Modernize code and tests

PRX · Feb 5, 2024 · 578a5ec · 578a5ec
1 parent 617b971
commit 578a5ec
Show file tree

Hide file tree

Showing 10 changed files with 2,075 additions and 566 deletions.
diff --git a/.eslintrc.yaml b/.eslintrc.yaml
@@ -1,10 +1,15 @@
-
 extends: [airbnb-base, plugin:prettier/recommended]
 env:
   es2023: true
   node: true
+
 parserOptions:
   ecmaVersion: latest
   sourceType: module
 rules:
   no-console: off
+  import/prefer-default-export: off
+overrides:
+  - files: ["**/*.test.js"]
+    env:
+      jest: true
diff --git a/.tool-versions b/.tool-versions
@@ -1 +1 @@
-nodejs 18.18.2
+nodejs 20.9.0 # Should match the AWS Lambda runtime being used
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18-alpine
+FROM node:20-alpine
 
 LABEL maintainer="PRX <[email protected]>"
 LABEL org.prx.spire.publish.s3="LAMBDA_ZIP"
@@ -18,10 +18,10 @@ RUN yarn install
 RUN mkdir --parents /test
 ADD test/ test/
 
-ADD ./index.js .
+ADD src/index.js .
 
-RUN npm run test
+RUN npm test
 
 # This zip file is what will be deployed to the Lambda function.
 # Add any necessary files to it.
-RUN zip --quiet --recurse-paths /.prxci/build.zip index.js
+RUN zip --quiet --recurse-paths /.prxci/build.zip .
diff --git a/index.js b/index.js
diff --git a/package.json b/package.json
@@ -3,11 +3,12 @@
   "version": "1.0.0",
   "description": "This service is built on Amazon's API Gateway and AWS Lambda. When deploying the Lambda function code, the secret key ID must be inserted for the service to work correctly. That key is kept in LastPass.",
   "main": "index.js",
+  "type": "module",
   "engines": {
-    "node": ">= 18.0.0"
+    "node": ">= 20.0.0"
   },
   "scripts": {
-    "test": "mocha test/"
+    "test": "NODE_OPTIONS=\"$NODE_OPTIONS --experimental-vm-modules\" npx jest"
   },
   "repository": {
     "type": "git",
@@ -22,21 +23,19 @@
   },
   "homepage": "https://github.com/PRX/upload.prx.org#readme",
   "devDependencies": {
-    "@types/mocha": "*",
+    "@jest/globals": "*",
+    "@types/jest": "*",
     "@types/node": "*",
-    "@types/sinon": "*",
-    "chai": "^3.5.0",
     "dotenv": "*",
     "eslint": "*",
     "eslint-config-airbnb-base": "*",
     "eslint-config-prettier": "*",
     "eslint-plugin-import": "*",
+    "eslint-plugin-jest": "*",
     "eslint-plugin-prettier": "*",
-    "istanbul": "^0.4.5",
+    "jest": "*",
     "jsdoc": "*",
-    "mocha": "^3.2.0",
     "prettier": "*",
-    "sinon": "^1.17.7",
     "typescript": "*",
     "yarn": "*"
   }

diff --git a/src/index.js b/src/index.js
@@ -0,0 +1,67 @@
+import { createHmac } from "node:crypto";
+
+// User ARN: arn:aws:iam::561178107736:user/prx-upload
+// Access Key ID: AKIAJZ5C7KQPL34SQ63Q
+const accessKey = process.env.ACCESS_KEY;
+
+const currentDateStamp = () => {
+  const now = new Date();
+  console.log(now);
+  return now.toISOString().replace(/-/g, "").substring(0, 8);
+};
+
+function hmac(key, string, encoding) {
+  return createHmac("sha256", key).update(string, "utf8").digest(encoding);
+}
+
+function v4signature(toSign) {
+  const dateStamp = currentDateStamp();
+  const region = process.env.AWS_REGION;
+  const service = "s3";
+
+  const dateKey = hmac(`AWS4${accessKey}`, dateStamp);
+  const dateRegionKey = hmac(dateKey, region);
+  const dateRegionServiceKey = hmac(dateRegionKey, service);
+
+  const signingKey = hmac(dateRegionServiceKey, "aws4_request");
+
+  const signature = hmac(signingKey, toSign, "hex");
+
+  return signature;
+}
+
+export const handler = async (event) => {
+  try {
+    if (!event.queryStringParameters || !event.queryStringParameters.to_sign) {
+      return { statusCode: 400, headers: {}, body: null };
+    }
+    const toSign = event.queryStringParameters.to_sign;
+
+    let signature;
+
+    if (/AWS4-HMAC-SHA256/.test(toSign)) {
+      // Use v4 signing
+      // https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
+      signature = v4signature(toSign);
+    } else {
+      // Use v2 signing
+      // https://docs.aws.amazon.com/general/latest/gr/signature-version-2.html
+      signature = createHmac("sha1", accessKey).update(toSign).digest("base64");
+    }
+
+    return {
+      statusCode: 200,
+      headers: {
+        "Content-Type": "text/plain",
+        "Access-Control-Allow-Headers":
+          "Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token",
+        "Access-Control-Allow-Methods": "GET,OPTIONS",
+        "Access-Control-Allow-Origin": "*",
+      },
+      body: signature,
+    };
+  } catch (e) {
+    console.error(e);
+    throw e;
+  }
+};
diff --git a/test/signature-test.js b/test/signature-test.js
diff --git a/test/signature.test.js b/test/signature.test.js
@@ -0,0 +1,20 @@
+import "dotenv/config";
+import { jest } from "@jest/globals";
+import { handler } from "../src/index";
+
+it("returns correct v2 signature", () => {
+  const event = { queryStringParameters: { to_sign: "test" } };
+  return handler(event).then((data) =>
+    expect(data.body).toBe("TyhhPs0RA37JFn+0oWNdm25HgBc="),
+  );
+});
+
+it("returns correct v4 signature", () => {
+  jest.useFakeTimers().setSystemTime(Date.parse("2019-05-05"));
+  const event = { queryStringParameters: { to_sign: "AWS4-HMAC-SHA256test" } };
+  return handler(event).then((data) =>
+    expect(data.body).toBe(
+      "b4d7d82a0860eec70f549065e7052c7f19f58fa37dd0d4a74493497e4a678907",
+    ),
+  );
+});
diff --git a/test/support/test-helper.js b/test/support/test-helper.js
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		nodejs 18.18.2
		nodejs 20.9.0 # Should match the AWS Lambda runtime being used