Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const aws4 = require("aws4");
- const signCloudFrontOriginRequest = (request) => {
- const searchString = request.querystring === "" ? "" : `?${request.querystring}`;
- // Utilize a dummy request because the structure of the CloudFront origin request
- // is different than the signing client expects
- const dummyRequest = {
- host: request.origin.custom.domainName,
- method: request.method,
- path: `${request.origin.custom.path}${request.uri}${searchString}`,
- };
- if (Object.hasOwnProperty.call(request, 'body')) {
- const { data, encoding } = request.body;
- const buffer = Buffer.from(data, encoding);
- const decodedBody = buffer.toString('utf8');
- if (decodedBody !== '') {
- dummyRequest.body = decodedBody;
- dummyRequest.headers = { 'content-type': request.headers['content-type'][0].value };
- }
- }
- // Use the Lambda's execution role credentials
- const credentials = {
- accessKeyId: process.env.AWS_ACCESS_KEY_ID,
- secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
- sessionToken: process.env.AWS_SESSION_TOKEN
- };
- aws4.sign(dummyRequest, credentials); // Signs the dummyRequest object
- // Sign a clone of the CloudFront origin request with appropriate headers from the signed dummyRequest
- const signedRequest = JSON.parse(JSON.stringify(request));
- signedRequest.headers.authorization = [ { key: "Authorization", value: dummyRequest.headers.Authorization } ];
- signedRequest.headers["x-amz-date"] = [ { key: "X-Amz-Date", value: dummyRequest.headers["X-Amz-Date"] } ];
- signedRequest.headers["x-amz-security-token"] = [ { key: "X-Amz-Security-Token", value: dummyRequest.headers["X-Amz-Security-Token"] } ];
- return signedRequest;
- };
- const handler = (event, context, callback) => {
- const request = event.Records[0].cf.request;
- const signedRequest = signCloudFrontOriginRequest(request);
- callback(null, signedRequest);
- };
- module.exports.handler = handler;
Add Comment
Please, Sign In to add comment