for AWS S3, make sure to pass in body: :unsigned
option. It is also very importnt to merge the signature data with other query
parameters before sending the request (Sigaws.Util.add_params_to_url).
The request will fail if these are not taken care of.

Signature Verification

The verification process relies on a provider module that implements
Sigaws.Provider behavior. The provider is expected to supply the signing
key based on the information present in the context (primarily the access key).

  1. {:ok, %Sigaws.Ctxt{} = ctxt} =
  2.   Sigaws.Verify(conn.request_path,
  3.     method: conn.method,
  4.     params: conn.query_params,
  5.     headers: conn.req_headers,
  6.     body: get_raw_body(conn),
  7.     provider: SigawsQuickStartProvider)

The above example is using the sigaws_quickstart_provider Hex package.
Check the blog listed earlier.

Test Suite

Part of the tests in this package rely on AWS Signature Version 4 Test Suite.
This test suite should be downloaded and unpacked before running the tests.

  1. mkdir -p test/testsuite
  2. cd test/testsuite
  3. wget https://docs.aws.amazon.com/general/latest/gr/samples/aws-sig-v4-test-suite.zip
  4. unzip aws-sig-v4-test-suite.zip